198  * Determine whether the nominated task is permitted to trace the current
225  * @permitted: The place to record the permitted set
231 	       kernel_cap_t *inheritable, kernel_cap_t *permitted)  in cap_capget()  argument
240 	*permitted   = cred->cap_permitted;  in cap_capget()
247  * permitted set.  Returns 1 if they are limited, 0 if they are not.
266  * @permitted: A pointer to the proposed new permitted capabilities set
276 	       const kernel_cap_t *permitted)  in cap_capset()  argument
291 	/* verify restrictions on target's new Permitted set */  in cap_capset()
292 	if (!cap_issubset(*permitted, old->cap_permitted))  in cap_capset()
296 	if (!cap_issubset(*effective, *permitted))  in cap_capset()
301 	new->cap_permitted   = *permitted;  in cap_capset()
304 	 * Mask off ambient bits that are no longer both permitted and  in cap_capset()
308 					 cap_intersect(*permitted,  in cap_capset()
635 		(new->cap_bset.val & caps->permitted.val) |  in bprm_caps_from_vfs_caps()
638 	if (caps->permitted.val & ~new->cap_permitted.val)  in bprm_caps_from_vfs_caps()
645 	 * missing some "forced" (aka file-permitted) capabilities.  in bprm_caps_from_vfs_caps()
728 	cpu_caps->permitted.val = le32_to_cpu(caps->data[0].permitted);  in get_vfs_caps_from_disk()
736 		cpu_caps->permitted.val += (u64)le32_to_cpu(caps->data[1].permitted) << 32;  in get_vfs_caps_from_disk()
740 	cpu_caps->permitted.val &= CAP_VALID_MASK;  in get_vfs_caps_from_disk()
896 	       __cap_gained(permitted, new, old)) ||  in nonroot_raised_pE()
936 	if (__cap_gained(permitted, new, old))  in cap_bprm_creds_from_file()
946 	if ((is_setid || __cap_gained(permitted, new, old)) &&  in cap_bprm_creds_from_file()
999 	      __cap_grew(permitted, ambient, new))))  in cap_bprm_creds_from_file()
1086  * cap_emulate_setxuid() fixes the effective / permitted capabilities of
1090  *  {r,e,s}uid != 0, the permitted and effective capabilities are
1097  *  capabilities are set to the permitted capabilities.
1106  * calls setuid() and switches away from uid==0. Both permitted and
1217  * cap_task_setscheduler - Determine if scheduler policy change is permitted
1220  * Determine if the requested scheduler policy change is permitted for the
1231  * cap_task_setioprio - Determine if I/O priority change is permitted
1235  * Determine if the requested I/O priority change is permitted for the specified
1246  * cap_task_setnice - Determine if task priority change is permitted
1250  * Determine if the requested task priority change is permitted for the
1438  * cap_vm_enough_memory - Determine whether a new virtual mapping is permitted
1443  * task is permitted.