1 /* SPDX-License-Identifier: GPL-2.0 */ 2 #ifndef __LINUX_NET_SCM_H 3 #define __LINUX_NET_SCM_H 4 5 #include <linux/limits.h> 6 #include <linux/net.h> 7 #include <linux/cred.h> 8 #include <linux/file.h> 9 #include <linux/security.h> 10 #include <linux/pid.h> 11 #include <linux/nsproxy.h> 12 #include <linux/sched/signal.h> 13 #include <net/compat.h> 14 15 /* Well, we should have at least one descriptor open 16 * to accept passed FDs 8) 17 */ 18 #define SCM_MAX_FD 253 19 20 struct scm_creds { 21 u32 pid; 22 kuid_t uid; 23 kgid_t gid; 24 }; 25 26 #ifdef CONFIG_UNIX 27 struct unix_edge; 28 #endif 29 30 struct scm_fp_list { 31 short count; 32 short count_unix; 33 short max; 34 #ifdef CONFIG_UNIX 35 bool inflight; 36 struct list_head vertices; 37 struct unix_edge *edges; 38 #endif 39 struct user_struct *user; 40 struct file *fp[SCM_MAX_FD]; 41 }; 42 43 struct scm_cookie { 44 struct pid *pid; /* Skb credentials */ 45 struct scm_fp_list *fp; /* Passed files */ 46 struct scm_creds creds; /* Skb credentials */ 47 #ifdef CONFIG_SECURITY_NETWORK 48 u32 secid; /* Passed security ID */ 49 #endif 50 }; 51 52 void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm); 53 void scm_detach_fds_compat(struct msghdr *msg, struct scm_cookie *scm); 54 int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm); 55 void __scm_destroy(struct scm_cookie *scm); 56 struct scm_fp_list *scm_fp_dup(struct scm_fp_list *fpl); 57 58 #ifdef CONFIG_SECURITY_NETWORK 59 static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm) 60 { 61 security_socket_getpeersec_dgram(sock, NULL, &scm->secid); 62 } 63 #else 64 static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm) 65 { } 66 #endif /* CONFIG_SECURITY_NETWORK */ 67 68 static __inline__ void scm_set_cred(struct scm_cookie *scm, 69 struct pid *pid, kuid_t uid, kgid_t gid) 70 { 71 scm->pid = get_pid(pid); 72 scm->creds.pid = pid_vnr(pid); 73 scm->creds.uid = uid; 74 scm->creds.gid = gid; 75 } 76 77 static __inline__ void scm_destroy_cred(struct scm_cookie *scm) 78 { 79 put_pid(scm->pid); 80 scm->pid = NULL; 81 } 82 83 static __inline__ void scm_destroy(struct scm_cookie *scm) 84 { 85 scm_destroy_cred(scm); 86 if (scm->fp) 87 __scm_destroy(scm); 88 } 89 90 static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, 91 struct scm_cookie *scm, bool forcecreds) 92 { 93 memset(scm, 0, sizeof(*scm)); 94 scm->creds.uid = INVALID_UID; 95 scm->creds.gid = INVALID_GID; 96 if (forcecreds) 97 scm_set_cred(scm, task_tgid(current), current_uid(), current_gid()); 98 unix_get_peersec_dgram(sock, scm); 99 if (msg->msg_controllen <= 0) 100 return 0; 101 return __scm_send(sock, msg, scm); 102 } 103 104 #ifdef CONFIG_SECURITY_NETWORK 105 static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) 106 { 107 char *secdata; 108 u32 seclen; 109 int err; 110 111 if (test_bit(SOCK_PASSSEC, &sock->flags)) { 112 err = security_secid_to_secctx(scm->secid, &secdata, &seclen); 113 114 if (!err) { 115 put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); 116 security_release_secctx(secdata, seclen); 117 } 118 } 119 } 120 121 static inline bool scm_has_secdata(struct socket *sock) 122 { 123 return test_bit(SOCK_PASSSEC, &sock->flags); 124 } 125 #else 126 static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) 127 { } 128 129 static inline bool scm_has_secdata(struct socket *sock) 130 { 131 return false; 132 } 133 #endif /* CONFIG_SECURITY_NETWORK */ 134 135 static __inline__ void scm_pidfd_recv(struct msghdr *msg, struct scm_cookie *scm) 136 { 137 struct file *pidfd_file = NULL; 138 int len, pidfd; 139 140 /* put_cmsg() doesn't return an error if CMSG is truncated, 141 * that's why we need to opencode these checks here. 142 */ 143 if (msg->msg_flags & MSG_CMSG_COMPAT) 144 len = sizeof(struct compat_cmsghdr) + sizeof(int); 145 else 146 len = sizeof(struct cmsghdr) + sizeof(int); 147 148 if (msg->msg_controllen < len) { 149 msg->msg_flags |= MSG_CTRUNC; 150 return; 151 } 152 153 if (!scm->pid) 154 return; 155 156 pidfd = pidfd_prepare(scm->pid, 0, &pidfd_file); 157 158 if (put_cmsg(msg, SOL_SOCKET, SCM_PIDFD, sizeof(int), &pidfd)) { 159 if (pidfd_file) { 160 put_unused_fd(pidfd); 161 fput(pidfd_file); 162 } 163 164 return; 165 } 166 167 if (pidfd_file) 168 fd_install(pidfd, pidfd_file); 169 } 170 171 static inline bool __scm_recv_common(struct socket *sock, struct msghdr *msg, 172 struct scm_cookie *scm, int flags) 173 { 174 if (!msg->msg_control) { 175 if (test_bit(SOCK_PASSCRED, &sock->flags) || 176 test_bit(SOCK_PASSPIDFD, &sock->flags) || 177 scm->fp || scm_has_secdata(sock)) 178 msg->msg_flags |= MSG_CTRUNC; 179 scm_destroy(scm); 180 return false; 181 } 182 183 if (test_bit(SOCK_PASSCRED, &sock->flags)) { 184 struct user_namespace *current_ns = current_user_ns(); 185 struct ucred ucreds = { 186 .pid = scm->creds.pid, 187 .uid = from_kuid_munged(current_ns, scm->creds.uid), 188 .gid = from_kgid_munged(current_ns, scm->creds.gid), 189 }; 190 put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(ucreds), &ucreds); 191 } 192 193 scm_passec(sock, msg, scm); 194 195 if (scm->fp) 196 scm_detach_fds(msg, scm); 197 198 return true; 199 } 200 201 static inline void scm_recv(struct socket *sock, struct msghdr *msg, 202 struct scm_cookie *scm, int flags) 203 { 204 if (!__scm_recv_common(sock, msg, scm, flags)) 205 return; 206 207 scm_destroy_cred(scm); 208 } 209 210 static inline void scm_recv_unix(struct socket *sock, struct msghdr *msg, 211 struct scm_cookie *scm, int flags) 212 { 213 if (!__scm_recv_common(sock, msg, scm, flags)) 214 return; 215 216 if (test_bit(SOCK_PASSPIDFD, &sock->flags)) 217 scm_pidfd_recv(msg, scm); 218 219 scm_destroy_cred(scm); 220 } 221 222 static inline int scm_recv_one_fd(struct file *f, int __user *ufd, 223 unsigned int flags) 224 { 225 if (!ufd) 226 return -EFAULT; 227 return receive_fd(f, ufd, flags); 228 } 229 230 #endif /* __LINUX_NET_SCM_H */ 231 232