On Oct 23, 2024 =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgoettsche@xxxxxxxxxxxxx> wrote: > > Add support for extended permission rules in conditional policies. > Currently the kernel accepts such rules already, but evaluating a > security decision will hit a BUG() in > services_compute_xperms_decision(). Thus reject extended permission > rules in conditional policies for current policy versions. > > Add a new policy version for this feature. > > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> > --- > v2: > rebased onto the netlink xperm patch > --- > security/selinux/include/security.h | 3 ++- > security/selinux/ss/avtab.c | 11 +++++++++-- > security/selinux/ss/avtab.h | 2 +- > security/selinux/ss/conditional.c | 2 +- > security/selinux/ss/policydb.c | 5 +++++ > security/selinux/ss/services.c | 12 ++++++++---- > 6 files changed, 26 insertions(+), 9 deletions(-) Merged into selinux/dev, thanks for working on this and your patience! -- paul-moore.com
