tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
ima: allow to check MAY_APPEND
Otherwise some mask and inmask tokens with MAY_APPEND flag may not work
as expected.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
authored by
Lans Zhang
and committed by
Mimi Zohar
20f482ab
bc15ed66
+5
-4
+2
-1
security/integrity/ima/ima_api.c
+2
-1
security/integrity/ima/ima_api.c
···
157
157
/**
158
158
* ima_get_action - appraise & measure decision based on policy.
159
159
* @inode: pointer to inode to measure
160
-
* @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE)
160
+
* @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC,
161
+
* MAY_APPEND)
161
162
* @func: caller identifier
162
163
* @pcr: pointer filled in if matched measure policy sets pcr=
163
164
*
+3
-3
security/integrity/ima/ima_main.c
+3
-3
security/integrity/ima/ima_main.c
···
309
309
/**
310
310
* ima_path_check - based on policy, collect/store measurement.
311
311
* @file: pointer to the file to be measured
312
-
* @mask: contains MAY_READ, MAY_WRITE or MAY_EXECUTE
312
+
* @mask: contains MAY_READ, MAY_WRITE, MAY_EXEC or MAY_APPEND
313
313
*
314
314
* Measure files based on the ima_must_measure() policy decision.
315
315
*
···
319
319
int ima_file_check(struct file *file, int mask, int opened)
320
320
{
321
321
return process_measurement(file, NULL, 0,
322
-
mask & (MAY_READ | MAY_WRITE | MAY_EXEC),
323
-
FILE_CHECK, opened);
322
+
mask & (MAY_READ | MAY_WRITE | MAY_EXEC |
323
+
MAY_APPEND), FILE_CHECK, opened);
324
324
}
325
325
EXPORT_SYMBOL_GPL(ima_file_check);
326
326