hooks.c - OpenGrok cross reference for /kernel/linux/linux-5.10/security/selinux/hooks.c

Lines Matching refs:this
270 		 * @opt_dentry is NULL and no dentry for this inode can be
334 	 * It should not be possible for this function to be called with
466 	 * IMPORTANT: Double-check logic in this function when adding a new
499 		   the root directory.  -ENODATA is ok, as this may be
634 	 * Binary mount data FS will come through this function twice.  Once
640 	 * mount using this sb set explict options and a second mount using
641 	 * this sb does not set any security options.  (The first options
695 		/* previously mounted with options, but not on this attempt? */
719 		 * Determine the labeling behavior to use for this
731 	 * If this is a user namespace mount and the filesystem type is not
811 			       "invalid for this filesystem type\n");
883 	 * mount options.  thus we can safely deal with this superblock later
1285 #error New address family defined, please update this function.
1456 			 * this is can be hit on boot when a file is accessed
2137  * need to control this operation.  However, SELinux does control the use of
2217  * Do not audit the selinux permission check, as this is applied to all
2337 		/* Check for a default transition on this program. */
2438 			   rather than using file_has_perm, as this particular
2462 	/* replace all the matching ones with this */
4587 		/* Allows detection of the first association on this socket */
4638 		 * that validates multiple binding addresses. Because of this
4788 		 * that validates multiple connect addresses. Because of this
5065 	 * special handling.  We do this in an attempt to keep this function
5300 	 * plug this into the new socket.
5519 	 * get a better understanding of why this socket is special */
5624 		/* we do this in the FORWARD path and not the POST_ROUTING
5659 	/* we do this in the LOCAL_OUT path and not the POST_ROUTING path
5667 			/* if the socket is the listening state then this
5677 			 * security label in the packet itself this is the
5758 	 * special handling.  We do this in an attempt to keep this function
5776 	 *       is NULL, in this case go ahead and apply access control.
5777 	 * NOTE: if this is a local socket (skb->sk != NULL) that is in the
5780 	 *       unfortunately, this means more work, but it is only once per
5802 		 * listening state which means this is a SYN-ACK packet.  In
5803 		 * this particular case the correct security label is assigned
5816 		/* At this point, if the returned skb peerlbl is SECSID_NULL
5820 		 * all of our access controls on this packet we can safely
6074 		 * message queue this message will be stored in
6085 	/* Can this process write to the queue? */
6090 		/* Can this process send the message */
6165 /* Note, at this point, shp is locked down */
6250 /* Note, at this point, sma is locked down */
6802  * access the bpf object and that's why we have to add this additional check in
6997  * IMPORTANT NOTE: When adding new hooks, please be careful to keep this order:
7005  * Please follow block comment delimiters in the list to keep this order.
7453 		/* Only do this once. */