diff options
| author | ThiƩbaud Weksteen <tweek@google.com> | 2024-12-05 02:09:19 +0100 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2024-12-16 03:59:03 +0100 |
| commit | 900f83cf376bdaf798b6f5dcb2eae0c822e908b6 (patch) | |
| tree | 67b26c3e6176d828af0799710fb75f484fd99fc9 /security | |
| parent | Linux 6.13-rc1 (diff) | |
| download | linux-900f83cf376bdaf798b6f5dcb2eae0c822e908b6.tar.xz linux-900f83cf376bdaf798b6f5dcb2eae0c822e908b6.zip | |
selinux: ignore unknown extended permissions
When evaluating extended permissions, ignore unknown permissions instead
of calling BUG(). This commit ensures that future permissions can be
added without interfering with older kernels.
Cc: stable@vger.kernel.org
Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls")
Signed-off-by: ThiƩbaud Weksteen <tweek@google.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/ss/services.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 971c45d576ba..3d5c563cfc4c 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -979,7 +979,10 @@ void services_compute_xperms_decision(struct extended_perms_decision *xpermd, return; break; default: - BUG(); + pr_warn_once( + "SELinux: unknown extended permission (%u) will be ignored\n", + node->datum.u.xperms->specified); + return; } if (node->key.specified == AVTAB_XPERMS_ALLOWED) { @@ -998,7 +1001,8 @@ void services_compute_xperms_decision(struct extended_perms_decision *xpermd, &node->datum.u.xperms->perms, xpermd->dontaudit); } else { - BUG(); + pr_warn_once("SELinux: unknown specified key (%u)\n", + node->key.specified); } } |