Reorder some `Credentials` methods

2026-02-04 22:58:28 +08:00 · 2026-02-04 22:58:28 +08:00 · 5bd40d7bd5
parent 5d0779bd83
commit 5bd40d7bd5
2 changed files with 54 additions and 54 deletions
--- a/kernel/src/process/credentials/credentials_.rs
+++ b/kernel/src/process/credentials/credentials_.rs
@ -98,10 +98,6 @@ impl Credentials_ {
        self.fsuid.load(Ordering::Relaxed)
    }

-    pub(super) fn keep_capabilities(&self) -> bool {
-        self.securebits.load(Ordering::Relaxed).keep_capabilities()
-    }
-
    pub(super) fn set_uid(&self, uid: Uid) {
        if self.is_privileged() {
            self.set_resuid_unchecked(Some(uid), Some(uid), Some(uid));
@ -406,17 +402,6 @@ impl Credentials_ {
        self.sgid.store(sgid, Ordering::Relaxed);
    }

-    pub(super) fn set_keep_capabilities(&self, keep_capabilities: bool) -> Result<()> {
-        let current_bits = self.securebits();
-        let stored_bits = if !keep_capabilities {
-            current_bits - SecureBits::KEEP_CAPS
-        } else {
-            current_bits | SecureBits::KEEP_CAPS
-        };
-
-        self.securebits.try_store(stored_bits, Ordering::Relaxed)
-    }
-
    // For `setregid`, rgid can *NOT* be set to old sgid,
    // while for `setresgid`, ruid can be set to old sgid.
    fn check_gid_perm(
@ -519,6 +504,21 @@ impl Credentials_ {
            .store(effective_capset, Ordering::Relaxed);
    }

+    pub(super) fn keep_capabilities(&self) -> bool {
+        self.securebits.load(Ordering::Relaxed).keep_capabilities()
+    }
+
+    pub(super) fn set_keep_capabilities(&self, keep_capabilities: bool) -> Result<()> {
+        let current_bits = self.securebits();
+        let stored_bits = if !keep_capabilities {
+            current_bits - SecureBits::KEEP_CAPS
+        } else {
+            current_bits | SecureBits::KEEP_CAPS
+        };
+
+        self.securebits.try_store(stored_bits, Ordering::Relaxed)
+    }
+
    //  ******* SecureBits methods *******

    pub(super) fn securebits(&self) -> SecureBits {
--- a/kernel/src/process/credentials/static_cap.rs
+++ b/kernel/src/process/credentials/static_cap.rs
@ -77,14 +77,6 @@ impl<R: TRights> Credentials<R> {
        self.0.fsuid()
    }

-    /// Gets keep capabilities flag.
-    ///
-    /// This method requires the `Read` right.
-    #[require(R > Read)]
-    pub fn keep_capabilities(&self) -> bool {
-        self.0.keep_capabilities()
-    }
-
    /// Sets uid. If self is privileged, sets the effective, real, saved-set user ids as `uid`,
    /// Otherwise, sets effective user id as `uid`.
    ///
@ -145,16 +137,6 @@ impl<R: TRights> Credentials<R> {
        self.0.set_suid(euid);
    }

-    /// Sets keep capabilities flag.
-    ///
-    /// If the [`SecureBits::KEEP_CAPS_LOCKED`] is set, this method will return an error.
-    ///
-    /// This method requires the `Write` right.
-    #[require(R > Write)]
-    pub fn set_keep_capabilities(&self, keep_capabilities: bool) -> Result<()> {
-        self.0.set_keep_capabilities(keep_capabilities)
-    }
-
    // *********** Gid methods **********

    /// Gets real group id.
@ -249,27 +231,6 @@ impl<R: TRights> Credentials<R> {
        self.0.set_sgid(egid);
    }

-    // *********** SecureBits methods **********
-
-    /// Gets the secure bits.
-    ///
-    /// This method requires the `Read` right.
-    #[require(R > Read)]
-    pub fn securebits(&self) -> SecureBits {
-        self.0.securebits()
-    }
-
-    /// Sets the secure bits.
-    ///
-    /// If the caller does not have the `CAP_SETPCAP` capability, or if it tries to set
-    /// locked bits, this method will return an error.
-    ///
-    /// This method requires the `Write` right.
-    #[require(R > Write)]
-    pub fn set_securebits(&self, securebits: SecureBits) -> Result<()> {
-        self.0.set_securebits(securebits)
-    }
-
    // *********** Supplementary group methods **********

    /// Acquires the read lock of supplementary group ids.
@ -337,4 +298,43 @@ impl<R: TRights> Credentials<R> {
    pub fn set_effective_capset(&self, effective_capset: CapSet) {
        self.0.set_effective_capset(effective_capset);
    }
+
+    /// Gets keep capabilities flag.
+    ///
+    /// This method requires the `Read` right.
+    #[require(R > Read)]
+    pub fn keep_capabilities(&self) -> bool {
+        self.0.keep_capabilities()
+    }
+
+    /// Sets keep capabilities flag.
+    ///
+    /// If the [`SecureBits::KEEP_CAPS_LOCKED`] is set, this method will return an error.
+    ///
+    /// This method requires the `Write` right.
+    #[require(R > Write)]
+    pub fn set_keep_capabilities(&self, keep_capabilities: bool) -> Result<()> {
+        self.0.set_keep_capabilities(keep_capabilities)
+    }
+
+    // *********** SecureBits methods **********
+
+    /// Gets the secure bits.
+    ///
+    /// This method requires the `Read` right.
+    #[require(R > Read)]
+    pub fn securebits(&self) -> SecureBits {
+        self.0.securebits()
+    }
+
+    /// Sets the secure bits.
+    ///
+    /// If the caller does not have the `CAP_SETPCAP` capability, or if it tries to set
+    /// locked bits, this method will return an error.
+    ///
+    /// This method requires the `Write` right.
+    #[require(R > Write)]
+    pub fn set_securebits(&self, securebits: SecureBits) -> Result<()> {
+        self.0.set_securebits(securebits)
+    }
 }