xref: /security/selinux/hooks.c

1424 	u16 sclass;  in inode_doinit_with_dentry()  local
1435 	if (isec->sclass == SECCLASS_FILE)  in inode_doinit_with_dentry()
1436 		isec->sclass = inode_mode_to_security_class(inode->i_mode);  in inode_doinit_with_dentry()
1450 	sclass = isec->sclass;  in inode_doinit_with_dentry()
1511 					     sclass, NULL, &sid);  in inode_doinit_with_dentry()
1551 			rc = selinux_genfs_get_sid(dentry, sclass,  in inode_doinit_with_dentry()
1634 	u16 sclass;  in cred_has_capability()  local
1644 		sclass = initns ? SECCLASS_CAPABILITY : SECCLASS_CAP_USERNS;  in cred_has_capability()
1647 		sclass = initns ? SECCLASS_CAPABILITY2 : SECCLASS_CAP2_USERNS;  in cred_has_capability()
1655 	rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd);  in cred_has_capability()
1657 		int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad);  in cred_has_capability()
1681 	return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp);  in inode_has_perm()
1895 	rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad);  in may_link()
1924 			  old_isec->sclass, FILE__RENAME, &ad);  in may_rename()
1929 				  old_isec->sclass, DIR__REPARENT, &ad);  in may_rename()
1945 				  new_isec->sclass,  in may_rename()
2102 	return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file),  in selinux_binder_transfer_file()
2869 	isec->sclass = SECCLASS_FILE;  in selinux_inode_alloc_security()
2947 		isec->sclass = newsclass;  in selinux_inode_init_security()
2997 		isec->sclass = context_isec->sclass;  in selinux_inode_init_security_anon()
3000 		isec->sclass = SECCLASS_ANON_INODE;  in selinux_inode_init_security_anon()
3003 			isec->sclass, name, &isec->sid);  in selinux_inode_init_security_anon()
3019 			    isec->sclass,  in selinux_inode_init_security_anon()
3085 	return avc_has_perm(sid, isec->sid, isec->sclass, FILE__READ, &ad);  in selinux_inode_follow_link()
3098 	return slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms,  in audit_inode_permission()
3133 	if (isec->sclass != SECCLASS_DIR)  in task_avdcache_search()
3174 	if (isec->sclass != SECCLASS_DIR)  in task_avdcache_update()
3233 		rc = avc_has_perm_noaudit(tsec->sid, isec->sid, isec->sclass,  in selinux_inode_permission()
3350 	rc = avc_has_perm(sid, isec->sid, isec->sclass,  in selinux_inode_setxattr()
3390 	rc = avc_has_perm(sid, newsid, isec->sclass,  in selinux_inode_setxattr()
3396 					  sid, isec->sclass);  in selinux_inode_setxattr()
3460 	isec->sclass = inode_mode_to_security_class(inode->i_mode);  in selinux_inode_post_setxattr()
3629 	isec->sclass = inode_mode_to_security_class(inode->i_mode);  in selinux_inode_setsecurity()
3836 	rc = avc_has_extended_perms(ssid, isec->sid, isec->sclass, requested,  in ioctl_has_perm()
4463 	isec->sclass = inode_mode_to_security_class(inode->i_mode);  in selinux_task_to_inode()
4789 	return avc_has_perm(current_sid(), sksec->sid, sksec->sclass, perms,  in sock_has_perm()
4818 	u16 sclass = socket_type_to_security_class(family, type, protocol);  in selinux_socket_post_create()  local
4823 		err = socket_sockcreate_sid(tsec, sclass, &sid);  in selinux_socket_post_create()
4828 	isec->sclass = sclass;  in selinux_socket_post_create()
4834 		sksec->sclass = sclass;  in selinux_socket_post_create()
4837 		if (sksec->sclass == SECCLASS_SCTP_SOCKET)  in selinux_socket_post_create()
4946 						   sksec->sclass,  in selinux_socket_bind()
4953 		switch (sksec->sclass) {  in selinux_socket_bind()
4981 				   sksec->sclass, node_perm, &ad);  in selinux_socket_bind()
5020 	if (sksec->sclass == SECCLASS_TCP_SOCKET ||  in selinux_socket_connect_helper()
5021 	    sksec->sclass == SECCLASS_SCTP_SOCKET) {  in selinux_socket_connect_helper()
5051 			if (sksec->sclass == SECCLASS_SCTP_SOCKET)  in selinux_socket_connect_helper()
5061 		switch (sksec->sclass) {  in selinux_socket_connect_helper()
5074 		err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad);  in selinux_socket_connect_helper()
5106 	u16 sclass;  in selinux_socket_accept()  local
5115 	sclass = isec->sclass;  in selinux_socket_accept()
5120 	newisec->sclass = sclass;  in selinux_socket_accept()
5185 			   sksec_other->sclass,  in selinux_socket_unix_stream_connect()
5213 	return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO,  in selinux_socket_unix_may_send()
5344 	if (sksec->sclass == SECCLASS_UNIX_STREAM_SOCKET ||  in selinux_socket_getpeersec_stream()
5345 	    sksec->sclass == SECCLASS_TCP_SOCKET ||  in selinux_socket_getpeersec_stream()
5346 	    sksec->sclass == SECCLASS_SCTP_SOCKET)  in selinux_socket_getpeersec_stream()
5405 	sksec->sclass = SECCLASS_SOCKET;  in selinux_sk_alloc_security()
5425 	newsksec->sclass = sksec->sclass;  in selinux_sk_clone_security()
5450 	sksec->sclass = isec->sclass;  in selinux_sock_graft()
5502 				   sksec->sclass, SCTP_SOCKET__ASSOCIATION,  in selinux_sctp_process_new_assoc()
5660 	newsksec->sclass = sksec->sclass;  in selinux_sctp_sk_clone()
5669 	ssksec->sclass = sksec->sclass;  in selinux_mptcp_add_subflow()
5795 	sksec->sclass = SECCLASS_TUN_SOCKET;  in selinux_tun_dev_attach()
6101 	return avc_has_extended_perms(current_sid(), sksec->sid, sksec->sclass,  in nlmsg_sock_has_extended_perms()
6113 	u16 sclass = sksec->sclass;  in selinux_netlink_send()  local
6128 		rc = selinux_nlmsg_lookup(sclass, nlh->nlmsg_type, &perm);  in selinux_netlink_send()
6144 				secclass_map[sclass - 1].name,  in selinux_netlink_send()
6168 static void ipc_init_security(struct ipc_security_struct *isec, u16 sclass)  in ipc_init_security()  argument
6170 	isec->sclass = sclass;  in ipc_init_security()
6186 	return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad);  in ipc_has_perm()

Last Index update Fri Aug 22 10:33:58 CST 2025