diff options
| -rw-r--r-- | fs/namei.c | 2 | ||||
| -rw-r--r-- | include/linux/fs.h | 2 | ||||
| -rw-r--r-- | security/tomoyo/tomoyo.c | 7 |
3 files changed, 3 insertions, 8 deletions
diff --git a/fs/namei.c b/fs/namei.c index 1b26b1620664..d930f1856ed2 100644 --- a/fs/namei.c +++ b/fs/namei.c | |||
| @@ -1620,7 +1620,7 @@ struct file *do_filp_open(int dfd, const char *pathname, | |||
| 1620 | open_flag |= O_DSYNC; | 1620 | open_flag |= O_DSYNC; |
| 1621 | 1621 | ||
| 1622 | if (!acc_mode) | 1622 | if (!acc_mode) |
| 1623 | acc_mode = MAY_OPEN | ACC_MODE(flag); | 1623 | acc_mode = MAY_OPEN | ACC_MODE(open_flag); |
| 1624 | 1624 | ||
| 1625 | /* O_TRUNC implies we need access checks for write permissions */ | 1625 | /* O_TRUNC implies we need access checks for write permissions */ |
| 1626 | if (flag & O_TRUNC) | 1626 | if (flag & O_TRUNC) |
diff --git a/include/linux/fs.h b/include/linux/fs.h index 9147ca88f253..b1bcb275b596 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h | |||
| @@ -2463,7 +2463,7 @@ int proc_nr_files(struct ctl_table *table, int write, | |||
| 2463 | 2463 | ||
| 2464 | int __init get_filesystem_list(char *buf); | 2464 | int __init get_filesystem_list(char *buf); |
| 2465 | 2465 | ||
| 2466 | #define ACC_MODE(x) ("\000\004\002\006"[(x)&O_ACCMODE]) | 2466 | #define ACC_MODE(x) ("\004\002\006\006"[(x)&O_ACCMODE]) |
| 2467 | #define OPEN_FMODE(flag) ((__force fmode_t)((flag + 1) & O_ACCMODE)) | 2467 | #define OPEN_FMODE(flag) ((__force fmode_t)((flag + 1) & O_ACCMODE)) |
| 2468 | 2468 | ||
| 2469 | #endif /* __KERNEL__ */ | 2469 | #endif /* __KERNEL__ */ |
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 8a00ade85166..2aceebf5f354 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c | |||
| @@ -80,9 +80,8 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm) | |||
| 80 | return tomoyo_find_next_domain(bprm); | 80 | return tomoyo_find_next_domain(bprm); |
| 81 | /* | 81 | /* |
| 82 | * Read permission is checked against interpreters using next domain. | 82 | * Read permission is checked against interpreters using next domain. |
| 83 | * '1' is the result of open_to_namei_flags(O_RDONLY). | ||
| 84 | */ | 83 | */ |
| 85 | return tomoyo_check_open_permission(domain, &bprm->file->f_path, 1); | 84 | return tomoyo_check_open_permission(domain, &bprm->file->f_path, O_RDONLY); |
| 86 | } | 85 | } |
| 87 | 86 | ||
| 88 | static int tomoyo_path_truncate(struct path *path, loff_t length, | 87 | static int tomoyo_path_truncate(struct path *path, loff_t length, |
| @@ -184,10 +183,6 @@ static int tomoyo_file_fcntl(struct file *file, unsigned int cmd, | |||
| 184 | static int tomoyo_dentry_open(struct file *f, const struct cred *cred) | 183 | static int tomoyo_dentry_open(struct file *f, const struct cred *cred) |
| 185 | { | 184 | { |
| 186 | int flags = f->f_flags; | 185 | int flags = f->f_flags; |
| 187 | |||
| 188 | if ((flags + 1) & O_ACCMODE) | ||
| 189 | flags++; | ||
| 190 | flags |= f->f_flags & (O_APPEND | O_TRUNC); | ||
| 191 | /* Don't check read permission here if called from do_execve(). */ | 186 | /* Don't check read permission here if called from do_execve(). */ |
| 192 | if (current->in_execve) | 187 | if (current->in_execve) |
| 193 | return 0; | 188 | return 0; |