xref: /kernel/linux/linux-6.6/security/selinux/hooks.c

222 static inline u32 cred_sid(const struct cred *cred)
226 	tsec = selinux_cred(cred);
425 			const struct cred *cred)
427 	const struct task_security_struct *tsec = selinux_cred(cred);
442 			const struct cred *cred)
444 	const struct task_security_struct *tsec = selinux_cred(cred);
627 	const struct cred *cred = current_cred();
781 		rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);
811 							  cred);
817 							     cred);
830 						     cred);
849 							     sbsec, cred);
1618 static int cred_has_capability(const struct cred *cred,
1624 	u32 sid = cred_sid(cred);
1656 static int inode_has_perm(const struct cred *cred,
1667 	sid = cred_sid(cred);
1676 static inline int dentry_has_perm(const struct cred *cred,
1686 	return inode_has_perm(cred, inode, av, &ad);
1692 static inline int path_has_perm(const struct cred *cred,
1702 	return inode_has_perm(cred, inode, av, &ad);
1706 static inline int file_path_has_perm(const struct cred *cred,
1714 	return inode_has_perm(cred, file_inode(file), av, &ad);
1729 static int file_has_perm(const struct cred *cred,
1736 	u32 sid = cred_sid(cred);
1752 	rc = bpf_fd_pass(file, cred_sid(cred));
1760 		rc = inode_has_perm(cred, inode, av, &ad);
1938 static int superblock_has_perm(const struct cred *cred,
1944 	u32 sid = cred_sid(cred);
2019 static int selinux_binder_set_context_mgr(const struct cred *mgr)
2025 static int selinux_binder_transaction(const struct cred *from,
2026 				      const struct cred *to)
2044 static int selinux_binder_transfer_binder(const struct cred *from,
2045 					  const struct cred *to)
2052 static int selinux_binder_transfer_file(const struct cred *from,
2053 					const struct cred *to,
2116 static int selinux_capset(struct cred *new, const struct cred *old,
2135 static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
2138 	return cred_has_capability(cred, cap, opts, ns == &init_user_ns);
2143 	const struct cred *cred = current_cred();
2158 		rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);
2167 		rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);
2178 	const struct cred *cred = current_cred();
2180 	return dentry_has_perm(cred, dentry, FILE__QUOTAON);
2305 	new_tsec = selinux_cred(bprm->cred);
2406 static inline void flush_unauthorized_files(const struct cred *cred,
2428 			if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
2439 	n = iterate_fd(files, 0, match_file, cred);
2443 	devnull = dentry_open(&selinux_null, O_RDWR, cred);
2449 	} while ((n = iterate_fd(files, n, match_file, cred)) != 0);
2463 	new_tsec = selinux_cred(bprm->cred);
2468 	flush_unauthorized_files(bprm->cred, current->files);
2725 	const struct cred *cred = current_cred();
2730 	return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);
2735 	const struct cred *cred = current_cred();
2740 	return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);
2749 	const struct cred *cred = current_cred();
2752 		return superblock_has_perm(cred, path->dentry->d_sb,
2755 		return path_has_perm(cred, path, FILE__MOUNTON);
2761 	const struct cred *cred = current_cred();
2763 	return path_has_perm(cred, to_path, FILE__MOUNTON);
2768 	const struct cred *cred = current_cred();
2770 	return superblock_has_perm(cred, mnt->mnt_sb,
2882 					  const struct cred *old,
2883 					  struct cred *new)
3045 	const struct cred *cred = current_cred();
3047 	return dentry_has_perm(cred, dentry, FILE__READ);
3053 	const struct cred *cred = current_cred();
3060 	sid = cred_sid(cred);
3084 	const struct cred *cred = current_cred();
3106 	sid = cred_sid(cred);
3127 	const struct cred *cred = current_cred();
3142 		return dentry_has_perm(cred, dentry, FILE__SETATTR);
3150 	return dentry_has_perm(cred, dentry, av);
3160 	const struct cred *cred = current_cred();
3163 	if (cap_capable(cred, &init_user_ns, CAP_MAC_ADMIN, opts))
3165 	if (cred_has_capability(cred, CAP_MAC_ADMIN, opts, true))
3323 	const struct cred *cred = current_cred();
3325 	return dentry_has_perm(cred, dentry, FILE__GETATTR);
3330 	const struct cred *cred = current_cred();
3332 	return dentry_has_perm(cred, dentry, FILE__GETATTR);
3499 static int selinux_inode_copy_up(struct dentry *src, struct cred **new)
3503 	struct cred *new_creds = *new;
3599 	const struct cred *cred = current_cred();
3606 	return file_has_perm(cred, file,
3645 static int ioctl_has_perm(const struct cred *cred, struct file *file,
3653 	u32 ssid = cred_sid(cred);
3685 	const struct cred *cred = current_cred();
3694 		error = file_has_perm(cred, file, FILE__GETATTR);
3699 		error = file_has_perm(cred, file, FILE__SETATTR);
3705 		error = file_has_perm(cred, file, 0);
3710 		error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,
3717 			error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);
3724 		error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);
3760 	const struct cred *cred = current_cred();
3761 	u32 sid = cred_sid(cred);
3789 		return file_has_perm(cred, file, av);
3833 	const struct cred *cred = current_cred();
3834 	u32 sid = cred_sid(cred);
3854 			rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);
3865 	const struct cred *cred = current_cred();
3867 	return file_has_perm(cred, file, FILE__LOCK);
3873 	const struct cred *cred = current_cred();
3879 			err = file_has_perm(cred, file, FILE__WRITE);
3890 		err = file_has_perm(cred, file, 0);
3903 		err = file_has_perm(cred, file, FILE__LOCK);
3942 	const struct cred *cred = current_cred();
3944 	return file_has_perm(cred, file, file_to_av(file));
3987 static int selinux_cred_prepare(struct cred *new, const struct cred *old,
4000 static void selinux_cred_transfer(struct cred *new, const struct cred *old)
4008 static void selinux_cred_getsecid(const struct cred *c, u32 *secid)
4017 static int selinux_kernel_act_as(struct cred *new, u32 secid)
4040 static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
4176 static int selinux_task_prlimit(const struct cred *cred, const struct cred *tcred,
4187 	return avc_has_perm(cred_sid(cred), cred_sid(tcred),
4226 				int sig, const struct cred *cred)
4235 	if (!cred)
4238 		secid = cred_sid(cred);
4255 static int selinux_userns_create(const struct cred *cred)
6368 	struct cred *new;
6564 static int selinux_key_alloc(struct key *k, const struct cred *cred,
6574 	tsec = selinux_cred(cred);
6593 				  const struct cred *cred,
6630 	sid = cred_sid(cred);
6934  * selinux_uring_override_creds - check the requested cred override
6940 static int selinux_uring_override_creds(const struct cred *new)

Indexes created Thu Nov 07 10:32:03 CST 2024