IMA: open new file for read
When creating a new file, ima_path_check() assumed the new file was being opened for write. Call ima_path_check() with the appropriate acc_mode so that the read/write counters are incremented correctly. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
ee18d64c1f
commit
6c1488fd58
|
@ -1533,9 +1533,11 @@ int may_open(struct path *path, int acc_mode, int flag)
|
|||
if (error)
|
||||
return error;
|
||||
|
||||
error = ima_path_check(path,
|
||||
acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC),
|
||||
error = ima_path_check(path, acc_mode ?
|
||||
acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC) :
|
||||
ACC_MODE(flag) & (MAY_READ | MAY_WRITE),
|
||||
IMA_COUNT_UPDATE);
|
||||
|
||||
if (error)
|
||||
return error;
|
||||
/*
|
||||
|
|
Loading…
Reference in New Issue