242 	       const struct cred *old,  in cap_capset()  argument
249 			  cap_combine(old->cap_inheritable,  in cap_capset()
250 				      old->cap_permitted)))  in cap_capset()
255 			  cap_combine(old->cap_inheritable,  in cap_capset()
256 				      old->cap_bset)))  in cap_capset()
261 	if (!cap_issubset(*permitted, old->cap_permitted))  in cap_capset()
739 	const struct cred *old = current_cred();  in handle_privileged_root()  local
760 		new->cap_permitted = cap_combine(old->cap_bset,  in handle_privileged_root()
761 						 old->cap_inheritable);  in handle_privileged_root()
777 static inline bool __is_setuid(struct cred *new, const struct cred *old)  in __is_setuid()  argument
778 { return !uid_eq(new->euid, old->uid); }  in __is_setuid()
780 static inline bool __is_setgid(struct cred *new, const struct cred *old)  in __is_setgid()  argument
781 { return !gid_eq(new->egid, old->gid); }  in __is_setgid()
800 static inline bool nonroot_raised_pE(struct cred *new, const struct cred *old,  in nonroot_raised_pE()  argument
812 	    (!__is_setuid(new, old) &&  in nonroot_raised_pE()
814 	       __cap_gained(permitted, new, old)) ||  in nonroot_raised_pE()
815 	      __cap_gained(ambient, new, old))))  in nonroot_raised_pE()
832 	const struct cred *old = current_cred();  in cap_bprm_set_creds()  local
838 	new->cap_ambient = old->cap_ambient;  in cap_bprm_set_creds()
839 	if (WARN_ON(!cap_ambient_invariant_ok(old)))  in cap_bprm_set_creds()
851 	if (__cap_gained(permitted, new, old))  in cap_bprm_set_creds()
859 	is_setid = __is_setuid(new, old) || __is_setgid(new, old);  in cap_bprm_set_creds()
861 	if ((is_setid || __cap_gained(permitted, new, old)) &&  in cap_bprm_set_creds()
871 						   old->cap_permitted);  in cap_bprm_set_creds()
899 	if (nonroot_raised_pE(new, old, root_uid, has_fcap)) {  in cap_bprm_set_creds()
900 		ret = audit_log_bprm_fcaps(bprm, new, old);  in cap_bprm_set_creds()
1021 static inline void cap_emulate_setxuid(struct cred *new, const struct cred *old)  in cap_emulate_setxuid()  argument
1023 	kuid_t root_uid = make_kuid(old->user_ns, 0);  in cap_emulate_setxuid()
1025 	if ((uid_eq(old->uid, root_uid) ||  in cap_emulate_setxuid()
1026 	     uid_eq(old->euid, root_uid) ||  in cap_emulate_setxuid()
1027 	     uid_eq(old->suid, root_uid)) &&  in cap_emulate_setxuid()
1043 	if (uid_eq(old->euid, root_uid) && !uid_eq(new->euid, root_uid))  in cap_emulate_setxuid()
1045 	if (!uid_eq(old->euid, root_uid) && uid_eq(new->euid, root_uid))  in cap_emulate_setxuid()
1058 int cap_task_fix_setuid(struct cred *new, const struct cred *old, int flags)  in cap_task_fix_setuid()  argument
1067 			cap_emulate_setxuid(new, old);  in cap_task_fix_setuid()
1078 			kuid_t root_uid = make_kuid(old->user_ns, 0);  in cap_task_fix_setuid()
1079 			if (uid_eq(old->fsuid, root_uid) && !uid_eq(new->fsuid, root_uid))  in cap_task_fix_setuid()
1083 			if (!uid_eq(old->fsuid, root_uid) && uid_eq(new->fsuid, root_uid))  in cap_task_fix_setuid()
1194 	const struct cred *old = current_cred();  in cap_task_prctl()  local
1201 		return !!cap_raised(old->cap_bset, arg2);  in cap_task_prctl()
1226 		if ((((old->securebits & SECURE_ALL_LOCKS) >> 1)  in cap_task_prctl()
1227 		     & (old->securebits ^ arg2))			/*[1]*/  in cap_task_prctl()
1228 		    || ((old->securebits & SECURE_ALL_LOCKS & ~arg2))	/*[2]*/  in cap_task_prctl()
1252 		return old->securebits;  in cap_task_prctl()