Lines Matching full:sid
220 tsec->osid = tsec->sid = SECINITSID_KERNEL; in cred_init_security()
231 return tsec->sid; in cred_sid()
239 u32 sid; in task_sid() local
242 sid = cred_sid(__task_cred(task)); in task_sid()
244 return sid; in task_sid()
411 static int may_context_mount_sb_relabel(u32 sid, in may_context_mount_sb_relabel() argument
419 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_sb_relabel()
425 tsec->sid, sid, SECCLASS_FILESYSTEM, in may_context_mount_sb_relabel()
430 static int may_context_mount_inode_relabel(u32 sid, in may_context_mount_inode_relabel() argument
437 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_inode_relabel()
443 sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_inode_relabel()
583 static int parse_sid(struct super_block *sb, const char *s, u32 *sid) in parse_sid() argument
586 sid, GFP_KERNEL); in parse_sid()
660 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, in selinux_set_mnt_opts()
678 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, in selinux_set_mnt_opts()
763 sbsec->sid = fscontext_sid; in selinux_set_mnt_opts()
782 sbsec->sid = context_sid; in selinux_set_mnt_opts()
802 root_isec->sid = rootcontext_sid; in selinux_set_mnt_opts()
848 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid) in selinux_cmp_sb_context()
857 if (oldroot->sid != newroot->sid) in selinux_cmp_sb_context()
909 newsbsec->sid = oldsbsec->sid; in selinux_sb_clone_mnt_opts()
926 u32 sid = oldsbsec->mntpoint_sid; in selinux_sb_clone_mnt_opts() local
929 newsbsec->sid = sid; in selinux_sb_clone_mnt_opts()
932 newisec->sid = sid; in selinux_sb_clone_mnt_opts()
934 newsbsec->mntpoint_sid = sid; in selinux_sb_clone_mnt_opts()
940 newisec->sid = oldisec->sid; in selinux_sb_clone_mnt_opts()
1038 static int show_sid(struct seq_file *m, u32 sid) in show_sid() argument
1044 rc = security_sid_to_context(&selinux_state, sid, in show_sid()
1074 rc = show_sid(m, sbsec->sid); in selinux_sb_show_options()
1097 rc = show_sid(m, isec->sid); in selinux_sb_show_options()
1296 u32 *sid) in selinux_genfs_get_sid() argument
1320 path, tclass, sid); in selinux_genfs_get_sid()
1323 *sid = SECINITSID_UNLABELED; in selinux_genfs_get_sid()
1332 u32 def_sid, u32 *sid) in inode_doinit_use_xattr() argument
1370 *sid = def_sid; in inode_doinit_use_xattr()
1374 rc = security_context_to_sid_default(&selinux_state, context, rc, sid, in inode_doinit_use_xattr()
1397 u32 task_sid, sid = 0; in inode_doinit_with_dentry() local
1426 sid = isec->sid; in inode_doinit_with_dentry()
1435 sid = sbsec->def_sid; in inode_doinit_with_dentry()
1468 &sid); in inode_doinit_with_dentry()
1474 sid = task_sid; in inode_doinit_with_dentry()
1477 /* Default to the fs SID. */ in inode_doinit_with_dentry()
1478 sid = sbsec->sid; in inode_doinit_with_dentry()
1480 /* Try to obtain a transition SID. */ in inode_doinit_with_dentry()
1481 rc = security_transition_sid(&selinux_state, task_sid, sid, in inode_doinit_with_dentry()
1482 sclass, NULL, &sid); in inode_doinit_with_dentry()
1487 sid = sbsec->mntpoint_sid; in inode_doinit_with_dentry()
1490 /* Default to the fs superblock SID. */ in inode_doinit_with_dentry()
1491 sid = sbsec->sid; in inode_doinit_with_dentry()
1523 sbsec->flags, &sid); in inode_doinit_with_dentry()
1532 sid, &sid); in inode_doinit_with_dentry()
1551 isec->sid = sid; in inode_doinit_with_dentry()
1562 isec->sid = sid; in inode_doinit_with_dentry()
1606 u32 sid = cred_sid(cred); in cred_has_capability() local
1627 sid, sid, sclass, av, 0, &avd); in cred_has_capability()
1630 sid, sid, sclass, av, &avd, rc, &ad, 0); in cred_has_capability()
1646 u32 sid; in inode_has_perm() local
1653 sid = cred_sid(cred); in inode_has_perm()
1657 sid, isec->sid, isec->sclass, perms, adp); in inode_has_perm()
1705 static int bpf_fd_pass(struct file *file, u32 sid);
1713 has the same SID as the process. If av is zero, then
1723 u32 sid = cred_sid(cred); in file_has_perm() local
1729 if (sid != fsec->sid) { in file_has_perm()
1731 sid, fsec->sid, in file_has_perm()
1773 return security_transition_sid(&selinux_state, tsec->sid, in selinux_determine_inode_label()
1774 dsec->sid, tclass, in selinux_determine_inode_label()
1789 u32 sid, newsid; in may_create() local
1796 sid = tsec->sid; in may_create()
1802 sid, dsec->sid, SECCLASS_DIR, in may_create()
1814 sid, newsid, tclass, FILE__CREATE, &ad); in may_create()
1819 newsid, sbsec->sid, in may_create()
1836 u32 sid = current_sid(); in may_link() local
1849 sid, dsec->sid, SECCLASS_DIR, av, &ad); in may_link()
1870 sid, isec->sid, isec->sclass, av, &ad); in may_link()
1881 u32 sid = current_sid(); in may_rename() local
1895 sid, old_dsec->sid, SECCLASS_DIR, in may_rename()
1900 sid, old_isec->sid, in may_rename()
1906 sid, old_isec->sid, in may_rename()
1917 sid, new_dsec->sid, SECCLASS_DIR, av, &ad); in may_rename()
1924 sid, new_isec->sid, in may_rename()
1941 u32 sid = cred_sid(cred); in superblock_has_perm() local
1945 sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad); in superblock_has_perm()
2057 u32 sid = cred_sid(to); in selinux_binder_transfer_file() local
2067 if (sid != fsec->sid) { in selinux_binder_transfer_file()
2069 sid, fsec->sid, in selinux_binder_transfer_file()
2078 rc = bpf_fd_pass(file, sid); in selinux_binder_transfer_file()
2088 sid, isec->sid, isec->sclass, file_to_av(file), in selinux_binder_transfer_file()
2095 u32 sid = current_sid(); in selinux_ptrace_access_check() local
2100 sid, csid, SECCLASS_FILE, FILE__READ, NULL); in selinux_ptrace_access_check()
2103 sid, csid, SECCLASS_PROCESS, PROCESS__PTRACE, NULL); in selinux_ptrace_access_check()
2236 u32 sid = 0; in ptrace_parent_sid() local
2242 sid = task_sid(tracer); in ptrace_parent_sid()
2245 return sid; in ptrace_parent_sid()
2260 if (new_tsec->sid == old_tsec->sid) in check_nnp_nosuid()
2276 old_tsec->sid, new_tsec->sid, in check_nnp_nosuid()
2285 * of the permissions of the current SID. in check_nnp_nosuid()
2287 rc = security_bounded_transition(&selinux_state, old_tsec->sid, in check_nnp_nosuid()
2288 new_tsec->sid); in check_nnp_nosuid()
2318 /* Default to the current task SID. */ in selinux_bprm_creds_for_exec()
2319 new_tsec->sid = old_tsec->sid; in selinux_bprm_creds_for_exec()
2320 new_tsec->osid = old_tsec->sid; in selinux_bprm_creds_for_exec()
2328 new_tsec->sid = old_tsec->exec_sid; in selinux_bprm_creds_for_exec()
2329 /* Reset exec SID on execve. */ in selinux_bprm_creds_for_exec()
2338 rc = security_transition_sid(&selinux_state, old_tsec->sid, in selinux_bprm_creds_for_exec()
2339 isec->sid, SECCLASS_PROCESS, NULL, in selinux_bprm_creds_for_exec()
2340 &new_tsec->sid); in selinux_bprm_creds_for_exec()
2345 * Fallback to old SID on NNP or nosuid if not an allowed in selinux_bprm_creds_for_exec()
2350 new_tsec->sid = old_tsec->sid; in selinux_bprm_creds_for_exec()
2356 if (new_tsec->sid == old_tsec->sid) { in selinux_bprm_creds_for_exec()
2358 old_tsec->sid, isec->sid, in selinux_bprm_creds_for_exec()
2365 old_tsec->sid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2371 new_tsec->sid, isec->sid, in selinux_bprm_creds_for_exec()
2379 old_tsec->sid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2387 * changes its SID has the appropriate permit */ in selinux_bprm_creds_for_exec()
2392 ptsid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2407 old_tsec->sid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2480 if (new_tsec->sid == new_tsec->osid) in selinux_bprm_committing_creds()
2483 /* Close files for which the new task SID is not authorized. */ in selinux_bprm_committing_creds()
2486 /* Always clear parent death signal on SID transitions. */ in selinux_bprm_committing_creds()
2489 /* Check whether the new SID can inherit resource limits from the old in selinux_bprm_committing_creds()
2490 * SID. If not, reset all soft limits to the lower of the current in selinux_bprm_committing_creds()
2500 new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, in selinux_bprm_committing_creds()
2523 u32 osid, sid; in selinux_bprm_committed_creds() local
2527 sid = tsec->sid; in selinux_bprm_committed_creds()
2529 if (sid == osid) in selinux_bprm_committed_creds()
2532 /* Check whether the new SID can inherit signal state from the old SID. in selinux_bprm_committed_creds()
2536 * This must occur _after_ the task SID has been updated so that any in selinux_bprm_committed_creds()
2537 * kill done after the flush will be checked against the new SID. in selinux_bprm_committed_creds()
2540 osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL); in selinux_bprm_committed_creds()
2556 * wait permission to the new task SID. */ in selinux_bprm_committed_creds()
2576 sbsec->sid = SECINITSID_UNLABELED; in selinux_sb_alloc_security()
2668 u32 sid; in selinux_sb_remount() local
2678 rc = parse_sid(sb, opts->fscontext, &sid); in selinux_sb_remount()
2681 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid)) in selinux_sb_remount()
2685 rc = parse_sid(sb, opts->context, &sid); in selinux_sb_remount()
2688 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid)) in selinux_sb_remount()
2694 rc = parse_sid(sb, opts->rootcontext, &sid); in selinux_sb_remount()
2697 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid)) in selinux_sb_remount()
2701 rc = parse_sid(sb, opts->defcontext, &sid); in selinux_sb_remount()
2704 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid)) in selinux_sb_remount()
2836 u32 sid = current_sid(); in selinux_inode_alloc_security() local
2841 isec->sid = SECINITSID_UNLABELED; in selinux_inode_alloc_security()
2843 isec->task_sid = sid; in selinux_inode_alloc_security()
2918 isec->sid = newsid; in selinux_inode_init_security()
2995 u32 sid; in selinux_inode_follow_link() local
3001 sid = cred_sid(cred); in selinux_inode_follow_link()
3007 sid, isec->sid, isec->sclass, FILE__READ, &ad, in selinux_inode_follow_link()
3023 current_sid(), isec->sid, isec->sclass, perms, in audit_inode_permission()
3037 u32 sid; in selinux_inode_permission() local
3056 sid = cred_sid(cred); in selinux_inode_permission()
3062 sid, isec->sid, isec->sclass, perms, in selinux_inode_permission()
3133 u32 newsid, sid = current_sid(); in selinux_inode_setxattr() local
3161 sid, isec->sid, isec->sclass, in selinux_inode_setxattr()
3200 sid, newsid, isec->sclass, in selinux_inode_setxattr()
3205 rc = security_validate_transition(&selinux_state, isec->sid, newsid, in selinux_inode_setxattr()
3206 sid, isec->sclass); in selinux_inode_setxattr()
3212 sbsec->sid, in selinux_inode_setxattr()
3244 pr_err("SELinux: unable to map context to SID" in selinux_inode_post_setxattr()
3253 isec->sid = newsid; in selinux_inode_post_setxattr()
3370 isec->sid, &context, in selinux_inode_getsecurity()
3373 error = security_sid_to_context(&selinux_state, isec->sid, in selinux_inode_getsecurity()
3411 isec->sid = newsid; in selinux_inode_setsecurity()
3432 *secid = isec->sid; in selinux_inode_getsecid()
3437 u32 sid; in selinux_inode_copy_up() local
3449 selinux_inode_getsecid(d_inode(src), &sid); in selinux_inode_copy_up()
3450 tsec->create_sid = sid; in selinux_inode_copy_up()
3512 rc = security_transition_sid(&selinux_state, tsec->sid, in selinux_kernfs_init_security()
3551 u32 sid = current_sid(); in selinux_file_permission() local
3558 if (sid == fsec->sid && fsec->isid == isec->sid && in selinux_file_permission()
3569 u32 sid = current_sid(); in selinux_file_alloc_security() local
3571 fsec->sid = sid; in selinux_file_alloc_security()
3572 fsec->fown_sid = sid; in selinux_file_alloc_security()
3599 if (ssid != fsec->sid) { in ioctl_has_perm()
3601 ssid, fsec->sid, in ioctl_has_perm()
3614 ssid, isec->sid, isec->sclass, in ioctl_has_perm()
3672 u32 sid = cred_sid(cred); in file_map_prot_check() local
3684 sid, sid, SECCLASS_PROCESS, in file_map_prot_check()
3713 u32 sid = current_sid(); in selinux_mmap_addr() local
3715 sid, sid, SECCLASS_MEMPROTECT, in selinux_mmap_addr()
3749 u32 sid = cred_sid(cred); in selinux_file_mprotect() local
3760 sid, sid, SECCLASS_PROCESS, in selinux_file_mprotect()
3767 sid, sid, SECCLASS_PROCESS, in selinux_file_mprotect()
3845 u32 sid = task_sid(tsk); in selinux_file_send_sigiotask() local
3860 fsec->fown_sid, sid, in selinux_file_send_sigiotask()
3883 * struct as its SID. in selinux_file_open()
3885 fsec->isid = isec->sid; in selinux_file_open()
3903 u32 sid = current_sid(); in selinux_task_alloc() local
3906 sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL); in selinux_task_alloc()
3945 u32 sid = current_sid(); in selinux_kernel_act_as() local
3949 sid, secid, in selinux_kernel_act_as()
3954 tsec->sid = secid; in selinux_kernel_act_as()
3970 u32 sid = current_sid(); in selinux_kernel_create_files_as() local
3974 sid, isec->sid, in selinux_kernel_create_files_as()
3980 tsec->create_sid = isec->sid; in selinux_kernel_create_files_as()
4001 u32 sid = current_sid(); in selinux_kernel_module_from_file() local
4007 sid, sid, SECCLASS_SYSTEM, in selinux_kernel_module_from_file()
4016 if (sid != fsec->sid) { in selinux_kernel_module_from_file()
4018 sid, fsec->sid, SECCLASS_FD, FD__USE, &ad); in selinux_kernel_module_from_file()
4025 sid, isec->sid, SECCLASS_SYSTEM, in selinux_kernel_module_from_file()
4183 u32 sid = task_sid(p); in selinux_task_to_inode() local
4187 isec->sid = sid; in selinux_task_to_inode()
4422 * @sid: the packet's peer label SID
4426 * the peer label/SID for the packet; most of the magic actually occurs in
4428 * returns zero if the value in @sid is valid (although it may be SECSID_NULL)
4429 * or -EACCES if @sid is invalid due to inconsistencies with the different
4433 static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid) in selinux_skb_peerlbl_sid() argument
4448 nlbl_type, xfrm_sid, sid); in selinux_skb_peerlbl_sid()
4461 * @sk_sid: the parent socket's SID
4462 * @skb_sid: the packet's SID
4463 * @conn_sid: the resulting connection SID
4494 return security_transition_sid(&selinux_state, tsec->sid, tsec->sid, in socket_sockcreate_sid()
4504 if (sksec->sid == SECINITSID_KERNEL) in sock_has_perm()
4512 current_sid(), sksec->sid, sksec->sclass, perms, in sock_has_perm()
4533 tsec->sid, newsid, secclass, SOCKET__CREATE, NULL); in selinux_socket_create()
4543 u32 sid = SECINITSID_KERNEL; in selinux_socket_post_create() local
4547 err = socket_sockcreate_sid(tsec, sclass, &sid); in selinux_socket_post_create()
4553 isec->sid = sid; in selinux_socket_post_create()
4559 sksec->sid = sid; in selinux_socket_post_create()
4576 sksec_a->peer_sid = sksec_b->sid; in selinux_socket_socketpair()
4577 sksec_b->peer_sid = sksec_a->sid; in selinux_socket_socketpair()
4607 u32 sid, node_perm; in selinux_socket_bind() local
4666 snum, &sid); in selinux_socket_bind()
4670 sksec->sid, sid, in selinux_socket_bind()
4700 err = sel_netnode_sid(addrp, family_sa, &sid); in selinux_socket_bind()
4710 sksec->sid, sid, in selinux_socket_bind()
4758 u32 sid, perm; in selinux_socket_connect_helper() local
4788 err = sel_netport_sid(sk->sk_protocol, snum, &sid); in selinux_socket_connect_helper()
4809 sksec->sid, sid, sksec->sclass, perm, &ad); in selinux_socket_connect_helper()
4842 u32 sid; in selinux_socket_accept() local
4851 sid = isec->sid; in selinux_socket_accept()
4856 newisec->sid = sid; in selinux_socket_accept()
4922 sksec_sock->sid, sksec_other->sid, in selinux_socket_unix_stream_connect()
4929 sksec_new->peer_sid = sksec_sock->sid; in selinux_socket_unix_stream_connect()
4930 err = security_sid_mls_copy(&selinux_state, sksec_other->sid, in selinux_socket_unix_stream_connect()
4931 sksec_sock->sid, &sksec_new->sid); in selinux_socket_unix_stream_connect()
4936 sksec_sock->peer_sid = sksec_new->sid; in selinux_socket_unix_stream_connect()
4954 ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO, in selinux_socket_unix_may_send()
4988 u32 sk_sid = sksec->sid; in selinux_sock_rcv_skb_compat()
5012 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad); in selinux_sock_rcv_skb_compat()
5022 u32 sk_sid = sksec->sid; in selinux_socket_sock_rcv_skb()
5141 peer_secid = isec->sid; in selinux_socket_getpeersec_dgram()
5161 sksec->sid = SECINITSID_UNLABELED; in selinux_sk_alloc_security()
5183 newsksec->sid = sksec->sid; in selinux_sk_clone_security()
5197 *secid = sksec->sid; in selinux_sk_getsecid()
5209 isec->sid = sksec->sid; in selinux_sock_graft()
5249 /* Here as first association on socket. As the peer SID in selinux_sctp_assoc_request()
5252 * peer SID for getpeercon(3). in selinux_sctp_assoc_request()
5275 err = selinux_conn_sid(sksec->sid, peer_sid, &conn_sid); in selinux_sctp_assoc_request()
5380 newsksec->sid = ep->secid; in selinux_sctp_sk_clone()
5398 err = selinux_conn_sid(sksec->sid, peersid, &connsid); in selinux_inet_conn_request()
5412 newsksec->sid = req->secid; in selinux_inet_csk_clone()
5414 /* NOTE: Ideally, we should also get the isec->sid for the in selinux_inet_csk_clone()
5436 static int selinux_secmark_relabel_packet(u32 sid) in selinux_secmark_relabel_packet() argument
5442 tsid = __tsec->sid; in selinux_secmark_relabel_packet()
5445 tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, in selinux_secmark_relabel_packet()
5472 tunsec->sid = current_sid(); in selinux_tun_dev_alloc_security()
5485 u32 sid = current_sid(); in selinux_tun_dev_create() local
5487 /* we aren't taking into account the "sockcreate" SID since the socket in selinux_tun_dev_create()
5495 sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE, in selinux_tun_dev_create()
5504 current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_attach_queue()
5520 sksec->sid = tunsec->sid; in selinux_tun_dev_attach()
5529 u32 sid = current_sid(); in selinux_tun_dev_open() local
5533 sid, tunsec->sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_open()
5538 sid, sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_open()
5542 tunsec->sid = sid; in selinux_tun_dev_open()
5627 u32 sid; in selinux_ip_output() local
5656 sid = sksec->sid; in selinux_ip_output()
5658 sid = SECINITSID_KERNEL; in selinux_ip_output()
5659 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0) in selinux_ip_output()
5705 sksec->sid, skb->secmark, in selinux_ip_postroute_compat()
5709 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto)) in selinux_ip_postroute_compat()
5809 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid)) in selinux_ip_postroute()
5816 peer_sid = sksec->sid; in selinux_ip_postroute()
5934 isec->sid = current_sid(); in ipc_init_security()
5942 u32 sid = current_sid(); in ipc_has_perm() local
5950 sid, isec->sid, isec->sclass, perms, &ad); in ipc_has_perm()
5958 msec->sid = SECINITSID_UNLABELED; in selinux_msg_msg_alloc_security()
5968 u32 sid = current_sid(); in selinux_msg_queue_alloc_security() local
5978 sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_alloc_security()
5987 u32 sid = current_sid(); in selinux_msg_queue_associate() local
5995 sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_associate()
6035 u32 sid = current_sid(); in selinux_msg_queue_msgsnd() local
6044 if (msec->sid == SECINITSID_UNLABELED) { in selinux_msg_queue_msgsnd()
6046 * Compute new sid based on current process and in selinux_msg_queue_msgsnd()
6049 rc = security_transition_sid(&selinux_state, sid, isec->sid, in selinux_msg_queue_msgsnd()
6050 SECCLASS_MSG, NULL, &msec->sid); in selinux_msg_queue_msgsnd()
6060 sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_msgsnd()
6065 sid, msec->sid, SECCLASS_MSG, in selinux_msg_queue_msgsnd()
6070 msec->sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_msgsnd()
6083 u32 sid = task_sid(target); in selinux_msg_queue_msgrcv() local
6093 sid, isec->sid, in selinux_msg_queue_msgrcv()
6097 sid, msec->sid, in selinux_msg_queue_msgrcv()
6107 u32 sid = current_sid(); in selinux_shm_alloc_security() local
6117 sid, isec->sid, SECCLASS_SHM, in selinux_shm_alloc_security()
6126 u32 sid = current_sid(); in selinux_shm_associate() local
6134 sid, isec->sid, SECCLASS_SHM, in selinux_shm_associate()
6192 u32 sid = current_sid(); in selinux_sem_alloc_security() local
6202 sid, isec->sid, SECCLASS_SEM, in selinux_sem_alloc_security()
6211 u32 sid = current_sid(); in selinux_sem_associate() local
6219 sid, isec->sid, SECCLASS_SEM, in selinux_sem_associate()
6300 *secid = isec->sid; in selinux_ipc_getsecid()
6313 u32 sid; in selinux_getprocattr() local
6322 current_sid(), __tsec->sid, in selinux_getprocattr()
6329 sid = __tsec->sid; in selinux_getprocattr()
6331 sid = __tsec->osid; in selinux_getprocattr()
6333 sid = __tsec->exec_sid; in selinux_getprocattr()
6335 sid = __tsec->create_sid; in selinux_getprocattr()
6337 sid = __tsec->keycreate_sid; in selinux_getprocattr()
6339 sid = __tsec->sockcreate_sid; in selinux_getprocattr()
6346 if (!sid) in selinux_getprocattr()
6349 error = security_sid_to_context(&selinux_state, sid, value, &len); in selinux_getprocattr()
6363 u32 mysid = current_sid(), sid = 0, ptsid; in selinux_setprocattr() local
6395 /* Obtain a SID for the context, if one was specified. */ in selinux_setprocattr()
6402 &sid, GFP_KERNEL); in selinux_setprocattr()
6425 value, size, &sid); in selinux_setprocattr()
6443 tsec->exec_sid = sid; in selinux_setprocattr()
6445 tsec->create_sid = sid; in selinux_setprocattr()
6447 if (sid) { in selinux_setprocattr()
6448 error = avc_has_perm(&selinux_state, mysid, sid, in selinux_setprocattr()
6453 tsec->keycreate_sid = sid; in selinux_setprocattr()
6455 tsec->sockcreate_sid = sid; in selinux_setprocattr()
6458 if (sid == 0) in selinux_setprocattr()
6465 tsec->sid, sid); in selinux_setprocattr()
6472 tsec->sid, sid, SECCLASS_PROCESS, in selinux_setprocattr()
6477 /* Check for ptracing, and update the task SID if ok. in selinux_setprocattr()
6478 Otherwise, leave SID unchanged and fail. */ in selinux_setprocattr()
6482 ptsid, sid, SECCLASS_PROCESS, in selinux_setprocattr()
6488 tsec->sid = sid; in selinux_setprocattr()
6577 ksec->sid = tsec->keycreate_sid; in selinux_key_alloc()
6579 ksec->sid = tsec->sid; in selinux_key_alloc()
6599 u32 perm, sid; in selinux_key_permission() local
6631 sid = cred_sid(cred); in selinux_key_permission()
6636 sid, ksec->sid, SECCLASS_KEY, perm, NULL); in selinux_key_permission()
6646 rc = security_sid_to_context(&selinux_state, ksec->sid, in selinux_key_getsecurity()
6658 u32 sid = current_sid(); in selinux_watch_key() local
6661 sid, ksec->sid, SECCLASS_KEY, KEY__VIEW, NULL); in selinux_watch_key()
6671 u32 sid = 0; in selinux_ib_pkey_access() local
6675 err = sel_ib_pkey_sid(subnet_prefix, pkey_val, &sid); in selinux_ib_pkey_access()
6684 sec->sid, sid, in selinux_ib_pkey_access()
6694 u32 sid = 0; in selinux_ib_endport_manage_subnet() local
6699 &sid); in selinux_ib_endport_manage_subnet()
6709 sec->sid, sid, in selinux_ib_endport_manage_subnet()
6721 sec->sid = current_sid(); in selinux_ib_alloc_security()
6737 u32 sid = current_sid(); in selinux_bpf() local
6743 sid, sid, SECCLASS_BPF, BPF__MAP_CREATE, in selinux_bpf()
6748 sid, sid, SECCLASS_BPF, BPF__PROG_LOAD, in selinux_bpf()
6778 static int bpf_fd_pass(struct file *file, u32 sid) in bpf_fd_pass() argument
6789 sid, bpfsec->sid, SECCLASS_BPF, in bpf_fd_pass()
6797 sid, bpfsec->sid, SECCLASS_BPF, in bpf_fd_pass()
6807 u32 sid = current_sid(); in selinux_bpf_map() local
6812 sid, bpfsec->sid, SECCLASS_BPF, in selinux_bpf_map()
6818 u32 sid = current_sid(); in selinux_bpf_prog() local
6823 sid, bpfsec->sid, SECCLASS_BPF, in selinux_bpf_prog()
6835 bpfsec->sid = current_sid(); in selinux_bpf_map_alloc()
6857 bpfsec->sid = current_sid(); in selinux_bpf_prog_alloc()
6875 u32 sid = current_sid(); in selinux_lockdown() local
6892 sid, sid, SECCLASS_LOCKDOWN, in selinux_lockdown()
6896 sid, sid, SECCLASS_LOCKDOWN, in selinux_lockdown()
6911 u32 requested, sid = current_sid(); in selinux_perf_event_open() local
6924 return avc_has_perm(&selinux_state, sid, sid, SECCLASS_PERF_EVENT, in selinux_perf_event_open()
6936 perfsec->sid = current_sid(); in selinux_perf_event_alloc()
6953 u32 sid = current_sid(); in selinux_perf_event_read() local
6955 return avc_has_perm(&selinux_state, sid, perfsec->sid, in selinux_perf_event_read()
6962 u32 sid = current_sid(); in selinux_perf_event_write() local
6964 return avc_has_perm(&selinux_state, sid, perfsec->sid, in selinux_perf_event_write()