linux_dsm_epyc7002/security/selinux/ss
Eric Paris 0bce952799 SELinux: print denials for buggy kernel with unknown perms
Historically we've seen cases where permissions are requested for classes
where they do not exist.  In particular we have seen CIFS forget to set
i_mode to indicate it is a directory so when we later check something like
remove_name we have problems since it wasn't defined in tclass file.  This
used to result in a avc which included the permission 0x2000 or something.
Currently the kernel will deny the operations (good thing) but will not
print ANY information (bad thing).  First the auditdeny field is no
extended to include unknown permissions.  After that is fixed the logic in
avc_dump_query to output this information isn't right since it will remove
the permission from the av and print the phrase "<NULL>".  This takes us
back to the behavior before the classmap rewrite.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
2009-11-24 14:30:49 +11:00
..
avtab.c selinux: Unify for- and while-loop style 2008-08-15 08:40:47 +10:00
avtab.h SELinux: add more validity checks on policy load 2007-11-08 08:56:23 +11:00
conditional.c selinux: Unify for- and while-loop style 2008-08-15 08:40:47 +10:00
conditional.h selinux: conditional expression type validation was off-by-one 2008-08-07 08:56:16 +10:00
constraint.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
context.h SELinux: shrink sizeof av_inhert selinux_class_perm and context 2009-01-05 19:19:55 +11:00
ebitmap.c selinux: Unify for- and while-loop style 2008-08-15 08:40:47 +10:00
ebitmap.h SELinux: kills warnings in Improve SELinux performance when AVC misses 2007-10-17 08:59:36 +10:00
hashtab.c selinux: Unify for- and while-loop style 2008-08-15 08:40:47 +10:00
hashtab.h SELinux: hashtab.h whitespace, syntax, and other cleanups 2008-04-28 09:29:04 +10:00
Makefile selinux: generate flask headers during kernel build 2009-10-07 21:56:44 +11:00
mls_types.h SELinux: mls_types.h whitespace, syntax, and other cleanups 2008-04-28 09:29:06 +10:00
mls.c selinux: dynamic class/perm discovery 2009-10-07 21:56:42 +11:00
mls.h selinux: support deferred mapping of contexts 2008-07-14 15:01:34 +10:00
policydb.c selinux: dynamic class/perm discovery 2009-10-07 21:56:42 +11:00
policydb.h selinux: dynamic class/perm discovery 2009-10-07 21:56:42 +11:00
services.c SELinux: print denials for buggy kernel with unknown perms 2009-11-24 14:30:49 +11:00
services.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sidtab.c selinux: Unify for- and while-loop style 2008-08-15 08:40:47 +10:00
sidtab.h selinux: support deferred mapping of contexts 2008-07-14 15:01:34 +10:00
symtab.c SELinux: ensure keys constant in hashtab_search 2006-11-28 12:04:37 -05:00
symtab.h Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00