On Feb 11, 2025 kippndavis.work@xxxxxxx wrote: > > Although the LSM hooks for loading kernel modules were later generalized > to cover loading other kinds of files, SELinux didn't implement > corresponding permission checks, leaving only the module case covered. > Define and add new permission checks for these other cases. > > Signed-off-by: Cameron K. Williams <ckwilliams.work@xxxxxxxxx> > Signed-off-by: Kipp N. Davis <kippndavis.work@xxxxxxx> > Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx> > --- > Changes in v2: > - Removed the `-EACCES` return in default case in > selinux_kernel_read_file() and selinux_kernel_load_from_file(), > reverting previous fallback behavior. > - Added a compile-time check in these functions to catch new > READING/LOADING_XXX entries. > > Thanks for your review! I've adjusted the default case so as to not > return an error and depart from pre-existing logic. I first tried to use > the pre-processor #errors but failed with the READING/LOADING_MAX_ID > enums, so I opted for BUILD_BUG_ON_MSG as a compile-time check with > those same enums instead to catch new entries. > --- > security/selinux/hooks.c | 56 +++++++++++++++++++++++------ > security/selinux/include/classmap.h | 4 ++- > 2 files changed, 49 insertions(+), 11 deletions(-) I too am a little concerned about confusion around the policy load permission name, but after reading through all the suggestions and trying to think of something better I'm left with the feeling that no matter what we pick it is going to be awkward/confusing. With that in mind, I think the choice in this patch is as good as any, so let's just stick with that. Merged into selinux/dev, thanks everyone! -- paul-moore.com
