IMA: open new file for read

commit 6c1488fd581a447ec87c4b59f0d33f95f0aa441b upstream. When creating a new file, ima_path_check() assumed the new file was being opened for write. Call ima_path_check() with the appropriate acc_mode so that the read/write counters are incremented correctly. Signed-off-by: Mimi Zohar <zohar@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
author: Mimi Zohar <zohar@linux.vnet.ibm.com> 2009-09-02 11:40:32 -0400
committer: Greg Kroah-Hartman <gregkh@suse.de> 2009-10-12 12:40:22 -0700
commit: 3ee41bac34c00a52fa91085ffcef445bc8df92a9 (patch)
tree: 8a706f554a753551790b7e95c61b9b3cb43112ab
parent: 112a62ddb32952943517bd170f0eeb26a6f0738f (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/fs/namei.c b/fs/namei.c
index 1f13751693a5..fcfc5539252c 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1533,9 +1533,11 @@ int may_open(struct path *path, int acc_mode, int flag)
 	if (error)
 		return error;
 
-	error = ima_path_check(path,
-			       acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC),
+	error = ima_path_check(path, acc_mode ?
+			       acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC) :
+			       ACC_MODE(flag) & (MAY_READ | MAY_WRITE),
 			       IMA_COUNT_UPDATE);
+
 	if (error)
 		return error;
 	/*
author	Mimi Zohar <zohar@linux.vnet.ibm.com>	2009-09-02 11:40:32 -0400
committer	Greg Kroah-Hartman <gregkh@suse.de>	2009-10-12 12:40:22 -0700
commit	3ee41bac34c00a52fa91085ffcef445bc8df92a9 (patch)
tree	8a706f554a753551790b7e95c61b9b3cb43112ab
parent	112a62ddb32952943517bd170f0eeb26a6f0738f (diff)