hooks.c - OpenGrok cross reference for /kernel/linux/linux-6.6/security/selinux/hooks.c

Lines Matching refs:this
291 		 * @opt_dentry is NULL and no dentry for this inode can be
355 	 * It should not be possible for this function to be called with
474 	 * IMPORTANT: Double-check logic in this function when adding a new
508 	 * the root directory.  -ENODATA is ok, as this may be
663 	 * Binary mount data FS will come through this function twice.  Once
669 	 * mount using this sb set explicit options and a second mount using
670 	 * this sb does not set any security options.  (The first options
716 		/* previously mounted with options, but not on this attempt? */
741 		 * Determine the labeling behavior to use for this
753 	 * If this is a user namespace mount and the filesystem type is not
843 			       "invalid for this filesystem type\n");
925 	 * mount options.  thus we can safely deal with this superblock later
1300 #error New address family defined, please update this function.
1474 			 * this is can be hit on boot when a file is accessed
2131  * need to control this operation.  However, SELinux does control the use of
2208  * Do not audit the selinux permission check, as this is applied to all
2327 		/* Check for a default transition on this program. */
2422 			   rather than using file_has_perm, as this particular
2446 	/* replace all the matching ones with this */
2989 	 * allowed to actually create this type of anonymous inode.
4627 		/* Allows detection of the first association on this socket */
4678 		 * that validates multiple binding addresses. Because of this
4826 		 * that validates multiple connect addresses. Because of this
5088 	 * special handling.  We do this in an attempt to keep this function
5336 	 * plug this into the new socket.
5359 	/* Inherit secid from the parent socket - this will be picked up
5588 	 * get a better understanding of why this socket is special */
5686 		/* we do this in the FORWARD path and not the POST_ROUTING
5705 	/* we do this in the LOCAL_OUT path and not the POST_ROUTING path
5713 			/* if the socket is the listening state then this
5723 			 * security label in the packet itself this is the
5784 	 * special handling.  We do this in an attempt to keep this function
5802 	 *       is NULL, in this case go ahead and apply access control.
5803 	 * NOTE: if this is a local socket (skb->sk != NULL) that is in the
5806 	 *       unfortunately, this means more work, but it is only once per
5829 		 * listening state which means this is a SYN-ACK packet.  In
5830 		 * this particular case the correct security label is assigned
5843 		/* At this point, if the returned skb peerlbl is SECSID_NULL
5847 		 * all of our access controls on this packet we can safely
6071 		 * message queue this message will be stored in
6082 	/* Can this process write to the queue? */
6086 		/* Can this process send the message */
6153 /* Note, at this point, shp is locked down */
6231 /* Note, at this point, sma is locked down */
6768  * access the bpf object and that's why we have to add this additional check in
6984  * IMPORTANT NOTE: When adding new hooks, please be careful to keep this order:
6992  * Please follow block comment delimiters in the list to keep this order.