From 20f482ab9e0f800d1e01ce748ebd382d085abe56 Mon Sep 17 00:00:00 2001 From: Lans Zhang Date: Fri, 6 Jan 2017 12:38:11 +0800 Subject: [PATCH] ima: allow to check MAY_APPEND Otherwise some mask and inmask tokens with MAY_APPEND flag may not work as expected. Signed-off-by: Lans Zhang Signed-off-by: Mimi Zohar --- security/integrity/ima/ima_api.c | 3 ++- security/integrity/ima/ima_main.c | 6 +++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index d01a52f8f708..c2edba8de35e 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -157,7 +157,8 @@ err_out: /** * ima_get_action - appraise & measure decision based on policy. * @inode: pointer to inode to measure - * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXECUTE) + * @mask: contains the permission mask (MAY_READ, MAY_WRITE, MAY_EXEC, + * MAY_APPEND) * @func: caller identifier * @pcr: pointer filled in if matched measure policy sets pcr= * diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index d5e492bd2899..2aebb7984437 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -309,7 +309,7 @@ int ima_bprm_check(struct linux_binprm *bprm) /** * ima_path_check - based on policy, collect/store measurement. * @file: pointer to the file to be measured - * @mask: contains MAY_READ, MAY_WRITE or MAY_EXECUTE + * @mask: contains MAY_READ, MAY_WRITE, MAY_EXEC or MAY_APPEND * * Measure files based on the ima_must_measure() policy decision. * @@ -319,8 +319,8 @@ int ima_bprm_check(struct linux_binprm *bprm) int ima_file_check(struct file *file, int mask, int opened) { return process_measurement(file, NULL, 0, - mask & (MAY_READ | MAY_WRITE | MAY_EXEC), - FILE_CHECK, opened); + mask & (MAY_READ | MAY_WRITE | MAY_EXEC | + MAY_APPEND), FILE_CHECK, opened); } EXPORT_SYMBOL_GPL(ima_file_check); -- 2.20.1