Lines Matching defs:inode
247 static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
250 * Try reloading inode security labels that have been marked as invalid. The
253 * invalid. The @dentry parameter should be set to a dentry of the inode.
255 static int __inode_security_revalidate(struct inode *inode,
259 struct inode_security_struct *isec = selinux_inode(inode);
269 * Try reloading the inode security label. This will fail if
270 * @opt_dentry is NULL and no dentry for this inode can be
273 inode_doinit_with_dentry(inode, dentry);
278 static struct inode_security_struct *inode_security_novalidate(struct inode *inode)
280 return selinux_inode(inode);
283 static struct inode_security_struct *inode_security_rcu(struct inode *inode, bool rcu)
287 error = __inode_security_revalidate(inode, NULL, !rcu);
290 return selinux_inode(inode);
294 * Get the security label of an inode.
296 static struct inode_security_struct *inode_security(struct inode *inode)
298 __inode_security_revalidate(inode, NULL, true);
299 return selinux_inode(inode);
304 struct inode *inode = d_backing_inode(dentry);
306 return selinux_inode(inode);
310 * Get the security label of a dentry's backing inode.
314 struct inode *inode = d_backing_inode(dentry);
316 __inode_security_revalidate(inode, dentry, true);
317 return selinux_inode(inode);
320 static void inode_free_security(struct inode *inode)
322 struct inode_security_struct *isec = selinux_inode(inode);
327 sbsec = inode->i_sb->s_security;
329 * As not all inode security structures are in a list, we check for
493 struct inode *root_inode = d_backing_inode(root);
535 /* Initialize the root inode. */
547 struct inode *inode = isec->inode;
550 inode = igrab(inode);
551 if (inode) {
552 if (!IS_PRIVATE(inode))
553 inode_doinit_with_dentry(inode, NULL);
554 iput(inode);
1331 static int inode_doinit_use_xattr(struct inode *inode, struct dentry *dentry,
1345 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len);
1350 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, NULL, 0);
1360 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX,
1367 __func__, -rc, inode->i_sb->s_id, inode->i_ino);
1377 char *dev = inode->i_sb->s_id;
1378 unsigned long ino = inode->i_ino;
1381 pr_notice_ratelimited("SELinux: inode=%lu on dev=%s was found to have an invalid context=%s. This indicates you may need to relabel the inode or the filesystem in question.\n",
1392 /* The inode's security attributes must be initialized before first use. */
1393 static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1396 struct inode_security_struct *isec = selinux_inode(inode);
1410 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1412 sbsec = inode->i_sb->s_security;
1434 if (!(inode->i_opflags & IOP_XATTR)) {
1439 Life would be simpler if we could just pass the inode. */
1450 dentry = d_find_alias(inode);
1452 dentry = d_find_any_alias(inode);
1467 rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid,
1494 (!S_ISLNK(inode->i_mode) ||
1507 dentry = d_find_alias(inode);
1509 dentry = d_find_any_alias(inode);
1530 (inode->i_opflags & IOP_XATTR)) {
1531 rc = inode_doinit_use_xattr(inode, dentry,
1637 /* Check whether a task has a particular permission to an inode.
1641 struct inode *inode,
1650 if (unlikely(IS_PRIVATE(inode)))
1654 isec = selinux_inode(inode);
1667 struct inode *inode = d_backing_inode(dentry);
1672 __inode_security_revalidate(inode, dentry, true);
1673 return inode_has_perm(cred, inode, av, &ad);
1683 struct inode *inode = d_backing_inode(path->dentry);
1688 __inode_security_revalidate(inode, path->dentry, true);
1689 return inode_has_perm(cred, inode, av, &ad);
1692 /* Same as path_has_perm, but uses the inode from the file struct. */
1709 access an inode in a given way. Check access to the
1721 struct inode *inode = file_inode(file);
1748 rc = inode_has_perm(cred, inode, av, &ad);
1755 * Determine the label for an inode that might be unioned.
1759 struct inode *dir,
1782 static int may_create(struct inode *dir,
1829 static int may_link(struct inode *dir,
1874 static inline int may_rename(struct inode *old_dir,
1876 struct inode *new_dir,
2006 struct inode *inode = file_inode(file);
2009 inode->i_sb->s_magic != SOCKFS_MAGIC)
2308 struct inode *inode = file_inode(bprm->file);
2316 isec = inode_security(inode);
2440 only interested in the inode-based check here. */
2831 /* inode security operations */
2833 static int selinux_inode_alloc_security(struct inode *inode)
2835 struct inode_security_struct *isec = selinux_inode(inode);
2840 isec->inode = inode;
2849 static void selinux_inode_free_security(struct inode *inode)
2851 inode_free_security(inode);
2893 static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2909 inode_mode_to_security_class(inode->i_mode),
2916 struct inode_security_struct *isec = selinux_inode(inode);
2917 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2941 static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
2946 static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2951 static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
2956 static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2961 static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
2966 static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2971 static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
2976 static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2977 struct inode *new_inode, struct dentry *new_dentry)
2989 static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
3002 isec = inode_security_rcu(inode, rcu);
3011 static noinline int audit_inode_permission(struct inode *inode,
3016 struct inode_security_struct *isec = selinux_inode(inode);
3020 ad.u.inode = inode;
3030 static int selinux_inode_permission(struct inode *inode, int mask)
3051 if (unlikely(IS_PRIVATE(inode)))
3054 perms = file_mask_to_av(inode->i_mode, mask);
3057 isec = inode_security_rcu(inode, no_block);
3075 rc2 = audit_inode_permission(inode, perms, audited, denied, rc);
3084 struct inode *inode = d_backing_inode(dentry);
3101 inode->i_sb->s_magic != SOCKFS_MAGIC &&
3129 struct inode *inode = d_backing_inode(dentry);
3147 return (inode_owner_or_capable(inode) ? 0 : -EPERM);
3149 sbsec = inode->i_sb->s_security;
3153 if (!inode_owner_or_capable(inode))
3222 struct inode *inode = d_backing_inode(dentry);
3246 inode->i_sb->s_id, inode->i_ino, -rc);
3252 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3339 * Copy the inode security context value to the user.
3343 static int selinux_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
3367 isec = inode_security(inode);
3387 static int selinux_inode_setsecurity(struct inode *inode, const char *name,
3390 struct inode_security_struct *isec = inode_security_novalidate(inode);
3391 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
3410 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3417 static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
3429 static void selinux_inode_getsecid(struct inode *inode, u32 *secid)
3431 struct inode_security_struct *isec = inode_security_novalidate(inode);
3448 /* Get label from overlay inode and set it in create_sid */
3457 /* The copy_up hook above sets the initial context on an inode, but we
3536 struct inode *inode = file_inode(file);
3543 file_mask_to_av(inode->i_mode, mask));
3548 struct inode *inode = file_inode(file);
3557 isec = inode_security(inode);
3579 * operation to an inode.
3586 struct inode *inode = file_inode(file);
3609 if (unlikely(IS_PRIVATE(inode)))
3612 isec = inode_security(inode);
3906 * Save inode label and policy sequence number
3915 * Since the inode label or policy seqno may have changed
3919 * new inode label or new policy.
3991 * objective context of the specified inode
3993 static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
3995 struct inode_security_struct *isec = inode_security(inode);
4207 struct inode *inode)
4209 struct inode_security_struct *isec = selinux_inode(inode);
4213 isec->sclass = inode_mode_to_security_class(inode->i_mode);
6330 static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
6332 if (inode)
6333 inode_doinit_with_dentry(inode, dentry);
6552 static void selinux_inode_invalidate_secctx(struct inode *inode)
6554 struct inode_security_struct *isec = selinux_inode(inode);
6562 * called with inode->i_mutex locked
6564 static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
6566 int rc = selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX,
6573 * called with inode->i_mutex locked
6580 static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
6583 len = selinux_inode_getsecurity(inode, XATTR_SELINUX_SUFFIX,
6800 * socket, are using a shared anonymous inode inside the kernel as their inode.
6801 * So checking that inode cannot identify if the process have privilege to