SELinux: loosen DAC perms on reading policy

[~andy/linux] / security / selinux / selinuxfs.c

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index d7018bfa1f00a607aeade4d0047a11ccf8cf7a7e..f4b5a0baaec4d9597b03e656e3b5fb1b9b4302e2 100644 (file)
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -496,6 +496,7 @@ static const struct file_operations sel_policy_ops = {
        .read           = sel_read_policy,
        .mmap           = sel_mmap_policy,
        .release        = sel_release_policy,
+       .llseek         = generic_file_llseek,
 };
 
 static ssize_t sel_write_load(struct file *file, const char __user *buf,
@@ -1831,7 +1832,7 @@ static int sel_fill_super(struct super_block *sb, void *data, int silent)
                [SEL_REJECT_UNKNOWN] = {"reject_unknown", &sel_handle_unknown_ops, S_IRUGO},
                [SEL_DENY_UNKNOWN] = {"deny_unknown", &sel_handle_unknown_ops, S_IRUGO},
                [SEL_STATUS] = {"status", &sel_handle_status_ops, S_IRUGO},
-               [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUSR},
+               [SEL_POLICY] = {"policy", &sel_policy_ops, S_IRUGO},
                /* last one */ {""}
        };
        ret = simple_fill_super(sb, SELINUX_MAGIC, selinux_files);