Lines Matching full:sid
216 tsec->osid = tsec->sid = SECINITSID_KERNEL; in cred_init_security()
227 return tsec->sid; in cred_sid()
260 u32 sid; in task_sid_obj() local
263 sid = cred_sid(__task_cred(task)); in task_sid_obj()
265 return sid; in task_sid_obj()
423 static int may_context_mount_sb_relabel(u32 sid, in may_context_mount_sb_relabel() argument
430 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_sb_relabel()
435 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM, in may_context_mount_sb_relabel()
440 static int may_context_mount_inode_relabel(u32 sid, in may_context_mount_inode_relabel() argument
446 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_inode_relabel()
451 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_inode_relabel()
502 u32 sid; in sb_check_xattr_support() local
535 SECCLASS_DIR, &sid); in sb_check_xattr_support()
542 sbsec->sid = sid; in sb_check_xattr_support()
687 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, in selinux_set_mnt_opts()
701 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, in selinux_set_mnt_opts()
785 sbsec->sid = fscontext_sid; in selinux_set_mnt_opts()
814 sbsec->sid = context_sid; in selinux_set_mnt_opts()
834 root_isec->sid = rootcontext_sid; in selinux_set_mnt_opts()
880 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid) in selinux_cmp_sb_context()
889 if (oldroot->sid != newroot->sid) in selinux_cmp_sb_context()
948 newsbsec->sid = oldsbsec->sid; in selinux_sb_clone_mnt_opts()
965 u32 sid = oldsbsec->mntpoint_sid; in selinux_sb_clone_mnt_opts() local
968 newsbsec->sid = sid; in selinux_sb_clone_mnt_opts()
971 newisec->sid = sid; in selinux_sb_clone_mnt_opts()
973 newsbsec->mntpoint_sid = sid; in selinux_sb_clone_mnt_opts()
979 newisec->sid = oldisec->sid; in selinux_sb_clone_mnt_opts()
1051 static int show_sid(struct seq_file *m, u32 sid) in show_sid() argument
1057 rc = security_sid_to_context(sid, &context, &len); in show_sid()
1086 rc = show_sid(m, sbsec->sid); in selinux_sb_show_options()
1109 rc = show_sid(m, isec->sid); in selinux_sb_show_options()
1311 u32 *sid) in selinux_genfs_get_sid() argument
1335 path, tclass, sid); in selinux_genfs_get_sid()
1338 *sid = SECINITSID_UNLABELED; in selinux_genfs_get_sid()
1347 u32 def_sid, u32 *sid) in inode_doinit_use_xattr() argument
1385 *sid = def_sid; in inode_doinit_use_xattr()
1389 rc = security_context_to_sid_default(context, rc, sid, in inode_doinit_use_xattr()
1412 u32 task_sid, sid = 0; in inode_doinit_with_dentry() local
1441 sid = isec->sid; in inode_doinit_with_dentry()
1453 sid = sbsec->def_sid; in inode_doinit_with_dentry()
1486 &sid); in inode_doinit_with_dentry()
1492 sid = task_sid; in inode_doinit_with_dentry()
1495 /* Default to the fs SID. */ in inode_doinit_with_dentry()
1496 sid = sbsec->sid; in inode_doinit_with_dentry()
1498 /* Try to obtain a transition SID. */ in inode_doinit_with_dentry()
1499 rc = security_transition_sid(task_sid, sid, in inode_doinit_with_dentry()
1500 sclass, NULL, &sid); in inode_doinit_with_dentry()
1505 sid = sbsec->mntpoint_sid; in inode_doinit_with_dentry()
1508 /* Default to the fs superblock SID. */ in inode_doinit_with_dentry()
1509 sid = sbsec->sid; in inode_doinit_with_dentry()
1541 sbsec->flags, &sid); in inode_doinit_with_dentry()
1550 sid, &sid); in inode_doinit_with_dentry()
1569 isec->sid = sid; in inode_doinit_with_dentry()
1580 isec->sid = sid; in inode_doinit_with_dentry()
1624 u32 sid = cred_sid(cred); in cred_has_capability() local
1644 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd); in cred_has_capability()
1646 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad); in cred_has_capability()
1662 u32 sid; in inode_has_perm() local
1667 sid = cred_sid(cred); in inode_has_perm()
1670 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp); in inode_has_perm()
1718 static int bpf_fd_pass(const struct file *file, u32 sid);
1726 has the same SID as the process. If av is zero, then
1736 u32 sid = cred_sid(cred); in file_has_perm() local
1742 if (sid != fsec->sid) { in file_has_perm()
1743 rc = avc_has_perm(sid, fsec->sid, in file_has_perm()
1786 return security_transition_sid(tsec->sid, in selinux_determine_inode_label()
1787 dsec->sid, tclass, in selinux_determine_inode_label()
1802 u32 sid, newsid; in may_create() local
1809 sid = tsec->sid; in may_create()
1814 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, in may_create()
1825 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad); in may_create()
1829 return avc_has_perm(newsid, sbsec->sid, in may_create()
1846 u32 sid = current_sid(); in may_link() local
1858 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad); in may_link()
1878 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad); in may_link()
1889 u32 sid = current_sid(); in may_rename() local
1902 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, in may_rename()
1906 rc = avc_has_perm(sid, old_isec->sid, in may_rename()
1911 rc = avc_has_perm(sid, old_isec->sid, in may_rename()
1921 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad); in may_rename()
1927 rc = avc_has_perm(sid, new_isec->sid, in may_rename()
1944 u32 sid = cred_sid(cred); in superblock_has_perm() local
1947 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad); in superblock_has_perm()
2056 u32 sid = cred_sid(to); in selinux_binder_transfer_file() local
2066 if (sid != fsec->sid) { in selinux_binder_transfer_file()
2067 rc = avc_has_perm(sid, fsec->sid, in selinux_binder_transfer_file()
2076 rc = bpf_fd_pass(file, sid); in selinux_binder_transfer_file()
2085 return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file), in selinux_binder_transfer_file()
2092 u32 sid = current_sid(); in selinux_ptrace_access_check() local
2096 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, in selinux_ptrace_access_check()
2099 return avc_has_perm(sid, csid, SECCLASS_PROCESS, PROCESS__PTRACE, in selinux_ptrace_access_check()
2227 u32 sid = 0; in ptrace_parent_sid() local
2233 sid = task_sid_obj(tracer); in ptrace_parent_sid()
2236 return sid; in ptrace_parent_sid()
2251 if (new_tsec->sid == old_tsec->sid) in check_nnp_nosuid()
2266 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in check_nnp_nosuid()
2275 * of the permissions of the current SID. in check_nnp_nosuid()
2277 rc = security_bounded_transition(old_tsec->sid, in check_nnp_nosuid()
2278 new_tsec->sid); in check_nnp_nosuid()
2308 /* Default to the current task SID. */ in selinux_bprm_creds_for_exec()
2309 new_tsec->sid = old_tsec->sid; in selinux_bprm_creds_for_exec()
2310 new_tsec->osid = old_tsec->sid; in selinux_bprm_creds_for_exec()
2318 new_tsec->sid = old_tsec->exec_sid; in selinux_bprm_creds_for_exec()
2319 /* Reset exec SID on execve. */ in selinux_bprm_creds_for_exec()
2328 rc = security_transition_sid(old_tsec->sid, in selinux_bprm_creds_for_exec()
2329 isec->sid, SECCLASS_PROCESS, NULL, in selinux_bprm_creds_for_exec()
2330 &new_tsec->sid); in selinux_bprm_creds_for_exec()
2335 * Fallback to old SID on NNP or nosuid if not an allowed in selinux_bprm_creds_for_exec()
2340 new_tsec->sid = old_tsec->sid; in selinux_bprm_creds_for_exec()
2346 if (new_tsec->sid == old_tsec->sid) { in selinux_bprm_creds_for_exec()
2347 rc = avc_has_perm(old_tsec->sid, isec->sid, in selinux_bprm_creds_for_exec()
2353 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2358 rc = avc_has_perm(new_tsec->sid, isec->sid, in selinux_bprm_creds_for_exec()
2365 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2373 * changes its SID has the appropriate permit */ in selinux_bprm_creds_for_exec()
2377 rc = avc_has_perm(ptsid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2391 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2464 if (new_tsec->sid == new_tsec->osid) in selinux_bprm_committing_creds()
2467 /* Close files for which the new task SID is not authorized. */ in selinux_bprm_committing_creds()
2470 /* Always clear parent death signal on SID transitions. */ in selinux_bprm_committing_creds()
2473 /* Check whether the new SID can inherit resource limits from the old in selinux_bprm_committing_creds()
2474 * SID. If not, reset all soft limits to the lower of the current in selinux_bprm_committing_creds()
2483 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, in selinux_bprm_committing_creds()
2506 u32 osid, sid; in selinux_bprm_committed_creds() local
2510 sid = tsec->sid; in selinux_bprm_committed_creds()
2512 if (sid == osid) in selinux_bprm_committed_creds()
2515 /* Check whether the new SID can inherit signal state from the old SID. in selinux_bprm_committed_creds()
2519 * This must occur _after_ the task SID has been updated so that any in selinux_bprm_committed_creds()
2520 * kill done after the flush will be checked against the new SID. in selinux_bprm_committed_creds()
2522 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL); in selinux_bprm_committed_creds()
2538 * wait permission to the new task SID. */ in selinux_bprm_committed_creds()
2553 sbsec->sid = SECINITSID_UNLABELED; in selinux_sb_alloc_security()
2656 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, in selinux_sb_mnt_opts_compat()
2669 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, in selinux_sb_mnt_opts_compat()
2693 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, in selinux_sb_remount()
2705 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, in selinux_sb_remount()
2792 opts->fscontext_sid = sbsec->sid; in selinux_fs_context_submount()
2840 u32 sid = current_sid(); in selinux_inode_alloc_security() local
2845 isec->sid = SECINITSID_UNLABELED; in selinux_inode_alloc_security()
2847 isec->task_sid = sid; in selinux_inode_alloc_security()
2926 isec->sid = newsid; in selinux_inode_init_security()
2976 isec->sid = context_isec->sid; in selinux_inode_init_security_anon()
2980 tsec->sid, tsec->sid, in selinux_inode_init_security_anon()
2981 isec->sclass, name, &isec->sid); in selinux_inode_init_security_anon()
2995 return avc_has_perm(tsec->sid, in selinux_inode_init_security_anon()
2996 isec->sid, in selinux_inode_init_security_anon()
3056 u32 sid; in selinux_inode_follow_link() local
3060 sid = cred_sid(cred); in selinux_inode_follow_link()
3065 return avc_has_perm(sid, isec->sid, isec->sclass, FILE__READ, &ad); in selinux_inode_follow_link()
3078 return slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms, in audit_inode_permission()
3089 u32 sid; in selinux_inode_permission() local
3106 sid = cred_sid(cred); in selinux_inode_permission()
3111 rc = avc_has_perm_noaudit(sid, isec->sid, isec->sclass, perms, 0, in selinux_inode_permission()
3178 u32 newsid, sid = current_sid(); in selinux_inode_setxattr() local
3205 rc = avc_has_perm(sid, isec->sid, isec->sclass, in selinux_inode_setxattr()
3245 rc = avc_has_perm(sid, newsid, isec->sclass, in selinux_inode_setxattr()
3250 rc = security_validate_transition(isec->sid, newsid, in selinux_inode_setxattr()
3251 sid, isec->sclass); in selinux_inode_setxattr()
3256 sbsec->sid, in selinux_inode_setxattr()
3307 pr_err("SELinux: unable to map context to SID" in selinux_inode_post_setxattr()
3316 isec->sid = newsid; in selinux_inode_post_setxattr()
3433 error = security_sid_to_context_force(isec->sid, &context, in selinux_inode_getsecurity()
3436 error = security_sid_to_context(isec->sid, in selinux_inode_getsecurity()
3475 isec->sid = newsid; in selinux_inode_setsecurity()
3496 *secid = isec->sid; in selinux_inode_getsecid()
3501 u32 sid; in selinux_inode_copy_up() local
3513 selinux_inode_getsecid(d_inode(src), &sid); in selinux_inode_copy_up()
3514 tsec->create_sid = sid; in selinux_inode_copy_up()
3576 rc = security_transition_sid(tsec->sid, in selinux_kernfs_init_security()
3615 u32 sid = current_sid(); in selinux_file_permission() local
3622 if (sid == fsec->sid && fsec->isid == isec->sid && in selinux_file_permission()
3633 u32 sid = current_sid(); in selinux_file_alloc_security() local
3635 fsec->sid = sid; in selinux_file_alloc_security()
3636 fsec->fown_sid = sid; in selinux_file_alloc_security()
3663 if (ssid != fsec->sid) { in ioctl_has_perm()
3664 rc = avc_has_perm(ssid, fsec->sid, in ioctl_has_perm()
3676 rc = avc_has_extended_perms(ssid, isec->sid, isec->sclass, in ioctl_has_perm()
3761 u32 sid = cred_sid(cred); in file_map_prot_check() local
3772 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, in file_map_prot_check()
3801 u32 sid = current_sid(); in selinux_mmap_addr() local
3802 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, in selinux_mmap_addr()
3834 u32 sid = cred_sid(cred); in selinux_file_mprotect() local
3850 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, in selinux_file_mprotect()
3854 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, in selinux_file_mprotect()
3932 u32 sid = task_sid_obj(tsk); in selinux_file_send_sigiotask() local
3946 return avc_has_perm(fsec->fown_sid, sid, in selinux_file_send_sigiotask()
3969 * struct as its SID. in selinux_file_open()
3971 fsec->isid = isec->sid; in selinux_file_open()
3989 u32 sid = current_sid(); in selinux_task_alloc() local
3991 return avc_has_perm(sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL); in selinux_task_alloc()
4030 u32 sid = current_sid(); in selinux_kernel_act_as() local
4033 ret = avc_has_perm(sid, secid, in selinux_kernel_act_as()
4038 tsec->sid = secid; in selinux_kernel_act_as()
4054 u32 sid = current_sid(); in selinux_kernel_create_files_as() local
4057 ret = avc_has_perm(sid, isec->sid, in selinux_kernel_create_files_as()
4063 tsec->create_sid = isec->sid; in selinux_kernel_create_files_as()
4083 u32 sid = current_sid(); in selinux_kernel_module_from_file() local
4088 return avc_has_perm(sid, sid, SECCLASS_SYSTEM, in selinux_kernel_module_from_file()
4097 if (sid != fsec->sid) { in selinux_kernel_module_from_file()
4098 rc = avc_has_perm(sid, fsec->sid, SECCLASS_FD, FD__USE, &ad); in selinux_kernel_module_from_file()
4104 return avc_has_perm(sid, isec->sid, SECCLASS_SYSTEM, in selinux_kernel_module_from_file()
4256 u32 sid = task_sid_obj(p); in selinux_task_to_inode() local
4260 isec->sid = sid; in selinux_task_to_inode()
4267 u32 sid = current_sid(); in selinux_userns_create() local
4269 return avc_has_perm(sid, sid, SECCLASS_USER_NAMESPACE, in selinux_userns_create()
4503 * @sid: the packet's peer label SID
4507 * the peer label/SID for the packet; most of the magic actually occurs in
4509 * returns zero if the value in @sid is valid (although it may be SECSID_NULL)
4510 * or -EACCES if @sid is invalid due to inconsistencies with the different
4514 static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid) in selinux_skb_peerlbl_sid() argument
4529 nlbl_type, xfrm_sid, sid); in selinux_skb_peerlbl_sid()
4542 * @sk_sid: the parent socket's SID
4543 * @skb_sid: the packet's SID
4544 * @conn_sid: the resulting connection SID
4575 return security_transition_sid(tsec->sid, tsec->sid, in socket_sockcreate_sid()
4585 if (sksec->sid == SECINITSID_KERNEL) in sock_has_perm()
4590 return avc_has_perm(current_sid(), sksec->sid, sksec->sclass, perms, in sock_has_perm()
4610 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL); in selinux_socket_create()
4620 u32 sid = SECINITSID_KERNEL; in selinux_socket_post_create() local
4624 err = socket_sockcreate_sid(tsec, sclass, &sid); in selinux_socket_post_create()
4630 isec->sid = sid; in selinux_socket_post_create()
4636 sksec->sid = sid; in selinux_socket_post_create()
4653 sksec_a->peer_sid = sksec_b->sid; in selinux_socket_socketpair()
4654 sksec_b->peer_sid = sksec_a->sid; in selinux_socket_socketpair()
4684 u32 sid, node_perm; in selinux_socket_bind() local
4743 snum, &sid); in selinux_socket_bind()
4746 err = avc_has_perm(sksec->sid, sid, in selinux_socket_bind()
4776 err = sel_netnode_sid(addrp, family_sa, &sid); in selinux_socket_bind()
4785 err = avc_has_perm(sksec->sid, sid, in selinux_socket_bind()
4833 u32 sid, perm; in selinux_socket_connect_helper() local
4863 err = sel_netport_sid(sk->sk_protocol, snum, &sid); in selinux_socket_connect_helper()
4883 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad); in selinux_socket_connect_helper()
4916 u32 sid; in selinux_socket_accept() local
4925 sid = isec->sid; in selinux_socket_accept()
4930 newisec->sid = sid; in selinux_socket_accept()
4993 err = avc_has_perm(sksec_sock->sid, sksec_other->sid, in selinux_socket_unix_stream_connect()
5000 sksec_new->peer_sid = sksec_sock->sid; in selinux_socket_unix_stream_connect()
5001 err = security_sid_mls_copy(sksec_other->sid, in selinux_socket_unix_stream_connect()
5002 sksec_sock->sid, &sksec_new->sid); in selinux_socket_unix_stream_connect()
5007 sksec_sock->peer_sid = sksec_new->sid; in selinux_socket_unix_stream_connect()
5022 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO, in selinux_socket_unix_may_send()
5054 u32 sk_sid = sksec->sid; in selinux_sock_rcv_skb_compat()
5074 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad); in selinux_sock_rcv_skb_compat()
5084 u32 sk_sid = sksec->sid; in selinux_socket_sock_rcv_skb()
5195 peer_secid = isec->sid; in selinux_socket_getpeersec_dgram()
5215 sksec->sid = SECINITSID_UNLABELED; in selinux_sk_alloc_security()
5237 newsksec->sid = sksec->sid; in selinux_sk_clone_security()
5251 *secid = sksec->sid; in selinux_sk_getsecid()
5263 isec->sid = sksec->sid; in selinux_sock_graft()
5304 /* Here as first association on socket. As the peer SID in selinux_sctp_process_new_assoc()
5307 * peer SID for getpeercon(3). in selinux_sctp_process_new_assoc()
5348 err = selinux_conn_sid(sksec->sid, asoc->peer_secid, &conn_sid); in selinux_sctp_assoc_request()
5373 asoc->secid = sksec->sid; in selinux_sctp_assoc_established()
5472 newsksec->sid = asoc->secid; in selinux_sctp_sk_clone()
5484 ssksec->sid = sksec->sid; in selinux_mptcp_add_subflow()
5505 err = selinux_conn_sid(sksec->sid, peersid, &connsid); in selinux_inet_conn_request()
5519 newsksec->sid = req->secid; in selinux_inet_csk_clone()
5521 /* NOTE: Ideally, we should also get the isec->sid for the in selinux_inet_csk_clone()
5543 static int selinux_secmark_relabel_packet(u32 sid) in selinux_secmark_relabel_packet() argument
5549 tsid = tsec->sid; in selinux_secmark_relabel_packet()
5551 return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, in selinux_secmark_relabel_packet()
5578 tunsec->sid = current_sid(); in selinux_tun_dev_alloc_security()
5591 u32 sid = current_sid(); in selinux_tun_dev_create() local
5593 /* we aren't taking into account the "sockcreate" SID since the socket in selinux_tun_dev_create()
5600 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE, in selinux_tun_dev_create()
5608 return avc_has_perm(current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_attach_queue()
5624 sksec->sid = tunsec->sid; in selinux_tun_dev_attach()
5633 u32 sid = current_sid(); in selinux_tun_dev_open() local
5636 err = avc_has_perm(sid, tunsec->sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_open()
5640 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_open()
5644 tunsec->sid = sid; in selinux_tun_dev_open()
5710 u32 sid; in selinux_ip_output() local
5739 sid = sksec->sid; in selinux_ip_output()
5741 sid = SECINITSID_KERNEL; in selinux_ip_output()
5742 if (selinux_netlbl_skbuff_setsid(skb, state->pf, sid) != 0) in selinux_ip_output()
5768 if (avc_has_perm(sksec->sid, skb->secmark, in selinux_ip_postroute_compat()
5772 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto)) in selinux_ip_postroute_compat()
5873 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid)) in selinux_ip_postroute()
5880 peer_sid = sksec->sid; in selinux_ip_postroute()
5976 isec->sid = current_sid(); in ipc_init_security()
5984 u32 sid = current_sid(); in ipc_has_perm() local
5991 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); in ipc_has_perm()
5999 msec->sid = SECINITSID_UNLABELED; in selinux_msg_msg_alloc_security()
6009 u32 sid = current_sid(); in selinux_msg_queue_alloc_security() local
6017 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_alloc_security()
6025 u32 sid = current_sid(); in selinux_msg_queue_associate() local
6032 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_associate()
6069 u32 sid = current_sid(); in selinux_msg_queue_msgsnd() local
6078 if (msec->sid == SECINITSID_UNLABELED) { in selinux_msg_queue_msgsnd()
6080 * Compute new sid based on current process and in selinux_msg_queue_msgsnd()
6083 rc = security_transition_sid(sid, isec->sid, in selinux_msg_queue_msgsnd()
6084 SECCLASS_MSG, NULL, &msec->sid); in selinux_msg_queue_msgsnd()
6093 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_msgsnd()
6097 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG, in selinux_msg_queue_msgsnd()
6101 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_msgsnd()
6114 u32 sid = task_sid_obj(target); in selinux_msg_queue_msgrcv() local
6123 rc = avc_has_perm(sid, isec->sid, in selinux_msg_queue_msgrcv()
6126 rc = avc_has_perm(sid, msec->sid, in selinux_msg_queue_msgrcv()
6136 u32 sid = current_sid(); in selinux_shm_alloc_security() local
6144 return avc_has_perm(sid, isec->sid, SECCLASS_SHM, in selinux_shm_alloc_security()
6152 u32 sid = current_sid(); in selinux_shm_associate() local
6159 return avc_has_perm(sid, isec->sid, SECCLASS_SHM, in selinux_shm_associate()
6214 u32 sid = current_sid(); in selinux_sem_alloc_security() local
6222 return avc_has_perm(sid, isec->sid, SECCLASS_SEM, in selinux_sem_alloc_security()
6230 u32 sid = current_sid(); in selinux_sem_associate() local
6237 return avc_has_perm(sid, isec->sid, SECCLASS_SEM, in selinux_sem_associate()
6317 *secid = isec->sid; in selinux_ipc_getsecid()
6330 u32 sid; in selinux_getprocattr() local
6338 error = avc_has_perm(current_sid(), __tsec->sid, in selinux_getprocattr()
6345 sid = __tsec->sid; in selinux_getprocattr()
6347 sid = __tsec->osid; in selinux_getprocattr()
6349 sid = __tsec->exec_sid; in selinux_getprocattr()
6351 sid = __tsec->create_sid; in selinux_getprocattr()
6353 sid = __tsec->keycreate_sid; in selinux_getprocattr()
6355 sid = __tsec->sockcreate_sid; in selinux_getprocattr()
6362 if (!sid) in selinux_getprocattr()
6365 error = security_sid_to_context(sid, value, &len); in selinux_getprocattr()
6379 u32 mysid = current_sid(), sid = 0, ptsid; in selinux_setprocattr() local
6406 /* Obtain a SID for the context, if one was specified. */ in selinux_setprocattr()
6413 &sid, GFP_KERNEL); in selinux_setprocattr()
6437 &sid); in selinux_setprocattr()
6455 tsec->exec_sid = sid; in selinux_setprocattr()
6457 tsec->create_sid = sid; in selinux_setprocattr()
6459 if (sid) { in selinux_setprocattr()
6460 error = avc_has_perm(mysid, sid, in selinux_setprocattr()
6465 tsec->keycreate_sid = sid; in selinux_setprocattr()
6467 tsec->sockcreate_sid = sid; in selinux_setprocattr()
6470 if (sid == 0) in selinux_setprocattr()
6475 error = security_bounded_transition(tsec->sid, sid); in selinux_setprocattr()
6481 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, in selinux_setprocattr()
6486 /* Check for ptracing, and update the task SID if ok. in selinux_setprocattr()
6487 Otherwise, leave SID unchanged and fail. */ in selinux_setprocattr()
6490 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, in selinux_setprocattr()
6496 tsec->sid = sid; in selinux_setprocattr()
6586 ksec->sid = tsec->keycreate_sid; in selinux_key_alloc()
6588 ksec->sid = tsec->sid; in selinux_key_alloc()
6608 u32 perm, sid; in selinux_key_permission() local
6640 sid = cred_sid(cred); in selinux_key_permission()
6644 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL); in selinux_key_permission()
6654 rc = security_sid_to_context(ksec->sid, in selinux_key_getsecurity()
6666 u32 sid = current_sid(); in selinux_watch_key() local
6668 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, KEY__VIEW, NULL); in selinux_watch_key()
6678 u32 sid = 0; in selinux_ib_pkey_access() local
6682 err = sel_ib_pkey_sid(subnet_prefix, pkey_val, &sid); in selinux_ib_pkey_access()
6690 return avc_has_perm(sec->sid, sid, in selinux_ib_pkey_access()
6700 u32 sid = 0; in selinux_ib_endport_manage_subnet() local
6705 &sid); in selinux_ib_endport_manage_subnet()
6714 return avc_has_perm(sec->sid, sid, in selinux_ib_endport_manage_subnet()
6726 sec->sid = current_sid(); in selinux_ib_alloc_security()
6742 u32 sid = current_sid(); in selinux_bpf() local
6747 ret = avc_has_perm(sid, sid, SECCLASS_BPF, BPF__MAP_CREATE, in selinux_bpf()
6751 ret = avc_has_perm(sid, sid, SECCLASS_BPF, BPF__PROG_LOAD, in selinux_bpf()
6781 static int bpf_fd_pass(const struct file *file, u32 sid) in bpf_fd_pass() argument
6791 ret = avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF, in bpf_fd_pass()
6798 ret = avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF, in bpf_fd_pass()
6808 u32 sid = current_sid(); in selinux_bpf_map() local
6812 return avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF, in selinux_bpf_map()
6818 u32 sid = current_sid(); in selinux_bpf_prog() local
6822 return avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF, in selinux_bpf_prog()
6834 bpfsec->sid = current_sid(); in selinux_bpf_map_alloc()
6856 bpfsec->sid = current_sid(); in selinux_bpf_prog_alloc()
6884 u32 requested, sid = current_sid(); in selinux_perf_event_open() local
6897 return avc_has_perm(sid, sid, SECCLASS_PERF_EVENT, in selinux_perf_event_open()
6909 perfsec->sid = current_sid(); in selinux_perf_event_alloc()
6926 u32 sid = current_sid(); in selinux_perf_event_read() local
6928 return avc_has_perm(sid, perfsec->sid, in selinux_perf_event_read()
6935 u32 sid = current_sid(); in selinux_perf_event_write() local
6937 return avc_has_perm(sid, perfsec->sid, in selinux_perf_event_write()
6964 u32 sid = current_sid(); in selinux_uring_sqpoll() local
6966 return avc_has_perm(sid, sid, in selinux_uring_sqpoll()
6988 return avc_has_perm(current_sid(), isec->sid, in selinux_uring_cmd()