From: Topi Miettinen <toiwoton@gmail.com>
Date: Sat, 27 Aug 2022 22:09:55 +0000 (+0900)
Subject: sd-netlink: add NetLabel support
X-Git-Tag: v252-rc1~297^2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5b198025def31d8f004d74f0001a844010bd650f;p=thirdparty%2Fsystemd.git

sd-netlink: add NetLabel support
---

diff --git a/src/basic/missing_network.h b/src/basic/missing_network.h
index 6e71b26afd0..776c7c83757 100644
--- a/src/basic/missing_network.h
+++ b/src/basic/missing_network.h
@@ -49,3 +49,35 @@
 #ifndef IEEE80211_MAX_SSID_LEN
 #define IEEE80211_MAX_SSID_LEN 32
 #endif
+
+/* Not exposed but defined in include/net/netlabel.h */
+#ifndef NETLBL_NLTYPE_UNLABELED_NAME
+#define NETLBL_NLTYPE_UNLABELED_NAME "NLBL_UNLBL"
+#endif
+
+/* Not exposed but defined in net/netlabel/netlabel_unlabeled.h */
+enum {
+        NLBL_UNLABEL_C_UNSPEC,
+        NLBL_UNLABEL_C_ACCEPT,
+        NLBL_UNLABEL_C_LIST,
+        NLBL_UNLABEL_C_STATICADD,
+        NLBL_UNLABEL_C_STATICREMOVE,
+        NLBL_UNLABEL_C_STATICLIST,
+        NLBL_UNLABEL_C_STATICADDDEF,
+        NLBL_UNLABEL_C_STATICREMOVEDEF,
+        NLBL_UNLABEL_C_STATICLISTDEF,
+        __NLBL_UNLABEL_C_MAX,
+};
+
+/* Not exposed but defined in net/netlabel/netlabel_unlabeled.h */
+enum {
+        NLBL_UNLABEL_A_UNSPEC,
+        NLBL_UNLABEL_A_ACPTFLG,
+        NLBL_UNLABEL_A_IPV6ADDR,
+        NLBL_UNLABEL_A_IPV6MASK,
+        NLBL_UNLABEL_A_IPV4ADDR,
+        NLBL_UNLABEL_A_IPV4MASK,
+        NLBL_UNLABEL_A_IFACE,
+        NLBL_UNLABEL_A_SECCTX,
+        __NLBL_UNLABEL_A_MAX,
+};
diff --git a/src/libsystemd/sd-netlink/netlink-types-genl.c b/src/libsystemd/sd-netlink/netlink-types-genl.c
index 9d6d978b459..6fe9adcdbd4 100644
--- a/src/libsystemd/sd-netlink/netlink-types-genl.c
+++ b/src/libsystemd/sd-netlink/netlink-types-genl.c
@@ -178,6 +178,16 @@ static const NLAPolicy genl_macsec_policies[] = {
         [MACSEC_ATTR_SA_CONFIG]   = BUILD_POLICY_NESTED(genl_macsec_sa),
 };
 
+/***************** genl NetLabel type systems *****************/
+static const NLAPolicy genl_netlabel_policies[] = {
+        [NLBL_UNLABEL_A_IPV4ADDR] = BUILD_POLICY(IN_ADDR),
+        [NLBL_UNLABEL_A_IPV4MASK] = BUILD_POLICY(IN_ADDR),
+        [NLBL_UNLABEL_A_IPV6ADDR] = BUILD_POLICY_WITH_SIZE(IN_ADDR, sizeof(struct in6_addr)),
+        [NLBL_UNLABEL_A_IPV6MASK] = BUILD_POLICY_WITH_SIZE(IN_ADDR, sizeof(struct in6_addr)),
+        [NLBL_UNLABEL_A_IFACE]    = BUILD_POLICY_WITH_SIZE(STRING, IFNAMSIZ-1),
+        [NLBL_UNLABEL_A_SECCTX]   = BUILD_POLICY(STRING),
+};
+
 /***************** genl nl80211 type systems *****************/
 static const NLAPolicy genl_nl80211_policies[] = {
         [NL80211_ATTR_WIPHY]       = BUILD_POLICY(U32),
@@ -223,13 +233,14 @@ static const NLAPolicy genl_wireguard_policies[] = {
 
 /***************** genl families *****************/
 static const NLAPolicySetUnionElement genl_policy_set_union_elements[] = {
-        BUILD_UNION_ELEMENT_BY_STRING(CTRL_GENL_NAME,    genl_ctrl),
-        BUILD_UNION_ELEMENT_BY_STRING(BATADV_NL_NAME,    genl_batadv),
-        BUILD_UNION_ELEMENT_BY_STRING(FOU_GENL_NAME,     genl_fou),
-        BUILD_UNION_ELEMENT_BY_STRING(L2TP_GENL_NAME,    genl_l2tp),
-        BUILD_UNION_ELEMENT_BY_STRING(MACSEC_GENL_NAME,  genl_macsec),
-        BUILD_UNION_ELEMENT_BY_STRING(NL80211_GENL_NAME, genl_nl80211),
-        BUILD_UNION_ELEMENT_BY_STRING(WG_GENL_NAME,      genl_wireguard),
+        BUILD_UNION_ELEMENT_BY_STRING(CTRL_GENL_NAME,               genl_ctrl),
+        BUILD_UNION_ELEMENT_BY_STRING(BATADV_NL_NAME,               genl_batadv),
+        BUILD_UNION_ELEMENT_BY_STRING(FOU_GENL_NAME,                genl_fou),
+        BUILD_UNION_ELEMENT_BY_STRING(L2TP_GENL_NAME,               genl_l2tp),
+        BUILD_UNION_ELEMENT_BY_STRING(MACSEC_GENL_NAME,             genl_macsec),
+        BUILD_UNION_ELEMENT_BY_STRING(NETLBL_NLTYPE_UNLABELED_NAME, genl_netlabel),
+        BUILD_UNION_ELEMENT_BY_STRING(NL80211_GENL_NAME,            genl_nl80211),
+        BUILD_UNION_ELEMENT_BY_STRING(WG_GENL_NAME,                 genl_wireguard),
 };
 
 /* This is the root type system union, so match_attribute is not necessary. */
diff --git a/src/libsystemd/sd-netlink/test-netlink.c b/src/libsystemd/sd-netlink/test-netlink.c
index 5eda53b5967..50e9d646637 100644
--- a/src/libsystemd/sd-netlink/test-netlink.c
+++ b/src/libsystemd/sd-netlink/test-netlink.c
@@ -656,6 +656,8 @@ static void test_genl(void) {
         (void) sd_genl_message_new(genl, MACSEC_GENL_NAME, 0, &m);
         m = sd_netlink_message_unref(m);
         (void) sd_genl_message_new(genl, NL80211_GENL_NAME, 0, &m);
+        m = sd_netlink_message_unref(m);
+        (void) sd_genl_message_new(genl, NETLBL_NLTYPE_UNLABELED_NAME, 0, &m);
 
         for (;;) {
                 r = sd_event_run(event, 500 * USEC_PER_MSEC);