netlabel: Initial support for the CALIPSO netlink protocol.

[mirror_ubuntu-bionic-kernel.git] / net / netlabel / netlabel_kapi.c

diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 28cddc85b7005aa6b6afa7b2c22f8f88a5b7fa46..8d2e483167a83d2c3118ed90ea4c5ad7610cb4fc 100644 (file)
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -72,7 +72,7 @@ int netlbl_cfg_map_del(const char *domain,
                       struct netlbl_audit *audit_info)
 {
        if (addr == NULL && mask == NULL) {
-               return netlbl_domhsh_remove(domain, audit_info);
+               return netlbl_domhsh_remove(domain, family, audit_info);
        } else if (addr != NULL && mask != NULL) {
                switch (family) {
                case AF_INET:
@@ -119,6 +119,7 @@ int netlbl_cfg_unlbl_map_add(const char *domain,
                if (entry->domain == NULL)
                        goto cfg_unlbl_map_add_failure;
        }
+       entry->family = family;
 
        if (addr == NULL && mask == NULL)
                entry->def.type = NETLBL_NLTYPE_UNLABELED;
@@ -345,6 +346,7 @@ int netlbl_cfg_cipsov4_map_add(u32 doi,
        entry = kzalloc(sizeof(*entry), GFP_ATOMIC);
        if (entry == NULL)
                goto out_entry;
+       entry->family = AF_INET;
        if (domain != NULL) {
                entry->domain = kstrdup(domain, GFP_ATOMIC);
                if (entry->domain == NULL)
@@ -609,20 +611,19 @@ int netlbl_catmap_getlong(struct netlbl_lsm_catmap *catmap,
                off = catmap->startbit;
                *offset = off;
        }
-       iter = _netlbl_catmap_getnode(&catmap, off, _CM_F_NONE, 0);
+       iter = _netlbl_catmap_getnode(&catmap, off, _CM_F_WALK, 0);
        if (iter == NULL) {
                *offset = (u32)-1;
                return 0;
        }
 
        if (off < iter->startbit) {
-               off = iter->startbit;
-               *offset = off;
+               *offset = iter->startbit;
+               off = 0;
        } else
                off -= iter->startbit;
-
        idx = off / NETLBL_CATMAP_MAPSIZE;
-       *bitmap = iter->bitmap[idx] >> (off % NETLBL_CATMAP_SIZE);
+       *bitmap = iter->bitmap[idx] >> (off % NETLBL_CATMAP_MAPSIZE);
 
        return 0;
 }
@@ -677,7 +678,7 @@ int netlbl_catmap_setrng(struct netlbl_lsm_catmap **catmap,
        u32 spot = start;
 
        while (rc == 0 && spot <= end) {
-               if (((spot & (BITS_PER_LONG - 1)) != 0) &&
+               if (((spot & (BITS_PER_LONG - 1)) == 0) &&
                    ((end - spot) > BITS_PER_LONG)) {
                        rc = netlbl_catmap_setlong(catmap,
                                                   spot,
@@ -774,7 +775,7 @@ int netlbl_sock_setattr(struct sock *sk,
        struct netlbl_dom_map *dom_entry;
 
        rcu_read_lock();
-       dom_entry = netlbl_domhsh_getentry(secattr->domain);
+       dom_entry = netlbl_domhsh_getentry(secattr->domain, family);
        if (dom_entry == NULL) {
                ret_val = -ENOENT;
                goto socket_setattr_return;
@@ -824,7 +825,11 @@ socket_setattr_return:
  */
 void netlbl_sock_delattr(struct sock *sk)
 {
-       cipso_v4_sock_delattr(sk);
+       switch (sk->sk_family) {
+       case AF_INET:
+               cipso_v4_sock_delattr(sk);
+               break;
+       }
 }
 
 /**
@@ -987,7 +992,11 @@ req_setattr_return:
 */
 void netlbl_req_delattr(struct request_sock *req)
 {
-       cipso_v4_req_delattr(req);
+       switch (req->rsk_ops->family) {
+       case AF_INET:
+               cipso_v4_req_delattr(req);
+               break;
+       }
 }
 
 /**
@@ -1161,6 +1170,7 @@ struct audit_buffer *netlbl_audit_start(int type,
 {
        return netlbl_audit_start_common(type, audit_info);
 }
+EXPORT_SYMBOL(netlbl_audit_start);
 
 /*
  * Setup Functions