Lines Matching refs:sid
184 tsec->osid = tsec->sid = SECINITSID_KERNEL; in cred_init_security()
196 return tsec->sid; in cred_sid()
204 u32 sid; in task_sid() local
207 sid = cred_sid(__task_cred(task)); in task_sid()
209 return sid; in task_sid()
219 return tsec->sid; in current_sid()
227 u32 sid = current_sid(); in inode_alloc_security() local
236 isec->sid = SECINITSID_UNLABELED; in inode_alloc_security()
238 isec->task_sid = sid; in inode_alloc_security()
277 u32 sid = current_sid(); in file_alloc_security() local
283 fsec->sid = sid; in file_alloc_security()
284 fsec->fown_sid = sid; in file_alloc_security()
309 sbsec->sid = SECINITSID_UNLABELED; in superblock_alloc_security()
366 static int may_context_mount_sb_relabel(u32 sid, in may_context_mount_sb_relabel() argument
373 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_sb_relabel()
378 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM, in may_context_mount_sb_relabel()
383 static int may_context_mount_inode_relabel(u32 sid, in may_context_mount_inode_relabel() argument
389 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_inode_relabel()
394 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_inode_relabel()
535 rc = security_sid_to_context(sbsec->sid, &context, &len); in selinux_get_mnt_opts()
559 rc = security_sid_to_context(isec->sid, &context, &len); in selinux_get_mnt_opts()
662 u32 sid; in selinux_set_mnt_opts() local
667 strlen(mount_options[i]), &sid, GFP_KERNEL); in selinux_set_mnt_opts()
676 fscontext_sid = sid; in selinux_set_mnt_opts()
678 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, in selinux_set_mnt_opts()
685 context_sid = sid; in selinux_set_mnt_opts()
694 rootcontext_sid = sid; in selinux_set_mnt_opts()
696 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, in selinux_set_mnt_opts()
704 defcontext_sid = sid; in selinux_set_mnt_opts()
749 sbsec->sid = fscontext_sid; in selinux_set_mnt_opts()
768 sbsec->sid = context_sid; in selinux_set_mnt_opts()
788 root_isec->sid = rootcontext_sid; in selinux_set_mnt_opts()
832 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid) in selinux_cmp_sb_context()
841 if (oldroot->sid != newroot->sid) in selinux_cmp_sb_context()
880 newsbsec->sid = oldsbsec->sid; in selinux_sb_clone_mnt_opts()
885 u32 sid = oldsbsec->mntpoint_sid; in selinux_sb_clone_mnt_opts() local
888 newsbsec->sid = sid; in selinux_sb_clone_mnt_opts()
892 newisec->sid = sid; in selinux_sb_clone_mnt_opts()
894 newsbsec->mntpoint_sid = sid; in selinux_sb_clone_mnt_opts()
902 newisec->sid = oldisec->sid; in selinux_sb_clone_mnt_opts()
1227 u32 *sid) in selinux_proc_get_sid() argument
1247 rc = security_genfs_sid("proc", path, tclass, sid); in selinux_proc_get_sid()
1255 u32 *sid) in selinux_proc_get_sid() argument
1266 u32 sid; in inode_doinit_with_dentry() local
1297 isec->sid = sbsec->def_sid; in inode_doinit_with_dentry()
1365 sid = sbsec->def_sid; in inode_doinit_with_dentry()
1368 rc = security_context_to_sid_default(context, rc, &sid, in inode_doinit_with_dentry()
1392 isec->sid = sid; in inode_doinit_with_dentry()
1395 isec->sid = isec->task_sid; in inode_doinit_with_dentry()
1399 isec->sid = sbsec->sid; in inode_doinit_with_dentry()
1403 rc = security_transition_sid(isec->task_sid, sbsec->sid, in inode_doinit_with_dentry()
1404 isec->sclass, NULL, &sid); in inode_doinit_with_dentry()
1407 isec->sid = sid; in inode_doinit_with_dentry()
1410 isec->sid = sbsec->mntpoint_sid; in inode_doinit_with_dentry()
1414 isec->sid = sbsec->sid; in inode_doinit_with_dentry()
1439 rc = selinux_proc_get_sid(dentry, isec->sclass, &sid); in inode_doinit_with_dentry()
1443 isec->sid = sid; in inode_doinit_with_dentry()
1512 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid; in task_has_perm()
1513 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid; in task_has_perm()
1527 u32 sid, tsid; in current_has_perm() local
1529 sid = current_sid(); in current_has_perm()
1531 return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL); in current_has_perm()
1545 u32 sid = cred_sid(cred); in cred_has_capability() local
1566 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd); in cred_has_capability()
1568 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad); in cred_has_capability()
1579 u32 sid = task_sid(tsk); in task_has_system() local
1581 return avc_has_perm(sid, SECINITSID_KERNEL, in task_has_system()
1594 u32 sid; in inode_has_perm() local
1601 sid = cred_sid(cred); in inode_has_perm()
1604 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp); in inode_has_perm()
1664 u32 sid = cred_sid(cred); in file_has_perm() local
1670 if (sid != fsec->sid) { in file_has_perm()
1671 rc = avc_has_perm(sid, fsec->sid, in file_has_perm()
1696 u32 sid, newsid; in may_create() local
1703 sid = tsec->sid; in may_create()
1709 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, in may_create()
1716 rc = security_transition_sid(sid, dsec->sid, tclass, in may_create()
1722 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad); in may_create()
1726 return avc_has_perm(newsid, sbsec->sid, in may_create()
1735 u32 sid = task_sid(ctx); in may_create_key() local
1737 return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL); in may_create_key()
1752 u32 sid = current_sid(); in may_link() local
1764 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad); in may_link()
1784 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad); in may_link()
1795 u32 sid = current_sid(); in may_rename() local
1808 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, in may_rename()
1812 rc = avc_has_perm(sid, old_isec->sid, in may_rename()
1817 rc = avc_has_perm(sid, old_isec->sid, in may_rename()
1827 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad); in may_rename()
1833 rc = avc_has_perm(sid, new_isec->sid, in may_rename()
1850 u32 sid = cred_sid(cred); in superblock_has_perm() local
1853 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad); in superblock_has_perm()
1965 u32 sid = task_sid(to); in selinux_binder_transfer_file() local
1975 if (sid != fsec->sid) { in selinux_binder_transfer_file()
1976 rc = avc_has_perm(sid, fsec->sid, in selinux_binder_transfer_file()
1987 return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file), in selinux_binder_transfer_file()
2001 u32 sid = current_sid(); in selinux_ptrace_access_check() local
2003 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL); in selinux_ptrace_access_check()
2164 if (new_tsec->sid == old_tsec->sid) in check_nnp_nosuid()
2173 rc = security_bounded_transition(old_tsec->sid, new_tsec->sid); in check_nnp_nosuid()
2211 new_tsec->sid = old_tsec->sid; in selinux_bprm_set_creds()
2212 new_tsec->osid = old_tsec->sid; in selinux_bprm_set_creds()
2220 new_tsec->sid = old_tsec->exec_sid; in selinux_bprm_set_creds()
2230 rc = security_transition_sid(old_tsec->sid, isec->sid, in selinux_bprm_set_creds()
2232 &new_tsec->sid); in selinux_bprm_set_creds()
2242 new_tsec->sid = old_tsec->sid; in selinux_bprm_set_creds()
2248 if (new_tsec->sid == old_tsec->sid) { in selinux_bprm_set_creds()
2249 rc = avc_has_perm(old_tsec->sid, isec->sid, in selinux_bprm_set_creds()
2255 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in selinux_bprm_set_creds()
2260 rc = avc_has_perm(new_tsec->sid, isec->sid, in selinux_bprm_set_creds()
2267 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in selinux_bprm_set_creds()
2286 ptsid = sec->sid; in selinux_bprm_set_creds()
2291 rc = avc_has_perm(ptsid, new_tsec->sid, in selinux_bprm_set_creds()
2309 u32 sid, osid; in selinux_bprm_secureexec() local
2312 sid = tsec->sid; in selinux_bprm_secureexec()
2315 if (osid != sid) { in selinux_bprm_secureexec()
2319 atsecure = avc_has_perm(osid, sid, in selinux_bprm_secureexec()
2391 if (new_tsec->sid == new_tsec->osid) in selinux_bprm_committing_creds()
2410 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, in selinux_bprm_committing_creds()
2433 u32 osid, sid; in selinux_bprm_committed_creds() local
2437 sid = tsec->sid; in selinux_bprm_committed_creds()
2439 if (sid == osid) in selinux_bprm_committed_creds()
2449 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL); in selinux_bprm_committed_creds()
2605 u32 sid; in selinux_sb_remount() local
2611 rc = security_context_to_sid(mount_options[i], len, &sid, in selinux_sb_remount()
2622 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid)) in selinux_sb_remount()
2626 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid)) in selinux_sb_remount()
2633 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid)) in selinux_sb_remount()
2638 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid)) in selinux_sb_remount()
2742 rc = security_transition_sid(tsec->sid, dsec->sid, in selinux_dentry_init_security()
2765 u32 sid, newsid, clen; in selinux_inode_init_security() local
2772 sid = tsec->sid; in selinux_inode_init_security()
2779 rc = security_transition_sid(sid, dsec->sid, in selinux_inode_init_security()
2796 isec->sid = newsid; in selinux_inode_init_security()
2884 rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms, in audit_inode_permission()
2898 u32 sid; in selinux_inode_permission() local
2917 sid = cred_sid(cred); in selinux_inode_permission()
2920 rc = avc_has_perm_noaudit(sid, isec->sid, isec->sclass, perms, 0, &avd); in selinux_inode_permission()
2990 u32 newsid, sid = current_sid(); in selinux_inode_setxattr() local
3006 rc = avc_has_perm(sid, isec->sid, isec->sclass, in selinux_inode_setxattr()
3042 rc = avc_has_perm(sid, newsid, isec->sclass, in selinux_inode_setxattr()
3047 rc = security_validate_transition(isec->sid, newsid, sid, in selinux_inode_setxattr()
3053 sbsec->sid, in selinux_inode_setxattr()
3082 isec->sid = newsid; in selinux_inode_post_setxattr()
3139 error = security_sid_to_context_force(isec->sid, &context, in selinux_inode_getsecurity()
3142 error = security_sid_to_context(isec->sid, &context, &size); in selinux_inode_getsecurity()
3173 isec->sid = newsid; in selinux_inode_setsecurity()
3189 *secid = isec->sid; in selinux_inode_getsecid()
3212 u32 sid = current_sid(); in selinux_file_permission() local
3218 if (sid == fsec->sid && fsec->isid == isec->sid && in selinux_file_permission()
3331 u32 sid = current_sid(); in selinux_mmap_addr() local
3332 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, in selinux_mmap_addr()
3444 u32 sid = task_sid(tsk); in selinux_file_send_sigiotask() local
3458 return avc_has_perm(fsec->fown_sid, sid, in selinux_file_send_sigiotask()
3483 fsec->isid = isec->sid; in selinux_file_open()
3571 u32 sid = current_sid(); in selinux_kernel_act_as() local
3574 ret = avc_has_perm(sid, secid, in selinux_kernel_act_as()
3579 tsec->sid = secid; in selinux_kernel_act_as()
3595 u32 sid = current_sid(); in selinux_kernel_create_files_as() local
3598 ret = avc_has_perm(sid, isec->sid, in selinux_kernel_create_files_as()
3604 tsec->create_sid = isec->sid; in selinux_kernel_create_files_as()
3610 u32 sid; in selinux_kernel_module_request() local
3613 sid = task_sid(current); in selinux_kernel_module_request()
3618 return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM, in selinux_kernel_module_request()
3732 u32 sid = task_sid(p); in selinux_task_to_inode() local
3734 isec->sid = sid; in selinux_task_to_inode()
3949 static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid) in selinux_skb_peerlbl_sid() argument
3963 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid); in selinux_skb_peerlbl_sid()
4008 return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL, in socket_sockcreate_sid()
4019 if (sksec->sid == SECINITSID_KERNEL) in sock_has_perm()
4026 return avc_has_perm(tsid, sksec->sid, sksec->sclass, perms, &ad); in sock_has_perm()
4045 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL); in selinux_socket_create()
4059 isec->sid = SECINITSID_KERNEL; in selinux_socket_post_create()
4061 err = socket_sockcreate_sid(tsec, isec->sclass, &(isec->sid)); in selinux_socket_post_create()
4070 sksec->sid = isec->sid; in selinux_socket_post_create()
4106 u32 sid, node_perm; in selinux_socket_bind() local
4125 snum, &sid); in selinux_socket_bind()
4132 err = avc_has_perm(sksec->sid, sid, in selinux_socket_bind()
4158 err = sel_netnode_sid(addrp, family, &sid); in selinux_socket_bind()
4172 err = avc_has_perm(sksec->sid, sid, in selinux_socket_bind()
4201 u32 sid, perm; in selinux_socket_connect() local
4215 err = sel_netport_sid(sk->sk_protocol, snum, &sid); in selinux_socket_connect()
4226 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad); in selinux_socket_connect()
4256 newisec->sid = isec->sid; in selinux_socket_accept()
4321 err = avc_has_perm(sksec_sock->sid, sksec_other->sid, in selinux_socket_unix_stream_connect()
4328 sksec_new->peer_sid = sksec_sock->sid; in selinux_socket_unix_stream_connect()
4329 err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid, in selinux_socket_unix_stream_connect()
4330 &sksec_new->sid); in selinux_socket_unix_stream_connect()
4335 sksec_sock->peer_sid = sksec_new->sid; in selinux_socket_unix_stream_connect()
4352 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO, in selinux_socket_unix_may_send()
4384 u32 sk_sid = sksec->sid; in selinux_sock_rcv_skb_compat()
4407 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad); in selinux_sock_rcv_skb_compat()
4417 u32 sk_sid = sksec->sid; in selinux_socket_sock_rcv_skb()
4550 sksec->sid = SECINITSID_UNLABELED; in selinux_sk_alloc_security()
4571 newsksec->sid = sksec->sid; in selinux_sk_clone_security()
4585 *secid = sksec->sid; in selinux_sk_getsecid()
4596 isec->sid = sksec->sid; in selinux_sock_graft()
4612 err = selinux_conn_sid(sksec->sid, peersid, &connsid); in selinux_inet_conn_request()
4626 newsksec->sid = req->secid; in selinux_inet_csk_clone()
4650 static int selinux_secmark_relabel_packet(u32 sid) in selinux_secmark_relabel_packet() argument
4656 tsid = __tsec->sid; in selinux_secmark_relabel_packet()
4658 return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL); in selinux_secmark_relabel_packet()
4684 tunsec->sid = current_sid(); in selinux_tun_dev_alloc_security()
4697 u32 sid = current_sid(); in selinux_tun_dev_create() local
4706 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE, in selinux_tun_dev_create()
4714 return avc_has_perm(current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_attach_queue()
4730 sksec->sid = tunsec->sid; in selinux_tun_dev_attach()
4739 u32 sid = current_sid(); in selinux_tun_dev_open() local
4742 err = avc_has_perm(sid, tunsec->sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_open()
4746 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_open()
4750 tunsec->sid = sid; in selinux_tun_dev_open()
4869 u32 sid; in selinux_ip_output() local
4898 sid = sksec->sid; in selinux_ip_output()
4900 sid = SECINITSID_KERNEL; in selinux_ip_output()
4901 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0) in selinux_ip_output()
4937 if (avc_has_perm(sksec->sid, skb->secmark, in selinux_ip_postroute_compat()
4941 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto)) in selinux_ip_postroute_compat()
5039 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid)) in selinux_ip_postroute()
5046 peer_sid = sksec->sid; in selinux_ip_postroute()
5116 u32 sid; in ipc_alloc_security() local
5122 sid = task_sid(task); in ipc_alloc_security()
5124 isec->sid = sid; in ipc_alloc_security()
5145 msec->sid = SECINITSID_UNLABELED; in msg_msg_alloc_security()
5164 u32 sid = current_sid(); in ipc_has_perm() local
5171 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); in ipc_has_perm()
5189 u32 sid = current_sid(); in selinux_msg_queue_alloc_security() local
5201 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_alloc_security()
5219 u32 sid = current_sid(); in selinux_msg_queue_associate() local
5226 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_associate()
5263 u32 sid = current_sid(); in selinux_msg_queue_msgsnd() local
5272 if (msec->sid == SECINITSID_UNLABELED) { in selinux_msg_queue_msgsnd()
5277 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG, in selinux_msg_queue_msgsnd()
5278 NULL, &msec->sid); in selinux_msg_queue_msgsnd()
5287 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_msgsnd()
5291 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG, in selinux_msg_queue_msgsnd()
5295 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_msgsnd()
5308 u32 sid = task_sid(target); in selinux_msg_queue_msgrcv() local
5317 rc = avc_has_perm(sid, isec->sid, in selinux_msg_queue_msgrcv()
5320 rc = avc_has_perm(sid, msec->sid, in selinux_msg_queue_msgrcv()
5330 u32 sid = current_sid(); in selinux_shm_alloc_security() local
5342 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM, in selinux_shm_alloc_security()
5360 u32 sid = current_sid(); in selinux_shm_associate() local
5367 return avc_has_perm(sid, isec->sid, SECCLASS_SHM, in selinux_shm_associate()
5422 u32 sid = current_sid(); in selinux_sem_alloc_security() local
5434 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM, in selinux_sem_alloc_security()
5452 u32 sid = current_sid(); in selinux_sem_associate() local
5459 return avc_has_perm(sid, isec->sid, SECCLASS_SEM, in selinux_sem_associate()
5537 *secid = isec->sid; in selinux_ipc_getsecid()
5550 u32 sid; in selinux_getprocattr() local
5564 sid = __tsec->sid; in selinux_getprocattr()
5566 sid = __tsec->osid; in selinux_getprocattr()
5568 sid = __tsec->exec_sid; in selinux_getprocattr()
5570 sid = __tsec->create_sid; in selinux_getprocattr()
5572 sid = __tsec->keycreate_sid; in selinux_getprocattr()
5574 sid = __tsec->sockcreate_sid; in selinux_getprocattr()
5579 if (!sid) in selinux_getprocattr()
5582 error = security_sid_to_context(sid, value, &len); in selinux_getprocattr()
5598 u32 sid = 0, ptsid; in selinux_setprocattr() local
5634 error = security_context_to_sid(value, size, &sid, GFP_KERNEL); in selinux_setprocattr()
5654 &sid); in selinux_setprocattr()
5672 tsec->exec_sid = sid; in selinux_setprocattr()
5674 tsec->create_sid = sid; in selinux_setprocattr()
5676 error = may_create_key(sid, p); in selinux_setprocattr()
5679 tsec->keycreate_sid = sid; in selinux_setprocattr()
5681 tsec->sockcreate_sid = sid; in selinux_setprocattr()
5684 if (sid == 0) in selinux_setprocattr()
5690 error = security_bounded_transition(tsec->sid, sid); in selinux_setprocattr()
5696 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, in selinux_setprocattr()
5711 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, in selinux_setprocattr()
5717 tsec->sid = sid; in selinux_setprocattr()
5791 ksec->sid = tsec->keycreate_sid; in selinux_key_alloc()
5793 ksec->sid = tsec->sid; in selinux_key_alloc()
5813 u32 sid; in selinux_key_permission() local
5821 sid = cred_sid(cred); in selinux_key_permission()
5826 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL); in selinux_key_permission()
5836 rc = security_sid_to_context(ksec->sid, &context, &len); in selinux_key_getsecurity()