mirror of
https://github.com/topjohnwu/selinux.git
synced 2025-02-12 23:08:51 +00:00
99fc177b5a
Neverallow rules for ioctl extended permissions will pass in two cases: 1. If extended permissions exist for the source-target-class set the test will pass if the neverallow values are excluded. 2. If extended permissions do not exist for the source-target-class set the test will pass if the ioctl permission is not granted. Signed-off-by: Jeff Vander Stoep <jeffv@google.com> Acked-by: Nick Kralevich <nnk@google.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>