Lines Matching defs:inode
268 static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry);
271 * Try reloading inode security labels that have been marked as invalid. The
274 * invalid. The @dentry parameter should be set to a dentry of the inode.
276 static int __inode_security_revalidate(struct inode *inode,
280 struct inode_security_struct *isec = selinux_inode(inode);
290 * Try reloading the inode security label. This will fail if
291 * @opt_dentry is NULL and no dentry for this inode can be
294 inode_doinit_with_dentry(inode, dentry);
299 static struct inode_security_struct *inode_security_novalidate(struct inode *inode)
301 return selinux_inode(inode);
304 static struct inode_security_struct *inode_security_rcu(struct inode *inode, bool rcu)
308 error = __inode_security_revalidate(inode, NULL, !rcu);
311 return selinux_inode(inode);
315 * Get the security label of an inode.
317 static struct inode_security_struct *inode_security(struct inode *inode)
319 __inode_security_revalidate(inode, NULL, true);
320 return selinux_inode(inode);
325 struct inode *inode = d_backing_inode(dentry);
327 return selinux_inode(inode);
331 * Get the security label of a dentry's backing inode.
335 struct inode *inode = d_backing_inode(dentry);
337 __inode_security_revalidate(inode, dentry, true);
338 return selinux_inode(inode);
341 static void inode_free_security(struct inode *inode)
343 struct inode_security_struct *isec = selinux_inode(inode);
348 sbsec = selinux_superblock(inode->i_sb);
350 * As not all inode security structures are in a list, we check for
501 struct inode *root_inode = d_backing_inode(root);
550 struct inode *root_inode = d_backing_inode(root);
571 /* Initialize the root inode. */
583 struct inode *inode = isec->inode;
586 inode = igrab(inode);
587 if (inode) {
588 if (!IS_PRIVATE(inode))
589 inode_doinit_with_dentry(inode, NULL);
590 iput(inode);
1346 static int inode_doinit_use_xattr(struct inode *inode, struct dentry *dentry,
1360 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len);
1365 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, NULL, 0);
1375 rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX,
1382 __func__, -rc, inode->i_sb->s_id, inode->i_ino);
1392 char *dev = inode->i_sb->s_id;
1393 unsigned long ino = inode->i_ino;
1396 pr_notice_ratelimited("SELinux: inode=%lu on dev=%s was found to have an invalid context=%s. This indicates you may need to relabel the inode or the filesystem in question.\n",
1407 /* The inode's security attributes must be initialized before first use. */
1408 static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dentry)
1411 struct inode_security_struct *isec = selinux_inode(inode);
1425 isec->sclass = inode_mode_to_security_class(inode->i_mode);
1427 sbsec = selinux_superblock(inode->i_sb);
1452 if (!(inode->i_opflags & IOP_XATTR)) {
1457 Life would be simpler if we could just pass the inode. */
1468 dentry = d_find_alias(inode);
1470 dentry = d_find_any_alias(inode);
1485 rc = inode_doinit_use_xattr(inode, dentry, sbsec->def_sid,
1512 (!S_ISLNK(inode->i_mode) ||
1525 dentry = d_find_alias(inode);
1527 dentry = d_find_any_alias(inode);
1548 (inode->i_opflags & IOP_XATTR)) {
1549 rc = inode_doinit_use_xattr(inode, dentry,
1653 /* Check whether a task has a particular permission to an inode.
1657 struct inode *inode,
1664 if (unlikely(IS_PRIVATE(inode)))
1668 isec = selinux_inode(inode);
1680 struct inode *inode = d_backing_inode(dentry);
1685 __inode_security_revalidate(inode, dentry, true);
1686 return inode_has_perm(cred, inode, av, &ad);
1696 struct inode *inode = d_backing_inode(path->dentry);
1701 __inode_security_revalidate(inode, path->dentry, true);
1702 return inode_has_perm(cred, inode, av, &ad);
1705 /* Same as path_has_perm, but uses the inode from the file struct. */
1722 access an inode in a given way. Check access to the
1734 struct inode *inode = file_inode(file);
1760 rc = inode_has_perm(cred, inode, av, &ad);
1767 * Determine the label for an inode that might be unioned.
1771 struct inode *dir,
1795 static int may_create(struct inode *dir,
1839 static int may_link(struct inode *dir,
1882 static inline int may_rename(struct inode *old_dir,
1884 struct inode *new_dir,
2008 struct inode *inode = file_inode(file);
2011 inode->i_sb->s_magic != SOCKFS_MAGIC)
2298 struct inode *inode = file_inode(bprm->file);
2306 isec = inode_security(inode);
2424 only interested in the inode-based check here. */
2835 /* inode security operations */
2837 static int selinux_inode_alloc_security(struct inode *inode)
2839 struct inode_security_struct *isec = selinux_inode(inode);
2844 isec->inode = inode;
2853 static void selinux_inode_free_security(struct inode *inode)
2855 inode_free_security(inode);
2901 static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2917 inode_mode_to_security_class(inode->i_mode),
2924 struct inode_security_struct *isec = selinux_inode(inode);
2925 isec->sclass = inode_mode_to_security_class(inode->i_mode);
2947 static int selinux_inode_init_security_anon(struct inode *inode,
2949 const struct inode *context_inode)
2959 isec = selinux_inode(inode);
2962 * We only get here once per ephemeral inode. The inode has
2989 * allowed to actually create this type of anonymous inode.
3002 static int selinux_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode)
3007 static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
3012 static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
3017 static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const char *name)
3022 static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, umode_t mask)
3027 static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
3032 static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
3037 static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
3038 struct inode *new_inode, struct dentry *new_dentry)
3050 static int selinux_inode_follow_link(struct dentry *dentry, struct inode *inode,
3061 isec = inode_security_rcu(inode, rcu);
3068 static noinline int audit_inode_permission(struct inode *inode,
3073 struct inode_security_struct *isec = selinux_inode(inode);
3076 ad.u.inode = inode;
3082 static int selinux_inode_permission(struct inode *inode, int mask)
3101 if (unlikely(IS_PRIVATE(inode)))
3104 perms = file_mask_to_av(inode->i_mode, mask);
3107 isec = inode_security_rcu(inode, no_block);
3119 rc2 = audit_inode_permission(inode, perms, audited, denied, rc);
3128 struct inode *inode = d_backing_inode(dentry);
3145 inode->i_sb->s_magic != SOCKFS_MAGIC &&
3174 struct inode *inode = d_backing_inode(dentry);
3192 return (inode_owner_or_capable(idmap, inode) ? 0 : -EPERM);
3194 sbsec = selinux_superblock(inode->i_sb);
3198 if (!inode_owner_or_capable(idmap, inode))
3285 struct inode *inode = d_backing_inode(dentry);
3309 inode->i_sb->s_id, inode->i_ino, -rc);
3315 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3401 * Copy the inode security context value to the user.
3406 struct inode *inode, const char *name,
3431 isec = inode_security(inode);
3450 static int selinux_inode_setsecurity(struct inode *inode, const char *name,
3453 struct inode_security_struct *isec = inode_security_novalidate(inode);
3461 sbsec = selinux_superblock(inode->i_sb);
3474 isec->sclass = inode_mode_to_security_class(inode->i_mode);
3481 static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size)
3493 static void selinux_inode_getsecid(struct inode *inode, u32 *secid)
3495 struct inode_security_struct *isec = inode_security_novalidate(inode);
3512 /* Get label from overlay inode and set it in create_sid */
3521 /* The copy_up hook above sets the initial context on an inode, but we
3600 struct inode *inode = file_inode(file);
3607 file_mask_to_av(inode->i_mode, mask));
3612 struct inode *inode = file_inode(file);
3621 isec = inode_security(inode);
3643 * operation to an inode.
3650 struct inode *inode = file_inode(file);
3672 if (unlikely(IS_PRIVATE(inode)))
3675 isec = inode_security(inode);
3955 * Save inode label and policy sequence number
3964 * Since the inode label or policy seqno may have changed
3968 * new inode label or new policy.
4038 * objective context of the specified inode
4040 static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)
4042 struct inode_security_struct *isec = inode_security(inode);
4243 struct inode *inode)
4245 struct inode_security_struct *isec = selinux_inode(inode);
4249 isec->sclass = inode_mode_to_security_class(inode->i_mode);
6310 static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
6312 if (inode)
6313 inode_doinit_with_dentry(inode, dentry);
6523 static void selinux_inode_invalidate_secctx(struct inode *inode)
6525 struct inode_security_struct *isec = selinux_inode(inode);
6533 * called with inode->i_mutex locked
6535 static int selinux_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
6537 int rc = selinux_inode_setsecurity(inode, XATTR_SELINUX_SUFFIX,
6544 * called with inode->i_mutex locked
6552 static int selinux_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
6555 len = selinux_inode_getsecurity(&nop_mnt_idmap, inode,
6766 * socket, are using a shared anonymous inode inside the kernel as their inode.
6767 * So checking that inode cannot identify if the process have privilege to
6971 struct inode *inode = file_inode(file);
6972 struct inode_security_struct *isec = selinux_inode(inode);