[PATCH v5 29/42] selinux: add kerneldoc to new permission checking functions
From: Stephen Smalley <stephen.smalley.work@gmail.com>
Date: 2025-06-17 14:06:43
Also in:
selinux
Subsystem:
selinux security module, the rest · Maintainers:
Paul Moore, Stephen Smalley, Linus Torvalds
Add kerneldoc to new namespace-aware permission checking functions. Signed-off-by: Stephen Smalley <stephen.smalley.work@gmail.com> --- security/selinux/avc.c | 145 ++++++++++++++++++++++++++++++++- security/selinux/include/avc.h | 3 +- 2 files changed, 145 insertions(+), 3 deletions(-)
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 0c79f40d70af..396cee4b22fd 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c@@ -1265,6 +1265,21 @@ static u32 task_sid_obj_for_state(const struct task_struct *p, return sid; } +/** + * cred_task_has_perm - Check and audit permissions on a (cred, task) pair + * @cred: subject credentials + * @p: target task + * @tclass: target security class + * @requested: requested permissions, interpreted based on @tclass + * @ad: auxiliary audit data + * + * Check permissions between a cred @cred and a task @p for @cred's namespace + * and all ancestors to determine whether the @requested permissions are + * granted. + * Audit the granting or denial of permissions in accordance with the policy. + * Return %0 if all @requested permissions are granted, -%EACCES if any + * permissions are denied, or another -errno upon other errors. + */ int cred_task_has_perm(const struct cred *cred, const struct task_struct *p, u16 tclass, u32 requested, struct common_audit_data *ad)
@@ -1304,6 +1319,22 @@ static const struct task_security_struct *task_security( return tsec; } +/** + * task_obj_has_perm - Check and audit permissions on a (task, other-task) pair + * @s: source task + * @t: target task + * @tclass: target security class + * @requested: requested permissions, interpreted based on @tclass + * @ad: auxiliary audit data + * + * Check permissions between a task @s and a task @t for the current namespace + * and all ancestors to determine whether the @requested permissions are + * granted. + * Audit the granting or denial of permissions in accordance with the policy. + * Return %0 if all @requested permissions are granted, -%EACCES if any + * permissions are denied, or another -errno upon other errors. + * DO NOT USE when @s is current; use cred_task_has_perm() instead. + */ int task_obj_has_perm(const struct task_struct *s, const struct task_struct *t, u16 tclass, u32 requested,
@@ -1347,7 +1378,25 @@ int task_obj_has_perm(const struct task_struct *s, return rc; } - +/** + * cred_has_extended_perms - Check and audit extended permissions on a (cred, tsid) pair + * @cred: subject credentials + * @tsid: target security identifier + * @tclass: target security class + * @requested: requested permissions, interpreted based on @tclass + * @driver: driver value + * @base_perm: the base permission associated with the extended permission + * @xperm: extended permission value + * @ad: auxiliary audit data + * + * Check extended permissions between a cred @cred and a target + * security identifier @tsid for @cred's namespace and all ancestors + * to determine whether the @requested permissions are granted for the + * specified (@driver, @xperm) pair. + * Audit the granting or denial of permissions in accordance with the policy. + * Return %0 if the @requested permissions are granted, -%EACCES if any + * permissions are denied, or another -errno upon other errors. + */ int cred_has_extended_perms(const struct cred *cred, u32 tsid, u16 tclass, u32 requested, u8 driver, u8 base_perm, u8 xperm, struct common_audit_data *ad)
@@ -1374,6 +1423,20 @@ int cred_has_extended_perms(const struct cred *cred, u32 tsid, u16 tclass, return 0; } +/** + * cred_self_has_perm - Check and audit permissions on a (cred, self) pair + * @cred: subject credentials + * @tclass: target security class + * @requested: requested permissions, interpreted based on @tclass + * @ad: auxiliary audit data + * + * Check permissions between a cred @cred and itself for @cred's namespace + * and all ancestors to determine whether the @requested permissions are + * granted. + * Audit the granting or denial of permissions in accordance with the policy. + * Return %0 if all @requested permissions are granted, -%EACCES if any + * permissions are denied, or another -errno upon other errors. + */ int cred_self_has_perm(const struct cred *cred, u16 tclass, u32 requested, struct common_audit_data *ad) {
@@ -1396,6 +1459,18 @@ int cred_self_has_perm(const struct cred *cred, u16 tclass, u32 requested, return 0; } +/** + * cred_self_has_perm_noaudit - Check permissions on a (cred, self) pair, no audit + * @cred: subject credentials + * @tclass: target security class + * @requested: requested permissions, interpreted based on @tclass + * + * Check permissions between a cred @cred and itself for @cred's namespace + * and all ancestors to determine whether the @requested permissions are + * granted. + * Return %0 if all @requested permissions are granted, -%EACCES if any + * permissions are denied, or another -errno upon other errors. + */ int cred_self_has_perm_noaudit(const struct cred *cred, u16 tclass, u32 requested) {
@@ -1421,6 +1496,25 @@ int cred_self_has_perm_noaudit(const struct cred *cred, u16 tclass, return 0; } + +/** + * cred_has_perm - Check and audit permissions on a (cred, tsid) pair + * @cred: subject credentials + * @tsid: target security identifier + * @tclass: target security class + * @requested: requested permissions, interpreted based on @tclass + * @ad: auxiliary audit data + * + * Check permissions between a cred @cred and a target SID @tsid for + * @cred's namespace and all ancestors to determine whether the + * @requested permissions are granted, interpreting the permissions based + * on @tclass. + * Audit the granting or denial of permissions in accordance with the policy. + * Return %0 if all @requested permissions are granted, -%EACCES if any + * permissions are denied, or another -errno upon other errors. + * DO NOT USE when checking permissions between two creds (or tasks); + * use cred_other_has_perm() or cred_task_has_perm() instead. + */ int cred_has_perm(const struct cred *cred, u32 tsid, u16 tclass, u32 requested, struct common_audit_data *ad) {
@@ -1443,6 +1537,22 @@ int cred_has_perm(const struct cred *cred, u32 tsid, u16 tclass, return 0; } +/** + * cred_has_perm_noaudit - Check permissions on a (cred, tsid) pair, no audit + * @cred: subject credentials + * @tsid: target security identifier + * @tclass: target security class + * @requested: requested permissions, interpreted based on @tclass + * @avd: access vector decisions + * + * Check permissions between a cred @cred and a target SID @tsid for + * @cred's namespace and all ancestors to determine whether the + * @requested permissions are granted. + * Return %0 if all @requested permissions are granted, -%EACCES if any + * permissions are denied, or another -errno upon other errors. + * DO NOT USE when checking permissions between two creds (or tasks); + * use cred_other_has_perm() or cred_task_has_perm() instead. + */ int cred_has_perm_noaudit(const struct cred *cred, u32 tsid, u16 tclass, u32 requested, struct av_decision *avd) {
@@ -1474,6 +1584,24 @@ int cred_has_perm_noaudit(const struct cred *cred, u32 tsid, u16 tclass, return 0; } +/** + * cred_ssid_has_perm - Check and audit permissions on a (ssid, tsid) pair + * @cred: subject credentials + * @ssid: source security identifier + * @tsid: target security identifier + * @tclass: target security class + * @requested: requested permissions, interpreted based on @tclass + * @ad: auxiliary audit data + * + * Check permissions between a source SID @ssid and a target SID @tsid for + * @cred's namespace and all ancestors to determine whether the + * @requested permissions are granted. + * Audit the granting or denial of permissions in accordance with the policy. + * Return %0 if all @requested permissions are granted, -%EACCES if any + * permissions are denied, or another -errno upon other errors. + * DO NOT USE when checking permissions involving cred/task SIDs; this + * helper is only for object-to-object checks. + */ int cred_ssid_has_perm(const struct cred *cred, u32 ssid, u32 tsid, u16 tclass, u32 requested, struct common_audit_data *ad) {
@@ -1510,6 +1638,21 @@ static u32 cred_sid_for_state(const struct cred *cred, return sid; } +/** + * cred_other_has_perm - Check and audit permissions on a (cred, other-cred) pair + * @cred: subject credentials + * @other: other credentials + * @tclass: target security class + * @requested: requested permissions, interpreted based on @tclass + * @ad: auxiliary audit data + * + * Check permissions between a cred @cred and a task @p for @cred's namespace + * and all ancestors to determine whether the @requested permissions are + * granted. + * Audit the granting or denial of permissions in accordance with the policy. + * Return %0 if all @requested permissions are granted, -%EACCES if any + * permissions are denied, or another -errno upon other errors. + */ int cred_other_has_perm(const struct cred *cred, const struct cred *other, u16 tclass, u32 requested, struct common_audit_data *ad)
diff --git a/security/selinux/include/avc.h b/security/selinux/include/avc.h
index 2c2268249b44..9def47812034 100644
--- a/security/selinux/include/avc.h
+++ b/security/selinux/include/avc.h@@ -147,8 +147,7 @@ int avc_has_extended_perms(struct selinux_state *state, u32 ssid, u32 tsid, u8 perm, struct common_audit_data *ad); int cred_task_has_perm(const struct cred *cred, const struct task_struct *p, - u16 tclass, u32 requested, - struct common_audit_data *auditdata); + u16 tclass, u32 requested, struct common_audit_data *ad); int cred_has_extended_perms(const struct cred *cred, u32 tsid, u16 tclass, u32 requested, u8 driver, u8 base_perm, u8 xperm,
--
2.49.0