diff options
| author | Timothy Pearson <tpearson@raptorengineering.com> | 2017-08-23 14:45:25 -0500 |
|---|---|---|
| committer | Timothy Pearson <tpearson@raptorengineering.com> | 2017-08-23 14:45:25 -0500 |
| commit | fcbb27b0ec6dcbc5a5108cb8fb19eae64593d204 (patch) | |
| tree | 22962a4387943edc841c72a4e636a068c66d58fd /include/net/scm.h | |
| download | ast2050-linux-kernel-fcbb27b0ec6dcbc5a5108cb8fb19eae64593d204.zip ast2050-linux-kernel-fcbb27b0ec6dcbc5a5108cb8fb19eae64593d204.tar.gz | |
Initial import of modified Linux 2.6.28 tree
Original upstream URL:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git | branch linux-2.6.28.y
Diffstat (limited to 'include/net/scm.h')
| -rw-r--r-- | include/net/scm.h | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/include/net/scm.h b/include/net/scm.h new file mode 100644 index 0000000..33e9986 --- /dev/null +++ b/include/net/scm.h @@ -0,0 +1,114 @@ +#ifndef __LINUX_NET_SCM_H +#define __LINUX_NET_SCM_H + +#include <linux/limits.h> +#include <linux/net.h> +#include <linux/security.h> +#include <linux/pid.h> +#include <linux/nsproxy.h> + +/* Well, we should have at least one descriptor open + * to accept passed FDs 8) + */ +#define SCM_MAX_FD 255 + +struct scm_fp_list +{ + struct list_head list; + int count; + struct file *fp[SCM_MAX_FD]; +}; + +struct scm_cookie +{ + struct ucred creds; /* Skb credentials */ + struct scm_fp_list *fp; /* Passed files */ +#ifdef CONFIG_SECURITY_NETWORK + u32 secid; /* Passed security ID */ +#endif + unsigned long seq; /* Connection seqno */ +}; + +extern void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm); +extern void scm_detach_fds_compat(struct msghdr *msg, struct scm_cookie *scm); +extern int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm); +extern void __scm_destroy(struct scm_cookie *scm); +extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl); + +#ifdef CONFIG_SECURITY_NETWORK +static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm) +{ + security_socket_getpeersec_dgram(sock, NULL, &scm->secid); +} +#else +static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm) +{ } +#endif /* CONFIG_SECURITY_NETWORK */ + +static __inline__ void scm_destroy(struct scm_cookie *scm) +{ + if (scm && scm->fp) + __scm_destroy(scm); +} + +static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, + struct scm_cookie *scm) +{ + struct task_struct *p = current; + scm->creds.uid = p->uid; + scm->creds.gid = p->gid; + scm->creds.pid = task_tgid_vnr(p); + scm->fp = NULL; + scm->seq = 0; + unix_get_peersec_dgram(sock, scm); + if (msg->msg_controllen <= 0) + return 0; + return __scm_send(sock, msg, scm); +} + +#ifdef CONFIG_SECURITY_NETWORK +static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) +{ + char *secdata; + u32 seclen; + int err; + + if (test_bit(SOCK_PASSSEC, &sock->flags)) { + err = security_secid_to_secctx(scm->secid, &secdata, &seclen); + + if (!err) { + put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); + security_release_secctx(secdata, seclen); + } + } +} +#else +static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) +{ } +#endif /* CONFIG_SECURITY_NETWORK */ + +static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg, + struct scm_cookie *scm, int flags) +{ + if (!msg->msg_control) + { + if (test_bit(SOCK_PASSCRED, &sock->flags) || scm->fp) + msg->msg_flags |= MSG_CTRUNC; + scm_destroy(scm); + return; + } + + if (test_bit(SOCK_PASSCRED, &sock->flags)) + put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(scm->creds), &scm->creds); + + scm_passec(sock, msg, scm); + + if (!scm->fp) + return; + + scm_detach_fds(msg, scm); +} + + +#endif /* __LINUX_NET_SCM_H */ + |
