Lines Matching refs:new
189 * @new: The proposed new credentials; alterations should be made here
191 * @effective: A pointer to the proposed new effective capabilities set
192 * @inheritable: A pointer to the proposed new inheritable capabilities set
193 * @permitted: A pointer to the proposed new permitted capabilities set
196 * process's capability sets. The changes are made to the proposed new
199 int cap_capset(struct cred *new,
215 /* no new pI capabilities outside bounding set */
218 /* verify restrictions on target's new Permitted set */
226 new->cap_effective = *effective;
227 new->cap_inheritable = *inheritable;
228 new->cap_permitted = *permitted;
285 * Calculate the new process capability sets from the capability sets attached
292 struct cred *new = bprm->cred;
306 new->cap_permitted.cap[i] =
307 (new->cap_bset.cap[i] & permitted) |
308 (new->cap_inheritable.cap[i] & inheritable);
310 if (permitted & ~new->cap_permitted.cap[i])
425 * Set up the proposed credentials for a new execution context being
432 struct cred *new = bprm->cred;
447 if (effective && new->uid != 0 && new->euid == 0) {
458 if (new->euid == 0 || new->uid == 0) {
460 new->cap_permitted = cap_combine(old->cap_bset,
463 if (new->euid == 0)
471 if ((new->euid != old->uid ||
472 new->egid != old->gid ||
473 !cap_issubset(new->cap_permitted, old->cap_permitted)) &&
477 new->euid = new->uid;
478 new->egid = new->gid;
480 new->cap_permitted = cap_intersect(new->cap_permitted,
484 new->suid = new->fsuid = new->euid;
485 new->sgid = new->fsgid = new->egid;
492 new->cap_effective = new->cap_permitted;
494 cap_clear(new->cap_effective);
510 if (!cap_isclear(new->cap_effective)) {
511 if (!cap_issubset(CAP_FULL_SET, new->cap_effective) ||
512 new->euid != 0 || new->uid != 0 ||
514 ret = audit_log_bprm_fcaps(bprm, new, old);
520 new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS);
634 static inline void cap_emulate_setxuid(struct cred *new, const struct cred *old)
637 (new->uid != 0 && new->euid != 0 && new->suid != 0) &&
639 cap_clear(new->cap_permitted);
640 cap_clear(new->cap_effective);
642 if (old->euid == 0 && new->euid != 0)
643 cap_clear(new->cap_effective);
644 if (old->euid != 0 && new->euid == 0)
645 new->cap_effective = new->cap_permitted;
650 * @new: The proposed credentials
657 int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags)
666 cap_emulate_setxuid(new, old);
671 if (old->fsuid == 0 && new->fsuid != 0)
672 new->cap_effective =
673 cap_drop_fs_set(new->cap_effective);
675 if (old->fsuid != 0 && new->fsuid == 0)
676 new->cap_effective =
677 cap_raise_fs_set(new->cap_effective,
678 new->cap_permitted);
758 static long cap_prctl_drop(struct cred *new, unsigned long cap)
765 cap_lower(new->cap_bset, cap);
784 struct cred *new;
787 new = prepare_creds();
788 if (!new)
796 error = !!cap_raised(new->cap_bset, arg2);
800 error = cap_prctl_drop(new, arg2);
826 if ((((new->securebits & SECURE_ALL_LOCKS) >> 1)
827 & (new->securebits ^ arg2)) /*[1]*/
828 || ((new->securebits & SECURE_ALL_LOCKS & ~arg2)) /*[2]*/
842 new->securebits = arg2;
846 error = new->securebits;
862 new->securebits |= issecure_mask(SECURE_KEEP_CAPS);
864 new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS);
875 return commit_creds(new);
879 abort_creds(new);
902 * cap_vm_enough_memory - Determine whether a new virtual mapping is permitted
903 * @mm: The VM space in which the new mapping is to be made
906 * Determine whether the allocation of a new virtual mapping by the current