aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
Diffstat (limited to 'security')
-rw-r--r--security/integrity/ima/ima_fs.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index ffbe259700b1..3305a9615863 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -15,6 +15,7 @@
15 * implemenents security file system for reporting 15 * implemenents security file system for reporting
16 * current measurement list and IMA statistics 16 * current measurement list and IMA statistics
17 */ 17 */
18#include <linux/fcntl.h>
18#include <linux/module.h> 19#include <linux/module.h>
19#include <linux/seq_file.h> 20#include <linux/seq_file.h>
20#include <linux/rculist.h> 21#include <linux/rculist.h>
@@ -283,6 +284,9 @@ static atomic_t policy_opencount = ATOMIC_INIT(1);
283 */ 284 */
284int ima_open_policy(struct inode * inode, struct file * filp) 285int ima_open_policy(struct inode * inode, struct file * filp)
285{ 286{
287 /* No point in being allowed to open it if you aren't going to write */
288 if (!(filp->f_flags & O_WRONLY))
289 return -EACCES;
286 if (atomic_dec_and_test(&policy_opencount)) 290 if (atomic_dec_and_test(&policy_opencount))
287 return 0; 291 return 0;
288 return -EBUSY; 292 return -EBUSY;
@@ -349,7 +353,7 @@ int ima_fs_init(void)
349 goto out; 353 goto out;
350 354
351 ima_policy = securityfs_create_file("policy", 355 ima_policy = securityfs_create_file("policy",
352 S_IRUSR | S_IRGRP | S_IWUSR, 356 S_IWUSR,
353 ima_dir, NULL, 357 ima_dir, NULL,
354 &ima_measure_policy_ops); 358 &ima_measure_policy_ops);
355 if (IS_ERR(ima_policy)) 359 if (IS_ERR(ima_policy))