Lines Matching refs:sid
220 tsec->osid = tsec->sid = SECINITSID_KERNEL;
231 return tsec->sid;
239 u32 sid;
242 sid = cred_sid(__task_cred(task));
244 return sid;
411 static int may_context_mount_sb_relabel(u32 sid,
419 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
425 tsec->sid, sid, SECCLASS_FILESYSTEM,
430 static int may_context_mount_inode_relabel(u32 sid,
437 tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
443 sid, sbsec->sid, SECCLASS_FILESYSTEM,
583 static int parse_sid(struct super_block *sb, const char *s, u32 *sid)
586 sid, GFP_KERNEL);
660 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
678 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
763 sbsec->sid = fscontext_sid;
782 sbsec->sid = context_sid;
802 root_isec->sid = rootcontext_sid;
848 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid)
857 if (oldroot->sid != newroot->sid)
909 newsbsec->sid = oldsbsec->sid;
926 u32 sid = oldsbsec->mntpoint_sid;
929 newsbsec->sid = sid;
932 newisec->sid = sid;
934 newsbsec->mntpoint_sid = sid;
940 newisec->sid = oldisec->sid;
1038 static int show_sid(struct seq_file *m, u32 sid)
1044 rc = security_sid_to_context(&selinux_state, sid,
1074 rc = show_sid(m, sbsec->sid);
1097 rc = show_sid(m, isec->sid);
1296 u32 *sid)
1320 path, tclass, sid);
1323 *sid = SECINITSID_UNLABELED;
1332 u32 def_sid, u32 *sid)
1370 *sid = def_sid;
1374 rc = security_context_to_sid_default(&selinux_state, context, rc, sid,
1397 u32 task_sid, sid = 0;
1426 sid = isec->sid;
1435 sid = sbsec->def_sid;
1468 &sid);
1474 sid = task_sid;
1478 sid = sbsec->sid;
1481 rc = security_transition_sid(&selinux_state, task_sid, sid,
1482 sclass, NULL, &sid);
1487 sid = sbsec->mntpoint_sid;
1491 sid = sbsec->sid;
1523 sbsec->flags, &sid);
1532 sid, &sid);
1551 isec->sid = sid;
1562 isec->sid = sid;
1606 u32 sid = cred_sid(cred);
1627 sid, sid, sclass, av, 0, &avd);
1630 sid, sid, sclass, av, &avd, rc, &ad, 0);
1646 u32 sid;
1653 sid = cred_sid(cred);
1657 sid, isec->sid, isec->sclass, perms, adp);
1705 static int bpf_fd_pass(struct file *file, u32 sid);
1723 u32 sid = cred_sid(cred);
1729 if (sid != fsec->sid) {
1731 sid, fsec->sid,
1773 return security_transition_sid(&selinux_state, tsec->sid,
1774 dsec->sid, tclass,
1789 u32 sid, newsid;
1796 sid = tsec->sid;
1802 sid, dsec->sid, SECCLASS_DIR,
1814 sid, newsid, tclass, FILE__CREATE, &ad);
1819 newsid, sbsec->sid,
1836 u32 sid = current_sid();
1849 sid, dsec->sid, SECCLASS_DIR, av, &ad);
1870 sid, isec->sid, isec->sclass, av, &ad);
1881 u32 sid = current_sid();
1895 sid, old_dsec->sid, SECCLASS_DIR,
1900 sid, old_isec->sid,
1906 sid, old_isec->sid,
1917 sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1924 sid, new_isec->sid,
1941 u32 sid = cred_sid(cred);
1945 sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
2057 u32 sid = cred_sid(to);
2067 if (sid != fsec->sid) {
2069 sid, fsec->sid,
2078 rc = bpf_fd_pass(file, sid);
2088 sid, isec->sid, isec->sclass, file_to_av(file),
2095 u32 sid = current_sid();
2100 sid, csid, SECCLASS_FILE, FILE__READ, NULL);
2103 sid, csid, SECCLASS_PROCESS, PROCESS__PTRACE, NULL);
2236 u32 sid = 0;
2242 sid = task_sid(tracer);
2245 return sid;
2260 if (new_tsec->sid == old_tsec->sid)
2276 old_tsec->sid, new_tsec->sid,
2287 rc = security_bounded_transition(&selinux_state, old_tsec->sid,
2288 new_tsec->sid);
2319 new_tsec->sid = old_tsec->sid;
2320 new_tsec->osid = old_tsec->sid;
2328 new_tsec->sid = old_tsec->exec_sid;
2338 rc = security_transition_sid(&selinux_state, old_tsec->sid,
2339 isec->sid, SECCLASS_PROCESS, NULL,
2340 &new_tsec->sid);
2350 new_tsec->sid = old_tsec->sid;
2356 if (new_tsec->sid == old_tsec->sid) {
2358 old_tsec->sid, isec->sid,
2365 old_tsec->sid, new_tsec->sid,
2371 new_tsec->sid, isec->sid,
2379 old_tsec->sid, new_tsec->sid,
2392 ptsid, new_tsec->sid,
2407 old_tsec->sid, new_tsec->sid,
2480 if (new_tsec->sid == new_tsec->osid)
2500 new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2523 u32 osid, sid;
2527 sid = tsec->sid;
2529 if (sid == osid)
2540 osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2576 sbsec->sid = SECINITSID_UNLABELED;
2668 u32 sid;
2678 rc = parse_sid(sb, opts->fscontext, &sid);
2681 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, sid))
2685 rc = parse_sid(sb, opts->context, &sid);
2688 if (bad_option(sbsec, CONTEXT_MNT, sbsec->mntpoint_sid, sid))
2694 rc = parse_sid(sb, opts->rootcontext, &sid);
2697 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, sid))
2701 rc = parse_sid(sb, opts->defcontext, &sid);
2704 if (bad_option(sbsec, DEFCONTEXT_MNT, sbsec->def_sid, sid))
2836 u32 sid = current_sid();
2841 isec->sid = SECINITSID_UNLABELED;
2843 isec->task_sid = sid;
2918 isec->sid = newsid;
2995 u32 sid;
3001 sid = cred_sid(cred);
3007 sid, isec->sid, isec->sclass, FILE__READ, &ad,
3023 current_sid(), isec->sid, isec->sclass, perms,
3037 u32 sid;
3056 sid = cred_sid(cred);
3062 sid, isec->sid, isec->sclass, perms,
3133 u32 newsid, sid = current_sid();
3161 sid, isec->sid, isec->sclass,
3200 sid, newsid, isec->sclass,
3205 rc = security_validate_transition(&selinux_state, isec->sid, newsid,
3206 sid, isec->sclass);
3212 sbsec->sid,
3253 isec->sid = newsid;
3370 isec->sid, &context,
3373 error = security_sid_to_context(&selinux_state, isec->sid,
3411 isec->sid = newsid;
3432 *secid = isec->sid;
3437 u32 sid;
3449 selinux_inode_getsecid(d_inode(src), &sid);
3450 tsec->create_sid = sid;
3512 rc = security_transition_sid(&selinux_state, tsec->sid,
3551 u32 sid = current_sid();
3558 if (sid == fsec->sid && fsec->isid == isec->sid &&
3569 u32 sid = current_sid();
3571 fsec->sid = sid;
3572 fsec->fown_sid = sid;
3599 if (ssid != fsec->sid) {
3601 ssid, fsec->sid,
3614 ssid, isec->sid, isec->sclass,
3699 u32 sid = cred_sid(cred);
3711 sid, sid, SECCLASS_PROCESS,
3740 u32 sid = current_sid();
3742 sid, sid, SECCLASS_MEMPROTECT,
3776 u32 sid = cred_sid(cred);
3787 sid, sid, SECCLASS_PROCESS,
3794 sid, sid, SECCLASS_PROCESS,
3872 u32 sid = task_sid(tsk);
3887 fsec->fown_sid, sid,
3912 fsec->isid = isec->sid;
3930 u32 sid = current_sid();
3933 sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL);
3972 u32 sid = current_sid();
3976 sid, secid,
3981 tsec->sid = secid;
3997 u32 sid = current_sid();
4001 sid, isec->sid,
4007 tsec->create_sid = isec->sid;
4028 u32 sid = current_sid();
4034 sid, sid, SECCLASS_SYSTEM,
4043 if (sid != fsec->sid) {
4045 sid, fsec->sid, SECCLASS_FD, FD__USE, &ad);
4052 sid, isec->sid, SECCLASS_SYSTEM,
4210 u32 sid = task_sid(p);
4214 isec->sid = sid;
4449 * @sid: the packet's peer label SID
4455 * returns zero if the value in @sid is valid (although it may be SECSID_NULL)
4456 * or -EACCES if @sid is invalid due to inconsistencies with the different
4460 static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
4475 nlbl_type, xfrm_sid, sid);
4521 return security_transition_sid(&selinux_state, tsec->sid, tsec->sid,
4531 if (sksec->sid == SECINITSID_KERNEL)
4539 current_sid(), sksec->sid, sksec->sclass, perms,
4560 tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
4570 u32 sid = SECINITSID_KERNEL;
4574 err = socket_sockcreate_sid(tsec, sclass, &sid);
4580 isec->sid = sid;
4586 sksec->sid = sid;
4603 sksec_a->peer_sid = sksec_b->sid;
4604 sksec_b->peer_sid = sksec_a->sid;
4634 u32 sid, node_perm;
4693 snum, &sid);
4697 sksec->sid, sid,
4727 err = sel_netnode_sid(addrp, family_sa, &sid);
4737 sksec->sid, sid,
4785 u32 sid, perm;
4815 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
4836 sksec->sid, sid, sksec->sclass, perm, &ad);
4869 u32 sid;
4878 sid = isec->sid;
4883 newisec->sid = sid;
4949 sksec_sock->sid, sksec_other->sid,
4956 sksec_new->peer_sid = sksec_sock->sid;
4957 err = security_sid_mls_copy(&selinux_state, sksec_other->sid,
4958 sksec_sock->sid, &sksec_new->sid);
4963 sksec_sock->peer_sid = sksec_new->sid;
4981 ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
5015 u32 sk_sid = sksec->sid;
5039 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
5049 u32 sk_sid = sksec->sid;
5168 peer_secid = isec->sid;
5188 sksec->sid = SECINITSID_UNLABELED;
5210 newsksec->sid = sksec->sid;
5224 *secid = sksec->sid;
5236 isec->sid = sksec->sid;
5302 err = selinux_conn_sid(sksec->sid, peer_sid, &conn_sid);
5407 newsksec->sid = ep->secid;
5425 err = selinux_conn_sid(sksec->sid, peersid, &connsid);
5439 newsksec->sid = req->secid;
5441 /* NOTE: Ideally, we should also get the isec->sid for the
5463 static int selinux_secmark_relabel_packet(u32 sid)
5469 tsid = __tsec->sid;
5472 tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO,
5499 tunsec->sid = current_sid();
5512 u32 sid = current_sid();
5522 sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
5531 current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
5547 sksec->sid = tunsec->sid;
5556 u32 sid = current_sid();
5560 sid, tunsec->sid, SECCLASS_TUN_SOCKET,
5565 sid, sid, SECCLASS_TUN_SOCKET,
5569 tunsec->sid = sid;
5654 u32 sid;
5683 sid = sksec->sid;
5685 sid = SECINITSID_KERNEL;
5686 if (selinux_netlbl_skbuff_setsid(skb, family, sid) != 0)
5732 sksec->sid, skb->secmark,
5736 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
5836 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid))
5843 peer_sid = sksec->sid;
5961 isec->sid = current_sid();
5969 u32 sid = current_sid();
5977 sid, isec->sid, isec->sclass, perms, &ad);
5985 msec->sid = SECINITSID_UNLABELED;
5995 u32 sid = current_sid();
6005 sid, isec->sid, SECCLASS_MSGQ,
6014 u32 sid = current_sid();
6022 sid, isec->sid, SECCLASS_MSGQ,
6062 u32 sid = current_sid();
6071 if (msec->sid == SECINITSID_UNLABELED) {
6073 * Compute new sid based on current process and
6076 rc = security_transition_sid(&selinux_state, sid, isec->sid,
6077 SECCLASS_MSG, NULL, &msec->sid);
6087 sid, isec->sid, SECCLASS_MSGQ,
6092 sid, msec->sid, SECCLASS_MSG,
6097 msec->sid, isec->sid, SECCLASS_MSGQ,
6110 u32 sid = task_sid(target);
6120 sid, isec->sid,
6124 sid, msec->sid,
6134 u32 sid = current_sid();
6144 sid, isec->sid, SECCLASS_SHM,
6153 u32 sid = current_sid();
6161 sid, isec->sid, SECCLASS_SHM,
6219 u32 sid = current_sid();
6229 sid, isec->sid, SECCLASS_SEM,
6238 u32 sid = current_sid();
6246 sid, isec->sid, SECCLASS_SEM,
6327 *secid = isec->sid;
6340 u32 sid;
6349 current_sid(), __tsec->sid,
6356 sid = __tsec->sid;
6358 sid = __tsec->osid;
6360 sid = __tsec->exec_sid;
6362 sid = __tsec->create_sid;
6364 sid = __tsec->keycreate_sid;
6366 sid = __tsec->sockcreate_sid;
6373 if (!sid)
6376 error = security_sid_to_context(&selinux_state, sid, value, &len);
6390 u32 mysid = current_sid(), sid = 0, ptsid;
6429 &sid, GFP_KERNEL);
6452 value, size, &sid);
6470 tsec->exec_sid = sid;
6472 tsec->create_sid = sid;
6474 if (sid) {
6475 error = avc_has_perm(&selinux_state, mysid, sid,
6480 tsec->keycreate_sid = sid;
6482 tsec->sockcreate_sid = sid;
6485 if (sid == 0)
6492 tsec->sid, sid);
6499 tsec->sid, sid, SECCLASS_PROCESS,
6509 ptsid, sid, SECCLASS_PROCESS,
6515 tsec->sid = sid;
6604 ksec->sid = tsec->keycreate_sid;
6606 ksec->sid = tsec->sid;
6626 u32 perm, sid;
6658 sid = cred_sid(cred);
6663 sid, ksec->sid, SECCLASS_KEY, perm, NULL);
6673 rc = security_sid_to_context(&selinux_state, ksec->sid,
6685 u32 sid = current_sid();
6688 sid, ksec->sid, SECCLASS_KEY, KEY__VIEW, NULL);
6698 u32 sid = 0;
6702 err = sel_ib_pkey_sid(subnet_prefix, pkey_val, &sid);
6711 sec->sid, sid,
6721 u32 sid = 0;
6726 &sid);
6736 sec->sid, sid,
6748 sec->sid = current_sid();
6764 u32 sid = current_sid();
6770 sid, sid, SECCLASS_BPF, BPF__MAP_CREATE,
6775 sid, sid, SECCLASS_BPF, BPF__PROG_LOAD,
6805 static int bpf_fd_pass(struct file *file, u32 sid)
6816 sid, bpfsec->sid, SECCLASS_BPF,
6824 sid, bpfsec->sid, SECCLASS_BPF,
6834 u32 sid = current_sid();
6839 sid, bpfsec->sid, SECCLASS_BPF,
6845 u32 sid = current_sid();
6850 sid, bpfsec->sid, SECCLASS_BPF,
6862 bpfsec->sid = current_sid();
6884 bpfsec->sid = current_sid();
6902 u32 sid = current_sid();
6919 sid, sid, SECCLASS_LOCKDOWN,
6923 sid, sid, SECCLASS_LOCKDOWN,
6938 u32 requested, sid = current_sid();
6951 return avc_has_perm(&selinux_state, sid, sid, SECCLASS_PERF_EVENT,
6963 perfsec->sid = current_sid();
6980 u32 sid = current_sid();
6982 return avc_has_perm(&selinux_state, sid, perfsec->sid,
6989 u32 sid = current_sid();
6991 return avc_has_perm(&selinux_state, sid, perfsec->sid,