diff options
Diffstat (limited to 'include/net/scm.h')
-rw-r--r-- | include/net/scm.h | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/include/net/scm.h b/include/net/scm.h index 02daa097cdcd..5637d5e22d5f 100644 --- a/include/net/scm.h +++ b/include/net/scm.h | |||
@@ -3,6 +3,7 @@ | |||
3 | 3 | ||
4 | #include <linux/limits.h> | 4 | #include <linux/limits.h> |
5 | #include <linux/net.h> | 5 | #include <linux/net.h> |
6 | #include <linux/security.h> | ||
6 | 7 | ||
7 | /* Well, we should have at least one descriptor open | 8 | /* Well, we should have at least one descriptor open |
8 | * to accept passed FDs 8) | 9 | * to accept passed FDs 8) |
@@ -20,8 +21,7 @@ struct scm_cookie | |||
20 | struct ucred creds; /* Skb credentials */ | 21 | struct ucred creds; /* Skb credentials */ |
21 | struct scm_fp_list *fp; /* Passed files */ | 22 | struct scm_fp_list *fp; /* Passed files */ |
22 | #ifdef CONFIG_SECURITY_NETWORK | 23 | #ifdef CONFIG_SECURITY_NETWORK |
23 | char *secdata; /* Security context */ | 24 | u32 secid; /* Passed security ID */ |
24 | u32 seclen; /* Security length */ | ||
25 | #endif | 25 | #endif |
26 | unsigned long seq; /* Connection seqno */ | 26 | unsigned long seq; /* Connection seqno */ |
27 | }; | 27 | }; |
@@ -32,6 +32,16 @@ extern int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie | |||
32 | extern void __scm_destroy(struct scm_cookie *scm); | 32 | extern void __scm_destroy(struct scm_cookie *scm); |
33 | extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl); | 33 | extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl); |
34 | 34 | ||
35 | #ifdef CONFIG_SECURITY_NETWORK | ||
36 | static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm) | ||
37 | { | ||
38 | security_socket_getpeersec_dgram(sock, NULL, &scm->secid); | ||
39 | } | ||
40 | #else | ||
41 | static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm) | ||
42 | { } | ||
43 | #endif /* CONFIG_SECURITY_NETWORK */ | ||
44 | |||
35 | static __inline__ void scm_destroy(struct scm_cookie *scm) | 45 | static __inline__ void scm_destroy(struct scm_cookie *scm) |
36 | { | 46 | { |
37 | if (scm && scm->fp) | 47 | if (scm && scm->fp) |
@@ -47,6 +57,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, | |||
47 | scm->creds.pid = p->tgid; | 57 | scm->creds.pid = p->tgid; |
48 | scm->fp = NULL; | 58 | scm->fp = NULL; |
49 | scm->seq = 0; | 59 | scm->seq = 0; |
60 | unix_get_peersec_dgram(sock, scm); | ||
50 | if (msg->msg_controllen <= 0) | 61 | if (msg->msg_controllen <= 0) |
51 | return 0; | 62 | return 0; |
52 | return __scm_send(sock, msg, scm); | 63 | return __scm_send(sock, msg, scm); |
@@ -55,8 +66,18 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, | |||
55 | #ifdef CONFIG_SECURITY_NETWORK | 66 | #ifdef CONFIG_SECURITY_NETWORK |
56 | static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) | 67 | static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) |
57 | { | 68 | { |
58 | if (test_bit(SOCK_PASSSEC, &sock->flags) && scm->secdata != NULL) | 69 | char *secdata; |
59 | put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, scm->seclen, scm->secdata); | 70 | u32 seclen; |
71 | int err; | ||
72 | |||
73 | if (test_bit(SOCK_PASSSEC, &sock->flags)) { | ||
74 | err = security_secid_to_secctx(scm->secid, &secdata, &seclen); | ||
75 | |||
76 | if (!err) { | ||
77 | put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); | ||
78 | security_release_secctx(secdata, seclen); | ||
79 | } | ||
80 | } | ||
60 | } | 81 | } |
61 | #else | 82 | #else |
62 | static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) | 83 | static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) |