kernel-ark/net
Venkat Yekkirala 7420ed23a4 [NetLabel]: SELinux support
Add NetLabel support to the SELinux LSM and modify the
socket_post_create() LSM hook to return an error code.  The most
significant part of this patch is the addition of NetLabel hooks into
the following SELinux LSM hooks:

 * selinux_file_permission()
 * selinux_socket_sendmsg()
 * selinux_socket_post_create()
 * selinux_socket_sock_rcv_skb()
 * selinux_socket_getpeersec_stream()
 * selinux_socket_getpeersec_dgram()
 * selinux_sock_graft()
 * selinux_inet_conn_request()

The basic reasoning behind this patch is that outgoing packets are
"NetLabel'd" by labeling their socket and the NetLabel security
attributes are checked via the additional hook in
selinux_socket_sock_rcv_skb().  NetLabel itself is only a labeling
mechanism, similar to filesystem extended attributes, it is up to the
SELinux enforcement mechanism to perform the actual access checks.

In addition to the changes outlined above this patch also includes
some changes to the extended bitmap (ebitmap) and multi-level security
(mls) code to import and export SELinux TE/MLS attributes into and out
of NetLabel.

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-09-22 14:53:36 -07:00
..
802 Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
8021q [VLAN]: Fix link state propagation 2006-07-24 13:52:13 -07:00
appletalk [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
atm [ATM] CLIP: Do not refer freed skbuff in clip_mkip(). 2006-09-18 06:37:58 -07:00
ax25 [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
bluetooth [Bluetooth] Correct RFCOMM channel MTU for broken implementations 2006-07-24 12:44:25 -07:00
bridge [BRIDGE]: random extra bytes on STP TCN packet 2006-09-17 23:21:08 -07:00
core [MLSXFRM]: Flow based matching of xfrm policy and state 2006-09-22 14:53:24 -07:00
dccp [MLSXFRM]: Auto-labeling of child sockets 2006-09-22 14:53:29 -07:00
decnet [DECNET]: Fix for routing bug 2006-08-02 14:14:44 -07:00
econet [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
ethernet Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
ieee80211 [CRYPTO] users: Use crypto_hash interface instead of crypto_digest 2006-09-21 11:46:21 +10:00
ipv4 [NetLabel]: CIPSOv4 engine 2006-09-22 14:53:33 -07:00
ipv6 [MLSXFRM]: Auto-labeling of child sockets 2006-09-22 14:53:29 -07:00
ipx [IPX]: Fix typo, ipxhdr() --> ipx_hdr() 2006-08-09 17:36:15 -07:00
irda [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
key [MLSXFRM]: Default labeling of socket specific IPSec policies 2006-09-22 14:53:28 -07:00
lapb [LAPB]: Fix windowsize check 2006-08-05 21:15:58 -07:00
llc [LLC]: multicast receive device match 2006-08-13 18:56:26 -07:00
netfilter [NETFILTER]: xt_quota: add missing module aliases 2006-09-19 13:00:57 -07:00
netlabel [NetLabel]: CIPSOv4 and Unlabeled packet integration 2006-09-22 14:53:35 -07:00
netlink [NETLINK]: Call panic if nl_table allocation fails 2006-08-29 21:22:18 -07:00
netrom [NETROM] lockdep: fix false positive 2006-07-12 13:59:02 -07:00
packet [PACKET]: Don't truncate non-linear skbs with mmaped IO 2006-09-17 23:59:57 -07:00
rose [ROSE] lockdep: fix false positive 2006-07-12 13:58:59 -07:00
rxrpc [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
sched [NET]: Drop tx lock in dev_watchdog_up 2006-09-18 00:22:30 -07:00
sctp [SCTP]: Use HMAC template and hash interface 2006-09-21 11:46:19 +10:00
sunrpc [CRYPTO] users: Use crypto_hash interface instead of crypto_digest 2006-09-21 11:46:21 +10:00
tipc [TIPC]: Removing useless casts 2006-07-21 15:52:20 -07:00
unix [AF_UNIX]: Kernel memory leak fix for af_unix datagram getpeersec patch 2006-08-02 14:12:06 -07:00
wanrouter [NET]: Conversions from kmalloc+memset to k(z|c)alloc. 2006-07-21 14:51:30 -07:00
x25 Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
xfrm [MLSXFRM]: Default labeling of socket specific IPSec policies 2006-09-22 14:53:28 -07:00
compat.c [NETFILTER]: iptables 32bit compat layer 2006-04-01 02:25:19 -08:00
Kconfig [NET]: Mark frame diverter for future removal. 2006-09-17 23:21:14 -07:00
Makefile [NetLabel]: core NetLabel subsystem 2006-09-22 14:53:34 -07:00
nonet.c [PATCH] Make most file operations structs in fs/ const 2006-03-28 09:16:06 -08:00
socket.c [NetLabel]: SELinux support 2006-09-22 14:53:36 -07:00
sysctl_net.c Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
TUNABLE Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00