213 	struct cred *cred = (struct cred *) current->real_cred;  in cred_init_security()  local
221 	cred->security = tsec;  in cred_init_security()
227 static inline u32 cred_sid(const struct cred *cred)  in cred_sid()  argument
231 	tsec = cred->security;  in cred_sid()
465 			const struct cred *cred)  in may_context_mount_sb_relabel()  argument
467 	const struct task_security_struct *tsec = cred->security;  in may_context_mount_sb_relabel()
484 			const struct cred *cred)  in may_context_mount_inode_relabel()  argument
486 	const struct task_security_struct *tsec = cred->security;  in may_context_mount_inode_relabel()
723 	const struct cred *cred = current_cred();  in selinux_set_mnt_opts()  local
898 		rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);  in selinux_set_mnt_opts()
918 							  cred);  in selinux_set_mnt_opts()
924 							     cred);  in selinux_set_mnt_opts()
937 						     cred);  in selinux_set_mnt_opts()
956 							     sbsec, cred);  in selinux_set_mnt_opts()
1766 static int cred_has_capability(const struct cred *cred,  in cred_has_capability()  argument
1772 	u32 sid = cred_sid(cred);  in cred_has_capability()
1806 static int inode_has_perm(const struct cred *cred,  in inode_has_perm()  argument
1814 	validate_creds(cred);  in inode_has_perm()
1819 	sid = cred_sid(cred);  in inode_has_perm()
1829 static inline int dentry_has_perm(const struct cred *cred,  in dentry_has_perm()  argument
1839 	return inode_has_perm(cred, inode, av, &ad);  in dentry_has_perm()
1845 static inline int path_has_perm(const struct cred *cred,  in path_has_perm()  argument
1855 	return inode_has_perm(cred, inode, av, &ad);  in path_has_perm()
1859 static inline int file_path_has_perm(const struct cred *cred,  in file_path_has_perm()  argument
1867 	return inode_has_perm(cred, file_inode(file), av, &ad);  in file_path_has_perm()
1882 static int file_has_perm(const struct cred *cred,  in file_has_perm()  argument
1889 	u32 sid = cred_sid(cred);  in file_has_perm()
1906 	rc = bpf_fd_pass(file, cred_sid(cred));  in file_has_perm()
1914 		rc = inode_has_perm(cred, inode, av, &ad);  in file_has_perm()
2101 static int superblock_has_perm(const struct cred *cred,  in superblock_has_perm()  argument
2107 	u32 sid = cred_sid(cred);  in superblock_has_perm()
2293 static int selinux_capset(struct cred *new, const struct cred *old,  in selinux_capset()
2313 static int selinux_capable(const struct cred *cred, struct user_namespace *ns,  in selinux_capable()  argument
2316 	return cred_has_capability(cred, cap, audit, ns == &init_user_ns);  in selinux_capable()
2321 	const struct cred *cred = current_cred();  in selinux_quotactl()  local
2333 		rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);  in selinux_quotactl()
2338 		rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);  in selinux_quotactl()
2349 	const struct cred *cred = current_cred();  in selinux_quota_on()  local
2351 	return dentry_has_perm(cred, dentry, FILE__QUOTAON);  in selinux_quota_on()
2482 	new_tsec = bprm->cred->security;  in selinux_bprm_set_creds()
2589 static inline void flush_unauthorized_files(const struct cred *cred,  in flush_unauthorized_files()  argument
2611 			if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))  in flush_unauthorized_files()
2622 	n = iterate_fd(files, 0, match_file, cred);  in flush_unauthorized_files()
2626 	devnull = dentry_open(&selinux_null, O_RDWR, cred);  in flush_unauthorized_files()
2632 	} while ((n = iterate_fd(files, n, match_file, cred)) != 0);  in flush_unauthorized_files()
2646 	new_tsec = bprm->cred->security;  in selinux_bprm_committing_creds()
2651 	flush_unauthorized_files(bprm->cred, current->files);  in selinux_bprm_committing_creds()
2923 	const struct cred *cred = current_cred();  in selinux_sb_kern_mount()  local
2937 	return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);  in selinux_sb_kern_mount()
2942 	const struct cred *cred = current_cred();  in selinux_sb_statfs()  local
2947 	return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);  in selinux_sb_statfs()
2956 	const struct cred *cred = current_cred();  in selinux_mount()  local
2959 		return superblock_has_perm(cred, path->dentry->d_sb,  in selinux_mount()
2962 		return path_has_perm(cred, path, FILE__MOUNTON);  in selinux_mount()
2967 	const struct cred *cred = current_cred();  in selinux_umount()  local
2969 	return superblock_has_perm(cred, mnt->mnt_sb,  in selinux_umount()
3005 					  const struct cred *old,  in selinux_dentry_create_files_as()
3006 					  struct cred *new)  in selinux_dentry_create_files_as()
3115 	const struct cred *cred = current_cred();  in selinux_inode_readlink()  local
3117 	return dentry_has_perm(cred, dentry, FILE__READ);  in selinux_inode_readlink()
3123 	const struct cred *cred = current_cred();  in selinux_inode_follow_link()  local
3128 	validate_creds(cred);  in selinux_inode_follow_link()
3132 	sid = cred_sid(cred);  in selinux_inode_follow_link()
3164 	const struct cred *cred = current_cred();  in selinux_inode_permission()  local
3181 	validate_creds(cred);  in selinux_inode_permission()
3188 	sid = cred_sid(cred);  in selinux_inode_permission()
3209 	const struct cred *cred = current_cred();  in selinux_inode_setattr()  local
3224 		return dentry_has_perm(cred, dentry, FILE__SETATTR);  in selinux_inode_setattr()
3232 	return dentry_has_perm(cred, dentry, av);  in selinux_inode_setattr()
3242 	const struct cred *cred = current_cred();  in has_cap_mac_admin()  local
3245 	if (cap_capable(cred, &init_user_ns, CAP_MAC_ADMIN, cap_audit))  in has_cap_mac_admin()
3247 	if (cred_has_capability(cred, CAP_MAC_ADMIN, cap_audit, true))  in has_cap_mac_admin()
3376 	const struct cred *cred = current_cred();  in selinux_inode_getxattr()  local
3378 	return dentry_has_perm(cred, dentry, FILE__GETATTR);  in selinux_inode_getxattr()
3383 	const struct cred *cred = current_cred();  in selinux_inode_listxattr()  local
3385 	return dentry_has_perm(cred, dentry, FILE__GETATTR);  in selinux_inode_listxattr()
3489 static int selinux_inode_copy_up(struct dentry *src, struct cred **new)  in selinux_inode_copy_up()
3493 	struct cred *new_creds = *new;  in selinux_inode_copy_up()
3528 	const struct cred *cred = current_cred();  in selinux_revalidate_file_permission()  local
3535 	return file_has_perm(cred, file,  in selinux_revalidate_file_permission()
3573 static int ioctl_has_perm(const struct cred *cred, struct file *file,  in ioctl_has_perm()  argument
3581 	u32 ssid = cred_sid(cred);  in ioctl_has_perm()
3615 	const struct cred *cred = current_cred();  in selinux_file_ioctl()  local
3628 		error = file_has_perm(cred, file, FILE__GETATTR);  in selinux_file_ioctl()
3634 		error = file_has_perm(cred, file, FILE__SETATTR);  in selinux_file_ioctl()
3641 		error = file_has_perm(cred, file, 0);  in selinux_file_ioctl()
3646 		error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,  in selinux_file_ioctl()
3654 		error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);  in selinux_file_ioctl()
3663 	const struct cred *cred = current_cred();  in file_map_prot_check()  local
3664 	u32 sid = cred_sid(cred);  in file_map_prot_check()
3693 		return file_has_perm(cred, file, av);  in file_map_prot_check()
3740 	const struct cred *cred = current_cred();  in selinux_file_mprotect()  local
3741 	u32 sid = cred_sid(cred);  in selinux_file_mprotect()
3769 			rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);  in selinux_file_mprotect()
3780 	const struct cred *cred = current_cred();  in selinux_file_lock()  local
3782 	return file_has_perm(cred, file, FILE__LOCK);  in selinux_file_lock()
3788 	const struct cred *cred = current_cred();  in selinux_file_fcntl()  local
3794 			err = file_has_perm(cred, file, FILE__WRITE);  in selinux_file_fcntl()
3805 		err = file_has_perm(cred, file, 0);  in selinux_file_fcntl()
3818 		err = file_has_perm(cred, file, FILE__LOCK);  in selinux_file_fcntl()
3858 	const struct cred *cred = current_cred();  in selinux_file_receive()  local
3860 	return file_has_perm(cred, file, file_to_av(file));  in selinux_file_receive()
3904 static int selinux_cred_alloc_blank(struct cred *cred, gfp_t gfp)  in selinux_cred_alloc_blank()  argument
3912 	cred->security = tsec;  in selinux_cred_alloc_blank()
3919 static void selinux_cred_free(struct cred *cred)  in selinux_cred_free()  argument
3921 	struct task_security_struct *tsec = cred->security;  in selinux_cred_free()
3927 	BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);  in selinux_cred_free()
3928 	cred->security = (void *) 0x7UL;  in selinux_cred_free()
3935 static int selinux_cred_prepare(struct cred *new, const struct cred *old,  in selinux_cred_prepare()
3954 static void selinux_cred_transfer(struct cred *new, const struct cred *old)  in selinux_cred_transfer()
3962 static void selinux_cred_getsecid(const struct cred *c, u32 *secid)  in selinux_cred_getsecid()
3971 static int selinux_kernel_act_as(struct cred *new, u32 secid)  in selinux_kernel_act_as()
3995 static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)  in selinux_kernel_create_files_as()
4135 static int selinux_task_prlimit(const struct cred *cred, const struct cred *tcred,  in selinux_task_prlimit()  argument
4147 			    cred_sid(cred), cred_sid(tcred),  in selinux_task_prlimit()
4190 				int sig, const struct cred *cred)  in selinux_task_kill()  argument
4199 	if (!cred)  in selinux_task_kill()
4202 		secid = cred_sid(cred);  in selinux_task_kill()
6426 	struct cred *new;  in selinux_setprocattr()
6624 static int selinux_key_alloc(struct key *k, const struct cred *cred,  in selinux_key_alloc()  argument
6634 	tsec = cred->security;  in selinux_key_alloc()
6653 				  const struct cred *cred,  in selinux_key_permission()  argument
6666 	sid = cred_sid(cred);  in selinux_key_permission()