Commit 3ee41bac authored by Mimi Zohar's avatar Mimi Zohar Committed by Greg Kroah-Hartman

IMA: open new file for read

commit 6c1488fd upstream.

When creating a new file, ima_path_check() assumed the new file
was being opened for write. Call ima_path_check() with the
appropriate acc_mode so that the read/write counters are
incremented correctly.
Signed-off-by: default avatarMimi Zohar <zohar@us.ibm.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent 112a62dd
...@@ -1533,9 +1533,11 @@ int may_open(struct path *path, int acc_mode, int flag) ...@@ -1533,9 +1533,11 @@ int may_open(struct path *path, int acc_mode, int flag)
if (error) if (error)
return error; return error;
error = ima_path_check(path, error = ima_path_check(path, acc_mode ?
acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC), acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC) :
ACC_MODE(flag) & (MAY_READ | MAY_WRITE),
IMA_COUNT_UPDATE); IMA_COUNT_UPDATE);
if (error) if (error)
return error; return error;
/* /*
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment