mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-12-29 17:25:38 +00:00
selinux: ignore unknown extended permissions
When evaluating extended permissions, ignore unknown permissions instead
of calling BUG(). This commit ensures that future permissions can be
added without interfering with older kernels.
Cc: stable@vger.kernel.org
Fixes: fa1aa143ac
("selinux: extended permissions for ioctls")
Signed-off-by: Thiébaud Weksteen <tweek@google.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
40384c840e
commit
900f83cf37
@ -979,7 +979,10 @@ void services_compute_xperms_decision(struct extended_perms_decision *xpermd,
|
||||
return;
|
||||
break;
|
||||
default:
|
||||
BUG();
|
||||
pr_warn_once(
|
||||
"SELinux: unknown extended permission (%u) will be ignored\n",
|
||||
node->datum.u.xperms->specified);
|
||||
return;
|
||||
}
|
||||
|
||||
if (node->key.specified == AVTAB_XPERMS_ALLOWED) {
|
||||
@ -998,7 +1001,8 @@ void services_compute_xperms_decision(struct extended_perms_decision *xpermd,
|
||||
&node->datum.u.xperms->perms,
|
||||
xpermd->dontaudit);
|
||||
} else {
|
||||
BUG();
|
||||
pr_warn_once("SELinux: unknown specified key (%u)\n",
|
||||
node->key.specified);
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user