[RFC,14/20] selinux: use consistent type for AV rule specifier

Message ID 20230706132337.15924-14-cgzones@googlemail.com
State New
Headers
Series [RFC,01/20] selinux: check for multiplication overflow in put_entry() |

Commit Message

Christian Göttsche July 6, 2023, 1:23 p.m. UTC
  The specifier for avtab keys is always supplied with a type of u16,
either as a macro to security_compute_sid() or the member specified of
the struct avtab_key.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 security/selinux/ss/avtab.c    | 2 +-
 security/selinux/ss/avtab.h    | 2 +-
 security/selinux/ss/services.c | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)
  

Comments

Paul Moore July 18, 2023, 10:01 p.m. UTC | #1
On Jul  6, 2023 =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com> wrote:
> 
> The specifier for avtab keys is always supplied with a type of u16,
> either as a macro to security_compute_sid() or the member specified of
> the struct avtab_key.
> 
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
>  security/selinux/ss/avtab.c    | 2 +-
>  security/selinux/ss/avtab.h    | 2 +-
>  security/selinux/ss/services.c | 2 +-
>  3 files changed, 3 insertions(+), 3 deletions(-)

Merged into selinux/next, thanks.

--
paul-moore.com
  

Patch

diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c
index 9c150fba3fa6..15a5d60fb1a5 100644
--- a/security/selinux/ss/avtab.c
+++ b/security/selinux/ss/avtab.c
@@ -248,7 +248,7 @@  struct avtab_node *avtab_search_node(struct avtab *h,
 }
 
 struct avtab_node*
-avtab_search_node_next(struct avtab_node *node, int specified)
+avtab_search_node_next(struct avtab_node *node, u16 specified)
 {
 	struct avtab_node *cur;
 
diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h
index d6742fd9c560..f265e9da18e2 100644
--- a/security/selinux/ss/avtab.h
+++ b/security/selinux/ss/avtab.h
@@ -111,7 +111,7 @@  struct avtab_node *avtab_insert_nonunique(struct avtab *h,
 struct avtab_node *avtab_search_node(struct avtab *h,
 				     const struct avtab_key *key);
 
-struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified);
+struct avtab_node *avtab_search_node_next(struct avtab_node *node, u16 specified);
 
 #define MAX_AVTAB_HASH_BITS 16
 #define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 2e2b17b00298..823b000381a4 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -1694,7 +1694,7 @@  static void filename_compute_type(struct policydb *policydb,
 static int security_compute_sid(u32 ssid,
 				u32 tsid,
 				u16 orig_tclass,
-				u32 specified,
+				u16 specified,
 				const char *objname,
 				u32 *out_sid,
 				bool kern)