[linux.git] / include / net / scm.h

/* SPDX-License-Identifier: GPL-2.0 */
#ifndef __LINUX_NET_SCM_H
#define __LINUX_NET_SCM_H

#include <linux/limits.h>
#include <linux/net.h>
#include <linux/cred.h>
#include <linux/file.h>
#include <linux/security.h>
#include <linux/pid.h>
#include <linux/nsproxy.h>
#include <linux/sched/signal.h>
#include <net/compat.h>

/* Well, we should have at least one descriptor open
 * to accept passed FDs 8)
 */
#define SCM_MAX_FD	253

struct scm_creds {
	u32	pid;
	kuid_t	uid;
	kgid_t	gid;
};

#ifdef CONFIG_UNIX
struct unix_edge;
#endif

struct scm_fp_list {
	short			count;
	short			count_unix;
	short			max;
#ifdef CONFIG_UNIX
	bool			inflight;
	bool			dead;
	struct list_head	vertices;
	struct unix_edge	*edges;
#endif
	struct user_struct	*user;
	struct file		*fp[SCM_MAX_FD];
};

struct scm_cookie {
	struct pid		*pid;		/* Skb credentials */
	struct scm_fp_list	*fp;		/* Passed files		*/
	struct scm_creds	creds;		/* Skb credentials	*/
#ifdef CONFIG_SECURITY_NETWORK
	u32			secid;		/* Passed security ID 	*/
#endif
};

void scm_detach_fds(struct msghdr *msg, struct scm_cookie *scm);
void scm_detach_fds_compat(struct msghdr *msg, struct scm_cookie *scm);
int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm);
void __scm_destroy(struct scm_cookie *scm);
struct scm_fp_list *scm_fp_dup(struct scm_fp_list *fpl);

#ifdef CONFIG_SECURITY_NETWORK
static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
{
	security_socket_getpeersec_dgram(sock, NULL, &scm->secid);
}
#else
static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
{ }
#endif /* CONFIG_SECURITY_NETWORK */

static __inline__ void scm_set_cred(struct scm_cookie *scm,
				    struct pid *pid, kuid_t uid, kgid_t gid)
{
	scm->pid  = get_pid(pid);
	scm->creds.pid = pid_vnr(pid);
	scm->creds.uid = uid;
	scm->creds.gid = gid;
}

static __inline__ void scm_destroy_cred(struct scm_cookie *scm)
{
	put_pid(scm->pid);
	scm->pid  = NULL;
}

static __inline__ void scm_destroy(struct scm_cookie *scm)
{
	scm_destroy_cred(scm);
	if (scm->fp)
		__scm_destroy(scm);
}

static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
			       struct scm_cookie *scm, bool forcecreds)
{
	memset(scm, 0, sizeof(*scm));
	scm->creds.uid = INVALID_UID;
	scm->creds.gid = INVALID_GID;
	if (forcecreds)
		scm_set_cred(scm, task_tgid(current), current_uid(), current_gid());
	unix_get_peersec_dgram(sock, scm);
	if (msg->msg_controllen <= 0)
		return 0;
	return __scm_send(sock, msg, scm);
}

#ifdef CONFIG_SECURITY_NETWORK
static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
{
	struct lsm_context ctx;
	int err;

	if (test_bit(SOCK_PASSSEC, &sock->flags)) {
		err = security_secid_to_secctx(scm->secid, &ctx);

		if (err >= 0) {
			put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, ctx.len,
				 ctx.context);
			security_release_secctx(&ctx);
		}
	}
}

static inline bool scm_has_secdata(struct socket *sock)
{
	return test_bit(SOCK_PASSSEC, &sock->flags);
}
#else
static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
{ }

static inline bool scm_has_secdata(struct socket *sock)
{
	return false;
}
#endif /* CONFIG_SECURITY_NETWORK */

static __inline__ void scm_pidfd_recv(struct msghdr *msg, struct scm_cookie *scm)
{
	struct file *pidfd_file = NULL;
	int len, pidfd;

	/* put_cmsg() doesn't return an error if CMSG is truncated,
	 * that's why we need to opencode these checks here.
	 */
	if (msg->msg_flags & MSG_CMSG_COMPAT)
		len = sizeof(struct compat_cmsghdr) + sizeof(int);
	else
		len = sizeof(struct cmsghdr) + sizeof(int);

	if (msg->msg_controllen < len) {
		msg->msg_flags |= MSG_CTRUNC;
		return;
	}

	if (!scm->pid)
		return;

	pidfd = pidfd_prepare(scm->pid, 0, &pidfd_file);

	if (put_cmsg(msg, SOL_SOCKET, SCM_PIDFD, sizeof(int), &pidfd)) {
		if (pidfd_file) {
			put_unused_fd(pidfd);
			fput(pidfd_file);
		}

		return;
	}

	if (pidfd_file)
		fd_install(pidfd, pidfd_file);
}

static inline bool __scm_recv_common(struct socket *sock, struct msghdr *msg,
				     struct scm_cookie *scm, int flags)
{
	if (!msg->msg_control) {
		if (test_bit(SOCK_PASSCRED, &sock->flags) ||
		    test_bit(SOCK_PASSPIDFD, &sock->flags) ||
		    scm->fp || scm_has_secdata(sock))
			msg->msg_flags |= MSG_CTRUNC;
		scm_destroy(scm);
		return false;
	}

	if (test_bit(SOCK_PASSCRED, &sock->flags)) {
		struct user_namespace *current_ns = current_user_ns();
		struct ucred ucreds = {
			.pid = scm->creds.pid,
			.uid = from_kuid_munged(current_ns, scm->creds.uid),
			.gid = from_kgid_munged(current_ns, scm->creds.gid),
		};
		put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(ucreds), &ucreds);
	}

	scm_passec(sock, msg, scm);

	if (scm->fp)
		scm_detach_fds(msg, scm);

	return true;
}

static inline void scm_recv(struct socket *sock, struct msghdr *msg,
			    struct scm_cookie *scm, int flags)
{
	if (!__scm_recv_common(sock, msg, scm, flags))
		return;

	scm_destroy_cred(scm);
}

static inline void scm_recv_unix(struct socket *sock, struct msghdr *msg,
				 struct scm_cookie *scm, int flags)
{
	if (!__scm_recv_common(sock, msg, scm, flags))
		return;

	if (test_bit(SOCK_PASSPIDFD, &sock->flags))
		scm_pidfd_recv(msg, scm);

	scm_destroy_cred(scm);
}

static inline int scm_recv_one_fd(struct file *f, int __user *ufd,
				  unsigned int flags)
{
	if (!ufd)
		return -EFAULT;
	return receive_fd(f, ufd, flags);
}

#endif /* __LINUX_NET_SCM_H */
Commit	Line	Data
b2441318	1	/* SPDX-License-Identifier: GPL-2.0 */
1da177e4 LT	2	#ifndef __LINUX_NET_SCM_H
	3	#define __LINUX_NET_SCM_H
	4
	5	#include <linux/limits.h>
	6	#include <linux/net.h>
5b825c3a	7	#include <linux/cred.h>
eac9189c	8	#include <linux/file.h>
dc49c1f9	9	#include <linux/security.h>
b488893a PE	10	#include <linux/pid.h>
b488893a PE	11	#include <linux/nsproxy.h>
7a36094d	12	#include <linux/sched/signal.h>
718e6b51	13	#include <net/compat.h>
1da177e4 LT	14
	15	/* Well, we should have at least one descriptor open
	16	* to accept passed FDs 8)
	17	*/
bba14de9	18	#define SCM_MAX_FD 253
1da177e4	19
dbe9a417 EB	20	struct scm_creds {
	21	u32 pid;
	22	kuid_t uid;
	23	kgid_t gid;
	24	};
	25
29b64e35 KI	26	#ifdef CONFIG_UNIX
	27	struct unix_edge;
	28	#endif
	29
fd2c3ef7	30	struct scm_fp_list {
bba14de9	31	short count;
d9f21b36	32	short count_unix;
bba14de9	33	short max;
1fbfdfaa	34	#ifdef CONFIG_UNIX
42f298c0	35	bool inflight;
7172dc93	36	bool dead;
1fbfdfaa	37	struct list_head vertices;
29b64e35	38	struct unix_edge *edges;
1fbfdfaa	39	#endif
415e3d3e	40	struct user_struct *user;
f8d570a4	41	struct file *fp[SCM_MAX_FD];
1da177e4 LT	42	};
1da177e4 LT	43
fd2c3ef7	44	struct scm_cookie {
257b5358	45	struct pid pid; / Skb credentials */
1da177e4	46	struct scm_fp_list fp; / Passed files */
dbe9a417	47	struct scm_creds creds; /* Skb credentials */
877ce7c1	48	#ifdef CONFIG_SECURITY_NETWORK
dc49c1f9	49	u32 secid; /* Passed security ID */
877ce7c1	50	#endif
1da177e4 LT	51	};
1da177e4 LT	52
8153ff5c JP	53	void scm_detach_fds(struct msghdr msg, struct scm_cookie scm);
	54	void scm_detach_fds_compat(struct msghdr msg, struct scm_cookie scm);
	55	int __scm_send(struct socket sock, struct msghdr msg, struct scm_cookie *scm);
	56	void __scm_destroy(struct scm_cookie *scm);
	57	struct scm_fp_list scm_fp_dup(struct scm_fp_list fpl);
1da177e4	58
dc49c1f9 CZ	59	#ifdef CONFIG_SECURITY_NETWORK
	60	static __inline__ void unix_get_peersec_dgram(struct socket sock, struct scm_cookie scm)
	61	{
	62	security_socket_getpeersec_dgram(sock, NULL, &scm->secid);
	63	}
	64	#else
	65	static __inline__ void unix_get_peersec_dgram(struct socket sock, struct scm_cookie scm)
	66	{ }
	67	#endif /* CONFIG_SECURITY_NETWORK */
	68
257b5358	69	static __inline__ void scm_set_cred(struct scm_cookie *scm,
6b0ee8c0	70	struct pid *pid, kuid_t uid, kgid_t gid)
257b5358 EB	71	{
257b5358 EB	72	scm->pid = get_pid(pid);
dbe9a417	73	scm->creds.pid = pid_vnr(pid);
6b0ee8c0 EB	74	scm->creds.uid = uid;
6b0ee8c0 EB	75	scm->creds.gid = gid;
257b5358 EB	76	}
	77
	78	static __inline__ void scm_destroy_cred(struct scm_cookie *scm)
	79	{
	80	put_pid(scm->pid);
	81	scm->pid = NULL;
257b5358 EB	82	}
257b5358 EB	83
1da177e4 LT	84	static __inline__ void scm_destroy(struct scm_cookie *scm)
1da177e4 LT	85	{
257b5358	86	scm_destroy_cred(scm);
2a6c8c79	87	if (scm->fp)
1da177e4 LT	88	__scm_destroy(scm);
	89	}
	90
	91	static __inline__ int scm_send(struct socket sock, struct msghdr msg,
e0e3cea4	92	struct scm_cookie *scm, bool forcecreds)
1da177e4	93	{
16e57262	94	memset(scm, 0, sizeof(*scm));
6b0ee8c0 EB	95	scm->creds.uid = INVALID_UID;
6b0ee8c0 EB	96	scm->creds.gid = INVALID_GID;
e0e3cea4	97	if (forcecreds)
6e0895c2	98	scm_set_cred(scm, task_tgid(current), current_uid(), current_gid());
dc49c1f9	99	unix_get_peersec_dgram(sock, scm);
1da177e4 LT	100	if (msg->msg_controllen <= 0)
	101	return 0;
	102	return __scm_send(sock, msg, scm);
	103	}
	104
877ce7c1 CZ	105	#ifdef CONFIG_SECURITY_NETWORK
	106	static inline void scm_passec(struct socket sock, struct msghdr msg, struct scm_cookie *scm)
	107	{
6fba8981	108	struct lsm_context ctx;
dc49c1f9 CZ	109	int err;
	110
	111	if (test_bit(SOCK_PASSSEC, &sock->flags)) {
2d470c77	112	err = security_secid_to_secctx(scm->secid, &ctx);
dc49c1f9	113
2d470c77	114	if (err >= 0) {
6fba8981 CS	115	put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, ctx.len,
	116	ctx.context);
	117	security_release_secctx(&ctx);
dc49c1f9 CZ	118	}
dc49c1f9 CZ	119	}
877ce7c1	120	}
a02d83f9 AM	121
	122	static inline bool scm_has_secdata(struct socket *sock)
	123	{
	124	return test_bit(SOCK_PASSSEC, &sock->flags);
	125	}
877ce7c1 CZ	126	#else
	127	static inline void scm_passec(struct socket sock, struct msghdr msg, struct scm_cookie *scm)
	128	{ }
a02d83f9 AM	129
	130	static inline bool scm_has_secdata(struct socket *sock)
	131	{
	132	return false;
	133	}
877ce7c1 CZ	134	#endif /* CONFIG_SECURITY_NETWORK */
877ce7c1 CZ	135
5e2ff670 AM	136	static __inline__ void scm_pidfd_recv(struct msghdr msg, struct scm_cookie scm)
	137	{
	138	struct file *pidfd_file = NULL;
718e6b51	139	int len, pidfd;
5e2ff670	140
718e6b51	141	/* put_cmsg() doesn't return an error if CMSG is truncated,
5e2ff670 AM	142	* that's why we need to opencode these checks here.
5e2ff670 AM	143	*/
718e6b51 KI	144	if (msg->msg_flags & MSG_CMSG_COMPAT)
	145	len = sizeof(struct compat_cmsghdr) + sizeof(int);
	146	else
	147	len = sizeof(struct cmsghdr) + sizeof(int);
	148
	149	if (msg->msg_controllen < len) {
5e2ff670 AM	150	msg->msg_flags \|= MSG_CTRUNC;
	151	return;
	152	}
	153
603fc57a KI	154	if (!scm->pid)
	155	return;
	156
5e2ff670 AM	157	pidfd = pidfd_prepare(scm->pid, 0, &pidfd_file);
	158
	159	if (put_cmsg(msg, SOL_SOCKET, SCM_PIDFD, sizeof(int), &pidfd)) {
	160	if (pidfd_file) {
	161	put_unused_fd(pidfd);
	162	fput(pidfd_file);
	163	}
	164
	165	return;
	166	}
	167
	168	if (pidfd_file)
	169	fd_install(pidfd, pidfd_file);
	170	}
	171
a9c49cc2 AM	172	static inline bool __scm_recv_common(struct socket sock, struct msghdr msg,
a9c49cc2 AM	173	struct scm_cookie *scm, int flags)
1da177e4	174	{
fd2c3ef7	175	if (!msg->msg_control) {
5e2ff670 AM	176	if (test_bit(SOCK_PASSCRED, &sock->flags) \|\|
	177	test_bit(SOCK_PASSPIDFD, &sock->flags) \|\|
	178	scm->fp \|\| scm_has_secdata(sock))
1da177e4	179	msg->msg_flags \|= MSG_CTRUNC;
f78a5fda	180	scm_destroy(scm);
a9c49cc2	181	return false;
1da177e4 LT	182	}
1da177e4 LT	183
dbe9a417 EB	184	if (test_bit(SOCK_PASSCRED, &sock->flags)) {
	185	struct user_namespace *current_ns = current_user_ns();
	186	struct ucred ucreds = {
	187	.pid = scm->creds.pid,
	188	.uid = from_kuid_munged(current_ns, scm->creds.uid),
	189	.gid = from_kgid_munged(current_ns, scm->creds.gid),
	190	};
	191	put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(ucreds), &ucreds);
	192	}
1da177e4	193
a9c49cc2	194	scm_passec(sock, msg, scm);
5e2ff670	195
a9c49cc2 AM	196	if (scm->fp)
a9c49cc2 AM	197	scm_detach_fds(msg, scm);
f78a5fda	198
a9c49cc2 AM	199	return true;
a9c49cc2 AM	200	}
877ce7c1	201
a9c49cc2 AM	202	static inline void scm_recv(struct socket sock, struct msghdr msg,
	203	struct scm_cookie *scm, int flags)
	204	{
	205	if (!__scm_recv_common(sock, msg, scm, flags))
1da177e4	206	return;
a9c49cc2 AM	207
a9c49cc2 AM	208	scm_destroy_cred(scm);
1da177e4 LT	209	}
1da177e4 LT	210
a9c49cc2 AM	211	static inline void scm_recv_unix(struct socket sock, struct msghdr msg,
	212	struct scm_cookie *scm, int flags)
	213	{
	214	if (!__scm_recv_common(sock, msg, scm, flags))
	215	return;
	216
	217	if (test_bit(SOCK_PASSPIDFD, &sock->flags))
	218	scm_pidfd_recv(msg, scm);
	219
	220	scm_destroy_cred(scm);
	221	}
1da177e4	222
eac9189c CB	223	static inline int scm_recv_one_fd(struct file f, int __user ufd,
	224	unsigned int flags)
	225	{
	226	if (!ufd)
	227	return -EFAULT;
4e94ddfe	228	return receive_fd(f, ufd, flags);
eac9189c CB	229	}
eac9189c CB	230
1da177e4 LT	231	#endif /* __LINUX_NET_SCM_H */
1da177e4 LT	232