Lines Matching full:uid
39 if (policy->type == UID) { in _setid_policy_lookup()
40 hash_for_each_possible(policy->rules, rule, next, __kuid_val(src.uid)) { in _setid_policy_lookup()
41 if (!uid_eq(rule->src_id.uid, src.uid)) in _setid_policy_lookup()
43 if (uid_eq(rule->dst_id.uid, dst.uid)) in _setid_policy_lookup()
73 if (new_type == UID) in setid_policy_lookup()
114 if (setid_policy_lookup((kid_t){.uid = cred->uid}, INVALID_ID, UID) == SIDPOL_DEFAULT) in safesetid_security_capable()
118 * set*uid() (e.g. setting up userns uid mappings). in safesetid_security_capable()
120 …ation requires CAP_SETUID, which is not available to UID %u for operations besides approved set*ui… in safesetid_security_capable()
121 __kuid_val(cred->uid)); in safesetid_security_capable()
153 if (new_type == UID) { in id_permitted_for_cred()
154 if (uid_eq(new_id.uid, old->uid) || uid_eq(new_id.uid, old->euid) || in id_permitted_for_cred()
155 uid_eq(new_id.uid, old->suid)) in id_permitted_for_cred()
169 setid_policy_lookup((kid_t){.uid = old->uid}, new_id, new_type) != SIDPOL_CONSTRAINED; in id_permitted_for_cred()
172 if (new_type == UID) { in id_permitted_for_cred()
173 pr_warn("UID transition ((%d,%d,%d) -> %d) blocked\n", in id_permitted_for_cred()
174 __kuid_val(old->uid), __kuid_val(old->euid), in id_permitted_for_cred()
175 __kuid_val(old->suid), __kuid_val(new_id.uid)); in id_permitted_for_cred()
188 * set*uid to user under new cred struct, or the UID transition is allowed (by
189 * Linux set*uid rules) even without CAP_SETUID.
197 if (setid_policy_lookup((kid_t){.uid = old->uid}, INVALID_ID, UID) == SIDPOL_DEFAULT) in safesetid_task_fix_setuid()
200 if (id_permitted_for_cred(old, (kid_t){.uid = new->uid}, UID) && in safesetid_task_fix_setuid()
201 id_permitted_for_cred(old, (kid_t){.uid = new->euid}, UID) && in safesetid_task_fix_setuid()
202 id_permitted_for_cred(old, (kid_t){.uid = new->suid}, UID) && in safesetid_task_fix_setuid()
203 id_permitted_for_cred(old, (kid_t){.uid = new->fsuid}, UID)) in safesetid_task_fix_setuid()