diff options
| author | ThiƩbaud Weksteen <tweek@google.com> | 2024-12-05 12:09:19 +1100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-01-09 13:28:42 +0100 |
| commit | f70e4b9ec69d9a74b84c17767a9a4eda8c901021 (patch) | |
| tree | a4f28278565cdfabdeda770329c27fd1b7b84dd3 /security | |
| parent | 0a2d26bf27c9ece964a3163da1939c9658356dc5 (diff) | |
| download | linux-f70e4b9ec69d9a74b84c17767a9a4eda8c901021.tar.gz linux-f70e4b9ec69d9a74b84c17767a9a4eda8c901021.tar.bz2 linux-f70e4b9ec69d9a74b84c17767a9a4eda8c901021.zip | |
selinux: ignore unknown extended permissions
commit 900f83cf376bdaf798b6f5dcb2eae0c822e908b6 upstream.
When evaluating extended permissions, ignore unknown permissions instead
of calling BUG(). This commit ensures that future permissions can be
added without interfering with older kernels.
Cc: stable@vger.kernel.org
Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls")
Signed-off-by: ThiƩbaud Weksteen <tweek@google.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/ss/services.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 92d4f93c59c7..464d2c714531 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -971,7 +971,10 @@ void services_compute_xperms_decision(struct extended_perms_decision *xpermd, xpermd->driver)) return; } else { - BUG(); + pr_warn_once( + "SELinux: unknown extended permission (%u) will be ignored\n", + node->datum.u.xperms->specified); + return; } if (node->key.specified == AVTAB_XPERMS_ALLOWED) { @@ -1008,7 +1011,8 @@ void services_compute_xperms_decision(struct extended_perms_decision *xpermd, node->datum.u.xperms->perms.p[i]; } } else { - BUG(); + pr_warn_once("SELinux: unknown specified key (%u)\n", + node->key.specified); } } |