projects / linux-block.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 034294f) | patch
selinux: add support for xperms in conditional policies
authorChristian Göttsche <cgzones@googlemail.com>
Wed, 23 Oct 2024 15:27:10 +0000 (17:27 +0200)
committerPaul Moore <paul@paul-moore.com>
Fri, 13 Dec 2024 21:35:38 +0000 (16:35 -0500)
commit4aa176193475d37441cc52b84088542f3a59899a
treea7db1ea0ce0e051b8b08e07833db31888fd5f8b1tree
parent034294fbfdf0ded4f931f9503d2ca5bbf8b9aebdcommit | diff
selinux: add support for xperms in conditional policies

Add support for extended permission rules in conditional policies.
Currently the kernel accepts such rules already, but evaluating a
security decision will hit a BUG() in
services_compute_xperms_decision().  Thus reject extended permission
rules in conditional policies for current policy versions.

Add a new policy version for this feature.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Tested-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
security/selinux/include/security.h diff | blob | blame | history
security/selinux/ss/avtab.c diff | blob | blame | history
security/selinux/ss/avtab.h diff | blob | blame | history
security/selinux/ss/conditional.c diff | blob | blame | history
security/selinux/ss/policydb.c diff | blob | blame | history
security/selinux/ss/services.c diff | blob | blame | history
Linux 6.x block layer and io_uring tree(s)