150  * Check whether a caller with old credentials @old is allowed to switch to
153 static bool id_permitted_for_cred(const struct cred *old, kid_t new_id, enum setid_type new_type)  in id_permitted_for_cred()  argument
157 	/* If our old creds already had this ID in it, it's fine. */  in id_permitted_for_cred()
159 		if (uid_eq(new_id.uid, old->uid) || uid_eq(new_id.uid, old->euid) ||  in id_permitted_for_cred()
160 			uid_eq(new_id.uid, old->suid))  in id_permitted_for_cred()
163 		if (gid_eq(new_id.gid, old->gid) || gid_eq(new_id.gid, old->egid) ||  in id_permitted_for_cred()
164 			gid_eq(new_id.gid, old->sgid))  in id_permitted_for_cred()
170 	 * Transitions to new UIDs require a check against the policy of the old  in id_permitted_for_cred()
174 	    setid_policy_lookup((kid_t){.uid = old->uid}, new_id, new_type) != SIDPOL_CONSTRAINED;  in id_permitted_for_cred()
179 				__kuid_val(old->uid), __kuid_val(old->euid),  in id_permitted_for_cred()
180 				__kuid_val(old->suid), __kuid_val(new_id.uid));  in id_permitted_for_cred()
183 				__kgid_val(old->gid), __kgid_val(old->egid),  in id_permitted_for_cred()
184 				__kgid_val(old->sgid), __kgid_val(new_id.gid));  in id_permitted_for_cred()
192  * Check whether there is either an exception for user under old cred struct to
197 				     const struct cred *old,  in safesetid_task_fix_setuid()  argument
201 	/* Do nothing if there are no setuid restrictions for our old RUID. */  in safesetid_task_fix_setuid()
202 	if (setid_policy_lookup((kid_t){.uid = old->uid}, INVALID_ID, UID) == SIDPOL_DEFAULT)  in safesetid_task_fix_setuid()
205 	if (id_permitted_for_cred(old, (kid_t){.uid = new->uid}, UID) &&  in safesetid_task_fix_setuid()
206 	    id_permitted_for_cred(old, (kid_t){.uid = new->euid}, UID) &&  in safesetid_task_fix_setuid()
207 	    id_permitted_for_cred(old, (kid_t){.uid = new->suid}, UID) &&  in safesetid_task_fix_setuid()
208 	    id_permitted_for_cred(old, (kid_t){.uid = new->fsuid}, UID))  in safesetid_task_fix_setuid()
221 				     const struct cred *old,  in safesetid_task_fix_setgid()  argument
225 	/* Do nothing if there are no setgid restrictions for our old RGID. */  in safesetid_task_fix_setgid()
226 	if (setid_policy_lookup((kid_t){.gid = old->gid}, INVALID_ID, GID) == SIDPOL_DEFAULT)  in safesetid_task_fix_setgid()
229 	if (id_permitted_for_cred(old, (kid_t){.gid = new->gid}, GID) &&  in safesetid_task_fix_setgid()
230 	    id_permitted_for_cred(old, (kid_t){.gid = new->egid}, GID) &&  in safesetid_task_fix_setgid()
231 	    id_permitted_for_cred(old, (kid_t){.gid = new->sgid}, GID) &&  in safesetid_task_fix_setgid()
232 	    id_permitted_for_cred(old, (kid_t){.gid = new->fsgid}, GID))  in safesetid_task_fix_setgid()