Kernel+LibC: Add sys$recvfd() and sys$sendfd() for fd passing

These new syscalls allow you to send and receive file descriptors over a local domain socket. This will enable various privilege separation techniques and other good stuff. :^)
2025-05-31 09:48:11 +00:00 · 2020-06-24 22:57:37 +02:00 · 2020-06-24 22:57:37 +02:00 · d4195672b7
commit d4195672b7
parent cd02144a06
7 changed files with 127 additions and 2 deletions
--- a/Kernel/Process.cpp
+++ b/Kernel/Process.cpp
@ -55,6 +55,7 @@
 #include <Kernel/KSyms.h>
 #include <Kernel/Module.h>
 #include <Kernel/Multiboot.h>
+#include <Kernel/Net/LocalSocket.h>
 #include <Kernel/Net/Socket.h>
 #include <Kernel/PerformanceEventBuffer.h>
 #include <Kernel/Process.h>
@ -5178,4 +5179,52 @@ KResult Process::poke_user_data(u32* address, u32 data)
    return KResult(KSuccess);
 }

+int Process::sys$sendfd(int sockfd, int fd)
+{
+    REQUIRE_PROMISE(sendfd);
+    auto socket_description = file_description(sockfd);
+    if (!socket_description)
+        return -EBADF;
+    if (!socket_description->is_socket())
+        return -ENOTSOCK;
+    auto& socket = *socket_description->socket();
+    if (!socket.is_local())
+        return -EAFNOSUPPORT;
+    if (!socket.is_connected())
+        return -ENOTCONN;
+
+    auto passing_descriptor = file_description(fd);
+    if (!passing_descriptor)
+        return -EBADF;
+
+    auto& local_socket = static_cast<LocalSocket&>(socket);
+    return local_socket.sendfd(*socket_description, *passing_descriptor);
+}
+
+int Process::sys$recvfd(int sockfd)
+{
+    REQUIRE_PROMISE(recvfd);
+    auto socket_description = file_description(sockfd);
+    if (!socket_description)
+        return -EBADF;
+    if (!socket_description->is_socket())
+        return -ENOTSOCK;
+    auto& socket = *socket_description->socket();
+    if (!socket.is_local())
+        return -EAFNOSUPPORT;
+
+    int new_fd = alloc_fd();
+    if (new_fd < 0)
+        return new_fd;
+
+    auto& local_socket = static_cast<LocalSocket&>(socket);
+    auto received_descriptor_or_error = local_socket.recvfd(*socket_description);
+
+    if (received_descriptor_or_error.is_error())
+        return received_descriptor_or_error.error();
+
+    m_fds[new_fd].set(*received_descriptor_or_error.value(), 0);
+    return new_fd;
+}
+
 }