net/netlabel/netlabel_user.c

   1 // SPDX-License-Identifier: GPL-2.0-or-later
   2 /*
   3  * NetLabel NETLINK Interface
   4  *
   5  * This file defines the NETLINK interface for the NetLabel system.  The
   6  * NetLabel system manages static and dynamic label mappings for network
   7  * protocols such as CIPSO and RIPSO.
   8  *
   9  * Author: Paul Moore <paul@paul-moore.com>
  10  */
  11
  12 /*
  13  * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
  14  */
  15
  16 #include <linux/init.h>
  17 #include <linux/types.h>
  18 #include <linux/list.h>
  19 #include <linux/socket.h>
  20 #include <linux/audit.h>
  21 #include <linux/tty.h>
  22 #include <linux/security.h>
  23 #include <linux/gfp.h>
  24 #include <net/sock.h>
  25 #include <net/netlink.h>
  26 #include <net/genetlink.h>
  27 #include <net/netlabel.h>
  28 #include <asm/bug.h>
  29
  30 #include "netlabel_mgmt.h"
  31 #include "netlabel_unlabeled.h"
  32 #include "netlabel_cipso_v4.h"
  33 #include "netlabel_calipso.h"
  34 #include "netlabel_user.h"
  35
  36 /*
  37  * NetLabel NETLINK Setup Functions
  38  */
  39
  40 /**
  41  * netlbl_netlink_init - Initialize the NETLINK communication channel
  42  *
  43  * Description:
  44  * Call out to the NetLabel components so they can register their families and
  45  * commands with the Generic NETLINK mechanism.  Returns zero on success and
  46  * non-zero on failure.
  47  *
  48  */
  49 int __init netlbl_netlink_init(void)
  50 {
  51         int ret_val;
  52
  53         ret_val = netlbl_mgmt_genl_init();
  54         if (ret_val != 0)
  55                 return ret_val;
  56
  57         ret_val = netlbl_cipsov4_genl_init();
  58         if (ret_val != 0)
  59                 return ret_val;
  60
  61         ret_val = netlbl_calipso_genl_init();
  62         if (ret_val != 0)
  63                 return ret_val;
  64
  65         return netlbl_unlabel_genl_init();
  66 }
  67
  68 /*
  69  * NetLabel Audit Functions
  70  */
  71
  72 /**
  73  * netlbl_audit_start_common - Start an audit message
  74  * @type: audit message type
  75  * @audit_info: NetLabel audit information
  76  *
  77  * Description:
  78  * Start an audit message using the type specified in @type and fill the audit
  79  * message with some fields common to all NetLabel audit messages.  Returns
  80  * a pointer to the audit buffer on success, NULL on failure.
  81  *
  82  */
  83 struct audit_buffer *netlbl_audit_start_common(int type,
  84                                                struct netlbl_audit *audit_info)
  85 {
  86         struct audit_buffer *audit_buf;
  87         char *secctx;
  88         u32 secctx_len;
  89
  90         if (audit_enabled == AUDIT_OFF)
  91                 return NULL;
  92
  93         audit_buf = audit_log_start(audit_context(), GFP_ATOMIC, type);
  94         if (audit_buf == NULL)
  95                 return NULL;
  96
  97         audit_log_format(audit_buf, "netlabel: auid=%u ses=%u",
  98                          from_kuid(&init_user_ns, audit_info->loginuid),
  99                          audit_info->sessionid);
 100
 101         if (audit_info->secid != 0 &&
 102             security_secid_to_secctx(audit_info->secid,
 103                                      &secctx,
 104                                      &secctx_len) == 0) {
 105                 audit_log_format(audit_buf, " subj=%s", secctx);
 106                 security_release_secctx(secctx, secctx_len);
 107         }
 108
 109         return audit_buf;
 110 }