diff mbox series

[v3,3/7] selinux: update type for number of class permissions in services code

Message ID 20230807171143.208481-2-cgzones@googlemail.com
State New
Headers
Series [v3,1/7] selinux: avoid implicit conversions in avtab code |

Commit Message

Christian Göttsche Aug. 7, 2023, 5:11 p.m. UTC 
  Security classes have only up to 32 permissions, hence using an u16 is
sufficient (while improving padding in struct selinux_mapping).

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
v3:
  - drop type change of arithmetic variable; it might effect performance
    as suggested by David.
  - split bogus and corrected cast into separate patch
v2:
   update commit description:
     - mention struct selinux_mapping  in the padding argument
       (currently between the first and second member there are 2 bytes
        padding)
     - mention overflow in the cast argument and the result of setting
       no bits due to it
---
 security/selinux/ss/services.c | 2 +-
 security/selinux/ss/services.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

Comments

Paul Moore Aug. 9, 2023, 11:07 p.m. UTC | #1 
On Aug  7, 2023 =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com> wrote:
> 
> Security classes have only up to 32 permissions, hence using an u16 is
> sufficient (while improving padding in struct selinux_mapping).
> 
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
> v3:
>   - drop type change of arithmetic variable; it might effect performance
>     as suggested by David.
>   - split bogus and corrected cast into separate patch
> v2:
>    update commit description:
>      - mention struct selinux_mapping  in the padding argument
>        (currently between the first and second member there are 2 bytes
>         padding)
>      - mention overflow in the cast argument and the result of setting
>        no bits due to it
> ---
>  security/selinux/ss/services.c | 2 +-
>  security/selinux/ss/services.h | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Merged into selinux/next, thanks.

--
paul-moore.com
diff mbox series

Patch

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 3ec0bb39c234..dacec2ebdcd7 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -97,7 +97,6 @@  static int selinux_set_mapping(struct policydb *pol,
 			       struct selinux_map *out_map)
 {
 	u16 i, j;
-	unsigned k;
 	bool print_unknown_handle = false;
 
 	/* Find number of classes in the input mapping */
@@ -117,6 +116,7 @@  static int selinux_set_mapping(struct policydb *pol,
 	while (map[j].name) {
 		const struct security_class_mapping *p_in = map + (j++);
 		struct selinux_mapping *p_out = out_map->mapping + j;
+		u16 k;
 
 		/* An empty class string skips ahead */
 		if (!strcmp(p_in->name, "")) {
diff --git a/security/selinux/ss/services.h b/security/selinux/ss/services.h
index ed2ee6600467..d24b0a3d198e 100644
--- a/security/selinux/ss/services.h
+++ b/security/selinux/ss/services.h
@@ -12,7 +12,7 @@ 
 /* Mapping for a single class */
 struct selinux_mapping {
 	u16 value; /* policy value for class */
-	unsigned int num_perms; /* number of permissions in class */
+	u16 num_perms; /* number of permissions in class */
 	u32 perms[sizeof(u32) * 8]; /* policy values for permissions */
 };