include/net/scm.h at c9a28fa7b9ac19b676deefa0a171ce7df8755c08 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / include / net / scm.h
at c9a28fa7b9ac19b676deefa0a171ce7df8755c08 113 lines 2.8 kB view raw
  1#ifndef __LINUX_NET_SCM_H
  2#define __LINUX_NET_SCM_H
  3
  4#include <linux/limits.h>
  5#include <linux/net.h>
  6#include <linux/security.h>
  7#include <linux/pid.h>
  8#include <linux/nsproxy.h>
  9
 10/* Well, we should have at least one descriptor open
 11 * to accept passed FDs 8)
 12 */
 13#define SCM_MAX_FD	255
 14
 15struct scm_fp_list
 16{
 17	int		count;
 18	struct file	*fp[SCM_MAX_FD];
 19};
 20
 21struct scm_cookie
 22{
 23	struct ucred		creds;		/* Skb credentials	*/
 24	struct scm_fp_list	*fp;		/* Passed files		*/
 25#ifdef CONFIG_SECURITY_NETWORK
 26	u32			secid;		/* Passed security ID 	*/
 27#endif
 28	unsigned long		seq;		/* Connection seqno	*/
 29};
 30
 31extern void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm);
 32extern void scm_detach_fds_compat(struct msghdr *msg, struct scm_cookie *scm);
 33extern int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm);
 34extern void __scm_destroy(struct scm_cookie *scm);
 35extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl);
 36
 37#ifdef CONFIG_SECURITY_NETWORK
 38static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
 39{
 40	security_socket_getpeersec_dgram(sock, NULL, &scm->secid);
 41}
 42#else
 43static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
 44{ }
 45#endif /* CONFIG_SECURITY_NETWORK */
 46
 47static __inline__ void scm_destroy(struct scm_cookie *scm)
 48{
 49	if (scm && scm->fp)
 50		__scm_destroy(scm);
 51}
 52
 53static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
 54			       struct scm_cookie *scm)
 55{
 56	struct task_struct *p = current;
 57	scm->creds.uid = p->uid;
 58	scm->creds.gid = p->gid;
 59	scm->creds.pid = task_tgid_vnr(p);
 60	scm->fp = NULL;
 61	scm->seq = 0;
 62	unix_get_peersec_dgram(sock, scm);
 63	if (msg->msg_controllen <= 0)
 64		return 0;
 65	return __scm_send(sock, msg, scm);
 66}
 67
 68#ifdef CONFIG_SECURITY_NETWORK
 69static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
 70{
 71	char *secdata;
 72	u32 seclen;
 73	int err;
 74
 75	if (test_bit(SOCK_PASSSEC, &sock->flags)) {
 76		err = security_secid_to_secctx(scm->secid, &secdata, &seclen);
 77
 78		if (!err) {
 79			put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
 80			security_release_secctx(secdata, seclen);
 81		}
 82	}
 83}
 84#else
 85static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
 86{ }
 87#endif /* CONFIG_SECURITY_NETWORK */
 88
 89static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg,
 90				struct scm_cookie *scm, int flags)
 91{
 92	if (!msg->msg_control)
 93	{
 94		if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp)
 95			msg->msg_flags |= MSG_CTRUNC;
 96		scm_destroy(scm);
 97		return;
 98	}
 99
100	if (test_bit(SOCK_PASSCRED, &sock->flags))
101		put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(scm->creds), &scm->creds);
102
103	scm_passec(sock, msg, scm);
104
105	if (!scm->fp)
106		return;
107	
108	scm_detach_fds(msg, scm);
109}
110
111
112#endif /* __LINUX_NET_SCM_H */
113