diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2017-09-07 23:35:29 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2017-09-07 23:35:29 -0400 |
| commit | 828f4257d1d33aed0f9ef82982dcb8ace8b7fe86 (patch) | |
| tree | ce9e1fc4eaae2c66e8a5bba25579c32c229352b4 /security | |
| parent | 44ccba3f7b230af1bd7ebe173cbf5803df1df486 (diff) | |
| parent | fe8993b3a05cbba6318a54e0f85901aaea6fc244 (diff) | |
Merge tag 'secureexec-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull secureexec update from Kees Cook:
"This series has the ultimate goal of providing a sane stack rlimit
when running set*id processes.
To do this, the bprm_secureexec LSM hook is collapsed into the
bprm_set_creds hook so the secureexec-ness of an exec can be
determined early enough to make decisions about rlimits and the
resulting memory layouts. Other logic acting on the secureexec-ness of
an exec is similarly consolidated. Capabilities needed some special
handling, but the refactoring removed other special handling, so that
was a wash"
* tag 'secureexec-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
exec: Consolidate pdeath_signal clearing
exec: Use sane stack rlimit under secureexec
exec: Consolidate dumpability logic
smack: Remove redundant pdeath_signal clearing
exec: Use secureexec for clearing pdeath_signal
exec: Use secureexec for setting dumpability
LSM: drop bprm_secureexec hook
commoncap: Move cap_elevated calculation into bprm_set_creds
commoncap: Refactor to remove bprm_secureexec hook
smack: Refactor to remove bprm_secureexec hook
selinux: Refactor to remove bprm_secureexec hook
apparmor: Refactor to remove bprm_secureexec hook
binfmt: Introduce secureexec flag
exec: Correct comments about "point of no return"
exec: Rename bprm->cred_prepared to called_set_creds
Diffstat (limited to 'security')
| -rw-r--r-- | security/apparmor/domain.c | 21 | ||||
| -rw-r--r-- | security/apparmor/include/domain.h | 1 | ||||
| -rw-r--r-- | security/apparmor/include/file.h | 3 | ||||
| -rw-r--r-- | security/apparmor/lsm.c | 1 | ||||
| -rw-r--r-- | security/commoncap.c | 50 | ||||
| -rw-r--r-- | security/security.c | 5 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 26 | ||||
| -rw-r--r-- | security/smack/smack_lsm.c | 34 | ||||
| -rw-r--r-- | security/tomoyo/tomoyo.c | 2 |
9 files changed, 23 insertions, 120 deletions
diff --git a/security/apparmor/domain.c b/security/apparmor/domain.c index d0594446ae3f..17a601c67b62 100644 --- a/security/apparmor/domain.c +++ b/security/apparmor/domain.c | |||
| @@ -758,7 +758,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) | |||
| 758 | file_inode(bprm->file)->i_mode | 758 | file_inode(bprm->file)->i_mode |
| 759 | }; | 759 | }; |
| 760 | 760 | ||
| 761 | if (bprm->cred_prepared) | 761 | if (bprm->called_set_creds) |
| 762 | return 0; | 762 | return 0; |
| 763 | 763 | ||
| 764 | ctx = cred_ctx(bprm->cred); | 764 | ctx = cred_ctx(bprm->cred); |
| @@ -807,7 +807,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm) | |||
| 807 | aa_label_printk(new, GFP_ATOMIC); | 807 | aa_label_printk(new, GFP_ATOMIC); |
| 808 | dbg_printk("\n"); | 808 | dbg_printk("\n"); |
| 809 | } | 809 | } |
| 810 | bprm->unsafe |= AA_SECURE_X_NEEDED; | 810 | bprm->secureexec = 1; |
| 811 | } | 811 | } |
| 812 | 812 | ||
| 813 | if (label->proxy != new->proxy) { | 813 | if (label->proxy != new->proxy) { |
| @@ -843,23 +843,6 @@ audit: | |||
| 843 | goto done; | 843 | goto done; |
| 844 | } | 844 | } |
| 845 | 845 | ||
| 846 | /** | ||
| 847 | * apparmor_bprm_secureexec - determine if secureexec is needed | ||
| 848 | * @bprm: binprm for exec (NOT NULL) | ||
| 849 | * | ||
| 850 | * Returns: %1 if secureexec is needed else %0 | ||
| 851 | */ | ||
| 852 | int apparmor_bprm_secureexec(struct linux_binprm *bprm) | ||
| 853 | { | ||
| 854 | /* the decision to use secure exec is computed in set_creds | ||
| 855 | * and stored in bprm->unsafe. | ||
| 856 | */ | ||
| 857 | if (bprm->unsafe & AA_SECURE_X_NEEDED) | ||
| 858 | return 1; | ||
| 859 | |||
| 860 | return 0; | ||
| 861 | } | ||
| 862 | |||
| 863 | /* | 846 | /* |
| 864 | * Functions for self directed profile change | 847 | * Functions for self directed profile change |
| 865 | */ | 848 | */ |
diff --git a/security/apparmor/include/domain.h b/security/apparmor/include/domain.h index bab5810b6e9a..24c5976d6143 100644 --- a/security/apparmor/include/domain.h +++ b/security/apparmor/include/domain.h | |||
| @@ -30,7 +30,6 @@ struct aa_domain { | |||
| 30 | #define AA_CHANGE_STACK 8 | 30 | #define AA_CHANGE_STACK 8 |
| 31 | 31 | ||
| 32 | int apparmor_bprm_set_creds(struct linux_binprm *bprm); | 32 | int apparmor_bprm_set_creds(struct linux_binprm *bprm); |
| 33 | int apparmor_bprm_secureexec(struct linux_binprm *bprm); | ||
| 34 | 33 | ||
| 35 | void aa_free_domain_entries(struct aa_domain *domain); | 34 | void aa_free_domain_entries(struct aa_domain *domain); |
| 36 | int aa_change_hat(const char *hats[], int count, u64 token, int flags); | 35 | int aa_change_hat(const char *hats[], int count, u64 token, int flags); |
diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h index 001e40073ff9..4c2c8ac8842f 100644 --- a/security/apparmor/include/file.h +++ b/security/apparmor/include/file.h | |||
| @@ -101,9 +101,6 @@ static inline struct aa_label *aa_get_file_label(struct aa_file_ctx *ctx) | |||
| 101 | #define AA_X_INHERIT 0x4000 | 101 | #define AA_X_INHERIT 0x4000 |
| 102 | #define AA_X_UNCONFINED 0x8000 | 102 | #define AA_X_UNCONFINED 0x8000 |
| 103 | 103 | ||
| 104 | /* AA_SECURE_X_NEEDED - is passed in the bprm->unsafe field */ | ||
| 105 | #define AA_SECURE_X_NEEDED 0x8000 | ||
| 106 | |||
| 107 | /* need to make conditional which ones are being set */ | 104 | /* need to make conditional which ones are being set */ |
| 108 | struct path_cond { | 105 | struct path_cond { |
| 109 | kuid_t uid; | 106 | kuid_t uid; |
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 867bcd154c7e..7a82c0f61452 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c | |||
| @@ -694,7 +694,6 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = { | |||
| 694 | LSM_HOOK_INIT(bprm_set_creds, apparmor_bprm_set_creds), | 694 | LSM_HOOK_INIT(bprm_set_creds, apparmor_bprm_set_creds), |
| 695 | LSM_HOOK_INIT(bprm_committing_creds, apparmor_bprm_committing_creds), | 695 | LSM_HOOK_INIT(bprm_committing_creds, apparmor_bprm_committing_creds), |
| 696 | LSM_HOOK_INIT(bprm_committed_creds, apparmor_bprm_committed_creds), | 696 | LSM_HOOK_INIT(bprm_committed_creds, apparmor_bprm_committed_creds), |
| 697 | LSM_HOOK_INIT(bprm_secureexec, apparmor_bprm_secureexec), | ||
| 698 | 697 | ||
| 699 | LSM_HOOK_INIT(task_setrlimit, apparmor_task_setrlimit), | 698 | LSM_HOOK_INIT(task_setrlimit, apparmor_task_setrlimit), |
| 700 | }; | 699 | }; |
diff --git a/security/commoncap.c b/security/commoncap.c index 7abebd782d5e..d8e26fb9781d 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
| @@ -285,15 +285,6 @@ int cap_capset(struct cred *new, | |||
| 285 | return 0; | 285 | return 0; |
| 286 | } | 286 | } |
| 287 | 287 | ||
| 288 | /* | ||
| 289 | * Clear proposed capability sets for execve(). | ||
| 290 | */ | ||
| 291 | static inline void bprm_clear_caps(struct linux_binprm *bprm) | ||
| 292 | { | ||
| 293 | cap_clear(bprm->cred->cap_permitted); | ||
| 294 | bprm->cap_effective = false; | ||
| 295 | } | ||
| 296 | |||
| 297 | /** | 288 | /** |
| 298 | * cap_inode_need_killpriv - Determine if inode change affects privileges | 289 | * cap_inode_need_killpriv - Determine if inode change affects privileges |
| 299 | * @dentry: The inode/dentry in being changed with change marked ATTR_KILL_PRIV | 290 | * @dentry: The inode/dentry in being changed with change marked ATTR_KILL_PRIV |
| @@ -443,7 +434,7 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c | |||
| 443 | int rc = 0; | 434 | int rc = 0; |
| 444 | struct cpu_vfs_cap_data vcaps; | 435 | struct cpu_vfs_cap_data vcaps; |
| 445 | 436 | ||
| 446 | bprm_clear_caps(bprm); | 437 | cap_clear(bprm->cred->cap_permitted); |
| 447 | 438 | ||
| 448 | if (!file_caps_enabled) | 439 | if (!file_caps_enabled) |
| 449 | return 0; | 440 | return 0; |
| @@ -476,7 +467,7 @@ static int get_file_caps(struct linux_binprm *bprm, bool *effective, bool *has_c | |||
| 476 | 467 | ||
| 477 | out: | 468 | out: |
| 478 | if (rc) | 469 | if (rc) |
| 479 | bprm_clear_caps(bprm); | 470 | cap_clear(bprm->cred->cap_permitted); |
| 480 | 471 | ||
| 481 | return rc; | 472 | return rc; |
| 482 | } | 473 | } |
| @@ -585,8 +576,6 @@ skip: | |||
| 585 | if (WARN_ON(!cap_ambient_invariant_ok(new))) | 576 | if (WARN_ON(!cap_ambient_invariant_ok(new))) |
| 586 | return -EPERM; | 577 | return -EPERM; |
| 587 | 578 | ||
| 588 | bprm->cap_effective = effective; | ||
| 589 | |||
| 590 | /* | 579 | /* |
| 591 | * Audit candidate if current->cap_effective is set | 580 | * Audit candidate if current->cap_effective is set |
| 592 | * | 581 | * |
| @@ -614,33 +603,17 @@ skip: | |||
| 614 | if (WARN_ON(!cap_ambient_invariant_ok(new))) | 603 | if (WARN_ON(!cap_ambient_invariant_ok(new))) |
| 615 | return -EPERM; | 604 | return -EPERM; |
| 616 | 605 | ||
| 617 | return 0; | 606 | /* Check for privilege-elevated exec. */ |
| 618 | } | 607 | bprm->cap_elevated = 0; |
| 619 | 608 | if (is_setid) { | |
| 620 | /** | 609 | bprm->cap_elevated = 1; |
| 621 | * cap_bprm_secureexec - Determine whether a secure execution is required | 610 | } else if (!uid_eq(new->uid, root_uid)) { |
| 622 | * @bprm: The execution parameters | 611 | if (effective || |
| 623 | * | 612 | !cap_issubset(new->cap_permitted, new->cap_ambient)) |
| 624 | * Determine whether a secure execution is required, return 1 if it is, and 0 | 613 | bprm->cap_elevated = 1; |
| 625 | * if it is not. | ||
| 626 | * | ||
| 627 | * The credentials have been committed by this point, and so are no longer | ||
| 628 | * available through @bprm->cred. | ||
| 629 | */ | ||
| 630 | int cap_bprm_secureexec(struct linux_binprm *bprm) | ||
| 631 | { | ||
| 632 | const struct cred *cred = current_cred(); | ||
| 633 | kuid_t root_uid = make_kuid(cred->user_ns, 0); | ||
| 634 | |||
| 635 | if (!uid_eq(cred->uid, root_uid)) { | ||
| 636 | if (bprm->cap_effective) | ||
| 637 | return 1; | ||
| 638 | if (!cap_issubset(cred->cap_permitted, cred->cap_ambient)) | ||
| 639 | return 1; | ||
| 640 | } | 614 | } |
| 641 | 615 | ||
| 642 | return (!uid_eq(cred->euid, cred->uid) || | 616 | return 0; |
| 643 | !gid_eq(cred->egid, cred->gid)); | ||
| 644 | } | 617 | } |
| 645 | 618 | ||
| 646 | /** | 619 | /** |
| @@ -1079,7 +1052,6 @@ struct security_hook_list capability_hooks[] __lsm_ro_after_init = { | |||
| 1079 | LSM_HOOK_INIT(capget, cap_capget), | 1052 | LSM_HOOK_INIT(capget, cap_capget), |
| 1080 | LSM_HOOK_INIT(capset, cap_capset), | 1053 | LSM_HOOK_INIT(capset, cap_capset), |
| 1081 | LSM_HOOK_INIT(bprm_set_creds, cap_bprm_set_creds), | 1054 | LSM_HOOK_INIT(bprm_set_creds, cap_bprm_set_creds), |
| 1082 | LSM_HOOK_INIT(bprm_secureexec, cap_bprm_secureexec), | ||
| 1083 | LSM_HOOK_INIT(inode_need_killpriv, cap_inode_need_killpriv), | 1055 | LSM_HOOK_INIT(inode_need_killpriv, cap_inode_need_killpriv), |
| 1084 | LSM_HOOK_INIT(inode_killpriv, cap_inode_killpriv), | 1056 | LSM_HOOK_INIT(inode_killpriv, cap_inode_killpriv), |
| 1085 | LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), | 1057 | LSM_HOOK_INIT(mmap_addr, cap_mmap_addr), |
diff --git a/security/security.c b/security/security.c index 30132378d103..afc34f46c6c5 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -351,11 +351,6 @@ void security_bprm_committed_creds(struct linux_binprm *bprm) | |||
| 351 | call_void_hook(bprm_committed_creds, bprm); | 351 | call_void_hook(bprm_committed_creds, bprm); |
| 352 | } | 352 | } |
| 353 | 353 | ||
| 354 | int security_bprm_secureexec(struct linux_binprm *bprm) | ||
| 355 | { | ||
| 356 | return call_int_hook(bprm_secureexec, 0, bprm); | ||
| 357 | } | ||
| 358 | |||
| 359 | int security_sb_alloc(struct super_block *sb) | 354 | int security_sb_alloc(struct super_block *sb) |
| 360 | { | 355 | { |
| 361 | return call_int_hook(sb_alloc_security, 0, sb); | 356 | return call_int_hook(sb_alloc_security, 0, sb); |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 2f2e1338cd3d..ad3b0f53ede0 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -2356,7 +2356,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) | |||
| 2356 | 2356 | ||
| 2357 | /* SELinux context only depends on initial program or script and not | 2357 | /* SELinux context only depends on initial program or script and not |
| 2358 | * the script interpreter */ | 2358 | * the script interpreter */ |
| 2359 | if (bprm->cred_prepared) | 2359 | if (bprm->called_set_creds) |
| 2360 | return 0; | 2360 | return 0; |
| 2361 | 2361 | ||
| 2362 | old_tsec = current_security(); | 2362 | old_tsec = current_security(); |
| @@ -2442,30 +2442,17 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm) | |||
| 2442 | 2442 | ||
| 2443 | /* Clear any possibly unsafe personality bits on exec: */ | 2443 | /* Clear any possibly unsafe personality bits on exec: */ |
| 2444 | bprm->per_clear |= PER_CLEAR_ON_SETID; | 2444 | bprm->per_clear |= PER_CLEAR_ON_SETID; |
| 2445 | } | ||
| 2446 | |||
| 2447 | return 0; | ||
| 2448 | } | ||
| 2449 | |||
| 2450 | static int selinux_bprm_secureexec(struct linux_binprm *bprm) | ||
| 2451 | { | ||
| 2452 | const struct task_security_struct *tsec = current_security(); | ||
| 2453 | u32 sid, osid; | ||
| 2454 | int atsecure = 0; | ||
| 2455 | |||
| 2456 | sid = tsec->sid; | ||
| 2457 | osid = tsec->osid; | ||
| 2458 | 2445 | ||
| 2459 | if (osid != sid) { | ||
| 2460 | /* Enable secure mode for SIDs transitions unless | 2446 | /* Enable secure mode for SIDs transitions unless |
| 2461 | the noatsecure permission is granted between | 2447 | the noatsecure permission is granted between |
| 2462 | the two SIDs, i.e. ahp returns 0. */ | 2448 | the two SIDs, i.e. ahp returns 0. */ |
| 2463 | atsecure = avc_has_perm(osid, sid, | 2449 | rc = avc_has_perm(old_tsec->sid, new_tsec->sid, |
| 2464 | SECCLASS_PROCESS, | 2450 | SECCLASS_PROCESS, PROCESS__NOATSECURE, |
| 2465 | PROCESS__NOATSECURE, NULL); | 2451 | NULL); |
| 2452 | bprm->secureexec |= !!rc; | ||
| 2466 | } | 2453 | } |
| 2467 | 2454 | ||
| 2468 | return !!atsecure; | 2455 | return 0; |
| 2469 | } | 2456 | } |
| 2470 | 2457 | ||
| 2471 | static int match_file(const void *p, struct file *file, unsigned fd) | 2458 | static int match_file(const void *p, struct file *file, unsigned fd) |
| @@ -6266,7 +6253,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { | |||
| 6266 | LSM_HOOK_INIT(bprm_set_creds, selinux_bprm_set_creds), | 6253 | LSM_HOOK_INIT(bprm_set_creds, selinux_bprm_set_creds), |
| 6267 | LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds), | 6254 | LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds), |
| 6268 | LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds), | 6255 | LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds), |
| 6269 | LSM_HOOK_INIT(bprm_secureexec, selinux_bprm_secureexec), | ||
| 6270 | 6256 | ||
| 6271 | LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security), | 6257 | LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security), |
| 6272 | LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security), | 6258 | LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security), |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 463af86812c7..319add31b4a4 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
| @@ -917,7 +917,7 @@ static int smack_bprm_set_creds(struct linux_binprm *bprm) | |||
| 917 | struct superblock_smack *sbsp; | 917 | struct superblock_smack *sbsp; |
| 918 | int rc; | 918 | int rc; |
| 919 | 919 | ||
| 920 | if (bprm->cred_prepared) | 920 | if (bprm->called_set_creds) |
| 921 | return 0; | 921 | return 0; |
| 922 | 922 | ||
| 923 | isp = inode->i_security; | 923 | isp = inode->i_security; |
| @@ -950,35 +950,9 @@ static int smack_bprm_set_creds(struct linux_binprm *bprm) | |||
| 950 | bsp->smk_task = isp->smk_task; | 950 | bsp->smk_task = isp->smk_task; |
| 951 | bprm->per_clear |= PER_CLEAR_ON_SETID; | 951 | bprm->per_clear |= PER_CLEAR_ON_SETID; |
| 952 | 952 | ||
| 953 | return 0; | 953 | /* Decide if this is a secure exec. */ |
| 954 | } | ||
| 955 | |||
| 956 | /** | ||
| 957 | * smack_bprm_committing_creds - Prepare to install the new credentials | ||
| 958 | * from bprm. | ||
| 959 | * | ||
| 960 | * @bprm: binprm for exec | ||
| 961 | */ | ||
| 962 | static void smack_bprm_committing_creds(struct linux_binprm *bprm) | ||
| 963 | { | ||
| 964 | struct task_smack *bsp = bprm->cred->security; | ||
| 965 | |||
| 966 | if (bsp->smk_task != bsp->smk_forked) | 954 | if (bsp->smk_task != bsp->smk_forked) |
| 967 | current->pdeath_signal = 0; | 955 | bprm->secureexec = 1; |
| 968 | } | ||
| 969 | |||
| 970 | /** | ||
| 971 | * smack_bprm_secureexec - Return the decision to use secureexec. | ||
| 972 | * @bprm: binprm for exec | ||
| 973 | * | ||
| 974 | * Returns 0 on success. | ||
| 975 | */ | ||
| 976 | static int smack_bprm_secureexec(struct linux_binprm *bprm) | ||
| 977 | { | ||
| 978 | struct task_smack *tsp = current_security(); | ||
| 979 | |||
| 980 | if (tsp->smk_task != tsp->smk_forked) | ||
| 981 | return 1; | ||
| 982 | 956 | ||
| 983 | return 0; | 957 | return 0; |
| 984 | } | 958 | } |
| @@ -4645,8 +4619,6 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { | |||
| 4645 | LSM_HOOK_INIT(sb_parse_opts_str, smack_parse_opts_str), | 4619 | LSM_HOOK_INIT(sb_parse_opts_str, smack_parse_opts_str), |
| 4646 | 4620 | ||
| 4647 | LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds), | 4621 | LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds), |
| 4648 | LSM_HOOK_INIT(bprm_committing_creds, smack_bprm_committing_creds), | ||
| 4649 | LSM_HOOK_INIT(bprm_secureexec, smack_bprm_secureexec), | ||
| 4650 | 4622 | ||
| 4651 | LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), | 4623 | LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security), |
| 4652 | LSM_HOOK_INIT(inode_free_security, smack_inode_free_security), | 4624 | LSM_HOOK_INIT(inode_free_security, smack_inode_free_security), |
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 130b4fa4f65f..d25b705360e0 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c | |||
| @@ -76,7 +76,7 @@ static int tomoyo_bprm_set_creds(struct linux_binprm *bprm) | |||
| 76 | * Do only if this function is called for the first time of an execve | 76 | * Do only if this function is called for the first time of an execve |
| 77 | * operation. | 77 | * operation. |
| 78 | */ | 78 | */ |
| 79 | if (bprm->cred_prepared) | 79 | if (bprm->called_set_creds) |
| 80 | return 0; | 80 | return 0; |
| 81 | #ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER | 81 | #ifndef CONFIG_SECURITY_TOMOYO_OMIT_USERSPACE_LOADER |
| 82 | /* | 82 | /* |