From patchwork Mon Aug 7 17:11:38 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 132286 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:c44e:0:b0:3f2:4152:657d with SMTP id w14csp1596867vqr; Mon, 7 Aug 2023 10:21:30 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFAnR2DwEJ9i96KW7x2EmJLnRxLY8rW2K1yaGc396ummQXjZLoWQVjaDw2gAR48XznRCwN/ X-Received: by 2002:a17:903:2351:b0:1b8:9b1b:ae7a with SMTP id c17-20020a170903235100b001b89b1bae7amr9791413plh.34.1691428889688; Mon, 07 Aug 2023 10:21:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691428889; cv=none; d=google.com; s=arc-20160816; b=KYN6A1nfmivImPYLAwZJfVfccvhHZqoMRAdzKVGdCoOP1rcWkDnta5iIoJl+zCjZVZ xBwMrQrXkMw5I7to25rI3B0BJdXvV/tunu4w6QklKiiWvv17dbp3z34fNUQg6xB8+bd4 Lc5IvHvNbXPtNdIiAKvgIx5Q3RNmIO+2vg48AlUFCj0QeiL9cy1BsGa2GM3fzdKhIR5P YWlclaXOXK9X1U0LvibKy4LuluqI/CdUwSs6GKzsd7ccyCEZsBWbgBJISGvHsJUkPUEC 7qi4D6X5DrmArgf2Vf8ig5JmGxMjUyuvdfpHixZrZQl+vUOLyRRWAymYkF2BRlmg77d2 zCaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=1KhCpc37sMq8hfJahbNI7sAkZNZxhd0cG15a8ZsTo7w=; fh=fBY5D/IDrKFsN9mMQMRE3IlhWmhEeMbp24YlZR3fWbQ=; b=oJeGq5x4Q9n0ieIpA3XzRurnT2QthuO6KptnMytEIffbs99xOeKlZRSIzniit+cVUw Tp6Erp2AEn7K09R6HwMw4Ma4pQjK4LpxAz6zfwJeR2cw6lkTRNiAzVbwkDpWM3C11ycO R2sRoUL4VbA1//XcndfP1Mk9h9GlFexKL1VM04Eo4KjCHmHmEKGZNdJoPqquetMKg6HE w2py3exTGoXxnP+7T/ADT3KzVAkyMucGT8L4s21xaQK1DSpWF0ySQaatzXpYH+ocq140 YR/D5zCrJKpCjLro1X7VCabJa6QE+DxLqdKxzQSrjJm6twh8k8QeEmc7OhlLuhvcBWdW TkPg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=Sh52Dhym; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y5-20020a17090322c500b001bc671d6d15si2535142plg.614.2023.08.07.10.21.15; Mon, 07 Aug 2023 10:21:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=Sh52Dhym; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231864AbjHGRMB (ORCPT + 99 others); Mon, 7 Aug 2023 13:12:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43306 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230506AbjHGRL5 (ORCPT ); Mon, 7 Aug 2023 13:11:57 -0400 Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 85CC8E65; Mon, 7 Aug 2023 10:11:56 -0700 (PDT) Received: by mail-lf1-x133.google.com with SMTP id 2adb3069b0e04-4fe11652b64so7387754e87.0; Mon, 07 Aug 2023 10:11:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1691428314; x=1692033114; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1KhCpc37sMq8hfJahbNI7sAkZNZxhd0cG15a8ZsTo7w=; b=Sh52DhymwxQXUXmMTjKNMSN1j8bLQn0UKLirqyD6CTjQY6jT0qgixd5ekHUsNSvjAT NlctFiVmROOkJknjucfzWTja1FcU6YDglvns52lOeWG3kVzAEAwAYT6FegYBnEFOATV6 uN/xcY8WqD1IN+5GQ3ReC/fSjiAkkyTzqc+OZFgPK5m9GvioP2sNfl6IgdnDVmxj3jAb p6Ar8cCtSlv8+arYuzGOaqPHU/93hu0gzwdL0g4azaB6+tludIQBKv28zo80yUwuc7bV /wLlRxRObF/x1PzqOTKKtsAnvBkP1Zzhv8KQk0eQ5JwrtNhc2zxAGi3XVWLe4JWvwsPH io4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691428314; x=1692033114; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1KhCpc37sMq8hfJahbNI7sAkZNZxhd0cG15a8ZsTo7w=; b=JVolW9NyUux8obmOVL9CVfArQln5TlrqnRkxTlMT48d98/KvFfc+Xs0QTwNE/WvQzi O3cqTTDz1Tjp9h91HuoTDAuNvI1xJVauLg/0YQE/b3M6NJDCzAhTw/7rEaFoI7qSX5lu JHEIp+MULEZskAE8AQbHcsiFsfr72MwhMilYvfHeXKB8Z0ZelSkaPZpiz/+QWHRThzKK xw51z83q4LjOhM/jqlCLu4AHkVCWEdYxyMm0WLQ0ODtZx36dRWGJEyO9tJ/ZLU0yQvkN EU9JYs0FJUXvcHe4smE5MCmkKFDffgZtsEEa0YKYDPBJAepaRIV7RWTwNrCz2cFLkksW C5FA== X-Gm-Message-State: AOJu0Ywdf/vB43TOXk0gJ5x21/bqMaaLa4g+7XOXEP7ZVrQcNAXewV+K wVR8bRbL71HuLG6L0GiJYulbVIz0jPONWg== X-Received: by 2002:a19:6742:0:b0:4fb:7d73:d097 with SMTP id e2-20020a196742000000b004fb7d73d097mr5892482lfj.39.1691428314359; Mon, 07 Aug 2023 10:11:54 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-095-112-033-028.95.112.pool.telefonica.de. [95.112.33.28]) by smtp.gmail.com with ESMTPSA id e10-20020a056402148a00b005224d960e66sm5420814edv.96.2023.08.07.10.11.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 07 Aug 2023 10:11:54 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , Ondrej Mosnacek , "GONG, Ruiqi" , linux-kernel@vger.kernel.org Subject: [PATCH v3 4/7] selinux: make left shifts well defined Date: Mon, 7 Aug 2023 19:11:38 +0200 Message-Id: <20230807171143.208481-3-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230807171143.208481-1-cgzones@googlemail.com> References: <20230807171143.208481-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1773591739426130871 X-GMAIL-MSGID: 1773591739426130871 The loops upper bound represent the number of permissions used (for the current class or in general). The limit for this is 32, thus we might left shift of one less, 31. Shifting a base of 1 results in undefined behavior; use (u32)1 as base. Signed-off-by: Christian Göttsche --- v3: split from parent commit and apply cast to correct shift operand --- security/selinux/ss/services.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index dacec2ebdcd7..1eeffc66ea7d 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -207,22 +207,22 @@ static void map_decision(struct selinux_map *map, for (i = 0, result = 0; i < n; i++) { if (avd->allowed & mapping->perms[i]) - result |= 1<perms[i]) - result |= 1<allowed = result; for (i = 0, result = 0; i < n; i++) if (avd->auditallow & mapping->perms[i]) - result |= 1<auditallow = result; for (i = 0, result = 0; i < n; i++) { if (avd->auditdeny & mapping->perms[i]) - result |= 1<perms[i]) - result |= 1<auditdeny = result; } }