security: Push full creds info into may_xxx checks

It's not enough to check only uids on dump and restore -- we need to
check e-ids and s-ids now (and caps in the future).
Signed-off-by: Pavel Emelyanov <xemul@parallels.com>

cr-dump.c

@@ -1388,7 +1388,7 @@ static int dump_one_task(struct pstree_item *item)
 	if (ret)
 		goto err;
 
-	if (!may_dump_uid(cr.uids[0])) {
+	if (!may_dump(&cr)) {
 		ret = -1;
 		pr_err("Check uid (pid: %d) failed\n", pid);
 		goto err;

cr-restore.c

@@ -1957,7 +1957,7 @@ static int prepare_creds(int pid, struct task_restore_core_args *args)
 		return -1;
 	}
 
-	if (!may_restore_uid(ce->uid))
+	if (!may_restore(ce))
 		return -1;
 
 	args->creds = *ce;

include/crtools.h

@@ -209,7 +209,9 @@ static inline bool pid_rst_prio(unsigned pid_a, unsigned pid_b)
 }
 
 void restrict_uid(unsigned int uid);
-bool may_dump_uid(unsigned int uid);
-bool may_restore_uid(unsigned int uid);
+struct proc_status_creds;
+bool may_dump(struct proc_status_creds *);
+struct _CredsEntry;
+bool may_restore(struct _CredsEntry *);
 
 #endif /* __CR_CRTOOLS_H__ */

security.c

 #include <unistd.h>
 #include "crtools.h"
+#include "proc_parse.h"
 #include "log.h"
 
 static unsigned int cr_uid; /* UID which user can C/R */
@@ -27,8 +28,10 @@ static bool check_uid(unsigned int uid)
 	return false;
 }
 
-bool may_dump_uid(unsigned int uid)
+bool may_dump(struct proc_status_creds *creds)
 {
+	unsigned int uid = creds->uids[0];
+
 	if (check_uid(uid))
 		return true;
 
@@ -36,8 +39,10 @@ bool may_dump_uid(unsigned int uid)
 	return false;
 }
 
-bool may_restore_uid(unsigned int uid)
+bool may_restore(CredsEntry *creds)
 {
+	unsigned int uid = creds->uid;
+
 	if (check_uid(uid))
 		return true;