1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Thu, 20 Mar 2025 18:09:05 +0100
Applied-Upstream: https://github.com/SELinuxProject/selint/commit/a6caa6538ecb2a631fb0173a6f74b058058fbca9
Subject: Add system permissions added to Linux for 6.15
For deciding whether a permission of the system class is a userspace or
kernel one the kernel ones are hardcoded. Add the ones to be introduced
in Linux 6.15 with commit 2c2b1e059792 ("selinux: add permission checks
for loading other kinds of kernel files").
See https://github.com/SELinuxProject/selinux-kernel/commit/2c2b1e059792f610bae4fee8ed517b8ce9c585fb
---
src/maps.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/maps.c b/src/maps.c
index 007adb7..93ebcf6 100644
--- a/src/maps.c
+++ b/src/maps.c
@@ -317,6 +317,11 @@ int is_userspace_class(const char *class_name, const struct string_list *permiss
0 != strcmp(p->string, "syslog_console") &&
0 != strcmp(p->string, "module_request") &&
0 != strcmp(p->string, "module_load") &&
+ 0 != strcmp(p->string, "firmware_load") &&
+ 0 != strcmp(p->string, "kexec_image_load") &&
+ 0 != strcmp(p->string, "kexec_initramfs_load") &&
+ 0 != strcmp(p->string, "policy_load") &&
+ 0 != strcmp(p->string, "x509_certificate_load") &&
0 != strcmp(p->string, "*") &&
0 != strcmp(p->string, "~")) {
return 1;
|
