1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* |
3 | * NetLabel NETLINK Interface |
4 | * |
5 | * This file defines the NETLINK interface for the NetLabel system. The |
6 | * NetLabel system manages static and dynamic label mappings for network |
7 | * protocols such as CIPSO and RIPSO. |
8 | * |
9 | * Author: Paul Moore <paul@paul-moore.com> |
10 | */ |
11 | |
12 | /* |
13 | * (c) Copyright Hewlett-Packard Development Company, L.P., 2006 |
14 | */ |
15 | |
16 | #include <linux/init.h> |
17 | #include <linux/types.h> |
18 | #include <linux/list.h> |
19 | #include <linux/socket.h> |
20 | #include <linux/audit.h> |
21 | #include <linux/tty.h> |
22 | #include <linux/security.h> |
23 | #include <linux/gfp.h> |
24 | #include <net/sock.h> |
25 | #include <net/netlink.h> |
26 | #include <net/genetlink.h> |
27 | #include <net/netlabel.h> |
28 | #include <asm/bug.h> |
29 | |
30 | #include "netlabel_mgmt.h" |
31 | #include "netlabel_unlabeled.h" |
32 | #include "netlabel_cipso_v4.h" |
33 | #include "netlabel_calipso.h" |
34 | #include "netlabel_user.h" |
35 | |
36 | /* |
37 | * NetLabel NETLINK Setup Functions |
38 | */ |
39 | |
40 | /** |
41 | * netlbl_netlink_init - Initialize the NETLINK communication channel |
42 | * |
43 | * Description: |
44 | * Call out to the NetLabel components so they can register their families and |
45 | * commands with the Generic NETLINK mechanism. Returns zero on success and |
46 | * non-zero on failure. |
47 | * |
48 | */ |
49 | int __init netlbl_netlink_init(void) |
50 | { |
51 | int ret_val; |
52 | |
53 | ret_val = netlbl_mgmt_genl_init(); |
54 | if (ret_val != 0) |
55 | return ret_val; |
56 | |
57 | ret_val = netlbl_cipsov4_genl_init(); |
58 | if (ret_val != 0) |
59 | return ret_val; |
60 | |
61 | ret_val = netlbl_calipso_genl_init(); |
62 | if (ret_val != 0) |
63 | return ret_val; |
64 | |
65 | return netlbl_unlabel_genl_init(); |
66 | } |
67 | |
68 | /* |
69 | * NetLabel Audit Functions |
70 | */ |
71 | |
72 | /** |
73 | * netlbl_audit_start_common - Start an audit message |
74 | * @type: audit message type |
75 | * @audit_info: NetLabel audit information |
76 | * |
77 | * Description: |
78 | * Start an audit message using the type specified in @type and fill the audit |
79 | * message with some fields common to all NetLabel audit messages. Returns |
80 | * a pointer to the audit buffer on success, NULL on failure. |
81 | * |
82 | */ |
83 | struct audit_buffer *netlbl_audit_start_common(int type, |
84 | struct netlbl_audit *audit_info) |
85 | { |
86 | struct audit_buffer *audit_buf; |
87 | char *secctx; |
88 | u32 secctx_len; |
89 | |
90 | if (audit_enabled == AUDIT_OFF) |
91 | return NULL; |
92 | |
93 | audit_buf = audit_log_start(ctx: audit_context(), GFP_ATOMIC, type); |
94 | if (audit_buf == NULL) |
95 | return NULL; |
96 | |
97 | audit_log_format(ab: audit_buf, fmt: "netlabel: auid=%u ses=%u" , |
98 | from_kuid(to: &init_user_ns, uid: audit_info->loginuid), |
99 | audit_info->sessionid); |
100 | |
101 | if (audit_info->secid != 0 && |
102 | security_secid_to_secctx(secid: audit_info->secid, |
103 | secdata: &secctx, |
104 | seclen: &secctx_len) == 0) { |
105 | audit_log_format(ab: audit_buf, fmt: " subj=%s" , secctx); |
106 | security_release_secctx(secdata: secctx, seclen: secctx_len); |
107 | } |
108 | |
109 | return audit_buf; |
110 | } |
111 | |