Lines Matching full:sid
215 tsec->osid = tsec->sid = SECINITSID_KERNEL; in cred_init_security()
226 return tsec->sid; in cred_sid()
259 u32 sid; in task_sid_obj() local
262 sid = cred_sid(__task_cred(task)); in task_sid_obj()
264 return sid; in task_sid_obj()
422 static int may_context_mount_sb_relabel(u32 sid, in may_context_mount_sb_relabel() argument
429 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_sb_relabel()
434 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM, in may_context_mount_sb_relabel()
439 static int may_context_mount_inode_relabel(u32 sid, in may_context_mount_inode_relabel() argument
445 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_inode_relabel()
450 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_inode_relabel()
501 u32 sid; in sb_check_xattr_support() local
534 SECCLASS_DIR, &sid); in sb_check_xattr_support()
541 sbsec->sid = sid; in sb_check_xattr_support()
686 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, in selinux_set_mnt_opts()
700 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, in selinux_set_mnt_opts()
784 sbsec->sid = fscontext_sid; in selinux_set_mnt_opts()
813 sbsec->sid = context_sid; in selinux_set_mnt_opts()
833 root_isec->sid = rootcontext_sid; in selinux_set_mnt_opts()
879 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid) in selinux_cmp_sb_context()
888 if (oldroot->sid != newroot->sid) in selinux_cmp_sb_context()
947 newsbsec->sid = oldsbsec->sid; in selinux_sb_clone_mnt_opts()
964 u32 sid = oldsbsec->mntpoint_sid; in selinux_sb_clone_mnt_opts() local
967 newsbsec->sid = sid; in selinux_sb_clone_mnt_opts()
970 newisec->sid = sid; in selinux_sb_clone_mnt_opts()
972 newsbsec->mntpoint_sid = sid; in selinux_sb_clone_mnt_opts()
978 newisec->sid = oldisec->sid; in selinux_sb_clone_mnt_opts()
1050 static int show_sid(struct seq_file *m, u32 sid) in show_sid() argument
1056 rc = security_sid_to_context(sid, &context, &len); in show_sid()
1085 rc = show_sid(m, sbsec->sid); in selinux_sb_show_options()
1108 rc = show_sid(m, isec->sid); in selinux_sb_show_options()
1310 u32 *sid) in selinux_genfs_get_sid() argument
1334 path, tclass, sid); in selinux_genfs_get_sid()
1337 *sid = SECINITSID_UNLABELED; in selinux_genfs_get_sid()
1346 u32 def_sid, u32 *sid) in inode_doinit_use_xattr() argument
1384 *sid = def_sid; in inode_doinit_use_xattr()
1388 rc = security_context_to_sid_default(context, rc, sid, in inode_doinit_use_xattr()
1411 u32 task_sid, sid = 0; in inode_doinit_with_dentry() local
1440 sid = isec->sid; in inode_doinit_with_dentry()
1452 sid = sbsec->def_sid; in inode_doinit_with_dentry()
1485 &sid); in inode_doinit_with_dentry()
1491 sid = task_sid; in inode_doinit_with_dentry()
1494 /* Default to the fs SID. */ in inode_doinit_with_dentry()
1495 sid = sbsec->sid; in inode_doinit_with_dentry()
1497 /* Try to obtain a transition SID. */ in inode_doinit_with_dentry()
1498 rc = security_transition_sid(task_sid, sid, in inode_doinit_with_dentry()
1499 sclass, NULL, &sid); in inode_doinit_with_dentry()
1504 sid = sbsec->mntpoint_sid; in inode_doinit_with_dentry()
1507 /* Default to the fs superblock SID. */ in inode_doinit_with_dentry()
1508 sid = sbsec->sid; in inode_doinit_with_dentry()
1540 sbsec->flags, &sid); in inode_doinit_with_dentry()
1549 sid, &sid); in inode_doinit_with_dentry()
1568 isec->sid = sid; in inode_doinit_with_dentry()
1579 isec->sid = sid; in inode_doinit_with_dentry()
1623 u32 sid = cred_sid(cred); in cred_has_capability() local
1643 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd); in cred_has_capability()
1645 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad); in cred_has_capability()
1661 u32 sid; in inode_has_perm() local
1666 sid = cred_sid(cred); in inode_has_perm()
1669 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp); in inode_has_perm()
1717 static int bpf_fd_pass(const struct file *file, u32 sid);
1725 has the same SID as the process. If av is zero, then
1735 u32 sid = cred_sid(cred); in file_has_perm() local
1741 if (sid != fsec->sid) { in file_has_perm()
1742 rc = avc_has_perm(sid, fsec->sid, in file_has_perm()
1785 return security_transition_sid(tsec->sid, in selinux_determine_inode_label()
1786 dsec->sid, tclass, in selinux_determine_inode_label()
1801 u32 sid, newsid; in may_create() local
1808 sid = tsec->sid; in may_create()
1813 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, in may_create()
1824 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad); in may_create()
1828 return avc_has_perm(newsid, sbsec->sid, in may_create()
1845 u32 sid = current_sid(); in may_link() local
1857 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad); in may_link()
1877 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad); in may_link()
1888 u32 sid = current_sid(); in may_rename() local
1901 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, in may_rename()
1905 rc = avc_has_perm(sid, old_isec->sid, in may_rename()
1910 rc = avc_has_perm(sid, old_isec->sid, in may_rename()
1920 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad); in may_rename()
1926 rc = avc_has_perm(sid, new_isec->sid, in may_rename()
1943 u32 sid = cred_sid(cred); in superblock_has_perm() local
1946 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad); in superblock_has_perm()
2055 u32 sid = cred_sid(to); in selinux_binder_transfer_file() local
2065 if (sid != fsec->sid) { in selinux_binder_transfer_file()
2066 rc = avc_has_perm(sid, fsec->sid, in selinux_binder_transfer_file()
2075 rc = bpf_fd_pass(file, sid); in selinux_binder_transfer_file()
2084 return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file), in selinux_binder_transfer_file()
2091 u32 sid = current_sid(); in selinux_ptrace_access_check() local
2095 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, in selinux_ptrace_access_check()
2098 return avc_has_perm(sid, csid, SECCLASS_PROCESS, PROCESS__PTRACE, in selinux_ptrace_access_check()
2226 u32 sid = 0; in ptrace_parent_sid() local
2232 sid = task_sid_obj(tracer); in ptrace_parent_sid()
2235 return sid; in ptrace_parent_sid()
2250 if (new_tsec->sid == old_tsec->sid) in check_nnp_nosuid()
2265 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in check_nnp_nosuid()
2274 * of the permissions of the current SID. in check_nnp_nosuid()
2276 rc = security_bounded_transition(old_tsec->sid, in check_nnp_nosuid()
2277 new_tsec->sid); in check_nnp_nosuid()
2307 /* Default to the current task SID. */ in selinux_bprm_creds_for_exec()
2308 new_tsec->sid = old_tsec->sid; in selinux_bprm_creds_for_exec()
2309 new_tsec->osid = old_tsec->sid; in selinux_bprm_creds_for_exec()
2317 new_tsec->sid = old_tsec->exec_sid; in selinux_bprm_creds_for_exec()
2318 /* Reset exec SID on execve. */ in selinux_bprm_creds_for_exec()
2327 rc = security_transition_sid(old_tsec->sid, in selinux_bprm_creds_for_exec()
2328 isec->sid, SECCLASS_PROCESS, NULL, in selinux_bprm_creds_for_exec()
2329 &new_tsec->sid); in selinux_bprm_creds_for_exec()
2334 * Fallback to old SID on NNP or nosuid if not an allowed in selinux_bprm_creds_for_exec()
2339 new_tsec->sid = old_tsec->sid; in selinux_bprm_creds_for_exec()
2345 if (new_tsec->sid == old_tsec->sid) { in selinux_bprm_creds_for_exec()
2346 rc = avc_has_perm(old_tsec->sid, isec->sid, in selinux_bprm_creds_for_exec()
2352 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2357 rc = avc_has_perm(new_tsec->sid, isec->sid, in selinux_bprm_creds_for_exec()
2364 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2372 * changes its SID has the appropriate permit */ in selinux_bprm_creds_for_exec()
2376 rc = avc_has_perm(ptsid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2390 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2463 if (new_tsec->sid == new_tsec->osid) in selinux_bprm_committing_creds()
2466 /* Close files for which the new task SID is not authorized. */ in selinux_bprm_committing_creds()
2469 /* Always clear parent death signal on SID transitions. */ in selinux_bprm_committing_creds()
2472 /* Check whether the new SID can inherit resource limits from the old in selinux_bprm_committing_creds()
2473 * SID. If not, reset all soft limits to the lower of the current in selinux_bprm_committing_creds()
2482 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, in selinux_bprm_committing_creds()
2505 u32 osid, sid; in selinux_bprm_committed_creds() local
2509 sid = tsec->sid; in selinux_bprm_committed_creds()
2511 if (sid == osid) in selinux_bprm_committed_creds()
2514 /* Check whether the new SID can inherit signal state from the old SID. in selinux_bprm_committed_creds()
2518 * This must occur _after_ the task SID has been updated so that any in selinux_bprm_committed_creds()
2519 * kill done after the flush will be checked against the new SID. in selinux_bprm_committed_creds()
2521 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL); in selinux_bprm_committed_creds()
2537 * wait permission to the new task SID. */ in selinux_bprm_committed_creds()
2552 sbsec->sid = SECINITSID_UNLABELED; in selinux_sb_alloc_security()
2655 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, in selinux_sb_mnt_opts_compat()
2668 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, in selinux_sb_mnt_opts_compat()
2692 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, in selinux_sb_remount()
2704 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, in selinux_sb_remount()
2791 opts->fscontext_sid = sbsec->sid; in selinux_fs_context_submount()
2839 u32 sid = current_sid(); in selinux_inode_alloc_security() local
2844 isec->sid = SECINITSID_UNLABELED; in selinux_inode_alloc_security()
2846 isec->task_sid = sid; in selinux_inode_alloc_security()
2925 isec->sid = newsid; in selinux_inode_init_security()
2975 isec->sid = context_isec->sid; in selinux_inode_init_security_anon()
2979 tsec->sid, tsec->sid, in selinux_inode_init_security_anon()
2980 isec->sclass, name, &isec->sid); in selinux_inode_init_security_anon()
2994 return avc_has_perm(tsec->sid, in selinux_inode_init_security_anon()
2995 isec->sid, in selinux_inode_init_security_anon()
3055 u32 sid; in selinux_inode_follow_link() local
3059 sid = cred_sid(cred); in selinux_inode_follow_link()
3064 return avc_has_perm(sid, isec->sid, isec->sclass, FILE__READ, &ad); in selinux_inode_follow_link()
3077 return slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms, in audit_inode_permission()
3088 u32 sid; in selinux_inode_permission() local
3105 sid = cred_sid(cred); in selinux_inode_permission()
3110 rc = avc_has_perm_noaudit(sid, isec->sid, isec->sclass, perms, 0, in selinux_inode_permission()
3177 u32 newsid, sid = current_sid(); in selinux_inode_setxattr() local
3204 rc = avc_has_perm(sid, isec->sid, isec->sclass, in selinux_inode_setxattr()
3244 rc = avc_has_perm(sid, newsid, isec->sclass, in selinux_inode_setxattr()
3249 rc = security_validate_transition(isec->sid, newsid, in selinux_inode_setxattr()
3250 sid, isec->sclass); in selinux_inode_setxattr()
3255 sbsec->sid, in selinux_inode_setxattr()
3306 pr_err("SELinux: unable to map context to SID" in selinux_inode_post_setxattr()
3315 isec->sid = newsid; in selinux_inode_post_setxattr()
3432 error = security_sid_to_context_force(isec->sid, &context, in selinux_inode_getsecurity()
3435 error = security_sid_to_context(isec->sid, in selinux_inode_getsecurity()
3474 isec->sid = newsid; in selinux_inode_setsecurity()
3495 *secid = isec->sid; in selinux_inode_getsecid()
3500 u32 sid; in selinux_inode_copy_up() local
3512 selinux_inode_getsecid(d_inode(src), &sid); in selinux_inode_copy_up()
3513 tsec->create_sid = sid; in selinux_inode_copy_up()
3575 rc = security_transition_sid(tsec->sid, in selinux_kernfs_init_security()
3614 u32 sid = current_sid(); in selinux_file_permission() local
3621 if (sid == fsec->sid && fsec->isid == isec->sid && in selinux_file_permission()
3632 u32 sid = current_sid(); in selinux_file_alloc_security() local
3634 fsec->sid = sid; in selinux_file_alloc_security()
3635 fsec->fown_sid = sid; in selinux_file_alloc_security()
3662 if (ssid != fsec->sid) { in ioctl_has_perm()
3663 rc = avc_has_perm(ssid, fsec->sid, in ioctl_has_perm()
3675 rc = avc_has_extended_perms(ssid, isec->sid, isec->sclass, in ioctl_has_perm()
3760 u32 sid = cred_sid(cred); in file_map_prot_check() local
3771 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, in file_map_prot_check()
3800 u32 sid = current_sid(); in selinux_mmap_addr() local
3801 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, in selinux_mmap_addr()
3833 u32 sid = cred_sid(cred); in selinux_file_mprotect() local
3839 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, in selinux_file_mprotect()
3843 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, in selinux_file_mprotect()
3921 u32 sid = task_sid_obj(tsk); in selinux_file_send_sigiotask() local
3935 return avc_has_perm(fsec->fown_sid, sid, in selinux_file_send_sigiotask()
3958 * struct as its SID. in selinux_file_open()
3960 fsec->isid = isec->sid; in selinux_file_open()
3978 u32 sid = current_sid(); in selinux_task_alloc() local
3980 return avc_has_perm(sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL); in selinux_task_alloc()
4019 u32 sid = current_sid(); in selinux_kernel_act_as() local
4022 ret = avc_has_perm(sid, secid, in selinux_kernel_act_as()
4027 tsec->sid = secid; in selinux_kernel_act_as()
4043 u32 sid = current_sid(); in selinux_kernel_create_files_as() local
4046 ret = avc_has_perm(sid, isec->sid, in selinux_kernel_create_files_as()
4052 tsec->create_sid = isec->sid; in selinux_kernel_create_files_as()
4072 u32 sid = current_sid(); in selinux_kernel_module_from_file() local
4077 return avc_has_perm(sid, sid, SECCLASS_SYSTEM, in selinux_kernel_module_from_file()
4086 if (sid != fsec->sid) { in selinux_kernel_module_from_file()
4087 rc = avc_has_perm(sid, fsec->sid, SECCLASS_FD, FD__USE, &ad); in selinux_kernel_module_from_file()
4093 return avc_has_perm(sid, isec->sid, SECCLASS_SYSTEM, in selinux_kernel_module_from_file()
4245 u32 sid = task_sid_obj(p); in selinux_task_to_inode() local
4249 isec->sid = sid; in selinux_task_to_inode()
4256 u32 sid = current_sid(); in selinux_userns_create() local
4258 return avc_has_perm(sid, sid, SECCLASS_USER_NAMESPACE, in selinux_userns_create()
4492 * @sid: the packet's peer label SID
4496 * the peer label/SID for the packet; most of the magic actually occurs in
4498 * returns zero if the value in @sid is valid (although it may be SECSID_NULL)
4499 * or -EACCES if @sid is invalid due to inconsistencies with the different
4503 static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid) in selinux_skb_peerlbl_sid() argument
4518 nlbl_type, xfrm_sid, sid); in selinux_skb_peerlbl_sid()
4531 * @sk_sid: the parent socket's SID
4532 * @skb_sid: the packet's SID
4533 * @conn_sid: the resulting connection SID
4564 return security_transition_sid(tsec->sid, tsec->sid, in socket_sockcreate_sid()
4574 if (sksec->sid == SECINITSID_KERNEL) in sock_has_perm()
4579 return avc_has_perm(current_sid(), sksec->sid, sksec->sclass, perms, in sock_has_perm()
4599 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL); in selinux_socket_create()
4609 u32 sid = SECINITSID_KERNEL; in selinux_socket_post_create() local
4613 err = socket_sockcreate_sid(tsec, sclass, &sid); in selinux_socket_post_create()
4619 isec->sid = sid; in selinux_socket_post_create()
4625 sksec->sid = sid; in selinux_socket_post_create()
4642 sksec_a->peer_sid = sksec_b->sid; in selinux_socket_socketpair()
4643 sksec_b->peer_sid = sksec_a->sid; in selinux_socket_socketpair()
4673 u32 sid, node_perm; in selinux_socket_bind() local
4732 snum, &sid); in selinux_socket_bind()
4735 err = avc_has_perm(sksec->sid, sid, in selinux_socket_bind()
4765 err = sel_netnode_sid(addrp, family_sa, &sid); in selinux_socket_bind()
4774 err = avc_has_perm(sksec->sid, sid, in selinux_socket_bind()
4822 u32 sid, perm; in selinux_socket_connect_helper() local
4852 err = sel_netport_sid(sk->sk_protocol, snum, &sid); in selinux_socket_connect_helper()
4872 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad); in selinux_socket_connect_helper()
4905 u32 sid; in selinux_socket_accept() local
4914 sid = isec->sid; in selinux_socket_accept()
4919 newisec->sid = sid; in selinux_socket_accept()
4982 err = avc_has_perm(sksec_sock->sid, sksec_other->sid, in selinux_socket_unix_stream_connect()
4989 sksec_new->peer_sid = sksec_sock->sid; in selinux_socket_unix_stream_connect()
4990 err = security_sid_mls_copy(sksec_other->sid, in selinux_socket_unix_stream_connect()
4991 sksec_sock->sid, &sksec_new->sid); in selinux_socket_unix_stream_connect()
4996 sksec_sock->peer_sid = sksec_new->sid; in selinux_socket_unix_stream_connect()
5011 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO, in selinux_socket_unix_may_send()
5043 u32 sk_sid = sksec->sid; in selinux_sock_rcv_skb_compat()
5063 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad); in selinux_sock_rcv_skb_compat()
5073 u32 sk_sid = sksec->sid; in selinux_socket_sock_rcv_skb()
5184 peer_secid = isec->sid; in selinux_socket_getpeersec_dgram()
5204 sksec->sid = SECINITSID_UNLABELED; in selinux_sk_alloc_security()
5226 newsksec->sid = sksec->sid; in selinux_sk_clone_security()
5240 *secid = sksec->sid; in selinux_sk_getsecid()
5252 isec->sid = sksec->sid; in selinux_sock_graft()
5293 /* Here as first association on socket. As the peer SID in selinux_sctp_process_new_assoc()
5296 * peer SID for getpeercon(3). in selinux_sctp_process_new_assoc()
5337 err = selinux_conn_sid(sksec->sid, asoc->peer_secid, &conn_sid); in selinux_sctp_assoc_request()
5362 asoc->secid = sksec->sid; in selinux_sctp_assoc_established()
5461 newsksec->sid = asoc->secid; in selinux_sctp_sk_clone()
5473 ssksec->sid = sksec->sid; in selinux_mptcp_add_subflow()
5494 err = selinux_conn_sid(sksec->sid, peersid, &connsid); in selinux_inet_conn_request()
5508 newsksec->sid = req->secid; in selinux_inet_csk_clone()
5510 /* NOTE: Ideally, we should also get the isec->sid for the in selinux_inet_csk_clone()
5532 static int selinux_secmark_relabel_packet(u32 sid) in selinux_secmark_relabel_packet() argument
5538 tsid = tsec->sid; in selinux_secmark_relabel_packet()
5540 return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, in selinux_secmark_relabel_packet()
5567 tunsec->sid = current_sid(); in selinux_tun_dev_alloc_security()
5580 u32 sid = current_sid(); in selinux_tun_dev_create() local
5582 /* we aren't taking into account the "sockcreate" SID since the socket in selinux_tun_dev_create()
5589 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE, in selinux_tun_dev_create()
5597 return avc_has_perm(current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_attach_queue()
5613 sksec->sid = tunsec->sid; in selinux_tun_dev_attach()
5622 u32 sid = current_sid(); in selinux_tun_dev_open() local
5625 err = avc_has_perm(sid, tunsec->sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_open()
5629 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_open()
5633 tunsec->sid = sid; in selinux_tun_dev_open()
5699 u32 sid; in selinux_ip_output() local
5728 sid = sksec->sid; in selinux_ip_output()
5730 sid = SECINITSID_KERNEL; in selinux_ip_output()
5731 if (selinux_netlbl_skbuff_setsid(skb, state->pf, sid) != 0) in selinux_ip_output()
5757 if (avc_has_perm(sksec->sid, skb->secmark, in selinux_ip_postroute_compat()
5761 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto)) in selinux_ip_postroute_compat()
5862 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid)) in selinux_ip_postroute()
5869 peer_sid = sksec->sid; in selinux_ip_postroute()
5965 isec->sid = current_sid(); in ipc_init_security()
5973 u32 sid = current_sid(); in ipc_has_perm() local
5980 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); in ipc_has_perm()
5988 msec->sid = SECINITSID_UNLABELED; in selinux_msg_msg_alloc_security()
5998 u32 sid = current_sid(); in selinux_msg_queue_alloc_security() local
6006 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_alloc_security()
6014 u32 sid = current_sid(); in selinux_msg_queue_associate() local
6021 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_associate()
6058 u32 sid = current_sid(); in selinux_msg_queue_msgsnd() local
6067 if (msec->sid == SECINITSID_UNLABELED) { in selinux_msg_queue_msgsnd()
6069 * Compute new sid based on current process and in selinux_msg_queue_msgsnd()
6072 rc = security_transition_sid(sid, isec->sid, in selinux_msg_queue_msgsnd()
6073 SECCLASS_MSG, NULL, &msec->sid); in selinux_msg_queue_msgsnd()
6082 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_msgsnd()
6086 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG, in selinux_msg_queue_msgsnd()
6090 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_msgsnd()
6103 u32 sid = task_sid_obj(target); in selinux_msg_queue_msgrcv() local
6112 rc = avc_has_perm(sid, isec->sid, in selinux_msg_queue_msgrcv()
6115 rc = avc_has_perm(sid, msec->sid, in selinux_msg_queue_msgrcv()
6125 u32 sid = current_sid(); in selinux_shm_alloc_security() local
6133 return avc_has_perm(sid, isec->sid, SECCLASS_SHM, in selinux_shm_alloc_security()
6141 u32 sid = current_sid(); in selinux_shm_associate() local
6148 return avc_has_perm(sid, isec->sid, SECCLASS_SHM, in selinux_shm_associate()
6203 u32 sid = current_sid(); in selinux_sem_alloc_security() local
6211 return avc_has_perm(sid, isec->sid, SECCLASS_SEM, in selinux_sem_alloc_security()
6219 u32 sid = current_sid(); in selinux_sem_associate() local
6226 return avc_has_perm(sid, isec->sid, SECCLASS_SEM, in selinux_sem_associate()
6306 *secid = isec->sid; in selinux_ipc_getsecid()
6319 u32 sid; in selinux_getprocattr() local
6327 error = avc_has_perm(current_sid(), __tsec->sid, in selinux_getprocattr()
6334 sid = __tsec->sid; in selinux_getprocattr()
6336 sid = __tsec->osid; in selinux_getprocattr()
6338 sid = __tsec->exec_sid; in selinux_getprocattr()
6340 sid = __tsec->create_sid; in selinux_getprocattr()
6342 sid = __tsec->keycreate_sid; in selinux_getprocattr()
6344 sid = __tsec->sockcreate_sid; in selinux_getprocattr()
6351 if (!sid) in selinux_getprocattr()
6354 error = security_sid_to_context(sid, value, &len); in selinux_getprocattr()
6368 u32 mysid = current_sid(), sid = 0, ptsid; in selinux_setprocattr() local
6395 /* Obtain a SID for the context, if one was specified. */ in selinux_setprocattr()
6402 &sid, GFP_KERNEL); in selinux_setprocattr()
6426 &sid); in selinux_setprocattr()
6444 tsec->exec_sid = sid; in selinux_setprocattr()
6446 tsec->create_sid = sid; in selinux_setprocattr()
6448 if (sid) { in selinux_setprocattr()
6449 error = avc_has_perm(mysid, sid, in selinux_setprocattr()
6454 tsec->keycreate_sid = sid; in selinux_setprocattr()
6456 tsec->sockcreate_sid = sid; in selinux_setprocattr()
6459 if (sid == 0) in selinux_setprocattr()
6464 error = security_bounded_transition(tsec->sid, sid); in selinux_setprocattr()
6470 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, in selinux_setprocattr()
6475 /* Check for ptracing, and update the task SID if ok. in selinux_setprocattr()
6476 Otherwise, leave SID unchanged and fail. */ in selinux_setprocattr()
6479 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, in selinux_setprocattr()
6485 tsec->sid = sid; in selinux_setprocattr()
6574 ksec->sid = tsec->keycreate_sid; in selinux_key_alloc()
6576 ksec->sid = tsec->sid; in selinux_key_alloc()
6596 u32 perm, sid; in selinux_key_permission() local
6628 sid = cred_sid(cred); in selinux_key_permission()
6632 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL); in selinux_key_permission()
6642 rc = security_sid_to_context(ksec->sid, in selinux_key_getsecurity()
6654 u32 sid = current_sid(); in selinux_watch_key() local
6656 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, KEY__VIEW, NULL); in selinux_watch_key()
6666 u32 sid = 0; in selinux_ib_pkey_access() local
6670 err = sel_ib_pkey_sid(subnet_prefix, pkey_val, &sid); in selinux_ib_pkey_access()
6678 return avc_has_perm(sec->sid, sid, in selinux_ib_pkey_access()
6688 u32 sid = 0; in selinux_ib_endport_manage_subnet() local
6693 &sid); in selinux_ib_endport_manage_subnet()
6702 return avc_has_perm(sec->sid, sid, in selinux_ib_endport_manage_subnet()
6714 sec->sid = current_sid(); in selinux_ib_alloc_security()
6730 u32 sid = current_sid(); in selinux_bpf() local
6735 ret = avc_has_perm(sid, sid, SECCLASS_BPF, BPF__MAP_CREATE, in selinux_bpf()
6739 ret = avc_has_perm(sid, sid, SECCLASS_BPF, BPF__PROG_LOAD, in selinux_bpf()
6769 static int bpf_fd_pass(const struct file *file, u32 sid) in bpf_fd_pass() argument
6779 ret = avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF, in bpf_fd_pass()
6786 ret = avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF, in bpf_fd_pass()
6796 u32 sid = current_sid(); in selinux_bpf_map() local
6800 return avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF, in selinux_bpf_map()
6806 u32 sid = current_sid(); in selinux_bpf_prog() local
6810 return avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF, in selinux_bpf_prog()
6822 bpfsec->sid = current_sid(); in selinux_bpf_map_alloc()
6844 bpfsec->sid = current_sid(); in selinux_bpf_prog_alloc()
6872 u32 requested, sid = current_sid(); in selinux_perf_event_open() local
6885 return avc_has_perm(sid, sid, SECCLASS_PERF_EVENT, in selinux_perf_event_open()
6897 perfsec->sid = current_sid(); in selinux_perf_event_alloc()
6914 u32 sid = current_sid(); in selinux_perf_event_read() local
6916 return avc_has_perm(sid, perfsec->sid, in selinux_perf_event_read()
6923 u32 sid = current_sid(); in selinux_perf_event_write() local
6925 return avc_has_perm(sid, perfsec->sid, in selinux_perf_event_write()
6952 u32 sid = current_sid(); in selinux_uring_sqpoll() local
6954 return avc_has_perm(sid, sid, in selinux_uring_sqpoll()
6976 return avc_has_perm(current_sid(), isec->sid, in selinux_uring_cmd()