xref: /openbmc/linux/include/net/scm.h (revision 8153ff5c5f3183dec007469d7e039b4d01ea6d82) 
11da177e4SLinus Torvalds #ifndef __LINUX_NET_SCM_H
21da177e4SLinus Torvalds #define __LINUX_NET_SCM_H
31da177e4SLinus Torvalds 
41da177e4SLinus Torvalds #include <linux/limits.h>
51da177e4SLinus Torvalds #include <linux/net.h>
6dc49c1f9SCatherine Zhang #include <linux/security.h>
7b488893aSPavel Emelyanov #include <linux/pid.h>
8b488893aSPavel Emelyanov #include <linux/nsproxy.h>
91da177e4SLinus Torvalds 
101da177e4SLinus Torvalds /* Well, we should have at least one descriptor open
111da177e4SLinus Torvalds  * to accept passed FDs 8)
121da177e4SLinus Torvalds  */
13bba14de9SEric Dumazet #define SCM_MAX_FD	253
141da177e4SLinus Torvalds 
15dbe9a417SEric W. Biederman struct scm_creds {
16dbe9a417SEric W. Biederman 	u32	pid;
17dbe9a417SEric W. Biederman 	kuid_t	uid;
18dbe9a417SEric W. Biederman 	kgid_t	gid;
19dbe9a417SEric W. Biederman };
20dbe9a417SEric W. Biederman 
21fd2c3ef7SEric Dumazet struct scm_fp_list {
22bba14de9SEric Dumazet 	short			count;
23bba14de9SEric Dumazet 	short			max;
241da177e4SLinus Torvalds 	struct file		*fp[SCM_MAX_FD];
251da177e4SLinus Torvalds };
261da177e4SLinus Torvalds 
27fd2c3ef7SEric Dumazet struct scm_cookie {
28257b5358SEric W. Biederman 	struct pid		*pid;		/* Skb credentials */
291da177e4SLinus Torvalds 	struct scm_fp_list	*fp;		/* Passed files		*/
30dbe9a417SEric W. Biederman 	struct scm_creds	creds;		/* Skb credentials	*/
31877ce7c1SCatherine Zhang #ifdef CONFIG_SECURITY_NETWORK
32dc49c1f9SCatherine Zhang 	u32			secid;		/* Passed security ID 	*/
33877ce7c1SCatherine Zhang #endif
341da177e4SLinus Torvalds };
351da177e4SLinus Torvalds 
36*8153ff5cSJoe Perches void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm);
37*8153ff5cSJoe Perches void scm_detach_fds_compat(struct msghdr *msg, struct scm_cookie *scm);
38*8153ff5cSJoe Perches int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm);
39*8153ff5cSJoe Perches void __scm_destroy(struct scm_cookie *scm);
40*8153ff5cSJoe Perches struct scm_fp_list *scm_fp_dup(struct scm_fp_list *fpl);
411da177e4SLinus Torvalds 
42dc49c1f9SCatherine Zhang #ifdef CONFIG_SECURITY_NETWORK
43dc49c1f9SCatherine Zhang static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
44dc49c1f9SCatherine Zhang {
45dc49c1f9SCatherine Zhang 	security_socket_getpeersec_dgram(sock, NULL, &scm->secid);
46dc49c1f9SCatherine Zhang }
47dc49c1f9SCatherine Zhang #else
48dc49c1f9SCatherine Zhang static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
49dc49c1f9SCatherine Zhang { }
50dc49c1f9SCatherine Zhang #endif /* CONFIG_SECURITY_NETWORK */
51dc49c1f9SCatherine Zhang 
52257b5358SEric W. Biederman static __inline__ void scm_set_cred(struct scm_cookie *scm,
536b0ee8c0SEric W. Biederman 				    struct pid *pid, kuid_t uid, kgid_t gid)
54257b5358SEric W. Biederman {
55257b5358SEric W. Biederman 	scm->pid  = get_pid(pid);
56dbe9a417SEric W. Biederman 	scm->creds.pid = pid_vnr(pid);
576b0ee8c0SEric W. Biederman 	scm->creds.uid = uid;
586b0ee8c0SEric W. Biederman 	scm->creds.gid = gid;
59257b5358SEric W. Biederman }
60257b5358SEric W. Biederman 
61257b5358SEric W. Biederman static __inline__ void scm_destroy_cred(struct scm_cookie *scm)
62257b5358SEric W. Biederman {
63257b5358SEric W. Biederman 	put_pid(scm->pid);
64257b5358SEric W. Biederman 	scm->pid  = NULL;
65257b5358SEric W. Biederman }
66257b5358SEric W. Biederman 
671da177e4SLinus Torvalds static __inline__ void scm_destroy(struct scm_cookie *scm)
681da177e4SLinus Torvalds {
69257b5358SEric W. Biederman 	scm_destroy_cred(scm);
702a6c8c79SDavid S. Miller 	if (scm->fp)
711da177e4SLinus Torvalds 		__scm_destroy(scm);
721da177e4SLinus Torvalds }
731da177e4SLinus Torvalds 
741da177e4SLinus Torvalds static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
75e0e3cea4SEric Dumazet 			       struct scm_cookie *scm, bool forcecreds)
761da177e4SLinus Torvalds {
7716e57262SEric Dumazet 	memset(scm, 0, sizeof(*scm));
786b0ee8c0SEric W. Biederman 	scm->creds.uid = INVALID_UID;
796b0ee8c0SEric W. Biederman 	scm->creds.gid = INVALID_GID;
80e0e3cea4SEric Dumazet 	if (forcecreds)
816e0895c2SDavid S. Miller 		scm_set_cred(scm, task_tgid(current), current_uid(), current_gid());
82dc49c1f9SCatherine Zhang 	unix_get_peersec_dgram(sock, scm);
831da177e4SLinus Torvalds 	if (msg->msg_controllen <= 0)
841da177e4SLinus Torvalds 		return 0;
851da177e4SLinus Torvalds 	return __scm_send(sock, msg, scm);
861da177e4SLinus Torvalds }
871da177e4SLinus Torvalds 
88877ce7c1SCatherine Zhang #ifdef CONFIG_SECURITY_NETWORK
89877ce7c1SCatherine Zhang static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
90877ce7c1SCatherine Zhang {
91dc49c1f9SCatherine Zhang 	char *secdata;
92dc49c1f9SCatherine Zhang 	u32 seclen;
93dc49c1f9SCatherine Zhang 	int err;
94dc49c1f9SCatherine Zhang 
95dc49c1f9SCatherine Zhang 	if (test_bit(SOCK_PASSSEC, &sock->flags)) {
96dc49c1f9SCatherine Zhang 		err = security_secid_to_secctx(scm->secid, &secdata, &seclen);
97dc49c1f9SCatherine Zhang 
98dc49c1f9SCatherine Zhang 		if (!err) {
99dc49c1f9SCatherine Zhang 			put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
100dc49c1f9SCatherine Zhang 			security_release_secctx(secdata, seclen);
101dc49c1f9SCatherine Zhang 		}
102dc49c1f9SCatherine Zhang 	}
103877ce7c1SCatherine Zhang }
104877ce7c1SCatherine Zhang #else
105877ce7c1SCatherine Zhang static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
106877ce7c1SCatherine Zhang { }
107877ce7c1SCatherine Zhang #endif /* CONFIG_SECURITY_NETWORK */
108877ce7c1SCatherine Zhang 
1091da177e4SLinus Torvalds static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg,
1101da177e4SLinus Torvalds 				struct scm_cookie *scm, int flags)
1111da177e4SLinus Torvalds {
112fd2c3ef7SEric Dumazet 	if (!msg->msg_control) {
1131da177e4SLinus Torvalds 		if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp)
1141da177e4SLinus Torvalds 			msg->msg_flags |= MSG_CTRUNC;
115f78a5fdaSDavid S. Miller 		scm_destroy(scm);
1161da177e4SLinus Torvalds 		return;
1171da177e4SLinus Torvalds 	}
1181da177e4SLinus Torvalds 
119dbe9a417SEric W. Biederman 	if (test_bit(SOCK_PASSCRED, &sock->flags)) {
120dbe9a417SEric W. Biederman 		struct user_namespace *current_ns = current_user_ns();
121dbe9a417SEric W. Biederman 		struct ucred ucreds = {
122dbe9a417SEric W. Biederman 			.pid = scm->creds.pid,
123dbe9a417SEric W. Biederman 			.uid = from_kuid_munged(current_ns, scm->creds.uid),
124dbe9a417SEric W. Biederman 			.gid = from_kgid_munged(current_ns, scm->creds.gid),
125dbe9a417SEric W. Biederman 		};
126dbe9a417SEric W. Biederman 		put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(ucreds), &ucreds);
127dbe9a417SEric W. Biederman 	}
1281da177e4SLinus Torvalds 
129f78a5fdaSDavid S. Miller 	scm_destroy_cred(scm);
130f78a5fdaSDavid S. Miller 
131877ce7c1SCatherine Zhang 	scm_passec(sock, msg, scm);
132877ce7c1SCatherine Zhang 
1331da177e4SLinus Torvalds 	if (!scm->fp)
1341da177e4SLinus Torvalds 		return;
1351da177e4SLinus Torvalds 
1361da177e4SLinus Torvalds 	scm_detach_fds(msg, scm);
1371da177e4SLinus Torvalds }
1381da177e4SLinus Torvalds 
1391da177e4SLinus Torvalds 
1401da177e4SLinus Torvalds #endif /* __LINUX_NET_SCM_H */
1411da177e4SLinus Torvalds 
142