diff options
Diffstat (limited to 'security/smack/smack.h')
-rw-r--r-- | security/smack/smack.h | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/security/smack/smack.h b/security/smack/smack.h index 31dce55..b79582e 100644 --- a/security/smack/smack.h +++ b/security/smack/smack.h @@ -16,6 +16,7 @@ #include <linux/capability.h> #include <linux/spinlock.h> #include <linux/security.h> +#include <linux/in.h> #include <net/netlabel.h> /* @@ -39,6 +40,7 @@ struct superblock_smack { struct socket_smack { char *smk_out; /* outbound label */ char *smk_in; /* inbound label */ + int smk_labeled; /* label scheme */ char smk_packet[SMK_LABELLEN]; /* TCP peer label */ }; @@ -80,6 +82,16 @@ struct smack_cipso { }; /* + * An entry in the table identifying hosts. + */ +struct smk_netlbladdr { + struct smk_netlbladdr *smk_next; + struct sockaddr_in smk_host; /* network address */ + struct in_addr smk_mask; /* network mask */ + char *smk_label; /* label */ +}; + +/* * This is the repository for labels seen so that it is * not necessary to keep allocating tiny chuncks of memory * and so that they can be shared. @@ -127,6 +139,20 @@ struct smack_known { #define XATTR_NAME_SMACKIPOUT XATTR_SECURITY_PREFIX XATTR_SMACK_IPOUT /* + * How communications on this socket are treated. + * Usually it's determined by the underlying netlabel code + * but there are certain cases, including single label hosts + * and potentially single label interfaces for which the + * treatment can not be known in advance. + * + * The possibility of additional labeling schemes being + * introduced in the future exists as well. + */ +#define SMACK_UNLABELED_SOCKET 0 +#define SMACK_CIPSO_SOCKET 1 + +/* + * smackfs magic number * smackfs macic number */ #define SMACK_MAGIC 0x43415d53 /* "SMAC" */ @@ -141,6 +167,7 @@ struct smack_known { * CIPSO defaults. */ #define SMACK_CIPSO_DOI_DEFAULT 3 /* Historical */ +#define SMACK_CIPSO_DOI_INVALID -1 /* Not a DOI */ #define SMACK_CIPSO_DIRECT_DEFAULT 250 /* Arbitrary */ #define SMACK_CIPSO_MAXCATVAL 63 /* Bigger gets harder */ #define SMACK_CIPSO_MAXLEVEL 255 /* CIPSO 2.2 standard */ @@ -176,7 +203,6 @@ u32 smack_to_secid(const char *); * Shared data. */ extern int smack_cipso_direct; -extern int smack_net_nltype; extern char *smack_net_ambient; extern char *smack_onlycap; @@ -186,9 +212,10 @@ extern struct smack_known smack_known_hat; extern struct smack_known smack_known_huh; extern struct smack_known smack_known_invalid; extern struct smack_known smack_known_star; -extern struct smack_known smack_known_unset; +extern struct smack_known smack_known_web; extern struct smk_list_entry *smack_list; +extern struct smk_netlbladdr *smack_netlbladdrs; extern struct security_operations smack_ops; /* |