include/net/scm.h at e3f4e1cbc341bc2020241d8119bd078db3ec3b85

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / include / net / scm.h
at e3f4e1cbc341bc2020241d8119bd078db3ec3b85 109 lines 2.8 kB view raw
wrap content
  1#ifndef __LINUX_NET_SCM_H
  2#define __LINUX_NET_SCM_H
  3
  4#include <linux/limits.h>
  5#include <linux/net.h>
  6#include <linux/security.h>
  7#include <linux/pid.h>
  8#include <linux/nsproxy.h>
  9
 10/* Well, we should have at least one descriptor open
 11 * to accept passed FDs 8)
 12 */
 13#define SCM_MAX_FD	255
 14
 15struct scm_fp_list {
 16	struct list_head	list;
 17	int			count;
 18	struct file		*fp[SCM_MAX_FD];
 19};
 20
 21struct scm_cookie {
 22	struct ucred		creds;		/* Skb credentials	*/
 23	struct scm_fp_list	*fp;		/* Passed files		*/
 24#ifdef CONFIG_SECURITY_NETWORK
 25	u32			secid;		/* Passed security ID 	*/
 26#endif
 27};
 28
 29extern void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm);
 30extern void scm_detach_fds_compat(struct msghdr *msg, struct scm_cookie *scm);
 31extern int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm);
 32extern void __scm_destroy(struct scm_cookie *scm);
 33extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl);
 34
 35#ifdef CONFIG_SECURITY_NETWORK
 36static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
 37{
 38	security_socket_getpeersec_dgram(sock, NULL, &scm->secid);
 39}
 40#else
 41static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
 42{ }
 43#endif /* CONFIG_SECURITY_NETWORK */
 44
 45static __inline__ void scm_destroy(struct scm_cookie *scm)
 46{
 47	if (scm && scm->fp)
 48		__scm_destroy(scm);
 49}
 50
 51static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
 52			       struct scm_cookie *scm)
 53{
 54	struct task_struct *p = current;
 55	scm->creds.uid = current_uid();
 56	scm->creds.gid = current_gid();
 57	scm->creds.pid = task_tgid_vnr(p);
 58	scm->fp = NULL;
 59	unix_get_peersec_dgram(sock, scm);
 60	if (msg->msg_controllen <= 0)
 61		return 0;
 62	return __scm_send(sock, msg, scm);
 63}
 64
 65#ifdef CONFIG_SECURITY_NETWORK
 66static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
 67{
 68	char *secdata;
 69	u32 seclen;
 70	int err;
 71
 72	if (test_bit(SOCK_PASSSEC, &sock->flags)) {
 73		err = security_secid_to_secctx(scm->secid, &secdata, &seclen);
 74
 75		if (!err) {
 76			put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
 77			security_release_secctx(secdata, seclen);
 78		}
 79	}
 80}
 81#else
 82static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
 83{ }
 84#endif /* CONFIG_SECURITY_NETWORK */
 85
 86static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg,
 87				struct scm_cookie *scm, int flags)
 88{
 89	if (!msg->msg_control) {
 90		if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp)
 91			msg->msg_flags |= MSG_CTRUNC;
 92		scm_destroy(scm);
 93		return;
 94	}
 95
 96	if (test_bit(SOCK_PASSCRED, &sock->flags))
 97		put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(scm->creds), &scm->creds);
 98
 99	scm_passec(sock, msg, scm);
100
101	if (!scm->fp)
102		return;
103	
104	scm_detach_fds(msg, scm);
105}
106
107
108#endif /* __LINUX_NET_SCM_H */
109
Configure Feed

Configure Feed
