xref: /openbmc/linux/include/net/scm.h (revision 404e077a)
1 /* SPDX-License-Identifier: GPL-2.0 */
2 #ifndef __LINUX_NET_SCM_H
3 #define __LINUX_NET_SCM_H
4 
5 #include <linux/limits.h>
6 #include <linux/net.h>
7 #include <linux/cred.h>
8 #include <linux/security.h>
9 #include <linux/pid.h>
10 #include <linux/nsproxy.h>
11 #include <linux/sched/signal.h>
12 
13 /* Well, we should have at least one descriptor open
14  * to accept passed FDs 8)
15  */
16 #define SCM_MAX_FD	253
17 
18 struct scm_creds {
19 	u32	pid;
20 	kuid_t	uid;
21 	kgid_t	gid;
22 };
23 
24 struct scm_fp_list {
25 	short			count;
26 	short			max;
27 	struct user_struct	*user;
28 	struct file		*fp[SCM_MAX_FD];
29 };
30 
31 struct scm_cookie {
32 	struct pid		*pid;		/* Skb credentials */
33 	struct scm_fp_list	*fp;		/* Passed files		*/
34 	struct scm_creds	creds;		/* Skb credentials	*/
35 #ifdef CONFIG_SECURITY_NETWORK
36 	u32			secid;		/* Passed security ID 	*/
37 #endif
38 };
39 
40 void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm);
41 void scm_detach_fds_compat(struct msghdr *msg, struct scm_cookie *scm);
42 int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm);
43 void __scm_destroy(struct scm_cookie *scm);
44 struct scm_fp_list *scm_fp_dup(struct scm_fp_list *fpl);
45 
46 #ifdef CONFIG_SECURITY_NETWORK
47 static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
48 {
49 	security_socket_getpeersec_dgram(sock, NULL, &scm->secid);
50 }
51 #else
52 static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
53 { }
54 #endif /* CONFIG_SECURITY_NETWORK */
55 
56 static __inline__ void scm_set_cred(struct scm_cookie *scm,
57 				    struct pid *pid, kuid_t uid, kgid_t gid)
58 {
59 	scm->pid  = get_pid(pid);
60 	scm->creds.pid = pid_vnr(pid);
61 	scm->creds.uid = uid;
62 	scm->creds.gid = gid;
63 }
64 
65 static __inline__ void scm_destroy_cred(struct scm_cookie *scm)
66 {
67 	put_pid(scm->pid);
68 	scm->pid  = NULL;
69 }
70 
71 static __inline__ void scm_destroy(struct scm_cookie *scm)
72 {
73 	scm_destroy_cred(scm);
74 	if (scm->fp)
75 		__scm_destroy(scm);
76 }
77 
78 static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
79 			       struct scm_cookie *scm, bool forcecreds)
80 {
81 	memset(scm, 0, sizeof(*scm));
82 	scm->creds.uid = INVALID_UID;
83 	scm->creds.gid = INVALID_GID;
84 	if (forcecreds)
85 		scm_set_cred(scm, task_tgid(current), current_uid(), current_gid());
86 	unix_get_peersec_dgram(sock, scm);
87 	if (msg->msg_controllen <= 0)
88 		return 0;
89 	return __scm_send(sock, msg, scm);
90 }
91 
92 #ifdef CONFIG_SECURITY_NETWORK
93 static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
94 {
95 	char *secdata;
96 	u32 seclen;
97 	int err;
98 
99 	if (test_bit(SOCK_PASSSEC, &sock->flags)) {
100 		err = security_secid_to_secctx(scm->secid, &secdata, &seclen);
101 
102 		if (!err) {
103 			put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
104 			security_release_secctx(secdata, seclen);
105 		}
106 	}
107 }
108 
109 static inline bool scm_has_secdata(struct socket *sock)
110 {
111 	return test_bit(SOCK_PASSSEC, &sock->flags);
112 }
113 #else
114 static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
115 { }
116 
117 static inline bool scm_has_secdata(struct socket *sock)
118 {
119 	return false;
120 }
121 #endif /* CONFIG_SECURITY_NETWORK */
122 
123 static __inline__ void scm_pidfd_recv(struct msghdr *msg, struct scm_cookie *scm)
124 {
125 	struct file *pidfd_file = NULL;
126 	int pidfd;
127 
128 	/*
129 	 * put_cmsg() doesn't return an error if CMSG is truncated,
130 	 * that's why we need to opencode these checks here.
131 	 */
132 	if ((msg->msg_controllen <= sizeof(struct cmsghdr)) ||
133 	    (msg->msg_controllen - sizeof(struct cmsghdr)) < sizeof(int)) {
134 		msg->msg_flags |= MSG_CTRUNC;
135 		return;
136 	}
137 
138 	if (!scm->pid)
139 		return;
140 
141 	pidfd = pidfd_prepare(scm->pid, 0, &pidfd_file);
142 
143 	if (put_cmsg(msg, SOL_SOCKET, SCM_PIDFD, sizeof(int), &pidfd)) {
144 		if (pidfd_file) {
145 			put_unused_fd(pidfd);
146 			fput(pidfd_file);
147 		}
148 
149 		return;
150 	}
151 
152 	if (pidfd_file)
153 		fd_install(pidfd, pidfd_file);
154 }
155 
156 static inline bool __scm_recv_common(struct socket *sock, struct msghdr *msg,
157 				     struct scm_cookie *scm, int flags)
158 {
159 	if (!msg->msg_control) {
160 		if (test_bit(SOCK_PASSCRED, &sock->flags) ||
161 		    test_bit(SOCK_PASSPIDFD, &sock->flags) ||
162 		    scm->fp || scm_has_secdata(sock))
163 			msg->msg_flags |= MSG_CTRUNC;
164 		scm_destroy(scm);
165 		return false;
166 	}
167 
168 	if (test_bit(SOCK_PASSCRED, &sock->flags)) {
169 		struct user_namespace *current_ns = current_user_ns();
170 		struct ucred ucreds = {
171 			.pid = scm->creds.pid,
172 			.uid = from_kuid_munged(current_ns, scm->creds.uid),
173 			.gid = from_kgid_munged(current_ns, scm->creds.gid),
174 		};
175 		put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(ucreds), &ucreds);
176 	}
177 
178 	scm_passec(sock, msg, scm);
179 
180 	if (scm->fp)
181 		scm_detach_fds(msg, scm);
182 
183 	return true;
184 }
185 
186 static inline void scm_recv(struct socket *sock, struct msghdr *msg,
187 			    struct scm_cookie *scm, int flags)
188 {
189 	if (!__scm_recv_common(sock, msg, scm, flags))
190 		return;
191 
192 	scm_destroy_cred(scm);
193 }
194 
195 static inline void scm_recv_unix(struct socket *sock, struct msghdr *msg,
196 				 struct scm_cookie *scm, int flags)
197 {
198 	if (!__scm_recv_common(sock, msg, scm, flags))
199 		return;
200 
201 	if (test_bit(SOCK_PASSPIDFD, &sock->flags))
202 		scm_pidfd_recv(msg, scm);
203 
204 	scm_destroy_cred(scm);
205 }
206 
207 #endif /* __LINUX_NET_SCM_H */
208 
209