diff mbox series

[RFC,19/20] selinux: status: avoid implicit conversions regarding enforcing status

Message ID 20230706132337.15924-19-cgzones@googlemail.com (mailing list archive)
State Accepted
Delegated to: Paul Moore
Headers show
Series [RFC,01/20] selinux: check for multiplication overflow in put_entry() | expand

Commit Message

Christian Göttsche July 6, 2023, 1:23 p.m. UTC
Use the type bool as parameter type in
selinux_status_update_setenforce().  The related function
enforcing_enabled() returns the type bool, while the struct
selinux_kernel_status member enforcing uses an u32.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 security/selinux/include/security.h | 2 +-
 security/selinux/selinuxfs.c        | 7 ++++---
 security/selinux/status.c           | 4 ++--
 3 files changed, 7 insertions(+), 6 deletions(-)

Comments

Paul Moore July 18, 2023, 10:01 p.m. UTC | #1
On Jul  6, 2023 =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com> wrote:
> 
> Use the type bool as parameter type in
> selinux_status_update_setenforce().  The related function
> enforcing_enabled() returns the type bool, while the struct
> selinux_kernel_status member enforcing uses an u32.
> 
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
>  security/selinux/include/security.h | 2 +-
>  security/selinux/selinuxfs.c        | 7 ++++---
>  security/selinux/status.c           | 4 ++--
>  3 files changed, 7 insertions(+), 6 deletions(-)

Merged into selinux/next, thanks.

--
paul-moore.com
diff mbox series

Patch

diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index a16c52d553e1..d0837efde62b 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -375,7 +375,7 @@  struct selinux_kernel_status {
 	 */
 } __packed;
 
-extern void selinux_status_update_setenforce(int enforcing);
+extern void selinux_status_update_setenforce(bool enforcing);
 extern void selinux_status_update_policyload(u32 seqno);
 extern void selinux_complete_init(void);
 extern struct path selinux_null;
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index c3ac0468f698..88d856f5c6bc 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -137,7 +137,8 @@  static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
 {
 	char *page = NULL;
 	ssize_t length;
-	int old_value, new_value;
+	int scan_value;
+	bool old_value, new_value;
 
 	if (count >= PAGE_SIZE)
 		return -ENOMEM;
@@ -151,10 +152,10 @@  static ssize_t sel_write_enforce(struct file *file, const char __user *buf,
 		return PTR_ERR(page);
 
 	length = -EINVAL;
-	if (sscanf(page, "%d", &new_value) != 1)
+	if (sscanf(page, "%d", &scan_value) != 1)
 		goto out;
 
-	new_value = !!new_value;
+	new_value = !!scan_value;
 
 	old_value = enforcing_enabled();
 	if (new_value != old_value) {
diff --git a/security/selinux/status.c b/security/selinux/status.c
index e436e4975adc..dffca22ce6f7 100644
--- a/security/selinux/status.c
+++ b/security/selinux/status.c
@@ -76,7 +76,7 @@  struct page *selinux_kernel_status_page(void)
  *
  * It updates status of the current enforcing/permissive mode.
  */
-void selinux_status_update_setenforce(int enforcing)
+void selinux_status_update_setenforce(bool enforcing)
 {
 	struct selinux_kernel_status   *status;
 
@@ -87,7 +87,7 @@  void selinux_status_update_setenforce(int enforcing)
 		status->sequence++;
 		smp_wmb();
 
-		status->enforcing = enforcing;
+		status->enforcing = enforcing ? 1 : 0;
 
 		smp_wmb();
 		status->sequence++;