summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c2
-rw-r--r--security/smack/smack_lsm.c2
2 files changed, 4 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 85338f0c0481..0c98846f188d 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2645,6 +2645,8 @@ static int selinux_inode_permission(struct inode *inode, int mask)
{
const struct cred *cred = current_cred();
+ mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
+
if (!mask) {
/* No permission to check. Existence test. */
return 0;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 07abc9ce72f2..9192ba366a4c 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -598,6 +598,8 @@ static int smack_inode_rename(struct inode *old_inode,
static int smack_inode_permission(struct inode *inode, int mask)
{
struct smk_audit_info ad;
+
+ mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
/*
* No permission to check. Existence test. Yup, it's there.
*/