[RFC PATCH] selinux: add note to avoid permissions with _perms suffix

[Christian Göttsche <cgzones@xxxxxxxxxxxxxx>]

The suffix "_perms" is used in Referency Policy style policies for
permission macros, bundling several single raw permissions.

Add a note to not confuse policy writers/readers.

Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
 security/selinux/include/classmap.h | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h
index 986f3ac14282..b06ea7b23760 100644
--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -2,6 +2,11 @@
 #include <linux/capability.h>
 #include <linux/socket.h>
 
+/*
+ * Note: The name for a permission should not end with the suffix "_perms",
+ *       to prevent confusion with Refpolicy style permission macros.
+ */
+
 #define COMMON_FILE_SOCK_PERMS "ioctl", "read", "write", "create", \
     "getattr", "setattr", "lock", "relabelfrom", "relabelto", "append", "map"
 
-- 
2.26.2