From: Paul Moore <paul.moore@hp.com>
Add a new set of configuration functions to the NetLabel/LSM API so that

LSMs can perform their own configuration of the NetLabel subsystem without

relying on assistance from userspace.
Signed-off-by: Paul Moore <paul.moore@hp.com>

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>

---
 include/net/netlabel.h             |   47 ++++++++--

 net/ipv4/cipso_ipv4.c              |    4 -

 net/netlabel/netlabel_cipso_v4.c   |    2

 net/netlabel/netlabel_cipso_v4.h   |    3 +

 net/netlabel/netlabel_domainhash.h |    1

 net/netlabel/netlabel_kapi.c       |  174 ++++++++++++++++++++++++++++++++++++

 6 files changed, 222 insertions(+), 9 deletions(-)
diff --git a/include/net/netlabel.h b/include/net/netlabel.h

index 2e5b2f6..facaf68 100644

--- a/include/net/netlabel.h

+++ b/include/net/netlabel.h

@@ -36,6 +36,8 @@

 #include <net/netlink.h>

 #include <asm/atomic.h>
+struct cipso_v4_doi;

+

 /*

  * NetLabel - A management interface for maintaining network packet label

  *            mapping tables for explicit packet labling protocols.

@@ -99,12 +101,6 @@ struct netlbl_audit {

 	uid_t loginuid;

 };
-/* Domain mapping definition struct */

-struct netlbl_dom_map;

-

-/* Domain mapping operations */

-int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info);

-

 /* LSM security attributes */

 struct netlbl_lsm_cache {

 	atomic_t refcount;

@@ -285,6 +281,19 @@ static inline void netlbl_secattr_free(struct netlbl_lsm_secattr *secattr)
 #ifdef CONFIG_NETLABEL

 /*

+ * LSM configuration operations

+ */

+int netlbl_cfg_map_del(const char *domain, struct netlbl_audit *audit_info);

+int netlbl_cfg_unlbl_add_map(const char *domain,

+			     struct netlbl_audit *audit_info);

+int netlbl_cfg_cipsov4_add(struct cipso_v4_doi *doi_def,

+			   struct netlbl_audit *audit_info);

+int netlbl_cfg_cipsov4_add_map(struct cipso_v4_doi *doi_def,

+			       const char *domain,

+			       struct n...
[ message continues ]