153  * Check whether a caller with old credentials @old is allowed to switch to
156 static bool id_permitted_for_cred(const struct cred *old, kid_t new_id, enum setid_type new_type)  in id_permitted_for_cred()  argument
160 	/* If our old creds already had this ID in it, it's fine. */  in id_permitted_for_cred()
162 		if (uid_eq(new_id.uid, old->uid) || uid_eq(new_id.uid, old->euid) ||  in id_permitted_for_cred()
163 			uid_eq(new_id.uid, old->suid))  in id_permitted_for_cred()
166 		if (gid_eq(new_id.gid, old->gid) || gid_eq(new_id.gid, old->egid) ||  in id_permitted_for_cred()
167 			gid_eq(new_id.gid, old->sgid))  in id_permitted_for_cred()
173 	 * Transitions to new UIDs require a check against the policy of the old  in id_permitted_for_cred()
177 	    setid_policy_lookup((kid_t){.uid = old->uid}, new_id, new_type) != SIDPOL_CONSTRAINED;  in id_permitted_for_cred()
182 				__kuid_val(old->uid), __kuid_val(old->euid),  in id_permitted_for_cred()
183 				__kuid_val(old->suid), __kuid_val(new_id.uid));  in id_permitted_for_cred()
186 				__kgid_val(old->gid), __kgid_val(old->egid),  in id_permitted_for_cred()
187 				__kgid_val(old->sgid), __kgid_val(new_id.gid));  in id_permitted_for_cred()
195  * Check whether there is either an exception for user under old cred struct to
200 				     const struct cred *old,  in safesetid_task_fix_setuid()  argument
204 	/* Do nothing if there are no setuid restrictions for our old RUID. */  in safesetid_task_fix_setuid()
205 	if (setid_policy_lookup((kid_t){.uid = old->uid}, INVALID_ID, UID) == SIDPOL_DEFAULT)  in safesetid_task_fix_setuid()
208 	if (id_permitted_for_cred(old, (kid_t){.uid = new->uid}, UID) &&  in safesetid_task_fix_setuid()
209 	    id_permitted_for_cred(old, (kid_t){.uid = new->euid}, UID) &&  in safesetid_task_fix_setuid()
210 	    id_permitted_for_cred(old, (kid_t){.uid = new->suid}, UID) &&  in safesetid_task_fix_setuid()
211 	    id_permitted_for_cred(old, (kid_t){.uid = new->fsuid}, UID))  in safesetid_task_fix_setuid()
224 				     const struct cred *old,  in safesetid_task_fix_setgid()  argument
228 	/* Do nothing if there are no setgid restrictions for our old RGID. */  in safesetid_task_fix_setgid()
229 	if (setid_policy_lookup((kid_t){.gid = old->gid}, INVALID_ID, GID) == SIDPOL_DEFAULT)  in safesetid_task_fix_setgid()
232 	if (id_permitted_for_cred(old, (kid_t){.gid = new->gid}, GID) &&  in safesetid_task_fix_setgid()
233 	    id_permitted_for_cred(old, (kid_t){.gid = new->egid}, GID) &&  in safesetid_task_fix_setgid()
234 	    id_permitted_for_cred(old, (kid_t){.gid = new->sgid}, GID) &&  in safesetid_task_fix_setgid()
235 	    id_permitted_for_cred(old, (kid_t){.gid = new->fsgid}, GID))  in safesetid_task_fix_setgid()