Lines Matching refs:file
5 * This file contains the SELinux hook function implementations.
44 #include <linux/file.h>
790 * sets the label used on all file below the mountpoint, and will set
1474 * this is can be hit on boot when a file is accessed
1530 * This can be hit on boot when a file is accessed
1705 /* Same as path_has_perm, but uses the inode from the file struct. */
1707 struct file *file,
1713 ad.u.file = file;
1714 return inode_has_perm(cred, file_inode(file), av, &ad);
1718 static int bpf_fd_pass(const struct file *file, u32 sid);
1721 /* Check whether a task can use an open file descriptor to
1724 check a particular permission to the file.
1727 access to the file is not checked, e.g. for cases
1730 struct file *file,
1733 struct file_security_struct *fsec = selinux_file(file);
1734 struct inode *inode = file_inode(file);
1740 ad.u.file = file;
1752 rc = bpf_fd_pass(file, cred_sid(cred));
1794 /* Check whether a task can create a file. */
1838 /* Check whether a task can link, unlink, or rmdir a file/directory. */
1978 /* Convert a Linux file to an access vector. */
1979 static inline u32 file_to_av(const struct file *file)
1983 if (file->f_mode & FMODE_READ)
1985 if (file->f_mode & FMODE_WRITE) {
1986 if (file->f_flags & O_APPEND)
1993 * Special file opened with flags 3 for ioctl-only use.
2002 * Convert a file to an access vector and include the correct
2005 static inline u32 open_file_to_av(struct file *file)
2007 u32 av = file_to_av(file);
2008 struct inode *inode = file_inode(file);
2054 const struct file *file)
2057 struct file_security_struct *fsec = selinux_file(file);
2058 struct dentry *dentry = file->f_path.dentry;
2064 ad.u.path = file->f_path;
2076 rc = bpf_fd_pass(file, sid);
2085 return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file),
2244 int nosuid = !mnt_may_suid(bprm->file->f_path.mnt);
2285 * nosuid: Permission denied to file.
2298 struct inode *inode = file_inode(bprm->file);
2344 ad.u.file = bprm->file;
2400 static int match_file(const void *p, struct file *file, unsigned fd)
2402 return file_has_perm(p, file, file_to_av(file)) ? fd + 1 : 0;
2409 struct file *file, *devnull = NULL;
2423 open file may belong to another process and we are
2427 file = file_priv->file;
2428 if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))
3389 /* blocking watches require the file:watch_with_perm permission */
3393 /* watches on read-like events need the file:watch_reads permission */
3595 /* file security operations */
3597 static int selinux_revalidate_file_permission(struct file *file, int mask)
3600 struct inode *inode = file_inode(file);
3603 if ((file->f_flags & O_APPEND) && (mask & MAY_WRITE))
3606 return file_has_perm(cred, file,
3610 static int selinux_file_permission(struct file *file, int mask)
3612 struct inode *inode = file_inode(file);
3613 struct file_security_struct *fsec = selinux_file(file);
3627 return selinux_revalidate_file_permission(file, mask);
3630 static int selinux_file_alloc_security(struct file *file)
3632 struct file_security_struct *fsec = selinux_file(file);
3645 static int ioctl_has_perm(const struct cred *cred, struct file *file,
3649 struct file_security_struct *fsec = selinux_file(file);
3650 struct inode *inode = file_inode(file);
3661 ad.u.op->path = file->f_path;
3682 static int selinux_file_ioctl(struct file *file, unsigned int cmd,
3694 error = file_has_perm(cred, file, FILE__GETATTR);
3699 error = file_has_perm(cred, file, FILE__SETATTR);
3705 error = file_has_perm(cred, file, 0);
3717 error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);
3721 * to the file's ioctl() function.
3724 error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);
3729 static int selinux_file_ioctl_compat(struct file *file, unsigned int cmd,
3753 return selinux_file_ioctl(file, cmd, arg);
3758 static int file_map_prot_check(struct file *file, unsigned long prot, int shared)
3765 (prot & PROT_EXEC) && (!file || IS_PRIVATE(file_inode(file)) ||
3769 * private file mapping that will also be writable.
3778 if (file) {
3789 return file_has_perm(cred, file, av);
3809 static int selinux_mmap_file(struct file *file,
3816 if (file) {
3818 ad.u.file = file;
3819 rc = inode_has_perm(current_cred(), file_inode(file),
3825 return file_map_prot_check(file, prot,
3848 * We are making executable a file mapping that has
3863 static int selinux_file_lock(struct file *file, unsigned int cmd)
3867 return file_has_perm(cred, file, FILE__LOCK);
3870 static int selinux_file_fcntl(struct file *file, unsigned int cmd,
3878 if ((file->f_flags & O_APPEND) && !(arg & O_APPEND)) {
3879 err = file_has_perm(cred, file, FILE__WRITE);
3890 err = file_has_perm(cred, file, 0);
3903 err = file_has_perm(cred, file, FILE__LOCK);
3910 static void selinux_file_set_fowner(struct file *file)
3914 fsec = selinux_file(file);
3921 struct file *file;
3926 /* struct fown_struct is never outside the context of a struct file */
3927 file = container_of(fown, struct file, f_owner);
3929 fsec = selinux_file(file);
3940 static int selinux_file_receive(struct file *file)
3944 return file_has_perm(cred, file, file_to_av(file));
3947 static int selinux_file_open(struct file *file)
3952 fsec = selinux_file(file);
3953 isec = inode_security(file_inode(file));
3958 * Task label is already saved in the file security
3971 return file_path_has_perm(file->f_cred, file, open_file_to_av(file));
4037 * set the file creation context in a security record to the same as the
4068 static int selinux_kernel_module_from_file(struct file *file)
4077 if (file == NULL)
4084 ad.u.file = file;
4086 fsec = selinux_file(file);
4093 isec = inode_security(file_inode(file));
4098 static int selinux_kernel_read_file(struct file *file,
4106 rc = selinux_kernel_module_from_file(contents ? file : NULL);
6441 checks and may_create for the file creation checks. The
6763 /* This function will check the file pass through unix socket or binder to see
6771 static int bpf_fd_pass(const struct file *file, u32 sid)
6778 if (file->f_op == &bpf_map_fops) {
6779 map = file->private_data;
6782 bpf_map_fmode_to_av(file->f_mode), NULL);
6785 } else if (file->f_op == &bpf_prog_fops) {
6786 prog = file->private_data;
6965 * IORING_OP_URING_CMD against the device/file specified in @ioucmd.
6970 struct file *file = ioucmd->file;
6971 struct inode *inode = file_inode(file);
6976 ad.u.file = file;