lsm.c - OpenGrok cross reference for /kernel/linux/linux-6.6/security/safesetid/lsm.c

Lines Matching refs:old
144  * Check whether a caller with old credentials @old is allowed to switch to
147 static bool id_permitted_for_cred(const struct cred *old, kid_t new_id, enum setid_type new_type)
151 	/* If our old creds already had this ID in it, it's fine. */
153 		if (uid_eq(new_id.uid, old->uid) || uid_eq(new_id.uid, old->euid) ||
154 			uid_eq(new_id.uid, old->suid))
157 		if (gid_eq(new_id.gid, old->gid) || gid_eq(new_id.gid, old->egid) ||
158 			gid_eq(new_id.gid, old->sgid))
164 	 * Transitions to new UIDs require a check against the policy of the old
168 	    setid_policy_lookup((kid_t){.uid = old->uid}, new_id, new_type) != SIDPOL_CONSTRAINED;
173 				__kuid_val(old->uid), __kuid_val(old->euid),
174 				__kuid_val(old->suid), __kuid_val(new_id.uid));
177 				__kgid_val(old->gid), __kgid_val(old->egid),
178 				__kgid_val(old->sgid), __kgid_val(new_id.gid));
186  * Check whether there is either an exception for user under old cred struct to
191 				     const struct cred *old,
195 	/* Do nothing if there are no setuid restrictions for our old RUID. */
196 	if (setid_policy_lookup((kid_t){.uid = old->uid}, INVALID_ID, UID) == SIDPOL_DEFAULT)
199 	if (id_permitted_for_cred(old, (kid_t){.uid = new->uid}, UID) &&
200 	    id_permitted_for_cred(old, (kid_t){.uid = new->euid}, UID) &&
201 	    id_permitted_for_cred(old, (kid_t){.uid = new->suid}, UID) &&
202 	    id_permitted_for_cred(old, (kid_t){.uid = new->fsuid}, UID))
215 				     const struct cred *old,
219 	/* Do nothing if there are no setgid restrictions for our old RGID. */
220 	if (setid_policy_lookup((kid_t){.gid = old->gid}, INVALID_ID, GID) == SIDPOL_DEFAULT)
223 	if (id_permitted_for_cred(old, (kid_t){.gid = new->gid}, GID) &&
224 	    id_permitted_for_cred(old, (kid_t){.gid = new->egid}, GID) &&
225 	    id_permitted_for_cred(old, (kid_t){.gid = new->sgid}, GID) &&
226 	    id_permitted_for_cred(old, (kid_t){.gid = new->fsgid}, GID))
238 static int safesetid_task_fix_setgroups(struct cred *new, const struct cred *old)
242 	/* Do nothing if there are no setgid restrictions for our old RGID. */
243 	if (setid_policy_lookup((kid_t){.gid = old->gid}, INVALID_ID, GID) == SIDPOL_DEFAULT)
248 		if (!id_permitted_for_cred(old, (kid_t){.gid = new->group_info->gid[i]}, GID)) {