tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork

Configure Feed

Select the types of activity you want to include in your feed.

selinux: ignore unknown extended permissions

When evaluating extended permissions, ignore unknown permissions instead
of calling BUG(). This commit ensures that future permissions can be
added without interfering with older kernels.

Cc: stable@vger.kernel.org
Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls")
Signed-off-by: Thiébaud Weksteen <tweek@google.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

authored by

Thiébaud Weksteen and committed by
Paul Moore 900f83cf 40384c84

+6 -2
+6 -2
security/selinux/ss/services.c
··· 979 979 return; 980 980 break; 981 981 default: 982 - BUG(); 982 + pr_warn_once( 983 + "SELinux: unknown extended permission (%u) will be ignored\n", 984 + node->datum.u.xperms->specified); 985 + return; 983 986 } 984 987 985 988 if (node->key.specified == AVTAB_XPERMS_ALLOWED) { ··· 1001 998 &node->datum.u.xperms->perms, 1002 999 xpermd->dontaudit); 1003 1000 } else { 1004 - BUG(); 1001 + pr_warn_once("SELinux: unknown specified key (%u)\n", 1002 + node->key.specified); 1005 1003 } 1006 1004 } 1007 1005