2 * Copyright (C) 2013-2015 Kay Sievers
3 * Copyright (C) 2013-2015 Greg Kroah-Hartman <gregkh@linuxfoundation.org>
4 * Copyright (C) 2013-2015 Daniel Mack <daniel@zonque.org>
5 * Copyright (C) 2013-2015 David Herrmann <dh.herrmann@gmail.com>
6 * Copyright (C) 2013-2015 Linux Foundation
7 * Copyright (C) 2014-2015 Djalal Harouni <tixxdz@opendz.org>
9 * kdbus is free software; you can redistribute it and/or modify it under
10 * the terms of the GNU Lesser General Public License as published by the
11 * Free Software Foundation; either version 2.1 of the License, or (at
12 * your option) any later version.
15 #include <linux/cred.h>
17 #include <linux/idr.h>
18 #include <linux/init.h>
19 #include <linux/module.h>
20 #include <linux/sched.h>
21 #include <linux/sizes.h>
22 #include <linux/slab.h>
23 #include <linux/uaccess.h>
24 #include <linux/uio.h>
27 #include "connection.h"
35 static void kdbus_ep_free(struct kdbus_node *node)
37 struct kdbus_ep *ep = container_of(node, struct kdbus_ep, node);
39 WARN_ON(!list_empty(&ep->conn_list));
41 kdbus_policy_db_clear(&ep->policy_db);
42 kdbus_bus_unref(ep->bus);
43 kdbus_user_unref(ep->user);
47 static void kdbus_ep_release(struct kdbus_node *node, bool was_active)
49 struct kdbus_ep *ep = container_of(node, struct kdbus_ep, node);
51 /* disconnect all connections to this endpoint */
53 struct kdbus_conn *conn;
55 mutex_lock(&ep->lock);
56 conn = list_first_entry_or_null(&ep->conn_list,
60 mutex_unlock(&ep->lock);
64 /* take reference, release lock, disconnect without lock */
66 mutex_unlock(&ep->lock);
68 kdbus_conn_disconnect(conn, false);
69 kdbus_conn_unref(conn);
74 * kdbus_ep_new() - create a new endpoint
75 * @bus: The bus this endpoint will be created for
76 * @name: The name of the endpoint
77 * @access: The access flags for this node (KDBUS_MAKE_ACCESS_*)
78 * @uid: The uid of the node
79 * @gid: The gid of the node
80 * @is_custom: Whether this is a custom endpoint
82 * This function will create a new endpoint with the given
83 * name and properties for a given bus.
85 * Return: a new kdbus_ep on success, ERR_PTR on failure.
87 struct kdbus_ep *kdbus_ep_new(struct kdbus_bus *bus, const char *name,
88 unsigned int access, kuid_t uid, kgid_t gid,
95 * Validate only custom endpoints names, default endpoints
96 * with a "bus" name are created when the bus is created
99 ret = kdbus_verify_uid_prefix(name, bus->domain->user_namespace,
105 e = kzalloc(sizeof(*e), GFP_KERNEL);
107 return ERR_PTR(-ENOMEM);
109 kdbus_node_init(&e->node, KDBUS_NODE_ENDPOINT);
111 e->node.free_cb = kdbus_ep_free;
112 e->node.release_cb = kdbus_ep_release;
115 e->node.mode = S_IRUSR | S_IWUSR;
116 if (access & (KDBUS_MAKE_ACCESS_GROUP | KDBUS_MAKE_ACCESS_WORLD))
117 e->node.mode |= S_IRGRP | S_IWGRP;
118 if (access & KDBUS_MAKE_ACCESS_WORLD)
119 e->node.mode |= S_IROTH | S_IWOTH;
121 mutex_init(&e->lock);
122 INIT_LIST_HEAD(&e->conn_list);
123 kdbus_policy_db_init(&e->policy_db);
124 e->bus = kdbus_bus_ref(bus);
126 ret = kdbus_node_link(&e->node, &bus->node, name);
131 * Transactions on custom endpoints are never accounted on the global
132 * user limits. Instead, for each custom endpoint, we create a custom,
133 * unique user, which all transactions are accounted on. Regardless of
134 * the user using that endpoint, it is always accounted on the same
135 * user-object. This budget is not shared with ordinary users on
136 * non-custom endpoints.
139 e->user = kdbus_user_lookup(bus->domain, INVALID_UID);
140 if (IS_ERR(e->user)) {
141 ret = PTR_ERR(e->user);
150 kdbus_node_deactivate(&e->node);
151 kdbus_node_unref(&e->node);
156 * kdbus_ep_ref() - increase the reference counter of a kdbus_ep
157 * @ep: The endpoint to reference
159 * Every user of an endpoint, except for its creator, must add a reference to
160 * the kdbus_ep instance using this function.
162 * Return: the ep itself
164 struct kdbus_ep *kdbus_ep_ref(struct kdbus_ep *ep)
167 kdbus_node_ref(&ep->node);
172 * kdbus_ep_unref() - decrease the reference counter of a kdbus_ep
173 * @ep: The ep to unref
175 * Release a reference. If the reference count drops to 0, the ep will be
180 struct kdbus_ep *kdbus_ep_unref(struct kdbus_ep *ep)
183 kdbus_node_unref(&ep->node);
188 * kdbus_ep_is_privileged() - check whether a file is privileged
189 * @ep: endpoint to operate on
190 * @file: file to test
192 * Return: True if @file is privileged in the domain of @ep.
194 bool kdbus_ep_is_privileged(struct kdbus_ep *ep, struct file *file)
197 file_ns_capable(file, ep->bus->domain->user_namespace,
202 * kdbus_ep_is_owner() - check whether a file should be treated as bus owner
203 * @ep: endpoint to operate on
204 * @file: file to test
206 * Return: True if @file should be treated as bus owner on @ep
208 bool kdbus_ep_is_owner(struct kdbus_ep *ep, struct file *file)
211 (uid_eq(file->f_cred->euid, ep->bus->node.uid) ||
212 kdbus_ep_is_privileged(ep, file));
216 * kdbus_cmd_ep_make() - handle KDBUS_CMD_ENDPOINT_MAKE
217 * @bus: bus to operate on
218 * @argp: command payload
220 * Return: NULL or newly created endpoint on success, ERR_PTR on failure.
222 struct kdbus_ep *kdbus_cmd_ep_make(struct kdbus_bus *bus, void __user *argp)
224 const char *item_make_name;
225 struct kdbus_ep *ep = NULL;
226 struct kdbus_cmd *cmd;
229 struct kdbus_arg argv[] = {
230 { .type = KDBUS_ITEM_NEGOTIATE },
231 { .type = KDBUS_ITEM_MAKE_NAME, .mandatory = true },
233 struct kdbus_args args = {
234 .allowed_flags = KDBUS_FLAG_NEGOTIATE |
235 KDBUS_MAKE_ACCESS_GROUP |
236 KDBUS_MAKE_ACCESS_WORLD,
238 .argc = ARRAY_SIZE(argv),
241 ret = kdbus_args_parse(&args, argp, &cmd);
247 item_make_name = argv[1].item->str;
249 ep = kdbus_ep_new(bus, item_make_name, cmd->flags,
250 current_euid(), current_egid(), true);
257 if (!kdbus_node_activate(&ep->node)) {
263 ret = kdbus_args_clear(&args, ret);
266 kdbus_node_deactivate(&ep->node);
275 * kdbus_cmd_ep_update() - handle KDBUS_CMD_ENDPOINT_UPDATE
276 * @ep: endpoint to operate on
277 * @argp: command payload
279 * Return: >=0 on success, negative error code on failure.
281 int kdbus_cmd_ep_update(struct kdbus_ep *ep, void __user *argp)
283 struct kdbus_cmd *cmd;
286 struct kdbus_arg argv[] = {
287 { .type = KDBUS_ITEM_NEGOTIATE },
288 { .type = KDBUS_ITEM_NAME, .multiple = true },
289 { .type = KDBUS_ITEM_POLICY_ACCESS, .multiple = true },
291 struct kdbus_args args = {
292 .allowed_flags = KDBUS_FLAG_NEGOTIATE,
294 .argc = ARRAY_SIZE(argv),
297 ret = kdbus_args_parse(&args, argp, &cmd);
301 ret = kdbus_policy_set(&ep->policy_db, args.items, args.items_size,
303 return kdbus_args_clear(&args, ret);