]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | #ifndef __LINUX_NET_SCM_H |
2 | #define __LINUX_NET_SCM_H | |
3 | ||
4 | #include <linux/limits.h> | |
5 | #include <linux/net.h> | |
dc49c1f9 | 6 | #include <linux/security.h> |
b488893a PE |
7 | #include <linux/pid.h> |
8 | #include <linux/nsproxy.h> | |
1da177e4 LT |
9 | |
10 | /* Well, we should have at least one descriptor open | |
11 | * to accept passed FDs 8) | |
12 | */ | |
bba14de9 | 13 | #define SCM_MAX_FD 253 |
1da177e4 | 14 | |
fd2c3ef7 | 15 | struct scm_fp_list { |
f8d570a4 | 16 | struct list_head list; |
bba14de9 ED |
17 | short count; |
18 | short max; | |
f8d570a4 | 19 | struct file *fp[SCM_MAX_FD]; |
1da177e4 LT |
20 | }; |
21 | ||
fd2c3ef7 | 22 | struct scm_cookie { |
257b5358 EB |
23 | struct pid *pid; /* Skb credentials */ |
24 | const struct cred *cred; | |
1da177e4 | 25 | struct scm_fp_list *fp; /* Passed files */ |
812e876e | 26 | struct ucred creds; /* Skb credentials */ |
877ce7c1 | 27 | #ifdef CONFIG_SECURITY_NETWORK |
dc49c1f9 | 28 | u32 secid; /* Passed security ID */ |
877ce7c1 | 29 | #endif |
1da177e4 LT |
30 | }; |
31 | ||
32 | extern void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm); | |
33 | extern void scm_detach_fds_compat(struct msghdr *msg, struct scm_cookie *scm); | |
34 | extern int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm); | |
35 | extern void __scm_destroy(struct scm_cookie *scm); | |
36 | extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl); | |
37 | ||
dc49c1f9 CZ |
38 | #ifdef CONFIG_SECURITY_NETWORK |
39 | static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm) | |
40 | { | |
41 | security_socket_getpeersec_dgram(sock, NULL, &scm->secid); | |
42 | } | |
43 | #else | |
44 | static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm) | |
45 | { } | |
46 | #endif /* CONFIG_SECURITY_NETWORK */ | |
47 | ||
257b5358 EB |
48 | static __inline__ void scm_set_cred(struct scm_cookie *scm, |
49 | struct pid *pid, const struct cred *cred) | |
50 | { | |
51 | scm->pid = get_pid(pid); | |
52 | scm->cred = get_cred(cred); | |
53 | cred_to_ucred(pid, cred, &scm->creds); | |
54 | } | |
55 | ||
0856a304 TC |
56 | static __inline__ void scm_set_cred_noref(struct scm_cookie *scm, |
57 | struct pid *pid, const struct cred *cred) | |
58 | { | |
59 | scm->pid = pid; | |
60 | scm->cred = cred; | |
61 | cred_to_ucred(pid, cred, &scm->creds); | |
62 | } | |
63 | ||
257b5358 EB |
64 | static __inline__ void scm_destroy_cred(struct scm_cookie *scm) |
65 | { | |
66 | put_pid(scm->pid); | |
67 | scm->pid = NULL; | |
68 | ||
69 | if (scm->cred) | |
70 | put_cred(scm->cred); | |
71 | scm->cred = NULL; | |
72 | } | |
73 | ||
1da177e4 LT |
74 | static __inline__ void scm_destroy(struct scm_cookie *scm) |
75 | { | |
257b5358 | 76 | scm_destroy_cred(scm); |
1da177e4 LT |
77 | if (scm && scm->fp) |
78 | __scm_destroy(scm); | |
79 | } | |
80 | ||
0856a304 TC |
81 | static __inline__ void scm_release(struct scm_cookie *scm) |
82 | { | |
83 | /* keep ref on pid and cred */ | |
84 | scm->pid = NULL; | |
85 | scm->cred = NULL; | |
86 | if (scm->fp) | |
87 | __scm_destroy(scm); | |
88 | } | |
89 | ||
1da177e4 LT |
90 | static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, |
91 | struct scm_cookie *scm) | |
92 | { | |
257b5358 | 93 | scm_set_cred(scm, task_tgid(current), current_cred()); |
1d541ddd | 94 | scm->fp = NULL; |
dc49c1f9 | 95 | unix_get_peersec_dgram(sock, scm); |
1da177e4 LT |
96 | if (msg->msg_controllen <= 0) |
97 | return 0; | |
98 | return __scm_send(sock, msg, scm); | |
99 | } | |
100 | ||
877ce7c1 CZ |
101 | #ifdef CONFIG_SECURITY_NETWORK |
102 | static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) | |
103 | { | |
dc49c1f9 CZ |
104 | char *secdata; |
105 | u32 seclen; | |
106 | int err; | |
107 | ||
108 | if (test_bit(SOCK_PASSSEC, &sock->flags)) { | |
109 | err = security_secid_to_secctx(scm->secid, &secdata, &seclen); | |
110 | ||
111 | if (!err) { | |
112 | put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); | |
113 | security_release_secctx(secdata, seclen); | |
114 | } | |
115 | } | |
877ce7c1 CZ |
116 | } |
117 | #else | |
118 | static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) | |
119 | { } | |
120 | #endif /* CONFIG_SECURITY_NETWORK */ | |
121 | ||
1da177e4 LT |
122 | static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg, |
123 | struct scm_cookie *scm, int flags) | |
124 | { | |
fd2c3ef7 | 125 | if (!msg->msg_control) { |
1da177e4 LT |
126 | if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp) |
127 | msg->msg_flags |= MSG_CTRUNC; | |
0856a304 TC |
128 | if (scm && scm->fp) |
129 | __scm_destroy(scm); | |
1da177e4 LT |
130 | return; |
131 | } | |
132 | ||
133 | if (test_bit(SOCK_PASSCRED, &sock->flags)) | |
134 | put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(scm->creds), &scm->creds); | |
135 | ||
877ce7c1 CZ |
136 | scm_passec(sock, msg, scm); |
137 | ||
1da177e4 LT |
138 | if (!scm->fp) |
139 | return; | |
140 | ||
141 | scm_detach_fds(msg, scm); | |
142 | } | |
143 | ||
144 | ||
145 | #endif /* __LINUX_NET_SCM_H */ | |
146 |