| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAEjxPJ5C+e3WKeQumo0KO8+Ge4iFR8gKUyfnJPxX84_EKGjh9w@mail.gmail.com> Date: Wed, 21 Aug 2024 10:57:22 -0400 From: Stephen Smalley <stephen.smalley.work@...il.com> To: Christian Göttsche <cgoettsche@...tendoof.de> Cc: selinux@...r.kernel.org, cgzones@...glemail.com, jsatterfield.linux@...il.com, linux-kernel@...r.kernel.org, omosnace@...hat.com, paul@...l-moore.com, xiujianfeng@...weicloud.com, tweek@...gle.com, brambonne@...gle.com Subject: Re: [PATCH 2/2] selinux: add support for xperms in conditional policies On Wed, Aug 21, 2024 at 9:08 AM Christian Göttsche <cgoettsche@...tendoof.de> wrote: > > > From: Christian Göttsche <cgzones@...glemail.com> > > > > Add support for extended permission rules in conditional policies. > > Currently the kernel accepts such rules already, but evaluating a > > security decision will hit a BUG() in > > services_compute_xperms_decision(). Thus reject extended permission > > rules in conditional policies for current policy versions. > > > > Add a new policy version for this feature. > > > > Signed-off-by: Christian Göttsche <cgzones@...glemail.com> > > --- > > Userspace patches are available at: > > https://github.com/SELinuxProject/selinux/pull/432 > > > > Maybe the policy version 34 can be reused for the prefix/suffix filetrans > > feature to avoid two new versions? > > Kindly ping. > > Any comments? > > This affects (improves?) also the netlink xperm proposal. Do you know of anyone who plans to use this feature? Android does not use conditional policies and it is the primary user of the current extended permissions feature. I haven't seen any usage in refpolicy to date.
Powered by blists - more mailing lists