Lines Matching defs:new
175 struct cred *new;
177 new = kmem_cache_zalloc(cred_jar, GFP_KERNEL);
178 if (!new)
181 atomic_long_set(&new->usage, 1);
182 if (security_cred_alloc_blank(new, GFP_KERNEL_ACCOUNT) < 0)
185 return new;
188 abort_creds(new);
193 * prepare_creds - Prepare a new set of credentials for modification
195 * Prepare a new set of task credentials for modification. A task's creds
197 * prepare a new copy, which the caller then modifies and then commits by
202 * Returns a pointer to the new creds-to-be if successful, NULL otherwise.
210 struct cred *new;
212 new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
213 if (!new)
216 kdebug("prepare_creds() alloc %p", new);
219 memcpy(new, old, sizeof(struct cred));
221 new->non_rcu = 0;
222 atomic_long_set(&new->usage, 1);
223 get_group_info(new->group_info);
224 get_uid(new->user);
225 get_user_ns(new->user_ns);
228 key_get(new->session_keyring);
229 key_get(new->process_keyring);
230 key_get(new->thread_keyring);
231 key_get(new->request_key_auth);
235 new->security = NULL;
238 new->ucounts = get_ucounts(new->ucounts);
239 if (!new->ucounts)
242 if (security_prepare_creds(new, old, GFP_KERNEL_ACCOUNT) < 0)
245 return new;
248 abort_creds(new);
259 struct cred *new;
261 new = prepare_creds();
262 if (!new)
263 return new;
267 key_put(new->thread_keyring);
268 new->thread_keyring = NULL;
270 /* inherit the session keyring; new process keyring */
271 key_put(new->process_keyring);
272 new->process_keyring = NULL;
275 new->suid = new->fsuid = new->euid;
276 new->sgid = new->fsgid = new->egid;
278 return new;
282 * Copy credentials for the new process created by fork()
284 * We share if we can, but under some circumstances we have to generate a new
287 * The new process gets the current process's subjective credentials as its
292 struct cred *new;
312 new = prepare_creds();
313 if (!new)
317 ret = create_user_ns(new);
320 ret = set_cred_ucounts(new);
326 /* new threads get their own thread keyrings if their parent already
328 if (new->thread_keyring) {
329 key_put(new->thread_keyring);
330 new->thread_keyring = NULL;
332 install_thread_keyring_to_cred(new);
339 key_put(new->process_keyring);
340 new->process_keyring = NULL;
344 p->cred = p->real_cred = get_cred(new);
349 put_cred(new);
379 * commit_creds - Install new credentials upon the current task
380 * @new: The credentials to be assigned
382 * Install a new set of credentials to the current task, using RCU to replace
387 * This function eats the caller's reference to the new credentials.
392 int commit_creds(struct cred *new)
397 kdebug("commit_creds(%p{%ld})", new,
398 atomic_long_read(&new->usage));
401 BUG_ON(atomic_long_read(&new->usage) < 1);
403 get_cred(new); /* we will require a ref for the subj creds too */
406 if (!uid_eq(old->euid, new->euid) ||
407 !gid_eq(old->egid, new->egid) ||
408 !uid_eq(old->fsuid, new->fsuid) ||
409 !gid_eq(old->fsgid, new->fsgid) ||
410 !cred_cap_issubset(old, new)) {
427 if (!uid_eq(new->fsuid, old->fsuid))
428 key_fsuid_changed(new);
429 if (!gid_eq(new->fsgid, old->fsgid))
430 key_fsgid_changed(new);
436 if (new->user != old->user || new->user_ns != old->user_ns)
437 inc_rlimit_ucounts(new->ucounts, UCOUNT_RLIMIT_NPROC, 1);
438 rcu_assign_pointer(task->real_cred, new);
439 rcu_assign_pointer(task->cred, new);
440 if (new->user != old->user || new->user_ns != old->user_ns)
444 if (!uid_eq(new->uid, old->uid) ||
445 !uid_eq(new->euid, old->euid) ||
446 !uid_eq(new->suid, old->suid) ||
447 !uid_eq(new->fsuid, old->fsuid))
450 if (!gid_eq(new->gid, old->gid) ||
451 !gid_eq(new->egid, old->egid) ||
452 !gid_eq(new->sgid, old->sgid) ||
453 !gid_eq(new->fsgid, old->fsgid))
464 * @new: The credentials that were going to be applied
469 void abort_creds(struct cred *new)
471 kdebug("abort_creds(%p{%ld})", new,
472 atomic_long_read(&new->usage));
474 BUG_ON(atomic_long_read(&new->usage) < 1);
475 put_cred(new);
481 * @new: The credentials to be assigned
486 const struct cred *override_creds(const struct cred *new)
490 kdebug("override_creds(%p{%ld})", new,
491 atomic_long_read(&new->usage));
501 get_new_cred((struct cred *)new);
502 old = override_creds_light(new);
583 int set_cred_ucounts(struct cred *new)
585 struct ucounts *new_ucounts, *old_ucounts = new->ucounts;
591 if (old_ucounts->ns == new->user_ns && uid_eq(old_ucounts->uid, new->uid))
594 if (!(new_ucounts = alloc_ucounts(new->user_ns, new->uid)))
597 new->ucounts = new_ucounts;
627 * Returns the new credentials or NULL if out of memory.
632 struct cred *new;
637 new = kmem_cache_alloc(cred_jar, GFP_KERNEL);
638 if (!new)
641 kdebug("prepare_kernel_cred() alloc %p", new);
645 *new = *old;
646 new->non_rcu = 0;
647 atomic_long_set(&new->usage, 1);
648 get_uid(new->user);
649 get_user_ns(new->user_ns);
650 get_group_info(new->group_info);
653 new->session_keyring = NULL;
654 new->process_keyring = NULL;
655 new->thread_keyring = NULL;
656 new->request_key_auth = NULL;
657 new->jit_keyring = KEY_REQKEY_DEFL_THREAD_KEYRING;
661 new->security = NULL;
663 new->ucounts = get_ucounts(new->ucounts);
664 if (!new->ucounts)
667 if (security_prepare_creds(new, old, GFP_KERNEL_ACCOUNT) < 0)
671 return new;
674 put_cred(new);
682 * @new: The credentials to alter
688 int set_security_override(struct cred *new, u32 secid)
690 return security_kernel_act_as(new, secid);
696 * @new: The credentials to alter
704 int set_security_override_from_ctx(struct cred *new, const char *secctx)
713 return set_security_override(new, secid);
719 * @new: The credentials to alter
723 * as the object context of the specified inode, so that the new inodes have
726 int set_create_files_as(struct cred *new, struct inode *inode)
730 new->fsuid = inode->i_uid;
731 new->fsgid = inode->i_gid;
732 return security_kernel_create_files_as(new, inode);