Lines Matching refs:sid
216 tsec->osid = tsec->sid = SECINITSID_KERNEL;
227 return tsec->sid;
260 u32 sid;
263 sid = cred_sid(__task_cred(task));
265 return sid;
423 static int may_context_mount_sb_relabel(u32 sid,
430 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
435 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM,
440 static int may_context_mount_inode_relabel(u32 sid,
446 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM,
451 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM,
502 u32 sid;
535 SECCLASS_DIR, &sid);
542 sbsec->sid = sid;
687 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
701 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
785 sbsec->sid = fscontext_sid;
814 sbsec->sid = context_sid;
834 root_isec->sid = rootcontext_sid;
880 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid)
889 if (oldroot->sid != newroot->sid)
948 newsbsec->sid = oldsbsec->sid;
965 u32 sid = oldsbsec->mntpoint_sid;
968 newsbsec->sid = sid;
971 newisec->sid = sid;
973 newsbsec->mntpoint_sid = sid;
979 newisec->sid = oldisec->sid;
1051 static int show_sid(struct seq_file *m, u32 sid)
1057 rc = security_sid_to_context(sid, &context, &len);
1086 rc = show_sid(m, sbsec->sid);
1109 rc = show_sid(m, isec->sid);
1311 u32 *sid)
1335 path, tclass, sid);
1338 *sid = SECINITSID_UNLABELED;
1347 u32 def_sid, u32 *sid)
1385 *sid = def_sid;
1389 rc = security_context_to_sid_default(context, rc, sid,
1412 u32 task_sid, sid = 0;
1441 sid = isec->sid;
1453 sid = sbsec->def_sid;
1486 &sid);
1492 sid = task_sid;
1496 sid = sbsec->sid;
1499 rc = security_transition_sid(task_sid, sid,
1500 sclass, NULL, &sid);
1505 sid = sbsec->mntpoint_sid;
1509 sid = sbsec->sid;
1541 sbsec->flags, &sid);
1550 sid, &sid);
1569 isec->sid = sid;
1580 isec->sid = sid;
1624 u32 sid = cred_sid(cred);
1644 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);
1646 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad);
1662 u32 sid;
1667 sid = cred_sid(cred);
1670 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);
1718 static int bpf_fd_pass(const struct file *file, u32 sid);
1736 u32 sid = cred_sid(cred);
1742 if (sid != fsec->sid) {
1743 rc = avc_has_perm(sid, fsec->sid,
1786 return security_transition_sid(tsec->sid,
1787 dsec->sid, tclass,
1802 u32 sid, newsid;
1809 sid = tsec->sid;
1814 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR,
1825 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad);
1829 return avc_has_perm(newsid, sbsec->sid,
1846 u32 sid = current_sid();
1858 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad);
1878 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);
1889 u32 sid = current_sid();
1902 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR,
1906 rc = avc_has_perm(sid, old_isec->sid,
1911 rc = avc_has_perm(sid, old_isec->sid,
1921 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad);
1927 rc = avc_has_perm(sid, new_isec->sid,
1944 u32 sid = cred_sid(cred);
1947 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad);
2056 u32 sid = cred_sid(to);
2066 if (sid != fsec->sid) {
2067 rc = avc_has_perm(sid, fsec->sid,
2076 rc = bpf_fd_pass(file, sid);
2085 return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file),
2092 u32 sid = current_sid();
2096 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ,
2099 return avc_has_perm(sid, csid, SECCLASS_PROCESS, PROCESS__PTRACE,
2227 u32 sid = 0;
2233 sid = task_sid_obj(tracer);
2236 return sid;
2251 if (new_tsec->sid == old_tsec->sid)
2266 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2277 rc = security_bounded_transition(old_tsec->sid,
2278 new_tsec->sid);
2309 new_tsec->sid = old_tsec->sid;
2310 new_tsec->osid = old_tsec->sid;
2318 new_tsec->sid = old_tsec->exec_sid;
2328 rc = security_transition_sid(old_tsec->sid,
2329 isec->sid, SECCLASS_PROCESS, NULL,
2330 &new_tsec->sid);
2340 new_tsec->sid = old_tsec->sid;
2346 if (new_tsec->sid == old_tsec->sid) {
2347 rc = avc_has_perm(old_tsec->sid, isec->sid,
2353 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2358 rc = avc_has_perm(new_tsec->sid, isec->sid,
2365 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2377 rc = avc_has_perm(ptsid, new_tsec->sid,
2391 rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
2464 if (new_tsec->sid == new_tsec->osid)
2483 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS,
2506 u32 osid, sid;
2510 sid = tsec->sid;
2512 if (sid == osid)
2522 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL);
2553 sbsec->sid = SECINITSID_UNLABELED;
2656 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
2669 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
2693 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid,
2705 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid,
2792 opts->fscontext_sid = sbsec->sid;
2840 u32 sid = current_sid();
2845 isec->sid = SECINITSID_UNLABELED;
2847 isec->task_sid = sid;
2926 isec->sid = newsid;
2976 isec->sid = context_isec->sid;
2980 tsec->sid, tsec->sid,
2981 isec->sclass, name, &isec->sid);
2995 return avc_has_perm(tsec->sid,
2996 isec->sid,
3056 u32 sid;
3060 sid = cred_sid(cred);
3065 return avc_has_perm(sid, isec->sid, isec->sclass, FILE__READ, &ad);
3078 return slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,
3089 u32 sid;
3106 sid = cred_sid(cred);
3111 rc = avc_has_perm_noaudit(sid, isec->sid, isec->sclass, perms, 0,
3178 u32 newsid, sid = current_sid();
3205 rc = avc_has_perm(sid, isec->sid, isec->sclass,
3245 rc = avc_has_perm(sid, newsid, isec->sclass,
3250 rc = security_validate_transition(isec->sid, newsid,
3251 sid, isec->sclass);
3256 sbsec->sid,
3316 isec->sid = newsid;
3433 error = security_sid_to_context_force(isec->sid, &context,
3436 error = security_sid_to_context(isec->sid,
3475 isec->sid = newsid;
3496 *secid = isec->sid;
3501 u32 sid;
3513 selinux_inode_getsecid(d_inode(src), &sid);
3514 tsec->create_sid = sid;
3576 rc = security_transition_sid(tsec->sid,
3615 u32 sid = current_sid();
3622 if (sid == fsec->sid && fsec->isid == isec->sid &&
3633 u32 sid = current_sid();
3635 fsec->sid = sid;
3636 fsec->fown_sid = sid;
3663 if (ssid != fsec->sid) {
3664 rc = avc_has_perm(ssid, fsec->sid,
3676 rc = avc_has_extended_perms(ssid, isec->sid, isec->sclass,
3761 u32 sid = cred_sid(cred);
3772 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS,
3801 u32 sid = current_sid();
3802 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT,
3834 u32 sid = cred_sid(cred);
3840 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS,
3844 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS,
3922 u32 sid = task_sid_obj(tsk);
3936 return avc_has_perm(fsec->fown_sid, sid,
3961 fsec->isid = isec->sid;
3979 u32 sid = current_sid();
3981 return avc_has_perm(sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL);
4020 u32 sid = current_sid();
4023 ret = avc_has_perm(sid, secid,
4028 tsec->sid = secid;
4044 u32 sid = current_sid();
4047 ret = avc_has_perm(sid, isec->sid,
4053 tsec->create_sid = isec->sid;
4073 u32 sid = current_sid();
4078 return avc_has_perm(sid, sid, SECCLASS_SYSTEM,
4087 if (sid != fsec->sid) {
4088 rc = avc_has_perm(sid, fsec->sid, SECCLASS_FD, FD__USE, &ad);
4094 return avc_has_perm(sid, isec->sid, SECCLASS_SYSTEM,
4246 u32 sid = task_sid_obj(p);
4250 isec->sid = sid;
4257 u32 sid = current_sid();
4259 return avc_has_perm(sid, sid, SECCLASS_USER_NAMESPACE,
4493 * @sid: the packet's peer label SID
4499 * returns zero if the value in @sid is valid (although it may be SECSID_NULL)
4500 * or -EACCES if @sid is invalid due to inconsistencies with the different
4504 static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid)
4519 nlbl_type, xfrm_sid, sid);
4565 return security_transition_sid(tsec->sid, tsec->sid,
4575 if (sksec->sid == SECINITSID_KERNEL)
4580 return avc_has_perm(current_sid(), sksec->sid, sksec->sclass, perms,
4600 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL);
4610 u32 sid = SECINITSID_KERNEL;
4614 err = socket_sockcreate_sid(tsec, sclass, &sid);
4620 isec->sid = sid;
4626 sksec->sid = sid;
4643 sksec_a->peer_sid = sksec_b->sid;
4644 sksec_b->peer_sid = sksec_a->sid;
4674 u32 sid, node_perm;
4733 snum, &sid);
4736 err = avc_has_perm(sksec->sid, sid,
4766 err = sel_netnode_sid(addrp, family_sa, &sid);
4775 err = avc_has_perm(sksec->sid, sid,
4823 u32 sid, perm;
4853 err = sel_netport_sid(sk->sk_protocol, snum, &sid);
4873 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad);
4906 u32 sid;
4915 sid = isec->sid;
4920 newisec->sid = sid;
4983 err = avc_has_perm(sksec_sock->sid, sksec_other->sid,
4990 sksec_new->peer_sid = sksec_sock->sid;
4991 err = security_sid_mls_copy(sksec_other->sid,
4992 sksec_sock->sid, &sksec_new->sid);
4997 sksec_sock->peer_sid = sksec_new->sid;
5012 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,
5044 u32 sk_sid = sksec->sid;
5064 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad);
5074 u32 sk_sid = sksec->sid;
5185 peer_secid = isec->sid;
5205 sksec->sid = SECINITSID_UNLABELED;
5227 newsksec->sid = sksec->sid;
5241 *secid = sksec->sid;
5253 isec->sid = sksec->sid;
5338 err = selinux_conn_sid(sksec->sid, asoc->peer_secid, &conn_sid);
5363 asoc->secid = sksec->sid;
5462 newsksec->sid = asoc->secid;
5474 ssksec->sid = sksec->sid;
5495 err = selinux_conn_sid(sksec->sid, peersid, &connsid);
5509 newsksec->sid = req->secid;
5511 /* NOTE: Ideally, we should also get the isec->sid for the
5533 static int selinux_secmark_relabel_packet(u32 sid)
5539 tsid = tsec->sid;
5541 return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO,
5568 tunsec->sid = current_sid();
5581 u32 sid = current_sid();
5590 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE,
5598 return avc_has_perm(current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET,
5614 sksec->sid = tunsec->sid;
5623 u32 sid = current_sid();
5626 err = avc_has_perm(sid, tunsec->sid, SECCLASS_TUN_SOCKET,
5630 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET,
5634 tunsec->sid = sid;
5700 u32 sid;
5729 sid = sksec->sid;
5731 sid = SECINITSID_KERNEL;
5732 if (selinux_netlbl_skbuff_setsid(skb, state->pf, sid) != 0)
5758 if (avc_has_perm(sksec->sid, skb->secmark,
5762 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto))
5863 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid))
5870 peer_sid = sksec->sid;
5966 isec->sid = current_sid();
5974 u32 sid = current_sid();
5981 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);
5989 msec->sid = SECINITSID_UNLABELED;
5999 u32 sid = current_sid();
6007 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
6015 u32 sid = current_sid();
6022 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
6059 u32 sid = current_sid();
6068 if (msec->sid == SECINITSID_UNLABELED) {
6070 * Compute new sid based on current process and
6073 rc = security_transition_sid(sid, isec->sid,
6074 SECCLASS_MSG, NULL, &msec->sid);
6083 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ,
6087 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG,
6091 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ,
6104 u32 sid = task_sid_obj(target);
6113 rc = avc_has_perm(sid, isec->sid,
6116 rc = avc_has_perm(sid, msec->sid,
6126 u32 sid = current_sid();
6134 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
6142 u32 sid = current_sid();
6149 return avc_has_perm(sid, isec->sid, SECCLASS_SHM,
6204 u32 sid = current_sid();
6212 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
6220 u32 sid = current_sid();
6227 return avc_has_perm(sid, isec->sid, SECCLASS_SEM,
6307 *secid = isec->sid;
6320 u32 sid;
6328 error = avc_has_perm(current_sid(), __tsec->sid,
6335 sid = __tsec->sid;
6337 sid = __tsec->osid;
6339 sid = __tsec->exec_sid;
6341 sid = __tsec->create_sid;
6343 sid = __tsec->keycreate_sid;
6345 sid = __tsec->sockcreate_sid;
6352 if (!sid)
6355 error = security_sid_to_context(sid, value, &len);
6369 u32 mysid = current_sid(), sid = 0, ptsid;
6403 &sid, GFP_KERNEL);
6427 &sid);
6445 tsec->exec_sid = sid;
6447 tsec->create_sid = sid;
6449 if (sid) {
6450 error = avc_has_perm(mysid, sid,
6455 tsec->keycreate_sid = sid;
6457 tsec->sockcreate_sid = sid;
6460 if (sid == 0)
6465 error = security_bounded_transition(tsec->sid, sid);
6471 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS,
6480 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS,
6486 tsec->sid = sid;
6576 ksec->sid = tsec->keycreate_sid;
6578 ksec->sid = tsec->sid;
6598 u32 perm, sid;
6630 sid = cred_sid(cred);
6634 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL);
6644 rc = security_sid_to_context(ksec->sid,
6656 u32 sid = current_sid();
6658 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, KEY__VIEW, NULL);
6668 u32 sid = 0;
6672 err = sel_ib_pkey_sid(subnet_prefix, pkey_val, &sid);
6680 return avc_has_perm(sec->sid, sid,
6690 u32 sid = 0;
6695 &sid);
6704 return avc_has_perm(sec->sid, sid,
6716 sec->sid = current_sid();
6732 u32 sid = current_sid();
6737 ret = avc_has_perm(sid, sid, SECCLASS_BPF, BPF__MAP_CREATE,
6741 ret = avc_has_perm(sid, sid, SECCLASS_BPF, BPF__PROG_LOAD,
6771 static int bpf_fd_pass(const struct file *file, u32 sid)
6781 ret = avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF,
6788 ret = avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF,
6798 u32 sid = current_sid();
6802 return avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF,
6808 u32 sid = current_sid();
6812 return avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF,
6824 bpfsec->sid = current_sid();
6846 bpfsec->sid = current_sid();
6874 u32 requested, sid = current_sid();
6887 return avc_has_perm(sid, sid, SECCLASS_PERF_EVENT,
6899 perfsec->sid = current_sid();
6916 u32 sid = current_sid();
6918 return avc_has_perm(sid, perfsec->sid,
6925 u32 sid = current_sid();
6927 return avc_has_perm(sid, perfsec->sid,
6954 u32 sid = current_sid();
6956 return avc_has_perm(sid, sid,
6978 return avc_has_perm(current_sid(), isec->sid,