On Tue, Dec 3, 2024 at 5:27 PM Thiébaud Weksteen tweek@google.com wrote:

When evaluating extended permissions, ignore unknown permissions instead of calling BUG(). This commit ensures that future permissions can be added without interfering with older kernels.

Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls") Cc: stable@vger.kernel.org Signed-off-by: Thiébaud Weksteen tweek@google.com

---

security/selinux/ss/services.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 971c45d576ba..2fa8aebcb2e5 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -979,7 +979,8 @@ void services_compute_xperms_decision(struct extended_perms_decision *xpermd, return; break; default:

•           BUG();
  

•           // An unknown extended permission has been found. Ignore it.
  

•           return;
  

There is also a BUG() call lower in the function when it generates the extended data, do you want to update/remove that as well?

It also seems like we should have a pr_warn_once() or pr_warn_ratelimited() message here to alert the admin of a mismatch between the policy and the kernel.

    }

    if (node->key.specified == AVTAB_XPERMS_ALLOWED) {

--