From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Thu, 20 Mar 2025 18:09:05 +0100
Applied-Upstream: https://github.com/SELinuxProject/selint/commit/a6caa6538ecb2a631fb0173a6f74b058058fbca9
Subject: Add system permissions added to Linux for 6.15

For deciding whether a permission of the system class is a userspace or
kernel one the kernel ones are hardcoded.  Add the ones to be introduced
in Linux 6.15 with commit 2c2b1e059792 ("selinux: add permission checks
for loading other kinds of kernel files").

See https://github.com/SELinuxProject/selinux-kernel/commit/2c2b1e059792f610bae4fee8ed517b8ce9c585fb
---
 src/maps.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/maps.c b/src/maps.c
index 007adb7..93ebcf6 100644
--- a/src/maps.c
+++ b/src/maps.c
@@ -317,6 +317,11 @@ int is_userspace_class(const char *class_name, const struct string_list *permiss
 		    0 != strcmp(p->string, "syslog_console") &&
 		    0 != strcmp(p->string, "module_request") &&
 		    0 != strcmp(p->string, "module_load") &&
+		    0 != strcmp(p->string, "firmware_load") &&
+		    0 != strcmp(p->string, "kexec_image_load") &&
+		    0 != strcmp(p->string, "kexec_initramfs_load") &&
+		    0 != strcmp(p->string, "policy_load") &&
+		    0 != strcmp(p->string, "x509_certificate_load") &&
 		    0 != strcmp(p->string, "*") &&
 		    0 != strcmp(p->string, "~")) {
 			return 1;