357 static int file_alloc_security(struct file *file)  in file_alloc_security()  argument
359 	struct file_security_struct *fsec = selinux_file(file);  in file_alloc_security()
1726 				     struct file *file,  in file_path_has_perm()  argument
1732 	ad.u.file = file;  in file_path_has_perm()
1733 	return inode_has_perm(cred, file_inode(file), av, &ad);  in file_path_has_perm()
1737 static int bpf_fd_pass(struct file *file, u32 sid);
1749 			 struct file *file,  in file_has_perm()  argument
1752 	struct file_security_struct *fsec = selinux_file(file);  in file_has_perm()
1753 	struct inode *inode = file_inode(file);  in file_has_perm()
1759 	ad.u.file = file;  in file_has_perm()
1772 	rc = bpf_fd_pass(file, cred_sid(cred));  in file_has_perm()
2009 static inline u32 file_to_av(struct file *file)  in file_to_av()  argument
2013 	if (file->f_mode & FMODE_READ)  in file_to_av()
2015 	if (file->f_mode & FMODE_WRITE) {  in file_to_av()
2016 		if (file->f_flags & O_APPEND)  in file_to_av()
2035 static inline u32 open_file_to_av(struct file *file)  in open_file_to_av()  argument
2037 	u32 av = file_to_av(file);  in open_file_to_av()
2038 	struct inode *inode = file_inode(file);  in open_file_to_av()
2093 					struct file *file)  in selinux_binder_transfer_file()  argument
2096 	struct file_security_struct *fsec = selinux_file(file);  in selinux_binder_transfer_file()
2097 	struct dentry *dentry = file->f_path.dentry;  in selinux_binder_transfer_file()
2103 	ad.u.path = file->f_path;  in selinux_binder_transfer_file()
2116 	rc = bpf_fd_pass(file, sid);  in selinux_binder_transfer_file()
2126 			    sid, isec->sid, isec->sclass, file_to_av(file),  in selinux_binder_transfer_file()
2284 	int nosuid = !mnt_may_suid(bprm->file->f_path.mnt);  in check_nnp_nosuid()
2339 	struct inode *inode = file_inode(bprm->file);  in selinux_bprm_set_creds()
2387 	ad.u.file = bprm->file;  in selinux_bprm_set_creds()
2449 static int match_file(const void *p, struct file *file, unsigned fd)  in match_file()  argument
2451 	return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0;  in match_file()
2458 	struct file *file, *devnull = NULL;  in flush_unauthorized_files()  local
2476 			file = file_priv->file;  in flush_unauthorized_files()
2477 			if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))  in flush_unauthorized_files()
3514 static int selinux_revalidate_file_permission(struct file *file, int mask)  in selinux_revalidate_file_permission()  argument
3517 	struct inode *inode = file_inode(file);  in selinux_revalidate_file_permission()
3520 	if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))  in selinux_revalidate_file_permission()
3523 	return file_has_perm(cred, file,  in selinux_revalidate_file_permission()
3527 static int selinux_file_permission(struct file *file, int mask)  in selinux_file_permission()  argument
3529 	struct inode *inode = file_inode(file);  in selinux_file_permission()
3530 	struct file_security_struct *fsec = selinux_file(file);  in selinux_file_permission()
3544 	return selinux_revalidate_file_permission(file, mask);  in selinux_file_permission()
3547 static int selinux_file_alloc_security(struct file *file)  in selinux_file_alloc_security()  argument
3549 	return file_alloc_security(file);  in selinux_file_alloc_security()
3556 static int ioctl_has_perm(const struct cred *cred, struct file *file,  in ioctl_has_perm()  argument
3560 	struct file_security_struct *fsec = selinux_file(file);  in ioctl_has_perm()
3561 	struct inode *inode = file_inode(file);  in ioctl_has_perm()
3572 	ad.u.op->path = file->f_path;  in ioctl_has_perm()
3595 static int selinux_file_ioctl(struct file *file, unsigned int cmd,  in selinux_file_ioctl()  argument
3611 		error = file_has_perm(cred, file, FILE__GETATTR);  in selinux_file_ioctl()
3617 		error = file_has_perm(cred, file, FILE__SETATTR);  in selinux_file_ioctl()
3624 		error = file_has_perm(cred, file, 0);  in selinux_file_ioctl()
3637 		error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);  in selinux_file_ioctl()
3644 static int file_map_prot_check(struct file *file, unsigned long prot, int shared)  in file_map_prot_check()  argument
3651 	    (prot & PROT_EXEC) && (!file || IS_PRIVATE(file_inode(file)) ||  in file_map_prot_check()
3665 	if (file) {  in file_map_prot_check()
3676 		return file_has_perm(cred, file, av);  in file_map_prot_check()
3697 static int selinux_mmap_file(struct file *file, unsigned long reqprot,  in selinux_mmap_file()  argument
3703 	if (file) {  in selinux_mmap_file()
3705 		ad.u.file = file;  in selinux_mmap_file()
3706 		rc = inode_has_perm(current_cred(), file_inode(file),  in selinux_mmap_file()
3715 	return file_map_prot_check(file, prot,  in selinux_mmap_file()
3761 static int selinux_file_lock(struct file *file, unsigned int cmd)  in selinux_file_lock()  argument
3765 	return file_has_perm(cred, file, FILE__LOCK);  in selinux_file_lock()
3768 static int selinux_file_fcntl(struct file *file, unsigned int cmd,  in selinux_file_fcntl()  argument
3776 		if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {  in selinux_file_fcntl()
3777 			err = file_has_perm(cred, file, FILE__WRITE);  in selinux_file_fcntl()
3788 		err = file_has_perm(cred, file, 0);  in selinux_file_fcntl()
3801 		err = file_has_perm(cred, file, FILE__LOCK);  in selinux_file_fcntl()
3808 static void selinux_file_set_fowner(struct file *file)  in selinux_file_set_fowner()  argument
3812 	fsec = selinux_file(file);  in selinux_file_set_fowner()
3819 	struct file *file;  in selinux_file_send_sigiotask()  local
3825 	file = container_of(fown, struct file, f_owner);  in selinux_file_send_sigiotask()
3827 	fsec = selinux_file(file);  in selinux_file_send_sigiotask()
3839 static int selinux_file_receive(struct file *file)  in selinux_file_receive()  argument
3843 	return file_has_perm(cred, file, file_to_av(file));  in selinux_file_receive()
3846 static int selinux_file_open(struct file *file)  in selinux_file_open()  argument
3851 	fsec = selinux_file(file);  in selinux_file_open()
3852 	isec = inode_security(file_inode(file));  in selinux_file_open()
3870 	return file_path_has_perm(file->f_cred, file, open_file_to_av(file));  in selinux_file_open()
3971 static int selinux_kernel_module_from_file(struct file *file)  in selinux_kernel_module_from_file()  argument
3980 	if (file == NULL)  in selinux_kernel_module_from_file()
3988 	ad.u.file = file;  in selinux_kernel_module_from_file()
3990 	fsec = selinux_file(file);  in selinux_kernel_module_from_file()
3998 	isec = inode_security(file_inode(file));  in selinux_kernel_module_from_file()
4004 static int selinux_kernel_read_file(struct file *file,  in selinux_kernel_read_file()  argument
4011 		rc = selinux_kernel_module_from_file(file);  in selinux_kernel_read_file()
6700 static int bpf_fd_pass(struct file *file, u32 sid)  in bpf_fd_pass()  argument
6707 	if (file->f_op == &bpf_map_fops) {  in bpf_fd_pass()
6708 		map = file->private_data;  in bpf_fd_pass()
6712 				   bpf_map_fmode_to_av(file->f_mode), NULL);  in bpf_fd_pass()
6715 	} else if (file->f_op == &bpf_prog_fops) {  in bpf_fd_pass()
6716 		prog = file->private_data;  in bpf_fd_pass()