diff options
Diffstat (limited to 'include/net/scm.h')
| -rw-r--r-- | include/net/scm.h | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/include/net/scm.h b/include/net/scm.h index 02daa097cdcd..5637d5e22d5f 100644 --- a/include/net/scm.h +++ b/include/net/scm.h | |||
| @@ -3,6 +3,7 @@ | |||
| 3 | 3 | ||
| 4 | #include <linux/limits.h> | 4 | #include <linux/limits.h> |
| 5 | #include <linux/net.h> | 5 | #include <linux/net.h> |
| 6 | #include <linux/security.h> | ||
| 6 | 7 | ||
| 7 | /* Well, we should have at least one descriptor open | 8 | /* Well, we should have at least one descriptor open |
| 8 | * to accept passed FDs 8) | 9 | * to accept passed FDs 8) |
| @@ -20,8 +21,7 @@ struct scm_cookie | |||
| 20 | struct ucred creds; /* Skb credentials */ | 21 | struct ucred creds; /* Skb credentials */ |
| 21 | struct scm_fp_list *fp; /* Passed files */ | 22 | struct scm_fp_list *fp; /* Passed files */ |
| 22 | #ifdef CONFIG_SECURITY_NETWORK | 23 | #ifdef CONFIG_SECURITY_NETWORK |
| 23 | char *secdata; /* Security context */ | 24 | u32 secid; /* Passed security ID */ |
| 24 | u32 seclen; /* Security length */ | ||
| 25 | #endif | 25 | #endif |
| 26 | unsigned long seq; /* Connection seqno */ | 26 | unsigned long seq; /* Connection seqno */ |
| 27 | }; | 27 | }; |
| @@ -32,6 +32,16 @@ extern int __scm_send(struct socket *sock, struct msghdr *msg, struct scm_cookie | |||
| 32 | extern void __scm_destroy(struct scm_cookie *scm); | 32 | extern void __scm_destroy(struct scm_cookie *scm); |
| 33 | extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl); | 33 | extern struct scm_fp_list * scm_fp_dup(struct scm_fp_list *fpl); |
| 34 | 34 | ||
| 35 | #ifdef CONFIG_SECURITY_NETWORK | ||
| 36 | static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm) | ||
| 37 | { | ||
| 38 | security_socket_getpeersec_dgram(sock, NULL, &scm->secid); | ||
| 39 | } | ||
| 40 | #else | ||
| 41 | static __inline__ void unix_get_peersec_dgram(struct socket *sock, struct scm_cookie *scm) | ||
| 42 | { } | ||
| 43 | #endif /* CONFIG_SECURITY_NETWORK */ | ||
| 44 | |||
| 35 | static __inline__ void scm_destroy(struct scm_cookie *scm) | 45 | static __inline__ void scm_destroy(struct scm_cookie *scm) |
| 36 | { | 46 | { |
| 37 | if (scm && scm->fp) | 47 | if (scm && scm->fp) |
| @@ -47,6 +57,7 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, | |||
| 47 | scm->creds.pid = p->tgid; | 57 | scm->creds.pid = p->tgid; |
| 48 | scm->fp = NULL; | 58 | scm->fp = NULL; |
| 49 | scm->seq = 0; | 59 | scm->seq = 0; |
| 60 | unix_get_peersec_dgram(sock, scm); | ||
| 50 | if (msg->msg_controllen <= 0) | 61 | if (msg->msg_controllen <= 0) |
| 51 | return 0; | 62 | return 0; |
| 52 | return __scm_send(sock, msg, scm); | 63 | return __scm_send(sock, msg, scm); |
| @@ -55,8 +66,18 @@ static __inline__ int scm_send(struct socket *sock, struct msghdr *msg, | |||
| 55 | #ifdef CONFIG_SECURITY_NETWORK | 66 | #ifdef CONFIG_SECURITY_NETWORK |
| 56 | static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) | 67 | static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) |
| 57 | { | 68 | { |
| 58 | if (test_bit(SOCK_PASSSEC, &sock->flags) && scm->secdata != NULL) | 69 | char *secdata; |
| 59 | put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, scm->seclen, scm->secdata); | 70 | u32 seclen; |
| 71 | int err; | ||
| 72 | |||
| 73 | if (test_bit(SOCK_PASSSEC, &sock->flags)) { | ||
| 74 | err = security_secid_to_secctx(scm->secid, &secdata, &seclen); | ||
| 75 | |||
| 76 | if (!err) { | ||
| 77 | put_cmsg(msg, SOL_SOCKET, SCM_SECURITY, seclen, secdata); | ||
| 78 | security_release_secctx(secdata, seclen); | ||
| 79 | } | ||
| 80 | } | ||
| 60 | } | 81 | } |
| 61 | #else | 82 | #else |
| 62 | static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) | 83 | static inline void scm_passec(struct socket *sock, struct msghdr *msg, struct scm_cookie *scm) |