Lines Matching refs:sid
185 tsec->osid = tsec->sid = SECINITSID_KERNEL; in cred_init_security()
197 return tsec->sid; in cred_sid()
205 u32 sid; in task_sid() local
208 sid = cred_sid(__task_cred(task)); in task_sid()
210 return sid; in task_sid()
220 return tsec->sid; in current_sid()
228 u32 sid = current_sid(); in inode_alloc_security() local
237 isec->sid = SECINITSID_UNLABELED; in inode_alloc_security()
239 isec->task_sid = sid; in inode_alloc_security()
289 u32 sid = current_sid(); in file_alloc_security() local
295 fsec->sid = sid; in file_alloc_security()
296 fsec->fown_sid = sid; in file_alloc_security()
321 sbsec->sid = SECINITSID_UNLABELED; in superblock_alloc_security()
378 static int may_context_mount_sb_relabel(u32 sid, in may_context_mount_sb_relabel() argument
385 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_sb_relabel()
390 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM, in may_context_mount_sb_relabel()
395 static int may_context_mount_inode_relabel(u32 sid, in may_context_mount_inode_relabel() argument
401 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_inode_relabel()
406 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_inode_relabel()
547 rc = security_sid_to_context(sbsec->sid, &context, &len); in selinux_get_mnt_opts()
571 rc = security_sid_to_context(isec->sid, &context, &len); in selinux_get_mnt_opts()
674 u32 sid; in selinux_set_mnt_opts() local
678 rc = security_context_str_to_sid(mount_options[i], &sid, GFP_KERNEL); in selinux_set_mnt_opts()
687 fscontext_sid = sid; in selinux_set_mnt_opts()
689 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, in selinux_set_mnt_opts()
696 context_sid = sid; in selinux_set_mnt_opts()
705 rootcontext_sid = sid; in selinux_set_mnt_opts()
707 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, in selinux_set_mnt_opts()
715 defcontext_sid = sid; in selinux_set_mnt_opts()
765 sbsec->sid = fscontext_sid; in selinux_set_mnt_opts()
784 sbsec->sid = context_sid; in selinux_set_mnt_opts()
804 root_isec->sid = rootcontext_sid; in selinux_set_mnt_opts()
848 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid) in selinux_cmp_sb_context()
857 if (oldroot->sid != newroot->sid) in selinux_cmp_sb_context()
896 newsbsec->sid = oldsbsec->sid; in selinux_sb_clone_mnt_opts()
901 u32 sid = oldsbsec->mntpoint_sid; in selinux_sb_clone_mnt_opts() local
904 newsbsec->sid = sid; in selinux_sb_clone_mnt_opts()
908 newisec->sid = sid; in selinux_sb_clone_mnt_opts()
910 newsbsec->mntpoint_sid = sid; in selinux_sb_clone_mnt_opts()
918 newisec->sid = oldisec->sid; in selinux_sb_clone_mnt_opts()
1255 u32 *sid) in selinux_genfs_get_sid() argument
1278 rc = security_genfs_sid(sb->s_type->name, path, tclass, sid); in selinux_genfs_get_sid()
1289 u32 sid; in inode_doinit_with_dentry() local
1320 isec->sid = sbsec->def_sid; in inode_doinit_with_dentry()
1388 sid = sbsec->def_sid; in inode_doinit_with_dentry()
1391 rc = security_context_to_sid_default(context, rc, &sid, in inode_doinit_with_dentry()
1415 isec->sid = sid; in inode_doinit_with_dentry()
1418 isec->sid = isec->task_sid; in inode_doinit_with_dentry()
1422 isec->sid = sbsec->sid; in inode_doinit_with_dentry()
1426 rc = security_transition_sid(isec->task_sid, sbsec->sid, in inode_doinit_with_dentry()
1427 isec->sclass, NULL, &sid); in inode_doinit_with_dentry()
1430 isec->sid = sid; in inode_doinit_with_dentry()
1433 isec->sid = sbsec->mntpoint_sid; in inode_doinit_with_dentry()
1437 isec->sid = sbsec->sid; in inode_doinit_with_dentry()
1463 sbsec->flags, &sid); in inode_doinit_with_dentry()
1467 isec->sid = sid; in inode_doinit_with_dentry()
1536 __tsec1 = __task_cred(tsk1)->security; sid1 = __tsec1->sid; in task_has_perm()
1537 __tsec2 = __task_cred(tsk2)->security; sid2 = __tsec2->sid; in task_has_perm()
1551 u32 sid, tsid; in current_has_perm() local
1553 sid = current_sid(); in current_has_perm()
1555 return avc_has_perm(sid, tsid, SECCLASS_PROCESS, perms, NULL); in current_has_perm()
1569 u32 sid = cred_sid(cred); in cred_has_capability() local
1590 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd); in cred_has_capability()
1592 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad, 0); in cred_has_capability()
1603 u32 sid = task_sid(tsk); in task_has_system() local
1605 return avc_has_perm(sid, SECINITSID_KERNEL, in task_has_system()
1618 u32 sid; in inode_has_perm() local
1625 sid = cred_sid(cred); in inode_has_perm()
1628 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp); in inode_has_perm()
1688 u32 sid = cred_sid(cred); in file_has_perm() local
1694 if (sid != fsec->sid) { in file_has_perm()
1695 rc = avc_has_perm(sid, fsec->sid, in file_has_perm()
1731 return security_transition_sid(tsec->sid, dsec->sid, tclass, in selinux_determine_inode_label()
1746 u32 sid, newsid; in may_create() local
1753 sid = tsec->sid; in may_create()
1758 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, in may_create()
1769 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad); in may_create()
1773 return avc_has_perm(newsid, sbsec->sid, in may_create()
1782 u32 sid = task_sid(ctx); in may_create_key() local
1784 return avc_has_perm(sid, ksid, SECCLASS_KEY, KEY__CREATE, NULL); in may_create_key()
1799 u32 sid = current_sid(); in may_link() local
1811 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad); in may_link()
1831 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad); in may_link()
1842 u32 sid = current_sid(); in may_rename() local
1855 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, in may_rename()
1859 rc = avc_has_perm(sid, old_isec->sid, in may_rename()
1864 rc = avc_has_perm(sid, old_isec->sid, in may_rename()
1874 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad); in may_rename()
1880 rc = avc_has_perm(sid, new_isec->sid, in may_rename()
1897 u32 sid = cred_sid(cred); in superblock_has_perm() local
1900 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad); in superblock_has_perm()
2012 u32 sid = task_sid(to); in selinux_binder_transfer_file() local
2022 if (sid != fsec->sid) { in selinux_binder_transfer_file()
2023 rc = avc_has_perm(sid, fsec->sid, in selinux_binder_transfer_file()
2034 return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file), in selinux_binder_transfer_file()
2042 u32 sid = current_sid(); in selinux_ptrace_access_check() local
2044 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, NULL); in selinux_ptrace_access_check()
2180 if (new_tsec->sid == old_tsec->sid) in check_nnp_nosuid()
2189 rc = security_bounded_transition(old_tsec->sid, new_tsec->sid); in check_nnp_nosuid()
2223 new_tsec->sid = old_tsec->sid; in selinux_bprm_set_creds()
2224 new_tsec->osid = old_tsec->sid; in selinux_bprm_set_creds()
2232 new_tsec->sid = old_tsec->exec_sid; in selinux_bprm_set_creds()
2242 rc = security_transition_sid(old_tsec->sid, isec->sid, in selinux_bprm_set_creds()
2244 &new_tsec->sid); in selinux_bprm_set_creds()
2254 new_tsec->sid = old_tsec->sid; in selinux_bprm_set_creds()
2260 if (new_tsec->sid == old_tsec->sid) { in selinux_bprm_set_creds()
2261 rc = avc_has_perm(old_tsec->sid, isec->sid, in selinux_bprm_set_creds()
2267 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in selinux_bprm_set_creds()
2272 rc = avc_has_perm(new_tsec->sid, isec->sid, in selinux_bprm_set_creds()
2279 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in selinux_bprm_set_creds()
2298 ptsid = sec->sid; in selinux_bprm_set_creds()
2303 rc = avc_has_perm(ptsid, new_tsec->sid, in selinux_bprm_set_creds()
2321 u32 sid, osid; in selinux_bprm_secureexec() local
2324 sid = tsec->sid; in selinux_bprm_secureexec()
2327 if (osid != sid) { in selinux_bprm_secureexec()
2331 atsecure = avc_has_perm(osid, sid, in selinux_bprm_secureexec()
2403 if (new_tsec->sid == new_tsec->osid) in selinux_bprm_committing_creds()
2422 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, in selinux_bprm_committing_creds()
2445 u32 osid, sid; in selinux_bprm_committed_creds() local
2449 sid = tsec->sid; in selinux_bprm_committed_creds()
2451 if (sid == osid) in selinux_bprm_committed_creds()
2461 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL); in selinux_bprm_committed_creds()
2619 u32 sid; in selinux_sb_remount() local
2623 rc = security_context_str_to_sid(mount_options[i], &sid, GFP_KERNEL); in selinux_sb_remount()
2633 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid)) in selinux_sb_remount()
2637 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid)) in selinux_sb_remount()
2644 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid)) in selinux_sb_remount()
2649 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid)) in selinux_sb_remount()
2758 u32 sid, newsid, clen; in selinux_inode_init_security() local
2765 sid = tsec->sid; in selinux_inode_init_security()
2779 isec->sid = newsid; in selinux_inode_init_security()
2854 u32 sid; in selinux_inode_follow_link() local
2860 sid = cred_sid(cred); in selinux_inode_follow_link()
2863 return avc_has_perm_flags(sid, isec->sid, isec->sclass, FILE__READ, &ad, in selinux_inode_follow_link()
2879 rc = slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms, in audit_inode_permission()
2893 u32 sid; in selinux_inode_permission() local
2912 sid = cred_sid(cred); in selinux_inode_permission()
2915 rc = avc_has_perm_noaudit(sid, isec->sid, isec->sclass, perms, 0, &avd); in selinux_inode_permission()
2986 u32 newsid, sid = current_sid(); in selinux_inode_setxattr() local
3002 rc = avc_has_perm(sid, isec->sid, isec->sclass, in selinux_inode_setxattr()
3038 rc = avc_has_perm(sid, newsid, isec->sclass, in selinux_inode_setxattr()
3043 rc = security_validate_transition(isec->sid, newsid, sid, in selinux_inode_setxattr()
3049 sbsec->sid, in selinux_inode_setxattr()
3078 isec->sid = newsid; in selinux_inode_post_setxattr()
3138 error = security_sid_to_context_force(isec->sid, &context, in selinux_inode_getsecurity()
3141 error = security_sid_to_context(isec->sid, &context, &size); in selinux_inode_getsecurity()
3172 isec->sid = newsid; in selinux_inode_setsecurity()
3188 *secid = isec->sid; in selinux_inode_getsecid()
3211 u32 sid = current_sid(); in selinux_file_permission() local
3217 if (sid == fsec->sid && fsec->isid == isec->sid && in selinux_file_permission()
3257 if (ssid != fsec->sid) { in ioctl_has_perm()
3258 rc = avc_has_perm(ssid, fsec->sid, in ioctl_has_perm()
3269 rc = avc_has_extended_perms(ssid, isec->sid, isec->sclass, in ioctl_has_perm()
3365 u32 sid = current_sid(); in selinux_mmap_addr() local
3366 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, in selinux_mmap_addr()
3478 u32 sid = task_sid(tsk); in selinux_file_send_sigiotask() local
3492 return avc_has_perm(fsec->fown_sid, sid, in selinux_file_send_sigiotask()
3517 fsec->isid = isec->sid; in selinux_file_open()
3605 u32 sid = current_sid(); in selinux_kernel_act_as() local
3608 ret = avc_has_perm(sid, secid, in selinux_kernel_act_as()
3613 tsec->sid = secid; in selinux_kernel_act_as()
3629 u32 sid = current_sid(); in selinux_kernel_create_files_as() local
3632 ret = avc_has_perm(sid, isec->sid, in selinux_kernel_create_files_as()
3638 tsec->create_sid = isec->sid; in selinux_kernel_create_files_as()
3644 u32 sid; in selinux_kernel_module_request() local
3647 sid = task_sid(current); in selinux_kernel_module_request()
3652 return avc_has_perm(sid, SECINITSID_KERNEL, SECCLASS_SYSTEM, in selinux_kernel_module_request()
3748 u32 sid = task_sid(p); in selinux_task_to_inode() local
3750 isec->sid = sid; in selinux_task_to_inode()
3965 static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid) in selinux_skb_peerlbl_sid() argument
3979 err = security_net_peersid_resolve(nlbl_sid, nlbl_type, xfrm_sid, sid); in selinux_skb_peerlbl_sid()
4024 return security_transition_sid(tsec->sid, tsec->sid, secclass, NULL, in socket_sockcreate_sid()
4035 if (sksec->sid == SECINITSID_KERNEL) in sock_has_perm()
4042 return avc_has_perm(tsid, sksec->sid, sksec->sclass, perms, &ad); in sock_has_perm()
4061 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL); in selinux_socket_create()
4075 isec->sid = SECINITSID_KERNEL; in selinux_socket_post_create()
4077 err = socket_sockcreate_sid(tsec, isec->sclass, &(isec->sid)); in selinux_socket_post_create()
4086 sksec->sid = isec->sid; in selinux_socket_post_create()
4122 u32 sid, node_perm; in selinux_socket_bind() local
4141 snum, &sid); in selinux_socket_bind()
4148 err = avc_has_perm(sksec->sid, sid, in selinux_socket_bind()
4174 err = sel_netnode_sid(addrp, family, &sid); in selinux_socket_bind()
4188 err = avc_has_perm(sksec->sid, sid, in selinux_socket_bind()
4217 u32 sid, perm; in selinux_socket_connect() local
4231 err = sel_netport_sid(sk->sk_protocol, snum, &sid); in selinux_socket_connect()
4242 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad); in selinux_socket_connect()
4272 newisec->sid = isec->sid; in selinux_socket_accept()
4337 err = avc_has_perm(sksec_sock->sid, sksec_other->sid, in selinux_socket_unix_stream_connect()
4344 sksec_new->peer_sid = sksec_sock->sid; in selinux_socket_unix_stream_connect()
4345 err = security_sid_mls_copy(sksec_other->sid, sksec_sock->sid, in selinux_socket_unix_stream_connect()
4346 &sksec_new->sid); in selinux_socket_unix_stream_connect()
4351 sksec_sock->peer_sid = sksec_new->sid; in selinux_socket_unix_stream_connect()
4368 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO, in selinux_socket_unix_may_send()
4400 u32 sk_sid = sksec->sid; in selinux_sock_rcv_skb_compat()
4423 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad); in selinux_sock_rcv_skb_compat()
4433 u32 sk_sid = sksec->sid; in selinux_socket_sock_rcv_skb()
4566 sksec->sid = SECINITSID_UNLABELED; in selinux_sk_alloc_security()
4588 newsksec->sid = sksec->sid; in selinux_sk_clone_security()
4602 *secid = sksec->sid; in selinux_sk_getsecid()
4613 isec->sid = sksec->sid; in selinux_sock_graft()
4629 err = selinux_conn_sid(sksec->sid, peersid, &connsid); in selinux_inet_conn_request()
4643 newsksec->sid = req->secid; in selinux_inet_csk_clone()
4667 static int selinux_secmark_relabel_packet(u32 sid) in selinux_secmark_relabel_packet() argument
4673 tsid = __tsec->sid; in selinux_secmark_relabel_packet()
4675 return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL); in selinux_secmark_relabel_packet()
4701 tunsec->sid = current_sid(); in selinux_tun_dev_alloc_security()
4714 u32 sid = current_sid(); in selinux_tun_dev_create() local
4723 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE, in selinux_tun_dev_create()
4731 return avc_has_perm(current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_attach_queue()
4747 sksec->sid = tunsec->sid; in selinux_tun_dev_attach()
4756 u32 sid = current_sid(); in selinux_tun_dev_open() local
4759 err = avc_has_perm(sid, tunsec->sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_open()
4763 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_open()
4767 tunsec->sid = sid; in selinux_tun_dev_open()
4887 u32 sid; in selinux_ip_output() local
4916 sid = sksec->sid; in selinux_ip_output()
4918 sid = SECINITSID_KERNEL; in selinux_ip_output()
4919 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0) in selinux_ip_output()
4955 if (avc_has_perm(sksec->sid, skb->secmark, in selinux_ip_postroute_compat()
4959 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto)) in selinux_ip_postroute_compat()
5059 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid)) in selinux_ip_postroute()
5066 peer_sid = sksec->sid; in selinux_ip_postroute()
5130 u32 sid; in ipc_alloc_security() local
5136 sid = task_sid(task); in ipc_alloc_security()
5138 isec->sid = sid; in ipc_alloc_security()
5159 msec->sid = SECINITSID_UNLABELED; in msg_msg_alloc_security()
5178 u32 sid = current_sid(); in ipc_has_perm() local
5185 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); in ipc_has_perm()
5203 u32 sid = current_sid(); in selinux_msg_queue_alloc_security() local
5215 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_alloc_security()
5233 u32 sid = current_sid(); in selinux_msg_queue_associate() local
5240 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_associate()
5277 u32 sid = current_sid(); in selinux_msg_queue_msgsnd() local
5286 if (msec->sid == SECINITSID_UNLABELED) { in selinux_msg_queue_msgsnd()
5291 rc = security_transition_sid(sid, isec->sid, SECCLASS_MSG, in selinux_msg_queue_msgsnd()
5292 NULL, &msec->sid); in selinux_msg_queue_msgsnd()
5301 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_msgsnd()
5305 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG, in selinux_msg_queue_msgsnd()
5309 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_msgsnd()
5322 u32 sid = task_sid(target); in selinux_msg_queue_msgrcv() local
5331 rc = avc_has_perm(sid, isec->sid, in selinux_msg_queue_msgrcv()
5334 rc = avc_has_perm(sid, msec->sid, in selinux_msg_queue_msgrcv()
5344 u32 sid = current_sid(); in selinux_shm_alloc_security() local
5356 rc = avc_has_perm(sid, isec->sid, SECCLASS_SHM, in selinux_shm_alloc_security()
5374 u32 sid = current_sid(); in selinux_shm_associate() local
5381 return avc_has_perm(sid, isec->sid, SECCLASS_SHM, in selinux_shm_associate()
5436 u32 sid = current_sid(); in selinux_sem_alloc_security() local
5448 rc = avc_has_perm(sid, isec->sid, SECCLASS_SEM, in selinux_sem_alloc_security()
5466 u32 sid = current_sid(); in selinux_sem_associate() local
5473 return avc_has_perm(sid, isec->sid, SECCLASS_SEM, in selinux_sem_associate()
5551 *secid = isec->sid; in selinux_ipc_getsecid()
5564 u32 sid; in selinux_getprocattr() local
5578 sid = __tsec->sid; in selinux_getprocattr()
5580 sid = __tsec->osid; in selinux_getprocattr()
5582 sid = __tsec->exec_sid; in selinux_getprocattr()
5584 sid = __tsec->create_sid; in selinux_getprocattr()
5586 sid = __tsec->keycreate_sid; in selinux_getprocattr()
5588 sid = __tsec->sockcreate_sid; in selinux_getprocattr()
5593 if (!sid) in selinux_getprocattr()
5596 error = security_sid_to_context(sid, value, &len); in selinux_getprocattr()
5612 u32 sid = 0, ptsid; in selinux_setprocattr() local
5648 error = security_context_to_sid(value, size, &sid, GFP_KERNEL); in selinux_setprocattr()
5668 &sid); in selinux_setprocattr()
5686 tsec->exec_sid = sid; in selinux_setprocattr()
5688 tsec->create_sid = sid; in selinux_setprocattr()
5690 error = may_create_key(sid, p); in selinux_setprocattr()
5693 tsec->keycreate_sid = sid; in selinux_setprocattr()
5695 tsec->sockcreate_sid = sid; in selinux_setprocattr()
5698 if (sid == 0) in selinux_setprocattr()
5704 error = security_bounded_transition(tsec->sid, sid); in selinux_setprocattr()
5710 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, in selinux_setprocattr()
5725 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, in selinux_setprocattr()
5731 tsec->sid = sid; in selinux_setprocattr()
5805 ksec->sid = tsec->keycreate_sid; in selinux_key_alloc()
5807 ksec->sid = tsec->sid; in selinux_key_alloc()
5827 u32 sid; in selinux_key_permission() local
5835 sid = cred_sid(cred); in selinux_key_permission()
5840 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL); in selinux_key_permission()
5850 rc = security_sid_to_context(ksec->sid, &context, &len); in selinux_key_getsecurity()