c19395d722
The libselinux selinux_set_mapping() implementation was never updated to handle unknown classes/permissions based on the policy handle_unknown flag. Update it and the internal mapping functions to gracefully handle unknown classes/permissions. Add a security_reject_unknown() interface to expose the corresponding selinuxfs node and use it when creating a mapping to decide whether to fail immediately or proceed. This enables dbus-daemon and XSELinux, which use selinux_set_mapping(), to continue working with the dummy policy or other policies that lack their userspace class/permission definitions as long as the policy was built with -U allow. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> |
||
|---|---|---|
| .. | ||
| include | ||
| man | ||
| src | ||
| utils | ||
| LICENSE | ||
| Makefile | ||
| VERSION | ||