1 files changed, 30 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 710894d4841b..d569cde440e6 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1615,6 +1615,35 @@ static inline u32 file_mask_to_av(int mode, int mask)
        return av;
 }
+/*
+ * Convert a file mask to an access vector and include the correct open
+ * open permission.
+ */
+static inline u32 open_file_mask_to_av(int mode, int mask)
+{
+        u32 av = file_mask_to_av(mode, mask);
+        if (selinux_policycap_openperm) {
+                /*
+                 * lnk files and socks do not really have an 'open'
+                 */
+                if (S_ISREG(mode))
+                        av |= FILE__OPEN;
+                else if (S_ISCHR(mode))
+                        av |= CHR_FILE__OPEN;
+                else if (S_ISBLK(mode))
+                        av |= BLK_FILE__OPEN;
+                else if (S_ISFIFO(mode))
+                        av |= FIFO_FILE__OPEN;
+                else if (S_ISDIR(mode))
+                        av |= DIR__OPEN;
+                else
+                        printk(KERN_ERR "SELinux: WARNING: inside open_file_to_av "
+                                "with unknown mode:%x\n", mode);
+        }
+        return av;
+}
 /* Convert a Linux file to an access vector. */
 static inline u32 file_to_av(struct file *file)
 {
@@ -2532,7 +2561,7 @@ static int selinux_inode_permission(struct inode *inode, int mask,
        }
        return inode_has_perm(current, inode,
-                               file_mask_to_av(inode->i_mode, mask), NULL);
+                               open_file_mask_to_av(inode->i_mode, mask), NULL);
 }
 static int selinux_inode_setattr(struct dentry *dentry, struct iattr *iattr)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 710894d4841b..d569cde440e6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -1615,6 +1615,35 @@ static inline u32 file_mask_to_av(int mode, int mask)
1615	return av;	1615	return av;
1616	}	1616	}
1617		1617
		1618	/*
		1619	* Convert a file mask to an access vector and include the correct open
		1620	* open permission.
		1621	*/
		1622	static inline u32 open_file_mask_to_av(int mode, int mask)
		1623	{
		1624	u32 av = file_mask_to_av(mode, mask);
		1625
		1626	if (selinux_policycap_openperm) {
		1627	/*
		1628	* lnk files and socks do not really have an 'open'
		1629	*/
		1630	if (S_ISREG(mode))
		1631	av \|= FILE__OPEN;
		1632	else if (S_ISCHR(mode))
		1633	av \|= CHR_FILE__OPEN;
		1634	else if (S_ISBLK(mode))
		1635	av \|= BLK_FILE__OPEN;
		1636	else if (S_ISFIFO(mode))
		1637	av \|= FIFO_FILE__OPEN;
		1638	else if (S_ISDIR(mode))
		1639	av \|= DIR__OPEN;
		1640	else
		1641	printk(KERN_ERR "SELinux: WARNING: inside open_file_to_av "
		1642	"with unknown mode:%x\n", mode);
		1643	}
		1644	return av;
		1645	}
		1646
1618	/* Convert a Linux file to an access vector. */	1647	/* Convert a Linux file to an access vector. */
1619	static inline u32 file_to_av(struct file *file)	1648	static inline u32 file_to_av(struct file *file)
1620	{	1649	{
@@ -2532,7 +2561,7 @@ static int selinux_inode_permission(struct inode *inode, int mask,
2532	}	2561	}
2533		2562
2534	return inode_has_perm(current, inode,	2563	return inode_has_perm(current, inode,
2535	file_mask_to_av(inode->i_mode, mask), NULL);	2564	open_file_mask_to_av(inode->i_mode, mask), NULL);
2536	}	2565	}
2537		2566
2538	static int selinux_inode_setattr(struct dentry dentry, struct iattr iattr)	2567	static int selinux_inode_setattr(struct dentry dentry, struct iattr iattr)