security/selinux/include/objsec.h
Source file repositories/reference/linux-study-clean/security/selinux/include/objsec.h
File Facts
- System
- Linux kernel
- Corpus path
security/selinux/include/objsec.h- Extension
.h- Size
- 7789 bytes
- Lines
- 291
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/list.hlinux/sched.hlinux/fs.hlinux/binfmts.hlinux/in.hlinux/spinlock.hlinux/lsm_hooks.hlinux/msg.hnet/net_namespace.hlinux/bpf.hflask.havc.h
Detected Declarations
struct avdc_entrystruct cred_security_structstruct task_security_structstruct inode_security_structstruct file_security_structstruct backing_file_security_structstruct superblock_security_structstruct msg_security_structstruct ipc_security_structstruct netif_security_structstruct netnode_security_structstruct netport_security_structstruct sk_security_structstruct tun_security_structstruct key_security_structstruct ib_security_structstruct pkey_security_structstruct bpf_security_structstruct perf_event_security_structenum label_initializedfunction task_avdcache_permnoauditfunction selinux_taskfunction selinux_backing_filefunction selinux_inodefunction selinux_msg_msgfunction selinux_ipcfunction current_sidfunction selinux_superblockfunction selinux_perf_eventfunction selinux_bpf_map_securityfunction selinux_bpf_prog_securityfunction selinux_bpf_token_security
Annotated Snippet
struct avdc_entry {
u32 isid; /* inode SID */
struct av_decision avd; /* av decision */
};
struct cred_security_struct {
u32 osid; /* SID prior to last execve */
u32 sid; /* current SID */
u32 exec_sid; /* exec SID */
u32 create_sid; /* fscreate SID */
u32 keycreate_sid; /* keycreate SID */
u32 sockcreate_sid; /* fscreate SID */
} __randomize_layout;
struct task_security_struct {
#define TSEC_AVDC_DIR_SIZE (1 << 2)
struct {
u32 sid; /* current SID for cached entries */
u32 seqno; /* AVC sequence number */
unsigned int dir_spot; /* dir cache index to check first */
struct avdc_entry dir[TSEC_AVDC_DIR_SIZE]; /* dir entries */
bool permissive_neveraudit; /* permissive and neveraudit */
} avdcache;
} __randomize_layout;
static inline bool task_avdcache_permnoaudit(struct task_security_struct *tsec,
u32 sid)
{
return (tsec->avdcache.permissive_neveraudit &&
sid == tsec->avdcache.sid &&
tsec->avdcache.seqno == avc_policy_seqno());
}
enum label_initialized {
LABEL_INVALID, /* invalid or not initialized */
LABEL_INITIALIZED, /* initialized */
LABEL_PENDING
};
struct inode_security_struct {
struct inode *inode; /* back pointer to inode object */
struct list_head list; /* list of inode_security_struct */
u32 task_sid; /* SID of creating task */
u32 sid; /* SID of this object */
u16 sclass; /* security class of this object */
unsigned char initialized; /* initialization flag */
spinlock_t lock;
};
struct file_security_struct {
u32 sid; /* SID of open file description */
u32 fown_sid; /* SID of file owner (for SIGIO) */
u32 isid; /* SID of inode at the time of file open */
u32 pseqno; /* Policy seqno at the time of file open */
};
struct backing_file_security_struct {
u32 uf_sid; /* associated user file fsec->sid */
};
struct superblock_security_struct {
u32 sid; /* SID of file system superblock */
u32 def_sid; /* default SID for labeling */
u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */
u32 creator_sid; /* SID of privileged process */
unsigned short behavior; /* labeling behavior */
unsigned short flags; /* which mount options were specified */
struct mutex lock;
struct list_head isec_head;
spinlock_t isec_lock;
};
struct msg_security_struct {
u32 sid; /* SID of message */
};
struct ipc_security_struct {
u16 sclass; /* security class of this object */
u32 sid; /* SID of IPC resource */
};
struct netif_security_struct {
const struct net *ns; /* network namespace */
int ifindex; /* device index */
u32 sid; /* SID for this interface */
};
struct netnode_security_struct {
union {
__be32 ipv4; /* IPv4 node address */
Annotation
- Immediate include surface: `linux/list.h`, `linux/sched.h`, `linux/fs.h`, `linux/binfmts.h`, `linux/in.h`, `linux/spinlock.h`, `linux/lsm_hooks.h`, `linux/msg.h`.
- Detected declarations: `struct avdc_entry`, `struct cred_security_struct`, `struct task_security_struct`, `struct inode_security_struct`, `struct file_security_struct`, `struct backing_file_security_struct`, `struct superblock_security_struct`, `struct msg_security_struct`, `struct ipc_security_struct`, `struct netif_security_struct`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.