From patchwork Thu Jul 6 13:23:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 116720 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2564524vqx; Thu, 6 Jul 2023 06:33:25 -0700 (PDT) X-Google-Smtp-Source: APBJJlG+5zI+WpSnVZK+Ha4Yd7hrYFUTZXADFdFerqPPptHY3jKnwsn1EJdZbKgGFpjNWfLSjS35 X-Received: by 2002:a05:6808:15a2:b0:3a3:a8ce:c635 with SMTP id t34-20020a05680815a200b003a3a8cec635mr1944062oiw.42.1688650405516; Thu, 06 Jul 2023 06:33:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688650405; cv=none; d=google.com; s=arc-20160816; b=ihxs0fsnIi0063X8KML2ifesKb7Wn41C3/00635O9PtgAkoOfiTsGoWvZPzOKky0/x MGch0IIG/H/7Zo31qA9djg59DzyIqkXc9/0d96yCcNKR95hObWRi2wOxL5h6ab8N5YBB UNfugEkOojJ24ST2dRtvEwtb+MdtHUzvebUABseu4E2FZ+BioGkH5T6a639my7IeQMqG 4cevQdcaEtCii+ik2am1WFHoyAnfrTp7FVfqqllpXfNZgUjwYzas9/e3c/xbkOX/MESt wgbwSkKVNauPpALlIi4tbdI45iDL/HFTna/x9MLGoiSiVZi8kiJCoWLmrYCTpQ76+QFh Hq4A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=YMgn8v5HSr1CwulZfQm2e0c4LiCcjYghl7RePYF3Io4=; fh=QKur2PFwoLuCt27JzfZM4LabS9ldoGoSAJNPH9t/KWI=; b=kd/U1ZIxNmOU8fg22DHwkA8gc8uQwBOCs60jsTeu/A/xiE/uqCJ8R/zxhlOLbSERjm XQt3X/cpOyUx3oLWmnoL1vsleB9bvQMyauDtn42zcSMHZVVY20rJGbplLkofp8utadCu 8d4LmirQdMhfzAjHT0ogciuC4iHFAbzPNCFigJ6JnWQKVweSTN9s14POptg1yVwZRtUP v4+5IJqZ4bBfCgwm87pqVNCXuD/8cFieF8PF/gsLopAgQD2+NY5OifHCn/JdZOJPWo/h gMPaMM1PnxShfQgBDITHfqLxYh7sydrpXSMu09lrVAv8Od5BHML/XgaoZZ+J7+DvJChb MVNQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=jpy3SNoT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y68-20020a636447000000b00553a56f7b36si1508554pgb.522.2023.07.06.06.33.09; Thu, 06 Jul 2023 06:33:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=jpy3SNoT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231642AbjGFNXr (ORCPT + 99 others); Thu, 6 Jul 2023 09:23:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41054 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229919AbjGFNXq (ORCPT ); Thu, 6 Jul 2023 09:23:46 -0400 Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6995B1994; Thu, 6 Jul 2023 06:23:45 -0700 (PDT) Received: by mail-ej1-x62b.google.com with SMTP id a640c23a62f3a-992acf67388so81793166b.1; Thu, 06 Jul 2023 06:23:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649824; x=1691241824; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=YMgn8v5HSr1CwulZfQm2e0c4LiCcjYghl7RePYF3Io4=; b=jpy3SNoTSnMnS3x/7zAxQzz/XTlzy17ldr228oGAP/Xg3V+9epfdo7Z6fxtc61UDY6 BF9Jic/dXx03T4dhI9Z2/nmLamZVb9XV7stxUkqVGdmcxTEHj8Sc3P7e5J5/ywfubHPJ 53AR6eU2vP0kXzZ2V05E5Cq0hNMEss9qE+Jr4fiU/V8/HU/VFrUn8rQ3sJ5vEST9RwRM hs+LPBn6dznCGQVF78+4O1/mI76LLSqwn0gqCEBZ5VvLLEovATYVnvn9K91/V5ikdy0m PHIewlEU+uEsezVRORrmi1ZkJHUhVPEP501P81U5exIcNEUwvhqahsDqcPuU9grOGAa7 TBww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649824; x=1691241824; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YMgn8v5HSr1CwulZfQm2e0c4LiCcjYghl7RePYF3Io4=; b=WcfmKpqOA+vYe6vR9SLsfa/qQq4g2irLGPhpJcTUhcyu2pikZqDbzX1rcHg7zzN9ej QubZOEj4VoxVbh7RDnNRwOqBVyO6Nv9Ov65YM3I9ww5UkKQgJmrrPyZSdQfy0a7etkNA i28tNRSR5nv4Ezx8CQ/4QMoAF6MK3uCeHVPEvpFsHMkLuVv4bqL7qI4DEZjCZNBwdqTA +Cljh6m9dMfvxx0YgF8b6UzfcUArnWDWWTjHp6mMW6WlkPgPdjpo9i6r2ZzrjKsNtqwB IVQK/ohiHvIFRo6mLVRHLOaIn0wnxjGrcEm52KdXVkDYnr1ZXV8U+aVdXWyC9J6iiPdz B3CA== X-Gm-Message-State: ABy/qLaeC+dXvmDldtJriJpT1W/fvaa8gdvBKR0YnXAxfWgqaqiupQEs rXnVgDGaXhsRIHpTpTeyZqit/pZ6BjK0oPCB X-Received: by 2002:a17:906:51da:b0:992:4a1b:30e2 with SMTP id v26-20020a17090651da00b009924a1b30e2mr1598976ejk.7.1688649823591; Thu, 06 Jul 2023 06:23:43 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:43 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 01/20] selinux: check for multiplication overflow in put_entry() Date: Thu, 6 Jul 2023 15:23:16 +0200 Message-Id: <20230706132337.15924-1-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770678287627991301?= X-GMAIL-MSGID: =?utf-8?q?1770678287627991301?= The function is always inlined and most of the time both relevant arguments are compile time constants, allowing compilers to elide the check. Also the function is part of outputting the policy, which is not performance critical. Also convert the type of the third parameter into a size_t, since it should always be a non-negative number of elements. Signed-off-by: Christian Göttsche --- security/selinux/ss/policydb.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h index 74b63ed1173f..6b4ad8e91265 100644 --- a/security/selinux/ss/policydb.h +++ b/security/selinux/ss/policydb.h @@ -366,9 +366,12 @@ static inline int next_entry(void *buf, struct policy_file *fp, size_t bytes) return 0; } -static inline int put_entry(const void *buf, size_t bytes, int num, struct policy_file *fp) +static inline int put_entry(const void *buf, size_t bytes, size_t num, struct policy_file *fp) { - size_t len = bytes * num; + size_t len; + + if (unlikely(check_mul_overflow(bytes, num, &len))) + return -EINVAL; if (len > fp->len) return -EINVAL; From patchwork Thu Jul 6 13:23:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 116702 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2559039vqx; Thu, 6 Jul 2023 06:25:25 -0700 (PDT) X-Google-Smtp-Source: APBJJlFa+ojiclIeYtHw1/W/3gFzN3dTD/t1qA/R1BtRUYnprD3qt3TsW4rYllvngwmL+Xkr5S3u X-Received: by 2002:a17:902:cec6:b0:1ac:7345:f254 with SMTP id d6-20020a170902cec600b001ac7345f254mr1975850plg.33.1688649925292; Thu, 06 Jul 2023 06:25:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688649925; cv=none; d=google.com; s=arc-20160816; b=FMHtGSnv7ZOki/Zk2UWWDNlz6UIpdbbXrqbXUM/ReZc2bV1nIx4EOrb3feMuDSzkY2 KtYm67aU7lxtf90QW+r98wF9MRDMJllxeUGlA7SZ5ByAbdym9MLoI6kiJNeFpXro9ydp 9i3bWHZDpNtPE8y1NtDfNihHVzAb7PGHi6D41QRvVHoPOHxjXw6iFUuNx0pCKTt8vmnr GGQ+VmTGBSHtkCmSt1N1Fjqa0n44ja/vSaOee6RTf1+uHoU51C2/KO4hONhOMVcxK/zJ yDSbGvkbR8+YCFtfIHWJ3KZDxoEBu+NItST6HiW+evrnWpSske+N/aNMWBE/BWXBZ4dq s7Bg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=8KXOwe/OoiOsg3u6jeXshSKZbJW8vs60/BO9XDGBs3Y=; fh=QKur2PFwoLuCt27JzfZM4LabS9ldoGoSAJNPH9t/KWI=; b=s8YKeICrmIXCeccoFDQIfI+z9RDlYheGYbiPloKg676ANShvG9e+leTwDkzDvvr3UH vH1hOrKCsBYCcGUKShG9YKwuV9Suq/ck9nJ6KnDXluKKq4/TyhtdZ3mSg+lM5lJiLANc biPQyMFb7wOEapXMUdVpCq3+8RbLUWwjtAKp1ACXGT9dzQWj2ociR3vgwKsBO5IXjT0x TgEZAimusIQr4wwQ1Qt5Q8gSscHiBw4l2w7W9PDTqk/h6UMMeHbmU1W2Q4AN1z9+Lm6y PeCQ66ic5mrjGEoblyZToU8tMR0RPEr0p9Qen50E8FLG4uGSoskNwtWOb1CzSx2ghi/3 HCiw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=jY0NxM1f; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q3-20020a170902f34300b001b878feaec7si1243182ple.203.2023.07.06.06.25.08; Thu, 06 Jul 2023 06:25:25 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=jY0NxM1f; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232086AbjGFNXv (ORCPT + 99 others); Thu, 6 Jul 2023 09:23:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41068 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229452AbjGFNXs (ORCPT ); Thu, 6 Jul 2023 09:23:48 -0400 Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 41B671996; Thu, 6 Jul 2023 06:23:46 -0700 (PDT) Received: by mail-ej1-x631.google.com with SMTP id a640c23a62f3a-992dcae74e0so86525466b.3; Thu, 06 Jul 2023 06:23:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649825; x=1691241825; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8KXOwe/OoiOsg3u6jeXshSKZbJW8vs60/BO9XDGBs3Y=; b=jY0NxM1fOsvqjqWcv8woY/9bHhNdhAj4dl2++BNcG5i7ocYXmRGvyPZwCMgzdOtv7R Cio8rSxIVPC/CJe8aMvoozBaNyWxXWh4esvng3yb5GD5DQfskWdra+UcZrxOvd4K0Dhx BMxw9tMQFf/YdE5CpZifgUr81pUEyjW5+rYfn503xzcMvxO56x7awEIczgPBq2beWWRB bUPQrklEpLUPnuM4qurvS9axsQq/GDKyh0v1fka3eSK1F6hPDXcy7EjzpBrAa2sPcfT5 e0RTd0TDoTzR2zEydWF4HwqBtltWICv7h1E3j2GBpGToOerboTptctEzhLtC6hJCiek/ swjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649825; x=1691241825; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8KXOwe/OoiOsg3u6jeXshSKZbJW8vs60/BO9XDGBs3Y=; b=RxjU00sYf1BEgkJF21eN+4dAJdEqh9/eNo5wB+U2KZ76+6q9vD0liGzty/uQaaw4Al 15EhXwEN7/12jy/CU+Oy8XXAM+vLc03e+uI+ANkL33TGlo4hOtNcYzp1jnnFQxvsY5Xz 28+K5/xajYWKtvrtZ3DBm9YbIhGTlZiQKPFSE3q7rn8YhQiIRH70kZJfU5Bnq6scX4L8 W2H8IT/bIl62khqRV42TfESCNIRwQ9vynj/1QfaLkSgEl5TkuohHvA+JsBWKSP0fwDji 7rhe1e+IhyCmhJ3Pm8w6ZfFoxIaoBwpho7hns3wboS3VnCOMhcMWRTTKC9DWlCyVndpB +Ohw== X-Gm-Message-State: ABy/qLbhiykYl3L2QoFejoLnI/DebmMzdJE/lXnXd3DeQ0KAo4J9AsO4 SxN9V8FSQyR/DvNFLLGO3UyxgC7fn9MGjO+9 X-Received: by 2002:a17:906:74da:b0:988:6491:98e3 with SMTP id z26-20020a17090674da00b00988649198e3mr1380778ejl.68.1688649824631; Thu, 06 Jul 2023 06:23:44 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:44 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 02/20] selinux: avtab: avoid implicit conversions Date: Thu, 6 Jul 2023 15:23:17 +0200 Message-Id: <20230706132337.15924-2-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770677783962125949?= X-GMAIL-MSGID: =?utf-8?q?1770677783962125949?= Return u32 from avtab_hash() instead of int, since the hashing is done on u32 and the result is used as an index on the hash array. Use the type of the limit in for loops. Avoid signed to unsigned conversion of multiplication result in avtab_hash_eval(). Use unsigned loop iterator for index operations, to avoid sign extension. Signed-off-by: Christian Göttsche --- security/selinux/ss/avtab.c | 38 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index 6766edc0fe68..fbf51986afcf 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -29,7 +29,7 @@ static struct kmem_cache *avtab_xperms_cachep __ro_after_init; /* Based on MurmurHash3, written by Austin Appleby and placed in the * public domain. */ -static inline int avtab_hash(const struct avtab_key *keyp, u32 mask) +static inline u32 avtab_hash(const struct avtab_key *keyp, u32 mask) { static const u32 c1 = 0xcc9e2d51; static const u32 c2 = 0x1b873593; @@ -66,7 +66,7 @@ static inline int avtab_hash(const struct avtab_key *keyp, u32 mask) } static struct avtab_node* -avtab_insert_node(struct avtab *h, int hvalue, +avtab_insert_node(struct avtab *h, u32 hvalue, struct avtab_node *prev, const struct avtab_key *key, const struct avtab_datum *datum) { @@ -106,7 +106,7 @@ avtab_insert_node(struct avtab *h, int hvalue, static int avtab_insert(struct avtab *h, const struct avtab_key *key, const struct avtab_datum *datum) { - int hvalue; + u32 hvalue; struct avtab_node *prev, *cur, *newnode; u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); @@ -152,7 +152,7 @@ struct avtab_node *avtab_insert_nonunique(struct avtab *h, const struct avtab_key *key, const struct avtab_datum *datum) { - int hvalue; + u32 hvalue; struct avtab_node *prev, *cur; u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); @@ -182,7 +182,7 @@ struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_datum *avtab_search(struct avtab *h, const struct avtab_key *key) { - int hvalue; + u32 hvalue; struct avtab_node *cur; u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); @@ -218,7 +218,7 @@ struct avtab_datum *avtab_search(struct avtab *h, const struct avtab_key *key) struct avtab_node *avtab_search_node(struct avtab *h, const struct avtab_key *key) { - int hvalue; + u32 hvalue; struct avtab_node *cur; u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); @@ -278,13 +278,12 @@ avtab_search_node_next(struct avtab_node *node, int specified) void avtab_destroy(struct avtab *h) { - int i; struct avtab_node *cur, *temp; if (!h) return; - for (i = 0; i < h->nslot; i++) { + for (u32 i = 0; i < h->nslot; i++) { cur = h->htable[i]; while (cur) { temp = cur; @@ -356,14 +355,14 @@ int avtab_alloc_dup(struct avtab *new, const struct avtab *orig) void avtab_hash_eval(struct avtab *h, const char *tag) { - int i, chain_len, slots_used, max_chain_len; + unsigned int chain_len, slots_used, max_chain_len; unsigned long long chain2_len_sum; struct avtab_node *cur; slots_used = 0; max_chain_len = 0; chain2_len_sum = 0; - for (i = 0; i < h->nslot; i++) { + for (u32 i = 0; i < h->nslot; i++) { cur = h->htable[i]; if (cur) { slots_used++; @@ -404,13 +403,13 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, { __le16 buf16[4]; u16 enabled; - u32 items, items2, val, vers = pol->policyvers; + u32 items, items2, val; struct avtab_key key; struct avtab_datum datum; struct avtab_extended_perms xperms; __le32 buf32[ARRAY_SIZE(xperms.perms.p)]; - int i, rc; - unsigned set; + int rc; + unsigned int set, vers = pol->policyvers; memset(&key, 0, sizeof(struct avtab_key)); memset(&datum, 0, sizeof(struct avtab_datum)); @@ -470,7 +469,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, return -EINVAL; } - for (i = 0; i < ARRAY_SIZE(spec_order); i++) { + for (u32 i = 0; i < ARRAY_SIZE(spec_order); i++) { if (val & spec_order[i]) { key.specified = spec_order[i] | enabled; datum.u.data = le32_to_cpu(buf32[items++]); @@ -508,7 +507,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, } set = 0; - for (i = 0; i < ARRAY_SIZE(spec_order); i++) { + for (u32 i = 0; i < ARRAY_SIZE(spec_order); i++) { if (key.specified & spec_order[i]) set++; } @@ -540,7 +539,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, pr_err("SELinux: avtab: truncated entry\n"); return rc; } - for (i = 0; i < ARRAY_SIZE(xperms.perms.p); i++) + for (u32 i = 0; i < ARRAY_SIZE(xperms.perms.p); i++) xperms.perms.p[i] = le32_to_cpu(buf32[i]); datum.u.xperms = &xperms; } else { @@ -569,7 +568,7 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol) { int rc; __le32 buf[1]; - u32 nel, i; + u32 nel; rc = next_entry(buf, fp, sizeof(u32)); @@ -588,7 +587,7 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol) if (rc) goto bad; - for (i = 0; i < nel; i++) { + for (u32 i = 0; i < nel; i++) { rc = avtab_read_item(a, fp, pol, avtab_insertf, NULL); if (rc) { if (rc == -ENOMEM) @@ -646,7 +645,6 @@ int avtab_write_item(struct policydb *p, const struct avtab_node *cur, void *fp) int avtab_write(struct policydb *p, struct avtab *a, void *fp) { - unsigned int i; int rc = 0; struct avtab_node *cur; __le32 buf[1]; @@ -656,7 +654,7 @@ int avtab_write(struct policydb *p, struct avtab *a, void *fp) if (rc) return rc; - for (i = 0; i < a->nslot; i++) { + for (u32 i = 0; i < a->nslot; i++) { for (cur = a->htable[i]; cur; cur = cur->next) { rc = avtab_write_item(p, cur, fp); From patchwork Thu Jul 6 13:23:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 116705 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2559185vqx; Thu, 6 Jul 2023 06:25:37 -0700 (PDT) X-Google-Smtp-Source: APBJJlE/oE9aO62zPmZPRscg+IuGbSGved63BM45SQtPbdLIp5JW0AGBQKZQeZECMUr/4sNIRMIi X-Received: by 2002:a05:6870:c225:b0:1b3:e04e:b5c7 with SMTP id z37-20020a056870c22500b001b3e04eb5c7mr2346477oae.42.1688649936704; Thu, 06 Jul 2023 06:25:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688649936; cv=none; d=google.com; s=arc-20160816; b=MVneFz7nhUJ5V01L6zswpZaV7cEnnW6/W98bnnHzAT++5AzejcFF0P5NTi7xo094FC eSraudsgdsgZhJ5piyxTYZEsFoNN4cfdl+DDVJeQabimmve5VL8TE87u5/sPMEK0Wir8 12+0NFlzbOmw/5IG1K1VUG3Ru4K9cV0u2vwdRJraF56+/w6GNyOSPnaJjn9rwb3S3tKL dGuhFueUPxgiN+3QM0aPH53aGKKVlI7RKK3wFkHYgAjslfd+E9rSc9jDhT9Yg1y98V62 qGm8a6Rk1x8/yaDDzsZkHElUG5wT4+IJmKKtDQcbhTjngn6BVgsh9mtbgRfTjhaNWgmb KP4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=R5oF3uYoWt5EFgsUFvcffiR75yMh8VkfJwbZTgy76Mo=; fh=QKur2PFwoLuCt27JzfZM4LabS9ldoGoSAJNPH9t/KWI=; b=auhTcAUsbLfunyMDTgy5wQio0ZAUpe2lQ4YNaq5ogYG8v64WL7VXYOjZ5UIhKYJIqp ma6frm0ximKoggyQ3lC9+m+ceFi4BKxvM12Sc+G0Mb/Q0jpRLrGu9DvVb8d/cOnCtdHI CVZktgyPs7sTHYx0dIqNn6Y8ePIili1SlhN0iVT4W3tiZnfkIMMCR1NHr9nX9pfOuxGu 3GZ7240UB2k89pA4AgtjxPLxZsWkol5yAXpefQx+1oQigGhFcr0Q1lvX8eOGwAsT4T+a K7bXH2StBTLgn5CZqKz3JYIpcyY6lhAVrTNraA8gyXMdhVxvHA7l7zp/1gVyr4eKN3r4 jC2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=PT13sW0c; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id lx16-20020a17090b4b1000b00263a643aaacsi1611959pjb.11.2023.07.06.06.25.21; Thu, 06 Jul 2023 06:25:36 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=PT13sW0c; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231972AbjGFNXy (ORCPT + 99 others); Thu, 6 Jul 2023 09:23:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41070 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229528AbjGFNXs (ORCPT ); Thu, 6 Jul 2023 09:23:48 -0400 Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7F5F619A0; Thu, 6 Jul 2023 06:23:47 -0700 (PDT) Received: by mail-ed1-x530.google.com with SMTP id 4fb4d7f45d1cf-51e278e344bso994513a12.0; Thu, 06 Jul 2023 06:23:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649826; x=1691241826; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=R5oF3uYoWt5EFgsUFvcffiR75yMh8VkfJwbZTgy76Mo=; b=PT13sW0cBxut5bnUu/G3ezlygIHXia0TGzgjOzSQGtt+nT1SaEv7BRGuIAtl0ZuW87 pIcsP97UF5QPd4CyAh23J0qtrUA/u9EhuNhmjH+1XWWI8S7+UGMQxNC1ZKu39vvbO4mM sOIS8CeLnJzM6/k6EbcdHNVbDRtEgxKbAwzsDEHmnjvAc6raB5DAgBnZs89h+bkXX5or q37foOx33BekiZbc5Uq8d9S2j/3XXH5UiEmuNpnQtivxbyHLqcGYWldUqa6GdIjBpKW+ mnhxd47pSPB033P5lzMi9XZGNvWB6nRXxrPG+D/UBhy63yb7f0tZTkjt6QprXw4NscfI 32mA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649826; x=1691241826; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=R5oF3uYoWt5EFgsUFvcffiR75yMh8VkfJwbZTgy76Mo=; b=SRdCIF/eeMX0vdCYJ2a6uVKzK44fbYY13cku7BVlMJ+7H+CQjjp8FSTVKAhqy24yh9 h4ChD7Tkt0WON8ahL/6N23wnX/Ac2mxjikvieIVfoOpFikREd04OZ+iwcV8QC7KwmPxy 3zvhLZ9PDt2HWcXNTsdWewB7bHlP5iSjCcwdKxJxDdg282lR/FHigKvWMSxo8dnYDwJ5 1r4jsfsVoUZtFtrno1lNVwshnZ5Xr/pxIKlQQZ9CmgQWHeQKo9gTGEcEkn+DTjoObZ2w NnplkSRUptHYVtNoWgyDHnzk4ey/QmmNg89I5bvJc8LNZVSBCDhIpQk18Mch0847U55m pM9A== X-Gm-Message-State: ABy/qLZHQSDW4xciUmfJK8s4yQUjDWrxjvO0PMBCk/ubp83d9hMu+sba HvOTgpcWpu4XSot3VIjQy82jvlx8KnazlVxA X-Received: by 2002:a17:906:943:b0:992:a9ba:b8da with SMTP id j3-20020a170906094300b00992a9bab8damr1326359ejd.70.1688649825646; Thu, 06 Jul 2023 06:23:45 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:45 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 03/20] selinux: avoid avtab overflows Date: Thu, 6 Jul 2023 15:23:18 +0200 Message-Id: <20230706132337.15924-3-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770677795896952726?= X-GMAIL-MSGID: =?utf-8?q?1770677795896952726?= Prevent inserting more than the supported U32_MAX number of entries. Signed-off-by: Christian Göttsche --- security/selinux/ss/avtab.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index fbf51986afcf..9c150fba3fa6 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -110,7 +110,7 @@ static int avtab_insert(struct avtab *h, const struct avtab_key *key, struct avtab_node *prev, *cur, *newnode; u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); - if (!h || !h->nslot) + if (!h || !h->nslot || h->nel == U32_MAX) return -EINVAL; hvalue = avtab_hash(key, h->mask); @@ -156,7 +156,7 @@ struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_node *prev, *cur; u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); - if (!h || !h->nslot) + if (!h || !h->nslot || h->nel == U32_MAX) return NULL; hvalue = avtab_hash(key, h->mask); for (prev = NULL, cur = h->htable[hvalue]; From patchwork Thu Jul 6 13:23:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 116701 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2559033vqx; Thu, 6 Jul 2023 06:25:25 -0700 (PDT) X-Google-Smtp-Source: APBJJlGHttaN2PG9jFJyqDv0v7m3oGeL4OnsFZQ+LrDawUkF29Ki8OQtKYOF43RWTqjKR1UCBd1q X-Received: by 2002:a05:6a00:1acb:b0:666:7ec0:22d7 with SMTP id f11-20020a056a001acb00b006667ec022d7mr1779312pfv.24.1688649924892; Thu, 06 Jul 2023 06:25:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688649924; cv=none; d=google.com; s=arc-20160816; b=WOMh1o5XEyTP4M1SIlaNdSMB+QwlPqN6lCRERomIxUyu/JYv8Zu+9DmIpT0tG9E3VN RuH1PGVBoIvpzNGuXIHkTPMzRfzMqgsxTEQe+/4LnH9z0O92cxy9Az1sclQZEKH78o1T LkTS97H0ePUzuGjbCfYPncbtE9fu+yz0RHsqrqJMFSnI+R+qNkVouqVT/YfKy7cg94NT FH2lzxbwkm0S0p0EkKM72iP41lAk4ONK24f2InTt+6bKQ99hqAWVwLFdXDdRiySYSJGn UCIfl3/c3hD5+J4JZnjyfoZwHqFEj9pPcgwGg6q9/iC/6gu67/wLosNF/EXinEVYX8pN Zc5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=92d6Vul513gSV9/1vQgZrdNmQwl67uBvttC751CUwUE=; fh=QKur2PFwoLuCt27JzfZM4LabS9ldoGoSAJNPH9t/KWI=; b=MgQu5+oWSpE8w6RPHQYNZyiVz4YRbZkh2FmlrZ7EgSUSox28eYzr3RXCgpDlOnIXgV gIsSZ4a7vwySCsaJjPYY63wBQcvs/tYdWkvOBLkjpSaPDPqxRRSQZ35LBacvT3qPidvC rY8JEAT5lgS2vzQ6Ki66NLkcZgGvPsb8guC7KxLb29Ni1Jiobzd4+ygglRKqcbXL3jLE b0fW3jpBWlLUnErJ1yX/0vTeZekkK5S589GG1X45GAlJq7YS5ByO+agHWLnT3RhkeKjf jTN95jBDtD6y/QZfbRMXtkgJNuGwIpjUuB5ER0v8ebXci1WOlBz6gZU+ibzE1vnYm7JQ IsIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=hS4AMI2j; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t38-20020a634466000000b005575b3902c1si1433214pgk.346.2023.07.06.06.25.10; Thu, 06 Jul 2023 06:25:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=hS4AMI2j; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232344AbjGFNX6 (ORCPT + 99 others); Thu, 6 Jul 2023 09:23:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41088 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232016AbjGFNXu (ORCPT ); Thu, 6 Jul 2023 09:23:50 -0400 Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CB8DF1996; Thu, 6 Jul 2023 06:23:48 -0700 (PDT) Received: by mail-ej1-x62b.google.com with SMTP id a640c23a62f3a-98e39784a85so357558066b.1; Thu, 06 Jul 2023 06:23:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649827; x=1691241827; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=92d6Vul513gSV9/1vQgZrdNmQwl67uBvttC751CUwUE=; b=hS4AMI2jCzCL3VWz2p35RhxjI+7LKoR6iK5B1kPOAI0fEjm55EdD/OrT/Sy4qXZTEF Z4CykaL7llo75jRXvaoAo6wVteido48LdufNhcZ2mHtkrILnm/AB1OAZKhbsED3trTt2 Wfxk20NdrlGc6DYdisyQZnGwc5CJmSiwLQFsomh43Hw0YxT8aF0jdxPVSDpAYJjw3dRg ZgKnobjhDLh0SHk5gH/7frbpbsyrjf9usDedrp0NKNuLHOu5LNvwy4zGDnKGCm7NI1Ex G0WAzthgfwQWDH7VXJBcSbU/4sX84b0LPfyZF//RelBojLiDm1fQa6lJWCCNp3dEFhew 5PdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649827; x=1691241827; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=92d6Vul513gSV9/1vQgZrdNmQwl67uBvttC751CUwUE=; b=II8NCWa2rx0ah24Kx2XjX2vUkF5ZYu72CzukmFENt7QmmTCNtrFSqmyufXAhFnXcwL 7lmjNzz+mId7qfXxN4pZXtuR2MABFe2IyUAJZjfrRgqaHJ6G07ikhYuXU34Bg3t7MgN7 GV/j5KbQF3sVDY/YtAPGXJSYPUOg6vZs4kr2EZMhXbFqm0zJcm9cO8JDwwkLQ7aKLTQX FrDUF6vP94TGCppOn9omF5XKqWmRpaTmikQfsEODvOGAabO4e8oeQbzOgccq5KQ6rdf7 v1t880bNpiImrlBjmbbnNA9vv1euVNPlPrW021JLbfjBYNxOvYfXYbBpLtKvR5yYZjCI DE/Q== X-Gm-Message-State: ABy/qLZP90UpImibpGbPvJvvB6LFZ9Aatk9lQkZlJcVYkmSOIuJlUXWF N2l4u/83Zk5HKUx2tSBbPCKnAGu73fLVlbT3 X-Received: by 2002:a17:906:1041:b0:992:8d96:4de3 with SMTP id j1-20020a170906104100b009928d964de3mr2081378ejj.24.1688649827107; Thu, 06 Jul 2023 06:23:47 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:46 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 04/20] selinux: ebitmap: use u32 as bit type Date: Thu, 6 Jul 2023 15:23:19 +0200 Message-Id: <20230706132337.15924-4-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770677783469391924?= X-GMAIL-MSGID: =?utf-8?q?1770677783469391924?= The extensible bitmap supports bit positions up to U32_MAX due to the type of the member highbit being u32. Use u32 consistently as the type for bit positions to announce to callers what range of values is supported. Signed-off-by: Christian Göttsche --- security/selinux/ss/ebitmap.c | 32 ++++++++++++++++---------------- security/selinux/ss/ebitmap.h | 32 ++++++++++++++++---------------- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c index d31b87be9a1e..17d2d9b0d444 100644 --- a/security/selinux/ss/ebitmap.c +++ b/security/selinux/ss/ebitmap.c @@ -24,7 +24,7 @@ #include "ebitmap.h" #include "policydb.h" -#define BITS_PER_U64 (sizeof(u64) * 8) +#define BITS_PER_U64 ((u32)(sizeof(u64) * 8)) static struct kmem_cache *ebitmap_node_cachep __ro_after_init; @@ -82,7 +82,8 @@ int ebitmap_cpy(struct ebitmap *dst, const struct ebitmap *src) int ebitmap_and(struct ebitmap *dst, const struct ebitmap *e1, const struct ebitmap *e2) { struct ebitmap_node *n; - int bit, rc; + u32 bit; + int rc; ebitmap_init(dst); @@ -113,8 +114,7 @@ int ebitmap_netlbl_export(struct ebitmap *ebmap, { struct ebitmap_node *e_iter = ebmap->node; unsigned long e_map; - u32 offset; - unsigned int iter; + u32 offset, iter; int rc; if (e_iter == NULL) { @@ -259,7 +259,7 @@ int ebitmap_contains(const struct ebitmap *e1, const struct ebitmap *e2, u32 las return 1; } -int ebitmap_get_bit(const struct ebitmap *e, unsigned long bit) +int ebitmap_get_bit(const struct ebitmap *e, u32 bit) { const struct ebitmap_node *n; @@ -276,7 +276,7 @@ int ebitmap_get_bit(const struct ebitmap *e, unsigned long bit) return 0; } -int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value) +int ebitmap_set_bit(struct ebitmap *e, u32 bit, int value) { struct ebitmap_node *n, *prev, *new; @@ -287,7 +287,7 @@ int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value) if (value) { ebitmap_node_set_bit(n, bit); } else { - unsigned int s; + u32 s; ebitmap_node_clr_bit(n, bit); @@ -370,7 +370,7 @@ int ebitmap_read(struct ebitmap *e, void *fp) u64 map; __le64 mapbits; __le32 buf[3]; - int rc, i; + int rc; ebitmap_init(e); @@ -384,7 +384,7 @@ int ebitmap_read(struct ebitmap *e, void *fp) if (mapunit != BITS_PER_U64) { pr_err("SELinux: ebitmap: map size %u does not " - "match my size %zd (high bit was %d)\n", + "match my size %d (high bit was %d)\n", mapunit, BITS_PER_U64, e->highbit); goto bad; } @@ -401,7 +401,7 @@ int ebitmap_read(struct ebitmap *e, void *fp) if (e->highbit && !count) goto bad; - for (i = 0; i < count; i++) { + for (u32 i = 0; i < count; i++) { rc = next_entry(&ebitmap_start, fp, sizeof(u32)); if (rc < 0) { pr_err("SELinux: ebitmap: truncated map\n"); @@ -471,18 +471,18 @@ int ebitmap_read(struct ebitmap *e, void *fp) int ebitmap_write(const struct ebitmap *e, void *fp) { struct ebitmap_node *n; - u32 count; + u32 bit, count, last_bit, last_startbit; __le32 buf[3]; u64 map; - int bit, last_bit, last_startbit, rc; + int rc; buf[0] = cpu_to_le32(BITS_PER_U64); count = 0; last_bit = 0; - last_startbit = -1; + last_startbit = (u32)-1; ebitmap_for_each_positive_bit(e, n, bit) { - if (rounddown(bit, (int)BITS_PER_U64) > last_startbit) { + if (last_startbit == (u32)-1 || rounddown(bit, BITS_PER_U64) > last_startbit) { count++; last_startbit = rounddown(bit, BITS_PER_U64); } @@ -496,9 +496,9 @@ int ebitmap_write(const struct ebitmap *e, void *fp) return rc; map = 0; - last_startbit = INT_MIN; + last_startbit = (u32)-1; ebitmap_for_each_positive_bit(e, n, bit) { - if (rounddown(bit, (int)BITS_PER_U64) > last_startbit) { + if (last_startbit == (u32)-1 || rounddown(bit, BITS_PER_U64) > last_startbit) { __le64 buf64[1]; /* this is the very first bit */ diff --git a/security/selinux/ss/ebitmap.h b/security/selinux/ss/ebitmap.h index e5b57dc3fc53..fab3e5bef896 100644 --- a/security/selinux/ss/ebitmap.h +++ b/security/selinux/ss/ebitmap.h @@ -44,10 +44,10 @@ struct ebitmap { #define ebitmap_length(e) ((e)->highbit) -static inline unsigned int ebitmap_start_positive(const struct ebitmap *e, +static inline u32 ebitmap_start_positive(const struct ebitmap *e, struct ebitmap_node **n) { - unsigned int ofs; + u32 ofs; for (*n = e->node; *n; *n = (*n)->next) { ofs = find_first_bit((*n)->maps, EBITMAP_SIZE); @@ -62,11 +62,11 @@ static inline void ebitmap_init(struct ebitmap *e) memset(e, 0, sizeof(*e)); } -static inline unsigned int ebitmap_next_positive(const struct ebitmap *e, +static inline u32 ebitmap_next_positive(const struct ebitmap *e, struct ebitmap_node **n, - unsigned int bit) + u32 bit) { - unsigned int ofs; + u32 ofs; ofs = find_next_bit((*n)->maps, EBITMAP_SIZE, bit - (*n)->startbit + 1); if (ofs < EBITMAP_SIZE) @@ -86,10 +86,10 @@ static inline unsigned int ebitmap_next_positive(const struct ebitmap *e, (((bit) - (node)->startbit) % EBITMAP_UNIT_SIZE) static inline int ebitmap_node_get_bit(const struct ebitmap_node *n, - unsigned int bit) + u32 bit) { - unsigned int index = EBITMAP_NODE_INDEX(n, bit); - unsigned int ofs = EBITMAP_NODE_OFFSET(n, bit); + u32 index = EBITMAP_NODE_INDEX(n, bit); + u32 ofs = EBITMAP_NODE_OFFSET(n, bit); BUG_ON(index >= EBITMAP_UNIT_NUMS); if ((n->maps[index] & (EBITMAP_BIT << ofs))) @@ -98,20 +98,20 @@ static inline int ebitmap_node_get_bit(const struct ebitmap_node *n, } static inline void ebitmap_node_set_bit(struct ebitmap_node *n, - unsigned int bit) + u32 bit) { - unsigned int index = EBITMAP_NODE_INDEX(n, bit); - unsigned int ofs = EBITMAP_NODE_OFFSET(n, bit); + u32 index = EBITMAP_NODE_INDEX(n, bit); + u32 ofs = EBITMAP_NODE_OFFSET(n, bit); BUG_ON(index >= EBITMAP_UNIT_NUMS); n->maps[index] |= (EBITMAP_BIT << ofs); } static inline void ebitmap_node_clr_bit(struct ebitmap_node *n, - unsigned int bit) + u32 bit) { - unsigned int index = EBITMAP_NODE_INDEX(n, bit); - unsigned int ofs = EBITMAP_NODE_OFFSET(n, bit); + u32 index = EBITMAP_NODE_INDEX(n, bit); + u32 ofs = EBITMAP_NODE_OFFSET(n, bit); BUG_ON(index >= EBITMAP_UNIT_NUMS); n->maps[index] &= ~(EBITMAP_BIT << ofs); @@ -126,8 +126,8 @@ int ebitmap_cmp(const struct ebitmap *e1, const struct ebitmap *e2); int ebitmap_cpy(struct ebitmap *dst, const struct ebitmap *src); int ebitmap_and(struct ebitmap *dst, const struct ebitmap *e1, const struct ebitmap *e2); int ebitmap_contains(const struct ebitmap *e1, const struct ebitmap *e2, u32 last_e2bit); -int ebitmap_get_bit(const struct ebitmap *e, unsigned long bit); -int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value); +int ebitmap_get_bit(const struct ebitmap *e, u32 bit); +int ebitmap_set_bit(struct ebitmap *e, u32 bit, int value); void ebitmap_destroy(struct ebitmap *e); int ebitmap_read(struct ebitmap *e, void *fp); int ebitmap_write(const struct ebitmap *e, void *fp); From patchwork Thu Jul 6 13:23:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 116703 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2559085vqx; Thu, 6 Jul 2023 06:25:27 -0700 (PDT) X-Google-Smtp-Source: APBJJlHKQjsExk9nTQIJH79EebsArzvMfBqyBcqqA2NzVDP0TmjrqJZX12vPCiF9u7FtI89IPbce X-Received: by 2002:a17:902:d2cd:b0:1b5:49fc:e336 with SMTP id n13-20020a170902d2cd00b001b549fce336mr1734800plc.42.1688649926906; Thu, 06 Jul 2023 06:25:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688649926; cv=none; d=google.com; s=arc-20160816; b=l25jlFXMrQU0fr62KBPv8K4pbvBSeCAPEw2Uo8tKiYIK5ZMwF0ZWuVmBlfrZ6rLqcr G66SAH3zi0DADWRdiksC8xIXMe8aGKYmIrXLjhBclMM1XF0ky9vDQAvJT0zSxguJMNWL i8X8YDbaZm5Wn9sTW2dmJeSOsQzstCQu4hPqr4eZhpq3BGUmk2R3h+EO7jxzJqE5Tucv L4eDWYtAgB6uAdT6gPN+2/tPSfyTowKui8kKGkGsC/47kgDME3h4aQjltb5iuBz7viSQ aiwIGQ+lAgGrATaKjCT/VuuD8EYB79Cu9F2uJvCG3qNbyjeZJUm5DphbzCBecVey3W7O GyAw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=HnXJmWO/ufwCaB7TRBuIUbbQK5I3YAKLODq1yY73//8=; fh=QKur2PFwoLuCt27JzfZM4LabS9ldoGoSAJNPH9t/KWI=; b=CBuMHj66yXRZ8R7+4gHRnYp4C9tIvsnqRhpg987dnByqgIQ6zqhn017xv+VtvZzTkb 2yNpWJ2jHlhvRnU0GRvaUhdsgUTKfij1kP92toJwqLwmGUaZWADl18BLsyld1WACYUg8 qsl+1nvVaRtK+0X5TgSqfG3k4oBePaD7YuiKUPgFkzEOhcUzWTEAqc8647WseJtYALOQ 4ScmyybsKRCHPA7gz/qJCxWazxzUCD5RekfFywIf1ZeLFGYsp4Knl61UOAx7sXUGTwb+ tOyLQay4+PwJqCVz+L/UrnNKzUo7mhq7Occntuoh/CrABsOV6Myc9wobplccKZtSIALI U6Nw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=IcCS9i0n; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z14-20020a170903018e00b001b89b7aea8fsi1297304plg.493.2023.07.06.06.25.11; Thu, 06 Jul 2023 06:25:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=IcCS9i0n; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232453AbjGFNYB (ORCPT + 99 others); Thu, 6 Jul 2023 09:24:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41100 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232076AbjGFNXv (ORCPT ); Thu, 6 Jul 2023 09:23:51 -0400 Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C21801BC2; Thu, 6 Jul 2023 06:23:49 -0700 (PDT) Received: by mail-ej1-x62e.google.com with SMTP id a640c23a62f3a-98e39784a85so357562266b.1; Thu, 06 Jul 2023 06:23:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649828; x=1691241828; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HnXJmWO/ufwCaB7TRBuIUbbQK5I3YAKLODq1yY73//8=; b=IcCS9i0nCZk49GrJT2BelTw34u61oAJZ+bR8tB8OlF67v5gd4M2YSmnYAsdZF5WplL gCMZIdgFH5Tz0XKr+2nL1WD6wv6BTodzyNefdM6WrCNs6E2af4Dl0WcjCCxcSQT5GoyI qCm5tCJ4kzC4FhVNatZYaHnDzYTXvz/ldILx39KaBfSxIHr5aBT/HAsG+D6NqcCPASG0 fgGxIfFEWQfxNl/fwWoxgw2LGrucm4kK+ci3pnbO8Hjlua6LXjLNLVE3TiqiJiefukJ0 TPncVEYGKjdTVE0gJwUlfhl4wCbDw2xEAUPJmlblWKo7dbg9p7xvZ0YRQCp4lxGyNo8J 20cA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649828; x=1691241828; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HnXJmWO/ufwCaB7TRBuIUbbQK5I3YAKLODq1yY73//8=; b=T9lbrTMo9COjQcUgRcQLkuCa9wgi+VUmmf8nYotfCXpmQ1GUYbXBVT2fZLOAsnrj87 h1iwXaynghz+jH6gEwsP7jYgdaLbutqo8mGj2uxVyHiPXlcN1KnQQUlQTqrE3P+RFfvl WB3lxc46DfHE/i5pzF9ZjxxC3sodzZQl/+cpVnCCLMKHzLSeZ9WSgzEIjjPLzp9MGeZI OFWLbu1O7KeQ9E552TmqCKGfvqCcekSrwu3+D+unzHlTRUzU9QCOfSBwv9XIXey12wCi yqlqgCbD2tmxDuNnyJ6BD+oNPr910Jxv8TVCwX56TfD7BA37c07khm6qV1YRy0ToYwe7 MOwA== X-Gm-Message-State: ABy/qLYd3Bh1t8lXWZxFxxpbFloJXq2h0nbjGqlNd5Alf3yUW0zHR11k 87UOiPpcFi2DfEt6MxU/rch3XoaOX9p0HV4X X-Received: by 2002:a17:907:779a:b0:992:1005:928d with SMTP id ky26-20020a170907779a00b009921005928dmr1924201ejc.8.1688649828129; Thu, 06 Jul 2023 06:23:48 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:47 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 05/20] selinux: hashtab: use identical iterator type Date: Thu, 6 Jul 2023 15:23:20 +0200 Message-Id: <20230706132337.15924-5-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770677785845009788?= X-GMAIL-MSGID: =?utf-8?q?1770677785845009788?= Use the identical type u32 for the loop iterator. Signed-off-by: Christian Göttsche --- security/selinux/ss/hashtab.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c index 3fb8f9026e9b..ede3cc1bd204 100644 --- a/security/selinux/ss/hashtab.c +++ b/security/selinux/ss/hashtab.c @@ -137,7 +137,7 @@ int hashtab_duplicate(struct hashtab *new, struct hashtab *orig, void *args) { struct hashtab_node *cur, *tmp, *tail; - int i, rc; + int rc; memset(new, 0, sizeof(*new)); @@ -147,7 +147,7 @@ int hashtab_duplicate(struct hashtab *new, struct hashtab *orig, new->size = orig->size; - for (i = 0; i < orig->size; i++) { + for (u32 i = 0; i < orig->size; i++) { tail = NULL; for (cur = orig->htable[i]; cur; cur = cur->next) { tmp = kmem_cache_zalloc(hashtab_node_cachep, @@ -172,7 +172,7 @@ int hashtab_duplicate(struct hashtab *new, struct hashtab *orig, return 0; error: - for (i = 0; i < new->size; i++) { + for (u32 i = 0; i < new->size; i++) { for (cur = new->htable[i]; cur; cur = tmp) { tmp = cur->next; destroy(cur->key, cur->datum, args); From patchwork Thu Jul 6 13:23:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 116704 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2559122vqx; Thu, 6 Jul 2023 06:25:30 -0700 (PDT) X-Google-Smtp-Source: APBJJlFz2E0Gq2W7SXHDxLE5F43hyzEJzB6IrA2Mpxb1hBECKj9Z7biBcWL84sj1Mpg0LTxm53lD X-Received: by 2002:a17:90a:bd0d:b0:263:ff36:3aa0 with SMTP id y13-20020a17090abd0d00b00263ff363aa0mr1541259pjr.41.1688649929574; Thu, 06 Jul 2023 06:25:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688649929; cv=none; d=google.com; s=arc-20160816; b=pMRm/6FtLL8S5PI4adBe1ZM51Bj95vRmReEJIoDMU5wQXlOYuf9RpQ7e8YApggVlrZ 7rRrqxv5uHxCGT9RLQwoK4CIE8ON+Hhv84EQTtzMOfSyJNOIPqGJU0vFiK6VuCxVFH2e X6Rv7M3JguSoxHkhW4HdKgP21tWROV2c6xC/NycD6jlJBi1tcC+uZA1l/q2AV+B+lgP/ 8+B/FaGHRO51CNfv0xy4QBqP40SJW84V3slgw79kTqIjFRxZLypgbzH9R4b4sg+6CoH5 i+oT4egt7uRbytG+Rb7Ei+eVV3gGHoPkXuGu+aotOTqPGfDt0QN9LZdPZW4lHmSg9ow4 2fbQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=fjeU+oFwnLoTGw/GiFQxSoA+QryPefibnYvK0tDSOi0=; fh=QKur2PFwoLuCt27JzfZM4LabS9ldoGoSAJNPH9t/KWI=; b=DdepcyI/5i4SAg+kMwLiaaOWmitQnShNmwkceyDWAegNolagNHP6tbp2ry2q4g4otT U0kcFoIcTwvshiorPmAR7mKQqLebv1cHEa7pV/XPrzqpDDQTtEN1+cQysCqaCqzysK2M HIuCJqcgsVMMAJP9FJF1csysJ8M1cAwVajGHH+/D/WgPgsdEhQ8EO9UIjpBTDMAGiQY3 w/btqmgb83llxTjp3pQCLthmPIgDQiIEG5dxNVitHo/ahDvq09Vupb2CPO94Pc9O3/xV hAu0YJ7pA0Cdm6w9bjlwvtXSBM1FZYM/sPaNOabSRSUpw7TKRPn6JEQtoa2Yp0IQRLve 8k7g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=MqKQaLP1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id gd14-20020a17090b0fce00b00263aff4ccf0si1603117pjb.3.2023.07.06.06.25.14; Thu, 06 Jul 2023 06:25:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=MqKQaLP1; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232364AbjGFNYE (ORCPT + 99 others); Thu, 6 Jul 2023 09:24:04 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41102 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232077AbjGFNXv (ORCPT ); Thu, 6 Jul 2023 09:23:51 -0400 Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A28B31BC9; Thu, 6 Jul 2023 06:23:50 -0700 (PDT) Received: by mail-ej1-x62d.google.com with SMTP id a640c23a62f3a-992f6d7c7fbso88722066b.3; Thu, 06 Jul 2023 06:23:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649829; x=1691241829; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fjeU+oFwnLoTGw/GiFQxSoA+QryPefibnYvK0tDSOi0=; b=MqKQaLP19EQnZquTr15z2LYEMWk0lbI5ahUOyiCTMkO8YK8LPDbmlgOI1nxf7s91Je iGlcY/sOWLM8xRhikuBOXXIghPJCylRJDoZMIu32VvAgTY86pJgwqEQk3p8fxOObj/7f LvypWTZxm7AJtBNKRR2383uF0sqquAmpMfEfz1wZYdiJuoOTKU+3EzQMgFHD8pX6x4fX /kT1jVDeH85FVHRdN43fwgGmiPS5csGgjmrY6Ji6MlU4CZvjJyDbq3YhD3LWeNVM5MQ5 A6RnA9ztb1WrIgir9cG5fIFtq/o3yHGYCMyRQviIhzKNmMHQ3Q1efnXp1SczW5VkF0Zd 0L2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649829; x=1691241829; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fjeU+oFwnLoTGw/GiFQxSoA+QryPefibnYvK0tDSOi0=; b=C7tSbsO7jcL70oTkoLLTnxktjQstGKsHbpFOzvpZHDKf+zysijiHXIo4iVXJgGVX0v 0+xUkc1jHajIQVdoKXdhpn1jQUqrB2n40hNl6MdkI+SwtQHCEOZi/XsMPEO7KJGcazZ2 HC1ZoKosY9dMNOS6suaQjx7kLResGJ4n7x41mJvUIC/N5IN9ng9a+bOTFUxfedJwbEDE hS4XeGjLAAeWIvnGTO4XBO9T8e+LecB3u+x4+Z2KlMdbpmm54eOUAwv3eJLM4bx12NB9 nFKywrslIdb2UqZMAZ+Dpw3POPgBVYNbT1VnhuhSY9tGl/xR+23K1aaox/wlsi+3LmOH LUzw== X-Gm-Message-State: ABy/qLaQe8JgYTXc4kLSdtvjbstSFhVmYEZQmMSAGIlkRkOVJRFDWwyb pbOUmepoDz+11mduULLm4FNukVt87iIZDECs X-Received: by 2002:a17:906:6492:b0:992:d013:1130 with SMTP id e18-20020a170906649200b00992d0131130mr1581300ejm.6.1688649829104; Thu, 06 Jul 2023 06:23:49 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:48 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 06/20] selinux: mls: avoid implicit conversions Date: Thu, 6 Jul 2023 15:23:21 +0200 Message-Id: <20230706132337.15924-6-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770677788583451108?= X-GMAIL-MSGID: =?utf-8?q?1770677788583451108?= Use u32 for ebitmap bits. Use char for the default range of a class. Signed-off-by: Christian Göttsche --- security/selinux/ss/mls.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index 99571b19d4a9..1976f6b857e9 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c @@ -45,7 +45,7 @@ int mls_compute_context_len(struct policydb *p, struct context *context) len = 1; /* for the beginning ":" */ for (l = 0; l < 2; l++) { - int index_sens = context->range.level[l].sens; + u32 index_sens = context->range.level[l].sens; len += strlen(sym_name(p, SYM_LEVELS, index_sens - 1)); /* categories */ @@ -240,7 +240,7 @@ int mls_context_to_sid(struct policydb *pol, char *sensitivity, *cur_cat, *next_cat, *rngptr; struct level_datum *levdatum; struct cat_datum *catdatum, *rngdatum; - int l, rc, i; + int l, rc; char *rangep[2]; if (!pol->mls_enabled) { @@ -331,7 +331,7 @@ int mls_context_to_sid(struct policydb *pol, if (catdatum->value >= rngdatum->value) return -EINVAL; - for (i = catdatum->value; i < rngdatum->value; i++) { + for (u32 i = catdatum->value; i < rngdatum->value; i++) { rc = ebitmap_set_bit(&context->range.level[l].cat, i, 1); if (rc) return rc; @@ -451,7 +451,8 @@ int mls_convert_context(struct policydb *oldp, struct level_datum *levdatum; struct cat_datum *catdatum; struct ebitmap_node *node; - int l, i; + u32 i; + int l; if (!oldp->mls_enabled || !newp->mls_enabled) return 0; @@ -495,7 +496,7 @@ int mls_compute_sid(struct policydb *p, struct range_trans rtr; struct mls_range *r; struct class_datum *cladatum; - int default_range = 0; + char default_range = 0; if (!p->mls_enabled) return 0; From patchwork Thu Jul 6 13:23:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 116718 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2563709vqx; Thu, 6 Jul 2023 06:32:15 -0700 (PDT) X-Google-Smtp-Source: APBJJlEFnUOxnrIfZESu7gkUBgjSpsRKvPU1wv67H9Y5PXzNoBoVHsGYh4f9/SMJ+ilZpXrTYaw3 X-Received: by 2002:a17:90b:3744:b0:262:d4cf:9f71 with SMTP id ne4-20020a17090b374400b00262d4cf9f71mr1244276pjb.39.1688650335350; Thu, 06 Jul 2023 06:32:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688650335; cv=none; d=google.com; s=arc-20160816; b=kYL3HMhYrU76Muh1c+M25oZ55Op9a0A8fw/VtoZVtFWVKdC8kWbzeThczEXf0M7jbG GWG/RiZ8W97p9eIaMjchiVgrkWkSTDsOCI3o+H6P+fxQ/mhrC1Og7GEk0EVaJ+C8r778 kZoinBJk2z0h4JbGaUKlswJzDJipu8iATe7n72I9EMk2wHtcKpIbUCT6/STCH7lApqDB warW56CvPv+WyGgNxDFmYafhA0BFpr+1d3ace5b0RIOTqTskIWWDqjsZrqpnyurrRSGP f9fzWKci7iRxD3KK1yHJ+9pTkwbw21q4evcRHiCiVLpPe5BGwr5rNyuw6ZpxN7A6+wHq xy1w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=SkBksRN7bdprO5MQOGhCkpjrSYNKbvjJ8BXlsGQfvbA=; fh=fBY5D/IDrKFsN9mMQMRE3IlhWmhEeMbp24YlZR3fWbQ=; b=NGzx4p0vWLgUMi3gRaBxittIhA6DtuBiycS7QAoSA8EVJwyqPTOB1EZLlzv+yCzOiL BXPm7/CjcKlIEJgO32r97aBAjLNBYeuS0ba8IVleioY3w+NpJxY6Zw3xcPkAkxRg1Zvr 3qSgmAexkjDE3d6IcZJSn3Z/zq2+rnJShgWtG9iTKo6oekAqG4MgVFs0tc9vnhJjwj+s Pun8kBtPeLluJzlmMJBewsVH4uJxmmdLYyrf0A1AUaetKKYAozCsWVxaqa3q+elrHf66 EU3BMos8XPBDRI5v03Z3U0vvtqL0s3ngt2J+IIPBJBUXvGnX6mdYz+DlFjKG2pJS0K8+ Ql8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=XHZjH3uH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ca16-20020a17090af31000b0025be125bda9si1545542pjb.38.2023.07.06.06.32.00; Thu, 06 Jul 2023 06:32:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=XHZjH3uH; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231833AbjGFNYH (ORCPT + 99 others); Thu, 6 Jul 2023 09:24:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41128 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232108AbjGFNXx (ORCPT ); Thu, 6 Jul 2023 09:23:53 -0400 Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 12A6F1BD0; Thu, 6 Jul 2023 06:23:52 -0700 (PDT) Received: by mail-ej1-x633.google.com with SMTP id a640c23a62f3a-992b66e5affso87869066b.3; Thu, 06 Jul 2023 06:23:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649830; x=1691241830; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=SkBksRN7bdprO5MQOGhCkpjrSYNKbvjJ8BXlsGQfvbA=; b=XHZjH3uHqOB8pfbX97fSIP4Cmqu8I8oGtx+y4X5VGJED3j1RGgyne9bDc3pDI2EC69 SOZU5SqQjIrmOEqrII3G5hSuySj0v8TOzQ2OiXRRBtIKNBh3o9J5ZjX3dNE4p1zgeeM+ mVrEpA8HlL5RfePue4ttSeNTW56CNys+++3aW8F7aUyT6Vnh/rSekfFFkfwIWqLbgGuM uZaE4blGBC6f8iqhVJJjVVJlOy9dwdZwka1DRoY2Ef/dOoho+QFNi3PCLF8TwpH6jmhJ uCZMaZgDhNSQ+cPPcdNEaFEZDbvr49yX7onnWWp2Rquk5n2wIbOq7jBz7x9D+XSKnPoc pRuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649830; x=1691241830; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SkBksRN7bdprO5MQOGhCkpjrSYNKbvjJ8BXlsGQfvbA=; b=kYJnX4HLM59mqCbURZhNwu8NysSQQiFb12lmYLl48E2EOLg0mwZ5BW7JxUNiDNvTin JGNUKL9Oj7dARUc8ynrb2wfqmkvmprmR/QUMXck0wMm7sOOA+rkgHPk0c6Dm1qy6MSO+ sANz8t01gDxn5aqtYdvFMyCKVqvZ4DZXhUtWymNqLVOLDX7bgttqD+13HW24jWeHvbn5 GpqfTQy6jIeaUzvQUT0SLXNqMjaTJEJDR3XxWNRKYtXZ0bFHgzzDKBn6PFE4HRpU9nd6 62BXisx2RBnjLpuBnEUtdPOlOPkntdo9CsW49LLjiTDV+AOvuqJ+gSFJrDcg+MVnmetD 357w== X-Gm-Message-State: ABy/qLZ5DpB8sV6qnZTAeK24TETXrmt3Q78PKKC2gBKrFCDpYpa3jV/K MSYEF6p1VuJCyJJPOVn0gm8nYFqT8ay3LW3C X-Received: by 2002:a17:906:f55:b0:988:4dc:e3a3 with SMTP id h21-20020a1709060f5500b0098804dce3a3mr1289943ejj.31.1688649830532; Thu, 06 Jul 2023 06:23:50 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:50 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , Ondrej Mosnacek , "GONG, Ruiqi" , linux-kernel@vger.kernel.org Subject: [RFC PATCH 07/20] selinux: services: update type for umber of class permissions Date: Thu, 6 Jul 2023 15:23:22 +0200 Message-Id: <20230706132337.15924-7-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770678214081162346?= X-GMAIL-MSGID: =?utf-8?q?1770678214081162346?= Security classes have only up to 32 permissions, hence using an u16 is sufficient (while improving padding). Also use a fixed sized cast in a bit shift to work correctly on architectures where sizeof(unsigned int) != sizeof(u32). Signed-off-by: Christian Göttsche --- security/selinux/ss/services.c | 6 +++--- security/selinux/ss/services.h | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 78946b71c1c1..3275cfe2c8f7 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -97,7 +97,6 @@ static int selinux_set_mapping(struct policydb *pol, struct selinux_map *out_map) { u16 i, j; - unsigned k; bool print_unknown_handle = false; /* Find number of classes in the input mapping */ @@ -117,6 +116,7 @@ static int selinux_set_mapping(struct policydb *pol, while (map[j].name) { const struct security_class_mapping *p_in = map + (j++); struct selinux_mapping *p_out = out_map->mapping + j; + u16 k; /* An empty class string skips ahead */ if (!strcmp(p_in->name, "")) { @@ -202,7 +202,7 @@ static void map_decision(struct selinux_map *map, { if (tclass < map->size) { struct selinux_mapping *mapping = &map->mapping[tclass]; - unsigned int i, n = mapping->num_perms; + u16 i, n = mapping->num_perms; u32 result; for (i = 0, result = 0; i < n; i++) { @@ -230,7 +230,7 @@ static void map_decision(struct selinux_map *map, * should audit that denial */ for (; i < (sizeof(u32)*8); i++) - result |= 1<auditdeny = result; } } diff --git a/security/selinux/ss/services.h b/security/selinux/ss/services.h index 8a9b85f44b66..b6f99353301e 100644 --- a/security/selinux/ss/services.h +++ b/security/selinux/ss/services.h @@ -12,7 +12,7 @@ /* Mapping for a single class */ struct selinux_mapping { u16 value; /* policy value for class */ - unsigned int num_perms; /* number of permissions in class */ + u16 num_perms; /* number of permissions in class */ u32 perms[sizeof(u32) * 8]; /* policy values for permissions */ }; From patchwork Thu Jul 6 13:23:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 116713 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2561769vqx; Thu, 6 Jul 2023 06:29:55 -0700 (PDT) X-Google-Smtp-Source: APBJJlF3f2r6z4VMeAycUBO2OQ9H2x1HbkT11m1OFKufG/uO7CsgHG7VbrtmyNtZHdd1YHgEzGkQ X-Received: by 2002:a05:6a20:d90b:b0:12e:adbd:797a with SMTP id jd11-20020a056a20d90b00b0012eadbd797amr1409926pzb.62.1688650195129; Thu, 06 Jul 2023 06:29:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688650195; cv=none; d=google.com; s=arc-20160816; b=VxxlVRjRFVeJcq+MpCSCjObbq2bfRts34zQ5WCYud0ed9K7SGOS1XvTPRYgmUNkYLj Si7Yuou3e+DsjcacRuxQZsuwTSNq7Em0FXiGErM7ttyfElaKyQ+Yimwhal+zu/RfKuk2 hysIoMRtJ5QEapq93SrM6KZtPDFWX3Gu73+jXp8fIlbdkmJ7UrqK4KTL9TBDRlaMDcxn k8+rylbwK5e/dK/WCNrcYH/8tenm7errNkeweVfaS5r7GpY/bfGjU2X5VkCPtUA28ZRF 8QEeLbzoGZLPWn6dVFQYymJhvXCw4YcfYfDGK+x4WMKvfwmar4OpMn9tI6BAEZTH7Wr+ VmpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=LtVZ9IN18GMIVNNPxgzg9kuctr8q4nqyiqN2EuiG34w=; fh=sjCHlVvrimGgXeOVqmDIZSt8U1YM/FZwonj+dilrvLI=; b=EFdmRqDOYNfVdOSgKGdoYsPXC6Pp0ew6+lOFx18n4969bfCjZPyO+XKLQLhI6boaxf jhMFbLgHZpamY8qQI2TJcs/ZPiH4TwhONs+YidppQnZ+fZJBKpSygQ/jyWQfdIE7bHr1 38Qlcg6h9WQ5TfQuhFZU7yxUXQFqvvBTbnsLAnaIincIDkoke38J83SnKs7CtntiQqER m7e45umflMzur5nCM8HEggDWz3RPuSkFM2Z+JLAz7Ovacq5ggHVGzn8auF9jI1mDaqUd fpUlrgSF7tw/xpwxunlTF6jC8b42RRaj6zSU1kftFk4jfg0GqZ8qyplk9mn+Bpon/PR5 oWQg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=ZTokUOHN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ku6-20020a170903288600b001b8a7521b5csi1264517plb.244.2023.07.06.06.29.38; Thu, 06 Jul 2023 06:29:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=ZTokUOHN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232389AbjGFNYK (ORCPT + 99 others); Thu, 6 Jul 2023 09:24:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41118 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232177AbjGFNXz (ORCPT ); Thu, 6 Jul 2023 09:23:55 -0400 Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A59D61BC8; Thu, 6 Jul 2023 06:23:53 -0700 (PDT) Received: by mail-ej1-x629.google.com with SMTP id a640c23a62f3a-98de21518fbso88662066b.0; Thu, 06 Jul 2023 06:23:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649832; x=1691241832; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LtVZ9IN18GMIVNNPxgzg9kuctr8q4nqyiqN2EuiG34w=; b=ZTokUOHN4zP+Eekl+OVEKJa3T4lLrDOw++zXwjM1vzOFublHo6uQVNIBp/dGGOS/Ab 8Mm5Mx+/P97Qu41PqXghN6dU2xcgidnu+UAfxPHOiAqIF/avHOJAu9xwfUJN/CcDRNGS 1MLt9/a325Jwn/fUT0+8wderCd/CsuKvke/GYevncdsj72HqSrZiOJkLJtgXD+9t9Qka hGuO4qHxUDdGdBCdJxskeEpSEFdfZQN4bXCM5OT75S+h6TbMTEzu4/lXZC2tBDyU0+QK cpij0PRyrvn80TcH4XSqprwbB4jkyQcZnVetQf6MR5xVKWgMayDzq1pPk38PodNDipOJ ZwKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649832; x=1691241832; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LtVZ9IN18GMIVNNPxgzg9kuctr8q4nqyiqN2EuiG34w=; b=Zn1NdVPSx4i7aeBhTUc8bvYbX4B7set4CzjWRXoIatU0YVVZcX0ITgd5flwUdkkCsf PNjfGvkqNoQ3B4pHPu6jWj4emYe7tUONTrqLiFqcsA/9omxNOGM5EJCdu/QYZzcg/xhm cREHvfvTtLXEO0MwPpNHJZVjvBISc4J1/mJAuWv1AIahAYHtYcF4ulOY44BiRNkBWBp2 IwxEl9hjiM70ghW0FGMF9sKeeIn9SG0fmNMhWNX1HodMtQuTDeKY1tS9SAL1AadVxIvP ZZCrNfU3eIW/wZ48hpXHCoRENtfxKspFxX+a9eM3LY5TVg97fOe6x2Z6aZ1LF6+lUY+p Pdag== X-Gm-Message-State: ABy/qLZoZ6gh7YzlVqkr4awwq7sETUtVyCfkvrlGK6+Bg22PJC0Tf8G2 jJU1Ud+yZI3/yKGxKwBdMuFnYF3r7+DkvPXH X-Received: by 2002:a17:906:4792:b0:991:d5ad:f1a7 with SMTP id cw18-20020a170906479200b00991d5adf1a7mr1864982ejc.51.1688649832046; Thu, 06 Jul 2023 06:23:52 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:51 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , Ondrej Mosnacek , Casey Schaufler , Xiu Jianfeng , "GONG, Ruiqi" , linux-kernel@vger.kernel.org Subject: [RFC PATCH 08/20] selinux: services: avoid implicit conversions Date: Thu, 6 Jul 2023 15:23:23 +0200 Message-Id: <20230706132337.15924-8-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770678066915902268?= X-GMAIL-MSGID: =?utf-8?q?1770678066915902268?= Use u32 as the output parameter type in security_get_classes() and security_get_permissions(), based on the type of the symtab nprim member. Declare the read-only class string parameter of security_get_permissions() const. Avoid several implicit conversions by using the identical type for the destination. Signed-off-by: Christian Göttsche --- security/selinux/include/security.h | 4 ++-- security/selinux/selinuxfs.c | 7 ++++--- security/selinux/ss/services.c | 22 +++++++++------------- 3 files changed, 15 insertions(+), 18 deletions(-) diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 665c4e5bae99..0f93fd019bb4 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -312,9 +312,9 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type, u32 *peer_sid); int security_get_classes(struct selinux_policy *policy, - char ***classes, int *nclasses); + char ***classes, u32 *nclasses); int security_get_permissions(struct selinux_policy *policy, - char *class, char ***perms, int *nperms); + const char *class, char ***perms, u32 *nperms); int security_get_reject_unknown(void); int security_get_allow_unknown(void); diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index bad1f6b685fd..16036633ddd3 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1797,7 +1797,8 @@ static int sel_make_perm_files(struct selinux_policy *newpolicy, char *objclass, int classvalue, struct dentry *dir) { - int i, rc, nperms; + u32 i, nperms; + int rc; char **perms; rc = security_get_permissions(newpolicy, objclass, &perms, &nperms); @@ -1867,8 +1868,8 @@ static int sel_make_classes(struct selinux_policy *newpolicy, struct dentry *class_dir, unsigned long *last_class_ino) { - - int rc, nclasses, i; + u32 i, nclasses; + int rc; char **classes; rc = security_get_classes(newpolicy, &classes, &nclasses); diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 3275cfe2c8f7..2e2b17b00298 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -2822,7 +2822,6 @@ static inline int __security_genfs_sid(struct selinux_policy *policy, { struct policydb *policydb = &policy->policydb; struct sidtab *sidtab = policy->sidtab; - int len; u16 sclass; struct genfs *genfs; struct ocontext *c; @@ -2844,7 +2843,7 @@ static inline int __security_genfs_sid(struct selinux_policy *policy, return -ENOENT; for (c = genfs->head; c; c = c->next) { - len = strlen(c->u.name); + size_t len = strlen(c->u.name); if ((!c->v.sclass || sclass == c->v.sclass) && (strncmp(c->u.name, path, len) == 0)) break; @@ -3332,7 +3331,7 @@ static int get_classes_callback(void *k, void *d, void *args) { struct class_datum *datum = d; char *name = k, **classes = args; - int value = datum->value - 1; + u32 value = datum->value - 1; classes[value] = kstrdup(name, GFP_ATOMIC); if (!classes[value]) @@ -3342,7 +3341,7 @@ static int get_classes_callback(void *k, void *d, void *args) } int security_get_classes(struct selinux_policy *policy, - char ***classes, int *nclasses) + char ***classes, u32 *nclasses) { struct policydb *policydb; int rc; @@ -3358,8 +3357,7 @@ int security_get_classes(struct selinux_policy *policy, rc = hashtab_map(&policydb->p_classes.table, get_classes_callback, *classes); if (rc) { - int i; - for (i = 0; i < *nclasses; i++) + for (u32 i = 0; i < *nclasses; i++) kfree((*classes)[i]); kfree(*classes); } @@ -3372,7 +3370,7 @@ static int get_permissions_callback(void *k, void *d, void *args) { struct perm_datum *datum = d; char *name = k, **perms = args; - int value = datum->value - 1; + u32 value = datum->value - 1; perms[value] = kstrdup(name, GFP_ATOMIC); if (!perms[value]) @@ -3382,10 +3380,10 @@ static int get_permissions_callback(void *k, void *d, void *args) } int security_get_permissions(struct selinux_policy *policy, - char *class, char ***perms, int *nperms) + const char *class, char ***perms, u32 *nperms) { struct policydb *policydb; - int rc, i; + int rc; struct class_datum *match; policydb = &policy->policydb; @@ -3420,7 +3418,7 @@ int security_get_permissions(struct selinux_policy *policy, return rc; err: - for (i = 0; i < *nperms; i++) + for (u32 i = 0; i < *nperms; i++) kfree((*perms)[i]); kfree(*perms); return rc; @@ -3600,9 +3598,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) /* Check to see if the rule contains any selinux fields */ int selinux_audit_rule_known(struct audit_krule *rule) { - int i; - - for (i = 0; i < rule->field_count; i++) { + for (u32 i = 0; i < rule->field_count; i++) { struct audit_field *f = &rule->fields[i]; switch (f->type) { case AUDIT_SUBJ_USER: From patchwork Thu Jul 6 13:23:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 116717 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2563580vqx; Thu, 6 Jul 2023 06:32:05 -0700 (PDT) X-Google-Smtp-Source: APBJJlF5iCg6OKaV6IyM0UPNRQPllQRbGFfj+vjIq+P5tqkuQ5immGVUC7kn1SzFRRl4o/t5kL6T X-Received: by 2002:a05:6830:11d4:b0:6b8:7166:ea5a with SMTP id v20-20020a05683011d400b006b87166ea5amr2054952otq.13.1688650325385; Thu, 06 Jul 2023 06:32:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688650325; cv=none; d=google.com; s=arc-20160816; b=m1sqoy/dOxKZecZyZNcC8lgQXL7CLev3gvm1L2ABq5oHUhSG/U5VQYye8EhZaHms8c QbRQPM8Px7meOejcgT9iyYly9+ip2pP747qfMalgXSnDHlTLKN/BvCYeZraL9T9E2Cuv kvmLe+ERS3XCt3ggyO+NgxiYtk9noA8BWN0ihA9nbxnl6id2LxMY154A/guAy5osky4Y CtPCIc65eOQL11g7bpmiWwR9CGRTQWmfLgYD+R+RHSaSTxcExdsmKNCn4UHe/t0l+OS8 v1vjDY9H9z3EG6wpwB6ssVYlVapuEgvyOiBtfIJ8BINBC8cZr5fiFZl7TwwBbXxjWUFJ YOrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=kfq6WYxVSO9JeB8ozbXX3nHOjEAETuGaBGIng4Pfbz0=; fh=MhpIefJbjj5uiYoGxdoCmbUnLbTqzWkmo44G3Q/36Z4=; b=ysh/h36GSdowRvvdOkD7mXedSDVpest7hPUZp9cOK8Qa6j8XNb4bjIHwvMPb/V/nAK fQFcyABlzuqChQnFb5b51vec98s9yHN8dbun45RiahgJZtgyHMsU2RqUHGMFi7d3aZ8y WZIA+fZpfZgTpY6DlrsZU/MqZcrrf6IiUIQMWFihZR73xvyRZv7KmNZjbq+iz5IXRD/6 A/WOjAAd9bUH0bcdps1gXkv8zcRDm1rsEQ3KmAKU5w4R0n0730CZhSODzd84S/zlP0zb Ou9TLJJrQwh7rCRsWx6jsGJgU6o3HiInDP5qKnnUlerQfyJ9I7CTWo1BKg3nCPY+Nrlf xNlQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=e31PJQYu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x184-20020a6386c1000000b0055ba896f567si1490699pgd.585.2023.07.06.06.31.49; Thu, 06 Jul 2023 06:32:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=e31PJQYu; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231417AbjGFNYO (ORCPT + 99 others); Thu, 6 Jul 2023 09:24:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41172 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229528AbjGFNX4 (ORCPT ); Thu, 6 Jul 2023 09:23:56 -0400 Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B8CEF19B2; Thu, 6 Jul 2023 06:23:54 -0700 (PDT) Received: by mail-ej1-x629.google.com with SMTP id a640c23a62f3a-99357737980so86757066b.2; Thu, 06 Jul 2023 06:23:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649833; x=1691241833; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kfq6WYxVSO9JeB8ozbXX3nHOjEAETuGaBGIng4Pfbz0=; b=e31PJQYujr3guQn3Cv+W7D/al3dKcNleToEpFiYWrRtTlBF8sB9PfVpte2Y7xdjhP8 H6fbafj22OHyDemnVEGo0gi4roik7NweiIMFQSqlwiKiP2y4lMnpL01Mw3sZIHuw2Rj2 14n+V5UwYkdrrTWbaBcegz0lRI+9MhdNhYW63lQ6Es/yPX1E3I+ZelDgUpanZGshPdXT h3U+MfzfOOrFRpTffhFzpt7EHprJwb1c9NSgr1V4aeW5kJ8M1dZhvIrAT3wCts86Rb8a VNI47X0R+SuWsTJ+qVSmVlgHVLQd+tfvUEBDVh0dkFoJtXl+mwir9F0YsRMccV4B6Vn/ e9HA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649833; x=1691241833; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kfq6WYxVSO9JeB8ozbXX3nHOjEAETuGaBGIng4Pfbz0=; b=DjZ4D1/mM924btCyEkxE9NeNiOup0Fn2ExNlBVENOllRqj4YqshWffOZ/3eL4nV7h3 F7p6J30ESEEOKrkz/KJaB7l9/B5S3Uj1PZgBTmWUmP10HxjHFn5efegczIJ9URg3rjQA PWWtkGZoHs83x/CZlKC+8+3xijavOJXiXtruShOGXqj3JTqUjFCD0eHdcx1/Y1K58Pic OmEoFMro4CzUIQhecT4bTiGpvdQ3hNZGLEM58jkXUqelvwYBimGrul0kRohDfllUP7Mb +6NNAZ581qhi0N7AD6l95jJSoEqlSc3i0FEiLs+pVvIK5Qh19wK5yKRYHgz2WP8TpZDI 75BA== X-Gm-Message-State: ABy/qLa3feTNpwptDhk8Q3ntIBxgZQhQoDBUBpSlZXLXK15d/Ers10jA 8TAr1R+7uUB7PI+H6OcaXwMjanJ4aP5VHnct X-Received: by 2002:a17:907:d8d:b0:973:fd02:a41f with SMTP id go13-20020a1709070d8d00b00973fd02a41fmr1897793ejc.40.1688649833214; Thu, 06 Jul 2023 06:23:53 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:52 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , Ondrej Mosnacek , Xiu Jianfeng , linux-kernel@vger.kernel.org Subject: [RFC PATCH 09/20] selinux: status: consistently use u32 as sequence number type Date: Thu, 6 Jul 2023 15:23:24 +0200 Message-Id: <20230706132337.15924-9-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770678203559905731?= X-GMAIL-MSGID: =?utf-8?q?1770678203559905731?= Align the type with the one used in selinux_notify_policy_change() and the sequence member of struct selinux_kernel_status. Signed-off-by: Christian Göttsche --- security/selinux/include/security.h | 2 +- security/selinux/status.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 0f93fd019bb4..a16c52d553e1 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -376,7 +376,7 @@ struct selinux_kernel_status { } __packed; extern void selinux_status_update_setenforce(int enforcing); -extern void selinux_status_update_policyload(int seqno); +extern void selinux_status_update_policyload(u32 seqno); extern void selinux_complete_init(void); extern struct path selinux_null; extern void selnl_notify_setenforce(int val); diff --git a/security/selinux/status.c b/security/selinux/status.c index 19ef929a075c..e436e4975adc 100644 --- a/security/selinux/status.c +++ b/security/selinux/status.c @@ -101,7 +101,7 @@ void selinux_status_update_setenforce(int enforcing) * It updates status of the times of policy reloaded, and current * setting of deny_unknown. */ -void selinux_status_update_policyload(int seqno) +void selinux_status_update_policyload(u32 seqno) { struct selinux_kernel_status *status; From patchwork Thu Jul 6 13:23:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 116719 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2564040vqx; Thu, 6 Jul 2023 06:32:40 -0700 (PDT) X-Google-Smtp-Source: APBJJlED20sTZFig6foDYC9c55JGAAybTKN4qPFlmLVFtw2TQkbjxSHsukE970//UddFRKhrax/+ X-Received: by 2002:a17:90b:e10:b0:263:fa04:4f53 with SMTP id ge16-20020a17090b0e1000b00263fa044f53mr1307344pjb.2.1688650360548; Thu, 06 Jul 2023 06:32:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688650360; cv=none; d=google.com; s=arc-20160816; b=ve+e3aGu+sSoujMa83FE7icm49FMrudISP72U6/Cw9iQP1cbIwujKLv8XNxsAXxzbK +88RDNTIu+iT2m80qdnA/tdIV4+JFgKtSnb+WO3SmmSLNvv3U8N1HA42ji9HlbTfLvtD 7lahrrj/iQdL0OBaD425/tV/ZDV8t5kkielnod1l+vPzlMKweeHqigGlJSFqIyAUm7jn FjWPxCDbxYqoPMC2lEe7aHVMavVQxUXyZnxq7hFrJv7igAeWBtlT+7Pqf9Dl/mu64haV 7vGRFjRXS5W19y+BY15SO6/3f0aC3ejiwEpUmJ33OIG7Giu+GFyc2ZTTwciDk0xjos6s COiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=twwRuxY6wI3Kg6heMmcwREwGj5Jtv6WXh1HJopMuo9M=; fh=QKur2PFwoLuCt27JzfZM4LabS9ldoGoSAJNPH9t/KWI=; b=S9JOsSWvGyD2+aj1F1h1Zk1s9RbnIN/0wddp6qwyiPzTSYq/P+lCAipOXLqO3ss4Hn MVa5QTs+1U09KXMpshFXUHOP94+HmyzBd72iEFqzrDi1pF21WEnZEnRd4/5ZeYFuTVEz EfWhrmFgHhtiujA9yA0zWyLnq+vo7pW/UsLHlwAAB09Il92z9hfAqecr2hQYe8IJbTlU xXDjb/FngcCXcesHH7kBS1r1QXyEw3dPwQd8+kZRiVOX9rFiNE7KkqNRiHCo1OFgQyvv B+y2zC9qkg0/0ntprx+JyPuaJiK7roHySLpR2rWUMJzP/BrZNNkEJYRm2MZuzMzwic6h Fy6g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=QYgxRvyq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ei23-20020a17090ae55700b0025defcc6e75si1432614pjb.172.2023.07.06.06.32.25; Thu, 06 Jul 2023 06:32:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=QYgxRvyq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232592AbjGFNYT (ORCPT + 99 others); Thu, 6 Jul 2023 09:24:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41192 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232248AbjGFNX5 (ORCPT ); Thu, 6 Jul 2023 09:23:57 -0400 Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6016C1BD0; Thu, 6 Jul 2023 06:23:55 -0700 (PDT) Received: by mail-ej1-x633.google.com with SMTP id a640c23a62f3a-99384a80af7so81182266b.2; Thu, 06 Jul 2023 06:23:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649834; x=1691241834; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=twwRuxY6wI3Kg6heMmcwREwGj5Jtv6WXh1HJopMuo9M=; b=QYgxRvyqawTzN1vInTvH1KRmelQcb+xZLwjKwmBxAzsui0bJ8PfX+UtyZCMTJ1WaVc ZNmRehBukvKqPo8ryX7uLW37wAINUM4JXjBGUgBbbhZSDOohBGZmTI+hmXGRd5oqy+Ii 0EUXhwdOLy+KM6eRut1aG85YH54T5fXv+v1r1OxhI57hyiintFUfmObk8wvPFDL+xGbZ mO9W+lvh6edsDsjPZF7mZyLgnydEPsziQBugtWXe/Al2fGark+gwCE3Yn65JmLCZYOO8 t0x226t2MkLVbNXEDhM3vPQTPL4cGv6JzwpajWv7kQaKGHKf8dFakCwTzSAhSgHq9m0w ORcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649834; x=1691241834; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=twwRuxY6wI3Kg6heMmcwREwGj5Jtv6WXh1HJopMuo9M=; b=Qof1XUXj0CJZKO/ehu1Zi7DHu9MWFY3L/EzXhbtiHx+WZg3avjhjdo/TxxaBgoU+aa +CTNR7aM12Sd/IaTRAFhMzHKhqbgtxMwjg93dDIO5gG4m/pfYB9Emwbs9NrvTWKeKq2t ME+SLLUDg5Ia0vRcCHiRRhZ3iODRzO0d5vfsXGu32cJHAcEsvQSEyIAHD2A34ntLAp3+ 3ZqWMXEtTTDBv9tNV3lHokNx3K1VSwZ/m/340bfHmTe9nX5qI0bWPWCXgWVyKnlZXqac MoVs+sBgydYcHVc1FV/MjELNoGgH+85tfdydgqRRnEIHNyutzHRyBRmCyL+PEeJBENmo u3vQ== X-Gm-Message-State: ABy/qLZvfewTC1XATiqjJwsiC3Lk3RB0xno3NBLXvGdtMzVAYehaX2QI x9aH7+d/lZAeNvHGCoZfVHpZJpcQjnThJLPp X-Received: by 2002:a17:906:519d:b0:98d:ffdf:29cb with SMTP id y29-20020a170906519d00b0098dffdf29cbmr1514386ejk.2.1688649833833; Thu, 06 Jul 2023 06:23:53 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:53 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 10/20] selinux: netif: avoid implicit conversions Date: Thu, 6 Jul 2023 15:23:25 +0200 Message-Id: <20230706132337.15924-10-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770678240518500172?= X-GMAIL-MSGID: =?utf-8?q?1770678240518500172?= Use the identical type sel_netif_hashfn() returns. Signed-off-by: Christian Göttsche --- security/selinux/netif.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/selinux/netif.c b/security/selinux/netif.c index adbe9bea2d26..43a0d3594b72 100644 --- a/security/selinux/netif.c +++ b/security/selinux/netif.c @@ -67,7 +67,7 @@ static inline u32 sel_netif_hashfn(const struct net *ns, int ifindex) static inline struct sel_netif *sel_netif_find(const struct net *ns, int ifindex) { - int idx = sel_netif_hashfn(ns, ifindex); + u32 idx = sel_netif_hashfn(ns, ifindex); struct sel_netif *netif; list_for_each_entry_rcu(netif, &sel_netif_hash[idx], list) @@ -89,7 +89,7 @@ static inline struct sel_netif *sel_netif_find(const struct net *ns, */ static int sel_netif_insert(struct sel_netif *netif) { - int idx; + u32 idx; if (sel_netif_total >= SEL_NETIF_HASH_MAX) return -ENOSPC; From patchwork Thu Jul 6 13:23:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 116716 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2562541vqx; Thu, 6 Jul 2023 06:30:53 -0700 (PDT) X-Google-Smtp-Source: APBJJlEExUp6PfEAjRRWh8w4PQP9lo79aGh8hwCGeHRkUXYcmn38AIQ+8/3/HVineYYC8H5bMemG X-Received: by 2002:a17:902:bd43:b0:1b8:7c59:7d0a with SMTP id b3-20020a170902bd4300b001b87c597d0amr1891717plx.28.1688650253218; Thu, 06 Jul 2023 06:30:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688650253; cv=none; d=google.com; s=arc-20160816; b=xLb5cWOojTBH/kBclpS3LF+I6OG5aKvEfoq3XN30RTMdBGQNEizlRYADOPRJFEmarB Qdcbmwrz7tZoA+W1l1aPZSzx60AuZDpu/MC5Q0ZapR6KcjC/MeI6NgGZTu03QxcA5G+7 tfNym6Hcurp18YBPVR2dupimKesL1kWCdy8Sq06qZmrRsmC6SeLlAQFvKMlmmQA1A7wq ObUKOrIOZpIuGDcIEzPRFGfzzXczQO+gLZvdK5sS1tw+OMYAYmettDBEUulYMROzp8e0 21As3xjHD6M9rUguacLHCTfZt/7nekco8xsorMXnB+62H2v8EhD4ss9E+lSOhkpJJmgn pQHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=3A9liYAylTYZaKkz26rlg+lN90yLkMQe/eVravo5I1c=; fh=QKur2PFwoLuCt27JzfZM4LabS9ldoGoSAJNPH9t/KWI=; b=tqXtbcSsV85XGLZ724kMFqJ4GMVPp/LiM/rT9EeKO10r19JK4erDqB+97n9oG2tXDG zZ7MBLahB+U2L/Cq4GA+yuElJTXaQ/rL+q5t7vZ2hFWDD1jGZ6gfg+OQZ0AG7nFugROP XwHIbJrOZcVheZeTRrEbBmi5Jcgw7parO58TbJX0sfaFCQPBaN24gotd+NzdWJSq8y7T hUJxE5i3NwUucLXUhqAPMXwOxVBOplOmw1NNfY8zivsMfeczbmtEeJjZIB7XkVAhzxHe puElySqXxL+APrVO2qS3yrpmIQa/+Zufb7lD6QDfR5y6AbMh6AfykwTppqTvnY+tXz+8 xyIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=aYu4VEkg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id i3-20020a17090332c300b001b8944aa0d8si1310970plr.463.2023.07.06.06.30.37; Thu, 06 Jul 2023 06:30:53 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=aYu4VEkg; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231929AbjGFNYZ (ORCPT + 99 others); Thu, 6 Jul 2023 09:24:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41280 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232066AbjGFNYB (ORCPT ); Thu, 6 Jul 2023 09:24:01 -0400 Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DBFA21BF0; Thu, 6 Jul 2023 06:23:56 -0700 (PDT) Received: by mail-lj1-x232.google.com with SMTP id 38308e7fff4ca-2b703c900e3so9897141fa.1; Thu, 06 Jul 2023 06:23:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649835; x=1691241835; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3A9liYAylTYZaKkz26rlg+lN90yLkMQe/eVravo5I1c=; b=aYu4VEkg1GaCVjNfGwnh+Eh6dEw3yAg01DNOsnqXa5BVHIB/wirjEwhMuR/FtHoleV pP7DfzwoP22q6QAXXXjxHkS3/i5azG+O91vMIZ4rVH1RhMHO4UKj6k3crmi/BrG1To+5 oa6qVT7Z8Y3NBmniXRf2cqfxH6xL0EH6nNKhvqvXISYpOtiBPMttQUKbzmj2mDFAv5D6 wcGMBzErZaiwncQNqJW2LTwLWPTU6wLWtaKb4y0uCtnlvuWpRRuODZ/5WufyxQLsCaLl GsjT9JoErZmIRznP7CGus962pLOw91T7IGBZVEvu5AK3hmGPovdDVvz+e30gWktqJl1i Qnmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649835; x=1691241835; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3A9liYAylTYZaKkz26rlg+lN90yLkMQe/eVravo5I1c=; b=MbyV31bGmohlR3iulrmORQ68hDXz6aYDbwds7VAJ8lKFaem2RUIJnl3stgMQt4LvPZ L8bZKnkPCoak7d9vs8pFAd2LUBXJMC09ZbyKTQUCmhez4/jWENS/5RHmaKmtB29Nq1Wi pnMhvkKoOjWJZXS/sVMSPd8OcA/KJm9qtmP+qBP+kZ/Bu6v0B+KGTMrvuWxtZGitWvyf WfBCKtMDXpxUl3jKtwRNUsr7LpyLY6/QQKY7Y+qZvxb8XoFeqE781Uf2n/xmuYYJj616 CmOWcF6EDdsCh9o91m6/abFX2FYyHfs37Qq9LfJpPjmqYYeDY6z4PzErxNdTlC9oOCyz 2AXw== X-Gm-Message-State: ABy/qLbYlAk3RoWGTQK6KASXQw4Gh7eDx8cKjx4d3ACBR3eEnVQbPTmq NIH21WCIKKgaUVYGpESZGm56o4mmfeEVDmYv X-Received: by 2002:a2e:8eca:0:b0:2b6:fa92:479e with SMTP id e10-20020a2e8eca000000b002b6fa92479emr1418805ljl.42.1688649834567; Thu, 06 Jul 2023 06:23:54 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:54 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 11/20] selinux: avc: avoid implicit conversions Date: Thu, 6 Jul 2023 15:23:26 +0200 Message-Id: <20230706132337.15924-11-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770678127935534380?= X-GMAIL-MSGID: =?utf-8?q?1770678127935534380?= Use a consistent type of u32 for sequence numbers. Use a non-negative and input parameter matching type for the hash result. Signed-off-by: Christian Göttsche --- security/selinux/avc.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 1074db66e5ff..cd55479cce25 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -122,7 +122,7 @@ static struct kmem_cache *avc_xperms_data_cachep __ro_after_init; static struct kmem_cache *avc_xperms_decision_cachep __ro_after_init; static struct kmem_cache *avc_xperms_cachep __ro_after_init; -static inline int avc_hash(u32 ssid, u32 tsid, u16 tclass) +static inline u32 avc_hash(u32 ssid, u32 tsid, u16 tclass) { return (ssid ^ (tsid<<2) ^ (tclass<<4)) & (AVC_CACHE_SLOTS - 1); } @@ -523,7 +523,7 @@ static void avc_node_populate(struct avc_node *node, u32 ssid, u32 tsid, u16 tcl static inline struct avc_node *avc_search_node(u32 ssid, u32 tsid, u16 tclass) { struct avc_node *node, *ret = NULL; - int hvalue; + u32 hvalue; struct hlist_head *head; hvalue = avc_hash(ssid, tsid, tclass); @@ -566,7 +566,7 @@ static struct avc_node *avc_lookup(u32 ssid, u32 tsid, u16 tclass) return NULL; } -static int avc_latest_notif_update(int seqno, int is_insert) +static int avc_latest_notif_update(u32 seqno, int is_insert) { int ret = 0; static DEFINE_SPINLOCK(notif_lock); @@ -609,7 +609,7 @@ static void avc_insert(u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd, struct avc_xperms_node *xp_node) { struct avc_node *pos, *node = NULL; - int hvalue; + u32 hvalue; unsigned long flag; spinlock_t *lock; struct hlist_head *head; @@ -654,9 +654,9 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a) { struct common_audit_data *ad = a; struct selinux_audit_data *sad = ad->selinux_audit_data; - u32 av = sad->audited; + u32 av = sad->audited, perm; const char *const *perms; - int i, perm; + u32 i; audit_log_format(ab, "avc: %s ", sad->denied ? "denied" : "granted"); @@ -833,7 +833,8 @@ static int avc_update_node(u32 event, u32 perms, u8 driver, u8 xperm, u32 ssid, struct extended_perms_decision *xpd, u32 flags) { - int hvalue, rc = 0; + u32 hvalue; + int rc = 0; unsigned long flag; struct avc_node *pos, *node, *orig = NULL; struct hlist_head *head; From patchwork Thu Jul 6 13:23:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 116714 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2562423vqx; Thu, 6 Jul 2023 06:30:45 -0700 (PDT) X-Google-Smtp-Source: APBJJlEF6fHgpp7vTpKwyltEM/CMX9d2D/MGFlYif28MRRPXJzFzNfFIiwBzLRT3N/gwU7y5OoZI X-Received: by 2002:a92:db51:0:b0:345:ba42:239d with SMTP id w17-20020a92db51000000b00345ba42239dmr2075922ilq.9.1688650244748; Thu, 06 Jul 2023 06:30:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688650244; cv=none; d=google.com; s=arc-20160816; b=tU24kxB3v8E3y/MV2uH8XTHCt8AoUhP9tEMxBL0yGGKHivWCh54xRoE8Wy5F+Ni2vc 3e9Ai0rCCwevwdJcKTAMAx/kI/eMKpfOAHjdxm8r5danEeSAw/QpzOf0pzGpBRojKDtb hLPs3VDwekyj0+aHByyOw5sKwrv8qUCBDaNgN7WCsHKkuF6ilNKyMBnf1GUiVtVVpVE5 fBLPWCW6yQLdD1g5+Yqx971akerFA50HSLyo9WFYAVDoHyrVmr/LJRT1S1309mYmb7e3 FnfeLtGA8Voo5TIczi0eTycD077eg01b2bmiO586VTyJBEBE7lYlbSc7EE/NxayrLgPY jEfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=POQtj9EwL7vW/RtHnM490ckQa0bYDSbV6IRJYsU0nzA=; fh=QKur2PFwoLuCt27JzfZM4LabS9ldoGoSAJNPH9t/KWI=; b=hB4mnzenSEui+2NQ1OAfyxxPbnN4lJyYSlI5fOHvbaPvbdsPnh92v77AYcDn1Wi9Ae SKdc5NhcoXmOoBYBfhHyPqhL+prE5fbHm0MeCEljv+RptHoru8LmB5fUgg3jxwEni8QZ ZArI9E216RvJi4wEhokvYC0LJ/MNlRXBbybAaoRRc5l9jp3DlGLlpDdvXeOWCi01cw// 4GqS/jop/RYa+77NvuxzMUJaAO8Yzc0GPKa4KYKO29SlYrAt7JEDvRYAX7/N1DTBtfjE 2W+p4fyO9OirOks0UhFmGgjYTR9yJ0NTvA7RzGYdajHXSvelALn+FdZbiMEX4TbbZMJr LRXQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=iyv3Q7TA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j5-20020a63ec05000000b005428f25f67bsi1411154pgh.784.2023.07.06.06.30.28; Thu, 06 Jul 2023 06:30:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=iyv3Q7TA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232629AbjGFNY1 (ORCPT + 99 others); Thu, 6 Jul 2023 09:24:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41270 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232404AbjGFNYA (ORCPT ); Thu, 6 Jul 2023 09:24:00 -0400 Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DF4E31BF3; Thu, 6 Jul 2023 06:23:56 -0700 (PDT) Received: by mail-ed1-x52e.google.com with SMTP id 4fb4d7f45d1cf-51bece5d935so1063203a12.1; Thu, 06 Jul 2023 06:23:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649835; x=1691241835; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=POQtj9EwL7vW/RtHnM490ckQa0bYDSbV6IRJYsU0nzA=; b=iyv3Q7TAJWpYkGBROZoecoTa2QBSNEXYY2XzcHjPuTq0Oilh6NK2w4NJyjZRRgtcuv YImNb7DZT89USAblfNtfugLx4+iw0Jx/pyaXtCep5LHfsqi99B3t+vuES0l+gx8WxoFF ocn+lVc2ziecSrEwac8/zshIA/aL3IPutZjvKW0Fak6UOIRW407pAlsurKMRX+DKlspe 99lr8o/JynVMOD/8epVAFcCYfknwvtrcA6ZjiPXf8lFomPrEG5Gmf0rsKu0JcnALZoPj QVGFUZBFgqafYOO2xT8jZnoClhaaz3FTeP8drWgwNDg89dGHsawwif8dXavPJ6CSm3lj G4lA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649835; x=1691241835; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=POQtj9EwL7vW/RtHnM490ckQa0bYDSbV6IRJYsU0nzA=; b=J2CHvdFBsSPhrGYo2svcj0QcDsbHwJ3XLN+UqqzcuMa3exVOtNyvsuFDzZWTNAmt8i UWxlTt8rcpTygPBL+gcRCKf2bCnDDuxy0EUEgM4GsFSHRO+byI851IFxFMfS5yNjn6VG 50yL7GZRYa3ltVDH+6EQtsoAyseUpniBkx3OZy5EE7rTjurnlKFAgXGS8TZnHDAtXZAf D2VsFtGWDYkVdkE2JDkVPZU7iUqJkXcDm0tvFicBcjii+e6EWiKAwl4+c+oIwLoc9B51 K00h3vL9BLYkv8PctOgLfh0GO9Z6HKkrgCU7RZWr8oamMKHHKtPA7yeU9RofEVQ87PJx LtIA== X-Gm-Message-State: ABy/qLYv5a0EaO8vFph3DFZ4NSlTJ6iLq3MlNKnJ5rLZ+EntnNuCpZE/ S3de6NQyg2MTMmCkhcpc3ImqsgT/B9HmEdlF X-Received: by 2002:a17:906:3c46:b0:98d:fc51:b3dd with SMTP id i6-20020a1709063c4600b0098dfc51b3ddmr1402524ejg.41.1688649835234; Thu, 06 Jul 2023 06:23:55 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:54 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 12/20] selinux: hooks: avoid implicit conversions Date: Thu, 6 Jul 2023 15:23:27 +0200 Message-Id: <20230706132337.15924-12-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770678119384515774?= X-GMAIL-MSGID: =?utf-8?q?1770678119384515774?= Use the identical types in assignments of local variables for the destination. Merge tail calls into return statements. Avoid using leading underscores for function local variable. Signed-off-by: Christian Göttsche --- security/selinux/hooks.c | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index b8a8a4f0f2ad..fff50604abce 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1125,7 +1125,7 @@ static inline int default_protocol_dgram(int protocol) static inline u16 socket_type_to_security_class(int family, int type, int protocol) { - int extsockclass = selinux_policycap_extsockclass(); + bool extsockclass = selinux_policycap_extsockclass(); switch (family) { case PF_UNIX: @@ -5027,15 +5027,13 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { - int err; + int err, peerlbl_active, secmark_active; struct sk_security_struct *sksec = sk->sk_security; u16 family = sk->sk_family; u32 sk_sid = sksec->sid; struct common_audit_data ad; struct lsm_network_audit net = {0,}; char *addrp; - u8 secmark_active; - u8 peerlbl_active; if (family != PF_INET && family != PF_INET6) return 0; @@ -5498,11 +5496,11 @@ static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb) static int selinux_secmark_relabel_packet(u32 sid) { - const struct task_security_struct *__tsec; + const struct task_security_struct *tsec; u32 tsid; - __tsec = selinux_cred(current_cred()); - tsid = __tsec->sid; + tsec = selinux_cred(current_cred()); + tsid = tsec->sid; return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL); @@ -6000,8 +5998,7 @@ static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg) static int selinux_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd) { - int err; - int perms; + u32 perms; switch (cmd) { case IPC_INFO: @@ -6024,8 +6021,7 @@ static int selinux_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd) return 0; } - err = ipc_has_perm(msq, perms); - return err; + return ipc_has_perm(msq, perms); } static int selinux_msg_queue_msgsnd(struct kern_ipc_perm *msq, struct msg_msg *msg, int msqflg) @@ -6130,8 +6126,7 @@ static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg) /* Note, at this point, shp is locked down */ static int selinux_shm_shmctl(struct kern_ipc_perm *shp, int cmd) { - int perms; - int err; + u32 perms; switch (cmd) { case IPC_INFO: @@ -6158,8 +6153,7 @@ static int selinux_shm_shmctl(struct kern_ipc_perm *shp, int cmd) return 0; } - err = ipc_has_perm(shp, perms); - return err; + return ipc_has_perm(shp, perms); } static int selinux_shm_shmat(struct kern_ipc_perm *shp, @@ -6928,7 +6922,7 @@ static int selinux_uring_override_creds(const struct cred *new) */ static int selinux_uring_sqpoll(void) { - int sid = current_sid(); + u32 sid = current_sid(); return avc_has_perm(sid, sid, SECCLASS_IO_URING, IO_URING__SQPOLL, NULL); From patchwork Thu Jul 6 13:23:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 116707 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2559256vqx; Thu, 6 Jul 2023 06:25:45 -0700 (PDT) X-Google-Smtp-Source: APBJJlGSIHvrfz+DWSn9EdVuBw/ZWMH8pHQcQpZgbdLELabYIg+SiYlIMLKRxBd1CoCunqam/esW X-Received: by 2002:a05:6a00:1a12:b0:676:ad06:29d7 with SMTP id g18-20020a056a001a1200b00676ad0629d7mr2441633pfv.15.1688649945180; Thu, 06 Jul 2023 06:25:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688649945; cv=none; d=google.com; s=arc-20160816; b=Bxx7RvpBtwsTMK9qPuydzTjLVU0quJWJgHFmmwd7m2DW/WOu7nggG0c25ZY4HpKbMv PbSK6ABj+BDTWZRzbKnpjWqemry6akkjrwW/8NQ1WclUNNKClL5/lPMGdybx9+NvdwvS LUyOo80m4ERcLPrg20oItgOmeyzNsvr4ApGNoPsr42TRVDqlqTQn7p1dgCkLKOuG7X3R soFOAMFq5LMSjxUQIpgu0b3CucjC/OxzrPTw0booG5jCvAyBZcDVY2vJrL9hUrj2VPUW SYljx6rt+waMBN2uxqv/liRt3MjvEHDxJmjXDyFlPmOg31KWPMtpnIBdvL/rny4R72Z3 CtDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=6TDtptIkENs/tayg9WHiP7fNFieO7oHOt3lCGHjPhK8=; fh=QKur2PFwoLuCt27JzfZM4LabS9ldoGoSAJNPH9t/KWI=; b=EGOO7l2p9JIhu2EojMaJrRh5c9M/eoI5EXKmZUelzF8KgFBm8VhZN3rsOTqeAU3rLi +jK5dkknyLGUD3o3xwpibnaah9lUp1KPpMFxJWW6WnorjKrw/DUhi1ixrglWv/N++/Gu a+OFawG/W9QJPt0LORYDuiHS3nwtkJrDj13lm6zH9ZX3w+X6UdbpX2+yEusZQh6PEnQ8 yg0XusQQf5uG4clmiDegYgBHpksHfqXr+OqD7RduHIkxItZV7OlAdF8wsAFmbIBxzKkV gYctpbwgkupzWSpjASCATXGRp+i/Qkb5E2V07j44EZ1l5jTiCt3ZGKxOo1c5kcFqm8hW sbpQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=ZAoK9O9B; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x37-20020a056a0018a500b006687ed7b4a5si1516027pfh.140.2023.07.06.06.25.30; Thu, 06 Jul 2023 06:25:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=ZAoK9O9B; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232555AbjGFNYa (ORCPT + 99 others); Thu, 6 Jul 2023 09:24:30 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41134 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232469AbjGFNYB (ORCPT ); Thu, 6 Jul 2023 09:24:01 -0400 Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E7DAA1BF9; Thu, 6 Jul 2023 06:23:57 -0700 (PDT) Received: by mail-lj1-x22a.google.com with SMTP id 38308e7fff4ca-2b708e49059so5879961fa.3; Thu, 06 Jul 2023 06:23:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649836; x=1691241836; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6TDtptIkENs/tayg9WHiP7fNFieO7oHOt3lCGHjPhK8=; b=ZAoK9O9BsmPWDXZjxjcM8oa0QntCJDAE7guqGhxXlzF+kt3m+4JohijYM3ygC12aGe d9mBu5JTrg/vscq5p463NvtcB0ft8ZikB4ziomPVVNbk801szMlGrWwLtuZ6u+McO5JP kE8kWqvzVJALFxdkZ99/9VkntGl45qvuhIJqPzfpfWIhpt1fefccAqFJEiwj3hw82fsi H1fZHOWCRvrpXjdHtK9vBY6PLxLiLVWeSb9ggwGCjMW9EyJI0BjtZ6YgESVKHNkoHNgb ijR1dSBMJGnE6YXGR5xdCrRJxTMzH+lOvRImwMTxr4Gdj681Hszgctt4jbrwzivx1jvh 3UqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649836; x=1691241836; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6TDtptIkENs/tayg9WHiP7fNFieO7oHOt3lCGHjPhK8=; b=GPShHcwlPzhG3cDL4BPUAoj6MI0m95NBgEeE7R00+fsDxUbTmJyjUpTptQyyOUPem7 /++YAOE0neJ3h6Q05B0OPZBPndegF6+XTJkkq/iCm5NFxuxTI0HB52LpHlBDul17pDjq /uk1Pwib/1O65DluUX6UgFoYZlHOACF42msmCiL9P4ngrMEinRImCioY7mIuMaGRImvw lNv5t8+TJ8lOMFV/b6RCcHnrbhgHB5WGQA6DWfxxiP9Z0i8EuYUfpBFPJjuMiAWaghyX Aw0O54/n6nTURP2a9n8fEazgYa5ZrUjeJU2jqnAKnMpWxy10Z7o6WwPnSHOQN+PcvETU ZixA== X-Gm-Message-State: ABy/qLZGF5p6FuIiQRN8ZEvmvCj5QKETo5WCLiFS+WuIO0B9ICWn1HfE vbXICZI0R4EGW1Co+yO5hAtL9g3Sk2eBlFyI X-Received: by 2002:a2e:7a16:0:b0:2b5:7a87:a85a with SMTP id v22-20020a2e7a16000000b002b57a87a85amr1351695ljc.13.1688649835875; Thu, 06 Jul 2023 06:23:55 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:55 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 13/20] selinux: selinuxfs: avoid implicit conversions Date: Thu, 6 Jul 2023 15:23:28 +0200 Message-Id: <20230706132337.15924-13-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770677804925393678?= X-GMAIL-MSGID: =?utf-8?q?1770677804925393678?= Use umode_t as parameter type for sel_make_inode(), which assigns the value to the member i_mode of struct inode. Use identical type for loop iterator. Signed-off-by: Christian Göttsche --- security/selinux/selinuxfs.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 16036633ddd3..c3ac0468f698 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -97,10 +97,9 @@ static int selinux_fs_info_create(struct super_block *sb) static void selinux_fs_info_free(struct super_block *sb) { struct selinux_fs_info *fsi = sb->s_fs_info; - int i; if (fsi) { - for (i = 0; i < fsi->bool_num; i++) + for (unsigned int i = 0; i < fsi->bool_num; i++) kfree(fsi->bool_pending_names[i]); kfree(fsi->bool_pending_names); kfree(fsi->bool_pending_values); @@ -1191,7 +1190,7 @@ static ssize_t sel_write_member(struct file *file, char *buf, size_t size) return length; } -static struct inode *sel_make_inode(struct super_block *sb, int mode) +static struct inode *sel_make_inode(struct super_block *sb, umode_t mode) { struct inode *ret = new_inode(sb); From patchwork Thu Jul 6 13:23:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 116708 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2559267vqx; Thu, 6 Jul 2023 06:25:46 -0700 (PDT) X-Google-Smtp-Source: APBJJlFshFzPb1UYiyAIDduNiIEJfY29yGHAHggdLZbgAscRovTFoQ5S/1riWA38TThaO228zKP5 X-Received: by 2002:a92:d40d:0:b0:33b:568a:2981 with SMTP id q13-20020a92d40d000000b0033b568a2981mr2053852ilm.8.1688649946490; Thu, 06 Jul 2023 06:25:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688649946; cv=none; d=google.com; s=arc-20160816; b=DHwTThg/FhqGKAdLlPG+7q1UK9Z6Gq9iyjjeKwk8Eea9A4L/PJLtAVUrUYvM4YBLL7 bRL40bBKcMhySUrN5OmUFtjj3gqgGAADw6k8TATuUc38ptxkrz4H9y0ODrYMlYPm7t64 jJg8JREzgGjp8pZ2r6L6dfxIJxdszudc9Lu8xaRp6hG30H+d45Y89rEMp5606WGGUP/1 CWYAb3tT3PH2Ft0sMsLB9b5A7cVmLdHpZfYVxXSMVxeUqD6ogGXa1LG/Lwwmyppu6QXl HFFMfshJWh76ExbIU6YldLBcfH/9ykv75ITSFrarDikbBSIJ584ck93GLAvp6KJzIM5M 6r9A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Mc4qD9lCimMDS7+Q62W0sR+F1WbT4ndKWO0bdPK98Q4=; fh=fBY5D/IDrKFsN9mMQMRE3IlhWmhEeMbp24YlZR3fWbQ=; b=pMijw5ZrrLBSgzbFOdkvx/YkuI53Vq2LMqm1rxPp+AkLyI7jF3iQW2TPlJUtN9U+/h teETa1AKeSUBclEBIYiXZdYLvlg7xmmI5V6MzgxsfdXYYsNLoFPN6ZyHeaUbuVRiek9q fI/rtInoc7+XHXakb1KPM2KTjJkmMOhpn/fu7OEgOrDRMP1OOBLgrrz4odMvSQkNQtrM xdcYbTP5D0ZFnI9JMEsc9/zGl9PbSJt2lqonqFRjjL56OUZh0Q9EwptSuxDMlefqGbSN 5joM8+f8Mv+8uQsvoHx4cyTqtz5AJu6BFyNWa6jGedKRz6HEtd2wa9449ft7nU6C0WNZ 77yA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=KRgDtHb9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r8-20020a632048000000b0055391572218si1484872pgm.26.2023.07.06.06.25.32; Thu, 06 Jul 2023 06:25:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=KRgDtHb9; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232641AbjGFNYc (ORCPT + 99 others); Thu, 6 Jul 2023 09:24:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41270 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232081AbjGFNYF (ORCPT ); Thu, 6 Jul 2023 09:24:05 -0400 Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8EEE01FC7; Thu, 6 Jul 2023 06:23:59 -0700 (PDT) Received: by mail-ed1-x534.google.com with SMTP id 4fb4d7f45d1cf-51dff848168so1037594a12.2; Thu, 06 Jul 2023 06:23:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649838; x=1691241838; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Mc4qD9lCimMDS7+Q62W0sR+F1WbT4ndKWO0bdPK98Q4=; b=KRgDtHb9NQWXvl9rwUjjK2ezvvvwgu54gELKHJeo/7F0Hm49R/sMwBHJ3uCk7eZ5Gp fRPuKzhfqvXzKlKnsnYj4b5w581neInaOjHVrH9+GYBonlJ7R0bFLnu6XBIJgYRR7yoC 9o+Shh2XAhSuMXED5erB4cjgQDJ7V/d3EKOxQjDbRmMayZyJM58LHVRqllTL2IH5lBv9 87+M9I4o7J8dhmNTTjag4+d8J7Rpg4RxbrUO8IsQ9m6QsYY5VPI8p8X7Waor5+HNCzfW y3q7qq4EdWlkYC4KpdhTB+G57J1d9XyRFBCB1ZSlBGyXZXTRzyJ9oaPY7x+Y+mtvCLh2 KZUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649838; x=1691241838; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Mc4qD9lCimMDS7+Q62W0sR+F1WbT4ndKWO0bdPK98Q4=; b=he8FvstQ9tiT4x/ba4dnKrYfYGANK2NzadOFaFfe/aDw1WlKJtheecSN+OGCZQ7U1c IWXINlqe6Y8xcR5s4belJZFsU1FpIHvSGovtxVQaJhAtnET72KE3HuewbkioorcLYU3P N3pTICn4VfJ+/wRxS2Enx2kwsZlfoEQX2+t0AzcvoQ5dcBYpK3KqnB1xx9NjNcueEhkB eNOZvQ0qDfsZWvgGVQPJc6o4EEJU73Uk4Fh3vZg3Up/Sc31KuBUCZEy1xx0cxMgELC1s 6sPaqOZy9WORJmbcznVJtP6R1mypz/9megq8vs5Def1VHkdtnXu2wPpuRUFCahLzAX1y AxCg== X-Gm-Message-State: ABy/qLZjnNQ/siMoK0SSHf/A8gJzPinnnTuAaRbk2M5jNsx3w8gPdHPE a7+Na9GxyC3O8+6uh0WmNuvOmuYRx3cl2U/M X-Received: by 2002:a17:907:3d5:b0:992:764b:90d3 with SMTP id su21-20020a17090703d500b00992764b90d3mr1261371ejb.70.1688649837787; Thu, 06 Jul 2023 06:23:57 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:57 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , Ondrej Mosnacek , "GONG, Ruiqi" , linux-kernel@vger.kernel.org Subject: [RFC PATCH 14/20] selinux: use consistent type for AV rule specifier Date: Thu, 6 Jul 2023 15:23:29 +0200 Message-Id: <20230706132337.15924-14-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770677806317705068?= X-GMAIL-MSGID: =?utf-8?q?1770677806317705068?= The specifier for avtab keys is always supplied with a type of u16, either as a macro to security_compute_sid() or the member specified of the struct avtab_key. Signed-off-by: Christian Göttsche --- security/selinux/ss/avtab.c | 2 +- security/selinux/ss/avtab.h | 2 +- security/selinux/ss/services.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index 9c150fba3fa6..15a5d60fb1a5 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -248,7 +248,7 @@ struct avtab_node *avtab_search_node(struct avtab *h, } struct avtab_node* -avtab_search_node_next(struct avtab_node *node, int specified) +avtab_search_node_next(struct avtab_node *node, u16 specified) { struct avtab_node *cur; diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h index d6742fd9c560..f265e9da18e2 100644 --- a/security/selinux/ss/avtab.h +++ b/security/selinux/ss/avtab.h @@ -111,7 +111,7 @@ struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_node *avtab_search_node(struct avtab *h, const struct avtab_key *key); -struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified); +struct avtab_node *avtab_search_node_next(struct avtab_node *node, u16 specified); #define MAX_AVTAB_HASH_BITS 16 #define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS) diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 2e2b17b00298..823b000381a4 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -1694,7 +1694,7 @@ static void filename_compute_type(struct policydb *policydb, static int security_compute_sid(u32 ssid, u32 tsid, u16 orig_tclass, - u32 specified, + u16 specified, const char *objname, u32 *out_sid, bool kern) From patchwork Thu Jul 6 13:23:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 116709 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2559290vqx; Thu, 6 Jul 2023 06:25:49 -0700 (PDT) X-Google-Smtp-Source: APBJJlEMEAPMj5AUDzp9LjgvJEUVJvNJxu3NkdYEnCdUmyR3V85bc53UfXjl1pcBf/OujJ3vDEqx X-Received: by 2002:a17:902:d4d1:b0:1b8:a234:7617 with SMTP id o17-20020a170902d4d100b001b8a2347617mr2483124plg.5.1688649949094; Thu, 06 Jul 2023 06:25:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688649949; cv=none; d=google.com; s=arc-20160816; b=Zea3Zp2rynYYkDuGq72KYUeMTfF8L7BQCCINjeO+baCWwDL+5svO4wCgmsHd2uVYi4 XubQt/nYcvthnRZivRAVcnvorhf/48Ipe1zgQHT4yWSAteEbpNQloBSDYukWEKM2JzmD LwiPmsE9cVLbK/GuqfMQ1457KH1Br6Ef02DfYRBsnBuKqtVvvkPHwLhMsEtlL8MvTzMf Xz+BuEWAKzSORJ2Kw8SopXbFZZH4BTFkU2AeCC6FOQPmdgF9kuK/mCEl9I3/tzGQ3Jy4 NvcO7zHFf9k+PSKtRRfHcfx5LQoilss5OzlmHztMnN+dqq2sltzFoh/CURJNngjEg7xB TMTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=DhqfK8uOyIqhSWoksWSfTXUpr2q1z9ORZXhHYVLrqUc=; fh=wzzqoiy4jRPqAEB8fZSFn0KOU/wu3n0NZfveTutzhZo=; b=FYviv0LQfNbsgzCMBkFCX/Ilej2RATDsTMtBgs+pojfX1MHZzJJKxY+7L78FgQYu77 vEeJPBtsi3aayUJwgTVlrucOubEWSRQALfV9+aQaj96Ki8lEc060kta7nz8MOBLq2vZ0 drrPyO15IuXEl0OTKzRbplv2CZ/RzodhX1Y+uGi1DvOmKPWwUz7P0vqrpGGdHj4wFPfP BHOeeBaZKtNLB5I1l66LZ21prNJLrtEWdQFcS1itdSZ+uUD/6yFsbQNE+R4C+kgLmyv+ BgXSujxt25Lg1DLmto2FmA/uRTHIR8nFhBu6rO/r+FV6ASOU9dDuOVFzprFwozxCEaRz SAog== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=O4KSmmCe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p8-20020a170902e74800b001b8079085a1si1376845plf.380.2023.07.06.06.25.34; Thu, 06 Jul 2023 06:25:49 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=O4KSmmCe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230443AbjGFNYf (ORCPT + 99 others); Thu, 6 Jul 2023 09:24:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41460 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231950AbjGFNYI (ORCPT ); Thu, 6 Jul 2023 09:24:08 -0400 Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A7BF01994; Thu, 6 Jul 2023 06:24:00 -0700 (PDT) Received: by mail-ej1-x634.google.com with SMTP id a640c23a62f3a-992af8b3b1bso87803566b.1; Thu, 06 Jul 2023 06:24:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649839; x=1691241839; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=DhqfK8uOyIqhSWoksWSfTXUpr2q1z9ORZXhHYVLrqUc=; b=O4KSmmCeD9sYZFHVmyww/xG4Bn2lpeGw2ZtWKThZ/pDxxSrDATDoWPKO14yfoPINdz Qb8Kir3o5FMfNA3QJ5MZi0mRXld3ldX8DNnuDhJ6eRSeV1kus9OTNdd+uBrKkYEJboQP Yp0UkuhmHOposft2+KQ0CZCKVTEqdaj5vMJY6ez6n1MSZNIgk7Q6Gofh86DSshCVvoK9 PPMQO+6sU5f70/fIjRBvZsgAl9lZRhFR0icq9c9sVnEn+5za1StHnsGPw+A/6qunbe+p X4NzTASICdF+gUGoEpO5QODq8qmHavtPecdgHmKTkin0fUpQ5C8TjoQ0MbRD36pG3j0/ rSxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649839; x=1691241839; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DhqfK8uOyIqhSWoksWSfTXUpr2q1z9ORZXhHYVLrqUc=; b=gPI29vKZxp59SBoq2q+yMbTNa5O1Vd7B/9UZY9xkj2VRqlWlgZyF4mAg5PRnHYk7UO aqRKDOnTJwE4khnHASwFgBeT8iTnVzUVAXCWg0Yi/A0wI64Ij3YJLUy0TBz77J5DrAFY QGilRiUjz2eFVvmevIpTeXL099gWLF7pUsJ7fNJQd5UWrLIzgXEfN2xPPp0TW3OHCos3 iB0xXsmniYzr0RrFtvhcLWDYcx158A62rCGbeIEs9INWRqbsG4SDPrK9lYRAO7g0bVCe d8X/jloCa2yRPGQz8RT6IQ6a9uT0zTs7idCMlE6yPeNq1FO/tz3Zqv3/EhOltIYnyRro Y8ug== X-Gm-Message-State: ABy/qLb08FGUOZkVlDwo4mCqFXiefBuewumuacUSk2Xrec5jI6FwKIyC doJQA2t0MQd5x5I9p0b4KdqCfUG+si1gdyVo X-Received: by 2002:a17:907:3f0b:b0:98e:2423:708 with SMTP id hq11-20020a1709073f0b00b0098e24230708mr1678815ejc.62.1688649838816; Thu, 06 Jul 2023 06:23:58 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:58 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , Ondrej Mosnacek , linux-kernel@vger.kernel.org Subject: [RFC PATCH 15/20] selinux: policydb: implicit conversions Date: Thu, 6 Jul 2023 15:23:30 +0200 Message-Id: <20230706132337.15924-15-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770677809100025355?= X-GMAIL-MSGID: =?utf-8?q?1770677809100025355?= Use the identical type for local variables, e.g. loop counters. Signed-off-by: Christian Göttsche --- security/selinux/ss/policydb.c | 112 +++++++++++++++++++-------------- 1 file changed, 65 insertions(+), 47 deletions(-) diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index cfe77ef24ee2..9d0a3dab80d5 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -161,9 +161,7 @@ static const struct policydb_compat_info policydb_compat[] = { static const struct policydb_compat_info *policydb_lookup_compat(int version) { - int i; - - for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { + for (u32 i = 0; i < ARRAY_SIZE(policydb_compat); i++) { if (policydb_compat[i].version == version) return &policydb_compat[i]; } @@ -359,7 +357,7 @@ static int role_tr_destroy(void *key, void *datum, void *p) return 0; } -static void ocontext_destroy(struct ocontext *c, int i) +static void ocontext_destroy(struct ocontext *c, u32 i) { if (!c) return; @@ -781,7 +779,7 @@ void policydb_destroy(struct policydb *p) { struct ocontext *c, *ctmp; struct genfs *g, *gtmp; - int i; + u32 i; struct role_allow *ra, *lra = NULL; for (i = 0; i < SYM_NUM; i++) { @@ -1155,7 +1153,7 @@ static int common_read(struct policydb *p, struct symtab *s, void *fp) struct common_datum *comdatum; __le32 buf[4]; u32 len, nel; - int i, rc; + int rc; comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); if (!comdatum) @@ -1178,7 +1176,7 @@ static int common_read(struct policydb *p, struct symtab *s, void *fp) if (rc) goto bad; - for (i = 0; i < nel; i++) { + for (u32 i = 0; i < nel; i++) { rc = perm_read(p, &comdatum->permissions, fp); if (rc) goto bad; @@ -1220,16 +1218,16 @@ static int type_set_read(struct type_set *t, void *fp) static int read_cons_helper(struct policydb *p, struct constraint_node **nodep, - int ncons, int allowxtarget, void *fp) + u32 ncons, int allowxtarget, void *fp) { struct constraint_node *c, *lc; struct constraint_expr *e, *le; __le32 buf[3]; u32 nexpr; - int rc, i, j, depth; + int rc, depth; lc = NULL; - for (i = 0; i < ncons; i++) { + for (u32 i = 0; i < ncons; i++) { c = kzalloc(sizeof(*c), GFP_KERNEL); if (!c) return -ENOMEM; @@ -1246,7 +1244,7 @@ static int read_cons_helper(struct policydb *p, nexpr = le32_to_cpu(buf[1]); le = NULL; depth = -1; - for (j = 0; j < nexpr; j++) { + for (u32 j = 0; j < nexpr; j++) { e = kzalloc(sizeof(*e), GFP_KERNEL); if (!e) return -ENOMEM; @@ -1319,7 +1317,7 @@ static int class_read(struct policydb *p, struct symtab *s, void *fp) struct class_datum *cladatum; __le32 buf[6]; u32 len, len2, ncons, nel; - int i, rc; + int rc; cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); if (!cladatum) @@ -1359,7 +1357,7 @@ static int class_read(struct policydb *p, struct symtab *s, void *fp) goto bad; } } - for (i = 0; i < nel; i++) { + for (u32 i = 0; i < nel; i++) { rc = perm_read(p, &cladatum->permissions, fp); if (rc) goto bad; @@ -1412,7 +1410,8 @@ static int role_read(struct policydb *p, struct symtab *s, void *fp) { char *key = NULL; struct role_datum *role; - int rc, to_read = 2; + int rc; + unsigned int to_read = 2; __le32 buf[3]; u32 len; @@ -1468,7 +1467,8 @@ static int type_read(struct policydb *p, struct symtab *s, void *fp) { char *key = NULL; struct type_datum *typdatum; - int rc, to_read = 3; + int rc; + unsigned int to_read = 3; __le32 buf[4]; u32 len; @@ -1542,7 +1542,8 @@ static int user_read(struct policydb *p, struct symtab *s, void *fp) { char *key = NULL; struct user_datum *usrdatum; - int rc, to_read = 2; + int rc; + unsigned int to_read = 2; __le32 buf[3]; u32 len; @@ -1683,7 +1684,7 @@ static int user_bounds_sanity_check(void *key, void *datum, void *datap) upper = user = datum; while (upper->bounds) { struct ebitmap_node *node; - unsigned long bit; + u32 bit; if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { pr_err("SELinux: user %s: " @@ -1719,7 +1720,7 @@ static int role_bounds_sanity_check(void *key, void *datum, void *datap) upper = role = datum; while (upper->bounds) { struct ebitmap_node *node; - unsigned long bit; + u32 bit; if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { pr_err("SELinux: role %s: " @@ -1834,7 +1835,7 @@ static int range_read(struct policydb *p, void *fp) { struct range_trans *rt = NULL; struct mls_range *r = NULL; - int i, rc; + int rc; __le32 buf[2]; u32 nel; @@ -1851,7 +1852,7 @@ static int range_read(struct policydb *p, void *fp) if (rc) return rc; - for (i = 0; i < nel; i++) { + for (u32 i = 0; i < nel; i++) { rc = -ENOMEM; rt = kzalloc(sizeof(*rt), GFP_KERNEL); if (!rt) @@ -1996,7 +1997,7 @@ static int filename_trans_read_helper(struct policydb *p, void *fp) struct filename_trans_key *ft = NULL; struct filename_trans_datum **dst, *datum, *first = NULL; char *name = NULL; - u32 len, ttype, tclass, ndatum, i; + u32 len, ttype, ndatum, tclass; __le32 buf[3]; int rc; @@ -2026,7 +2027,7 @@ static int filename_trans_read_helper(struct policydb *p, void *fp) } dst = &first; - for (i = 0; i < ndatum; i++) { + for (u32 i = 0; i < ndatum; i++) { rc = -ENOMEM; datum = kmalloc(sizeof(*datum), GFP_KERNEL); if (!datum) @@ -2082,9 +2083,9 @@ static int filename_trans_read_helper(struct policydb *p, void *fp) static int filename_trans_read(struct policydb *p, void *fp) { - u32 nel; + u32 nel, i; __le32 buf[1]; - int rc, i; + int rc; if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) return 0; @@ -2123,7 +2124,7 @@ static int filename_trans_read(struct policydb *p, void *fp) static int genfs_read(struct policydb *p, void *fp) { - int i, j, rc; + int rc; u32 nel, nel2, len, len2; __le32 buf[1]; struct ocontext *l, *c; @@ -2136,7 +2137,7 @@ static int genfs_read(struct policydb *p, void *fp) return rc; nel = le32_to_cpu(buf[0]); - for (i = 0; i < nel; i++) { + for (u32 i = 0; i < nel; i++) { rc = next_entry(buf, fp, sizeof(u32)); if (rc) goto out; @@ -2175,7 +2176,7 @@ static int genfs_read(struct policydb *p, void *fp) goto out; nel2 = le32_to_cpu(buf[0]); - for (j = 0; j < nel2; j++) { + for (u32 j = 0; j < nel2; j++) { rc = next_entry(buf, fp, sizeof(u32)); if (rc) goto out; @@ -2237,8 +2238,8 @@ static int genfs_read(struct policydb *p, void *fp) static int ocontext_read(struct policydb *p, const struct policydb_compat_info *info, void *fp) { - int i, j, rc; - u32 nel, len; + int i, rc; + u32 nel, len, val; __be64 prefixbuf[1]; __le32 buf[3]; struct ocontext *l, *c; @@ -2251,7 +2252,7 @@ static int ocontext_read(struct policydb *p, const struct policydb_compat_info * nel = le32_to_cpu(buf[0]); l = NULL; - for (j = 0; j < nel; j++) { + for (u32 j = 0; j < nel; j++) { rc = -ENOMEM; c = kzalloc(sizeof(*c), GFP_KERNEL); if (!c) @@ -2299,9 +2300,27 @@ static int ocontext_read(struct policydb *p, const struct policydb_compat_info * rc = next_entry(buf, fp, sizeof(u32)*3); if (rc) goto out; - c->u.port.protocol = le32_to_cpu(buf[0]); - c->u.port.low_port = le32_to_cpu(buf[1]); - c->u.port.high_port = le32_to_cpu(buf[2]); + + rc = -EINVAL; + + val = le32_to_cpu(buf[0]); + if (val > U8_MAX) + goto out; + c->u.port.protocol = val; + + val = le32_to_cpu(buf[1]); + if (val > U16_MAX) + goto out; + c->u.port.low_port = val; + + val = le32_to_cpu(buf[2]); + if (val > U16_MAX) + goto out; + c->u.port.high_port = val; + + if (c->u.port.low_port > c->u.port.high_port) + goto out; + rc = context_read_and_validate(&c->context[0], p, fp); if (rc) goto out; @@ -2429,7 +2448,7 @@ int policydb_read(struct policydb *p, void *fp) struct role_allow *ra, *lra; struct role_trans_key *rtk = NULL; struct role_trans_datum *rtd = NULL; - int i, j, rc; + int rc; __le32 buf[4]; u32 len, nprim, nel, perm; @@ -2546,7 +2565,7 @@ int policydb_read(struct policydb *p, void *fp) goto bad; } - for (i = 0; i < info->sym_num; i++) { + for (int i = 0; i < info->sym_num; i++) { rc = next_entry(buf, fp, sizeof(u32)*2); if (rc) goto bad; @@ -2563,7 +2582,7 @@ int policydb_read(struct policydb *p, void *fp) goto out; } - for (j = 0; j < nel; j++) { + for (u32 j = 0; j < nel; j++) { rc = read_f[i](p, &p->symtab[i], fp); if (rc) goto bad; @@ -2597,7 +2616,7 @@ int policydb_read(struct policydb *p, void *fp) rc = hashtab_init(&p->role_tr, nel); if (rc) goto bad; - for (i = 0; i < nel; i++) { + for (u32 i = 0; i < nel; i++) { rc = -ENOMEM; rtk = kmalloc(sizeof(*rtk), GFP_KERNEL); if (!rtk) @@ -2643,7 +2662,7 @@ int policydb_read(struct policydb *p, void *fp) goto bad; nel = le32_to_cpu(buf[0]); lra = NULL; - for (i = 0; i < nel; i++) { + for (u32 i = 0; i < nel; i++) { rc = -ENOMEM; ra = kzalloc(sizeof(*ra), GFP_KERNEL); if (!ra) @@ -2707,10 +2726,10 @@ int policydb_read(struct policydb *p, void *fp) goto bad; /* just in case ebitmap_init() becomes more than just a memset(0): */ - for (i = 0; i < p->p_types.nprim; i++) + for (u32 i = 0; i < p->p_types.nprim; i++) ebitmap_init(&p->type_attr_map_array[i]); - for (i = 0; i < p->p_types.nprim; i++) { + for (u32 i = 0; i < p->p_types.nprim; i++) { struct ebitmap *e = &p->type_attr_map_array[i]; if (p->policyvers >= POLICYDB_VERSION_AVTAB) { @@ -3282,7 +3301,7 @@ static int (*const write_f[SYM_NUM]) (void *key, void *datum, void *datap) = { static int ocontext_write(struct policydb *p, const struct policydb_compat_info *info, void *fp) { - unsigned int i, j, rc; + int i, rc; size_t nel, len; __be64 prefixbuf[1]; __le32 buf[3]; @@ -3360,9 +3379,9 @@ static int ocontext_write(struct policydb *p, const struct policydb_compat_info return rc; break; case OCON_NODE6: - for (j = 0; j < 4; j++) + for (unsigned int j = 0; j < 4; j++) nodebuf[j] = c->u.node6.addr[j]; /* network order */ - for (j = 0; j < 4; j++) + for (unsigned int j = 0; j < 4; j++) nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ rc = put_entry(nodebuf, sizeof(u32), 8, fp); if (rc) @@ -3631,8 +3650,7 @@ static int filename_trans_write(struct policydb *p, void *fp) */ int policydb_write(struct policydb *p, void *fp) { - unsigned int i, num_syms; - int rc; + int rc, num_syms; __le32 buf[4]; u32 config; size_t len; @@ -3701,7 +3719,7 @@ int policydb_write(struct policydb *p, void *fp) } num_syms = info->sym_num; - for (i = 0; i < num_syms; i++) { + for (int i = 0; i < num_syms; i++) { struct policy_data pd; pd.fp = fp; @@ -3750,7 +3768,7 @@ int policydb_write(struct policydb *p, void *fp) if (rc) return rc; - for (i = 0; i < p->p_types.nprim; i++) { + for (u32 i = 0; i < p->p_types.nprim; i++) { struct ebitmap *e = &p->type_attr_map_array[i]; rc = ebitmap_write(e, fp); From patchwork Thu Jul 6 13:23:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 116710 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2559307vqx; Thu, 6 Jul 2023 06:25:52 -0700 (PDT) X-Google-Smtp-Source: APBJJlF4mY4icZzS3KqDnwo+89xOvtHOMIamD4Bz09XVlpek3r/h1c/U6hn2X4Aij31/vhHoZpda X-Received: by 2002:a05:6a20:430b:b0:12e:92c1:b1c8 with SMTP id h11-20020a056a20430b00b0012e92c1b1c8mr1619590pzk.47.1688649951842; Thu, 06 Jul 2023 06:25:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688649951; cv=none; d=google.com; s=arc-20160816; b=R8LH8RVSDg8IRkpiXbV19SmUZc2qTg7sfM0ANJ6msNBeeoHl/pEj+aywQMkbFbZTc8 Gove3kuIWz+LBkUnDP1iILjYssCo2vC+SMDu/SyzC+fMoWdRobP945ADXo5rfmJ0h/n3 sXtysQS7b/cw7u/QY1yhTCveECz2WY3KSlTfQDYRDR+ytZnyIeobpT64UGS2mg+W8xkd d+riltjuNzDvufmHQquwbTOPiGjLvEO6okZXRzGqKdCqu3YfLKhJkBmzP5gYqoLwLUX3 vLWBkGoXw6FfFRSTJVhQzkqASp2eXelricGldFOsbLK/DYm5Cju7jSxXC/6mfsGjjPDj 8jyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ttKtREu8xCq0EEFV7iCGq+Ud9sFqF7ByOvZXs9yYx/w=; fh=QKur2PFwoLuCt27JzfZM4LabS9ldoGoSAJNPH9t/KWI=; b=YN7TtzkGp25NjOv5apuvvXd4Ld2btvCjGQYjsUpZISqlo320IGuP+aMxr3Xi5u/cg9 JSY63igqrujg+UyYxdthh7NzAU+koYhDTFXFAb9Gfgq20sjRpUnh+a8KVWvgIDfwPGf3 husor9dcml8q+5Gkz/DEXszFr0L80UPb/zq9JhCxv3n+5MvtG8I+GY+jxivMNOGXXScU cWzrchzu56TIlsSBCev4ZIAalkYgLlBwAbAU6f8dpcjJrfXzYRHWO5ox5sRqx52Mzop7 2LFi5zro5IWiP2gO0UXCpopRz7FVGljcw/vk+yPa7FymC5Ymfbfswa6wAQ1hvTnX66mW QB2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=On9VzKHp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id c9-20020a170902d48900b001b8b386ae30si1390475plg.335.2023.07.06.06.25.36; Thu, 06 Jul 2023 06:25:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=On9VzKHp; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232413AbjGFNYh (ORCPT + 99 others); Thu, 6 Jul 2023 09:24:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41266 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232519AbjGFNYO (ORCPT ); Thu, 6 Jul 2023 09:24:14 -0400 Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 36ED51FE0; Thu, 6 Jul 2023 06:24:01 -0700 (PDT) Received: by mail-ed1-x531.google.com with SMTP id 4fb4d7f45d1cf-51e28cac164so2924807a12.1; Thu, 06 Jul 2023 06:24:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649840; x=1691241840; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ttKtREu8xCq0EEFV7iCGq+Ud9sFqF7ByOvZXs9yYx/w=; b=On9VzKHpPKxOaYVKo8Z80brFWSUTyh4J/bIK3E0JRK833IHVGebZHK0CVm4fvKEk21 hwtqCP6yMGVWBvuWOjDO9SRG0T6lA/cSA6g/3inNBWoZ0jqjgVJrlhX6TKPqui7xUzDp AZ3VfUagGhjPE12LKqSM2axddRsr5kcsaYvNKUGPR2VQdjR4bSYenKyFvAqv0nF2TVK/ zUueeDxqKoiPDzTVjdv2gAvpFjHyEi20zubsYzZYUTM/JwvcbyEJRFbt4OnIXGeJhMzA OCiN+7FTH571xyJg0V5jAmeIBMmQza1O5BO+LH2E2GraA+lK5GNlAJ9mF9X633r/Glsg 42SA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649840; x=1691241840; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ttKtREu8xCq0EEFV7iCGq+Ud9sFqF7ByOvZXs9yYx/w=; b=jo8XwlWEwaIkHscWybB1jNk+ZClYT6BcWl25ws+Pg9e6mL3lobeBRoiN0Vj0PFqbMm lkz/YYZlNtOSfK8MBpwIU+LfbBVabBU2oeXq0FiR8wwekur/m73TumnD7dJp3qcoW1b4 ZmdTI0GOh6bHpC75Opu7UJTtiMh3vTm0oROBV6UdIOJlI0J0sM3tU+1bCR4M8LFJcqOE EarvDu1XS33+53N0DFydrIQ98tSZXjquwL/2fG2NEZuoqefaaQfbxZwq/vVtm+OuKzsq PiT6oLO7tb7uR6ZUUySwpp8hksVxUo7COhhj1Qj3JbEgJF0W6dp+kZOZDM0U7W3OWN7b qq1Q== X-Gm-Message-State: ABy/qLY1y8eU/HRDXjznbEA3SIGZNUDDmm0Ou7q/RunEhf6jX8deT36U 08yocGAtWeS4On6BF+WWTQPDIJpgvRJRI1ny X-Received: by 2002:a17:906:4fc7:b0:98d:f2c9:a1eb with SMTP id i7-20020a1709064fc700b0098df2c9a1ebmr4961722ejw.24.1688649840250; Thu, 06 Jul 2023 06:24:00 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:24:00 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 16/20] selinux: symtab: implicit conversion Date: Thu, 6 Jul 2023 15:23:31 +0200 Message-Id: <20230706132337.15924-16-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770677812324511250?= X-GMAIL-MSGID: =?utf-8?q?1770677812324511250?= hashtab_init() takes an u32 as size parameter type. Signed-off-by: Christian Göttsche --- security/selinux/ss/symtab.c | 2 +- security/selinux/ss/symtab.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/security/selinux/ss/symtab.c b/security/selinux/ss/symtab.c index c42a6648a07d..7a77571fb275 100644 --- a/security/selinux/ss/symtab.c +++ b/security/selinux/ss/symtab.c @@ -37,7 +37,7 @@ static const struct hashtab_key_params symtab_key_params = { .cmp = symcmp, }; -int symtab_init(struct symtab *s, unsigned int size) +int symtab_init(struct symtab *s, u32 size) { s->nprim = 0; return hashtab_init(&s->table, size); diff --git a/security/selinux/ss/symtab.h b/security/selinux/ss/symtab.h index f2614138d0cd..3033c4db6cb6 100644 --- a/security/selinux/ss/symtab.h +++ b/security/selinux/ss/symtab.h @@ -17,7 +17,7 @@ struct symtab { u32 nprim; /* number of primary names in table */ }; -int symtab_init(struct symtab *s, unsigned int size); +int symtab_init(struct symtab *s, u32 size); int symtab_insert(struct symtab *s, char *name, void *datum); void *symtab_search(struct symtab *s, const char *name); From patchwork Thu Jul 6 13:23:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 116711 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2559308vqx; Thu, 6 Jul 2023 06:25:52 -0700 (PDT) X-Google-Smtp-Source: APBJJlENocu8Cy5GmsrHHXOVhlbYg+OUZwLRUdvO+yTXHCnGA+3eC1E8MGh/xyE/YACEFFOUTjbU X-Received: by 2002:a05:6a21:3386:b0:12e:4f6b:d27d with SMTP id yy6-20020a056a21338600b0012e4f6bd27dmr1620257pzb.33.1688649952269; Thu, 06 Jul 2023 06:25:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688649952; cv=none; d=google.com; s=arc-20160816; b=Gn6uOIDljHnVCrDvwvHkZkfm99en83dZBpMWNKNl2/7buZKzMw/LZMuW82SAhlhd7E q3tS7Pf8RWV270oXkSx/7be095Hnr68qnZoz/aCWHUfw0AZZ9X082y34l1vfjL70rNfG XMcZkGGKVP83V9M3KWW36LQSJmBiXFgPs+nve4r9gBavRrjjbS4PTI4gpEMT+JHjbm+T O257y+jyXtAiSm6TVnOXh2LJ4GJ/dMB8kMUeuKWxn6Xppcb8SI+77zLO5TZAwTqEEYOe iLHWYjbuX6UzNhXPm3JGp7NPjupDsFsO8+0FZpoysJz8BSyX8tfQ/CTCJwiQZuriKzWP rzRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=TT7ciLyG4XLP2FDxdoJcpM/orayGJKZgxrCVbgJsD4I=; fh=fBY5D/IDrKFsN9mMQMRE3IlhWmhEeMbp24YlZR3fWbQ=; b=YWUueFvwqunsE5pbSV+bkShyk6LOdMVePIFi4Jl3dGn9ASbV1kTYILELklFXAD7K8l y+zhIyNr1vJamYPgC2BHgNJGtWmcGNcD3nP4FTxWQtrlujn8CJDHHVD+ZLSgQTwkc40s 5bMCpeBOU75le+VoTNXH3bQDOA2TPkEM4MfKjP9CTtEp0lPWT14h19m/vpx12nEg8HcN e2qdBb6+bTKQT4gIKESHMSXyPvnG9dVMH7HbYasDp1jk9KJ1MXocp+YCIqystHNUKncu wBqrnyRvxcSpsARhZ6XQBFL9vPE21QURM2OUpYujRQ0aDriUCJeBhYvfkksVNfQybqUb SAgA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=Rczw5F5J; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u8-20020a634708000000b005579a12f405si1379435pga.200.2023.07.06.06.25.37; Thu, 06 Jul 2023 06:25:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=Rczw5F5J; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232258AbjGFNYr (ORCPT + 99 others); Thu, 6 Jul 2023 09:24:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41462 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232586AbjGFNYS (ORCPT ); Thu, 6 Jul 2023 09:24:18 -0400 Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 256E41BD2; Thu, 6 Jul 2023 06:24:04 -0700 (PDT) Received: by mail-lj1-x22b.google.com with SMTP id 38308e7fff4ca-2b703d7ed3aso10557661fa.1; Thu, 06 Jul 2023 06:24:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649842; x=1691241842; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=TT7ciLyG4XLP2FDxdoJcpM/orayGJKZgxrCVbgJsD4I=; b=Rczw5F5JKo/dyfkxPmv4W3mIrU152v6CC5K1Bte/H+WvrKIlDnswnvCHB1FfOyN25q uD/9ib9uoPN0+LbqY2Iegrepy/x+8JKDfhFjYLZ+EuIEDJOr8SrzRtuxQ7Hy7M6GrPVS pIhNsIu6mfe39MDdiez3ILlTKuQ6+oGL/GKOWlz+emkgQ6HEbnEOXCaln6q2Hm55JmXb EpmhVCN4yyVHdFH1R3lsL4w7NKoG0eeLpcL35Sbb4v539g1TYrbgF/1+qyuQmUMivKvJ ZlmoGWW4ytgpeoIcQllzTXOqsmd1mf74DywbctEMfmrS9ThvtxDiwk7AHi7+forbsiJU dx4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649842; x=1691241842; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TT7ciLyG4XLP2FDxdoJcpM/orayGJKZgxrCVbgJsD4I=; b=ByzMMnfQ4nitwdXj2XYmeQFwQUJT2n+IyeZbumGb5pVN9E+UQll4LOvEUoFuohyuu5 GixrOiJF/BVP3+19xOEF00WQhoKZ0344yX3jN9jq54Aj5Gr+euhRj/HFg/gIardFaglk K9XNtkuBmOSxSYEP7fpRpuGjk6SMnE3Xlrye006x/4o9HfbEwHZ+Y+BIIUSr6R+1O3i6 Thl6LKp4DruGn7OjnlEQqZUVdWSzqnz8OFIjv4HxZ5s/bbg4dP1jDlq7JgY9amW+Z5Jb ZrVsAW14IsNP6vK+VBBsCidNmEQ8miJmUcAIjQd5OBpxMIX1Mr/Sttnbn+SKWbFVuDzU 0t+A== X-Gm-Message-State: ABy/qLaOtQqpkTzOuKlSeEDimaP9PvlTk+jYzDqlqU8TsEPTXVoucqTO CX8ZrFDNgC0Uz/H3TWaSi372XBN7R6VlRVUP X-Received: by 2002:a2e:6e19:0:b0:2b6:f009:d1b with SMTP id j25-20020a2e6e19000000b002b6f0090d1bmr1445409ljc.49.1688649841370; Thu, 06 Jul 2023 06:24:01 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.24.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:24:01 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , Ondrej Mosnacek , "GONG, Ruiqi" , linux-kernel@vger.kernel.org Subject: [RFC PATCH 17/20] selinux: services: implicit conversions Date: Thu, 6 Jul 2023 15:23:32 +0200 Message-Id: <20230706132337.15924-17-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770677812049061392?= X-GMAIL-MSGID: =?utf-8?q?1770677812049061392?= Use the type identical to the source for local variables. Signed-off-by: Christian Göttsche --- security/selinux/ss/services.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 823b000381a4..e2cd6d7ea7cc 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -856,7 +856,7 @@ int security_bounded_transition(u32 old_sid, u32 new_sid) struct sidtab *sidtab; struct sidtab_entry *old_entry, *new_entry; struct type_datum *type; - int index; + u32 index; int rc; if (!selinux_initialized()) @@ -1511,9 +1511,7 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len, return -ENOMEM; if (!selinux_initialized()) { - int i; - - for (i = 1; i < SECINITSID_NUM; i++) { + for (u32 i = 1; i < SECINITSID_NUM; i++) { const char *s = initial_sid_to_string[i]; if (s && !strcmp(s, scontext2)) { From patchwork Thu Jul 6 13:23:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 116712 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2559368vqx; Thu, 6 Jul 2023 06:25:58 -0700 (PDT) X-Google-Smtp-Source: APBJJlFOybt9kYBDVt8hxJtBhJzklPW2NQvvVwkMCgT7vUjL8zTw+B86qQFMQtldi1xXuc79d9mr X-Received: by 2002:a17:90b:1e4a:b0:263:f435:ef2d with SMTP id pi10-20020a17090b1e4a00b00263f435ef2dmr1245608pjb.10.1688649958020; Thu, 06 Jul 2023 06:25:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688649958; cv=none; d=google.com; s=arc-20160816; b=JuMoLwHteMQIF05yKWwpoMSqHlpuMuJxM578R6uV7cPvN1tHpFxWPRwpWwtF9w1E86 HQOTglImtDmGPKq6TEmJSWTb2B7WykLyCvV7T1ulM1vqfHwKqy6hK40YCDl+qVnUQZBC FRTYDYltsV7KsP4ea98D+QY0ngW7/NoxFDOt24MF2wjRi0ufCcRJYriGAD3Rq2sytO+P 3nt/Xt7g8JlShHYlXryBieQuyuAoa+HGCEbtxWwCJuoNemvquxdwnZEFUvfPw2jhS/Om +4eF3z8QxnwfDixwEyiVUsyeDwjDNxOCDwOOJAogdRGqBKdQ7Ds9fbGj5jAZcKUeLTSC qBlA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=+OeRMJNgQLsyF5aimQ/whtrHbhuHPfZmQfqR8CylHYA=; fh=QKur2PFwoLuCt27JzfZM4LabS9ldoGoSAJNPH9t/KWI=; b=W9P/iAf/xVIBReMjmkd84paRkLKd5BjyDsPmD/+y6X9yrLYV8lQybj36Ly/XS6d0Nc 2vr1uiKpn+OKMbAHOuLqiypkeo5B/+Zloiri8aV2LfPXj7gy+4l5rcQZ0Xa4WAB2UtCz Y2Tt7O7KwnVUIFC0rqdCx0HS3pvmMB0fbMLulmcL6erDzCXER7VDvSFZyilgOI/AYxbX Arope2u2YuwQ8t6n8J7Rqw1QjQhNYB3b/rO3qUcYIBBydI2gTrLZrMxZM4KUNdLYrQwm AP5nu9YQp3M/2iEIWAk8bC12p5o7JCOCAbTFqPNY0UaIUgJEqmY0hZTLIARJsNqVeFzj cGjg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=hFBEQezX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id ei23-20020a17090ae55700b0025defcc6e75si1432614pjb.172.2023.07.06.06.25.43; Thu, 06 Jul 2023 06:25:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=hFBEQezX; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232123AbjGFNYu (ORCPT + 99 others); Thu, 6 Jul 2023 09:24:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41466 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232066AbjGFNYZ (ORCPT ); Thu, 6 Jul 2023 09:24:25 -0400 Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 11D301996; Thu, 6 Jul 2023 06:24:03 -0700 (PDT) Received: by mail-ej1-x62d.google.com with SMTP id a640c23a62f3a-991ef0b464cso360890266b.0; Thu, 06 Jul 2023 06:24:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649842; x=1691241842; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+OeRMJNgQLsyF5aimQ/whtrHbhuHPfZmQfqR8CylHYA=; b=hFBEQezXTbHbSD+BN5ywIiq8h4XUw3ruQvxqxfvg6CreyrFM9hC/RYycBwHgQDegmh Ux4JImroUl+lxsB5pQFJ4xmBc7XRQjicyTAoDfSPC+MQc6+tdDUtLdpmKKk6OURtSxLp vkJqThRHzNcvdSw671k8xDg/6BKCEhyLj4P/0+63n+RHvH3SqvWsMk9aR7gxSzkQQuIz DqiezFA2r7xayiU0nql8Fni+Bt/1uXLHdcMWzazTsK9vojpa7Mq29ctoIfaJAJESCycb 9sRAUtMTQ2PJDv/tkygfdvlhkM9IgVB7StGDxrDFSAUiEd3IBhzVKM5hwW9GFc2Z8uVc MGeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649842; x=1691241842; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+OeRMJNgQLsyF5aimQ/whtrHbhuHPfZmQfqR8CylHYA=; b=In7aU2o3r/u3EpZ0tobJ8w790Pseouk3d8GN/aMgco+16pnb+/6aFNrWWJ7xg7wT0R amBrDCi6Dlq9kHrW7dY72JzrQBEUtbam0gM8fYGD/ay60QgF8DYQ/cbC5tDVCjut/TVA 2QMpOrb5LOqXguyDJwyPfnF7VofHaOkEnJC9pxALn7VawWtK7fbgF/lSWEnyibhOjvl+ tEY28AbXAVJZBklbBbcIrZE+E+1OE9NWD9Pior66MPp4+EGzRaJV5EUeuuZWVC5/cgJK jM87Sbonb6i+B3uSVcIuQa7VcJMTO1nwxxJRm3QECN5c8V4VHDefKH7NplO2ukZNFrY0 7Y+Q== X-Gm-Message-State: ABy/qLZf3u1Yp1oF2ybmVVelQ2GEDUkhzwP4lMZqoK2+R+DsqQKMENZs Nq4VYHb2+AjsRUYnEi63Hfd0cE2EANlMJ2P/ X-Received: by 2002:a17:906:29c:b0:977:d660:c5aa with SMTP id 28-20020a170906029c00b00977d660c5aamr2193565ejf.31.1688649842213; Thu, 06 Jul 2023 06:24:02 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.24.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:24:01 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 18/20] selinux: nlmsgtab: implicit conversion Date: Thu, 6 Jul 2023 15:23:33 +0200 Message-Id: <20230706132337.15924-18-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770677818537559674?= X-GMAIL-MSGID: =?utf-8?q?1770677818537559674?= Use an unsigned type as loop iterator. Signed-off-by: Christian Göttsche --- security/selinux/nlmsgtab.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index 2ee7b4ed43ef..b36623d5cf11 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c @@ -153,9 +153,9 @@ static const struct nlmsg_perm nlmsg_audit_perms[] = { static int nlmsg_perm(u16 nlmsg_type, u32 *perm, const struct nlmsg_perm *tab, size_t tabsize) { - int i, err = -EINVAL; + int err = -EINVAL; - for (i = 0; i < tabsize/sizeof(struct nlmsg_perm); i++) + for (u32 i = 0; i < tabsize/sizeof(struct nlmsg_perm); i++) if (nlmsg_type == tab[i].nlmsg_type) { *perm = tab[i].perm; err = 0; From patchwork Thu Jul 6 13:23:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 116726 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2575499vqx; Thu, 6 Jul 2023 06:52:09 -0700 (PDT) X-Google-Smtp-Source: APBJJlEl9r7hKQVZ5QZJL4P6BooXk8CJym3XdCoX3FhXPzgrsICMScKNJi81Q95y23xY6HmZeMli X-Received: by 2002:a17:90a:eb08:b0:263:856:fcdf with SMTP id j8-20020a17090aeb0800b002630856fcdfmr1439137pjz.12.1688651529232; Thu, 06 Jul 2023 06:52:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688651529; cv=none; d=google.com; s=arc-20160816; b=axaphehPF3mRFIpUil0YgavkJoS7vvzFQfILnJ/NQswLcjMpzOW91lCVBU2Tu0lB88 ZZcZuloEQwS3qJ0PAx4ufLaUyNuh2bm1zZCETIvOY4apqWLG7/zZ28DYJTgUwkBzK8ZJ ShZwrO4dkvAkbiIVT+NLBj2tGWidKJKcjWth25uHjaWdLh9BwFBPOUG2g3w+qJbD9oZ/ My4KurAd9AgO4KeQycdZCNMgMqpbifdRYjv0nFZXOn2+4nCCHDXLtqqvoLBYkUGvrwrC vu00YF9vd2yiY7ae8KWK4GnQGe3PBj/H2V7plntIrhA+AbhiV9TUGLXPvWM/8TJnJRyp h2dA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=nn4pFvZABfTjKU9YrTeBoguU9feOF4gfW94L1p7i5hU=; fh=MhpIefJbjj5uiYoGxdoCmbUnLbTqzWkmo44G3Q/36Z4=; b=U4fipT06LaAvMbrrYK757U5g/2s/4UAZRqXlCLtPmlNxFTUbXcXKY6s+c/4eDOUzCj RjXOEAlMkWmk4qNuPOHzrMUqO2Bi7sBk6zTs1jPEmkzePWEQ7fcOr0hQqoHnxxzx+ZjT KHqdEUCo/xTNWYCresKtCYLeWT1BybEgyreX9kKxDlcWODB+dWsMb4OM4V+s/LnGhQ6L kHatgWr+zTwfDr4YSgRQjBzZ8b1TJ5eXaPifG1pXUAV9isr34jrd+oQK56bmwnTa1vaN jS0oPNApQj/X5Cp4qqOH/7JOK4CAZlm0C5G/W6TIus2F0zY34FlAKH6uKUh0YySNCZym d3kA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=gUiIINml; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id oc4-20020a17090b1c0400b00262fba8f808si1732846pjb.108.2023.07.06.06.51.56; Thu, 06 Jul 2023 06:52:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=gUiIINml; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231508AbjGFNYz (ORCPT + 99 others); Thu, 6 Jul 2023 09:24:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41862 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232369AbjGFNY1 (ORCPT ); Thu, 6 Jul 2023 09:24:27 -0400 Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F1F3E1FF5; Thu, 6 Jul 2023 06:24:05 -0700 (PDT) Received: by mail-lj1-x232.google.com with SMTP id 38308e7fff4ca-2b5c231c23aso10477831fa.0; Thu, 06 Jul 2023 06:24:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649844; x=1691241844; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nn4pFvZABfTjKU9YrTeBoguU9feOF4gfW94L1p7i5hU=; b=gUiIINmlSl//9me/XihypS9ph/uurS7b+gobd0svEUr+LMeWisf6Xoxe805QzCKoMm H5inKyTFnh6rEOLylIuyLTm5bgW0tmAMjrVHfvxrX3S/oKyvewXnZfnhWXgbCMFohjbM rILBvZIgaNNGvv9ZqY8GM3gpSnhPLCG5LegeNH86S+or2cOJmNpl0dHUFwSOWr2LLxaq aMTIW4XzZpfD6U0pwnOVqU5HFw8BWfE4zyoq/60ARR1OPLmz9XpdxBljTdxGDPngMEsB KRJVP33Y9Arh0i4QM7LkD9O8BPMtTsst1RfWxUMLWkLIyVvpbuKSmoFxmGKLR+lzX0e2 2dMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649844; x=1691241844; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nn4pFvZABfTjKU9YrTeBoguU9feOF4gfW94L1p7i5hU=; b=VWMox+U45fTpK62uqUGEsgfNo8ciU3oVYT7ogVFQkuT/Vglngqak38x9FdeUSxI9MK a52hCccaL7xSJ+X24l+XGld0g+BcJyiRWCxkaMinZtpU8gvj1PvExGok/+Cuyt/eeOUi 4mvBagJlQawkcLWwV1VX3+S4Cgw+knHB+4BHeWJxvtoR/K4HFx/7m0sZh13lxlkn+YWv GSlXhDiiTj+/KA7+i2wpuED6j7ZW7h0f+o34ezzYxqeT1Nj1t+xxc5GQkIVzx8K0OiSA JcJEYlF6ybDgaYc5JTTpP+P0UtYxarS8uUoB+5gTRaHizEtiCpYX7ufWLlF47sHcGfkW 4mfw== X-Gm-Message-State: ABy/qLaxcAjLLKfOMEt39tv3O1j0+cnCX5CM2qMi9x9HS0WWIG6JQsKm 2eqweVEh8+LSgFh40/voDlJvqD429aPkWcV+ X-Received: by 2002:a2e:8210:0:b0:2b6:ece0:a3c1 with SMTP id w16-20020a2e8210000000b002b6ece0a3c1mr1365397ljg.35.1688649843757; Thu, 06 Jul 2023 06:24:03 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.24.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:24:03 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , Ondrej Mosnacek , Xiu Jianfeng , linux-kernel@vger.kernel.org Subject: [RFC PATCH 19/20] selinux: status: avoid implicit conversions regarding enforcing status Date: Thu, 6 Jul 2023 15:23:34 +0200 Message-Id: <20230706132337.15924-19-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770679465748606518?= X-GMAIL-MSGID: =?utf-8?q?1770679465748606518?= Use the type bool as parameter type in selinux_status_update_setenforce(). The related function enforcing_enabled() returns the type bool, while the struct selinux_kernel_status member enforcing uses an u32. Signed-off-by: Christian Göttsche --- security/selinux/include/security.h | 2 +- security/selinux/selinuxfs.c | 7 ++++--- security/selinux/status.c | 4 ++-- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index a16c52d553e1..d0837efde62b 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -375,7 +375,7 @@ struct selinux_kernel_status { */ } __packed; -extern void selinux_status_update_setenforce(int enforcing); +extern void selinux_status_update_setenforce(bool enforcing); extern void selinux_status_update_policyload(u32 seqno); extern void selinux_complete_init(void); extern struct path selinux_null; diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index c3ac0468f698..88d856f5c6bc 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -137,7 +137,8 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf, { char *page = NULL; ssize_t length; - int old_value, new_value; + int scan_value; + bool old_value, new_value; if (count >= PAGE_SIZE) return -ENOMEM; @@ -151,10 +152,10 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf, return PTR_ERR(page); length = -EINVAL; - if (sscanf(page, "%d", &new_value) != 1) + if (sscanf(page, "%d", &scan_value) != 1) goto out; - new_value = !!new_value; + new_value = !!scan_value; old_value = enforcing_enabled(); if (new_value != old_value) { diff --git a/security/selinux/status.c b/security/selinux/status.c index e436e4975adc..dffca22ce6f7 100644 --- a/security/selinux/status.c +++ b/security/selinux/status.c @@ -76,7 +76,7 @@ struct page *selinux_kernel_status_page(void) * * It updates status of the current enforcing/permissive mode. */ -void selinux_status_update_setenforce(int enforcing) +void selinux_status_update_setenforce(bool enforcing) { struct selinux_kernel_status *status; @@ -87,7 +87,7 @@ void selinux_status_update_setenforce(int enforcing) status->sequence++; smp_wmb(); - status->enforcing = enforcing; + status->enforcing = enforcing ? 1 : 0; smp_wmb(); status->sequence++; From patchwork Thu Jul 6 13:23:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 116715 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:9f45:0:b0:3ea:f831:8777 with SMTP id v5csp2562471vqx; Thu, 6 Jul 2023 06:30:48 -0700 (PDT) X-Google-Smtp-Source: APBJJlGs0PoaQdTHxq4eojv1eZw8Ik2brF3MCOovlTvcNDbNDywZUpcwP1eP2neAcrSi0Qs7Dc3t X-Received: by 2002:a05:6870:a707:b0:1a3:365:a8c9 with SMTP id g7-20020a056870a70700b001a30365a8c9mr2062846oam.44.1688650248194; Thu, 06 Jul 2023 06:30:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688650248; cv=none; d=google.com; s=arc-20160816; b=YAPvv2fgooQ1gyY1qFw3kCvtNfS+M3j+yGD2AdpxnPLlapDT+x0Evyq1emPhfzAxfu o3F45ZBDhBi1HPrKHjFducySnaLfgC6QodDPTFMIDSLBtAIslgp0Df4TacGbxooJRrd0 jTfVkqGdv2tNRhPt9ObX3FtEPaYXbfylF6rEk0IE55RauYGnRq5xqWLMlkXbXHaBvmK2 /G1ZzbAWkq1lh/9eQYKmUvrjqYbf6RIWtVV49mOk8/EigUrY2GeGKvIEfbtQ1lnf2p3q 8wefXXtI0fNmHKGocpV7Qjqe8+NCTdx2XACcXPrztKuPJajmGAEkwoWqcpKfQhMGmLRj AO7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=PKZMCCQ7wVVZeBi4fnxNrrCgfWKmBY0QQttlYN04RUs=; fh=QKur2PFwoLuCt27JzfZM4LabS9ldoGoSAJNPH9t/KWI=; b=sVtd262y1ktkVFq2is/kj5gqS8UikUQIpU1jfgA/r59Lq1fp5wddwhY+RySuHO3LLJ CNWAilteZcYY5r9wRLLuRj/jVs74lk5sUOGLk1tnE58oJLrL/Yi9G/5kiZpCKn4rH7bY CkwcA7EOXZHSBn05fNYbyJdNF/nA+mY0qC2kwMLN1ToP2WlqEdjVAj7Hdkov3CQQf0ug KgdIz8XucALlovBDQxJ+Ng45Q3H5BzjT3u0MYcRvv9HxmMj44O0iz+t191lP9bOonolc 2blTciDjvWFpKigy11QiwLlrmXQ2xnbX3QIV4xVI95p7U8oRqXr8EMdGDbG5Y3t0C/W7 fEaQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=muMEGpAz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id pc2-20020a17090b3b8200b0025e9a3124c7si4381672pjb.143.2023.07.06.06.30.32; Thu, 06 Jul 2023 06:30:48 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@googlemail.com header.s=20221208 header.b=muMEGpAz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=googlemail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232369AbjGFNY7 (ORCPT + 99 others); Thu, 6 Jul 2023 09:24:59 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41258 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232477AbjGFNY1 (ORCPT ); Thu, 6 Jul 2023 09:24:27 -0400 Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4816D1FFA; Thu, 6 Jul 2023 06:24:06 -0700 (PDT) Received: by mail-ej1-x630.google.com with SMTP id a640c23a62f3a-9741caaf9d4so80309866b.0; Thu, 06 Jul 2023 06:24:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649844; x=1691241844; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=PKZMCCQ7wVVZeBi4fnxNrrCgfWKmBY0QQttlYN04RUs=; b=muMEGpAzBHoY1MUttdjulommg6urYMBgqAf79lMnKAkKiLzwVe8gSTZQ9T/xHy04ZV 9hg+R5svbXxS3mCWeU+qFOrB+knC7NugjL8h5lNJv3ApRtujq9SNzam0CiOmapqlJj5H cPSDQOn1VanGnQEwDtu3z92yA30uD+fryYr7sMce4KVF2KK4te5NqVXCs5qoYitIJKXR lXCOAVmr/sMlosDCDntFJEDuJUJHRDDvs6qVEiRBBuiMfhJml818V4oJSbvQcuLznkz8 m8qkeKKbBfFAj2/71tqIwx9ABUTOWLOX191nLz1wsyyRT3jQFsy0+s05QFFA5KoI6BCm HerA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649844; x=1691241844; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PKZMCCQ7wVVZeBi4fnxNrrCgfWKmBY0QQttlYN04RUs=; b=emcbEmzGA4LGmi+S1u0GXOqjaW42ThHa05udoUT0n7PGEco/uu1B3u2oifcDKVUElR 98l6H19QIV2qHI23YykiGOgHzJBpZn96QI2it8jfEB1zsvK7koURcvc6IVjASpBNeXih znussI0X3VZsO/CO4cpkqZCBw+fWo40XO1PMbeGqrfW8o/P2GyR+KX6f3PtELuVtT7Sf 6kSjJcpl56AbClFiOmMzCG4eDDawTalxLRFJWN43HJiAjx/DtKl9mqAMYVsmHNFk/yFk KdsqpbpMTOYIDcO6dha8SY5QYVUEjmdiqK6s1lqOG51bZlrBuwE3lpbGUyVfqiSbO58V PXuw== X-Gm-Message-State: ABy/qLYsfXiRGJszNVBhUeXXFBSBYMO5b5kUsH4lFBK8HxOZBVpweklr bxZsEvlwrAvKUCYmlSUuhgGzhwK3gLjXTfBZ X-Received: by 2002:a17:906:7e11:b0:988:699d:64d0 with SMTP id e17-20020a1709067e1100b00988699d64d0mr1759883ejr.32.1688649844399; Thu, 06 Jul 2023 06:24:04 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.24.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:24:04 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 20/20] selinux: selinuxfs: avoid implicit conversions Date: Thu, 6 Jul 2023 15:23:35 +0200 Message-Id: <20230706132337.15924-20-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1770677804925393678?= X-GMAIL-MSGID: =?utf-8?q?1770678122269424992?= Use unsigned loop counters where the upper bound is of unsigned type. Signed-off-by: Christian Göttsche --- security/selinux/selinuxfs.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 88d856f5c6bc..a2dc415779ae 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1074,7 +1074,7 @@ static ssize_t sel_write_user(struct file *file, char *buf, size_t size) u32 sid, *sids = NULL; ssize_t length; char *newcon; - int i, rc; + int rc; u32 len, nsids; length = avc_has_perm(current_sid(), SECINITSID_SECURITY, @@ -1107,7 +1107,7 @@ static ssize_t sel_write_user(struct file *file, char *buf, size_t size) length = sprintf(buf, "%u", nsids) + 1; ptr = buf + length; - for (i = 0; i < nsids; i++) { + for (u32 i = 0; i < nsids; i++) { rc = security_sid_to_context(sids[i], &newcon, &len); if (rc) { length = rc; @@ -1612,7 +1612,6 @@ static int sel_make_avc_files(struct dentry *dir) { struct super_block *sb = dir->d_sb; struct selinux_fs_info *fsi = sb->s_fs_info; - int i; static const struct tree_descr files[] = { { "cache_threshold", &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR }, @@ -1622,7 +1621,7 @@ static int sel_make_avc_files(struct dentry *dir) #endif }; - for (i = 0; i < ARRAY_SIZE(files); i++) { + for (u32 i = 0; i < ARRAY_SIZE(files); i++) { struct inode *inode; struct dentry *dentry; @@ -1648,12 +1647,11 @@ static int sel_make_ss_files(struct dentry *dir) { struct super_block *sb = dir->d_sb; struct selinux_fs_info *fsi = sb->s_fs_info; - int i; static const struct tree_descr files[] = { { "sidtab_hash_stats", &sel_sidtab_hash_stats_ops, S_IRUGO }, }; - for (i = 0; i < ARRAY_SIZE(files); i++) { + for (u32 i = 0; i < ARRAY_SIZE(files); i++) { struct inode *inode; struct dentry *dentry; @@ -1699,9 +1697,7 @@ static const struct file_operations sel_initcon_ops = { static int sel_make_initcon_files(struct dentry *dir) { - int i; - - for (i = 1; i <= SECINITSID_NUM; i++) { + for (u32 i = 1; i <= SECINITSID_NUM; i++) { struct inode *inode; struct dentry *dentry; const char *s = security_get_initial_sid_context(i);