210 	struct cred *cred = (struct cred *) current->real_cred;  in cred_init_security()  local
213 	tsec = selinux_cred(cred);  in cred_init_security()
220 static inline u32 cred_sid(const struct cred *cred)  in cred_sid()  argument
224 	tsec = selinux_cred(cred);  in cred_sid()
461 			const struct cred *cred)  in may_context_mount_sb_relabel()  argument
463 	const struct task_security_struct *tsec = selinux_cred(cred);  in may_context_mount_sb_relabel()
480 			const struct cred *cred)  in may_context_mount_inode_relabel()  argument
482 	const struct task_security_struct *tsec = selinux_cred(cred);  in may_context_mount_inode_relabel()
652 	const struct cred *cred = current_cred();  in selinux_set_mnt_opts()  local
807 		rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);  in selinux_set_mnt_opts()
827 							  cred);  in selinux_set_mnt_opts()
833 							     cred);  in selinux_set_mnt_opts()
846 						     cred);  in selinux_set_mnt_opts()
865 							     sbsec, cred);  in selinux_set_mnt_opts()
1632 static int cred_has_capability(const struct cred *cred,  in cred_has_capability()  argument
1638 	u32 sid = cred_sid(cred);  in cred_has_capability()
1672 static int inode_has_perm(const struct cred *cred,  in inode_has_perm()  argument
1680 	validate_creds(cred);  in inode_has_perm()
1685 	sid = cred_sid(cred);  in inode_has_perm()
1695 static inline int dentry_has_perm(const struct cred *cred,  in dentry_has_perm()  argument
1705 	return inode_has_perm(cred, inode, av, &ad);  in dentry_has_perm()
1711 static inline int path_has_perm(const struct cred *cred,  in path_has_perm()  argument
1721 	return inode_has_perm(cred, inode, av, &ad);  in path_has_perm()
1725 static inline int file_path_has_perm(const struct cred *cred,  in file_path_has_perm()  argument
1733 	return inode_has_perm(cred, file_inode(file), av, &ad);  in file_path_has_perm()
1748 static int file_has_perm(const struct cred *cred,  in file_has_perm()  argument
1755 	u32 sid = cred_sid(cred);  in file_has_perm()
1772 	rc = bpf_fd_pass(file, cred_sid(cred));  in file_has_perm()
1780 		rc = inode_has_perm(cred, inode, av, &ad);  in file_has_perm()
1967 static int superblock_has_perm(const struct cred *cred,  in superblock_has_perm()  argument
1973 	u32 sid = cred_sid(cred);  in superblock_has_perm()
2159 static int selinux_capset(struct cred *new, const struct cred *old,  in selinux_capset()
2179 static int selinux_capable(const struct cred *cred, struct user_namespace *ns,  in selinux_capable()  argument
2182 	return cred_has_capability(cred, cap, opts, ns == &init_user_ns);  in selinux_capable()
2187 	const struct cred *cred = current_cred();  in selinux_quotactl()  local
2199 		rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);  in selinux_quotactl()
2204 		rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);  in selinux_quotactl()
2215 	const struct cred *cred = current_cred();  in selinux_quota_on()  local
2217 	return dentry_has_perm(cred, dentry, FILE__QUOTAON);  in selinux_quota_on()
2348 	new_tsec = selinux_cred(bprm->cred);  in selinux_bprm_set_creds()
2455 static inline void flush_unauthorized_files(const struct cred *cred,  in flush_unauthorized_files()  argument
2477 			if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))  in flush_unauthorized_files()
2488 	n = iterate_fd(files, 0, match_file, cred);  in flush_unauthorized_files()
2492 	devnull = dentry_open(&selinux_null, O_RDWR, cred);  in flush_unauthorized_files()
2498 	} while ((n = iterate_fd(files, n, match_file, cred)) != 0);  in flush_unauthorized_files()
2512 	new_tsec = selinux_cred(bprm->cred);  in selinux_bprm_committing_creds()
2517 	flush_unauthorized_files(bprm->cred, current->files);  in selinux_bprm_committing_creds()
2740 	const struct cred *cred = current_cred();  in selinux_sb_kern_mount()  local
2745 	return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);  in selinux_sb_kern_mount()
2750 	const struct cred *cred = current_cred();  in selinux_sb_statfs()  local
2755 	return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);  in selinux_sb_statfs()
2764 	const struct cred *cred = current_cred();  in selinux_mount()  local
2767 		return superblock_has_perm(cred, path->dentry->d_sb,  in selinux_mount()
2770 		return path_has_perm(cred, path, FILE__MOUNTON);  in selinux_mount()
2775 	const struct cred *cred = current_cred();  in selinux_umount()  local
2777 	return superblock_has_perm(cred, mnt->mnt_sb,  in selinux_umount()
2883 					  const struct cred *old,  in selinux_dentry_create_files_as()
2884 					  struct cred *new)  in selinux_dentry_create_files_as()
2993 	const struct cred *cred = current_cred();  in selinux_inode_readlink()  local
2995 	return dentry_has_perm(cred, dentry, FILE__READ);  in selinux_inode_readlink()
3001 	const struct cred *cred = current_cred();  in selinux_inode_follow_link()  local
3006 	validate_creds(cred);  in selinux_inode_follow_link()
3010 	sid = cred_sid(cred);  in selinux_inode_follow_link()
3041 	const struct cred *cred = current_cred();  in selinux_inode_permission()  local
3058 	validate_creds(cred);  in selinux_inode_permission()
3065 	sid = cred_sid(cred);  in selinux_inode_permission()
3088 	const struct cred *cred = current_cred();  in selinux_inode_setattr()  local
3103 		return dentry_has_perm(cred, dentry, FILE__SETATTR);  in selinux_inode_setattr()
3111 	return dentry_has_perm(cred, dentry, av);  in selinux_inode_setattr()
3121 	const struct cred *cred = current_cred();  in has_cap_mac_admin()  local
3124 	if (cap_capable(cred, &init_user_ns, CAP_MAC_ADMIN, opts))  in has_cap_mac_admin()
3126 	if (cred_has_capability(cred, CAP_MAC_ADMIN, opts, true))  in has_cap_mac_admin()
3255 	const struct cred *cred = current_cred();  in selinux_inode_getxattr()  local
3257 	return dentry_has_perm(cred, dentry, FILE__GETATTR);  in selinux_inode_getxattr()
3262 	const struct cred *cred = current_cred();  in selinux_inode_listxattr()  local
3264 	return dentry_has_perm(cred, dentry, FILE__GETATTR);  in selinux_inode_listxattr()
3416 static int selinux_inode_copy_up(struct dentry *src, struct cred **new)  in selinux_inode_copy_up()
3420 	struct cred *new_creds = *new;  in selinux_inode_copy_up()
3516 	const struct cred *cred = current_cred();  in selinux_revalidate_file_permission()  local
3523 	return file_has_perm(cred, file,  in selinux_revalidate_file_permission()
3556 static int ioctl_has_perm(const struct cred *cred, struct file *file,  in ioctl_has_perm()  argument
3564 	u32 ssid = cred_sid(cred);  in ioctl_has_perm()
3598 	const struct cred *cred = current_cred();  in selinux_file_ioctl()  local
3611 		error = file_has_perm(cred, file, FILE__GETATTR);  in selinux_file_ioctl()
3617 		error = file_has_perm(cred, file, FILE__SETATTR);  in selinux_file_ioctl()
3624 		error = file_has_perm(cred, file, 0);  in selinux_file_ioctl()
3629 		error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,  in selinux_file_ioctl()
3637 		error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);  in selinux_file_ioctl()
3646 	const struct cred *cred = current_cred();  in file_map_prot_check()  local
3647 	u32 sid = cred_sid(cred);  in file_map_prot_check()
3676 		return file_has_perm(cred, file, av);  in file_map_prot_check()
3723 	const struct cred *cred = current_cred();  in selinux_file_mprotect()  local
3724 	u32 sid = cred_sid(cred);  in selinux_file_mprotect()
3752 			rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);  in selinux_file_mprotect()
3763 	const struct cred *cred = current_cred();  in selinux_file_lock()  local
3765 	return file_has_perm(cred, file, FILE__LOCK);  in selinux_file_lock()
3771 	const struct cred *cred = current_cred();  in selinux_file_fcntl()  local
3777 			err = file_has_perm(cred, file, FILE__WRITE);  in selinux_file_fcntl()
3788 		err = file_has_perm(cred, file, 0);  in selinux_file_fcntl()
3801 		err = file_has_perm(cred, file, FILE__LOCK);  in selinux_file_fcntl()
3841 	const struct cred *cred = current_cred();  in selinux_file_receive()  local
3843 	return file_has_perm(cred, file, file_to_av(file));  in selinux_file_receive()
3887 static int selinux_cred_prepare(struct cred *new, const struct cred *old,  in selinux_cred_prepare()
3900 static void selinux_cred_transfer(struct cred *new, const struct cred *old)  in selinux_cred_transfer()
3908 static void selinux_cred_getsecid(const struct cred *c, u32 *secid)  in selinux_cred_getsecid()
3917 static int selinux_kernel_act_as(struct cred *new, u32 secid)  in selinux_kernel_act_as()
3941 static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)  in selinux_kernel_create_files_as()
4081 static int selinux_task_prlimit(const struct cred *cred, const struct cred *tcred,  in selinux_task_prlimit()  argument
4093 			    cred_sid(cred), cred_sid(tcred),  in selinux_task_prlimit()
4136 				int sig, const struct cred *cred)  in selinux_task_kill()  argument
4145 	if (!cred)  in selinux_task_kill()
4148 		secid = cred_sid(cred);  in selinux_task_kill()
6319 	struct cred *new;  in selinux_setprocattr()
6521 static int selinux_key_alloc(struct key *k, const struct cred *cred,  in selinux_key_alloc()  argument
6531 	tsec = selinux_cred(cred);  in selinux_key_alloc()
6550 				  const struct cred *cred,  in selinux_key_permission()  argument
6563 	sid = cred_sid(cred);  in selinux_key_permission()