Lines Matching refs:sid
218 tsec->osid = tsec->sid = tsec->avdcache.sid = SECINITSID_KERNEL; in cred_init_security()
229 return tsec->sid; in cred_sid()
262 u32 sid; in task_sid_obj() local
265 sid = cred_sid(__task_cred(task)); in task_sid_obj()
267 return sid; in task_sid_obj()
436 static int may_context_mount_sb_relabel(u32 sid, in may_context_mount_sb_relabel() argument
443 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_sb_relabel()
448 rc = avc_has_perm(tsec->sid, sid, SECCLASS_FILESYSTEM, in may_context_mount_sb_relabel()
453 static int may_context_mount_inode_relabel(u32 sid, in may_context_mount_inode_relabel() argument
459 rc = avc_has_perm(tsec->sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_inode_relabel()
464 rc = avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, in may_context_mount_inode_relabel()
515 u32 sid; in sb_check_xattr_support() local
548 SECCLASS_DIR, &sid); in sb_check_xattr_support()
555 sbsec->sid = sid; in sb_check_xattr_support()
700 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, in selinux_set_mnt_opts()
714 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, in selinux_set_mnt_opts()
798 sbsec->sid = fscontext_sid; in selinux_set_mnt_opts()
827 sbsec->sid = context_sid; in selinux_set_mnt_opts()
847 root_isec->sid = rootcontext_sid; in selinux_set_mnt_opts()
893 if ((oldflags & FSCONTEXT_MNT) && old->sid != new->sid) in selinux_cmp_sb_context()
902 if (oldroot->sid != newroot->sid) in selinux_cmp_sb_context()
961 newsbsec->sid = oldsbsec->sid; in selinux_sb_clone_mnt_opts()
978 u32 sid = oldsbsec->mntpoint_sid; in selinux_sb_clone_mnt_opts() local
981 newsbsec->sid = sid; in selinux_sb_clone_mnt_opts()
984 newisec->sid = sid; in selinux_sb_clone_mnt_opts()
986 newsbsec->mntpoint_sid = sid; in selinux_sb_clone_mnt_opts()
992 newisec->sid = oldisec->sid; in selinux_sb_clone_mnt_opts()
1064 static int show_sid(struct seq_file *m, u32 sid) in show_sid() argument
1070 rc = security_sid_to_context(sid, &context, &len); in show_sid()
1099 rc = show_sid(m, sbsec->sid); in selinux_sb_show_options()
1122 rc = show_sid(m, isec->sid); in selinux_sb_show_options()
1322 u32 *sid) in selinux_genfs_get_sid() argument
1346 path, tclass, sid); in selinux_genfs_get_sid()
1349 *sid = SECINITSID_UNLABELED; in selinux_genfs_get_sid()
1358 u32 def_sid, u32 *sid) in inode_doinit_use_xattr() argument
1396 *sid = def_sid; in inode_doinit_use_xattr()
1400 rc = security_context_to_sid_default(context, rc, sid, in inode_doinit_use_xattr()
1423 u32 task_sid, sid = 0; in inode_doinit_with_dentry() local
1452 sid = isec->sid; in inode_doinit_with_dentry()
1464 sid = sbsec->def_sid; in inode_doinit_with_dentry()
1497 &sid); in inode_doinit_with_dentry()
1503 sid = task_sid; in inode_doinit_with_dentry()
1507 sid = sbsec->sid; in inode_doinit_with_dentry()
1510 rc = security_transition_sid(task_sid, sid, in inode_doinit_with_dentry()
1511 sclass, NULL, &sid); in inode_doinit_with_dentry()
1516 sid = sbsec->mntpoint_sid; in inode_doinit_with_dentry()
1520 sid = sbsec->sid; in inode_doinit_with_dentry()
1552 sbsec->flags, &sid); in inode_doinit_with_dentry()
1561 sid, &sid); in inode_doinit_with_dentry()
1580 isec->sid = sid; in inode_doinit_with_dentry()
1591 isec->sid = sid; in inode_doinit_with_dentry()
1635 u32 sid = cred_sid(cred); in cred_has_capability() local
1655 rc = avc_has_perm_noaudit(sid, sid, sclass, av, 0, &avd); in cred_has_capability()
1657 int rc2 = avc_audit(sid, sid, sclass, av, &avd, rc, &ad); in cred_has_capability()
1673 u32 sid; in inode_has_perm() local
1678 sid = cred_sid(cred); in inode_has_perm()
1681 return avc_has_perm(sid, isec->sid, isec->sclass, perms, adp); in inode_has_perm()
1735 static int bpf_fd_pass(const struct file *file, u32 sid);
1753 u32 sid = cred_sid(cred); in file_has_perm() local
1759 if (sid != fsec->sid) { in file_has_perm()
1760 rc = avc_has_perm(sid, fsec->sid, in file_has_perm()
1803 return security_transition_sid(tsec->sid, in selinux_determine_inode_label()
1804 dsec->sid, tclass, in selinux_determine_inode_label()
1819 u32 sid, newsid; in may_create() local
1826 sid = tsec->sid; in may_create()
1831 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, in may_create()
1842 rc = avc_has_perm(sid, newsid, tclass, FILE__CREATE, &ad); in may_create()
1846 return avc_has_perm(newsid, sbsec->sid, in may_create()
1863 u32 sid = current_sid(); in may_link() local
1875 rc = avc_has_perm(sid, dsec->sid, SECCLASS_DIR, av, &ad); in may_link()
1895 rc = avc_has_perm(sid, isec->sid, isec->sclass, av, &ad); in may_link()
1906 u32 sid = current_sid(); in may_rename() local
1919 rc = avc_has_perm(sid, old_dsec->sid, SECCLASS_DIR, in may_rename()
1923 rc = avc_has_perm(sid, old_isec->sid, in may_rename()
1928 rc = avc_has_perm(sid, old_isec->sid, in may_rename()
1938 rc = avc_has_perm(sid, new_dsec->sid, SECCLASS_DIR, av, &ad); in may_rename()
1944 rc = avc_has_perm(sid, new_isec->sid, in may_rename()
1961 u32 sid = cred_sid(cred); in superblock_has_perm() local
1964 return avc_has_perm(sid, sbsec->sid, SECCLASS_FILESYSTEM, perms, ad); in superblock_has_perm()
2073 u32 sid = cred_sid(to); in selinux_binder_transfer_file() local
2083 if (sid != fsec->sid) { in selinux_binder_transfer_file()
2084 rc = avc_has_perm(sid, fsec->sid, in selinux_binder_transfer_file()
2093 rc = bpf_fd_pass(file, sid); in selinux_binder_transfer_file()
2102 return avc_has_perm(sid, isec->sid, isec->sclass, file_to_av(file), in selinux_binder_transfer_file()
2109 u32 sid = current_sid(); in selinux_ptrace_access_check() local
2113 return avc_has_perm(sid, csid, SECCLASS_FILE, FILE__READ, in selinux_ptrace_access_check()
2116 return avc_has_perm(sid, csid, SECCLASS_PROCESS, PROCESS__PTRACE, in selinux_ptrace_access_check()
2237 u32 sid = 0; in ptrace_parent_sid() local
2243 sid = task_sid_obj(tracer); in ptrace_parent_sid()
2246 return sid; in ptrace_parent_sid()
2261 if (new_tsec->sid == old_tsec->sid) in check_nnp_nosuid()
2276 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in check_nnp_nosuid()
2287 rc = security_bounded_transition(old_tsec->sid, in check_nnp_nosuid()
2288 new_tsec->sid); in check_nnp_nosuid()
2319 new_tsec->sid = old_tsec->sid; in selinux_bprm_creds_for_exec()
2320 new_tsec->osid = old_tsec->sid; in selinux_bprm_creds_for_exec()
2334 new_tsec->sid = SECINITSID_INIT; in selinux_bprm_creds_for_exec()
2341 new_tsec->sid = old_tsec->exec_sid; in selinux_bprm_creds_for_exec()
2351 rc = security_transition_sid(old_tsec->sid, in selinux_bprm_creds_for_exec()
2352 isec->sid, SECCLASS_PROCESS, NULL, in selinux_bprm_creds_for_exec()
2353 &new_tsec->sid); in selinux_bprm_creds_for_exec()
2363 new_tsec->sid = old_tsec->sid; in selinux_bprm_creds_for_exec()
2369 if (new_tsec->sid == old_tsec->sid) { in selinux_bprm_creds_for_exec()
2370 rc = avc_has_perm(old_tsec->sid, isec->sid, in selinux_bprm_creds_for_exec()
2376 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2381 rc = avc_has_perm(new_tsec->sid, isec->sid, in selinux_bprm_creds_for_exec()
2388 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2400 rc = avc_has_perm(ptsid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2414 rc = avc_has_perm(old_tsec->sid, new_tsec->sid, in selinux_bprm_creds_for_exec()
2487 if (new_tsec->sid == new_tsec->osid) in selinux_bprm_committing_creds()
2506 rc = avc_has_perm(new_tsec->osid, new_tsec->sid, SECCLASS_PROCESS, in selinux_bprm_committing_creds()
2529 u32 osid, sid; in selinux_bprm_committed_creds() local
2533 sid = tsec->sid; in selinux_bprm_committed_creds()
2535 if (sid == osid) in selinux_bprm_committed_creds()
2545 rc = avc_has_perm(osid, sid, SECCLASS_PROCESS, PROCESS__SIGINH, NULL); in selinux_bprm_committed_creds()
2576 sbsec->sid = SECINITSID_UNLABELED; in selinux_sb_alloc_security()
2679 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, in selinux_sb_mnt_opts_compat()
2692 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, in selinux_sb_mnt_opts_compat()
2716 if (bad_option(sbsec, FSCONTEXT_MNT, sbsec->sid, in selinux_sb_remount()
2728 if (bad_option(sbsec, ROOTCONTEXT_MNT, root_isec->sid, in selinux_sb_remount()
2815 opts->fscontext_sid = sbsec->sid; in selinux_fs_context_submount()
2863 u32 sid = current_sid(); in selinux_inode_alloc_security() local
2868 isec->sid = SECINITSID_UNLABELED; in selinux_inode_alloc_security()
2870 isec->task_sid = sid; in selinux_inode_alloc_security()
2948 isec->sid = newsid; in selinux_inode_init_security()
2973 u32 sid = current_sid(); in selinux_inode_init_security_anon() local
2998 isec->sid = context_isec->sid; in selinux_inode_init_security_anon()
3002 sid, sid, in selinux_inode_init_security_anon()
3003 isec->sclass, name, &isec->sid); in selinux_inode_init_security_anon()
3017 return avc_has_perm(sid, in selinux_inode_init_security_anon()
3018 isec->sid, in selinux_inode_init_security_anon()
3077 u32 sid = current_sid(); in selinux_inode_follow_link() local
3085 return avc_has_perm(sid, isec->sid, isec->sclass, FILE__READ, &ad); in selinux_inode_follow_link()
3098 return slow_avc_audit(current_sid(), isec->sid, isec->sclass, perms, in audit_inode_permission()
3112 tsec->avdcache.sid = tsec->sid; in task_avdcache_reset()
3136 if (unlikely(tsec->sid != tsec->avdcache.sid || in task_avdcache_search()
3144 if (tsec->avdcache.dir[iter].isid == isec->sid) { in task_avdcache_search()
3180 tsec->avdcache.dir[spot].isid = isec->sid; in task_avdcache_update()
3233 rc = avc_has_perm_noaudit(tsec->sid, isec->sid, isec->sclass, in selinux_inode_permission()
3329 u32 newsid, sid = current_sid(); in selinux_inode_setxattr() local
3350 rc = avc_has_perm(sid, isec->sid, isec->sclass, in selinux_inode_setxattr()
3390 rc = avc_has_perm(sid, newsid, isec->sclass, in selinux_inode_setxattr()
3395 rc = security_validate_transition(isec->sid, newsid, in selinux_inode_setxattr()
3396 sid, isec->sclass); in selinux_inode_setxattr()
3401 sbsec->sid, in selinux_inode_setxattr()
3461 isec->sid = newsid; in selinux_inode_post_setxattr()
3588 error = security_sid_to_context_force(isec->sid, &context, in selinux_inode_getsecurity()
3591 error = security_sid_to_context(isec->sid, in selinux_inode_getsecurity()
3630 isec->sid = newsid; in selinux_inode_setsecurity()
3652 prop->selinux.secid = isec->sid; in selinux_inode_getlsmprop()
3736 rc = security_transition_sid(tsec->sid, in selinux_kernfs_init_security()
3775 u32 sid = current_sid(); in selinux_file_permission() local
3782 if (sid == fsec->sid && fsec->isid == isec->sid && in selinux_file_permission()
3793 u32 sid = current_sid(); in selinux_file_alloc_security() local
3795 fsec->sid = sid; in selinux_file_alloc_security()
3796 fsec->fown_sid = sid; in selinux_file_alloc_security()
3823 if (ssid != fsec->sid) { in ioctl_has_perm()
3824 rc = avc_has_perm(ssid, fsec->sid, in ioctl_has_perm()
3836 rc = avc_has_extended_perms(ssid, isec->sid, isec->sclass, requested, in ioctl_has_perm()
3921 u32 sid = cred_sid(cred); in file_map_prot_check() local
3932 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, in file_map_prot_check()
3961 u32 sid = current_sid(); in selinux_mmap_addr() local
3962 rc = avc_has_perm(sid, sid, SECCLASS_MEMPROTECT, in selinux_mmap_addr()
3994 u32 sid = cred_sid(cred); in selinux_file_mprotect() local
4010 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, in selinux_file_mprotect()
4014 rc = avc_has_perm(sid, sid, SECCLASS_PROCESS, in selinux_file_mprotect()
4092 u32 sid = task_sid_obj(tsk); in selinux_file_send_sigiotask() local
4106 return avc_has_perm(fsec->fown_sid, sid, in selinux_file_send_sigiotask()
4131 fsec->isid = isec->sid; in selinux_file_open()
4149 u32 sid = current_sid(); in selinux_task_alloc() local
4151 return avc_has_perm(sid, sid, SECCLASS_PROCESS, PROCESS__FORK, NULL); in selinux_task_alloc()
4195 u32 sid = current_sid(); in selinux_kernel_act_as() local
4198 ret = avc_has_perm(sid, secid, in selinux_kernel_act_as()
4203 tsec->sid = secid; in selinux_kernel_act_as()
4219 u32 sid = current_sid(); in selinux_kernel_create_files_as() local
4222 ret = avc_has_perm(sid, isec->sid, in selinux_kernel_create_files_as()
4228 tsec->create_sid = isec->sid; in selinux_kernel_create_files_as()
4248 u32 sid = current_sid(); in selinux_kernel_load_from_file() local
4252 return avc_has_perm(sid, sid, SECCLASS_SYSTEM, requested, NULL); in selinux_kernel_load_from_file()
4258 if (sid != fsec->sid) { in selinux_kernel_load_from_file()
4259 rc = avc_has_perm(sid, fsec->sid, SECCLASS_FD, FD__USE, &ad); in selinux_kernel_load_from_file()
4265 return avc_has_perm(sid, isec->sid, SECCLASS_SYSTEM, requested, &ad); in selinux_kernel_load_from_file()
4460 u32 sid = task_sid_obj(p); in selinux_task_to_inode() local
4464 isec->sid = sid; in selinux_task_to_inode()
4471 u32 sid = current_sid(); in selinux_userns_create() local
4473 return avc_has_perm(sid, sid, SECCLASS_USER_NAMESPACE, in selinux_userns_create()
4690 static int selinux_skb_peerlbl_sid(struct sk_buff *skb, u16 family, u32 *sid) in selinux_skb_peerlbl_sid() argument
4705 nlbl_type, xfrm_sid, sid); in selinux_skb_peerlbl_sid()
4751 return security_transition_sid(tsec->sid, tsec->sid, in socket_sockcreate_sid()
4755 static bool sock_skip_has_perm(u32 sid) in sock_skip_has_perm() argument
4757 if (sid == SECINITSID_KERNEL) in sock_skip_has_perm()
4772 sid == SECINITSID_INIT) in sock_skip_has_perm()
4784 if (sock_skip_has_perm(sksec->sid)) in sock_has_perm()
4789 return avc_has_perm(current_sid(), sksec->sid, sksec->sclass, perms, in sock_has_perm()
4809 return avc_has_perm(tsec->sid, newsid, secclass, SOCKET__CREATE, NULL); in selinux_socket_create()
4819 u32 sid = SECINITSID_KERNEL; in selinux_socket_post_create() local
4823 err = socket_sockcreate_sid(tsec, sclass, &sid); in selinux_socket_post_create()
4829 isec->sid = sid; in selinux_socket_post_create()
4835 sksec->sid = sid; in selinux_socket_post_create()
4852 sksec_a->peer_sid = sksec_b->sid; in selinux_socket_socketpair()
4853 sksec_b->peer_sid = sksec_a->sid; in selinux_socket_socketpair()
4883 u32 sid, node_perm; in selinux_socket_bind() local
4942 snum, &sid); in selinux_socket_bind()
4945 err = avc_has_perm(sksec->sid, sid, in selinux_socket_bind()
4971 err = sel_netnode_sid(addrp, family_sa, &sid); in selinux_socket_bind()
4980 err = avc_has_perm(sksec->sid, sid, in selinux_socket_bind()
5027 u32 sid, perm; in selinux_socket_connect_helper() local
5057 err = sel_netport_sid(sk->sk_protocol, snum, &sid); in selinux_socket_connect_helper()
5074 err = avc_has_perm(sksec->sid, sid, sksec->sclass, perm, &ad); in selinux_socket_connect_helper()
5107 u32 sid; in selinux_socket_accept() local
5116 sid = isec->sid; in selinux_socket_accept()
5121 newisec->sid = sid; in selinux_socket_accept()
5184 err = avc_has_perm(sksec_sock->sid, sksec_other->sid, in selinux_socket_unix_stream_connect()
5191 sksec_new->peer_sid = sksec_sock->sid; in selinux_socket_unix_stream_connect()
5192 err = security_sid_mls_copy(sksec_other->sid, in selinux_socket_unix_stream_connect()
5193 sksec_sock->sid, &sksec_new->sid); in selinux_socket_unix_stream_connect()
5198 sksec_sock->peer_sid = sksec_new->sid; in selinux_socket_unix_stream_connect()
5213 return avc_has_perm(ssec->sid, osec->sid, osec->sclass, SOCKET__SENDTO, in selinux_socket_unix_may_send()
5245 u32 sk_sid = sksec->sid; in selinux_sock_rcv_skb_compat()
5265 err = selinux_xfrm_sock_rcv_skb(sksec->sid, skb, &ad); in selinux_sock_rcv_skb_compat()
5275 u32 sk_sid = sksec->sid; in selinux_socket_sock_rcv_skb()
5389 peer_secid = isec->sid; in selinux_socket_getpeersec_dgram()
5404 sksec->sid = SECINITSID_UNLABELED; in selinux_sk_alloc_security()
5423 newsksec->sid = sksec->sid; in selinux_sk_clone_security()
5437 *secid = sksec->sid; in selinux_sk_getsecid()
5449 isec->sid = sksec->sid; in selinux_sock_graft()
5534 err = selinux_conn_sid(sksec->sid, asoc->peer_secid, &conn_sid); in selinux_sctp_assoc_request()
5559 asoc->secid = sksec->sid; in selinux_sctp_assoc_established()
5658 newsksec->sid = asoc->secid; in selinux_sctp_sk_clone()
5670 ssksec->sid = sksec->sid; in selinux_mptcp_add_subflow()
5691 err = selinux_conn_sid(sksec->sid, peersid, &connsid); in selinux_inet_conn_request()
5705 newsksec->sid = req->secid; in selinux_inet_csk_clone()
5729 static int selinux_secmark_relabel_packet(u32 sid) in selinux_secmark_relabel_packet() argument
5731 return avc_has_perm(current_sid(), sid, SECCLASS_PACKET, PACKET__RELABELTO, in selinux_secmark_relabel_packet()
5755 tunsec->sid = current_sid(); in selinux_tun_dev_alloc_security()
5761 u32 sid = current_sid(); in selinux_tun_dev_create() local
5770 return avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, TUN_SOCKET__CREATE, in selinux_tun_dev_create()
5778 return avc_has_perm(current_sid(), tunsec->sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_attach_queue()
5794 sksec->sid = tunsec->sid; in selinux_tun_dev_attach()
5803 u32 sid = current_sid(); in selinux_tun_dev_open() local
5806 err = avc_has_perm(sid, tunsec->sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_open()
5810 err = avc_has_perm(sid, sid, SECCLASS_TUN_SOCKET, in selinux_tun_dev_open()
5814 tunsec->sid = sid; in selinux_tun_dev_open()
5880 u32 sid; in selinux_ip_output() local
5909 sid = sksec->sid; in selinux_ip_output()
5911 sid = SECINITSID_KERNEL; in selinux_ip_output()
5912 if (selinux_netlbl_skbuff_setsid(skb, state->pf, sid) != 0) in selinux_ip_output()
5938 if (avc_has_perm(sksec->sid, skb->secmark, in selinux_ip_postroute_compat()
5942 if (selinux_xfrm_postroute_last(sksec->sid, skb, &ad, proto)) in selinux_ip_postroute_compat()
6043 if (selinux_conn_sid(sksec->sid, skb_sid, &peer_sid)) in selinux_ip_postroute()
6050 peer_sid = sksec->sid; in selinux_ip_postroute()
6092 if (sock_skip_has_perm(sksec->sid)) in nlmsg_sock_has_extended_perms()
6101 return avc_has_extended_perms(current_sid(), sksec->sid, sksec->sclass, in nlmsg_sock_has_extended_perms()
6171 isec->sid = current_sid(); in ipc_init_security()
6179 u32 sid = current_sid(); in ipc_has_perm() local
6186 return avc_has_perm(sid, isec->sid, isec->sclass, perms, &ad); in ipc_has_perm()
6194 msec->sid = SECINITSID_UNLABELED; in selinux_msg_msg_alloc_security()
6204 u32 sid = current_sid(); in selinux_msg_queue_alloc_security() local
6212 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_alloc_security()
6220 u32 sid = current_sid(); in selinux_msg_queue_associate() local
6227 return avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_associate()
6264 u32 sid = current_sid(); in selinux_msg_queue_msgsnd() local
6273 if (msec->sid == SECINITSID_UNLABELED) { in selinux_msg_queue_msgsnd()
6278 rc = security_transition_sid(sid, isec->sid, in selinux_msg_queue_msgsnd()
6279 SECCLASS_MSG, NULL, &msec->sid); in selinux_msg_queue_msgsnd()
6288 rc = avc_has_perm(sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_msgsnd()
6292 rc = avc_has_perm(sid, msec->sid, SECCLASS_MSG, in selinux_msg_queue_msgsnd()
6296 rc = avc_has_perm(msec->sid, isec->sid, SECCLASS_MSGQ, in selinux_msg_queue_msgsnd()
6309 u32 sid = task_sid_obj(target); in selinux_msg_queue_msgrcv() local
6318 rc = avc_has_perm(sid, isec->sid, in selinux_msg_queue_msgrcv()
6321 rc = avc_has_perm(sid, msec->sid, in selinux_msg_queue_msgrcv()
6331 u32 sid = current_sid(); in selinux_shm_alloc_security() local
6339 return avc_has_perm(sid, isec->sid, SECCLASS_SHM, in selinux_shm_alloc_security()
6347 u32 sid = current_sid(); in selinux_shm_associate() local
6354 return avc_has_perm(sid, isec->sid, SECCLASS_SHM, in selinux_shm_associate()
6409 u32 sid = current_sid(); in selinux_sem_alloc_security() local
6417 return avc_has_perm(sid, isec->sid, SECCLASS_SEM, in selinux_sem_alloc_security()
6425 u32 sid = current_sid(); in selinux_sem_associate() local
6432 return avc_has_perm(sid, isec->sid, SECCLASS_SEM, in selinux_sem_associate()
6513 prop->selinux.secid = isec->sid; in selinux_ipc_getlsmprop()
6527 u32 sid; in selinux_lsm_getattr() local
6533 error = avc_has_perm(current_sid(), tsec->sid, in selinux_lsm_getattr()
6540 sid = tsec->sid; in selinux_lsm_getattr()
6543 sid = tsec->osid; in selinux_lsm_getattr()
6546 sid = tsec->exec_sid; in selinux_lsm_getattr()
6549 sid = tsec->create_sid; in selinux_lsm_getattr()
6552 sid = tsec->keycreate_sid; in selinux_lsm_getattr()
6555 sid = tsec->sockcreate_sid; in selinux_lsm_getattr()
6563 if (sid == SECSID_NULL) { in selinux_lsm_getattr()
6568 error = security_sid_to_context(sid, value, &len); in selinux_lsm_getattr()
6582 u32 mysid = current_sid(), sid = 0, ptsid; in selinux_lsm_setattr() local
6624 &sid, GFP_KERNEL); in selinux_lsm_setattr()
6650 &sid); in selinux_lsm_setattr()
6668 tsec->exec_sid = sid; in selinux_lsm_setattr()
6670 tsec->create_sid = sid; in selinux_lsm_setattr()
6672 if (sid) { in selinux_lsm_setattr()
6673 error = avc_has_perm(mysid, sid, in selinux_lsm_setattr()
6678 tsec->keycreate_sid = sid; in selinux_lsm_setattr()
6680 tsec->sockcreate_sid = sid; in selinux_lsm_setattr()
6683 if (sid == 0) in selinux_lsm_setattr()
6687 error = security_bounded_transition(tsec->sid, sid); in selinux_lsm_setattr()
6693 error = avc_has_perm(tsec->sid, sid, SECCLASS_PROCESS, in selinux_lsm_setattr()
6702 error = avc_has_perm(ptsid, sid, SECCLASS_PROCESS, in selinux_lsm_setattr()
6708 tsec->sid = sid; in selinux_lsm_setattr()
6880 ksec->sid = tsec->keycreate_sid; in selinux_key_alloc()
6882 ksec->sid = tsec->sid; in selinux_key_alloc()
6893 u32 perm, sid; in selinux_key_permission() local
6925 sid = cred_sid(cred); in selinux_key_permission()
6929 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, perm, NULL); in selinux_key_permission()
6939 rc = security_sid_to_context(ksec->sid, in selinux_key_getsecurity()
6951 u32 sid = current_sid(); in selinux_watch_key() local
6953 return avc_has_perm(sid, ksec->sid, SECCLASS_KEY, KEY__VIEW, NULL); in selinux_watch_key()
6963 u32 sid = 0; in selinux_ib_pkey_access() local
6967 err = sel_ib_pkey_sid(subnet_prefix, pkey_val, &sid); in selinux_ib_pkey_access()
6975 return avc_has_perm(sec->sid, sid, in selinux_ib_pkey_access()
6985 u32 sid = 0; in selinux_ib_endport_manage_subnet() local
6990 &sid); in selinux_ib_endport_manage_subnet()
6999 return avc_has_perm(sec->sid, sid, in selinux_ib_endport_manage_subnet()
7008 sec->sid = current_sid(); in selinux_ib_alloc_security()
7017 u32 sid = current_sid(); in selinux_bpf() local
7022 ret = avc_has_perm(sid, sid, SECCLASS_BPF, BPF__MAP_CREATE, in selinux_bpf()
7026 ret = avc_has_perm(sid, sid, SECCLASS_BPF, BPF__PROG_LOAD, in selinux_bpf()
7056 static int bpf_fd_pass(const struct file *file, u32 sid) in bpf_fd_pass() argument
7066 ret = avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF, in bpf_fd_pass()
7073 ret = avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF, in bpf_fd_pass()
7083 u32 sid = current_sid(); in selinux_bpf_map() local
7087 return avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF, in selinux_bpf_map()
7093 u32 sid = current_sid(); in selinux_bpf_prog() local
7097 return avc_has_perm(sid, bpfsec->sid, SECCLASS_BPF, in selinux_bpf_prog()
7110 bpfsec->sid = current_sid(); in selinux_bpf_map_create()
7133 bpfsec->sid = current_sid(); in selinux_bpf_prog_load()
7156 bpfsec->sid = current_sid(); in selinux_bpf_token_create()
7191 u32 requested, sid = current_sid(); in selinux_perf_event_open() local
7204 return avc_has_perm(sid, sid, SECCLASS_PERF_EVENT, in selinux_perf_event_open()
7213 perfsec->sid = current_sid(); in selinux_perf_event_alloc()
7221 u32 sid = current_sid(); in selinux_perf_event_read() local
7223 return avc_has_perm(sid, perfsec->sid, in selinux_perf_event_read()
7230 u32 sid = current_sid(); in selinux_perf_event_write() local
7232 return avc_has_perm(sid, perfsec->sid, in selinux_perf_event_write()
7259 u32 sid = current_sid(); in selinux_uring_sqpoll() local
7261 return avc_has_perm(sid, sid, in selinux_uring_sqpoll()
7283 return avc_has_perm(current_sid(), isec->sid, in selinux_uring_cmd()
7294 u32 sid = current_sid(); in selinux_uring_allowed() local
7296 return avc_has_perm(sid, sid, SECCLASS_IO_URING, IO_URING__ALLOWED, in selinux_uring_allowed()