1 #ifndef __LINUX_NET_SCM_H 2 #define __LINUX_NET_SCM_H 3 4 #include <linux/limits.h> 5 #include <linux/net.h> 6 #include <linux/security.h> 7 #include <linux/pid.h> 8 #include <linux/nsproxy.h> 9 10 /* Well, we should have at least one descriptor open 11 * to accept passed FDs 8) 12 */ 13 #define SCM_MAX_FD 255 14 15 struct scm_fp_list { 16 struct list_head list; 17 int count; 18 struct file *fp[SCM_MAX_FD]; 19 }; 20 21 struct scm_cookie { 22 struct ucred creds; /* Skb credentials */ 23 struct scm_fp_list *fp; /* Passed files */ 24 #ifdef CONFIG_SECURITY_NETWORK 25 u32 secid; /* Passed security ID */ 26 #endif 27 }; 28 29 extern void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm); 30 extern void scm_detach_fds_compat(struct msghdr *msg, struct scm_cookie *scm); 31 extern int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm); 32 extern void __scm_destroy(struct scm_cookie *scm); 33 extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl); 34 35 #ifdef CONFIG_SECURITY_NETWORK 36 static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm) 37 { 38 security_socket_getpeersec_dgram(sock, NULL, &scm->secid); 39 } 40 #else 41 static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm) 42 { } 43 #endif /* CONFIG_SECURITY_NETWORK */ 44 45 static __inline__ void scm_destroy(struct scm_cookie *scm) 46 { 47 if (scm && scm->fp) 48 __scm_destroy(scm); 49 } 50 51 static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, 52 struct scm_cookie *scm) 53 { 54 struct task_struct *p = current; 55 scm->creds.uid = current_uid(); 56 scm->creds.gid = current_gid(); 57 scm->creds.pid = task_tgid_vnr(p); 58 scm->fp = NULL; 59 unix_get_peersec_dgram(sock, scm); 60 if (msg->msg_controllen <= 0) 61 return 0; 62 return __scm_send(sock, msg, scm); 63 } 64 65 #ifdef CONFIG_SECURITY_NETWORK 66 static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) 67 { 68 char *secdata; 69 u32 seclen; 70 int err; 71 72 if (test_bit(SOCK_PASSSEC, &sock->flags)) { 73 err = security_secid_to_secctx(scm->secid, &secdata, &seclen); 74 75 if (!err) { 76 put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); 77 security_release_secctx(secdata, seclen); 78 } 79 } 80 } 81 #else 82 static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) 83 { } 84 #endif /* CONFIG_SECURITY_NETWORK */ 85 86 static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg, 87 struct scm_cookie *scm, int flags) 88 { 89 if (!msg->msg_control) { 90 if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp) 91 msg->msg_flags |= MSG_CTRUNC; 92 scm_destroy(scm); 93 return; 94 } 95 96 if (test_bit(SOCK_PASSCRED, &sock->flags)) 97 put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(scm->creds), &scm->creds); 98 99 scm_passec(sock, msg, scm); 100 101 if (!scm->fp) 102 return; 103 104 scm_detach_fds(msg, scm); 105 } 106 107 108 #endif /* __LINUX_NET_SCM_H */ 109 110