From: Mimi Zohar <zohar@linux.vnet.ibm.com>
Date: Wed, 2 Sep 2009 15:40:32 +0000 (-0400)
Subject: IMA: open new file for read
X-Git-Tag: v2.6.31.4~14
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3ee41bac34c00a52fa91085ffcef445bc8df92a9;p=thirdparty%2Fkernel%2Fstable.git

IMA: open new file for read

commit 6c1488fd581a447ec87c4b59f0d33f95f0aa441b upstream.

When creating a new file, ima_path_check() assumed the new file
was being opened for write. Call ima_path_check() with the
appropriate acc_mode so that the read/write counters are
incremented correctly.

Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/fs/namei.c b/fs/namei.c
index 1f13751693a50..fcfc5539252c2 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1533,9 +1533,11 @@ int may_open(struct path *path, int acc_mode, int flag)
 	if (error)
 		return error;
 
-	error = ima_path_check(path,
-			       acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC),
+	error = ima_path_check(path, acc_mode ?
+			       acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC) :
+			       ACC_MODE(flag) & (MAY_READ | MAY_WRITE),
 			       IMA_COUNT_UPDATE);
+
 	if (error)
 		return error;
 	/*