On Thu, Dec 5, 2024 at 6:42 PM Christian Göttsche cgzones@googlemail.com wrote:

Dec 5, 2024 02:09:39 Thiébaud Weksteen tweek@google.com:

...

When evaluating extended permissions, ignore unknown permissions instead of calling BUG(). This commit ensures that future permissions can be added without interfering with older kernels.

Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls") Cc: stable@vger.kernel.org Signed-off-by: Thiébaud Weksteen tweek@google.com

...

•   BUG();
  

•   pr_warn_once(
  

•       "SELinux: unknown extended permission (%u) will be ignored\n",
  

•       node->datum.u.xperms->specified);
  

•   return;
  

  }

What about instead of logging once per boot at access decision time logging once per policyload at parse time, like suggested for patch https://patchwork.kernel.org/project/selinux/patch/20241115133619.114393-11-... ?

I agree, warning when the policy is loaded makes more sense. For this particular bug, I am trying to keep the patch to a bare minimum as I intend to backport it to stable kernels (on Android, this is preventing us from deploying a policy compatible with both older and newer kernels). Maybe we could land the first version of this patch (without any warning message), with the understanding that your patch will land soon after?