linux/include/net
Paul Moore 23bcdc1ade SELinux: enable dynamic activation/deactivation of NetLabel/SELinux enforcement
Create a new NetLabel KAPI interface, netlbl_enabled(), which reports on the
current runtime status of NetLabel based on the existing configuration.  LSMs
that make use of NetLabel, i.e. SELinux, can use this new function to determine
if they should perform NetLabel access checks.  This patch changes the
NetLabel/SELinux glue code such that SELinux only enforces NetLabel related
access checks when netlbl_enabled() returns true.

At present NetLabel is considered to be enabled when there is at least one
labeled protocol configuration present.  The result is that by default NetLabel
is considered to be disabled, however, as soon as an administrator configured
a CIPSO DOI definition NetLabel is enabled and SELinux starts enforcing
NetLabel related access controls - including unlabeled packet controls.

This patch also tries to consolidate the multiple "#ifdef CONFIG_NETLABEL"
blocks into a single block to ease future review as recommended by Linus.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
2007-07-19 10:21:11 -04:00
..
9p 9p: Reorganization of 9p file system code 2007-07-14 15:13:40 -05:00
bluetooth [Bluetooth] Add basics to better support and handle eSCO links 2007-07-11 07:35:32 +02:00
irda [IrDA]: Netlink layer. 2007-07-10 22:16:43 -07:00
iucv [AF_IUCV]: Add lock when updating accept_q 2007-07-14 19:04:25 -07:00
netfilter [NETFILTER]: nf_conntrack: mark protocols __read_mostly 2007-07-14 20:48:19 -07:00
sctp [SCTP] Flag a pmtu change request 2007-06-13 20:44:42 +00:00
tc_act [PKT_SCHED]: Kill pkt_act.h inlining. 2006-09-22 14:55:10 -07:00
tipc [TIPC]: Optimize stream send routine to avoid fragmentation 2007-07-10 22:06:12 -07:00
act_api.h [NET_SCHED]: Kill CONFIG_NET_CLS_POLICE 2007-07-15 00:03:05 -07:00
addrconf.h [IPV6] MIP6: Loadable module support for MIPv6. 2007-07-10 22:15:42 -07:00
af_rxrpc.h [AF_RXRPC]: Add an interface to the AF_RXRPC module for the AFS filesystem to use 2007-04-26 15:50:17 -07:00
af_unix.h [AF_UNIX]: Rewrite garbage collector, fixes race. 2007-07-11 14:22:39 -07:00
ah.h [IPSEC]: Use HMAC template and hash interface 2006-09-21 11:46:18 +10:00
arp.h [IPV6]: Assorted trivial endianness annotations. 2006-12-02 21:22:50 -08:00
atmclip.h [ATM]: Annotations. 2006-12-02 21:22:55 -08:00
ax25.h [SK_BUFF]: Introduce skb_reset_mac_header(skb) 2007-04-25 22:24:32 -07:00
ax88796.h AX88796 network driver 2007-07-10 12:41:08 -04:00
cfg80211.h [PATCH] cfg80211: Radiotap parser 2007-07-12 16:07:24 -04:00
checksum.h [NET]: Make mangling a checksum (0 -> 0xffff on the wire) explicit. 2006-12-02 21:23:39 -08:00
cipso_ipv4.h [NetLabel]: consolidate the struct socket/sock handling to just struct sock 2007-06-08 13:33:09 -07:00
compat.h [NET]: Introduce SIOCGSTAMPNS ioctl to get timestamps with nanosec resolution 2007-04-25 22:24:04 -07:00
datalink.h
dn_dev.h [DECnet]: Endian annotation and fixes for DECnet. 2006-03-20 22:42:39 -08:00
dn_fib.h [DECNet]: Use rtnl registration interface 2007-04-25 22:27:12 -07:00
dn_neigh.h [DECnet]: Endian annotation and fixes for DECnet. 2006-03-20 22:42:39 -08:00
dn_nsp.h [DECnet]: Endian annotation and fixes for DECnet. 2006-03-20 22:42:39 -08:00
dn_route.h [DECNet]: Use rtnl registration interface 2007-04-25 22:27:12 -07:00
dn.h [DECNET]: Another unnecessary net/tcp.h inclusion in net/dn.h 2007-07-10 23:02:12 -07:00
dsfield.h [NET]: IP header modifier helpers annotations. 2006-12-02 21:23:40 -08:00
dst.h [IPV4]: The scheduled removal of multipath cached routing support. 2007-07-10 22:05:57 -07:00
esp.h [NET]: Move generic skbuff stuff from XFRM code to generic code 2007-04-25 22:28:33 -07:00
fib_rules.h [NETLINK]: Mark netlink policies const 2007-06-07 13:40:10 -07:00
flow.h [IPV6] MIP6: Kill unnecessary ifdefs. 2007-07-10 22:15:41 -07:00
gen_stats.h
genetlink.h [NETLINK]: Mark netlink policies const 2007-06-07 13:40:10 -07:00
icmp.h [IPV4]: icmp_send() annotation 2006-09-28 18:01:06 -07:00
ieee80211_crypt.h [PATCH] Update my email address from jkmaline@cc.hut.fi to j@w1.fi 2007-04-28 11:01:01 -04:00
ieee80211_radiotap.h [PATCH] Remove comment about IEEE80211_RADIOTAP_FCS 2007-04-28 11:01:03 -04:00
ieee80211.h [PATCH] ieee80211: add ieee80211_channel_to_freq 2007-05-08 11:51:59 -04:00
ieee80211softmac_wx.h [PATCH] softmac: add SIOCSIWMLME 2006-04-24 16:15:58 -04:00
ieee80211softmac.h WorkStruct: make allyesconfig 2006-11-22 14:57:56 +00:00
if_inet6.h [IPV6]: Per-interface statistics support. 2006-12-02 21:22:08 -08:00
inet6_connection_sock.h [TCP]: Restore SKB socket owner setting in tcp_transmit_skb(). 2007-01-26 01:04:55 -08:00
inet6_hashtables.h [INET]: Use jhash + random secret for ehash. 2007-04-25 22:28:06 -07:00
inet_common.h [NET]: move struct proto_ops to const 2006-01-03 13:11:15 -08:00
inet_connection_sock.h [TCP]: Restore SKB socket owner setting in tcp_transmit_skb(). 2007-01-26 01:04:55 -08:00
inet_ecn.h [SK_BUFF]: Convert skb->tail to sk_buff_data_t 2007-04-25 22:26:28 -07:00
inet_hashtables.h [NET]: change layout of ehash table 2007-02-08 14:16:46 -08:00
inet_sock.h [INET]: Use jhash + random secret for ehash. 2007-04-25 22:28:06 -07:00
inet_timewait_sock.h [INET_SOCK]: make net/ipv4/inet_timewait_sock.c:__inet_twsk_kill() static 2007-07-14 19:00:59 -07:00
inetpeer.h [IPV4] inet_peer: Group together avl_left, avl_right, v4daddr to speedup lookups on some CPUS 2006-10-20 00:28:35 -07:00
ip6_checksum.h [IPV6]: Dumb typo in generic csum_ipv6_magic() 2006-12-22 11:12:07 -08:00
ip6_fib.h [IPv6]: Use rtnl registration interface 2007-04-25 22:27:13 -07:00
ip6_route.h [IPv6]: Use rtnl registration interface 2007-04-25 22:27:13 -07:00
ip6_tunnel.h
ip_fib.h [IPV4]: The scheduled removal of multipath cached routing support. 2007-07-10 22:05:57 -07:00
ip_vs.h [NET]: ipvs checksum annotations. 2006-12-02 21:23:41 -08:00
ip.h [TCP]: Honour sk_bound_dev_if in tcp_v4_send_ack 2007-06-07 13:38:51 -07:00
ipcomp.h [CRYPTO] users: Use crypto_comp and crypto_has_* 2006-09-21 11:46:22 +10:00
ipconfig.h [NET]: ipconfig and nfsroot annotations 2006-12-02 21:21:09 -08:00
ipip.h [IPV6] net/ipv6/sit.c: make 2 functions static 2006-12-02 21:26:15 -08:00
ipv6.h [IPV6]: Do not send RH0 anymore. 2007-07-10 22:55:49 -07:00
ipx.h [SK_BUFF]: Introduce skb_transport_header(skb) 2007-04-25 22:25:31 -07:00
iw_handler.h [WEXT]: Clean up how wext is called. 2007-04-26 20:43:56 -07:00
lapb.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h [LLC]: add multicast support for datagrams 2006-06-17 21:26:08 -07:00
llc_pdu.h [SK_BUFF]: Introduce skb_network_header() 2007-04-25 22:24:59 -07:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h [LLC]: llc_mac_hdr_init const arguments 2006-03-20 22:59:36 -08:00
mac80211.h [PATCH] mac80211: clarify some mac80211 things 2007-07-12 16:07:26 -04:00
mip6.h [IPV6] MIP6: Loadable module support for MIPv6. 2007-07-10 22:15:42 -07:00
ndisc.h [IPV6]: Misc endianness annotations. 2006-12-02 21:22:52 -08:00
neighbour.h [NEIGH]: Use rtnl registration interface 2007-04-25 22:27:06 -07:00
netdma.h Remove all inclusions of <linux/config.h> 2006-10-04 03:38:54 -04:00
netevent.h [NET]: Network Event Notifier Mechanism. 2006-08-02 13:38:20 -07:00
netlabel.h SELinux: enable dynamic activation/deactivation of NetLabel/SELinux enforcement 2007-07-19 10:21:11 -04:00
netlink.h [NETLINK]: attr: add nested compat attribute type 2007-07-10 22:15:38 -07:00
netrom.h [PATCH] mark struct file_operations const 1 2007-02-12 09:48:44 -08:00
nexthop.h [IPv4]: FIB configuration using struct fib_config 2006-09-22 14:55:04 -07:00
p8022.h
pkt_cls.h [NET_SCHED]: Kill CONFIG_NET_CLS_POLICE 2007-07-15 00:03:05 -07:00
pkt_sched.h [NET_SCHED]: act_api: qdisc internal reclassify support 2007-07-15 00:02:31 -07:00
protocol.h [INET]: Change protocol field in struct inet_protosw to u16 2006-12-02 21:30:55 -08:00
psnap.h
raw.h Merge git://git.infradead.org/hdrcleanup-2.6 2006-06-20 15:10:08 -07:00
rawv6.h [IPV6] MIP6: Loadable module support for MIPv6. 2007-07-10 22:15:42 -07:00
red.h [NET_SCHED]: turn PSCHED_GET_TIME into inline function 2007-04-25 22:27:55 -07:00
request_sock.h [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
rose.h [PATCH] mark struct file_operations const 1 2007-02-12 09:48:44 -08:00
route.h [IPV4]: Make ip_tos2prio const. 2007-07-10 22:19:04 -07:00
rtnetlink.h [RTNETLINK]: Link creation API 2007-07-10 22:14:20 -07:00
sch_generic.h [NET_SCHED]: Kill CONFIG_NET_CLS_POLICE 2007-07-15 00:03:05 -07:00
scm.h avoid OPEN_MAX in SCM_MAX_FD 2007-07-17 10:23:03 -07:00
slhc_vj.h
snmp.h [SCTP]: Extend /proc/net/sctp/snmp to provide more statistics. 2006-09-22 14:55:16 -07:00
sock.h [SOCK]: Shrink struct sock by 8 bytes on 64-bit. 2007-05-31 01:23:32 -07:00
syncppp.h
tcp_ecn.h [TCP]: Sed magic converts func(sk, tp, ...) -> func(sk, ...) 2007-04-25 22:29:34 -07:00
tcp_states.h [TCP]: Move the TCPF_ enum to tcp_states.h 2006-01-03 13:10:57 -08:00
tcp.h [TCP]: remove unused argument to cong_avoid op 2007-07-18 01:46:58 -07:00
timewait_sock.h [PATCH] slab: remove kmem_cache_t 2006-12-07 08:39:25 -08:00
transp_v6.h [NET]: Supporting UDP-Lite (RFC 3828) in Linux 2006-12-02 21:22:46 -08:00
udp.h [UDP]: Revert 2-pass hashing changes. 2007-06-07 13:40:50 -07:00
udplite.h [UDP]: Revert 2-pass hashing changes. 2007-06-07 13:40:50 -07:00
wext.h [NET]: Fix networking compilation errors 2007-04-27 15:31:24 -07:00
wireless.h [WIRELESS] cfg80211: New wireless config infrastructure. 2007-04-25 22:29:41 -07:00
x25.h [X.25]: Adds /proc/sys/net/x25/x25_forward to control forwarding. 2007-02-08 13:34:36 -08:00
x25device.h [SK_BUFF]: Introduce skb_reset_mac_header(skb) 2007-04-25 22:24:32 -07:00
xfrm.h [XFRM]: Fix crash introduced by struct dst_entry reordering 2007-07-18 01:55:52 -07:00