scm.h 2.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119
  1. /* SPDX-License-Identifier: GPL-2.0 */
  2. #ifndef __LINUX_NET_SCM_H
  3. #define __LINUX_NET_SCM_H
  4. #include <linux/limits.h>
  5. #include <linux/net.h>
  6. #include <linux/cred.h>
  7. #include <linux/file.h>
  8. #include <linux/security.h>
  9. #include <linux/pid.h>
  10. #include <linux/nsproxy.h>
  11. #include <linux/sched/signal.h>
  12. #include <net/compat.h>
  13. /* Well, we should have at least one descriptor open
  14. * to accept passed FDs 8)
  15. */
  16. #define SCM_MAX_FD 253
  17. struct scm_creds {
  18. u32 pid;
  19. kuid_t uid;
  20. kgid_t gid;
  21. };
  22. #ifdef CONFIG_UNIX
  23. struct unix_edge;
  24. #endif
  25. struct scm_fp_list {
  26. short count;
  27. short count_unix;
  28. short max;
  29. #ifdef CONFIG_UNIX
  30. bool inflight;
  31. bool dead;
  32. struct list_head vertices;
  33. struct unix_edge *edges;
  34. #endif
  35. struct user_struct *user;
  36. struct file *fp[SCM_MAX_FD];
  37. };
  38. struct scm_cookie {
  39. struct pid *pid; /* Skb credentials */
  40. struct scm_fp_list *fp; /* Passed files */
  41. struct scm_creds creds; /* Skb credentials */
  42. #ifdef CONFIG_SECURITY_NETWORK
  43. u32 secid; /* Passed security ID */
  44. #endif
  45. };
  46. void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm);
  47. void scm_detach_fds_compat(struct msghdr *msg, struct scm_cookie *scm);
  48. int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm);
  49. void __scm_destroy(struct scm_cookie *scm);
  50. struct scm_fp_list *scm_fp_dup(struct scm_fp_list *fpl);
  51. #ifdef CONFIG_SECURITY_NETWORK
  52. static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
  53. {
  54. security_socket_getpeersec_dgram(sock, NULL, &scm->secid);
  55. }
  56. #else
  57. static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
  58. { }
  59. #endif /* CONFIG_SECURITY_NETWORK */
  60. static __inline__ void scm_set_cred(struct scm_cookie *scm,
  61. struct pid *pid, kuid_t uid, kgid_t gid)
  62. {
  63. scm->pid = get_pid(pid);
  64. scm->creds.pid = pid_vnr(pid);
  65. scm->creds.uid = uid;
  66. scm->creds.gid = gid;
  67. }
  68. static __inline__ void scm_destroy_cred(struct scm_cookie *scm)
  69. {
  70. put_pid(scm->pid);
  71. scm->pid = NULL;
  72. }
  73. static __inline__ void scm_destroy(struct scm_cookie *scm)
  74. {
  75. scm_destroy_cred(scm);
  76. if (scm->fp)
  77. __scm_destroy(scm);
  78. }
  79. static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
  80. struct scm_cookie *scm, bool forcecreds)
  81. {
  82. memset(scm, 0, sizeof(*scm));
  83. scm->creds.uid = INVALID_UID;
  84. scm->creds.gid = INVALID_GID;
  85. if (forcecreds)
  86. scm_set_cred(scm, task_tgid(current), current_uid(), current_gid());
  87. unix_get_peersec_dgram(sock, scm);
  88. if (msg->msg_controllen <= 0)
  89. return 0;
  90. return __scm_send(sock, msg, scm);
  91. }
  92. void scm_recv(struct socket *sock, struct msghdr *msg,
  93. struct scm_cookie *scm, int flags);
  94. void scm_recv_unix(struct socket *sock, struct msghdr *msg,
  95. struct scm_cookie *scm, int flags);
  96. static inline int scm_recv_one_fd(struct file *f, int __user *ufd,
  97. unsigned int flags)
  98. {
  99. if (!ufd)
  100. return -EFAULT;
  101. return receive_fd(f, ufd, flags);
  102. }
  103. #endif /* __LINUX_NET_SCM_H */