214 	struct cred *cred = (struct cred *) current->real_cred;  in cred_init_security()  local
217 	tsec = selinux_cred(cred);  in cred_init_security()
224 static inline u32 cred_sid(const struct cred *cred)  in cred_sid()  argument
228 	tsec = selinux_cred(cred);  in cred_sid()
411 			const struct cred *cred)  in may_context_mount_sb_relabel()  argument
413 	const struct task_security_struct *tsec = selinux_cred(cred);  in may_context_mount_sb_relabel()
430 			const struct cred *cred)  in may_context_mount_inode_relabel()  argument
432 	const struct task_security_struct *tsec = selinux_cred(cred);  in may_context_mount_inode_relabel()
602 	const struct cred *cred = current_cred();  in selinux_set_mnt_opts()  local
758 		rc = may_context_mount_sb_relabel(fscontext_sid, sbsec, cred);  in selinux_set_mnt_opts()
778 							  cred);  in selinux_set_mnt_opts()
784 							     cred);  in selinux_set_mnt_opts()
797 						     cred);  in selinux_set_mnt_opts()
816 							     sbsec, cred);  in selinux_set_mnt_opts()
1601 static int cred_has_capability(const struct cred *cred,  in cred_has_capability()  argument
1607 	u32 sid = cred_sid(cred);  in cred_has_capability()
1641 static int inode_has_perm(const struct cred *cred,  in inode_has_perm()  argument
1649 	validate_creds(cred);  in inode_has_perm()
1654 	sid = cred_sid(cred);  in inode_has_perm()
1664 static inline int dentry_has_perm(const struct cred *cred,  in dentry_has_perm()  argument
1674 	return inode_has_perm(cred, inode, av, &ad);  in dentry_has_perm()
1680 static inline int path_has_perm(const struct cred *cred,  in path_has_perm()  argument
1690 	return inode_has_perm(cred, inode, av, &ad);  in path_has_perm()
1694 static inline int file_path_has_perm(const struct cred *cred,  in file_path_has_perm()  argument
1702 	return inode_has_perm(cred, file_inode(file), av, &ad);  in file_path_has_perm()
1717 static int file_has_perm(const struct cred *cred,  in file_has_perm()  argument
1724 	u32 sid = cred_sid(cred);  in file_has_perm()
1741 	rc = bpf_fd_pass(file, cred_sid(cred));  in file_has_perm()
1749 		rc = inode_has_perm(cred, inode, av, &ad);  in file_has_perm()
1936 static int superblock_has_perm(const struct cred *cred,  in superblock_has_perm()  argument
1942 	u32 sid = cred_sid(cred);  in superblock_has_perm()
2018 static int selinux_binder_set_context_mgr(const struct cred *mgr)  in selinux_binder_set_context_mgr()
2025 static int selinux_binder_transaction(const struct cred *from,  in selinux_binder_transaction()
2026 				      const struct cred *to)  in selinux_binder_transaction()
2045 static int selinux_binder_transfer_binder(const struct cred *from,  in selinux_binder_transfer_binder()
2046 					  const struct cred *to)  in selinux_binder_transfer_binder()
2054 static int selinux_binder_transfer_file(const struct cred *from,  in selinux_binder_transfer_file()
2055 					const struct cred *to,  in selinux_binder_transfer_file()
2122 static int selinux_capset(struct cred *new, const struct cred *old,  in selinux_capset()
2142 static int selinux_capable(const struct cred *cred, struct user_namespace *ns,  in selinux_capable()  argument
2145 	return cred_has_capability(cred, cap, opts, ns == &init_user_ns);  in selinux_capable()
2150 	const struct cred *cred = current_cred();  in selinux_quotactl()  local
2165 		rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAMOD, NULL);  in selinux_quotactl()
2174 		rc = superblock_has_perm(cred, sb, FILESYSTEM__QUOTAGET, NULL);  in selinux_quotactl()
2185 	const struct cred *cred = current_cred();  in selinux_quota_on()  local
2187 	return dentry_has_perm(cred, dentry, FILE__QUOTAON);  in selinux_quota_on()
2316 	new_tsec = selinux_cred(bprm->cred);  in selinux_bprm_creds_for_exec()
2423 static inline void flush_unauthorized_files(const struct cred *cred,  in flush_unauthorized_files()  argument
2445 			if (file_path_has_perm(cred, file, FILE__READ | FILE__WRITE))  in flush_unauthorized_files()
2456 	n = iterate_fd(files, 0, match_file, cred);  in flush_unauthorized_files()
2460 	devnull = dentry_open(&selinux_null, O_RDWR, cred);  in flush_unauthorized_files()
2466 	} while ((n = iterate_fd(files, n, match_file, cred)) != 0);  in flush_unauthorized_files()
2480 	new_tsec = selinux_cred(bprm->cred);  in selinux_bprm_committing_creds()
2485 	flush_unauthorized_files(bprm->cred, current->files);  in selinux_bprm_committing_creds()
2719 	const struct cred *cred = current_cred();  in selinux_sb_kern_mount()  local
2724 	return superblock_has_perm(cred, sb, FILESYSTEM__MOUNT, &ad);  in selinux_sb_kern_mount()
2729 	const struct cred *cred = current_cred();  in selinux_sb_statfs()  local
2734 	return superblock_has_perm(cred, dentry->d_sb, FILESYSTEM__GETATTR, &ad);  in selinux_sb_statfs()
2743 	const struct cred *cred = current_cred();  in selinux_mount()  local
2746 		return superblock_has_perm(cred, path->dentry->d_sb,  in selinux_mount()
2749 		return path_has_perm(cred, path, FILE__MOUNTON);  in selinux_mount()
2755 	const struct cred *cred = current_cred();  in selinux_move_mount()  local
2757 	return path_has_perm(cred, to_path, FILE__MOUNTON);  in selinux_move_mount()
2762 	const struct cred *cred = current_cred();  in selinux_umount()  local
2764 	return superblock_has_perm(cred, mnt->mnt_sb,  in selinux_umount()
2875 					  const struct cred *old,  in selinux_dentry_create_files_as()
2876 					  struct cred *new)  in selinux_dentry_create_files_as()
3041 	const struct cred *cred = current_cred();  in selinux_inode_readlink()  local
3043 	return dentry_has_perm(cred, dentry, FILE__READ);  in selinux_inode_readlink()
3049 	const struct cred *cred = current_cred();  in selinux_inode_follow_link()  local
3054 	validate_creds(cred);  in selinux_inode_follow_link()
3058 	sid = cred_sid(cred);  in selinux_inode_follow_link()
3089 	const struct cred *cred = current_cred();  in selinux_inode_permission()  local
3106 	validate_creds(cred);  in selinux_inode_permission()
3113 	sid = cred_sid(cred);  in selinux_inode_permission()
3140 	const struct cred *cred = current_cred();  in selinux_inode_setattr()  local
3155 		return dentry_has_perm(cred, dentry, FILE__SETATTR);  in selinux_inode_setattr()
3163 	return dentry_has_perm(cred, dentry, av);  in selinux_inode_setattr()
3173 	const struct cred *cred = current_cred();  in has_cap_mac_admin()  local
3176 	if (cap_capable(cred, &init_user_ns, CAP_MAC_ADMIN, opts))  in has_cap_mac_admin()
3178 	if (cred_has_capability(cred, CAP_MAC_ADMIN, opts, true))  in has_cap_mac_admin()
3319 	const struct cred *cred = current_cred();  in selinux_inode_getxattr()  local
3321 	return dentry_has_perm(cred, dentry, FILE__GETATTR);  in selinux_inode_getxattr()
3326 	const struct cred *cred = current_cred();  in selinux_inode_listxattr()  local
3328 	return dentry_has_perm(cred, dentry, FILE__GETATTR);  in selinux_inode_listxattr()
3492 static int selinux_inode_copy_up(struct dentry *src, struct cred **new)  in selinux_inode_copy_up()
3496 	struct cred *new_creds = *new;  in selinux_inode_copy_up()
3592 	const struct cred *cred = current_cred();  in selinux_revalidate_file_permission()  local
3599 	return file_has_perm(cred, file,  in selinux_revalidate_file_permission()
3638 static int ioctl_has_perm(const struct cred *cred, struct file *file,  in ioctl_has_perm()  argument
3646 	u32 ssid = cred_sid(cred);  in ioctl_has_perm()
3680 	const struct cred *cred = current_cred();  in selinux_file_ioctl()  local
3689 		error = file_has_perm(cred, file, FILE__GETATTR);  in selinux_file_ioctl()
3694 		error = file_has_perm(cred, file, FILE__SETATTR);  in selinux_file_ioctl()
3700 		error = file_has_perm(cred, file, 0);  in selinux_file_ioctl()
3705 		error = cred_has_capability(cred, CAP_SYS_TTY_CONFIG,  in selinux_file_ioctl()
3712 			error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);  in selinux_file_ioctl()
3719 		error = ioctl_has_perm(cred, file, FILE__IOCTL, (u16) cmd);  in selinux_file_ioctl()
3728 	const struct cred *cred = current_cred();  in file_map_prot_check()  local
3729 	u32 sid = cred_sid(cred);  in file_map_prot_check()
3758 		return file_has_perm(cred, file, av);  in file_map_prot_check()
3805 	const struct cred *cred = current_cred();  in selinux_file_mprotect()  local
3806 	u32 sid = cred_sid(cred);  in selinux_file_mprotect()
3834 			rc = file_has_perm(cred, vma->vm_file, FILE__EXECMOD);  in selinux_file_mprotect()
3845 	const struct cred *cred = current_cred();  in selinux_file_lock()  local
3847 	return file_has_perm(cred, file, FILE__LOCK);  in selinux_file_lock()
3853 	const struct cred *cred = current_cred();  in selinux_file_fcntl()  local
3859 			err = file_has_perm(cred, file, FILE__WRITE);  in selinux_file_fcntl()
3870 		err = file_has_perm(cred, file, 0);  in selinux_file_fcntl()
3883 		err = file_has_perm(cred, file, FILE__LOCK);  in selinux_file_fcntl()
3923 	const struct cred *cred = current_cred();  in selinux_file_receive()  local
3925 	return file_has_perm(cred, file, file_to_av(file));  in selinux_file_receive()
3969 static int selinux_cred_prepare(struct cred *new, const struct cred *old,  in selinux_cred_prepare()
3982 static void selinux_cred_transfer(struct cred *new, const struct cred *old)  in selinux_cred_transfer()
3990 static void selinux_cred_getsecid(const struct cred *c, u32 *secid)  in selinux_cred_getsecid()
3999 static int selinux_kernel_act_as(struct cred *new, u32 secid)  in selinux_kernel_act_as()
4023 static int selinux_kernel_create_files_as(struct cred *new, struct inode *inode)  in selinux_kernel_create_files_as()
4164 static int selinux_task_prlimit(const struct cred *cred, const struct cred *tcred,  in selinux_task_prlimit()  argument
4176 			    cred_sid(cred), cred_sid(tcred),  in selinux_task_prlimit()
4219 				int sig, const struct cred *cred)  in selinux_task_kill()  argument
4228 	if (!cred)  in selinux_task_kill()
4231 		secid = cred_sid(cred);  in selinux_task_kill()
6412 	struct cred *new;  in selinux_setprocattr()
6614 static int selinux_key_alloc(struct key *k, const struct cred *cred,  in selinux_key_alloc()  argument
6624 	tsec = selinux_cred(cred);  in selinux_key_alloc()
6643 				  const struct cred *cred,  in selinux_key_permission()  argument
6680 	sid = cred_sid(cred);  in selinux_key_permission()