www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Christian Göttsche <cgzones@googlemail.com>
	Wed, 23 Oct 2024 15:27:10 +0000 (17:27 +0200)
committer	Paul Moore <paul@paul-moore.com>
	Fri, 13 Dec 2024 21:35:38 +0000 (16:35 -0500)
commit	4aa176193475d37441cc52b84088542f3a59899a
tree	a7db1ea0ce0e051b8b08e07833db31888fd5f8b1	tree
parent	034294fbfdf0ded4f931f9503d2ca5bbf8b9aebd	commit \| diff

selinux: add support for xperms in conditional policies

Add support for extended permission rules in conditional policies.
Currently the kernel accepts such rules already, but evaluating a
security decision will hit a BUG() in
services_compute_xperms_decision(). Thus reject extended permission
rules in conditional policies for current policy versions.

Add a new policy version for this feature.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Tested-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

security/selinux/include/security.h		diff \| blob \| history
security/selinux/ss/avtab.c		diff \| blob \| history
security/selinux/ss/avtab.h		diff \| blob \| history
security/selinux/ss/conditional.c		diff \| blob \| history
security/selinux/ss/policydb.c		diff \| blob \| history
security/selinux/ss/services.c		diff \| blob \| history