calipso: Allow the lsm to label the skbuff directly.

In some cases, the lsm needs to add the label to the skbuff directly. A NF_INET_LOCAL_OUT IPv6 hook is added to selinux to match the IPv4 behaviour. This allows selinux to label the skbuffs that it requires. Signed-off-by: Huw Davies <huw@codeweavers.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Huw Davies <huw@codeweavers.com> 2016-06-27 15:06:15 -0400
committer: Paul Moore <paul@paul-moore.com> 2016-06-27 15:06:15 -0400
commit: 2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3 (patch)
tree: cf6e68541ba82eb7c4b11a7ba563f423060d8b46 /net/netlabel/netlabel_calipso.h
parent: 0868383b822e4d8ebde980c7aac973a6aa81a3ec (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/net/netlabel/netlabel_calipso.h b/net/netlabel/netlabel_calipso.h
index 1372fdd86588..66ba92e9289f 100644
--- a/net/netlabel/netlabel_calipso.h
+++ b/net/netlabel/netlabel_calipso.h
@@ -137,5 +137,12 @@ int calipso_req_setattr(struct request_sock *req,
 			const struct calipso_doi *doi_def,
 			const struct netlbl_lsm_secattr *secattr);
 void calipso_req_delattr(struct request_sock *req);
+unsigned char *calipso_optptr(const struct sk_buff *skb);
+int calipso_getattr(const unsigned char *calipso,
+		    struct netlbl_lsm_secattr *secattr);
+int calipso_skbuff_setattr(struct sk_buff *skb,
+			   const struct calipso_doi *doi_def,
+			   const struct netlbl_lsm_secattr *secattr);
+int calipso_skbuff_delattr(struct sk_buff *skb);
 
 #endif
author	Huw Davies <huw@codeweavers.com>	2016-06-27 15:06:15 -0400
committer	Paul Moore <paul@paul-moore.com>	2016-06-27 15:06:15 -0400
commit	2917f57b6bc15cc6787496ee5f2fdf17f0e9b7d3 (patch)
tree	cf6e68541ba82eb7c4b11a7ba563f423060d8b46 /net/netlabel/netlabel_calipso.h
parent	0868383b822e4d8ebde980c7aac973a6aa81a3ec (diff)