#include <linux/kernel.h>
#include <linux/fs.h>
#include <linux/dcache.h>
#include <linux/cred.h>
#include <linux/proc_fs.h>
#include <linux/proc_ns.h>
#include <linux/string.h>
#include <linux/dcache.h>
#include <linux/security.h>
#include <linux/namei.h>
#include <linux/audit.h>

#include "lve_internal.h"
#include "lve_debug.h"
#include "resource.h"
#include "lve_global_params.h"
#include "lve_task_locker.h"
#include "link_protect.h"

static kuid_t min_uid = { .val = 500 };
extern bool lve_setuid_enter;

int sandbox_task_fix_setuid(struct cred *new,
			const struct cred *old,
			int flags)
{
	int ret = 0;
	uid_t euid = from_kuid(current_user_ns(), new->euid),
	      muid = from_kuid(current_user_ns(), min_uid);

	if (!lve_setuid_enter)
		goto out;

	/* setresuid() only */
	if (flags != LSM_SETID_RES)
		goto out;

	if (uid_eq(new->euid, GLOBAL_ROOT_UID))
		goto out;

	if (uid_lt(new->euid, min_uid))
		goto out;

	/* Skip if we're already in LVE */
	if (NODEID_LVEID(lve_node_id(current)) != ROOT_LVE) {
		LVE_DBG("%s: Already in LVE!!! euid = %u\n", __func__, euid);
		goto out;
	}

	if (!handle_task_filter())
		goto out;

	lve_task_lock(current);
	LVE_API_ENTER();

	ret = _lve_enter(current, ROOT_LVP, euid,
			&(struct ve_enter){ NULL, 
			LVE_ENTER_NO_CREATE});
	LVE_API_EXIT();
	lve_task_unlock(current);

	if (ret == -ENOENT)
		LVE_DBG("LVE %u doesn't exists\n", euid);
out:
	trace_setuid_enter(lve_setuid_enter, flags, euid, muid,
			   NODEID_LVEID(lve_node_id(current)), ret);

	/* Ignore error for now */
	if (ret < 0)
		ret = 0;

	return ret;
}