Lines Matching refs:old
153 * Check whether a caller with old credentials @old is allowed to switch to
156 static bool id_permitted_for_cred(const struct cred *old, kid_t new_id, enum setid_type new_type)
160 /* If our old creds already had this ID in it, it's fine. */
162 if (uid_eq(new_id.uid, old->uid) || uid_eq(new_id.uid, old->euid) ||
163 uid_eq(new_id.uid, old->suid))
166 if (gid_eq(new_id.gid, old->gid) || gid_eq(new_id.gid, old->egid) ||
167 gid_eq(new_id.gid, old->sgid))
173 * Transitions to new UIDs require a check against the policy of the old
177 setid_policy_lookup((kid_t){.uid = old->uid}, new_id, new_type) != SIDPOL_CONSTRAINED;
182 __kuid_val(old->uid), __kuid_val(old->euid),
183 __kuid_val(old->suid), __kuid_val(new_id.uid));
186 __kgid_val(old->gid), __kgid_val(old->egid),
187 __kgid_val(old->sgid), __kgid_val(new_id.gid));
195 * Check whether there is either an exception for user under old cred struct to
200 const struct cred *old,
204 /* Do nothing if there are no setuid restrictions for our old RUID. */
205 if (setid_policy_lookup((kid_t){.uid = old->uid}, INVALID_ID, UID) == SIDPOL_DEFAULT)
208 if (id_permitted_for_cred(old, (kid_t){.uid = new->uid}, UID) &&
209 id_permitted_for_cred(old, (kid_t){.uid = new->euid}, UID) &&
210 id_permitted_for_cred(old, (kid_t){.uid = new->suid}, UID) &&
211 id_permitted_for_cred(old, (kid_t){.uid = new->fsuid}, UID))
224 const struct cred *old,
228 /* Do nothing if there are no setgid restrictions for our old RGID. */
229 if (setid_policy_lookup((kid_t){.gid = old->gid}, INVALID_ID, GID) == SIDPOL_DEFAULT)
232 if (id_permitted_for_cred(old, (kid_t){.gid = new->gid}, GID) &&
233 id_permitted_for_cred(old, (kid_t){.gid = new->egid}, GID) &&
234 id_permitted_for_cred(old, (kid_t){.gid = new->sgid}, GID) &&
235 id_permitted_for_cred(old, (kid_t){.gid = new->fsgid}, GID))