android_kernel_xiaomi_sm8350/include/net
Paul Moore 23bcdc1ade SELinux: enable dynamic activation/deactivation of NetLabel/SELinux enforcement
Create a new NetLabel KAPI interface, netlbl_enabled(), which reports on the
current runtime status of NetLabel based on the existing configuration.  LSMs
that make use of NetLabel, i.e. SELinux, can use this new function to determine
if they should perform NetLabel access checks.  This patch changes the
NetLabel/SELinux glue code such that SELinux only enforces NetLabel related
access checks when netlbl_enabled() returns true.

At present NetLabel is considered to be enabled when there is at least one
labeled protocol configuration present.  The result is that by default NetLabel
is considered to be disabled, however, as soon as an administrator configured
a CIPSO DOI definition NetLabel is enabled and SELinux starts enforcing
NetLabel related access controls - including unlabeled packet controls.

This patch also tries to consolidate the multiple "#ifdef CONFIG_NETLABEL"
blocks into a single block to ease future review as recommended by Linus.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
2007-07-19 10:21:11 -04:00
..
9p 9p: Reorganization of 9p file system code 2007-07-14 15:13:40 -05:00
bluetooth [Bluetooth] Add basics to better support and handle eSCO links 2007-07-11 07:35:32 +02:00
irda [IrDA]: Netlink layer. 2007-07-10 22:16:43 -07:00
iucv [AF_IUCV]: Add lock when updating accept_q 2007-07-14 19:04:25 -07:00
netfilter [NETFILTER]: nf_conntrack: mark protocols __read_mostly 2007-07-14 20:48:19 -07:00
sctp [SCTP] Flag a pmtu change request 2007-06-13 20:44:42 +00:00
tc_act
tipc [TIPC]: Optimize stream send routine to avoid fragmentation 2007-07-10 22:06:12 -07:00
act_api.h [NET_SCHED]: Kill CONFIG_NET_CLS_POLICE 2007-07-15 00:03:05 -07:00
addrconf.h [IPV6] MIP6: Loadable module support for MIPv6. 2007-07-10 22:15:42 -07:00
af_rxrpc.h [AF_RXRPC]: Add an interface to the AF_RXRPC module for the AFS filesystem to use 2007-04-26 15:50:17 -07:00
af_unix.h [AF_UNIX]: Rewrite garbage collector, fixes race. 2007-07-11 14:22:39 -07:00
ah.h
arp.h
atmclip.h
ax25.h [SK_BUFF]: Introduce skb_reset_mac_header(skb) 2007-04-25 22:24:32 -07:00
ax88796.h AX88796 network driver 2007-07-10 12:41:08 -04:00
cfg80211.h [PATCH] cfg80211: Radiotap parser 2007-07-12 16:07:24 -04:00
checksum.h
cipso_ipv4.h [NetLabel]: consolidate the struct socket/sock handling to just struct sock 2007-06-08 13:33:09 -07:00
compat.h [NET]: Introduce SIOCGSTAMPNS ioctl to get timestamps with nanosec resolution 2007-04-25 22:24:04 -07:00
datalink.h
dn_dev.h
dn_fib.h [DECNet]: Use rtnl registration interface 2007-04-25 22:27:12 -07:00
dn_neigh.h
dn_nsp.h
dn_route.h [DECNet]: Use rtnl registration interface 2007-04-25 22:27:12 -07:00
dn.h [DECNET]: Another unnecessary net/tcp.h inclusion in net/dn.h 2007-07-10 23:02:12 -07:00
dsfield.h
dst.h [IPV4]: The scheduled removal of multipath cached routing support. 2007-07-10 22:05:57 -07:00
esp.h [NET]: Move generic skbuff stuff from XFRM code to generic code 2007-04-25 22:28:33 -07:00
fib_rules.h [NETLINK]: Mark netlink policies const 2007-06-07 13:40:10 -07:00
flow.h [IPV6] MIP6: Kill unnecessary ifdefs. 2007-07-10 22:15:41 -07:00
gen_stats.h
genetlink.h [NETLINK]: Mark netlink policies const 2007-06-07 13:40:10 -07:00
icmp.h
ieee80211_crypt.h [PATCH] Update my email address from jkmaline@cc.hut.fi to j@w1.fi 2007-04-28 11:01:01 -04:00
ieee80211_radiotap.h [PATCH] Remove comment about IEEE80211_RADIOTAP_FCS 2007-04-28 11:01:03 -04:00
ieee80211.h [PATCH] ieee80211: add ieee80211_channel_to_freq 2007-05-08 11:51:59 -04:00
ieee80211softmac_wx.h
ieee80211softmac.h
if_inet6.h
inet6_connection_sock.h
inet6_hashtables.h [INET]: Use jhash + random secret for ehash. 2007-04-25 22:28:06 -07:00
inet_common.h
inet_connection_sock.h
inet_ecn.h [SK_BUFF]: Convert skb->tail to sk_buff_data_t 2007-04-25 22:26:28 -07:00
inet_hashtables.h
inet_sock.h [INET]: Use jhash + random secret for ehash. 2007-04-25 22:28:06 -07:00
inet_timewait_sock.h [INET_SOCK]: make net/ipv4/inet_timewait_sock.c:__inet_twsk_kill() static 2007-07-14 19:00:59 -07:00
inetpeer.h
ip6_checksum.h
ip6_fib.h [IPv6]: Use rtnl registration interface 2007-04-25 22:27:13 -07:00
ip6_route.h [IPv6]: Use rtnl registration interface 2007-04-25 22:27:13 -07:00
ip6_tunnel.h
ip_fib.h [IPV4]: The scheduled removal of multipath cached routing support. 2007-07-10 22:05:57 -07:00
ip_vs.h
ip.h [TCP]: Honour sk_bound_dev_if in tcp_v4_send_ack 2007-06-07 13:38:51 -07:00
ipcomp.h
ipconfig.h
ipip.h
ipv6.h [IPV6]: Do not send RH0 anymore. 2007-07-10 22:55:49 -07:00
ipx.h [SK_BUFF]: Introduce skb_transport_header(skb) 2007-04-25 22:25:31 -07:00
iw_handler.h [WEXT]: Clean up how wext is called. 2007-04-26 20:43:56 -07:00
lapb.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h [SK_BUFF]: Introduce skb_network_header() 2007-04-25 22:24:59 -07:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
mac80211.h [PATCH] mac80211: clarify some mac80211 things 2007-07-12 16:07:26 -04:00
mip6.h [IPV6] MIP6: Loadable module support for MIPv6. 2007-07-10 22:15:42 -07:00
ndisc.h
neighbour.h [NEIGH]: Use rtnl registration interface 2007-04-25 22:27:06 -07:00
netdma.h
netevent.h
netlabel.h SELinux: enable dynamic activation/deactivation of NetLabel/SELinux enforcement 2007-07-19 10:21:11 -04:00
netlink.h [NETLINK]: attr: add nested compat attribute type 2007-07-10 22:15:38 -07:00
netrom.h
nexthop.h
p8022.h
pkt_cls.h [NET_SCHED]: Kill CONFIG_NET_CLS_POLICE 2007-07-15 00:03:05 -07:00
pkt_sched.h [NET_SCHED]: act_api: qdisc internal reclassify support 2007-07-15 00:02:31 -07:00
protocol.h
psnap.h
raw.h
rawv6.h [IPV6] MIP6: Loadable module support for MIPv6. 2007-07-10 22:15:42 -07:00
red.h [NET_SCHED]: turn PSCHED_GET_TIME into inline function 2007-04-25 22:27:55 -07:00
request_sock.h
rose.h
route.h [IPV4]: Make ip_tos2prio const. 2007-07-10 22:19:04 -07:00
rtnetlink.h [RTNETLINK]: Link creation API 2007-07-10 22:14:20 -07:00
sch_generic.h [NET_SCHED]: Kill CONFIG_NET_CLS_POLICE 2007-07-15 00:03:05 -07:00
scm.h avoid OPEN_MAX in SCM_MAX_FD 2007-07-17 10:23:03 -07:00
slhc_vj.h
snmp.h
sock.h [SOCK]: Shrink struct sock by 8 bytes on 64-bit. 2007-05-31 01:23:32 -07:00
syncppp.h
tcp_ecn.h [TCP]: Sed magic converts func(sk, tp, ...) -> func(sk, ...) 2007-04-25 22:29:34 -07:00
tcp_states.h
tcp.h [TCP]: remove unused argument to cong_avoid op 2007-07-18 01:46:58 -07:00
timewait_sock.h
transp_v6.h
udp.h [UDP]: Revert 2-pass hashing changes. 2007-06-07 13:40:50 -07:00
udplite.h [UDP]: Revert 2-pass hashing changes. 2007-06-07 13:40:50 -07:00
wext.h [NET]: Fix networking compilation errors 2007-04-27 15:31:24 -07:00
wireless.h [WIRELESS] cfg80211: New wireless config infrastructure. 2007-04-25 22:29:41 -07:00
x25.h
x25device.h [SK_BUFF]: Introduce skb_reset_mac_header(skb) 2007-04-25 22:24:32 -07:00
xfrm.h [XFRM]: Fix crash introduced by struct dst_entry reordering 2007-07-18 01:55:52 -07:00