Re: [PATCH v2] selinux: add support for xperms in conditional policies

From: Paul Moore
Date: Fri Dec 13 2024 - 16:35:51 EST

Next message: Jiri Olsa: "Re: [PATCH bpf-next 04/13] uprobes: Add arch_uprobe_verify_opcode function"
Previous message: Miguel Ojeda: "Re: [PATCH v13 0/2] rust: xarray: Add a minimal abstraction for XArray"
In reply to: Stephen Smalley: "Re: [PATCH v2] selinux: add support for xperms in conditional policies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Oct 23, 2024 =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgoettsche@xxxxxxxxxxxxx> wrote:
>
> Add support for extended permission rules in conditional policies.
> Currently the kernel accepts such rules already, but evaluating a
> security decision will hit a BUG() in
> services_compute_xperms_decision(). Thus reject extended permission
> rules in conditional policies for current policy versions.
>
> Add a new policy version for this feature.
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> ---
> v2:
> rebased onto the netlink xperm patch
> ---
> security/selinux/include/security.h | 3 ++-
> security/selinux/ss/avtab.c | 11 +++++++++--
> security/selinux/ss/avtab.h | 2 +-
> security/selinux/ss/conditional.c | 2 +-
> security/selinux/ss/policydb.c | 5 +++++
> security/selinux/ss/services.c | 12 ++++++++----
> 6 files changed, 26 insertions(+), 9 deletions(-)

Merged into selinux/dev, thanks for working on this and your patience!

--
paul-moore.com

Next message: Jiri Olsa: "Re: [PATCH bpf-next 04/13] uprobes: Add arch_uprobe_verify_opcode function"
Previous message: Miguel Ojeda: "Re: [PATCH v13 0/2] rust: xarray: Add a minimal abstraction for XArray"
In reply to: Stephen Smalley: "Re: [PATCH v2] selinux: add support for xperms in conditional policies"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]