xref: /kernel/linux/linux-5.10/security/selinux/hooks.c

353 	const char *fscontext, *context, *rootcontext, *defcontext;
360 	kfree(opts->context);
382 	A(context, true),
481 	/* Never allow relabeling on context mounts */
575 	 * aka someone passed context=a,context=b
665 		if (opts->context) {
666 			rc = parse_sid(sb, opts->context, &context_sid);
757 	/* sets the context of the superblock for the fs being mounted. */
769 	 * the superblock context if not already set.
970 		if (opts->context || opts->defcontext)
972 		opts->context = s;
985 		if (opts->context || opts->defcontext)
1040 	char *context = NULL;
1045 					     &context, &len);
1047 		bool has_comma = context && strchr(context, ',');
1052 		seq_escape(m, context, "\"\n\\");
1056 	kfree(context);
1335 	char *context;
1340 	context = kmalloc(len + 1, GFP_NOFS);
1341 	if (!context)
1344 	context[len] = '\0';
1345 	rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len);
1347 		kfree(context);
1355 		context = kmalloc(len + 1, GFP_NOFS);
1356 		if (!context)
1359 		context[len] = '\0';
1361 				    context, len);
1364 		kfree(context);
1374 	rc = security_context_to_sid_default(&selinux_state, context, rc, sid,
1381 			pr_notice_ratelimited("SELinux: inode=%lu on dev=%s was found to have an invalid context=%s.  This indicates you may need to relabel the inode or the filesystem in question.\n",
1382 					      ino, dev, context);
1385 				__func__, context, -rc, dev, ino);
1388 	kfree(context);
2311 	/* SELinux context only depends on initial program or script and not
2684 	if (opts->context) {
2685 		rc = parse_sid(sb, opts->context, &sid);
2787 	if (src->context) {
2788 		opts->context = kstrdup(src->context, GFP_KERNEL);
2789 		if (!opts->context)
2902 	char *context;
2931 						   &context, &clen);
2934 		*value = context;
3174 			 * context contains a nul and we should audit that */
3244 		pr_err("SELinux:  unable to map context to SID"
3339  * Copy the inode security context value to the user.
3347 	char *context = NULL;
3359 	 * If the caller has CAP_MAC_ADMIN, then get the raw context
3365 	 * in-core context value, not a denial.
3370 						      isec->sid, &context,
3374 						&context, &size);
3379 		*buffer = context;
3382 	kfree(context);
3457 	/* The copy_up hook above sets the initial context on an inode, but we
3478 	char *context;
3487 	context = kmalloc(clen, GFP_KERNEL);
3488 	if (!context)
3491 	rc = kernfs_xattr_get(kn_dir, XATTR_NAME_SELINUX, context, clen);
3493 		kfree(context);
3497 	rc = security_context_to_sid(&selinux_state, context, clen, &parent_sid,
3499 	kfree(context);
3520 					   &context, &clen);
3524 	rc = kernfs_xattr_set(kn, XATTR_NAME_SELINUX, context, clen,
3526 	kfree(context);
3876 	/* struct fown_struct is never outside the context of a struct file */
3990  * set the file creation context in a security record to the same as the
3991  * objective context of the specified inode
4158 	   upon context transitions.  See selinux_bprm_committing_creds. */
6422 	/* Obtain a SID for the context, if one was specified. */
6436 				 * context contains a nul and we should audit that */
6462 	/* Permission checking based on the specified context is
6464 	   open/mkdir/...), when we know the full context of the
6467 	   operation will then fail if the context is not permitted. */
6488 		/* Only allow single threaded processes to change context */
6669 	char *context = NULL;
6674 				     &context, &len);
6677 	*_buffer = context;

Indexes created Thu Nov 07 10:32:03 CST 2024