security/selinux/include/objsec.h

Source file repositories/reference/linux-study-clean/security/selinux/include/objsec.h

File Facts

System
Linux kernel
Corpus path
security/selinux/include/objsec.h
Extension
.h
Size
7789 bytes
Lines
291
Domain
Core OS
Bucket
Security And Isolation
Inferred role
Core OS: implementation source
Status
source implementation candidate

Why This File Exists

Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.

Dependency Surface

Detected Declarations

Annotated Snippet

struct avdc_entry {
	u32 isid; /* inode SID */
	struct av_decision avd; /* av decision */
};

struct cred_security_struct {
	u32 osid; /* SID prior to last execve */
	u32 sid; /* current SID */
	u32 exec_sid; /* exec SID */
	u32 create_sid; /* fscreate SID */
	u32 keycreate_sid; /* keycreate SID */
	u32 sockcreate_sid; /* fscreate SID */
} __randomize_layout;

struct task_security_struct {
#define TSEC_AVDC_DIR_SIZE (1 << 2)
	struct {
		u32 sid; /* current SID for cached entries */
		u32 seqno; /* AVC sequence number */
		unsigned int dir_spot; /* dir cache index to check first */
		struct avdc_entry dir[TSEC_AVDC_DIR_SIZE]; /* dir entries */
		bool permissive_neveraudit; /* permissive and neveraudit */
	} avdcache;
} __randomize_layout;

static inline bool task_avdcache_permnoaudit(struct task_security_struct *tsec,
					     u32 sid)
{
	return (tsec->avdcache.permissive_neveraudit &&
		sid == tsec->avdcache.sid &&
		tsec->avdcache.seqno == avc_policy_seqno());
}

enum label_initialized {
	LABEL_INVALID, /* invalid or not initialized */
	LABEL_INITIALIZED, /* initialized */
	LABEL_PENDING
};

struct inode_security_struct {
	struct inode *inode; /* back pointer to inode object */
	struct list_head list; /* list of inode_security_struct */
	u32 task_sid; /* SID of creating task */
	u32 sid; /* SID of this object */
	u16 sclass; /* security class of this object */
	unsigned char initialized; /* initialization flag */
	spinlock_t lock;
};

struct file_security_struct {
	u32 sid; /* SID of open file description */
	u32 fown_sid; /* SID of file owner (for SIGIO) */
	u32 isid; /* SID of inode at the time of file open */
	u32 pseqno; /* Policy seqno at the time of file open */
};

struct backing_file_security_struct {
	u32 uf_sid; /* associated user file fsec->sid */
};

struct superblock_security_struct {
	u32 sid; /* SID of file system superblock */
	u32 def_sid; /* default SID for labeling */
	u32 mntpoint_sid; /* SECURITY_FS_USE_MNTPOINT context for files */
	u32 creator_sid; /* SID of privileged process */
	unsigned short behavior; /* labeling behavior */
	unsigned short flags; /* which mount options were specified */
	struct mutex lock;
	struct list_head isec_head;
	spinlock_t isec_lock;
};

struct msg_security_struct {
	u32 sid; /* SID of message */
};

struct ipc_security_struct {
	u16 sclass; /* security class of this object */
	u32 sid; /* SID of IPC resource */
};

struct netif_security_struct {
	const struct net *ns; /* network namespace */
	int ifindex; /* device index */
	u32 sid; /* SID for this interface */
};

struct netnode_security_struct {
	union {
		__be32 ipv4; /* IPv4 node address */

Annotation

Implementation Notes