1b2441318SGreg Kroah-Hartman /* SPDX-License-Identifier: GPL-2.0 */ 21da177e4SLinus Torvalds #ifndef __LINUX_NET_SCM_H 31da177e4SLinus Torvalds #define __LINUX_NET_SCM_H 41da177e4SLinus Torvalds 51da177e4SLinus Torvalds #include <linux/limits.h> 61da177e4SLinus Torvalds #include <linux/net.h> 75b825c3aSIngo Molnar #include <linux/cred.h> 8dc49c1f9SCatherine Zhang #include <linux/security.h> 9b488893aSPavel Emelyanov #include <linux/pid.h> 10b488893aSPavel Emelyanov #include <linux/nsproxy.h> 117a36094dSEric W. Biederman #include <linux/sched/signal.h> 121da177e4SLinus Torvalds 131da177e4SLinus Torvalds /* Well, we should have at least one descriptor open 141da177e4SLinus Torvalds * to accept passed FDs 8) 151da177e4SLinus Torvalds */ 16bba14de9SEric Dumazet #define SCM_MAX_FD 253 171da177e4SLinus Torvalds 18dbe9a417SEric W. Biederman struct scm_creds { 19dbe9a417SEric W. Biederman u32 pid; 20dbe9a417SEric W. Biederman kuid_t uid; 21dbe9a417SEric W. Biederman kgid_t gid; 22dbe9a417SEric W. Biederman }; 23dbe9a417SEric W. Biederman 24fd2c3ef7SEric Dumazet struct scm_fp_list { 25bba14de9SEric Dumazet short count; 26bba14de9SEric Dumazet short max; 27415e3d3eSHannes Frederic Sowa struct user_struct *user; 281da177e4SLinus Torvalds struct file *fp[SCM_MAX_FD]; 291da177e4SLinus Torvalds }; 301da177e4SLinus Torvalds 31fd2c3ef7SEric Dumazet struct scm_cookie { 32257b5358SEric W. Biederman struct pid *pid; /* Skb credentials */ 331da177e4SLinus Torvalds struct scm_fp_list *fp; /* Passed files */ 34dbe9a417SEric W. Biederman struct scm_creds creds; /* Skb credentials */ 35877ce7c1SCatherine Zhang #ifdef CONFIG_SECURITY_NETWORK 36dc49c1f9SCatherine Zhang u32 secid; /* Passed security ID */ 37877ce7c1SCatherine Zhang #endif 381da177e4SLinus Torvalds }; 391da177e4SLinus Torvalds 408153ff5cSJoe Perches void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm); 418153ff5cSJoe Perches void scm_detach_fds_compat(struct msghdr *msg, struct scm_cookie *scm); 428153ff5cSJoe Perches int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm); 438153ff5cSJoe Perches void __scm_destroy(struct scm_cookie *scm); 448153ff5cSJoe Perches struct scm_fp_list *scm_fp_dup(struct scm_fp_list *fpl); 451da177e4SLinus Torvalds 46dc49c1f9SCatherine Zhang #ifdef CONFIG_SECURITY_NETWORK 47dc49c1f9SCatherine Zhang static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm) 48dc49c1f9SCatherine Zhang { 49dc49c1f9SCatherine Zhang security_socket_getpeersec_dgram(sock, NULL, &scm->secid); 50dc49c1f9SCatherine Zhang } 51dc49c1f9SCatherine Zhang #else 52dc49c1f9SCatherine Zhang static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm) 53dc49c1f9SCatherine Zhang { } 54dc49c1f9SCatherine Zhang #endif /* CONFIG_SECURITY_NETWORK */ 55dc49c1f9SCatherine Zhang 56257b5358SEric W. Biederman static __inline__ void scm_set_cred(struct scm_cookie *scm, 576b0ee8c0SEric W. Biederman struct pid *pid, kuid_t uid, kgid_t gid) 58257b5358SEric W. Biederman { 59257b5358SEric W. Biederman scm->pid = get_pid(pid); 60dbe9a417SEric W. Biederman scm->creds.pid = pid_vnr(pid); 616b0ee8c0SEric W. Biederman scm->creds.uid = uid; 626b0ee8c0SEric W. Biederman scm->creds.gid = gid; 63257b5358SEric W. Biederman } 64257b5358SEric W. Biederman 65257b5358SEric W. Biederman static __inline__ void scm_destroy_cred(struct scm_cookie *scm) 66257b5358SEric W. Biederman { 67257b5358SEric W. Biederman put_pid(scm->pid); 68257b5358SEric W. Biederman scm->pid = NULL; 69257b5358SEric W. Biederman } 70257b5358SEric W. Biederman 711da177e4SLinus Torvalds static __inline__ void scm_destroy(struct scm_cookie *scm) 721da177e4SLinus Torvalds { 73257b5358SEric W. Biederman scm_destroy_cred(scm); 742a6c8c79SDavid S. Miller if (scm->fp) 751da177e4SLinus Torvalds __scm_destroy(scm); 761da177e4SLinus Torvalds } 771da177e4SLinus Torvalds 781da177e4SLinus Torvalds static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, 79e0e3cea4SEric Dumazet struct scm_cookie *scm, bool forcecreds) 801da177e4SLinus Torvalds { 8116e57262SEric Dumazet memset(scm, 0, sizeof(*scm)); 826b0ee8c0SEric W. Biederman scm->creds.uid = INVALID_UID; 836b0ee8c0SEric W. Biederman scm->creds.gid = INVALID_GID; 84e0e3cea4SEric Dumazet if (forcecreds) 856e0895c2SDavid S. Miller scm_set_cred(scm, task_tgid(current), current_uid(), current_gid()); 86dc49c1f9SCatherine Zhang unix_get_peersec_dgram(sock, scm); 871da177e4SLinus Torvalds if (msg->msg_controllen <= 0) 881da177e4SLinus Torvalds return 0; 891da177e4SLinus Torvalds return __scm_send(sock, msg, scm); 901da177e4SLinus Torvalds } 911da177e4SLinus Torvalds 92877ce7c1SCatherine Zhang #ifdef CONFIG_SECURITY_NETWORK 93877ce7c1SCatherine Zhang static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) 94877ce7c1SCatherine Zhang { 95dc49c1f9SCatherine Zhang char *secdata; 96dc49c1f9SCatherine Zhang u32 seclen; 97dc49c1f9SCatherine Zhang int err; 98dc49c1f9SCatherine Zhang 99dc49c1f9SCatherine Zhang if (test_bit(SOCK_PASSSEC, &sock->flags)) { 100dc49c1f9SCatherine Zhang err = security_secid_to_secctx(scm->secid, &secdata, &seclen); 101dc49c1f9SCatherine Zhang 102dc49c1f9SCatherine Zhang if (!err) { 103dc49c1f9SCatherine Zhang put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); 104dc49c1f9SCatherine Zhang security_release_secctx(secdata, seclen); 105dc49c1f9SCatherine Zhang } 106dc49c1f9SCatherine Zhang } 107877ce7c1SCatherine Zhang } 108a02d83f9SAlexander Mikhalitsyn 109a02d83f9SAlexander Mikhalitsyn static inline bool scm_has_secdata(struct socket *sock) 110a02d83f9SAlexander Mikhalitsyn { 111a02d83f9SAlexander Mikhalitsyn return test_bit(SOCK_PASSSEC, &sock->flags); 112a02d83f9SAlexander Mikhalitsyn } 113877ce7c1SCatherine Zhang #else 114877ce7c1SCatherine Zhang static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) 115877ce7c1SCatherine Zhang { } 116a02d83f9SAlexander Mikhalitsyn 117a02d83f9SAlexander Mikhalitsyn static inline bool scm_has_secdata(struct socket *sock) 118a02d83f9SAlexander Mikhalitsyn { 119a02d83f9SAlexander Mikhalitsyn return false; 120a02d83f9SAlexander Mikhalitsyn } 121877ce7c1SCatherine Zhang #endif /* CONFIG_SECURITY_NETWORK */ 122877ce7c1SCatherine Zhang 1235e2ff670SAlexander Mikhalitsyn static __inline__ void scm_pidfd_recv(struct msghdr *msg, struct scm_cookie *scm) 1245e2ff670SAlexander Mikhalitsyn { 1255e2ff670SAlexander Mikhalitsyn struct file *pidfd_file = NULL; 1265e2ff670SAlexander Mikhalitsyn int pidfd; 1275e2ff670SAlexander Mikhalitsyn 1285e2ff670SAlexander Mikhalitsyn /* 1295e2ff670SAlexander Mikhalitsyn * put_cmsg() doesn't return an error if CMSG is truncated, 1305e2ff670SAlexander Mikhalitsyn * that's why we need to opencode these checks here. 1315e2ff670SAlexander Mikhalitsyn */ 1325e2ff670SAlexander Mikhalitsyn if ((msg->msg_controllen <= sizeof(struct cmsghdr)) || 1335e2ff670SAlexander Mikhalitsyn (msg->msg_controllen - sizeof(struct cmsghdr)) < sizeof(int)) { 1345e2ff670SAlexander Mikhalitsyn msg->msg_flags |= MSG_CTRUNC; 1355e2ff670SAlexander Mikhalitsyn return; 1365e2ff670SAlexander Mikhalitsyn } 1375e2ff670SAlexander Mikhalitsyn 138603fc57aSKuniyuki Iwashima if (!scm->pid) 139603fc57aSKuniyuki Iwashima return; 140603fc57aSKuniyuki Iwashima 1415e2ff670SAlexander Mikhalitsyn pidfd = pidfd_prepare(scm->pid, 0, &pidfd_file); 1425e2ff670SAlexander Mikhalitsyn 1435e2ff670SAlexander Mikhalitsyn if (put_cmsg(msg, SOL_SOCKET, SCM_PIDFD, sizeof(int), &pidfd)) { 1445e2ff670SAlexander Mikhalitsyn if (pidfd_file) { 1455e2ff670SAlexander Mikhalitsyn put_unused_fd(pidfd); 1465e2ff670SAlexander Mikhalitsyn fput(pidfd_file); 1475e2ff670SAlexander Mikhalitsyn } 1485e2ff670SAlexander Mikhalitsyn 1495e2ff670SAlexander Mikhalitsyn return; 1505e2ff670SAlexander Mikhalitsyn } 1515e2ff670SAlexander Mikhalitsyn 1525e2ff670SAlexander Mikhalitsyn if (pidfd_file) 1535e2ff670SAlexander Mikhalitsyn fd_install(pidfd, pidfd_file); 1545e2ff670SAlexander Mikhalitsyn } 1555e2ff670SAlexander Mikhalitsyn 156*a9c49cc2SAlexander Mikhalitsyn static inline bool __scm_recv_common(struct socket *sock, struct msghdr *msg, 1571da177e4SLinus Torvalds struct scm_cookie *scm, int flags) 1581da177e4SLinus Torvalds { 159fd2c3ef7SEric Dumazet if (!msg->msg_control) { 1605e2ff670SAlexander Mikhalitsyn if (test_bit(SOCK_PASSCRED, &sock->flags) || 1615e2ff670SAlexander Mikhalitsyn test_bit(SOCK_PASSPIDFD, &sock->flags) || 1625e2ff670SAlexander Mikhalitsyn scm->fp || scm_has_secdata(sock)) 1631da177e4SLinus Torvalds msg->msg_flags |= MSG_CTRUNC; 164f78a5fdaSDavid S. Miller scm_destroy(scm); 165*a9c49cc2SAlexander Mikhalitsyn return false; 1661da177e4SLinus Torvalds } 1671da177e4SLinus Torvalds 168dbe9a417SEric W. Biederman if (test_bit(SOCK_PASSCRED, &sock->flags)) { 169dbe9a417SEric W. Biederman struct user_namespace *current_ns = current_user_ns(); 170dbe9a417SEric W. Biederman struct ucred ucreds = { 171dbe9a417SEric W. Biederman .pid = scm->creds.pid, 172dbe9a417SEric W. Biederman .uid = from_kuid_munged(current_ns, scm->creds.uid), 173dbe9a417SEric W. Biederman .gid = from_kgid_munged(current_ns, scm->creds.gid), 174dbe9a417SEric W. Biederman }; 175dbe9a417SEric W. Biederman put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(ucreds), &ucreds); 176dbe9a417SEric W. Biederman } 1771da177e4SLinus Torvalds 178*a9c49cc2SAlexander Mikhalitsyn scm_passec(sock, msg, scm); 179*a9c49cc2SAlexander Mikhalitsyn 180*a9c49cc2SAlexander Mikhalitsyn if (scm->fp) 181*a9c49cc2SAlexander Mikhalitsyn scm_detach_fds(msg, scm); 182*a9c49cc2SAlexander Mikhalitsyn 183*a9c49cc2SAlexander Mikhalitsyn return true; 184*a9c49cc2SAlexander Mikhalitsyn } 185*a9c49cc2SAlexander Mikhalitsyn 186*a9c49cc2SAlexander Mikhalitsyn static inline void scm_recv(struct socket *sock, struct msghdr *msg, 187*a9c49cc2SAlexander Mikhalitsyn struct scm_cookie *scm, int flags) 188*a9c49cc2SAlexander Mikhalitsyn { 189*a9c49cc2SAlexander Mikhalitsyn if (!__scm_recv_common(sock, msg, scm, flags)) 190*a9c49cc2SAlexander Mikhalitsyn return; 191*a9c49cc2SAlexander Mikhalitsyn 192*a9c49cc2SAlexander Mikhalitsyn scm_destroy_cred(scm); 193*a9c49cc2SAlexander Mikhalitsyn } 194*a9c49cc2SAlexander Mikhalitsyn 195*a9c49cc2SAlexander Mikhalitsyn static inline void scm_recv_unix(struct socket *sock, struct msghdr *msg, 196*a9c49cc2SAlexander Mikhalitsyn struct scm_cookie *scm, int flags) 197*a9c49cc2SAlexander Mikhalitsyn { 198*a9c49cc2SAlexander Mikhalitsyn if (!__scm_recv_common(sock, msg, scm, flags)) 199*a9c49cc2SAlexander Mikhalitsyn return; 200*a9c49cc2SAlexander Mikhalitsyn 2015e2ff670SAlexander Mikhalitsyn if (test_bit(SOCK_PASSPIDFD, &sock->flags)) 2025e2ff670SAlexander Mikhalitsyn scm_pidfd_recv(msg, scm); 2035e2ff670SAlexander Mikhalitsyn 204f78a5fdaSDavid S. Miller scm_destroy_cred(scm); 2051da177e4SLinus Torvalds } 2061da177e4SLinus Torvalds 2071da177e4SLinus Torvalds #endif /* __LINUX_NET_SCM_H */ 2081da177e4SLinus Torvalds 209