250 int cap_capset(struct cred *new,  in cap_capset()  argument
277 	new->cap_effective   = *effective;  in cap_capset()
278 	new->cap_inheritable = *inheritable;  in cap_capset()
279 	new->cap_permitted   = *permitted;  in cap_capset()
344 	struct cred *new = bprm->cred;  in bprm_caps_from_vfs_caps()  local
361 		new->cap_permitted.cap[i] =  in bprm_caps_from_vfs_caps()
362 			(new->cap_bset.cap[i] & permitted) |  in bprm_caps_from_vfs_caps()
363 			(new->cap_inheritable.cap[i] & inheritable);  in bprm_caps_from_vfs_caps()
365 		if (permitted & ~new->cap_permitted.cap[i])  in bprm_caps_from_vfs_caps()
486 	struct cred *new = bprm->cred;  in cap_bprm_set_creds()  local
496 	root_uid = make_kuid(new->user_ns, 0);  in cap_bprm_set_creds()
504 		if (has_cap && !uid_eq(new->uid, root_uid) && uid_eq(new->euid, root_uid)) {  in cap_bprm_set_creds()
515 		if (uid_eq(new->euid, root_uid) || uid_eq(new->uid, root_uid)) {  in cap_bprm_set_creds()
517 			new->cap_permitted = cap_combine(old->cap_bset,  in cap_bprm_set_creds()
520 		if (uid_eq(new->euid, root_uid))  in cap_bprm_set_creds()
526 	if (!cap_issubset(new->cap_permitted, old->cap_permitted))  in cap_bprm_set_creds()
535 	if ((!uid_eq(new->euid, old->uid) ||  in cap_bprm_set_creds()
536 	     !gid_eq(new->egid, old->gid) ||  in cap_bprm_set_creds()
537 	     !cap_issubset(new->cap_permitted, old->cap_permitted)) &&  in cap_bprm_set_creds()
542 			new->euid = new->uid;  in cap_bprm_set_creds()
543 			new->egid = new->gid;  in cap_bprm_set_creds()
545 		new->cap_permitted = cap_intersect(new->cap_permitted,  in cap_bprm_set_creds()
549 	new->suid = new->fsuid = new->euid;  in cap_bprm_set_creds()
550 	new->sgid = new->fsgid = new->egid;  in cap_bprm_set_creds()
553 		new->cap_effective = new->cap_permitted;  in cap_bprm_set_creds()
555 		cap_clear(new->cap_effective);  in cap_bprm_set_creds()
570 	if (!cap_isclear(new->cap_effective)) {  in cap_bprm_set_creds()
571 		if (!cap_issubset(CAP_FULL_SET, new->cap_effective) ||  in cap_bprm_set_creds()
572 		    !uid_eq(new->euid, root_uid) || !uid_eq(new->uid, root_uid) ||  in cap_bprm_set_creds()
574 			ret = audit_log_bprm_fcaps(bprm, new, old);  in cap_bprm_set_creds()
580 	new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS);  in cap_bprm_set_creds()
695 static inline void cap_emulate_setxuid(struct cred *new, const struct cred *old)  in cap_emulate_setxuid()  argument
702 	    (!uid_eq(new->uid, root_uid) &&  in cap_emulate_setxuid()
703 	     !uid_eq(new->euid, root_uid) &&  in cap_emulate_setxuid()
704 	     !uid_eq(new->suid, root_uid)) &&  in cap_emulate_setxuid()
706 		cap_clear(new->cap_permitted);  in cap_emulate_setxuid()
707 		cap_clear(new->cap_effective);  in cap_emulate_setxuid()
709 	if (uid_eq(old->euid, root_uid) && !uid_eq(new->euid, root_uid))  in cap_emulate_setxuid()
710 		cap_clear(new->cap_effective);  in cap_emulate_setxuid()
711 	if (!uid_eq(old->euid, root_uid) && uid_eq(new->euid, root_uid))  in cap_emulate_setxuid()
712 		new->cap_effective = new->cap_permitted;  in cap_emulate_setxuid()
724 int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags)  in cap_task_fix_setuid()  argument
733 			cap_emulate_setxuid(new, old);  in cap_task_fix_setuid()
745 			if (uid_eq(old->fsuid, root_uid) && !uid_eq(new->fsuid, root_uid))  in cap_task_fix_setuid()
746 				new->cap_effective =  in cap_task_fix_setuid()
747 					cap_drop_fs_set(new->cap_effective);  in cap_task_fix_setuid()
749 			if (!uid_eq(old->fsuid, root_uid) && uid_eq(new->fsuid, root_uid))  in cap_task_fix_setuid()
750 				new->cap_effective =  in cap_task_fix_setuid()
751 					cap_raise_fs_set(new->cap_effective,  in cap_task_fix_setuid()
752 							 new->cap_permitted);  in cap_task_fix_setuid()
831 	struct cred *new;  in cap_prctl_drop()  local
838 	new = prepare_creds();  in cap_prctl_drop()
839 	if (!new)  in cap_prctl_drop()
841 	cap_lower(new->cap_bset, cap);  in cap_prctl_drop()
842 	return commit_creds(new);  in cap_prctl_drop()
861 	struct cred *new;  in cap_task_prctl()  local
910 		new = prepare_creds();  in cap_task_prctl()
911 		if (!new)  in cap_task_prctl()
913 		new->securebits = arg2;  in cap_task_prctl()
914 		return commit_creds(new);  in cap_task_prctl()
928 		new = prepare_creds();  in cap_task_prctl()
929 		if (!new)  in cap_task_prctl()
932 			new->securebits |= issecure_mask(SECURE_KEEP_CAPS);  in cap_task_prctl()
934 			new->securebits &= ~issecure_mask(SECURE_KEEP_CAPS);  in cap_task_prctl()
935 		return commit_creds(new);  in cap_task_prctl()