]>
Commit | Line | Data |
---|---|---|
1 | #ifndef __LINUX_NET_SCM_H | |
2 | #define __LINUX_NET_SCM_H | |
3 | ||
4 | #include <linux/limits.h> | |
5 | #include <linux/net.h> | |
6 | #include <linux/security.h> | |
7 | #include <linux/pid.h> | |
8 | #include <linux/nsproxy.h> | |
9 | ||
10 | /* Well, we should have at least one descriptor open | |
11 | * to accept passed FDs 8) | |
12 | */ | |
13 | #define SCM_MAX_FD 255 | |
14 | ||
15 | struct scm_fp_list { | |
16 | struct list_head list; | |
17 | int count; | |
18 | struct file *fp[SCM_MAX_FD]; | |
19 | }; | |
20 | ||
21 | struct scm_cookie { | |
22 | struct ucred creds; /* Skb credentials */ | |
23 | struct scm_fp_list *fp; /* Passed files */ | |
24 | #ifdef CONFIG_SECURITY_NETWORK | |
25 | u32 secid; /* Passed security ID */ | |
26 | #endif | |
27 | }; | |
28 | ||
29 | extern void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm); | |
30 | extern void scm_detach_fds_compat(struct msghdr *msg, struct scm_cookie *scm); | |
31 | extern int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm); | |
32 | extern void __scm_destroy(struct scm_cookie *scm); | |
33 | extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl); | |
34 | ||
35 | #ifdef CONFIG_SECURITY_NETWORK | |
36 | static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm) | |
37 | { | |
38 | security_socket_getpeersec_dgram(sock, NULL, &scm->secid); | |
39 | } | |
40 | #else | |
41 | static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm) | |
42 | { } | |
43 | #endif /* CONFIG_SECURITY_NETWORK */ | |
44 | ||
45 | static __inline__ void scm_destroy(struct scm_cookie *scm) | |
46 | { | |
47 | if (scm && scm->fp) | |
48 | __scm_destroy(scm); | |
49 | } | |
50 | ||
51 | static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, | |
52 | struct scm_cookie *scm) | |
53 | { | |
54 | struct task_struct *p = current; | |
55 | scm->creds.uid = current_uid(); | |
56 | scm->creds.gid = current_gid(); | |
57 | scm->creds.pid = task_tgid_vnr(p); | |
58 | scm->fp = NULL; | |
59 | unix_get_peersec_dgram(sock, scm); | |
60 | if (msg->msg_controllen <= 0) | |
61 | return 0; | |
62 | return __scm_send(sock, msg, scm); | |
63 | } | |
64 | ||
65 | #ifdef CONFIG_SECURITY_NETWORK | |
66 | static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) | |
67 | { | |
68 | char *secdata; | |
69 | u32 seclen; | |
70 | int err; | |
71 | ||
72 | if (test_bit(SOCK_PASSSEC, &sock->flags)) { | |
73 | err = security_secid_to_secctx(scm->secid, &secdata, &seclen); | |
74 | ||
75 | if (!err) { | |
76 | put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); | |
77 | security_release_secctx(secdata, seclen); | |
78 | } | |
79 | } | |
80 | } | |
81 | #else | |
82 | static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) | |
83 | { } | |
84 | #endif /* CONFIG_SECURITY_NETWORK */ | |
85 | ||
86 | static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg, | |
87 | struct scm_cookie *scm, int flags) | |
88 | { | |
89 | if (!msg->msg_control) { | |
90 | if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp) | |
91 | msg->msg_flags |= MSG_CTRUNC; | |
92 | scm_destroy(scm); | |
93 | return; | |
94 | } | |
95 | ||
96 | if (test_bit(SOCK_PASSCRED, &sock->flags)) | |
97 | put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(scm->creds), &scm->creds); | |
98 | ||
99 | scm_passec(sock, msg, scm); | |
100 | ||
101 | if (!scm->fp) | |
102 | return; | |
103 | ||
104 | scm_detach_fds(msg, scm); | |
105 | } | |
106 | ||
107 | ||
108 | #endif /* __LINUX_NET_SCM_H */ | |
109 |