Lines Matching full:sid
217 tsec->osid = tsec->sid = SECINITSID_KERNEL; in cred_init_security()
228 return tsec->sid; in cred_sid()
261 u32 sid; in task_sid_obj() local
264 sid = cred_sid(__task_cred(task)); in task_sid_obj()
266 return sid; in task_sid_obj()
429 static int may_context_mount_sb_relabel(u32 sid, in may_context_mount_sb_relabel() argument
436 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_sb_relabel()
441 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM, in may_context_mount_sb_relabel()
446 static int may_context_mount_inode_relabel(u32 sid, in may_context_mount_inode_relabel() argument
452 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_inode_relabel()
457 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_inode_relabel()
508 u32 sid; in sb_check_xattr_support() local
541 SECCLASS_DIR, &sid); in sb_check_xattr_support()
548 sbsec->sid = sid; in sb_check_xattr_support()
693 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, in selinux_set_mnt_opts()
707 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, in selinux_set_mnt_opts()
791 sbsec->sid = fscontext_sid; in selinux_set_mnt_opts()
820 sbsec->sid = context_sid; in selinux_set_mnt_opts()
840 root_isec->sid = rootcontext_sid; in selinux_set_mnt_opts()
886 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid) in selinux_cmp_sb_context()
895 if (oldroot->sid != newroot->sid) in selinux_cmp_sb_context()
954 newsbsec->sid = oldsbsec->sid; in selinux_sb_clone_mnt_opts()
971 u32 sid = oldsbsec->mntpoint_sid; in selinux_sb_clone_mnt_opts() local
974 newsbsec->sid = sid; in selinux_sb_clone_mnt_opts()
977 newisec->sid = sid; in selinux_sb_clone_mnt_opts()
979 newsbsec->mntpoint_sid = sid; in selinux_sb_clone_mnt_opts()
985 newisec->sid = oldisec->sid; in selinux_sb_clone_mnt_opts()
1057 static int show_sid(struct seq_file *m, u32 sid) in show_sid() argument
1063 rc = security_sid_to_context(sid, &context, &len); in show_sid()
1092 rc = show_sid(m, sbsec->sid); in selinux_sb_show_options()
1115 rc = show_sid(m, isec->sid); in selinux_sb_show_options()
1317 u32 *sid) in selinux_genfs_get_sid() argument
1341 path, tclass, sid); in selinux_genfs_get_sid()
1344 *sid = SECINITSID_UNLABELED; in selinux_genfs_get_sid()
1353 u32 def_sid, u32 *sid) in inode_doinit_use_xattr() argument
1391 *sid = def_sid; in inode_doinit_use_xattr()
1395 rc = security_context_to_sid_default(context, rc, sid, in inode_doinit_use_xattr()
1418 u32 task_sid, sid = 0; in inode_doinit_with_dentry() local
1447 sid = isec->sid; in inode_doinit_with_dentry()
1459 sid = sbsec->def_sid; in inode_doinit_with_dentry()
1492 &sid); in inode_doinit_with_dentry()
1498 sid = task_sid; in inode_doinit_with_dentry()
1501 /* Default to the fs SID. */ in inode_doinit_with_dentry()
1502 sid = sbsec->sid; in inode_doinit_with_dentry()
1504 /* Try to obtain a transition SID. */ in inode_doinit_with_dentry()
1505 rc = security_transition_sid(task_sid, sid, in inode_doinit_with_dentry()
1506 sclass, NULL, &sid); in inode_doinit_with_dentry()
1511 sid = sbsec->mntpoint_sid; in inode_doinit_with_dentry()
1514 /* Default to the fs superblock SID. */ in inode_doinit_with_dentry()
1515 sid = sbsec->sid; in inode_doinit_with_dentry()
1547 sbsec->flags, &sid); in inode_doinit_with_dentry()
1556 sid, &sid); in inode_doinit_with_dentry()
1575 isec->sid = sid; in inode_doinit_with_dentry()
1586 isec->sid = sid; in inode_doinit_with_dentry()
1630 u32 sid = cred_sid(cred); in cred_has_capability() local
1650 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd); in cred_has_capability()
1652 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad); in cred_has_capability()
1668 u32 sid; in inode_has_perm() local
1673 sid = cred_sid(cred); in inode_has_perm()
1676 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp); in inode_has_perm()
1724 static int bpf_fd_pass(const struct file *file, u32 sid);
1732 has the same SID as the process. If av is zero, then
1742 u32 sid = cred_sid(cred); in file_has_perm() local
1748 if (sid != fsec->sid) { in file_has_perm()
1749 rc = avc_has_perm(sid, fsec->sid, in file_has_perm()
1792 return security_transition_sid(tsec->sid, in selinux_determine_inode_label()
1793 dsec->sid, tclass, in selinux_determine_inode_label()
1808 u32 sid, newsid; in may_create() local
1815 sid = tsec->sid; in may_create()
1820 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, in may_create()
1831 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad); in may_create()
1835 return avc_has_perm(newsid, sbsec->sid, in may_create()
1852 u32 sid = current_sid(); in may_link() local
1864 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad); in may_link()
1884 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad); in may_link()
1895 u32 sid = current_sid(); in may_rename() local
1908 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, in may_rename()
1912 rc = avc_has_perm(sid, old_isec->sid, in may_rename()
1917 rc = avc_has_perm(sid, old_isec->sid, in may_rename()
1927 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad); in may_rename()
1933 rc = avc_has_perm(sid, new_isec->sid, in may_rename()
1950 u32 sid = cred_sid(cred); in superblock_has_perm() local
1953 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad); in superblock_has_perm()
2062 u32 sid = cred_sid(to); in selinux_binder_transfer_file() local
2072 if (sid != fsec->sid) { in selinux_binder_transfer_file()
2073 rc = avc_has_perm(sid, fsec->sid, in selinux_binder_transfer_file()
2082 rc = bpf_fd_pass(file, sid); in selinux_binder_transfer_file()
2091 return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file), in selinux_binder_transfer_file()
2098 u32 sid = current_sid(); in selinux_ptrace_access_check() local
2102 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, in selinux_ptrace_access_check()
2105 return avc_has_perm(sid, csid, SECCLASS_PROCESS, PROCESS__PTRACE, in selinux_ptrace_access_check()
2226 u32 sid = 0; in ptrace_parent_sid() local
2232 sid = task_sid_obj(tracer); in ptrace_parent_sid()
2235 return sid; in ptrace_parent_sid()
2250 if (new_tsec->sid == old_tsec->sid) in check_nnp_nosuid()
2265 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in check_nnp_nosuid()
2274 * of the permissions of the current SID. in check_nnp_nosuid()
2276 rc = security_bounded_transition(old_tsec->sid, in check_nnp_nosuid()
2277 new_tsec->sid); in check_nnp_nosuid()
2307 /* Default to the current task SID. */ in selinux_bprm_creds_for_exec()
2308 new_tsec->sid = old_tsec->sid; in selinux_bprm_creds_for_exec()
2309 new_tsec->osid = old_tsec->sid; in selinux_bprm_creds_for_exec()
2323 new_tsec->sid = SECINITSID_INIT; in selinux_bprm_creds_for_exec()
2330 new_tsec->sid = old_tsec->exec_sid; in selinux_bprm_creds_for_exec()
2331 /* Reset exec SID on execve. */ in selinux_bprm_creds_for_exec()
2340 rc = security_transition_sid(old_tsec->sid, in selinux_bprm_creds_for_exec()
2341 isec->sid, SECCLASS_PROCESS, NULL, in selinux_bprm_creds_for_exec()
2342 &new_tsec->sid); in selinux_bprm_creds_for_exec()
2347 * Fallback to old SID on NNP or nosuid if not an allowed in selinux_bprm_creds_for_exec()
2352 new_tsec->sid = old_tsec->sid; in selinux_bprm_creds_for_exec()
2358 if (new_tsec->sid == old_tsec->sid) { in selinux_bprm_creds_for_exec()
2359 rc = avc_has_perm(old_tsec->sid, isec->sid, in selinux_bprm_creds_for_exec()
2365 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2370 rc = avc_has_perm(new_tsec->sid, isec->sid, in selinux_bprm_creds_for_exec()
2377 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2385 * changes its SID has the appropriate permit */ in selinux_bprm_creds_for_exec()
2389 rc = avc_has_perm(ptsid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2403 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2476 if (new_tsec->sid == new_tsec->osid) in selinux_bprm_committing_creds()
2479 /* Close files for which the new task SID is not authorized. */ in selinux_bprm_committing_creds()
2482 /* Always clear parent death signal on SID transitions. */ in selinux_bprm_committing_creds()
2485 /* Check whether the new SID can inherit resource limits from the old in selinux_bprm_committing_creds()
2486 * SID. If not, reset all soft limits to the lower of the current in selinux_bprm_committing_creds()
2495 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, in selinux_bprm_committing_creds()
2518 u32 osid, sid; in selinux_bprm_committed_creds() local
2522 sid = tsec->sid; in selinux_bprm_committed_creds()
2524 if (sid == osid) in selinux_bprm_committed_creds()
2527 /* Check whether the new SID can inherit signal state from the old SID. in selinux_bprm_committed_creds()
2531 * This must occur _after_ the task SID has been updated so that any in selinux_bprm_committed_creds()
2532 * kill done after the flush will be checked against the new SID. in selinux_bprm_committed_creds()
2534 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL); in selinux_bprm_committed_creds()
2550 * wait permission to the new task SID. */ in selinux_bprm_committed_creds()
2565 sbsec->sid = SECINITSID_UNLABELED; in selinux_sb_alloc_security()
2668 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, in selinux_sb_mnt_opts_compat()
2681 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, in selinux_sb_mnt_opts_compat()
2705 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, in selinux_sb_remount()
2717 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, in selinux_sb_remount()
2804 opts->fscontext_sid = sbsec->sid; in selinux_fs_context_submount()
2852 u32 sid = current_sid(); in selinux_inode_alloc_security() local
2857 isec->sid = SECINITSID_UNLABELED; in selinux_inode_alloc_security()
2859 isec->task_sid = sid; in selinux_inode_alloc_security()
2937 isec->sid = newsid; in selinux_inode_init_security()
2962 u32 sid = current_sid(); in selinux_inode_init_security_anon() local
2987 isec->sid = context_isec->sid; in selinux_inode_init_security_anon()
2991 sid, sid, in selinux_inode_init_security_anon()
2992 isec->sclass, name, &isec->sid); in selinux_inode_init_security_anon()
3006 return avc_has_perm(sid, in selinux_inode_init_security_anon()
3007 isec->sid, in selinux_inode_init_security_anon()
3066 u32 sid = current_sid(); in selinux_inode_follow_link() local
3074 return avc_has_perm(sid, isec->sid, isec->sclass, FILE__READ, &ad); in selinux_inode_follow_link()
3087 return slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms, in audit_inode_permission()
3097 u32 sid = current_sid(); in selinux_inode_permission() local
3118 rc = avc_has_perm_noaudit(sid, isec->sid, isec->sclass, perms, 0, in selinux_inode_permission()
3203 u32 newsid, sid = current_sid(); in selinux_inode_setxattr() local
3224 rc = avc_has_perm(sid, isec->sid, isec->sclass, in selinux_inode_setxattr()
3264 rc = avc_has_perm(sid, newsid, isec->sclass, in selinux_inode_setxattr()
3269 rc = security_validate_transition(isec->sid, newsid, in selinux_inode_setxattr()
3270 sid, isec->sclass); in selinux_inode_setxattr()
3275 sbsec->sid, in selinux_inode_setxattr()
3326 pr_err("SELinux: unable to map context to SID" in selinux_inode_post_setxattr()
3335 isec->sid = newsid; in selinux_inode_post_setxattr()
3446 error = security_sid_to_context_force(isec->sid, &context, in selinux_inode_getsecurity()
3449 error = security_sid_to_context(isec->sid, in selinux_inode_getsecurity()
3488 isec->sid = newsid; in selinux_inode_setsecurity()
3509 *secid = isec->sid; in selinux_inode_getsecid()
3514 u32 sid; in selinux_inode_copy_up() local
3526 selinux_inode_getsecid(d_inode(src), &sid); in selinux_inode_copy_up()
3527 tsec->create_sid = sid; in selinux_inode_copy_up()
3590 rc = security_transition_sid(tsec->sid, in selinux_kernfs_init_security()
3629 u32 sid = current_sid(); in selinux_file_permission() local
3636 if (sid == fsec->sid && fsec->isid == isec->sid && in selinux_file_permission()
3647 u32 sid = current_sid(); in selinux_file_alloc_security() local
3649 fsec->sid = sid; in selinux_file_alloc_security()
3650 fsec->fown_sid = sid; in selinux_file_alloc_security()
3677 if (ssid != fsec->sid) { in ioctl_has_perm()
3678 rc = avc_has_perm(ssid, fsec->sid, in ioctl_has_perm()
3690 rc = avc_has_extended_perms(ssid, isec->sid, isec->sclass, in ioctl_has_perm()
3775 u32 sid = cred_sid(cred); in file_map_prot_check() local
3786 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, in file_map_prot_check()
3815 u32 sid = current_sid(); in selinux_mmap_addr() local
3816 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, in selinux_mmap_addr()
3848 u32 sid = cred_sid(cred); in selinux_file_mprotect() local
3864 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, in selinux_file_mprotect()
3868 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, in selinux_file_mprotect()
3946 u32 sid = task_sid_obj(tsk); in selinux_file_send_sigiotask() local
3960 return avc_has_perm(fsec->fown_sid, sid, in selinux_file_send_sigiotask()
3983 * struct as its SID. in selinux_file_open()
3985 fsec->isid = isec->sid; in selinux_file_open()
4003 u32 sid = current_sid(); in selinux_task_alloc() local
4005 return avc_has_perm(sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL); in selinux_task_alloc()
4044 u32 sid = current_sid(); in selinux_kernel_act_as() local
4047 ret = avc_has_perm(sid, secid, in selinux_kernel_act_as()
4052 tsec->sid = secid; in selinux_kernel_act_as()
4068 u32 sid = current_sid(); in selinux_kernel_create_files_as() local
4071 ret = avc_has_perm(sid, isec->sid, in selinux_kernel_create_files_as()
4077 tsec->create_sid = isec->sid; in selinux_kernel_create_files_as()
4097 u32 sid = current_sid(); in selinux_kernel_module_from_file() local
4102 return avc_has_perm(sid, sid, SECCLASS_SYSTEM, in selinux_kernel_module_from_file()
4111 if (sid != fsec->sid) { in selinux_kernel_module_from_file()
4112 rc = avc_has_perm(sid, fsec->sid, SECCLASS_FD, FD__USE, &ad); in selinux_kernel_module_from_file()
4118 return avc_has_perm(sid, isec->sid, SECCLASS_SYSTEM, in selinux_kernel_module_from_file()
4270 u32 sid = task_sid_obj(p); in selinux_task_to_inode() local
4274 isec->sid = sid; in selinux_task_to_inode()
4281 u32 sid = current_sid(); in selinux_userns_create() local
4283 return avc_has_perm(sid, sid, SECCLASS_USER_NAMESPACE, in selinux_userns_create()
4517 * @sid: the packet's peer label SID
4521 * the peer label/SID for the packet; most of the magic actually occurs in
4523 * returns zero if the value in @sid is valid (although it may be SECSID_NULL)
4524 * or -EACCES if @sid is invalid due to inconsistencies with the different
4528 static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid) in selinux_skb_peerlbl_sid() argument
4543 nlbl_type, xfrm_sid, sid); in selinux_skb_peerlbl_sid()
4556 * @sk_sid: the parent socket's SID
4557 * @skb_sid: the packet's SID
4558 * @conn_sid: the resulting connection SID
4589 return security_transition_sid(tsec->sid, tsec->sid, in socket_sockcreate_sid()
4599 if (sksec->sid == SECINITSID_KERNEL) in sock_has_perm()
4614 sksec->sid == SECINITSID_INIT) in sock_has_perm()
4619 return avc_has_perm(current_sid(), sksec->sid, sksec->sclass, perms, in sock_has_perm()
4639 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL); in selinux_socket_create()
4649 u32 sid = SECINITSID_KERNEL; in selinux_socket_post_create() local
4653 err = socket_sockcreate_sid(tsec, sclass, &sid); in selinux_socket_post_create()
4659 isec->sid = sid; in selinux_socket_post_create()
4665 sksec->sid = sid; in selinux_socket_post_create()
4682 sksec_a->peer_sid = sksec_b->sid; in selinux_socket_socketpair()
4683 sksec_b->peer_sid = sksec_a->sid; in selinux_socket_socketpair()
4713 u32 sid, node_perm; in selinux_socket_bind() local
4772 snum, &sid); in selinux_socket_bind()
4775 err = avc_has_perm(sksec->sid, sid, in selinux_socket_bind()
4805 err = sel_netnode_sid(addrp, family_sa, &sid); in selinux_socket_bind()
4814 err = avc_has_perm(sksec->sid, sid, in selinux_socket_bind()
4862 u32 sid, perm; in selinux_socket_connect_helper() local
4892 err = sel_netport_sid(sk->sk_protocol, snum, &sid); in selinux_socket_connect_helper()
4912 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad); in selinux_socket_connect_helper()
4945 u32 sid; in selinux_socket_accept() local
4954 sid = isec->sid; in selinux_socket_accept()
4959 newisec->sid = sid; in selinux_socket_accept()
5022 err = avc_has_perm(sksec_sock->sid, sksec_other->sid, in selinux_socket_unix_stream_connect()
5029 sksec_new->peer_sid = sksec_sock->sid; in selinux_socket_unix_stream_connect()
5030 err = security_sid_mls_copy(sksec_other->sid, in selinux_socket_unix_stream_connect()
5031 sksec_sock->sid, &sksec_new->sid); in selinux_socket_unix_stream_connect()
5036 sksec_sock->peer_sid = sksec_new->sid; in selinux_socket_unix_stream_connect()
5051 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO, in selinux_socket_unix_may_send()
5083 u32 sk_sid = sksec->sid; in selinux_sock_rcv_skb_compat()
5103 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad); in selinux_sock_rcv_skb_compat()
5113 u32 sk_sid = sksec->sid; in selinux_socket_sock_rcv_skb()
5227 peer_secid = isec->sid; in selinux_socket_getpeersec_dgram()
5242 sksec->sid = SECINITSID_UNLABELED; in selinux_sk_alloc_security()
5261 newsksec->sid = sksec->sid; in selinux_sk_clone_security()
5275 *secid = sksec->sid; in selinux_sk_getsecid()
5287 isec->sid = sksec->sid; in selinux_sock_graft()
5328 /* Here as first association on socket. As the peer SID in selinux_sctp_process_new_assoc()
5331 * peer SID for getpeercon(3). in selinux_sctp_process_new_assoc()
5372 err = selinux_conn_sid(sksec->sid, asoc->peer_secid, &conn_sid); in selinux_sctp_assoc_request()
5397 asoc->secid = sksec->sid; in selinux_sctp_assoc_established()
5496 newsksec->sid = asoc->secid; in selinux_sctp_sk_clone()
5508 ssksec->sid = sksec->sid; in selinux_mptcp_add_subflow()
5529 err = selinux_conn_sid(sksec->sid, peersid, &connsid); in selinux_inet_conn_request()
5543 newsksec->sid = req->secid; in selinux_inet_csk_clone()
5545 /* NOTE: Ideally, we should also get the isec->sid for the in selinux_inet_csk_clone()
5567 static int selinux_secmark_relabel_packet(u32 sid) in selinux_secmark_relabel_packet() argument
5569 return avc_has_perm(current_sid(), sid, SECCLASS_PACKET, PACKET__RELABELTO, in selinux_secmark_relabel_packet()
5593 tunsec->sid = current_sid(); in selinux_tun_dev_alloc_security()
5599 u32 sid = current_sid(); in selinux_tun_dev_create() local
5601 /* we aren't taking into account the "sockcreate" SID since the socket in selinux_tun_dev_create()
5608 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE, in selinux_tun_dev_create()
5616 return avc_has_perm(current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_attach_queue()
5632 sksec->sid = tunsec->sid; in selinux_tun_dev_attach()
5641 u32 sid = current_sid(); in selinux_tun_dev_open() local
5644 err = avc_has_perm(sid, tunsec->sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_open()
5648 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_open()
5652 tunsec->sid = sid; in selinux_tun_dev_open()
5718 u32 sid; in selinux_ip_output() local
5747 sid = sksec->sid; in selinux_ip_output()
5749 sid = SECINITSID_KERNEL; in selinux_ip_output()
5750 if (selinux_netlbl_skbuff_setsid(skb, state->pf, sid) != 0) in selinux_ip_output()
5776 if (avc_has_perm(sksec->sid, skb->secmark, in selinux_ip_postroute_compat()
5780 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto)) in selinux_ip_postroute_compat()
5881 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid)) in selinux_ip_postroute()
5888 peer_sid = sksec->sid; in selinux_ip_postroute()
5984 isec->sid = current_sid(); in ipc_init_security()
5992 u32 sid = current_sid(); in ipc_has_perm() local
5999 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); in ipc_has_perm()
6007 msec->sid = SECINITSID_UNLABELED; in selinux_msg_msg_alloc_security()
6017 u32 sid = current_sid(); in selinux_msg_queue_alloc_security() local
6025 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_alloc_security()
6033 u32 sid = current_sid(); in selinux_msg_queue_associate() local
6040 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_associate()
6077 u32 sid = current_sid(); in selinux_msg_queue_msgsnd() local
6086 if (msec->sid == SECINITSID_UNLABELED) { in selinux_msg_queue_msgsnd()
6088 * Compute new sid based on current process and in selinux_msg_queue_msgsnd()
6091 rc = security_transition_sid(sid, isec->sid, in selinux_msg_queue_msgsnd()
6092 SECCLASS_MSG, NULL, &msec->sid); in selinux_msg_queue_msgsnd()
6101 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_msgsnd()
6105 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG, in selinux_msg_queue_msgsnd()
6109 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_msgsnd()
6122 u32 sid = task_sid_obj(target); in selinux_msg_queue_msgrcv() local
6131 rc = avc_has_perm(sid, isec->sid, in selinux_msg_queue_msgrcv()
6134 rc = avc_has_perm(sid, msec->sid, in selinux_msg_queue_msgrcv()
6144 u32 sid = current_sid(); in selinux_shm_alloc_security() local
6152 return avc_has_perm(sid, isec->sid, SECCLASS_SHM, in selinux_shm_alloc_security()
6160 u32 sid = current_sid(); in selinux_shm_associate() local
6167 return avc_has_perm(sid, isec->sid, SECCLASS_SHM, in selinux_shm_associate()
6222 u32 sid = current_sid(); in selinux_sem_alloc_security() local
6230 return avc_has_perm(sid, isec->sid, SECCLASS_SEM, in selinux_sem_alloc_security()
6238 u32 sid = current_sid(); in selinux_sem_associate() local
6245 return avc_has_perm(sid, isec->sid, SECCLASS_SEM, in selinux_sem_associate()
6325 *secid = isec->sid; in selinux_ipc_getsecid()
6339 u32 sid; in selinux_lsm_getattr() local
6345 error = avc_has_perm(current_sid(), tsec->sid, in selinux_lsm_getattr()
6352 sid = tsec->sid; in selinux_lsm_getattr()
6355 sid = tsec->osid; in selinux_lsm_getattr()
6358 sid = tsec->exec_sid; in selinux_lsm_getattr()
6361 sid = tsec->create_sid; in selinux_lsm_getattr()
6364 sid = tsec->keycreate_sid; in selinux_lsm_getattr()
6367 sid = tsec->sockcreate_sid; in selinux_lsm_getattr()
6375 if (sid == SECSID_NULL) { in selinux_lsm_getattr()
6380 error = security_sid_to_context(sid, value, &len); in selinux_lsm_getattr()
6394 u32 mysid = current_sid(), sid = 0, ptsid; in selinux_lsm_setattr() local
6429 /* Obtain a SID for the context, if one was specified. */ in selinux_lsm_setattr()
6436 &sid, GFP_KERNEL); in selinux_lsm_setattr()
6462 &sid); in selinux_lsm_setattr()
6480 tsec->exec_sid = sid; in selinux_lsm_setattr()
6482 tsec->create_sid = sid; in selinux_lsm_setattr()
6484 if (sid) { in selinux_lsm_setattr()
6485 error = avc_has_perm(mysid, sid, in selinux_lsm_setattr()
6490 tsec->keycreate_sid = sid; in selinux_lsm_setattr()
6492 tsec->sockcreate_sid = sid; in selinux_lsm_setattr()
6495 if (sid == 0) in selinux_lsm_setattr()
6499 error = security_bounded_transition(tsec->sid, sid); in selinux_lsm_setattr()
6505 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, in selinux_lsm_setattr()
6510 /* Check for ptracing, and update the task SID if ok. in selinux_lsm_setattr()
6511 Otherwise, leave SID unchanged and fail. */ in selinux_lsm_setattr()
6514 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, in selinux_lsm_setattr()
6520 tsec->sid = sid; in selinux_lsm_setattr()
6668 ksec->sid = tsec->keycreate_sid; in selinux_key_alloc()
6670 ksec->sid = tsec->sid; in selinux_key_alloc()
6681 u32 perm, sid; in selinux_key_permission() local
6713 sid = cred_sid(cred); in selinux_key_permission()
6717 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL); in selinux_key_permission()
6727 rc = security_sid_to_context(ksec->sid, in selinux_key_getsecurity()
6739 u32 sid = current_sid(); in selinux_watch_key() local
6741 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, KEY__VIEW, NULL); in selinux_watch_key()
6751 u32 sid = 0; in selinux_ib_pkey_access() local
6755 err = sel_ib_pkey_sid(subnet_prefix, pkey_val, &sid); in selinux_ib_pkey_access()
6763 return avc_has_perm(sec->sid, sid, in selinux_ib_pkey_access()
6773 u32 sid = 0; in selinux_ib_endport_manage_subnet() local
6778 &sid); in selinux_ib_endport_manage_subnet()
6787 return avc_has_perm(sec->sid, sid, in selinux_ib_endport_manage_subnet()
6796 sec->sid = current_sid(); in selinux_ib_alloc_security()
6805 u32 sid = current_sid(); in selinux_bpf() local
6810 ret = avc_has_perm(sid, sid, SECCLASS_BPF, BPF__MAP_CREATE, in selinux_bpf()
6814 ret = avc_has_perm(sid, sid, SECCLASS_BPF, BPF__PROG_LOAD, in selinux_bpf()
6844 static int bpf_fd_pass(const struct file *file, u32 sid) in bpf_fd_pass() argument
6854 ret = avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF, in bpf_fd_pass()
6861 ret = avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF, in bpf_fd_pass()
6871 u32 sid = current_sid(); in selinux_bpf_map() local
6875 return avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF, in selinux_bpf_map()
6881 u32 sid = current_sid(); in selinux_bpf_prog() local
6885 return avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF, in selinux_bpf_prog()
6898 bpfsec->sid = current_sid(); in selinux_bpf_map_create()
6921 bpfsec->sid = current_sid(); in selinux_bpf_prog_load()
6944 bpfsec->sid = current_sid(); in selinux_bpf_token_create()
6979 u32 requested, sid = current_sid(); in selinux_perf_event_open() local
6992 return avc_has_perm(sid, sid, SECCLASS_PERF_EVENT, in selinux_perf_event_open()
7001 perfsec->sid = current_sid(); in selinux_perf_event_alloc()
7009 u32 sid = current_sid(); in selinux_perf_event_read() local
7011 return avc_has_perm(sid, perfsec->sid, in selinux_perf_event_read()
7018 u32 sid = current_sid(); in selinux_perf_event_write() local
7020 return avc_has_perm(sid, perfsec->sid, in selinux_perf_event_write()
7047 u32 sid = current_sid(); in selinux_uring_sqpoll() local
7049 return avc_has_perm(sid, sid, in selinux_uring_sqpoll()
7071 return avc_has_perm(current_sid(), isec->sid, in selinux_uring_cmd()