Lines Matching full:uid
38 if (policy->type == UID) { in _setid_policy_lookup()
39 hash_for_each_possible(policy->rules, rule, next, __kuid_val(src.uid)) { in _setid_policy_lookup()
40 if (!uid_eq(rule->src_id.uid, src.uid)) in _setid_policy_lookup()
42 if (uid_eq(rule->dst_id.uid, dst.uid)) in _setid_policy_lookup()
72 if (new_type == UID) in setid_policy_lookup()
113 if (setid_policy_lookup((kid_t){.uid = cred->uid}, INVALID_ID, UID) == SIDPOL_DEFAULT) in safesetid_security_capable()
117 * set*uid() (e.g. setting up userns uid mappings). in safesetid_security_capable()
119 …ation requires CAP_SETUID, which is not available to UID %u for operations besides approved set*ui… in safesetid_security_capable()
120 __kuid_val(cred->uid)); in safesetid_security_capable()
152 if (new_type == UID) { in id_permitted_for_cred()
153 if (uid_eq(new_id.uid, old->uid) || uid_eq(new_id.uid, old->euid) || in id_permitted_for_cred()
154 uid_eq(new_id.uid, old->suid)) in id_permitted_for_cred()
168 setid_policy_lookup((kid_t){.uid = old->uid}, new_id, new_type) != SIDPOL_CONSTRAINED; in id_permitted_for_cred()
171 if (new_type == UID) { in id_permitted_for_cred()
172 pr_warn("UID transition ((%d,%d,%d) -> %d) blocked\n", in id_permitted_for_cred()
173 __kuid_val(old->uid), __kuid_val(old->euid), in id_permitted_for_cred()
174 __kuid_val(old->suid), __kuid_val(new_id.uid)); in id_permitted_for_cred()
187 * set*uid to user under new cred struct, or the UID transition is allowed (by
188 * Linux set*uid rules) even without CAP_SETUID.
196 if (setid_policy_lookup((kid_t){.uid = old->uid}, INVALID_ID, UID) == SIDPOL_DEFAULT) in safesetid_task_fix_setuid()
199 if (id_permitted_for_cred(old, (kid_t){.uid = new->uid}, UID) && in safesetid_task_fix_setuid()
200 id_permitted_for_cred(old, (kid_t){.uid = new->euid}, UID) && in safesetid_task_fix_setuid()
201 id_permitted_for_cred(old, (kid_t){.uid = new->suid}, UID) && in safesetid_task_fix_setuid()
202 id_permitted_for_cred(old, (kid_t){.uid = new->fsuid}, UID)) in safesetid_task_fix_setuid()