1 files changed, 38 insertions, 0 deletions
diff --git a/include/net/scm.h b/include/net/scm.h
index 540619cb716..5637d5e22d5 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -3,6 +3,7 @@
 #include <linux/limits.h>
 #include <linux/net.h>
+#include <linux/security.h>
 /* Well, we should have at least one descriptor open
 * to accept passed FDs 8)
@@ -19,6 +20,9 @@ struct scm_cookie
 {
        struct ucred            creds;          /* Skb credentials      */
        struct scm_fp_list      *fp;            /* Passed files         */
+#ifdef CONFIG_SECURITY_NETWORK
+        u32                     secid;          /* Passed security ID   */
+#endif
        unsigned long           seq;            /* Connection seqno     */
 };
@@ -28,6 +32,16 @@ extern int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie
 extern void __scm_destroy(struct scm_cookie *scm);
 extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl);
+#ifdef CONFIG_SECURITY_NETWORK
+static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
+{
+        security_socket_getpeersec_dgram(sock, NULL, &scm->secid);
+}
+#else
+static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm)
+{ }
+#endif /* CONFIG_SECURITY_NETWORK */
 static __inline__ void scm_destroy(struct scm_cookie *scm)
 {
        if (scm && scm->fp)
@@ -43,11 +57,33 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg,
        scm->creds.pid = p->tgid;
        scm->fp = NULL;
        scm->seq = 0;
+        unix_get_peersec_dgram(sock, scm);
        if (msg->msg_controllen <= 0)
                return 0;
        return __scm_send(sock, msg, scm);
 }
+#ifdef CONFIG_SECURITY_NETWORK
+static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
+{
+        char *secdata;
+        u32 seclen;
+        int err;
+        if (test_bit(SOCK_PASSSEC, &sock->flags)) {
+                err = security_secid_to_secctx(scm->secid, &secdata, &seclen);
+                if (!err) {
+                        put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
+                        security_release_secctx(secdata, seclen);
+                }
+        }
+}
+#else
+static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm)
+{ }
+#endif /* CONFIG_SECURITY_NETWORK */
 static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg,
                                struct scm_cookie *scm, int flags)
 {
@@ -62,6 +98,8 @@ static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg,
        if (test_bit(SOCK_PASSCRED, &sock->flags))
                put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(scm->creds), &scm->creds);
+        scm_passec(sock, msg, scm);
        if (!scm->fp)
                return;

diff --git a/include/net/scm.h b/include/net/scm.h index 540619cb716..5637d5e22d5 100644 --- a/include/net/scm.h +++ b/include/net/scm.h
@@ -3,6 +3,7 @@
3		3
4	#include <linux/limits.h>	4	#include <linux/limits.h>
5	#include <linux/net.h>	5	#include <linux/net.h>
		6	#include <linux/security.h>
6		7
7	/* Well, we should have at least one descriptor open	8	/* Well, we should have at least one descriptor open
8	* to accept passed FDs 8)	9	* to accept passed FDs 8)
@@ -19,6 +20,9 @@ struct scm_cookie
19	{	20	{
20	struct ucred creds; /* Skb credentials */	21	struct ucred creds; /* Skb credentials */
21	struct scm_fp_list fp; / Passed files */	22	struct scm_fp_list fp; / Passed files */
		23	#ifdef CONFIG_SECURITY_NETWORK
		24	u32 secid; /* Passed security ID */
		25	#endif
22	unsigned long seq; /* Connection seqno */	26	unsigned long seq; /* Connection seqno */
23	};	27	};
24		28
@@ -28,6 +32,16 @@ extern int __scm_send(struct socket sock, struct msghdr msg, struct scm_cookie
28	extern void __scm_destroy(struct scm_cookie *scm);	32	extern void __scm_destroy(struct scm_cookie *scm);
29	extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl);	33	extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl);
30		34
		35	#ifdef CONFIG_SECURITY_NETWORK
		36	static __inline__ void unix_get_peersec_dgram(struct socket sock, struct scm_cookie scm)
		37	{
		38	security_socket_getpeersec_dgram(sock, NULL, &scm->secid);
		39	}
		40	#else
		41	static __inline__ void unix_get_peersec_dgram(struct socket sock, struct scm_cookie scm)
		42	{ }
		43	#endif /* CONFIG_SECURITY_NETWORK */
		44
31	static __inline__ void scm_destroy(struct scm_cookie *scm)	45	static __inline__ void scm_destroy(struct scm_cookie *scm)
32	{	46	{
33	if (scm && scm->fp)	47	if (scm && scm->fp)
@@ -43,11 +57,33 @@ static __inline__ int scm_send(struct socket sock, struct msghdr msg,
43	scm->creds.pid = p->tgid;	57	scm->creds.pid = p->tgid;
44	scm->fp = NULL;	58	scm->fp = NULL;
45	scm->seq = 0;	59	scm->seq = 0;
		60	unix_get_peersec_dgram(sock, scm);
46	if (msg->msg_controllen <= 0)	61	if (msg->msg_controllen <= 0)
47	return 0;	62	return 0;
48	return __scm_send(sock, msg, scm);	63	return __scm_send(sock, msg, scm);
49	}	64	}
50		65
		66	#ifdef CONFIG_SECURITY_NETWORK
		67	static inline void scm_passec(struct socket sock, struct msghdr msg, struct scm_cookie *scm)
		68	{
		69	char *secdata;
		70	u32 seclen;
		71	int err;
		72
		73	if (test_bit(SOCK_PASSSEC, &sock->flags)) {
		74	err = security_secid_to_secctx(scm->secid, &secdata, &seclen);
		75
		76	if (!err) {
		77	put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata);
		78	security_release_secctx(secdata, seclen);
		79	}
		80	}
		81	}
		82	#else
		83	static inline void scm_passec(struct socket sock, struct msghdr msg, struct scm_cookie *scm)
		84	{ }
		85	#endif /* CONFIG_SECURITY_NETWORK */
		86
51	static __inline__ void scm_recv(struct socket sock, struct msghdr msg,	87	static __inline__ void scm_recv(struct socket sock, struct msghdr msg,
52	struct scm_cookie *scm, int flags)	88	struct scm_cookie *scm, int flags)
53	{	89	{
@@ -62,6 +98,8 @@ static __inline__ void scm_recv(struct socket sock, struct msghdr msg,
62	if (test_bit(SOCK_PASSCRED, &sock->flags))	98	if (test_bit(SOCK_PASSCRED, &sock->flags))
63	put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(scm->creds), &scm->creds);	99	put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(scm->creds), &scm->creds);
64		100
		101	scm_passec(sock, msg, scm);
		102
65	if (!scm->fp)	103	if (!scm->fp)
66	return;	104	return;
67		105