diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/integrity/ima/ima_fs.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index ffbe259700b1..3305a9615863 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c | |||
@@ -15,6 +15,7 @@ | |||
15 | * implemenents security file system for reporting | 15 | * implemenents security file system for reporting |
16 | * current measurement list and IMA statistics | 16 | * current measurement list and IMA statistics |
17 | */ | 17 | */ |
18 | #include <linux/fcntl.h> | ||
18 | #include <linux/module.h> | 19 | #include <linux/module.h> |
19 | #include <linux/seq_file.h> | 20 | #include <linux/seq_file.h> |
20 | #include <linux/rculist.h> | 21 | #include <linux/rculist.h> |
@@ -283,6 +284,9 @@ static atomic_t policy_opencount = ATOMIC_INIT(1); | |||
283 | */ | 284 | */ |
284 | int ima_open_policy(struct inode * inode, struct file * filp) | 285 | int ima_open_policy(struct inode * inode, struct file * filp) |
285 | { | 286 | { |
287 | /* No point in being allowed to open it if you aren't going to write */ | ||
288 | if (!(filp->f_flags & O_WRONLY)) | ||
289 | return -EACCES; | ||
286 | if (atomic_dec_and_test(&policy_opencount)) | 290 | if (atomic_dec_and_test(&policy_opencount)) |
287 | return 0; | 291 | return 0; |
288 | return -EBUSY; | 292 | return -EBUSY; |
@@ -349,7 +353,7 @@ int ima_fs_init(void) | |||
349 | goto out; | 353 | goto out; |
350 | 354 | ||
351 | ima_policy = securityfs_create_file("policy", | 355 | ima_policy = securityfs_create_file("policy", |
352 | S_IRUSR | S_IRGRP | S_IWUSR, | 356 | S_IWUSR, |
353 | ima_dir, NULL, | 357 | ima_dir, NULL, |
354 | &ima_measure_policy_ops); | 358 | &ima_measure_policy_ops); |
355 | if (IS_ERR(ima_policy)) | 359 | if (IS_ERR(ima_policy)) |