Commit 397d1d88 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'selinux-pr-20241217' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux 

Pull selinux fix from Paul Moore:
 "One small SELinux patch to get rid improve our handling of unknown
  extended permissions by safely ignoring them.

  Not only does this make it easier to support newer SELinux policy
  on older kernels in the future, it removes to BUG() calls from the
  SELinux code."

* tag 'selinux-pr-20241217' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: ignore unknown extended permissions
parents c061cf42 900f83cf

security/selinux/ss/services.c

+6 −2
Original line number Diff line number Diff line
@@ -979,7 +979,10 @@ void services_compute_xperms_decision(struct extended_perms_decision *xpermd, 
			return;

		break;

	default:

		BUG();

		pr_warn_once(

			"SELinux: unknown extended permission (%u) will be ignored\n",

			node->datum.u.xperms->specified);

		return;

	}



	if (node->key.specified == AVTAB_XPERMS_ALLOWED) {
@@ -998,7 +1001,8 @@ void services_compute_xperms_decision(struct extended_perms_decision *xpermd, 
					    &node->datum.u.xperms->perms,

					    xpermd->dontaudit);

	} else {

		BUG();

		pr_warn_once("SELinux: unknown specified key (%u)\n",

			     node->key.specified);

	}

}