> From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> > > Add support for extended permission rules in conditional policies. > Currently the kernel accepts such rules already, but evaluating a > security decision will hit a BUG() in > services_compute_xperms_decision(). Thus reject extended permission > rules in conditional policies for current policy versions. > > Add a new policy version for this feature. > > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> > --- > Userspace patches are available at: > https://github.com/SELinuxProject/selinux/pull/432 > > Maybe the policy version 34 can be reused for the prefix/suffix filetrans > feature to avoid two new versions? Kindly ping. Any comments? This affects (improves?) also the netlink xperm proposal.
