2 * Copyright (C) 2013-2015 Kay Sievers
3 * Copyright (C) 2013-2015 Greg Kroah-Hartman <gregkh@linuxfoundation.org>
4 * Copyright (C) 2013-2015 Daniel Mack <daniel@zonque.org>
5 * Copyright (C) 2013-2015 David Herrmann <dh.herrmann@gmail.com>
6 * Copyright (C) 2013-2015 Linux Foundation
7 * Copyright (C) 2014-2015 Djalal Harouni <tixxdz@opendz.org>
9 * kdbus is free software; you can redistribute it and/or modify it under
10 * the terms of the GNU Lesser General Public License as published by the
11 * Free Software Foundation; either version 2.1 of the License, or (at
12 * your option) any later version.
15 #include <linux/audit.h>
16 #include <linux/capability.h>
17 #include <linux/cgroup.h>
18 #include <linux/cred.h>
19 #include <linux/file.h>
20 #include <linux/fs_struct.h>
21 #include <linux/init.h>
22 #include <linux/kref.h>
23 #include <linux/mutex.h>
24 #include <linux/sched.h>
25 #include <linux/security.h>
26 #include <linux/sizes.h>
27 #include <linux/slab.h>
28 #include <linux/uaccess.h>
29 #include <linux/uidgid.h>
30 #include <linux/uio.h>
31 #include <linux/user_namespace.h>
34 #include "connection.h"
42 * struct kdbus_meta_proc - Process metadata
43 * @kref: Reference counting
45 * @collected: Bitmask of collected items
46 * @valid: Bitmask of collected and valid items
48 * @pid: PID of process
49 * @tgid: TGID of process
50 * @ppid: PPID of process
51 * @tid_comm: TID comm line
52 * @pid_comm: PID comm line
53 * @exe_path: Executable path
54 * @root_path: Root-FS path
55 * @cmdline: Command-line
56 * @cgroup: Full cgroup path
58 * @audit_loginuid: Audit login-UID
59 * @audit_sessionid: Audit session-ID
61 struct kdbus_meta_proc {
67 /* KDBUS_ITEM_CREDS */
68 /* KDBUS_ITEM_AUXGROUPS */
70 const struct cred *cred;
77 /* KDBUS_ITEM_TID_COMM */
78 char tid_comm[TASK_COMM_LEN];
79 /* KDBUS_ITEM_PID_COMM */
80 char pid_comm[TASK_COMM_LEN];
84 struct path root_path;
86 /* KDBUS_ITEM_CMDLINE */
89 /* KDBUS_ITEM_CGROUP */
92 /* KDBUS_ITEM_SECLABEL */
95 /* KDBUS_ITEM_AUDIT */
96 kuid_t audit_loginuid;
97 unsigned int audit_sessionid;
101 * struct kdbus_meta_conn
102 * @kref: Reference counting
104 * @collected: Bitmask of collected items
105 * @valid: Bitmask of collected and valid items
106 * @ts: Timestamp values
107 * @owned_names_items: Serialized items for owned names
108 * @owned_names_size: Size of @owned_names_items
109 * @conn_description: Connection description
111 struct kdbus_meta_conn {
117 /* KDBUS_ITEM_TIMESTAMP */
118 struct kdbus_timestamp ts;
120 /* KDBUS_ITEM_OWNED_NAME */
121 struct kdbus_item *owned_names_items;
122 size_t owned_names_size;
124 /* KDBUS_ITEM_CONN_DESCRIPTION */
125 char *conn_description;
128 /* fixed size equivalent of "kdbus_caps" */
129 struct kdbus_meta_caps {
132 u32 caps[_KERNEL_CAPABILITY_U32S];
137 * kdbus_meta_proc_new() - Create process metadata object
139 * Return: Pointer to new object on success, ERR_PTR on failure.
141 struct kdbus_meta_proc *kdbus_meta_proc_new(void)
143 struct kdbus_meta_proc *mp;
145 mp = kzalloc(sizeof(*mp), GFP_KERNEL);
147 return ERR_PTR(-ENOMEM);
149 kref_init(&mp->kref);
150 mutex_init(&mp->lock);
155 static void kdbus_meta_proc_free(struct kref *kref)
157 struct kdbus_meta_proc *mp = container_of(kref, struct kdbus_meta_proc,
160 path_put(&mp->exe_path);
161 path_put(&mp->root_path);
175 * kdbus_meta_proc_ref() - Gain reference
176 * @mp: Process metadata object
178 * Return: @mp is returned
180 struct kdbus_meta_proc *kdbus_meta_proc_ref(struct kdbus_meta_proc *mp)
188 * kdbus_meta_proc_unref() - Drop reference
189 * @mp: Process metadata object
193 struct kdbus_meta_proc *kdbus_meta_proc_unref(struct kdbus_meta_proc *mp)
196 kref_put(&mp->kref, kdbus_meta_proc_free);
200 static void kdbus_meta_proc_collect_pids(struct kdbus_meta_proc *mp)
202 struct task_struct *parent;
204 mp->pid = get_pid(task_pid(current));
205 mp->tgid = get_pid(task_tgid(current));
208 parent = rcu_dereference(current->real_parent);
209 mp->ppid = get_pid(task_tgid(parent));
212 mp->valid |= KDBUS_ATTACH_PIDS;
215 static void kdbus_meta_proc_collect_tid_comm(struct kdbus_meta_proc *mp)
217 get_task_comm(mp->tid_comm, current);
218 mp->valid |= KDBUS_ATTACH_TID_COMM;
221 static void kdbus_meta_proc_collect_pid_comm(struct kdbus_meta_proc *mp)
223 get_task_comm(mp->pid_comm, current->group_leader);
224 mp->valid |= KDBUS_ATTACH_PID_COMM;
227 static void kdbus_meta_proc_collect_exe(struct kdbus_meta_proc *mp)
229 struct file *exe_file;
232 exe_file = rcu_dereference(current->mm->exe_file);
234 mp->exe_path = exe_file->f_path;
235 path_get(&mp->exe_path);
236 get_fs_root(current->fs, &mp->root_path);
237 mp->valid |= KDBUS_ATTACH_EXE;
242 static int kdbus_meta_proc_collect_cmdline(struct kdbus_meta_proc *mp)
244 struct mm_struct *mm = current->mm;
247 if (mm->arg_start >= mm->arg_end)
250 cmdline = strndup_user((const char __user *)mm->arg_start,
251 mm->arg_end - mm->arg_start);
253 return PTR_ERR(cmdline);
255 mp->cmdline = cmdline;
256 mp->valid |= KDBUS_ATTACH_CMDLINE;
261 static int kdbus_meta_proc_collect_cgroup(struct kdbus_meta_proc *mp)
263 #ifdef CONFIG_CGROUPS
267 page = (void *)__get_free_page(GFP_TEMPORARY);
271 s = task_cgroup_path(current, page, PAGE_SIZE);
273 mp->cgroup = kstrdup(s, GFP_KERNEL);
275 free_page((unsigned long)page);
280 free_page((unsigned long)page);
281 mp->valid |= KDBUS_ATTACH_CGROUP;
287 static int kdbus_meta_proc_collect_seclabel(struct kdbus_meta_proc *mp)
289 #ifdef CONFIG_SECURITY
294 security_task_getsecid(current, &sid);
295 ret = security_secid_to_secctx(sid, &ctx, &len);
298 * EOPNOTSUPP means no security module is active,
299 * lets skip adding the seclabel then. This effectively
300 * drops the SECLABEL item.
302 return (ret == -EOPNOTSUPP) ? 0 : ret;
305 mp->seclabel = kstrdup(ctx, GFP_KERNEL);
306 security_release_secctx(ctx, len);
310 mp->valid |= KDBUS_ATTACH_SECLABEL;
316 static void kdbus_meta_proc_collect_audit(struct kdbus_meta_proc *mp)
318 #ifdef CONFIG_AUDITSYSCALL
319 mp->audit_loginuid = audit_get_loginuid(current);
320 mp->audit_sessionid = audit_get_sessionid(current);
321 mp->valid |= KDBUS_ATTACH_AUDIT;
326 * kdbus_meta_proc_collect() - Collect process metadata
327 * @mp: Process metadata object
328 * @what: Attach flags to collect
330 * This collects process metadata from current and saves it in @mp.
332 * Return: 0 on success, negative error code on failure.
334 int kdbus_meta_proc_collect(struct kdbus_meta_proc *mp, u64 what)
338 if (!mp || !(what & (KDBUS_ATTACH_CREDS |
340 KDBUS_ATTACH_AUXGROUPS |
341 KDBUS_ATTACH_TID_COMM |
342 KDBUS_ATTACH_PID_COMM |
344 KDBUS_ATTACH_CMDLINE |
345 KDBUS_ATTACH_CGROUP |
347 KDBUS_ATTACH_SECLABEL |
348 KDBUS_ATTACH_AUDIT)))
351 mutex_lock(&mp->lock);
353 /* creds, auxgrps and caps share "struct cred" as context */
355 const u64 m_cred = KDBUS_ATTACH_CREDS |
356 KDBUS_ATTACH_AUXGROUPS |
359 if ((what & m_cred) && !(mp->collected & m_cred)) {
360 mp->cred = get_current_cred();
362 mp->collected |= m_cred;
366 if ((what & KDBUS_ATTACH_PIDS) &&
367 !(mp->collected & KDBUS_ATTACH_PIDS)) {
368 kdbus_meta_proc_collect_pids(mp);
369 mp->collected |= KDBUS_ATTACH_PIDS;
372 if ((what & KDBUS_ATTACH_TID_COMM) &&
373 !(mp->collected & KDBUS_ATTACH_TID_COMM)) {
374 kdbus_meta_proc_collect_tid_comm(mp);
375 mp->collected |= KDBUS_ATTACH_TID_COMM;
378 if ((what & KDBUS_ATTACH_PID_COMM) &&
379 !(mp->collected & KDBUS_ATTACH_PID_COMM)) {
380 kdbus_meta_proc_collect_pid_comm(mp);
381 mp->collected |= KDBUS_ATTACH_PID_COMM;
384 if ((what & KDBUS_ATTACH_EXE) &&
385 !(mp->collected & KDBUS_ATTACH_EXE)) {
386 kdbus_meta_proc_collect_exe(mp);
387 mp->collected |= KDBUS_ATTACH_EXE;
390 if ((what & KDBUS_ATTACH_CMDLINE) &&
391 !(mp->collected & KDBUS_ATTACH_CMDLINE)) {
392 ret = kdbus_meta_proc_collect_cmdline(mp);
395 mp->collected |= KDBUS_ATTACH_CMDLINE;
398 if ((what & KDBUS_ATTACH_CGROUP) &&
399 !(mp->collected & KDBUS_ATTACH_CGROUP)) {
400 ret = kdbus_meta_proc_collect_cgroup(mp);
403 mp->collected |= KDBUS_ATTACH_CGROUP;
406 if ((what & KDBUS_ATTACH_SECLABEL) &&
407 !(mp->collected & KDBUS_ATTACH_SECLABEL)) {
408 ret = kdbus_meta_proc_collect_seclabel(mp);
411 mp->collected |= KDBUS_ATTACH_SECLABEL;
414 if ((what & KDBUS_ATTACH_AUDIT) &&
415 !(mp->collected & KDBUS_ATTACH_AUDIT)) {
416 kdbus_meta_proc_collect_audit(mp);
417 mp->collected |= KDBUS_ATTACH_AUDIT;
423 mutex_unlock(&mp->lock);
428 * kdbus_meta_fake_new() - Create fake metadata object
430 * Return: Pointer to new object on success, ERR_PTR on failure.
432 struct kdbus_meta_fake *kdbus_meta_fake_new(void)
434 struct kdbus_meta_fake *mf;
436 mf = kzalloc(sizeof(*mf), GFP_KERNEL);
438 return ERR_PTR(-ENOMEM);
444 * kdbus_meta_fake_free() - Free fake metadata object
445 * @mf: Fake metadata object
449 struct kdbus_meta_fake *kdbus_meta_fake_free(struct kdbus_meta_fake *mf)
463 * kdbus_meta_fake_collect() - Fill fake metadata from faked credentials
464 * @mf: Fake metadata object
465 * @creds: Creds to set, may be %NULL
466 * @pids: PIDs to set, may be %NULL
467 * @seclabel: Seclabel to set, may be %NULL
469 * This function takes information stored in @creds, @pids and @seclabel and
470 * resolves them to kernel-representations, if possible. This call uses the
471 * current task's namespaces to resolve the given information.
473 * Return: 0 on success, negative error code on failure.
475 int kdbus_meta_fake_collect(struct kdbus_meta_fake *mf,
476 const struct kdbus_creds *creds,
477 const struct kdbus_pids *pids,
478 const char *seclabel)
484 struct user_namespace *ns = current_user_ns();
486 mf->uid = make_kuid(ns, creds->uid);
487 mf->euid = make_kuid(ns, creds->euid);
488 mf->suid = make_kuid(ns, creds->suid);
489 mf->fsuid = make_kuid(ns, creds->fsuid);
491 mf->gid = make_kgid(ns, creds->gid);
492 mf->egid = make_kgid(ns, creds->egid);
493 mf->sgid = make_kgid(ns, creds->sgid);
494 mf->fsgid = make_kgid(ns, creds->fsgid);
496 if ((creds->uid != (uid_t)-1 && !uid_valid(mf->uid)) ||
497 (creds->euid != (uid_t)-1 && !uid_valid(mf->euid)) ||
498 (creds->suid != (uid_t)-1 && !uid_valid(mf->suid)) ||
499 (creds->fsuid != (uid_t)-1 && !uid_valid(mf->fsuid)) ||
500 (creds->gid != (gid_t)-1 && !gid_valid(mf->gid)) ||
501 (creds->egid != (gid_t)-1 && !gid_valid(mf->egid)) ||
502 (creds->sgid != (gid_t)-1 && !gid_valid(mf->sgid)) ||
503 (creds->fsgid != (gid_t)-1 && !gid_valid(mf->fsgid)))
506 mf->valid |= KDBUS_ATTACH_CREDS;
510 mf->pid = get_pid(find_vpid(pids->tid));
511 mf->tgid = get_pid(find_vpid(pids->pid));
512 mf->ppid = get_pid(find_vpid(pids->ppid));
514 if ((pids->tid != 0 && !mf->pid) ||
515 (pids->pid != 0 && !mf->tgid) ||
516 (pids->ppid != 0 && !mf->ppid)) {
526 mf->valid |= KDBUS_ATTACH_PIDS;
530 mf->seclabel = kstrdup(seclabel, GFP_KERNEL);
534 mf->valid |= KDBUS_ATTACH_SECLABEL;
541 * kdbus_meta_conn_new() - Create connection metadata object
543 * Return: Pointer to new object on success, ERR_PTR on failure.
545 struct kdbus_meta_conn *kdbus_meta_conn_new(void)
547 struct kdbus_meta_conn *mc;
549 mc = kzalloc(sizeof(*mc), GFP_KERNEL);
551 return ERR_PTR(-ENOMEM);
553 kref_init(&mc->kref);
554 mutex_init(&mc->lock);
559 static void kdbus_meta_conn_free(struct kref *kref)
561 struct kdbus_meta_conn *mc =
562 container_of(kref, struct kdbus_meta_conn, kref);
564 kfree(mc->conn_description);
565 kfree(mc->owned_names_items);
570 * kdbus_meta_conn_ref() - Gain reference
571 * @mc: Connection metadata object
573 struct kdbus_meta_conn *kdbus_meta_conn_ref(struct kdbus_meta_conn *mc)
581 * kdbus_meta_conn_unref() - Drop reference
582 * @mc: Connection metadata object
584 struct kdbus_meta_conn *kdbus_meta_conn_unref(struct kdbus_meta_conn *mc)
587 kref_put(&mc->kref, kdbus_meta_conn_free);
591 static void kdbus_meta_conn_collect_timestamp(struct kdbus_meta_conn *mc,
594 mc->ts.monotonic_ns = ktime_get_ns();
595 mc->ts.realtime_ns = ktime_get_real_ns();
598 mc->ts.seqnum = msg_seqnum;
600 mc->valid |= KDBUS_ATTACH_TIMESTAMP;
603 static int kdbus_meta_conn_collect_names(struct kdbus_meta_conn *mc,
604 struct kdbus_conn *conn)
606 const struct kdbus_name_owner *owner;
607 struct kdbus_item *item;
610 lockdep_assert_held(&conn->ep->bus->name_registry->rwlock);
613 /* open-code length calculation to avoid final padding */
614 list_for_each_entry(owner, &conn->names_list, conn_entry)
615 if (!(owner->flags & KDBUS_NAME_IN_QUEUE))
616 size = KDBUS_ALIGN8(size) + KDBUS_ITEM_HEADER_SIZE +
617 sizeof(struct kdbus_name) +
618 strlen(owner->name->name) + 1;
623 /* make sure we include zeroed padding for convenience helpers */
624 item = kmalloc(KDBUS_ALIGN8(size), GFP_KERNEL);
628 mc->owned_names_items = item;
629 mc->owned_names_size = size;
631 list_for_each_entry(owner, &conn->names_list, conn_entry) {
632 if (owner->flags & KDBUS_NAME_IN_QUEUE)
635 slen = strlen(owner->name->name) + 1;
636 kdbus_item_set(item, KDBUS_ITEM_OWNED_NAME, NULL,
637 sizeof(struct kdbus_name) + slen);
638 item->name.flags = owner->flags;
639 memcpy(item->name.name, owner->name->name, slen);
640 item = KDBUS_ITEM_NEXT(item);
643 /* sanity check: the buffer should be completely written now */
644 WARN_ON((u8 *)item !=
645 (u8 *)mc->owned_names_items + KDBUS_ALIGN8(size));
647 mc->valid |= KDBUS_ATTACH_NAMES;
651 static int kdbus_meta_conn_collect_description(struct kdbus_meta_conn *mc,
652 struct kdbus_conn *conn)
654 if (!conn->description)
657 mc->conn_description = kstrdup(conn->description, GFP_KERNEL);
658 if (!mc->conn_description)
661 mc->valid |= KDBUS_ATTACH_CONN_DESCRIPTION;
666 * kdbus_meta_conn_collect() - Collect connection metadata
667 * @mc: Message metadata object
668 * @conn: Connection to collect data from
669 * @msg_seqnum: Sequence number of the message to send
670 * @what: Attach flags to collect
672 * This collects connection metadata from @msg_seqnum and @conn and saves it
675 * If KDBUS_ATTACH_NAMES is set in @what and @conn is non-NULL, the caller must
676 * hold the name-registry read-lock of conn->ep->bus->registry.
678 * Return: 0 on success, negative error code on failure.
680 int kdbus_meta_conn_collect(struct kdbus_meta_conn *mc,
681 struct kdbus_conn *conn,
682 u64 msg_seqnum, u64 what)
686 if (!mc || !(what & (KDBUS_ATTACH_TIMESTAMP |
688 KDBUS_ATTACH_CONN_DESCRIPTION)))
691 mutex_lock(&mc->lock);
693 if (msg_seqnum && (what & KDBUS_ATTACH_TIMESTAMP) &&
694 !(mc->collected & KDBUS_ATTACH_TIMESTAMP)) {
695 kdbus_meta_conn_collect_timestamp(mc, msg_seqnum);
696 mc->collected |= KDBUS_ATTACH_TIMESTAMP;
699 if (conn && (what & KDBUS_ATTACH_NAMES) &&
700 !(mc->collected & KDBUS_ATTACH_NAMES)) {
701 ret = kdbus_meta_conn_collect_names(mc, conn);
704 mc->collected |= KDBUS_ATTACH_NAMES;
707 if (conn && (what & KDBUS_ATTACH_CONN_DESCRIPTION) &&
708 !(mc->collected & KDBUS_ATTACH_CONN_DESCRIPTION)) {
709 ret = kdbus_meta_conn_collect_description(mc, conn);
712 mc->collected |= KDBUS_ATTACH_CONN_DESCRIPTION;
718 mutex_unlock(&mc->lock);
722 static void kdbus_meta_export_caps(struct kdbus_meta_caps *out,
723 const struct kdbus_meta_proc *mp,
724 struct user_namespace *user_ns)
726 struct user_namespace *iter;
727 const struct cred *cred = mp->cred;
728 bool parent = false, owner = false;
732 * This translates the effective capabilities of 'cred' into the given
733 * user-namespace. If the given user-namespace is a child-namespace of
734 * the user-namespace of 'cred', the mask can be copied verbatim. If
735 * not, the mask is cleared.
736 * There's one exception: If 'cred' is the owner of any user-namespace
737 * in the path between the given user-namespace and the user-namespace
738 * of 'cred', then it has all effective capabilities set. This means,
739 * the user who created a user-namespace always has all effective
740 * capabilities in any child namespaces. Note that this is based on the
741 * uid of the namespace creator, not the task hierarchy.
743 for (iter = user_ns; iter; iter = iter->parent) {
744 if (iter == cred->user_ns) {
749 if (iter == &init_user_ns)
752 if ((iter->parent == cred->user_ns) &&
753 uid_eq(iter->owner, cred->euid)) {
759 out->last_cap = CAP_LAST_CAP;
761 CAP_FOR_EACH_U32(i) {
763 out->set[0].caps[i] = cred->cap_inheritable.cap[i];
764 out->set[1].caps[i] = cred->cap_permitted.cap[i];
765 out->set[2].caps[i] = cred->cap_effective.cap[i];
766 out->set[3].caps[i] = cred->cap_bset.cap[i];
768 out->set[0].caps[i] = 0U;
769 out->set[1].caps[i] = ~0U;
770 out->set[2].caps[i] = ~0U;
771 out->set[3].caps[i] = ~0U;
773 out->set[0].caps[i] = 0U;
774 out->set[1].caps[i] = 0U;
775 out->set[2].caps[i] = 0U;
776 out->set[3].caps[i] = 0U;
780 /* clear unused bits */
781 for (i = 0; i < 4; i++)
782 out->set[i].caps[CAP_TO_INDEX(CAP_LAST_CAP)] &=
783 CAP_LAST_U32_VALID_MASK;
786 /* This is equivalent to from_kuid_munged(), but maps INVALID_UID to itself */
787 static uid_t kdbus_from_kuid_keep(struct user_namespace *ns, kuid_t uid)
789 return uid_valid(uid) ? from_kuid_munged(ns, uid) : ((uid_t)-1);
792 /* This is equivalent to from_kgid_munged(), but maps INVALID_GID to itself */
793 static gid_t kdbus_from_kgid_keep(struct user_namespace *ns, kgid_t gid)
795 return gid_valid(gid) ? from_kgid_munged(ns, gid) : ((gid_t)-1);
798 struct kdbus_meta_staging {
799 const struct kdbus_meta_proc *mp;
800 const struct kdbus_meta_fake *mf;
801 const struct kdbus_meta_conn *mc;
802 const struct kdbus_conn *conn;
806 const char *exe_path;
809 static size_t kdbus_meta_measure(struct kdbus_meta_staging *staging)
811 const struct kdbus_meta_proc *mp = staging->mp;
812 const struct kdbus_meta_fake *mf = staging->mf;
813 const struct kdbus_meta_conn *mc = staging->mc;
814 const u64 mask = staging->mask;
817 /* process metadata */
819 if (mf && (mask & KDBUS_ATTACH_CREDS))
820 size += KDBUS_ITEM_SIZE(sizeof(struct kdbus_creds));
821 else if (mp && (mask & KDBUS_ATTACH_CREDS))
822 size += KDBUS_ITEM_SIZE(sizeof(struct kdbus_creds));
824 if (mf && (mask & KDBUS_ATTACH_PIDS))
825 size += KDBUS_ITEM_SIZE(sizeof(struct kdbus_pids));
826 else if (mp && (mask & KDBUS_ATTACH_PIDS))
827 size += KDBUS_ITEM_SIZE(sizeof(struct kdbus_pids));
829 if (mp && (mask & KDBUS_ATTACH_AUXGROUPS))
830 size += KDBUS_ITEM_SIZE(mp->cred->group_info->ngroups *
833 if (mp && (mask & KDBUS_ATTACH_TID_COMM))
834 size += KDBUS_ITEM_SIZE(strlen(mp->tid_comm) + 1);
836 if (mp && (mask & KDBUS_ATTACH_PID_COMM))
837 size += KDBUS_ITEM_SIZE(strlen(mp->pid_comm) + 1);
839 if (staging->exe_path && (mask & KDBUS_ATTACH_EXE))
840 size += KDBUS_ITEM_SIZE(strlen(staging->exe_path) + 1);
842 if (mp && (mask & KDBUS_ATTACH_CMDLINE))
843 size += KDBUS_ITEM_SIZE(strlen(mp->cmdline) + 1);
845 if (mp && (mask & KDBUS_ATTACH_CGROUP))
846 size += KDBUS_ITEM_SIZE(strlen(mp->cgroup) + 1);
848 if (mp && (mask & KDBUS_ATTACH_CAPS))
849 size += KDBUS_ITEM_SIZE(sizeof(struct kdbus_meta_caps));
851 if (mf && (mask & KDBUS_ATTACH_SECLABEL))
852 size += KDBUS_ITEM_SIZE(strlen(mf->seclabel) + 1);
853 else if (mp && (mask & KDBUS_ATTACH_SECLABEL))
854 size += KDBUS_ITEM_SIZE(strlen(mp->seclabel) + 1);
856 if (mp && (mask & KDBUS_ATTACH_AUDIT))
857 size += KDBUS_ITEM_SIZE(sizeof(struct kdbus_audit));
859 /* connection metadata */
861 if (mc && (mask & KDBUS_ATTACH_NAMES))
862 size += KDBUS_ALIGN8(mc->owned_names_size);
864 if (mc && (mask & KDBUS_ATTACH_CONN_DESCRIPTION))
865 size += KDBUS_ITEM_SIZE(strlen(mc->conn_description) + 1);
867 if (mc && (mask & KDBUS_ATTACH_TIMESTAMP))
868 size += KDBUS_ITEM_SIZE(sizeof(struct kdbus_timestamp));
873 static struct kdbus_item *kdbus_write_head(struct kdbus_item **iter,
876 struct kdbus_item *item = *iter;
880 item->size = KDBUS_ITEM_HEADER_SIZE + size;
883 padding = KDBUS_ALIGN8(item->size) - item->size;
885 memset(item->data + size, 0, padding);
887 *iter = KDBUS_ITEM_NEXT(item);
891 static struct kdbus_item *kdbus_write_full(struct kdbus_item **iter,
892 u64 type, u64 size, const void *data)
894 struct kdbus_item *item;
896 item = kdbus_write_head(iter, type, size);
897 memcpy(item->data, data, size);
901 static size_t kdbus_meta_write(struct kdbus_meta_staging *staging, void *mem,
904 struct user_namespace *user_ns = staging->conn->cred->user_ns;
905 struct pid_namespace *pid_ns = ns_of_pid(staging->conn->pid);
906 struct kdbus_item *item = NULL, *items = mem;
907 u8 *end, *owned_names_end = NULL;
909 /* process metadata */
911 if (staging->mf && (staging->mask & KDBUS_ATTACH_CREDS)) {
912 const struct kdbus_meta_fake *mf = staging->mf;
914 item = kdbus_write_head(&items, KDBUS_ITEM_CREDS,
915 sizeof(struct kdbus_creds));
916 item->creds = (struct kdbus_creds){
917 .uid = kdbus_from_kuid_keep(user_ns, mf->uid),
918 .euid = kdbus_from_kuid_keep(user_ns, mf->euid),
919 .suid = kdbus_from_kuid_keep(user_ns, mf->suid),
920 .fsuid = kdbus_from_kuid_keep(user_ns, mf->fsuid),
921 .gid = kdbus_from_kgid_keep(user_ns, mf->gid),
922 .egid = kdbus_from_kgid_keep(user_ns, mf->egid),
923 .sgid = kdbus_from_kgid_keep(user_ns, mf->sgid),
924 .fsgid = kdbus_from_kgid_keep(user_ns, mf->fsgid),
926 } else if (staging->mp && (staging->mask & KDBUS_ATTACH_CREDS)) {
927 const struct cred *c = staging->mp->cred;
929 item = kdbus_write_head(&items, KDBUS_ITEM_CREDS,
930 sizeof(struct kdbus_creds));
931 item->creds = (struct kdbus_creds){
932 .uid = kdbus_from_kuid_keep(user_ns, c->uid),
933 .euid = kdbus_from_kuid_keep(user_ns, c->euid),
934 .suid = kdbus_from_kuid_keep(user_ns, c->suid),
935 .fsuid = kdbus_from_kuid_keep(user_ns, c->fsuid),
936 .gid = kdbus_from_kgid_keep(user_ns, c->gid),
937 .egid = kdbus_from_kgid_keep(user_ns, c->egid),
938 .sgid = kdbus_from_kgid_keep(user_ns, c->sgid),
939 .fsgid = kdbus_from_kgid_keep(user_ns, c->fsgid),
943 if (staging->mf && (staging->mask & KDBUS_ATTACH_PIDS)) {
944 item = kdbus_write_head(&items, KDBUS_ITEM_PIDS,
945 sizeof(struct kdbus_pids));
946 item->pids = (struct kdbus_pids){
947 .pid = pid_nr_ns(staging->mf->tgid, pid_ns),
948 .tid = pid_nr_ns(staging->mf->pid, pid_ns),
949 .ppid = pid_nr_ns(staging->mf->ppid, pid_ns),
951 } else if (staging->mp && (staging->mask & KDBUS_ATTACH_PIDS)) {
952 item = kdbus_write_head(&items, KDBUS_ITEM_PIDS,
953 sizeof(struct kdbus_pids));
954 item->pids = (struct kdbus_pids){
955 .pid = pid_nr_ns(staging->mp->tgid, pid_ns),
956 .tid = pid_nr_ns(staging->mp->pid, pid_ns),
957 .ppid = pid_nr_ns(staging->mp->ppid, pid_ns),
961 if (staging->mp && (staging->mask & KDBUS_ATTACH_AUXGROUPS)) {
962 const struct group_info *info = staging->mp->cred->group_info;
965 item = kdbus_write_head(&items, KDBUS_ITEM_AUXGROUPS,
966 info->ngroups * sizeof(u64));
967 for (i = 0; i < info->ngroups; ++i)
968 item->data64[i] = from_kgid_munged(user_ns,
972 if (staging->mp && (staging->mask & KDBUS_ATTACH_TID_COMM))
973 item = kdbus_write_full(&items, KDBUS_ITEM_TID_COMM,
974 strlen(staging->mp->tid_comm) + 1,
975 staging->mp->tid_comm);
977 if (staging->mp && (staging->mask & KDBUS_ATTACH_PID_COMM))
978 item = kdbus_write_full(&items, KDBUS_ITEM_PID_COMM,
979 strlen(staging->mp->pid_comm) + 1,
980 staging->mp->pid_comm);
982 if (staging->exe_path && (staging->mask & KDBUS_ATTACH_EXE))
983 item = kdbus_write_full(&items, KDBUS_ITEM_EXE,
984 strlen(staging->exe_path) + 1,
987 if (staging->mp && (staging->mask & KDBUS_ATTACH_CMDLINE))
988 item = kdbus_write_full(&items, KDBUS_ITEM_CMDLINE,
989 strlen(staging->mp->cmdline) + 1,
990 staging->mp->cmdline);
992 if (staging->mp && (staging->mask & KDBUS_ATTACH_CGROUP))
993 item = kdbus_write_full(&items, KDBUS_ITEM_CGROUP,
994 strlen(staging->mp->cgroup) + 1,
995 staging->mp->cgroup);
997 if (staging->mp && (staging->mask & KDBUS_ATTACH_CAPS)) {
998 item = kdbus_write_head(&items, KDBUS_ITEM_CAPS,
999 sizeof(struct kdbus_meta_caps));
1000 kdbus_meta_export_caps((void*)&item->caps, staging->mp,
1004 if (staging->mf && (staging->mask & KDBUS_ATTACH_SECLABEL))
1005 item = kdbus_write_full(&items, KDBUS_ITEM_SECLABEL,
1006 strlen(staging->mf->seclabel) + 1,
1007 staging->mf->seclabel);
1008 else if (staging->mp && (staging->mask & KDBUS_ATTACH_SECLABEL))
1009 item = kdbus_write_full(&items, KDBUS_ITEM_SECLABEL,
1010 strlen(staging->mp->seclabel) + 1,
1011 staging->mp->seclabel);
1013 if (staging->mp && (staging->mask & KDBUS_ATTACH_AUDIT)) {
1014 item = kdbus_write_head(&items, KDBUS_ITEM_AUDIT,
1015 sizeof(struct kdbus_audit));
1016 item->audit = (struct kdbus_audit){
1017 .loginuid = from_kuid(user_ns,
1018 staging->mp->audit_loginuid),
1019 .sessionid = staging->mp->audit_sessionid,
1023 /* connection metadata */
1025 if (staging->mc && (staging->mask & KDBUS_ATTACH_NAMES)) {
1026 memcpy(items, staging->mc->owned_names_items,
1027 KDBUS_ALIGN8(staging->mc->owned_names_size));
1028 owned_names_end = (u8 *)items + staging->mc->owned_names_size;
1029 items = (void *)KDBUS_ALIGN8((unsigned long)owned_names_end);
1032 if (staging->mc && (staging->mask & KDBUS_ATTACH_CONN_DESCRIPTION))
1033 item = kdbus_write_full(&items, KDBUS_ITEM_CONN_DESCRIPTION,
1034 strlen(staging->mc->conn_description) + 1,
1035 staging->mc->conn_description);
1037 if (staging->mc && (staging->mask & KDBUS_ATTACH_TIMESTAMP))
1038 item = kdbus_write_full(&items, KDBUS_ITEM_TIMESTAMP,
1039 sizeof(staging->mc->ts),
1043 * Return real size (minus trailing padding). In case of 'owned_names'
1044 * we cannot deduce it from item->size, so treat it special.
1047 if (items == (void *)KDBUS_ALIGN8((unsigned long)owned_names_end))
1048 end = owned_names_end;
1050 end = (u8 *)item + item->size;
1054 WARN_ON((u8 *)items - (u8 *)mem != size);
1055 WARN_ON((void *)KDBUS_ALIGN8((unsigned long)end) != (void *)items);
1057 return end - (u8 *)mem;
1060 int kdbus_meta_emit(struct kdbus_meta_proc *mp,
1061 struct kdbus_meta_fake *mf,
1062 struct kdbus_meta_conn *mc,
1063 struct kdbus_conn *conn,
1065 struct kdbus_item **out_items,
1068 struct kdbus_meta_staging staging = {};
1069 struct kdbus_item *items = NULL;
1073 if (WARN_ON(mf && mp))
1079 staging.conn = conn;
1081 /* get mask of valid items */
1083 staging.mask |= mf->valid;
1085 mutex_lock(&mp->lock);
1086 staging.mask |= mp->valid;
1087 mutex_unlock(&mp->lock);
1090 mutex_lock(&mc->lock);
1091 staging.mask |= mc->valid;
1092 mutex_unlock(&mc->lock);
1095 staging.mask &= mask;
1097 if (!staging.mask) { /* bail out if nothing to do */
1102 /* EXE is special as it needs a temporary page to assemble */
1103 if (mp && (staging.mask & KDBUS_ATTACH_EXE)) {
1107 * XXX: We need access to __d_path() so we can write the path
1108 * relative to conn->root_path. Once upstream, we need
1109 * EXPORT_SYMBOL(__d_path) or an equivalent of d_path() that
1110 * takes the root path directly. Until then, we drop this item
1111 * if the root-paths differ.
1114 get_fs_root(current->fs, &p);
1115 if (path_equal(&p, &conn->root_path)) {
1116 staging.exe = (void *)__get_free_page(GFP_TEMPORARY);
1123 staging.exe_path = d_path(&mp->exe_path, staging.exe,
1125 if (IS_ERR(staging.exe_path)) {
1127 ret = PTR_ERR(staging.exe_path);
1134 size = kdbus_meta_measure(&staging);
1135 if (!size) { /* bail out if nothing to do */
1140 items = kmalloc(size, GFP_KERNEL);
1146 size = kdbus_meta_write(&staging, items, size);
1156 free_page((unsigned long)staging.exe);
1165 KDBUS_META_PROC_NONE,
1166 KDBUS_META_PROC_NORMAL,
1170 * kdbus_proc_permission() - check /proc permissions on target pid
1171 * @pid_ns: namespace we operate in
1172 * @cred: credentials of requestor
1173 * @target: target process
1175 * This checks whether a process with credentials @cred can access information
1176 * of @target in the namespace @pid_ns. This tries to follow /proc permissions,
1177 * but is slightly more restrictive.
1179 * Return: The /proc access level (KDBUS_META_PROC_*) is returned.
1181 static unsigned int kdbus_proc_permission(const struct pid_namespace *pid_ns,
1182 const struct cred *cred,
1185 if (pid_ns->hide_pid < 1)
1186 return KDBUS_META_PROC_NORMAL;
1188 /* XXX: we need groups_search() exported for aux-groups */
1189 if (gid_eq(cred->egid, pid_ns->pid_gid))
1190 return KDBUS_META_PROC_NORMAL;
1193 * XXX: If ptrace_may_access(PTRACE_MODE_READ) is granted, you can
1194 * overwrite hide_pid. However, ptrace_may_access() only supports
1195 * checking 'current', hence, we cannot use this here. But we
1196 * simply decide to not support this override, so no need to worry.
1199 return KDBUS_META_PROC_NONE;
1203 * kdbus_meta_proc_mask() - calculate which metadata would be visible to
1204 * a connection via /proc
1205 * @prv_pid: pid of metadata provider
1206 * @req_pid: pid of metadata requestor
1207 * @req_cred: credentials of metadata reqeuestor
1208 * @wanted: metadata that is requested
1210 * This checks which metadata items of @prv_pid can be read via /proc by the
1211 * requestor @req_pid.
1213 * Return: Set of metadata flags the requestor can see (limited by @wanted).
1215 static u64 kdbus_meta_proc_mask(struct pid *prv_pid,
1216 struct pid *req_pid,
1217 const struct cred *req_cred,
1220 struct pid_namespace *prv_ns, *req_ns;
1223 prv_ns = ns_of_pid(prv_pid);
1224 req_ns = ns_of_pid(req_pid);
1227 * If the sender is not visible in the receiver namespace, then the
1228 * receiver cannot access the sender via its own procfs. Hence, we do
1229 * not attach any additional metadata.
1231 if (!pid_nr_ns(prv_pid, req_ns))
1235 * If the pid-namespace of the receiver has hide_pid set, it cannot see
1236 * any process but its own. We shortcut this /proc permission check if
1237 * provider and requestor are the same. If not, we perform rather
1238 * expensive /proc permission checks.
1240 if (prv_pid == req_pid)
1241 proc = KDBUS_META_PROC_NORMAL;
1243 proc = kdbus_proc_permission(req_ns, req_cred, prv_pid);
1245 /* you need /proc access to read standard process attributes */
1246 if (proc < KDBUS_META_PROC_NORMAL)
1247 wanted &= ~(KDBUS_ATTACH_TID_COMM |
1248 KDBUS_ATTACH_PID_COMM |
1249 KDBUS_ATTACH_SECLABEL |
1250 KDBUS_ATTACH_CMDLINE |
1251 KDBUS_ATTACH_CGROUP |
1252 KDBUS_ATTACH_AUDIT |
1256 /* clear all non-/proc flags */
1257 return wanted & (KDBUS_ATTACH_TID_COMM |
1258 KDBUS_ATTACH_PID_COMM |
1259 KDBUS_ATTACH_SECLABEL |
1260 KDBUS_ATTACH_CMDLINE |
1261 KDBUS_ATTACH_CGROUP |
1262 KDBUS_ATTACH_AUDIT |
1268 * kdbus_meta_get_mask() - calculate attach flags mask for metadata request
1269 * @prv_pid: pid of metadata provider
1270 * @prv_mask: mask of metadata the provide grants unchecked
1271 * @req_pid: pid of metadata requestor
1272 * @req_cred: credentials of metadata requestor
1273 * @req_mask: mask of metadata that is requested
1275 * This calculates the metadata items that the requestor @req_pid can access
1276 * from the metadata provider @prv_pid. This permission check consists of
1277 * several different parts:
1278 * - Providers can grant metadata items unchecked. Regardless of their type,
1279 * they're always granted to the requestor. This mask is passed as @prv_mask.
1280 * - Basic items (credentials and connection metadata) are granted implicitly
1281 * to everyone. They're publicly available to any bus-user that can see the
1283 * - Process credentials that are not granted implicitly follow the same
1284 * permission checks as /proc. This means, we always assume a requestor
1285 * process has access to their *own* /proc mount, if they have access to
1288 * Return: Mask of metadata that is granted.
1290 static u64 kdbus_meta_get_mask(struct pid *prv_pid, u64 prv_mask,
1291 struct pid *req_pid,
1292 const struct cred *req_cred, u64 req_mask)
1294 u64 missing, impl_mask, proc_mask = 0;
1297 * Connection metadata and basic unix process credentials are
1298 * transmitted implicitly, and cannot be suppressed. Both are required
1299 * to perform user-space policies on the receiver-side. Furthermore,
1300 * connection metadata is public state, anyway, and unix credentials
1301 * are needed for UDS-compatibility. We extend them slightly by
1302 * auxiliary groups and additional uids/gids/pids.
1304 impl_mask = /* connection metadata */
1305 KDBUS_ATTACH_CONN_DESCRIPTION |
1306 KDBUS_ATTACH_TIMESTAMP |
1307 KDBUS_ATTACH_NAMES |
1308 /* credentials and pids */
1309 KDBUS_ATTACH_AUXGROUPS |
1310 KDBUS_ATTACH_CREDS |
1314 * Calculate the set of metadata that is not granted implicitly nor by
1315 * the sender, but still requested by the receiver. If any are left,
1316 * perform rather expensive /proc access checks for them.
1318 missing = req_mask & ~((prv_mask | impl_mask) & req_mask);
1320 proc_mask = kdbus_meta_proc_mask(prv_pid, req_pid, req_cred,
1323 return (prv_mask | impl_mask | proc_mask) & req_mask;
1328 u64 kdbus_meta_info_mask(const struct kdbus_conn *conn, u64 mask)
1330 return kdbus_meta_get_mask(conn->pid,
1331 atomic64_read(&conn->attach_flags_send),
1339 u64 kdbus_meta_msg_mask(const struct kdbus_conn *snd,
1340 const struct kdbus_conn *rcv)
1342 return kdbus_meta_get_mask(task_pid(current),
1343 atomic64_read(&snd->attach_flags_send),
1346 atomic64_read(&rcv->attach_flags_recv));