Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\commoncap.c Create Date:2022-07-28 18:37:00
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:ap_task_fix_setuid - Fix up the results of setuid() call*@new: The proposed credentials*@old: The current task's current credentials*@flags: Indications of what has changed* Fix up the results of setuid() call before the credential changes are

Proto:int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags)

Type:int

Parameter:

TypeParameterName
struct cred *new
const struct cred *old
intflags
1037  Case flags == setreuid or setregid, id0 == real, id1 == eff
1038  Case flags == setuid or setgid, id0 == uid or gid
1039  Case flags == setresuid or setresgid, id0 == real, id1 == eff, uid2 == saved
1042  If Not issecure(When set, setuid to/from uid 0 does not trigger capability-"fixup".When unset, to provide compatiblility with old programs relying onset*uid to gain/lose privilege, transitions to/from uid 0 causecapabilities to be gained/lost. ) Then ap_emulate_setxuid() fixes the effective / permitted capabilities of* a process after a call to setuid, setreuid, or setresuid.* 1) When set*uiding _from_ one of {r,e,s}uid == 0 _to_ all of* {r,e,s}uid != 0, the permitted and effective capabilities are
1044  Break
1046  Case flags == setfsuid or setfsgid, id0 == fsuid or fsgid
1053  If Not issecure(When set, setuid to/from uid 0 does not trigger capability-"fixup".When unset, to provide compatiblility with old programs relying onset*uid to gain/lose privilege, transitions to/from uid 0 causecapabilities to be gained/lost. ) Then
1054  root_uid = make_kuid - Map a user-namespace uid pair into a kuid
1055  If uid_eq( UID for VFS ops , root_uid) && Not uid_eq( UID for VFS ops , root_uid) Then caps we can actually use = Used to decide between falling back on the old suser() or fsuser().
1059  If Not uid_eq( UID for VFS ops , root_uid) && uid_eq( UID for VFS ops , root_uid) Then caps we can actually use = cap_raise_fs_set( caps we can actually use , caps we're permitted )
1064  Break
1066  Default
1067  Return -EINVAL
1070  Return 0