From patchwork Thu Jul 6 13:23:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13303715 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id BE398EB64D9 for ; Thu, 6 Jul 2023 13:23:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230290AbjGFNXr (ORCPT ); Thu, 6 Jul 2023 09:23:47 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41054 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229919AbjGFNXq (ORCPT ); Thu, 6 Jul 2023 09:23:46 -0400 Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6995B1994; Thu, 6 Jul 2023 06:23:45 -0700 (PDT) Received: by mail-ej1-x62b.google.com with SMTP id a640c23a62f3a-992acf67388so81793166b.1; Thu, 06 Jul 2023 06:23:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649824; x=1691241824; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=YMgn8v5HSr1CwulZfQm2e0c4LiCcjYghl7RePYF3Io4=; b=jpy3SNoTSnMnS3x/7zAxQzz/XTlzy17ldr228oGAP/Xg3V+9epfdo7Z6fxtc61UDY6 BF9Jic/dXx03T4dhI9Z2/nmLamZVb9XV7stxUkqVGdmcxTEHj8Sc3P7e5J5/ywfubHPJ 53AR6eU2vP0kXzZ2V05E5Cq0hNMEss9qE+Jr4fiU/V8/HU/VFrUn8rQ3sJ5vEST9RwRM hs+LPBn6dznCGQVF78+4O1/mI76LLSqwn0gqCEBZ5VvLLEovATYVnvn9K91/V5ikdy0m PHIewlEU+uEsezVRORrmi1ZkJHUhVPEP501P81U5exIcNEUwvhqahsDqcPuU9grOGAa7 TBww== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649824; x=1691241824; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YMgn8v5HSr1CwulZfQm2e0c4LiCcjYghl7RePYF3Io4=; b=WcfmKpqOA+vYe6vR9SLsfa/qQq4g2irLGPhpJcTUhcyu2pikZqDbzX1rcHg7zzN9ej QubZOEj4VoxVbh7RDnNRwOqBVyO6Nv9Ov65YM3I9ww5UkKQgJmrrPyZSdQfy0a7etkNA i28tNRSR5nv4Ezx8CQ/4QMoAF6MK3uCeHVPEvpFsHMkLuVv4bqL7qI4DEZjCZNBwdqTA +Cljh6m9dMfvxx0YgF8b6UzfcUArnWDWWTjHp6mMW6WlkPgPdjpo9i6r2ZzrjKsNtqwB IVQK/ohiHvIFRo6mLVRHLOaIn0wnxjGrcEm52KdXVkDYnr1ZXV8U+aVdXWyC9J6iiPdz B3CA== X-Gm-Message-State: ABy/qLaeC+dXvmDldtJriJpT1W/fvaa8gdvBKR0YnXAxfWgqaqiupQEs rXnVgDGaXhsRIHpTpTeyZqit/pZ6BjK0oPCB X-Google-Smtp-Source: APBJJlFgmj/+QSgNFv8mSQQTWgHKLzeq7A2LBLwU6guAw9JIAleSC3NfGCZaY/drGJm1XdQ6LAdVAQ== X-Received: by 2002:a17:906:51da:b0:992:4a1b:30e2 with SMTP id v26-20020a17090651da00b009924a1b30e2mr1598976ejk.7.1688649823591; Thu, 06 Jul 2023 06:23:43 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:43 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 01/20] selinux: check for multiplication overflow in put_entry() Date: Thu, 6 Jul 2023 15:23:16 +0200 Message-Id: <20230706132337.15924-1-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org The function is always inlined and most of the time both relevant arguments are compile time constants, allowing compilers to elide the check. Also the function is part of outputting the policy, which is not performance critical. Also convert the type of the third parameter into a size_t, since it should always be a non-negative number of elements. Signed-off-by: Christian Göttsche --- security/selinux/ss/policydb.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h index 74b63ed1173f..6b4ad8e91265 100644 --- a/security/selinux/ss/policydb.h +++ b/security/selinux/ss/policydb.h @@ -366,9 +366,12 @@ static inline int next_entry(void *buf, struct policy_file *fp, size_t bytes) return 0; } -static inline int put_entry(const void *buf, size_t bytes, int num, struct policy_file *fp) +static inline int put_entry(const void *buf, size_t bytes, size_t num, struct policy_file *fp) { - size_t len = bytes * num; + size_t len; + + if (unlikely(check_mul_overflow(bytes, num, &len))) + return -EINVAL; if (len > fp->len) return -EINVAL; From patchwork Thu Jul 6 13:23:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13303717 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 92927EB64D9 for ; Thu, 6 Jul 2023 13:23:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229919AbjGFNXu (ORCPT ); Thu, 6 Jul 2023 09:23:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41068 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229452AbjGFNXs (ORCPT ); Thu, 6 Jul 2023 09:23:48 -0400 Received: from mail-ej1-x631.google.com (mail-ej1-x631.google.com [IPv6:2a00:1450:4864:20::631]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 41B671996; Thu, 6 Jul 2023 06:23:46 -0700 (PDT) Received: by mail-ej1-x631.google.com with SMTP id a640c23a62f3a-992dcae74e0so86525466b.3; Thu, 06 Jul 2023 06:23:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649825; x=1691241825; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=8KXOwe/OoiOsg3u6jeXshSKZbJW8vs60/BO9XDGBs3Y=; b=jY0NxM1fOsvqjqWcv8woY/9bHhNdhAj4dl2++BNcG5i7ocYXmRGvyPZwCMgzdOtv7R Cio8rSxIVPC/CJe8aMvoozBaNyWxXWh4esvng3yb5GD5DQfskWdra+UcZrxOvd4K0Dhx BMxw9tMQFf/YdE5CpZifgUr81pUEyjW5+rYfn503xzcMvxO56x7awEIczgPBq2beWWRB bUPQrklEpLUPnuM4qurvS9axsQq/GDKyh0v1fka3eSK1F6hPDXcy7EjzpBrAa2sPcfT5 e0RTd0TDoTzR2zEydWF4HwqBtltWICv7h1E3j2GBpGToOerboTptctEzhLtC6hJCiek/ swjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649825; x=1691241825; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8KXOwe/OoiOsg3u6jeXshSKZbJW8vs60/BO9XDGBs3Y=; b=RxjU00sYf1BEgkJF21eN+4dAJdEqh9/eNo5wB+U2KZ76+6q9vD0liGzty/uQaaw4Al 15EhXwEN7/12jy/CU+Oy8XXAM+vLc03e+uI+ANkL33TGlo4hOtNcYzp1jnnFQxvsY5Xz 28+K5/xajYWKtvrtZ3DBm9YbIhGTlZiQKPFSE3q7rn8YhQiIRH70kZJfU5Bnq6scX4L8 W2H8IT/bIl62khqRV42TfESCNIRwQ9vynj/1QfaLkSgEl5TkuohHvA+JsBWKSP0fwDji 7rhe1e+IhyCmhJ3Pm8w6ZfFoxIaoBwpho7hns3wboS3VnCOMhcMWRTTKC9DWlCyVndpB +Ohw== X-Gm-Message-State: ABy/qLbhiykYl3L2QoFejoLnI/DebmMzdJE/lXnXd3DeQ0KAo4J9AsO4 SxN9V8FSQyR/DvNFLLGO3UyxgC7fn9MGjO+9 X-Google-Smtp-Source: APBJJlGI7creXc4Ga4EfBmjJ6RQ4w4zxDFSml/GbNcxZd2+jyZ2HidG77CKc8cf4T57PN7IqTu3PGg== X-Received: by 2002:a17:906:74da:b0:988:6491:98e3 with SMTP id z26-20020a17090674da00b00988649198e3mr1380778ejl.68.1688649824631; Thu, 06 Jul 2023 06:23:44 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:44 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 02/20] selinux: avtab: avoid implicit conversions Date: Thu, 6 Jul 2023 15:23:17 +0200 Message-Id: <20230706132337.15924-2-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Return u32 from avtab_hash() instead of int, since the hashing is done on u32 and the result is used as an index on the hash array. Use the type of the limit in for loops. Avoid signed to unsigned conversion of multiplication result in avtab_hash_eval(). Use unsigned loop iterator for index operations, to avoid sign extension. Signed-off-by: Christian Göttsche --- security/selinux/ss/avtab.c | 38 ++++++++++++++++++------------------- 1 file changed, 18 insertions(+), 20 deletions(-) diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index 6766edc0fe68..fbf51986afcf 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -29,7 +29,7 @@ static struct kmem_cache *avtab_xperms_cachep __ro_after_init; /* Based on MurmurHash3, written by Austin Appleby and placed in the * public domain. */ -static inline int avtab_hash(const struct avtab_key *keyp, u32 mask) +static inline u32 avtab_hash(const struct avtab_key *keyp, u32 mask) { static const u32 c1 = 0xcc9e2d51; static const u32 c2 = 0x1b873593; @@ -66,7 +66,7 @@ static inline int avtab_hash(const struct avtab_key *keyp, u32 mask) } static struct avtab_node* -avtab_insert_node(struct avtab *h, int hvalue, +avtab_insert_node(struct avtab *h, u32 hvalue, struct avtab_node *prev, const struct avtab_key *key, const struct avtab_datum *datum) { @@ -106,7 +106,7 @@ avtab_insert_node(struct avtab *h, int hvalue, static int avtab_insert(struct avtab *h, const struct avtab_key *key, const struct avtab_datum *datum) { - int hvalue; + u32 hvalue; struct avtab_node *prev, *cur, *newnode; u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); @@ -152,7 +152,7 @@ struct avtab_node *avtab_insert_nonunique(struct avtab *h, const struct avtab_key *key, const struct avtab_datum *datum) { - int hvalue; + u32 hvalue; struct avtab_node *prev, *cur; u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); @@ -182,7 +182,7 @@ struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_datum *avtab_search(struct avtab *h, const struct avtab_key *key) { - int hvalue; + u32 hvalue; struct avtab_node *cur; u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); @@ -218,7 +218,7 @@ struct avtab_datum *avtab_search(struct avtab *h, const struct avtab_key *key) struct avtab_node *avtab_search_node(struct avtab *h, const struct avtab_key *key) { - int hvalue; + u32 hvalue; struct avtab_node *cur; u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); @@ -278,13 +278,12 @@ avtab_search_node_next(struct avtab_node *node, int specified) void avtab_destroy(struct avtab *h) { - int i; struct avtab_node *cur, *temp; if (!h) return; - for (i = 0; i < h->nslot; i++) { + for (u32 i = 0; i < h->nslot; i++) { cur = h->htable[i]; while (cur) { temp = cur; @@ -356,14 +355,14 @@ int avtab_alloc_dup(struct avtab *new, const struct avtab *orig) void avtab_hash_eval(struct avtab *h, const char *tag) { - int i, chain_len, slots_used, max_chain_len; + unsigned int chain_len, slots_used, max_chain_len; unsigned long long chain2_len_sum; struct avtab_node *cur; slots_used = 0; max_chain_len = 0; chain2_len_sum = 0; - for (i = 0; i < h->nslot; i++) { + for (u32 i = 0; i < h->nslot; i++) { cur = h->htable[i]; if (cur) { slots_used++; @@ -404,13 +403,13 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, { __le16 buf16[4]; u16 enabled; - u32 items, items2, val, vers = pol->policyvers; + u32 items, items2, val; struct avtab_key key; struct avtab_datum datum; struct avtab_extended_perms xperms; __le32 buf32[ARRAY_SIZE(xperms.perms.p)]; - int i, rc; - unsigned set; + int rc; + unsigned int set, vers = pol->policyvers; memset(&key, 0, sizeof(struct avtab_key)); memset(&datum, 0, sizeof(struct avtab_datum)); @@ -470,7 +469,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, return -EINVAL; } - for (i = 0; i < ARRAY_SIZE(spec_order); i++) { + for (u32 i = 0; i < ARRAY_SIZE(spec_order); i++) { if (val & spec_order[i]) { key.specified = spec_order[i] | enabled; datum.u.data = le32_to_cpu(buf32[items++]); @@ -508,7 +507,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, } set = 0; - for (i = 0; i < ARRAY_SIZE(spec_order); i++) { + for (u32 i = 0; i < ARRAY_SIZE(spec_order); i++) { if (key.specified & spec_order[i]) set++; } @@ -540,7 +539,7 @@ int avtab_read_item(struct avtab *a, void *fp, struct policydb *pol, pr_err("SELinux: avtab: truncated entry\n"); return rc; } - for (i = 0; i < ARRAY_SIZE(xperms.perms.p); i++) + for (u32 i = 0; i < ARRAY_SIZE(xperms.perms.p); i++) xperms.perms.p[i] = le32_to_cpu(buf32[i]); datum.u.xperms = &xperms; } else { @@ -569,7 +568,7 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol) { int rc; __le32 buf[1]; - u32 nel, i; + u32 nel; rc = next_entry(buf, fp, sizeof(u32)); @@ -588,7 +587,7 @@ int avtab_read(struct avtab *a, void *fp, struct policydb *pol) if (rc) goto bad; - for (i = 0; i < nel; i++) { + for (u32 i = 0; i < nel; i++) { rc = avtab_read_item(a, fp, pol, avtab_insertf, NULL); if (rc) { if (rc == -ENOMEM) @@ -646,7 +645,6 @@ int avtab_write_item(struct policydb *p, const struct avtab_node *cur, void *fp) int avtab_write(struct policydb *p, struct avtab *a, void *fp) { - unsigned int i; int rc = 0; struct avtab_node *cur; __le32 buf[1]; @@ -656,7 +654,7 @@ int avtab_write(struct policydb *p, struct avtab *a, void *fp) if (rc) return rc; - for (i = 0; i < a->nslot; i++) { + for (u32 i = 0; i < a->nslot; i++) { for (cur = a->htable[i]; cur; cur = cur->next) { rc = avtab_write_item(p, cur, fp); From patchwork Thu Jul 6 13:23:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13303716 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 15B92EB64DD for ; Thu, 6 Jul 2023 13:23:52 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232068AbjGFNXv (ORCPT ); Thu, 6 Jul 2023 09:23:51 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41070 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229528AbjGFNXs (ORCPT ); Thu, 6 Jul 2023 09:23:48 -0400 Received: from mail-ed1-x530.google.com (mail-ed1-x530.google.com [IPv6:2a00:1450:4864:20::530]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7F5F619A0; Thu, 6 Jul 2023 06:23:47 -0700 (PDT) Received: by mail-ed1-x530.google.com with SMTP id 4fb4d7f45d1cf-51e278e344bso994513a12.0; Thu, 06 Jul 2023 06:23:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649826; x=1691241826; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=R5oF3uYoWt5EFgsUFvcffiR75yMh8VkfJwbZTgy76Mo=; b=PT13sW0cBxut5bnUu/G3ezlygIHXia0TGzgjOzSQGtt+nT1SaEv7BRGuIAtl0ZuW87 pIcsP97UF5QPd4CyAh23J0qtrUA/u9EhuNhmjH+1XWWI8S7+UGMQxNC1ZKu39vvbO4mM sOIS8CeLnJzM6/k6EbcdHNVbDRtEgxKbAwzsDEHmnjvAc6raB5DAgBnZs89h+bkXX5or q37foOx33BekiZbc5Uq8d9S2j/3XXH5UiEmuNpnQtivxbyHLqcGYWldUqa6GdIjBpKW+ mnhxd47pSPB033P5lzMi9XZGNvWB6nRXxrPG+D/UBhy63yb7f0tZTkjt6QprXw4NscfI 32mA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649826; x=1691241826; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=R5oF3uYoWt5EFgsUFvcffiR75yMh8VkfJwbZTgy76Mo=; b=SRdCIF/eeMX0vdCYJ2a6uVKzK44fbYY13cku7BVlMJ+7H+CQjjp8FSTVKAhqy24yh9 h4ChD7Tkt0WON8ahL/6N23wnX/Ac2mxjikvieIVfoOpFikREd04OZ+iwcV8QC7KwmPxy 3zvhLZ9PDt2HWcXNTsdWewB7bHlP5iSjCcwdKxJxDdg282lR/FHigKvWMSxo8dnYDwJ5 1r4jsfsVoUZtFtrno1lNVwshnZ5Xr/pxIKlQQZ9CmgQWHeQKo9gTGEcEkn+DTjoObZ2w NnplkSRUptHYVtNoWgyDHnzk4ey/QmmNg89I5bvJc8LNZVSBCDhIpQk18Mch0847U55m pM9A== X-Gm-Message-State: ABy/qLZHQSDW4xciUmfJK8s4yQUjDWrxjvO0PMBCk/ubp83d9hMu+sba HvOTgpcWpu4XSot3VIjQy82jvlx8KnazlVxA X-Google-Smtp-Source: APBJJlEjqdvMjl5IQn4bKr80V0p4hYsg6s7+0X0q2INdL1/ywnx1RQuZdPedE3qa67qrfRhrXSGVLQ== X-Received: by 2002:a17:906:943:b0:992:a9ba:b8da with SMTP id j3-20020a170906094300b00992a9bab8damr1326359ejd.70.1688649825646; Thu, 06 Jul 2023 06:23:45 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:45 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 03/20] selinux: avoid avtab overflows Date: Thu, 6 Jul 2023 15:23:18 +0200 Message-Id: <20230706132337.15924-3-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Prevent inserting more than the supported U32_MAX number of entries. Signed-off-by: Christian Göttsche --- security/selinux/ss/avtab.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index fbf51986afcf..9c150fba3fa6 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -110,7 +110,7 @@ static int avtab_insert(struct avtab *h, const struct avtab_key *key, struct avtab_node *prev, *cur, *newnode; u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); - if (!h || !h->nslot) + if (!h || !h->nslot || h->nel == U32_MAX) return -EINVAL; hvalue = avtab_hash(key, h->mask); @@ -156,7 +156,7 @@ struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_node *prev, *cur; u16 specified = key->specified & ~(AVTAB_ENABLED|AVTAB_ENABLED_OLD); - if (!h || !h->nslot) + if (!h || !h->nslot || h->nel == U32_MAX) return NULL; hvalue = avtab_hash(key, h->mask); for (prev = NULL, cur = h->htable[hvalue]; From patchwork Thu Jul 6 13:23:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13303718 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 29638EB64D9 for ; Thu, 6 Jul 2023 13:23:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232129AbjGFNXx (ORCPT ); Thu, 6 Jul 2023 09:23:53 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41088 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232016AbjGFNXu (ORCPT ); Thu, 6 Jul 2023 09:23:50 -0400 Received: from mail-ej1-x62b.google.com (mail-ej1-x62b.google.com [IPv6:2a00:1450:4864:20::62b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CB8DF1996; Thu, 6 Jul 2023 06:23:48 -0700 (PDT) Received: by mail-ej1-x62b.google.com with SMTP id a640c23a62f3a-98e39784a85so357558066b.1; Thu, 06 Jul 2023 06:23:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649827; x=1691241827; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=92d6Vul513gSV9/1vQgZrdNmQwl67uBvttC751CUwUE=; b=hS4AMI2jCzCL3VWz2p35RhxjI+7LKoR6iK5B1kPOAI0fEjm55EdD/OrT/Sy4qXZTEF Z4CykaL7llo75jRXvaoAo6wVteido48LdufNhcZ2mHtkrILnm/AB1OAZKhbsED3trTt2 Wfxk20NdrlGc6DYdisyQZnGwc5CJmSiwLQFsomh43Hw0YxT8aF0jdxPVSDpAYJjw3dRg ZgKnobjhDLh0SHk5gH/7frbpbsyrjf9usDedrp0NKNuLHOu5LNvwy4zGDnKGCm7NI1Ex G0WAzthgfwQWDH7VXJBcSbU/4sX84b0LPfyZF//RelBojLiDm1fQa6lJWCCNp3dEFhew 5PdA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649827; x=1691241827; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=92d6Vul513gSV9/1vQgZrdNmQwl67uBvttC751CUwUE=; b=II8NCWa2rx0ah24Kx2XjX2vUkF5ZYu72CzukmFENt7QmmTCNtrFSqmyufXAhFnXcwL 7lmjNzz+mId7qfXxN4pZXtuR2MABFe2IyUAJZjfrRgqaHJ6G07ikhYuXU34Bg3t7MgN7 GV/j5KbQF3sVDY/YtAPGXJSYPUOg6vZs4kr2EZMhXbFqm0zJcm9cO8JDwwkLQ7aKLTQX FrDUF6vP94TGCppOn9omF5XKqWmRpaTmikQfsEODvOGAabO4e8oeQbzOgccq5KQ6rdf7 v1t880bNpiImrlBjmbbnNA9vv1euVNPlPrW021JLbfjBYNxOvYfXYbBpLtKvR5yYZjCI DE/Q== X-Gm-Message-State: ABy/qLZP90UpImibpGbPvJvvB6LFZ9Aatk9lQkZlJcVYkmSOIuJlUXWF N2l4u/83Zk5HKUx2tSBbPCKnAGu73fLVlbT3 X-Google-Smtp-Source: APBJJlHoc5jnjV3vUFqN4/yWUCziBYDrlZcrRLYJuk93naI8hIqAmBTgFOJEjJnuyhwsVC30Tjvnzw== X-Received: by 2002:a17:906:1041:b0:992:8d96:4de3 with SMTP id j1-20020a170906104100b009928d964de3mr2081378ejj.24.1688649827107; Thu, 06 Jul 2023 06:23:47 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:46 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 04/20] selinux: ebitmap: use u32 as bit type Date: Thu, 6 Jul 2023 15:23:19 +0200 Message-Id: <20230706132337.15924-4-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org The extensible bitmap supports bit positions up to U32_MAX due to the type of the member highbit being u32. Use u32 consistently as the type for bit positions to announce to callers what range of values is supported. Signed-off-by: Christian Göttsche --- security/selinux/ss/ebitmap.c | 32 ++++++++++++++++---------------- security/selinux/ss/ebitmap.h | 32 ++++++++++++++++---------------- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/security/selinux/ss/ebitmap.c b/security/selinux/ss/ebitmap.c index d31b87be9a1e..17d2d9b0d444 100644 --- a/security/selinux/ss/ebitmap.c +++ b/security/selinux/ss/ebitmap.c @@ -24,7 +24,7 @@ #include "ebitmap.h" #include "policydb.h" -#define BITS_PER_U64 (sizeof(u64) * 8) +#define BITS_PER_U64 ((u32)(sizeof(u64) * 8)) static struct kmem_cache *ebitmap_node_cachep __ro_after_init; @@ -82,7 +82,8 @@ int ebitmap_cpy(struct ebitmap *dst, const struct ebitmap *src) int ebitmap_and(struct ebitmap *dst, const struct ebitmap *e1, const struct ebitmap *e2) { struct ebitmap_node *n; - int bit, rc; + u32 bit; + int rc; ebitmap_init(dst); @@ -113,8 +114,7 @@ int ebitmap_netlbl_export(struct ebitmap *ebmap, { struct ebitmap_node *e_iter = ebmap->node; unsigned long e_map; - u32 offset; - unsigned int iter; + u32 offset, iter; int rc; if (e_iter == NULL) { @@ -259,7 +259,7 @@ int ebitmap_contains(const struct ebitmap *e1, const struct ebitmap *e2, u32 las return 1; } -int ebitmap_get_bit(const struct ebitmap *e, unsigned long bit) +int ebitmap_get_bit(const struct ebitmap *e, u32 bit) { const struct ebitmap_node *n; @@ -276,7 +276,7 @@ int ebitmap_get_bit(const struct ebitmap *e, unsigned long bit) return 0; } -int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value) +int ebitmap_set_bit(struct ebitmap *e, u32 bit, int value) { struct ebitmap_node *n, *prev, *new; @@ -287,7 +287,7 @@ int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value) if (value) { ebitmap_node_set_bit(n, bit); } else { - unsigned int s; + u32 s; ebitmap_node_clr_bit(n, bit); @@ -370,7 +370,7 @@ int ebitmap_read(struct ebitmap *e, void *fp) u64 map; __le64 mapbits; __le32 buf[3]; - int rc, i; + int rc; ebitmap_init(e); @@ -384,7 +384,7 @@ int ebitmap_read(struct ebitmap *e, void *fp) if (mapunit != BITS_PER_U64) { pr_err("SELinux: ebitmap: map size %u does not " - "match my size %zd (high bit was %d)\n", + "match my size %d (high bit was %d)\n", mapunit, BITS_PER_U64, e->highbit); goto bad; } @@ -401,7 +401,7 @@ int ebitmap_read(struct ebitmap *e, void *fp) if (e->highbit && !count) goto bad; - for (i = 0; i < count; i++) { + for (u32 i = 0; i < count; i++) { rc = next_entry(&ebitmap_start, fp, sizeof(u32)); if (rc < 0) { pr_err("SELinux: ebitmap: truncated map\n"); @@ -471,18 +471,18 @@ int ebitmap_read(struct ebitmap *e, void *fp) int ebitmap_write(const struct ebitmap *e, void *fp) { struct ebitmap_node *n; - u32 count; + u32 bit, count, last_bit, last_startbit; __le32 buf[3]; u64 map; - int bit, last_bit, last_startbit, rc; + int rc; buf[0] = cpu_to_le32(BITS_PER_U64); count = 0; last_bit = 0; - last_startbit = -1; + last_startbit = (u32)-1; ebitmap_for_each_positive_bit(e, n, bit) { - if (rounddown(bit, (int)BITS_PER_U64) > last_startbit) { + if (last_startbit == (u32)-1 || rounddown(bit, BITS_PER_U64) > last_startbit) { count++; last_startbit = rounddown(bit, BITS_PER_U64); } @@ -496,9 +496,9 @@ int ebitmap_write(const struct ebitmap *e, void *fp) return rc; map = 0; - last_startbit = INT_MIN; + last_startbit = (u32)-1; ebitmap_for_each_positive_bit(e, n, bit) { - if (rounddown(bit, (int)BITS_PER_U64) > last_startbit) { + if (last_startbit == (u32)-1 || rounddown(bit, BITS_PER_U64) > last_startbit) { __le64 buf64[1]; /* this is the very first bit */ diff --git a/security/selinux/ss/ebitmap.h b/security/selinux/ss/ebitmap.h index e5b57dc3fc53..fab3e5bef896 100644 --- a/security/selinux/ss/ebitmap.h +++ b/security/selinux/ss/ebitmap.h @@ -44,10 +44,10 @@ struct ebitmap { #define ebitmap_length(e) ((e)->highbit) -static inline unsigned int ebitmap_start_positive(const struct ebitmap *e, +static inline u32 ebitmap_start_positive(const struct ebitmap *e, struct ebitmap_node **n) { - unsigned int ofs; + u32 ofs; for (*n = e->node; *n; *n = (*n)->next) { ofs = find_first_bit((*n)->maps, EBITMAP_SIZE); @@ -62,11 +62,11 @@ static inline void ebitmap_init(struct ebitmap *e) memset(e, 0, sizeof(*e)); } -static inline unsigned int ebitmap_next_positive(const struct ebitmap *e, +static inline u32 ebitmap_next_positive(const struct ebitmap *e, struct ebitmap_node **n, - unsigned int bit) + u32 bit) { - unsigned int ofs; + u32 ofs; ofs = find_next_bit((*n)->maps, EBITMAP_SIZE, bit - (*n)->startbit + 1); if (ofs < EBITMAP_SIZE) @@ -86,10 +86,10 @@ static inline unsigned int ebitmap_next_positive(const struct ebitmap *e, (((bit) - (node)->startbit) % EBITMAP_UNIT_SIZE) static inline int ebitmap_node_get_bit(const struct ebitmap_node *n, - unsigned int bit) + u32 bit) { - unsigned int index = EBITMAP_NODE_INDEX(n, bit); - unsigned int ofs = EBITMAP_NODE_OFFSET(n, bit); + u32 index = EBITMAP_NODE_INDEX(n, bit); + u32 ofs = EBITMAP_NODE_OFFSET(n, bit); BUG_ON(index >= EBITMAP_UNIT_NUMS); if ((n->maps[index] & (EBITMAP_BIT << ofs))) @@ -98,20 +98,20 @@ static inline int ebitmap_node_get_bit(const struct ebitmap_node *n, } static inline void ebitmap_node_set_bit(struct ebitmap_node *n, - unsigned int bit) + u32 bit) { - unsigned int index = EBITMAP_NODE_INDEX(n, bit); - unsigned int ofs = EBITMAP_NODE_OFFSET(n, bit); + u32 index = EBITMAP_NODE_INDEX(n, bit); + u32 ofs = EBITMAP_NODE_OFFSET(n, bit); BUG_ON(index >= EBITMAP_UNIT_NUMS); n->maps[index] |= (EBITMAP_BIT << ofs); } static inline void ebitmap_node_clr_bit(struct ebitmap_node *n, - unsigned int bit) + u32 bit) { - unsigned int index = EBITMAP_NODE_INDEX(n, bit); - unsigned int ofs = EBITMAP_NODE_OFFSET(n, bit); + u32 index = EBITMAP_NODE_INDEX(n, bit); + u32 ofs = EBITMAP_NODE_OFFSET(n, bit); BUG_ON(index >= EBITMAP_UNIT_NUMS); n->maps[index] &= ~(EBITMAP_BIT << ofs); @@ -126,8 +126,8 @@ int ebitmap_cmp(const struct ebitmap *e1, const struct ebitmap *e2); int ebitmap_cpy(struct ebitmap *dst, const struct ebitmap *src); int ebitmap_and(struct ebitmap *dst, const struct ebitmap *e1, const struct ebitmap *e2); int ebitmap_contains(const struct ebitmap *e1, const struct ebitmap *e2, u32 last_e2bit); -int ebitmap_get_bit(const struct ebitmap *e, unsigned long bit); -int ebitmap_set_bit(struct ebitmap *e, unsigned long bit, int value); +int ebitmap_get_bit(const struct ebitmap *e, u32 bit); +int ebitmap_set_bit(struct ebitmap *e, u32 bit, int value); void ebitmap_destroy(struct ebitmap *e); int ebitmap_read(struct ebitmap *e, void *fp); int ebitmap_write(const struct ebitmap *e, void *fp); From patchwork Thu Jul 6 13:23:20 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13303719 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E4703EB64DD for ; Thu, 6 Jul 2023 13:23:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232134AbjGFNXz (ORCPT ); Thu, 6 Jul 2023 09:23:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41100 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232076AbjGFNXv (ORCPT ); Thu, 6 Jul 2023 09:23:51 -0400 Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C21801BC2; Thu, 6 Jul 2023 06:23:49 -0700 (PDT) Received: by mail-ej1-x62e.google.com with SMTP id a640c23a62f3a-98e39784a85so357562266b.1; Thu, 06 Jul 2023 06:23:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649828; x=1691241828; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=HnXJmWO/ufwCaB7TRBuIUbbQK5I3YAKLODq1yY73//8=; b=IcCS9i0nCZk49GrJT2BelTw34u61oAJZ+bR8tB8OlF67v5gd4M2YSmnYAsdZF5WplL gCMZIdgFH5Tz0XKr+2nL1WD6wv6BTodzyNefdM6WrCNs6E2af4Dl0WcjCCxcSQT5GoyI qCm5tCJ4kzC4FhVNatZYaHnDzYTXvz/ldILx39KaBfSxIHr5aBT/HAsG+D6NqcCPASG0 fgGxIfFEWQfxNl/fwWoxgw2LGrucm4kK+ci3pnbO8Hjlua6LXjLNLVE3TiqiJiefukJ0 TPncVEYGKjdTVE0gJwUlfhl4wCbDw2xEAUPJmlblWKo7dbg9p7xvZ0YRQCp4lxGyNo8J 20cA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649828; x=1691241828; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=HnXJmWO/ufwCaB7TRBuIUbbQK5I3YAKLODq1yY73//8=; b=T9lbrTMo9COjQcUgRcQLkuCa9wgi+VUmmf8nYotfCXpmQ1GUYbXBVT2fZLOAsnrj87 h1iwXaynghz+jH6gEwsP7jYgdaLbutqo8mGj2uxVyHiPXlcN1KnQQUlQTqrE3P+RFfvl WB3lxc46DfHE/i5pzF9ZjxxC3sodzZQl/+cpVnCCLMKHzLSeZ9WSgzEIjjPLzp9MGeZI OFWLbu1O7KeQ9E552TmqCKGfvqCcekSrwu3+D+unzHlTRUzU9QCOfSBwv9XIXey12wCi yqlqgCbD2tmxDuNnyJ6BD+oNPr910Jxv8TVCwX56TfD7BA37c07khm6qV1YRy0ToYwe7 MOwA== X-Gm-Message-State: ABy/qLYd3Bh1t8lXWZxFxxpbFloJXq2h0nbjGqlNd5Alf3yUW0zHR11k 87UOiPpcFi2DfEt6MxU/rch3XoaOX9p0HV4X X-Google-Smtp-Source: APBJJlFvtLJ6gGbT1LvRrF/61cYfZHYJbhiqBOjfaXN5eaiEVCDe3cy6kQaS19CJ1VOrS6B0mpr2PQ== X-Received: by 2002:a17:907:779a:b0:992:1005:928d with SMTP id ky26-20020a170907779a00b009921005928dmr1924201ejc.8.1688649828129; Thu, 06 Jul 2023 06:23:48 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:47 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 05/20] selinux: hashtab: use identical iterator type Date: Thu, 6 Jul 2023 15:23:20 +0200 Message-Id: <20230706132337.15924-5-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the identical type u32 for the loop iterator. Signed-off-by: Christian Göttsche --- security/selinux/ss/hashtab.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c index 3fb8f9026e9b..ede3cc1bd204 100644 --- a/security/selinux/ss/hashtab.c +++ b/security/selinux/ss/hashtab.c @@ -137,7 +137,7 @@ int hashtab_duplicate(struct hashtab *new, struct hashtab *orig, void *args) { struct hashtab_node *cur, *tmp, *tail; - int i, rc; + int rc; memset(new, 0, sizeof(*new)); @@ -147,7 +147,7 @@ int hashtab_duplicate(struct hashtab *new, struct hashtab *orig, new->size = orig->size; - for (i = 0; i < orig->size; i++) { + for (u32 i = 0; i < orig->size; i++) { tail = NULL; for (cur = orig->htable[i]; cur; cur = cur->next) { tmp = kmem_cache_zalloc(hashtab_node_cachep, @@ -172,7 +172,7 @@ int hashtab_duplicate(struct hashtab *new, struct hashtab *orig, return 0; error: - for (i = 0; i < new->size; i++) { + for (u32 i = 0; i < new->size; i++) { for (cur = new->htable[i]; cur; cur = tmp) { tmp = cur->next; destroy(cur->key, cur->datum, args); From patchwork Thu Jul 6 13:23:21 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13303720 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id ACA69EB64DC for ; Thu, 6 Jul 2023 13:23:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231654AbjGFNXz (ORCPT ); Thu, 6 Jul 2023 09:23:55 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41102 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232077AbjGFNXv (ORCPT ); Thu, 6 Jul 2023 09:23:51 -0400 Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A28B31BC9; Thu, 6 Jul 2023 06:23:50 -0700 (PDT) Received: by mail-ej1-x62d.google.com with SMTP id a640c23a62f3a-992f6d7c7fbso88722066b.3; Thu, 06 Jul 2023 06:23:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649829; x=1691241829; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=fjeU+oFwnLoTGw/GiFQxSoA+QryPefibnYvK0tDSOi0=; b=MqKQaLP19EQnZquTr15z2LYEMWk0lbI5ahUOyiCTMkO8YK8LPDbmlgOI1nxf7s91Je iGlcY/sOWLM8xRhikuBOXXIghPJCylRJDoZMIu32VvAgTY86pJgwqEQk3p8fxOObj/7f LvypWTZxm7AJtBNKRR2383uF0sqquAmpMfEfz1wZYdiJuoOTKU+3EzQMgFHD8pX6x4fX /kT1jVDeH85FVHRdN43fwgGmiPS5csGgjmrY6Ji6MlU4CZvjJyDbq3YhD3LWeNVM5MQ5 A6RnA9ztb1WrIgir9cG5fIFtq/o3yHGYCMyRQviIhzKNmMHQ3Q1efnXp1SczW5VkF0Zd 0L2Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649829; x=1691241829; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fjeU+oFwnLoTGw/GiFQxSoA+QryPefibnYvK0tDSOi0=; b=C7tSbsO7jcL70oTkoLLTnxktjQstGKsHbpFOzvpZHDKf+zysijiHXIo4iVXJgGVX0v 0+xUkc1jHajIQVdoKXdhpn1jQUqrB2n40hNl6MdkI+SwtQHCEOZi/XsMPEO7KJGcazZ2 HC1ZoKosY9dMNOS6suaQjx7kLResGJ4n7x41mJvUIC/N5IN9ng9a+bOTFUxfedJwbEDE hS4XeGjLAAeWIvnGTO4XBO9T8e+LecB3u+x4+Z2KlMdbpmm54eOUAwv3eJLM4bx12NB9 nFKywrslIdb2UqZMAZ+Dpw3POPgBVYNbT1VnhuhSY9tGl/xR+23K1aaox/wlsi+3LmOH LUzw== X-Gm-Message-State: ABy/qLaQe8JgYTXc4kLSdtvjbstSFhVmYEZQmMSAGIlkRkOVJRFDWwyb pbOUmepoDz+11mduULLm4FNukVt87iIZDECs X-Google-Smtp-Source: APBJJlGu2Uc3SG18KkFyWv+L8uehha8QzRmMB+1/NtU2kDc89k5qj+QydVBy+B1kR4EUTVWBoeWnWw== X-Received: by 2002:a17:906:6492:b0:992:d013:1130 with SMTP id e18-20020a170906649200b00992d0131130mr1581300ejm.6.1688649829104; Thu, 06 Jul 2023 06:23:49 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:48 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 06/20] selinux: mls: avoid implicit conversions Date: Thu, 6 Jul 2023 15:23:21 +0200 Message-Id: <20230706132337.15924-6-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use u32 for ebitmap bits. Use char for the default range of a class. Signed-off-by: Christian Göttsche --- security/selinux/ss/mls.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/security/selinux/ss/mls.c b/security/selinux/ss/mls.c index 99571b19d4a9..1976f6b857e9 100644 --- a/security/selinux/ss/mls.c +++ b/security/selinux/ss/mls.c @@ -45,7 +45,7 @@ int mls_compute_context_len(struct policydb *p, struct context *context) len = 1; /* for the beginning ":" */ for (l = 0; l < 2; l++) { - int index_sens = context->range.level[l].sens; + u32 index_sens = context->range.level[l].sens; len += strlen(sym_name(p, SYM_LEVELS, index_sens - 1)); /* categories */ @@ -240,7 +240,7 @@ int mls_context_to_sid(struct policydb *pol, char *sensitivity, *cur_cat, *next_cat, *rngptr; struct level_datum *levdatum; struct cat_datum *catdatum, *rngdatum; - int l, rc, i; + int l, rc; char *rangep[2]; if (!pol->mls_enabled) { @@ -331,7 +331,7 @@ int mls_context_to_sid(struct policydb *pol, if (catdatum->value >= rngdatum->value) return -EINVAL; - for (i = catdatum->value; i < rngdatum->value; i++) { + for (u32 i = catdatum->value; i < rngdatum->value; i++) { rc = ebitmap_set_bit(&context->range.level[l].cat, i, 1); if (rc) return rc; @@ -451,7 +451,8 @@ int mls_convert_context(struct policydb *oldp, struct level_datum *levdatum; struct cat_datum *catdatum; struct ebitmap_node *node; - int l, i; + u32 i; + int l; if (!oldp->mls_enabled || !newp->mls_enabled) return 0; @@ -495,7 +496,7 @@ int mls_compute_sid(struct policydb *p, struct range_trans rtr; struct mls_range *r; struct class_datum *cladatum; - int default_range = 0; + char default_range = 0; if (!p->mls_enabled) return 0; From patchwork Thu Jul 6 13:23:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13303721 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0179BEB64D9 for ; Thu, 6 Jul 2023 13:23:57 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232215AbjGFNX4 (ORCPT ); Thu, 6 Jul 2023 09:23:56 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41128 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232108AbjGFNXx (ORCPT ); Thu, 6 Jul 2023 09:23:53 -0400 Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 12A6F1BD0; Thu, 6 Jul 2023 06:23:52 -0700 (PDT) Received: by mail-ej1-x633.google.com with SMTP id a640c23a62f3a-992b66e5affso87869066b.3; Thu, 06 Jul 2023 06:23:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649830; x=1691241830; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=SkBksRN7bdprO5MQOGhCkpjrSYNKbvjJ8BXlsGQfvbA=; b=XHZjH3uHqOB8pfbX97fSIP4Cmqu8I8oGtx+y4X5VGJED3j1RGgyne9bDc3pDI2EC69 SOZU5SqQjIrmOEqrII3G5hSuySj0v8TOzQ2OiXRRBtIKNBh3o9J5ZjX3dNE4p1zgeeM+ mVrEpA8HlL5RfePue4ttSeNTW56CNys+++3aW8F7aUyT6Vnh/rSekfFFkfwIWqLbgGuM uZaE4blGBC6f8iqhVJJjVVJlOy9dwdZwka1DRoY2Ef/dOoho+QFNi3PCLF8TwpH6jmhJ uCZMaZgDhNSQ+cPPcdNEaFEZDbvr49yX7onnWWp2Rquk5n2wIbOq7jBz7x9D+XSKnPoc pRuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649830; x=1691241830; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=SkBksRN7bdprO5MQOGhCkpjrSYNKbvjJ8BXlsGQfvbA=; b=kYJnX4HLM59mqCbURZhNwu8NysSQQiFb12lmYLl48E2EOLg0mwZ5BW7JxUNiDNvTin JGNUKL9Oj7dARUc8ynrb2wfqmkvmprmR/QUMXck0wMm7sOOA+rkgHPk0c6Dm1qy6MSO+ sANz8t01gDxn5aqtYdvFMyCKVqvZ4DZXhUtWymNqLVOLDX7bgttqD+13HW24jWeHvbn5 GpqfTQy6jIeaUzvQUT0SLXNqMjaTJEJDR3XxWNRKYtXZ0bFHgzzDKBn6PFE4HRpU9nd6 62BXisx2RBnjLpuBnEUtdPOlOPkntdo9CsW49LLjiTDV+AOvuqJ+gSFJrDcg+MVnmetD 357w== X-Gm-Message-State: ABy/qLZ5DpB8sV6qnZTAeK24TETXrmt3Q78PKKC2gBKrFCDpYpa3jV/K MSYEF6p1VuJCyJJPOVn0gm8nYFqT8ay3LW3C X-Google-Smtp-Source: APBJJlE0ZxoHa/axZ9BSuMs4JTTWHi8l90/a5i/e5FANIZ0p+QRLaY5st3EStnGzq3xLBU/BhN98SQ== X-Received: by 2002:a17:906:f55:b0:988:4dc:e3a3 with SMTP id h21-20020a1709060f5500b0098804dce3a3mr1289943ejj.31.1688649830532; Thu, 06 Jul 2023 06:23:50 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:50 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , Ondrej Mosnacek , "GONG, Ruiqi" , linux-kernel@vger.kernel.org Subject: [RFC PATCH 07/20] selinux: services: update type for umber of class permissions Date: Thu, 6 Jul 2023 15:23:22 +0200 Message-Id: <20230706132337.15924-7-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Security classes have only up to 32 permissions, hence using an u16 is sufficient (while improving padding). Also use a fixed sized cast in a bit shift to work correctly on architectures where sizeof(unsigned int) != sizeof(u32). Signed-off-by: Christian Göttsche --- security/selinux/ss/services.c | 6 +++--- security/selinux/ss/services.h | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 78946b71c1c1..3275cfe2c8f7 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -97,7 +97,6 @@ static int selinux_set_mapping(struct policydb *pol, struct selinux_map *out_map) { u16 i, j; - unsigned k; bool print_unknown_handle = false; /* Find number of classes in the input mapping */ @@ -117,6 +116,7 @@ static int selinux_set_mapping(struct policydb *pol, while (map[j].name) { const struct security_class_mapping *p_in = map + (j++); struct selinux_mapping *p_out = out_map->mapping + j; + u16 k; /* An empty class string skips ahead */ if (!strcmp(p_in->name, "")) { @@ -202,7 +202,7 @@ static void map_decision(struct selinux_map *map, { if (tclass < map->size) { struct selinux_mapping *mapping = &map->mapping[tclass]; - unsigned int i, n = mapping->num_perms; + u16 i, n = mapping->num_perms; u32 result; for (i = 0, result = 0; i < n; i++) { @@ -230,7 +230,7 @@ static void map_decision(struct selinux_map *map, * should audit that denial */ for (; i < (sizeof(u32)*8); i++) - result |= 1<auditdeny = result; } } diff --git a/security/selinux/ss/services.h b/security/selinux/ss/services.h index 8a9b85f44b66..b6f99353301e 100644 --- a/security/selinux/ss/services.h +++ b/security/selinux/ss/services.h @@ -12,7 +12,7 @@ /* Mapping for a single class */ struct selinux_mapping { u16 value; /* policy value for class */ - unsigned int num_perms; /* number of permissions in class */ + u16 num_perms; /* number of permissions in class */ u32 perms[sizeof(u32) * 8]; /* policy values for permissions */ }; From patchwork Thu Jul 6 13:23:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13303722 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1D8EDEB64DD for ; Thu, 6 Jul 2023 13:24:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232464AbjGFNYB (ORCPT ); Thu, 6 Jul 2023 09:24:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41118 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232177AbjGFNXz (ORCPT ); Thu, 6 Jul 2023 09:23:55 -0400 Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A59D61BC8; Thu, 6 Jul 2023 06:23:53 -0700 (PDT) Received: by mail-ej1-x629.google.com with SMTP id a640c23a62f3a-98de21518fbso88662066b.0; Thu, 06 Jul 2023 06:23:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649832; x=1691241832; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=LtVZ9IN18GMIVNNPxgzg9kuctr8q4nqyiqN2EuiG34w=; b=ZTokUOHN4zP+Eekl+OVEKJa3T4lLrDOw++zXwjM1vzOFublHo6uQVNIBp/dGGOS/Ab 8Mm5Mx+/P97Qu41PqXghN6dU2xcgidnu+UAfxPHOiAqIF/avHOJAu9xwfUJN/CcDRNGS 1MLt9/a325Jwn/fUT0+8wderCd/CsuKvke/GYevncdsj72HqSrZiOJkLJtgXD+9t9Qka hGuO4qHxUDdGdBCdJxskeEpSEFdfZQN4bXCM5OT75S+h6TbMTEzu4/lXZC2tBDyU0+QK cpij0PRyrvn80TcH4XSqprwbB4jkyQcZnVetQf6MR5xVKWgMayDzq1pPk38PodNDipOJ ZwKQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649832; x=1691241832; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=LtVZ9IN18GMIVNNPxgzg9kuctr8q4nqyiqN2EuiG34w=; b=Zn1NdVPSx4i7aeBhTUc8bvYbX4B7set4CzjWRXoIatU0YVVZcX0ITgd5flwUdkkCsf PNjfGvkqNoQ3B4pHPu6jWj4emYe7tUONTrqLiFqcsA/9omxNOGM5EJCdu/QYZzcg/xhm cREHvfvTtLXEO0MwPpNHJZVjvBISc4J1/mJAuWv1AIahAYHtYcF4ulOY44BiRNkBWBp2 IwxEl9hjiM70ghW0FGMF9sKeeIn9SG0fmNMhWNX1HodMtQuTDeKY1tS9SAL1AadVxIvP ZZCrNfU3eIW/wZ48hpXHCoRENtfxKspFxX+a9eM3LY5TVg97fOe6x2Z6aZ1LF6+lUY+p Pdag== X-Gm-Message-State: ABy/qLZoZ6gh7YzlVqkr4awwq7sETUtVyCfkvrlGK6+Bg22PJC0Tf8G2 jJU1Ud+yZI3/yKGxKwBdMuFnYF3r7+DkvPXH X-Google-Smtp-Source: APBJJlHm0xxHGoItRlBOBhViYJMBJacijEFaDtslHiS9Rc0lhDN3/xyJnmCdet5MEVmC/VGp6q04zg== X-Received: by 2002:a17:906:4792:b0:991:d5ad:f1a7 with SMTP id cw18-20020a170906479200b00991d5adf1a7mr1864982ejc.51.1688649832046; Thu, 06 Jul 2023 06:23:52 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:51 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , Ondrej Mosnacek , Casey Schaufler , Xiu Jianfeng , "GONG, Ruiqi" , linux-kernel@vger.kernel.org Subject: [RFC PATCH 08/20] selinux: services: avoid implicit conversions Date: Thu, 6 Jul 2023 15:23:23 +0200 Message-Id: <20230706132337.15924-8-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use u32 as the output parameter type in security_get_classes() and security_get_permissions(), based on the type of the symtab nprim member. Declare the read-only class string parameter of security_get_permissions() const. Avoid several implicit conversions by using the identical type for the destination. Signed-off-by: Christian Göttsche --- security/selinux/include/security.h | 4 ++-- security/selinux/selinuxfs.c | 7 ++++--- security/selinux/ss/services.c | 22 +++++++++------------- 3 files changed, 15 insertions(+), 18 deletions(-) diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 665c4e5bae99..0f93fd019bb4 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -312,9 +312,9 @@ int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type, u32 *peer_sid); int security_get_classes(struct selinux_policy *policy, - char ***classes, int *nclasses); + char ***classes, u32 *nclasses); int security_get_permissions(struct selinux_policy *policy, - char *class, char ***perms, int *nperms); + const char *class, char ***perms, u32 *nperms); int security_get_reject_unknown(void); int security_get_allow_unknown(void); diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index bad1f6b685fd..16036633ddd3 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1797,7 +1797,8 @@ static int sel_make_perm_files(struct selinux_policy *newpolicy, char *objclass, int classvalue, struct dentry *dir) { - int i, rc, nperms; + u32 i, nperms; + int rc; char **perms; rc = security_get_permissions(newpolicy, objclass, &perms, &nperms); @@ -1867,8 +1868,8 @@ static int sel_make_classes(struct selinux_policy *newpolicy, struct dentry *class_dir, unsigned long *last_class_ino) { - - int rc, nclasses, i; + u32 i, nclasses; + int rc; char **classes; rc = security_get_classes(newpolicy, &classes, &nclasses); diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 3275cfe2c8f7..2e2b17b00298 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -2822,7 +2822,6 @@ static inline int __security_genfs_sid(struct selinux_policy *policy, { struct policydb *policydb = &policy->policydb; struct sidtab *sidtab = policy->sidtab; - int len; u16 sclass; struct genfs *genfs; struct ocontext *c; @@ -2844,7 +2843,7 @@ static inline int __security_genfs_sid(struct selinux_policy *policy, return -ENOENT; for (c = genfs->head; c; c = c->next) { - len = strlen(c->u.name); + size_t len = strlen(c->u.name); if ((!c->v.sclass || sclass == c->v.sclass) && (strncmp(c->u.name, path, len) == 0)) break; @@ -3332,7 +3331,7 @@ static int get_classes_callback(void *k, void *d, void *args) { struct class_datum *datum = d; char *name = k, **classes = args; - int value = datum->value - 1; + u32 value = datum->value - 1; classes[value] = kstrdup(name, GFP_ATOMIC); if (!classes[value]) @@ -3342,7 +3341,7 @@ static int get_classes_callback(void *k, void *d, void *args) } int security_get_classes(struct selinux_policy *policy, - char ***classes, int *nclasses) + char ***classes, u32 *nclasses) { struct policydb *policydb; int rc; @@ -3358,8 +3357,7 @@ int security_get_classes(struct selinux_policy *policy, rc = hashtab_map(&policydb->p_classes.table, get_classes_callback, *classes); if (rc) { - int i; - for (i = 0; i < *nclasses; i++) + for (u32 i = 0; i < *nclasses; i++) kfree((*classes)[i]); kfree(*classes); } @@ -3372,7 +3370,7 @@ static int get_permissions_callback(void *k, void *d, void *args) { struct perm_datum *datum = d; char *name = k, **perms = args; - int value = datum->value - 1; + u32 value = datum->value - 1; perms[value] = kstrdup(name, GFP_ATOMIC); if (!perms[value]) @@ -3382,10 +3380,10 @@ static int get_permissions_callback(void *k, void *d, void *args) } int security_get_permissions(struct selinux_policy *policy, - char *class, char ***perms, int *nperms) + const char *class, char ***perms, u32 *nperms) { struct policydb *policydb; - int rc, i; + int rc; struct class_datum *match; policydb = &policy->policydb; @@ -3420,7 +3418,7 @@ int security_get_permissions(struct selinux_policy *policy, return rc; err: - for (i = 0; i < *nperms; i++) + for (u32 i = 0; i < *nperms; i++) kfree((*perms)[i]); kfree(*perms); return rc; @@ -3600,9 +3598,7 @@ int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) /* Check to see if the rule contains any selinux fields */ int selinux_audit_rule_known(struct audit_krule *rule) { - int i; - - for (i = 0; i < rule->field_count; i++) { + for (u32 i = 0; i < rule->field_count; i++) { struct audit_field *f = &rule->fields[i]; switch (f->type) { case AUDIT_SUBJ_USER: From patchwork Thu Jul 6 13:23:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13303723 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 96EF5C001B0 for ; Thu, 6 Jul 2023 13:24:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231781AbjGFNYC (ORCPT ); Thu, 6 Jul 2023 09:24:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41172 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229528AbjGFNX4 (ORCPT ); Thu, 6 Jul 2023 09:23:56 -0400 Received: from mail-ej1-x629.google.com (mail-ej1-x629.google.com [IPv6:2a00:1450:4864:20::629]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B8CEF19B2; Thu, 6 Jul 2023 06:23:54 -0700 (PDT) Received: by mail-ej1-x629.google.com with SMTP id a640c23a62f3a-99357737980so86757066b.2; Thu, 06 Jul 2023 06:23:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649833; x=1691241833; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=kfq6WYxVSO9JeB8ozbXX3nHOjEAETuGaBGIng4Pfbz0=; b=e31PJQYujr3guQn3Cv+W7D/al3dKcNleToEpFiYWrRtTlBF8sB9PfVpte2Y7xdjhP8 H6fbafj22OHyDemnVEGo0gi4roik7NweiIMFQSqlwiKiP2y4lMnpL01Mw3sZIHuw2Rj2 14n+V5UwYkdrrTWbaBcegz0lRI+9MhdNhYW63lQ6Es/yPX1E3I+ZelDgUpanZGshPdXT h3U+MfzfOOrFRpTffhFzpt7EHprJwb1c9NSgr1V4aeW5kJ8M1dZhvIrAT3wCts86Rb8a VNI47X0R+SuWsTJ+qVSmVlgHVLQd+tfvUEBDVh0dkFoJtXl+mwir9F0YsRMccV4B6Vn/ e9HA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649833; x=1691241833; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=kfq6WYxVSO9JeB8ozbXX3nHOjEAETuGaBGIng4Pfbz0=; b=DjZ4D1/mM924btCyEkxE9NeNiOup0Fn2ExNlBVENOllRqj4YqshWffOZ/3eL4nV7h3 F7p6J30ESEEOKrkz/KJaB7l9/B5S3Uj1PZgBTmWUmP10HxjHFn5efegczIJ9URg3rjQA PWWtkGZoHs83x/CZlKC+8+3xijavOJXiXtruShOGXqj3JTqUjFCD0eHdcx1/Y1K58Pic OmEoFMro4CzUIQhecT4bTiGpvdQ3hNZGLEM58jkXUqelvwYBimGrul0kRohDfllUP7Mb +6NNAZ581qhi0N7AD6l95jJSoEqlSc3i0FEiLs+pVvIK5Qh19wK5yKRYHgz2WP8TpZDI 75BA== X-Gm-Message-State: ABy/qLa3feTNpwptDhk8Q3ntIBxgZQhQoDBUBpSlZXLXK15d/Ers10jA 8TAr1R+7uUB7PI+H6OcaXwMjanJ4aP5VHnct X-Google-Smtp-Source: APBJJlHL6DEX2HS00rwi3YugSfpPimVTvX9szr0T8h0aG4Eix+fyb+06sCjw/rJr6KNEN3K2O5VgdQ== X-Received: by 2002:a17:907:d8d:b0:973:fd02:a41f with SMTP id go13-20020a1709070d8d00b00973fd02a41fmr1897793ejc.40.1688649833214; Thu, 06 Jul 2023 06:23:53 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:52 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , Ondrej Mosnacek , Xiu Jianfeng , linux-kernel@vger.kernel.org Subject: [RFC PATCH 09/20] selinux: status: consistently use u32 as sequence number type Date: Thu, 6 Jul 2023 15:23:24 +0200 Message-Id: <20230706132337.15924-9-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Align the type with the one used in selinux_notify_policy_change() and the sequence member of struct selinux_kernel_status. Signed-off-by: Christian Göttsche --- security/selinux/include/security.h | 2 +- security/selinux/status.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 0f93fd019bb4..a16c52d553e1 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -376,7 +376,7 @@ struct selinux_kernel_status { } __packed; extern void selinux_status_update_setenforce(int enforcing); -extern void selinux_status_update_policyload(int seqno); +extern void selinux_status_update_policyload(u32 seqno); extern void selinux_complete_init(void); extern struct path selinux_null; extern void selnl_notify_setenforce(int val); diff --git a/security/selinux/status.c b/security/selinux/status.c index 19ef929a075c..e436e4975adc 100644 --- a/security/selinux/status.c +++ b/security/selinux/status.c @@ -101,7 +101,7 @@ void selinux_status_update_setenforce(int enforcing) * It updates status of the times of policy reloaded, and current * setting of deny_unknown. */ -void selinux_status_update_policyload(int seqno) +void selinux_status_update_policyload(u32 seqno) { struct selinux_kernel_status *status; From patchwork Thu Jul 6 13:23:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13303724 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91254EB64DC for ; Thu, 6 Jul 2023 13:24:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232006AbjGFNYD (ORCPT ); Thu, 6 Jul 2023 09:24:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41192 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232248AbjGFNX5 (ORCPT ); Thu, 6 Jul 2023 09:23:57 -0400 Received: from mail-ej1-x633.google.com (mail-ej1-x633.google.com [IPv6:2a00:1450:4864:20::633]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6016C1BD0; Thu, 6 Jul 2023 06:23:55 -0700 (PDT) Received: by mail-ej1-x633.google.com with SMTP id a640c23a62f3a-99384a80af7so81182266b.2; Thu, 06 Jul 2023 06:23:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649834; x=1691241834; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=twwRuxY6wI3Kg6heMmcwREwGj5Jtv6WXh1HJopMuo9M=; b=QYgxRvyqawTzN1vInTvH1KRmelQcb+xZLwjKwmBxAzsui0bJ8PfX+UtyZCMTJ1WaVc ZNmRehBukvKqPo8ryX7uLW37wAINUM4JXjBGUgBbbhZSDOohBGZmTI+hmXGRd5oqy+Ii 0EUXhwdOLy+KM6eRut1aG85YH54T5fXv+v1r1OxhI57hyiintFUfmObk8wvPFDL+xGbZ mO9W+lvh6edsDsjPZF7mZyLgnydEPsziQBugtWXe/Al2fGark+gwCE3Yn65JmLCZYOO8 t0x226t2MkLVbNXEDhM3vPQTPL4cGv6JzwpajWv7kQaKGHKf8dFakCwTzSAhSgHq9m0w ORcQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649834; x=1691241834; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=twwRuxY6wI3Kg6heMmcwREwGj5Jtv6WXh1HJopMuo9M=; b=Qof1XUXj0CJZKO/ehu1Zi7DHu9MWFY3L/EzXhbtiHx+WZg3avjhjdo/TxxaBgoU+aa +CTNR7aM12Sd/IaTRAFhMzHKhqbgtxMwjg93dDIO5gG4m/pfYB9Emwbs9NrvTWKeKq2t ME+SLLUDg5Ia0vRcCHiRRhZ3iODRzO0d5vfsXGu32cJHAcEsvQSEyIAHD2A34ntLAp3+ 3ZqWMXEtTTDBv9tNV3lHokNx3K1VSwZ/m/340bfHmTe9nX5qI0bWPWCXgWVyKnlZXqac MoVs+sBgydYcHVc1FV/MjELNoGgH+85tfdydgqRRnEIHNyutzHRyBRmCyL+PEeJBENmo u3vQ== X-Gm-Message-State: ABy/qLZvfewTC1XATiqjJwsiC3Lk3RB0xno3NBLXvGdtMzVAYehaX2QI x9aH7+d/lZAeNvHGCoZfVHpZJpcQjnThJLPp X-Google-Smtp-Source: APBJJlFQ1ZTm5MXnOCMNovRcrb4d0XYaDwQW6JLJg0/mvs9uceWmfXRUx4MfIzIgrSf4b/sPDLJsGw== X-Received: by 2002:a17:906:519d:b0:98d:ffdf:29cb with SMTP id y29-20020a170906519d00b0098dffdf29cbmr1514386ejk.2.1688649833833; Thu, 06 Jul 2023 06:23:53 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:53 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 10/20] selinux: netif: avoid implicit conversions Date: Thu, 6 Jul 2023 15:23:25 +0200 Message-Id: <20230706132337.15924-10-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the identical type sel_netif_hashfn() returns. Signed-off-by: Christian Göttsche --- security/selinux/netif.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/selinux/netif.c b/security/selinux/netif.c index adbe9bea2d26..43a0d3594b72 100644 --- a/security/selinux/netif.c +++ b/security/selinux/netif.c @@ -67,7 +67,7 @@ static inline u32 sel_netif_hashfn(const struct net *ns, int ifindex) static inline struct sel_netif *sel_netif_find(const struct net *ns, int ifindex) { - int idx = sel_netif_hashfn(ns, ifindex); + u32 idx = sel_netif_hashfn(ns, ifindex); struct sel_netif *netif; list_for_each_entry_rcu(netif, &sel_netif_hash[idx], list) @@ -89,7 +89,7 @@ static inline struct sel_netif *sel_netif_find(const struct net *ns, */ static int sel_netif_insert(struct sel_netif *netif) { - int idx; + u32 idx; if (sel_netif_total >= SEL_NETIF_HASH_MAX) return -ENOSPC; From patchwork Thu Jul 6 13:23:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13303725 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E2CC4C001B0 for ; Thu, 6 Jul 2023 13:24:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232316AbjGFNYF (ORCPT ); Thu, 6 Jul 2023 09:24:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41280 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232066AbjGFNYB (ORCPT ); Thu, 6 Jul 2023 09:24:01 -0400 Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DBFA21BF0; Thu, 6 Jul 2023 06:23:56 -0700 (PDT) Received: by mail-lj1-x232.google.com with SMTP id 38308e7fff4ca-2b703c900e3so9897141fa.1; Thu, 06 Jul 2023 06:23:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649835; x=1691241835; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=3A9liYAylTYZaKkz26rlg+lN90yLkMQe/eVravo5I1c=; b=aYu4VEkg1GaCVjNfGwnh+Eh6dEw3yAg01DNOsnqXa5BVHIB/wirjEwhMuR/FtHoleV pP7DfzwoP22q6QAXXXjxHkS3/i5azG+O91vMIZ4rVH1RhMHO4UKj6k3crmi/BrG1To+5 oa6qVT7Z8Y3NBmniXRf2cqfxH6xL0EH6nNKhvqvXISYpOtiBPMttQUKbzmj2mDFAv5D6 wcGMBzErZaiwncQNqJW2LTwLWPTU6wLWtaKb4y0uCtnlvuWpRRuODZ/5WufyxQLsCaLl GsjT9JoErZmIRznP7CGus962pLOw91T7IGBZVEvu5AK3hmGPovdDVvz+e30gWktqJl1i Qnmg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649835; x=1691241835; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=3A9liYAylTYZaKkz26rlg+lN90yLkMQe/eVravo5I1c=; b=MbyV31bGmohlR3iulrmORQ68hDXz6aYDbwds7VAJ8lKFaem2RUIJnl3stgMQt4LvPZ L8bZKnkPCoak7d9vs8pFAd2LUBXJMC09ZbyKTQUCmhez4/jWENS/5RHmaKmtB29Nq1Wi pnMhvkKoOjWJZXS/sVMSPd8OcA/KJm9qtmP+qBP+kZ/Bu6v0B+KGTMrvuWxtZGitWvyf WfBCKtMDXpxUl3jKtwRNUsr7LpyLY6/QQKY7Y+qZvxb8XoFeqE781Uf2n/xmuYYJj616 CmOWcF6EDdsCh9o91m6/abFX2FYyHfs37Qq9LfJpPjmqYYeDY6z4PzErxNdTlC9oOCyz 2AXw== X-Gm-Message-State: ABy/qLbYlAk3RoWGTQK6KASXQw4Gh7eDx8cKjx4d3ACBR3eEnVQbPTmq NIH21WCIKKgaUVYGpESZGm56o4mmfeEVDmYv X-Google-Smtp-Source: APBJJlGDYQnr04I5ouAE/S+drMjthPtgH0/2CEii0REOh6/8rC7/8ZrVnYRAkq4XntxyCkDO4WzDUg== X-Received: by 2002:a2e:8eca:0:b0:2b6:fa92:479e with SMTP id e10-20020a2e8eca000000b002b6fa92479emr1418805ljl.42.1688649834567; Thu, 06 Jul 2023 06:23:54 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:54 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 11/20] selinux: avc: avoid implicit conversions Date: Thu, 6 Jul 2023 15:23:26 +0200 Message-Id: <20230706132337.15924-11-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use a consistent type of u32 for sequence numbers. Use a non-negative and input parameter matching type for the hash result. Signed-off-by: Christian Göttsche --- security/selinux/avc.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 1074db66e5ff..cd55479cce25 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -122,7 +122,7 @@ static struct kmem_cache *avc_xperms_data_cachep __ro_after_init; static struct kmem_cache *avc_xperms_decision_cachep __ro_after_init; static struct kmem_cache *avc_xperms_cachep __ro_after_init; -static inline int avc_hash(u32 ssid, u32 tsid, u16 tclass) +static inline u32 avc_hash(u32 ssid, u32 tsid, u16 tclass) { return (ssid ^ (tsid<<2) ^ (tclass<<4)) & (AVC_CACHE_SLOTS - 1); } @@ -523,7 +523,7 @@ static void avc_node_populate(struct avc_node *node, u32 ssid, u32 tsid, u16 tcl static inline struct avc_node *avc_search_node(u32 ssid, u32 tsid, u16 tclass) { struct avc_node *node, *ret = NULL; - int hvalue; + u32 hvalue; struct hlist_head *head; hvalue = avc_hash(ssid, tsid, tclass); @@ -566,7 +566,7 @@ static struct avc_node *avc_lookup(u32 ssid, u32 tsid, u16 tclass) return NULL; } -static int avc_latest_notif_update(int seqno, int is_insert) +static int avc_latest_notif_update(u32 seqno, int is_insert) { int ret = 0; static DEFINE_SPINLOCK(notif_lock); @@ -609,7 +609,7 @@ static void avc_insert(u32 ssid, u32 tsid, u16 tclass, struct av_decision *avd, struct avc_xperms_node *xp_node) { struct avc_node *pos, *node = NULL; - int hvalue; + u32 hvalue; unsigned long flag; spinlock_t *lock; struct hlist_head *head; @@ -654,9 +654,9 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a) { struct common_audit_data *ad = a; struct selinux_audit_data *sad = ad->selinux_audit_data; - u32 av = sad->audited; + u32 av = sad->audited, perm; const char *const *perms; - int i, perm; + u32 i; audit_log_format(ab, "avc: %s ", sad->denied ? "denied" : "granted"); @@ -833,7 +833,8 @@ static int avc_update_node(u32 event, u32 perms, u8 driver, u8 xperm, u32 ssid, struct extended_perms_decision *xpd, u32 flags) { - int hvalue, rc = 0; + u32 hvalue; + int rc = 0; unsigned long flag; struct avc_node *pos, *node, *orig = NULL; struct hlist_head *head; From patchwork Thu Jul 6 13:23:27 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13303726 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E389FEB64DC for ; Thu, 6 Jul 2023 13:24:07 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232076AbjGFNYG (ORCPT ); Thu, 6 Jul 2023 09:24:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41270 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232404AbjGFNYA (ORCPT ); Thu, 6 Jul 2023 09:24:00 -0400 Received: from mail-ed1-x52e.google.com (mail-ed1-x52e.google.com [IPv6:2a00:1450:4864:20::52e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DF4E31BF3; Thu, 6 Jul 2023 06:23:56 -0700 (PDT) Received: by mail-ed1-x52e.google.com with SMTP id 4fb4d7f45d1cf-51bece5d935so1063203a12.1; Thu, 06 Jul 2023 06:23:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649835; x=1691241835; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=POQtj9EwL7vW/RtHnM490ckQa0bYDSbV6IRJYsU0nzA=; b=iyv3Q7TAJWpYkGBROZoecoTa2QBSNEXYY2XzcHjPuTq0Oilh6NK2w4NJyjZRRgtcuv YImNb7DZT89USAblfNtfugLx4+iw0Jx/pyaXtCep5LHfsqi99B3t+vuES0l+gx8WxoFF ocn+lVc2ziecSrEwac8/zshIA/aL3IPutZjvKW0Fak6UOIRW407pAlsurKMRX+DKlspe 99lr8o/JynVMOD/8epVAFcCYfknwvtrcA6ZjiPXf8lFomPrEG5Gmf0rsKu0JcnALZoPj QVGFUZBFgqafYOO2xT8jZnoClhaaz3FTeP8drWgwNDg89dGHsawwif8dXavPJ6CSm3lj G4lA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649835; x=1691241835; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=POQtj9EwL7vW/RtHnM490ckQa0bYDSbV6IRJYsU0nzA=; b=J2CHvdFBsSPhrGYo2svcj0QcDsbHwJ3XLN+UqqzcuMa3exVOtNyvsuFDzZWTNAmt8i UWxlTt8rcpTygPBL+gcRCKf2bCnDDuxy0EUEgM4GsFSHRO+byI851IFxFMfS5yNjn6VG 50yL7GZRYa3ltVDH+6EQtsoAyseUpniBkx3OZy5EE7rTjurnlKFAgXGS8TZnHDAtXZAf D2VsFtGWDYkVdkE2JDkVPZU7iUqJkXcDm0tvFicBcjii+e6EWiKAwl4+c+oIwLoc9B51 K00h3vL9BLYkv8PctOgLfh0GO9Z6HKkrgCU7RZWr8oamMKHHKtPA7yeU9RofEVQ87PJx LtIA== X-Gm-Message-State: ABy/qLYv5a0EaO8vFph3DFZ4NSlTJ6iLq3MlNKnJ5rLZ+EntnNuCpZE/ S3de6NQyg2MTMmCkhcpc3ImqsgT/B9HmEdlF X-Google-Smtp-Source: APBJJlGEQlOFfh1QyGyEvv8pBADn/VnYy3d2OqjwCtcSCGKwupeaDkcfHRazpcTrLC9VzRKH1Tn7XA== X-Received: by 2002:a17:906:3c46:b0:98d:fc51:b3dd with SMTP id i6-20020a1709063c4600b0098dfc51b3ddmr1402524ejg.41.1688649835234; Thu, 06 Jul 2023 06:23:55 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:54 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 12/20] selinux: hooks: avoid implicit conversions Date: Thu, 6 Jul 2023 15:23:27 +0200 Message-Id: <20230706132337.15924-12-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the identical types in assignments of local variables for the destination. Merge tail calls into return statements. Avoid using leading underscores for function local variable. Signed-off-by: Christian Göttsche --- security/selinux/hooks.c | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index b8a8a4f0f2ad..fff50604abce 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1125,7 +1125,7 @@ static inline int default_protocol_dgram(int protocol) static inline u16 socket_type_to_security_class(int family, int type, int protocol) { - int extsockclass = selinux_policycap_extsockclass(); + bool extsockclass = selinux_policycap_extsockclass(); switch (family) { case PF_UNIX: @@ -5027,15 +5027,13 @@ static int selinux_sock_rcv_skb_compat(struct sock *sk, struct sk_buff *skb, static int selinux_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb) { - int err; + int err, peerlbl_active, secmark_active; struct sk_security_struct *sksec = sk->sk_security; u16 family = sk->sk_family; u32 sk_sid = sksec->sid; struct common_audit_data ad; struct lsm_network_audit net = {0,}; char *addrp; - u8 secmark_active; - u8 peerlbl_active; if (family != PF_INET && family != PF_INET6) return 0; @@ -5498,11 +5496,11 @@ static void selinux_inet_conn_established(struct sock *sk, struct sk_buff *skb) static int selinux_secmark_relabel_packet(u32 sid) { - const struct task_security_struct *__tsec; + const struct task_security_struct *tsec; u32 tsid; - __tsec = selinux_cred(current_cred()); - tsid = __tsec->sid; + tsec = selinux_cred(current_cred()); + tsid = tsec->sid; return avc_has_perm(tsid, sid, SECCLASS_PACKET, PACKET__RELABELTO, NULL); @@ -6000,8 +5998,7 @@ static int selinux_msg_queue_associate(struct kern_ipc_perm *msq, int msqflg) static int selinux_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd) { - int err; - int perms; + u32 perms; switch (cmd) { case IPC_INFO: @@ -6024,8 +6021,7 @@ static int selinux_msg_queue_msgctl(struct kern_ipc_perm *msq, int cmd) return 0; } - err = ipc_has_perm(msq, perms); - return err; + return ipc_has_perm(msq, perms); } static int selinux_msg_queue_msgsnd(struct kern_ipc_perm *msq, struct msg_msg *msg, int msqflg) @@ -6130,8 +6126,7 @@ static int selinux_shm_associate(struct kern_ipc_perm *shp, int shmflg) /* Note, at this point, shp is locked down */ static int selinux_shm_shmctl(struct kern_ipc_perm *shp, int cmd) { - int perms; - int err; + u32 perms; switch (cmd) { case IPC_INFO: @@ -6158,8 +6153,7 @@ static int selinux_shm_shmctl(struct kern_ipc_perm *shp, int cmd) return 0; } - err = ipc_has_perm(shp, perms); - return err; + return ipc_has_perm(shp, perms); } static int selinux_shm_shmat(struct kern_ipc_perm *shp, @@ -6928,7 +6922,7 @@ static int selinux_uring_override_creds(const struct cred *new) */ static int selinux_uring_sqpoll(void) { - int sid = current_sid(); + u32 sid = current_sid(); return avc_has_perm(sid, sid, SECCLASS_IO_URING, IO_URING__SQPOLL, NULL); From patchwork Thu Jul 6 13:23:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13303727 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 82761EB64DD for ; Thu, 6 Jul 2023 13:24:08 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231754AbjGFNYH (ORCPT ); Thu, 6 Jul 2023 09:24:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41134 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232469AbjGFNYB (ORCPT ); Thu, 6 Jul 2023 09:24:01 -0400 Received: from mail-lj1-x22a.google.com (mail-lj1-x22a.google.com [IPv6:2a00:1450:4864:20::22a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E7DAA1BF9; Thu, 6 Jul 2023 06:23:57 -0700 (PDT) Received: by mail-lj1-x22a.google.com with SMTP id 38308e7fff4ca-2b708e49059so5879961fa.3; Thu, 06 Jul 2023 06:23:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649836; x=1691241836; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=6TDtptIkENs/tayg9WHiP7fNFieO7oHOt3lCGHjPhK8=; b=ZAoK9O9BsmPWDXZjxjcM8oa0QntCJDAE7guqGhxXlzF+kt3m+4JohijYM3ygC12aGe d9mBu5JTrg/vscq5p463NvtcB0ft8ZikB4ziomPVVNbk801szMlGrWwLtuZ6u+McO5JP kE8kWqvzVJALFxdkZ99/9VkntGl45qvuhIJqPzfpfWIhpt1fefccAqFJEiwj3hw82fsi H1fZHOWCRvrpXjdHtK9vBY6PLxLiLVWeSb9ggwGCjMW9EyJI0BjtZ6YgESVKHNkoHNgb ijR1dSBMJGnE6YXGR5xdCrRJxTMzH+lOvRImwMTxr4Gdj681Hszgctt4jbrwzivx1jvh 3UqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649836; x=1691241836; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6TDtptIkENs/tayg9WHiP7fNFieO7oHOt3lCGHjPhK8=; b=GPShHcwlPzhG3cDL4BPUAoj6MI0m95NBgEeE7R00+fsDxUbTmJyjUpTptQyyOUPem7 /++YAOE0neJ3h6Q05B0OPZBPndegF6+XTJkkq/iCm5NFxuxTI0HB52LpHlBDul17pDjq /uk1Pwib/1O65DluUX6UgFoYZlHOACF42msmCiL9P4ngrMEinRImCioY7mIuMaGRImvw lNv5t8+TJ8lOMFV/b6RCcHnrbhgHB5WGQA6DWfxxiP9Z0i8EuYUfpBFPJjuMiAWaghyX Aw0O54/n6nTURP2a9n8fEazgYa5ZrUjeJU2jqnAKnMpWxy10Z7o6WwPnSHOQN+PcvETU ZixA== X-Gm-Message-State: ABy/qLZGF5p6FuIiQRN8ZEvmvCj5QKETo5WCLiFS+WuIO0B9ICWn1HfE vbXICZI0R4EGW1Co+yO5hAtL9g3Sk2eBlFyI X-Google-Smtp-Source: APBJJlEjdL7dav+DPrOIUskIr01F+mwYAC2kNtNoiqDbJWIOqSB+MCA1xSDIvBElC5hGNMuY1ruE4Q== X-Received: by 2002:a2e:7a16:0:b0:2b5:7a87:a85a with SMTP id v22-20020a2e7a16000000b002b57a87a85amr1351695ljc.13.1688649835875; Thu, 06 Jul 2023 06:23:55 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:55 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 13/20] selinux: selinuxfs: avoid implicit conversions Date: Thu, 6 Jul 2023 15:23:28 +0200 Message-Id: <20230706132337.15924-13-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use umode_t as parameter type for sel_make_inode(), which assigns the value to the member i_mode of struct inode. Use identical type for loop iterator. Signed-off-by: Christian Göttsche --- security/selinux/selinuxfs.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 16036633ddd3..c3ac0468f698 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -97,10 +97,9 @@ static int selinux_fs_info_create(struct super_block *sb) static void selinux_fs_info_free(struct super_block *sb) { struct selinux_fs_info *fsi = sb->s_fs_info; - int i; if (fsi) { - for (i = 0; i < fsi->bool_num; i++) + for (unsigned int i = 0; i < fsi->bool_num; i++) kfree(fsi->bool_pending_names[i]); kfree(fsi->bool_pending_names); kfree(fsi->bool_pending_values); @@ -1191,7 +1190,7 @@ static ssize_t sel_write_member(struct file *file, char *buf, size_t size) return length; } -static struct inode *sel_make_inode(struct super_block *sb, int mode) +static struct inode *sel_make_inode(struct super_block *sb, umode_t mode) { struct inode *ret = new_inode(sb); From patchwork Thu Jul 6 13:23:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13303728 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 61408EB64DD for ; Thu, 6 Jul 2023 13:24:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232327AbjGFNYO (ORCPT ); Thu, 6 Jul 2023 09:24:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41270 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232081AbjGFNYF (ORCPT ); Thu, 6 Jul 2023 09:24:05 -0400 Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8EEE01FC7; Thu, 6 Jul 2023 06:23:59 -0700 (PDT) Received: by mail-ed1-x534.google.com with SMTP id 4fb4d7f45d1cf-51dff848168so1037594a12.2; Thu, 06 Jul 2023 06:23:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649838; x=1691241838; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=Mc4qD9lCimMDS7+Q62W0sR+F1WbT4ndKWO0bdPK98Q4=; b=KRgDtHb9NQWXvl9rwUjjK2ezvvvwgu54gELKHJeo/7F0Hm49R/sMwBHJ3uCk7eZ5Gp fRPuKzhfqvXzKlKnsnYj4b5w581neInaOjHVrH9+GYBonlJ7R0bFLnu6XBIJgYRR7yoC 9o+Shh2XAhSuMXED5erB4cjgQDJ7V/d3EKOxQjDbRmMayZyJM58LHVRqllTL2IH5lBv9 87+M9I4o7J8dhmNTTjag4+d8J7Rpg4RxbrUO8IsQ9m6QsYY5VPI8p8X7Waor5+HNCzfW y3q7qq4EdWlkYC4KpdhTB+G57J1d9XyRFBCB1ZSlBGyXZXTRzyJ9oaPY7x+Y+mtvCLh2 KZUQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649838; x=1691241838; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Mc4qD9lCimMDS7+Q62W0sR+F1WbT4ndKWO0bdPK98Q4=; b=he8FvstQ9tiT4x/ba4dnKrYfYGANK2NzadOFaFfe/aDw1WlKJtheecSN+OGCZQ7U1c IWXINlqe6Y8xcR5s4belJZFsU1FpIHvSGovtxVQaJhAtnET72KE3HuewbkioorcLYU3P N3pTICn4VfJ+/wRxS2Enx2kwsZlfoEQX2+t0AzcvoQ5dcBYpK3KqnB1xx9NjNcueEhkB eNOZvQ0qDfsZWvgGVQPJc6o4EEJU73Uk4Fh3vZg3Up/Sc31KuBUCZEy1xx0cxMgELC1s 6sPaqOZy9WORJmbcznVJtP6R1mypz/9megq8vs5Def1VHkdtnXu2wPpuRUFCahLzAX1y AxCg== X-Gm-Message-State: ABy/qLZjnNQ/siMoK0SSHf/A8gJzPinnnTuAaRbk2M5jNsx3w8gPdHPE a7+Na9GxyC3O8+6uh0WmNuvOmuYRx3cl2U/M X-Google-Smtp-Source: APBJJlGCSHaOsqx7aLvcYCVLy0c/hMiwM/tjEdN7KCoMqOu1j0rWZQW17+aXWi01DZUj7CfULo2xcw== X-Received: by 2002:a17:907:3d5:b0:992:764b:90d3 with SMTP id su21-20020a17090703d500b00992764b90d3mr1261371ejb.70.1688649837787; Thu, 06 Jul 2023 06:23:57 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:57 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , Ondrej Mosnacek , "GONG, Ruiqi" , linux-kernel@vger.kernel.org Subject: [RFC PATCH 14/20] selinux: use consistent type for AV rule specifier Date: Thu, 6 Jul 2023 15:23:29 +0200 Message-Id: <20230706132337.15924-14-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org The specifier for avtab keys is always supplied with a type of u16, either as a macro to security_compute_sid() or the member specified of the struct avtab_key. Signed-off-by: Christian Göttsche --- security/selinux/ss/avtab.c | 2 +- security/selinux/ss/avtab.h | 2 +- security/selinux/ss/services.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/security/selinux/ss/avtab.c b/security/selinux/ss/avtab.c index 9c150fba3fa6..15a5d60fb1a5 100644 --- a/security/selinux/ss/avtab.c +++ b/security/selinux/ss/avtab.c @@ -248,7 +248,7 @@ struct avtab_node *avtab_search_node(struct avtab *h, } struct avtab_node* -avtab_search_node_next(struct avtab_node *node, int specified) +avtab_search_node_next(struct avtab_node *node, u16 specified) { struct avtab_node *cur; diff --git a/security/selinux/ss/avtab.h b/security/selinux/ss/avtab.h index d6742fd9c560..f265e9da18e2 100644 --- a/security/selinux/ss/avtab.h +++ b/security/selinux/ss/avtab.h @@ -111,7 +111,7 @@ struct avtab_node *avtab_insert_nonunique(struct avtab *h, struct avtab_node *avtab_search_node(struct avtab *h, const struct avtab_key *key); -struct avtab_node *avtab_search_node_next(struct avtab_node *node, int specified); +struct avtab_node *avtab_search_node_next(struct avtab_node *node, u16 specified); #define MAX_AVTAB_HASH_BITS 16 #define MAX_AVTAB_HASH_BUCKETS (1 << MAX_AVTAB_HASH_BITS) diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 2e2b17b00298..823b000381a4 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -1694,7 +1694,7 @@ static void filename_compute_type(struct policydb *policydb, static int security_compute_sid(u32 ssid, u32 tsid, u16 orig_tclass, - u32 specified, + u16 specified, const char *objname, u32 *out_sid, bool kern) From patchwork Thu Jul 6 13:23:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13303729 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 04A7EC001B0 for ; Thu, 6 Jul 2023 13:24:18 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229528AbjGFNYQ (ORCPT ); Thu, 6 Jul 2023 09:24:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41460 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231950AbjGFNYI (ORCPT ); Thu, 6 Jul 2023 09:24:08 -0400 Received: from mail-ej1-x634.google.com (mail-ej1-x634.google.com [IPv6:2a00:1450:4864:20::634]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A7BF01994; Thu, 6 Jul 2023 06:24:00 -0700 (PDT) Received: by mail-ej1-x634.google.com with SMTP id a640c23a62f3a-992af8b3b1bso87803566b.1; Thu, 06 Jul 2023 06:24:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649839; x=1691241839; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=DhqfK8uOyIqhSWoksWSfTXUpr2q1z9ORZXhHYVLrqUc=; b=O4KSmmCeD9sYZFHVmyww/xG4Bn2lpeGw2ZtWKThZ/pDxxSrDATDoWPKO14yfoPINdz Qb8Kir3o5FMfNA3QJ5MZi0mRXld3ldX8DNnuDhJ6eRSeV1kus9OTNdd+uBrKkYEJboQP Yp0UkuhmHOposft2+KQ0CZCKVTEqdaj5vMJY6ez6n1MSZNIgk7Q6Gofh86DSshCVvoK9 PPMQO+6sU5f70/fIjRBvZsgAl9lZRhFR0icq9c9sVnEn+5za1StHnsGPw+A/6qunbe+p X4NzTASICdF+gUGoEpO5QODq8qmHavtPecdgHmKTkin0fUpQ5C8TjoQ0MbRD36pG3j0/ rSxw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649839; x=1691241839; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=DhqfK8uOyIqhSWoksWSfTXUpr2q1z9ORZXhHYVLrqUc=; b=gPI29vKZxp59SBoq2q+yMbTNa5O1Vd7B/9UZY9xkj2VRqlWlgZyF4mAg5PRnHYk7UO aqRKDOnTJwE4khnHASwFgBeT8iTnVzUVAXCWg0Yi/A0wI64Ij3YJLUy0TBz77J5DrAFY QGilRiUjz2eFVvmevIpTeXL099gWLF7pUsJ7fNJQd5UWrLIzgXEfN2xPPp0TW3OHCos3 iB0xXsmniYzr0RrFtvhcLWDYcx158A62rCGbeIEs9INWRqbsG4SDPrK9lYRAO7g0bVCe d8X/jloCa2yRPGQz8RT6IQ6a9uT0zTs7idCMlE6yPeNq1FO/tz3Zqv3/EhOltIYnyRro Y8ug== X-Gm-Message-State: ABy/qLb08FGUOZkVlDwo4mCqFXiefBuewumuacUSk2Xrec5jI6FwKIyC doJQA2t0MQd5x5I9p0b4KdqCfUG+si1gdyVo X-Google-Smtp-Source: APBJJlG9MaOIZc/y/RkPd/ZmorYz4p4b/YrdZJGuFNw7KK/6hkO9a969QNx7FXMR9RYVMBbYmJ5i+A== X-Received: by 2002:a17:907:3f0b:b0:98e:2423:708 with SMTP id hq11-20020a1709073f0b00b0098e24230708mr1678815ejc.62.1688649838816; Thu, 06 Jul 2023 06:23:58 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:23:58 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , Ondrej Mosnacek , linux-kernel@vger.kernel.org Subject: [RFC PATCH 15/20] selinux: policydb: implicit conversions Date: Thu, 6 Jul 2023 15:23:30 +0200 Message-Id: <20230706132337.15924-15-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the identical type for local variables, e.g. loop counters. Signed-off-by: Christian Göttsche --- security/selinux/ss/policydb.c | 112 +++++++++++++++++++-------------- 1 file changed, 65 insertions(+), 47 deletions(-) diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index cfe77ef24ee2..9d0a3dab80d5 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -161,9 +161,7 @@ static const struct policydb_compat_info policydb_compat[] = { static const struct policydb_compat_info *policydb_lookup_compat(int version) { - int i; - - for (i = 0; i < ARRAY_SIZE(policydb_compat); i++) { + for (u32 i = 0; i < ARRAY_SIZE(policydb_compat); i++) { if (policydb_compat[i].version == version) return &policydb_compat[i]; } @@ -359,7 +357,7 @@ static int role_tr_destroy(void *key, void *datum, void *p) return 0; } -static void ocontext_destroy(struct ocontext *c, int i) +static void ocontext_destroy(struct ocontext *c, u32 i) { if (!c) return; @@ -781,7 +779,7 @@ void policydb_destroy(struct policydb *p) { struct ocontext *c, *ctmp; struct genfs *g, *gtmp; - int i; + u32 i; struct role_allow *ra, *lra = NULL; for (i = 0; i < SYM_NUM; i++) { @@ -1155,7 +1153,7 @@ static int common_read(struct policydb *p, struct symtab *s, void *fp) struct common_datum *comdatum; __le32 buf[4]; u32 len, nel; - int i, rc; + int rc; comdatum = kzalloc(sizeof(*comdatum), GFP_KERNEL); if (!comdatum) @@ -1178,7 +1176,7 @@ static int common_read(struct policydb *p, struct symtab *s, void *fp) if (rc) goto bad; - for (i = 0; i < nel; i++) { + for (u32 i = 0; i < nel; i++) { rc = perm_read(p, &comdatum->permissions, fp); if (rc) goto bad; @@ -1220,16 +1218,16 @@ static int type_set_read(struct type_set *t, void *fp) static int read_cons_helper(struct policydb *p, struct constraint_node **nodep, - int ncons, int allowxtarget, void *fp) + u32 ncons, int allowxtarget, void *fp) { struct constraint_node *c, *lc; struct constraint_expr *e, *le; __le32 buf[3]; u32 nexpr; - int rc, i, j, depth; + int rc, depth; lc = NULL; - for (i = 0; i < ncons; i++) { + for (u32 i = 0; i < ncons; i++) { c = kzalloc(sizeof(*c), GFP_KERNEL); if (!c) return -ENOMEM; @@ -1246,7 +1244,7 @@ static int read_cons_helper(struct policydb *p, nexpr = le32_to_cpu(buf[1]); le = NULL; depth = -1; - for (j = 0; j < nexpr; j++) { + for (u32 j = 0; j < nexpr; j++) { e = kzalloc(sizeof(*e), GFP_KERNEL); if (!e) return -ENOMEM; @@ -1319,7 +1317,7 @@ static int class_read(struct policydb *p, struct symtab *s, void *fp) struct class_datum *cladatum; __le32 buf[6]; u32 len, len2, ncons, nel; - int i, rc; + int rc; cladatum = kzalloc(sizeof(*cladatum), GFP_KERNEL); if (!cladatum) @@ -1359,7 +1357,7 @@ static int class_read(struct policydb *p, struct symtab *s, void *fp) goto bad; } } - for (i = 0; i < nel; i++) { + for (u32 i = 0; i < nel; i++) { rc = perm_read(p, &cladatum->permissions, fp); if (rc) goto bad; @@ -1412,7 +1410,8 @@ static int role_read(struct policydb *p, struct symtab *s, void *fp) { char *key = NULL; struct role_datum *role; - int rc, to_read = 2; + int rc; + unsigned int to_read = 2; __le32 buf[3]; u32 len; @@ -1468,7 +1467,8 @@ static int type_read(struct policydb *p, struct symtab *s, void *fp) { char *key = NULL; struct type_datum *typdatum; - int rc, to_read = 3; + int rc; + unsigned int to_read = 3; __le32 buf[4]; u32 len; @@ -1542,7 +1542,8 @@ static int user_read(struct policydb *p, struct symtab *s, void *fp) { char *key = NULL; struct user_datum *usrdatum; - int rc, to_read = 2; + int rc; + unsigned int to_read = 2; __le32 buf[3]; u32 len; @@ -1683,7 +1684,7 @@ static int user_bounds_sanity_check(void *key, void *datum, void *datap) upper = user = datum; while (upper->bounds) { struct ebitmap_node *node; - unsigned long bit; + u32 bit; if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { pr_err("SELinux: user %s: " @@ -1719,7 +1720,7 @@ static int role_bounds_sanity_check(void *key, void *datum, void *datap) upper = role = datum; while (upper->bounds) { struct ebitmap_node *node; - unsigned long bit; + u32 bit; if (++depth == POLICYDB_BOUNDS_MAXDEPTH) { pr_err("SELinux: role %s: " @@ -1834,7 +1835,7 @@ static int range_read(struct policydb *p, void *fp) { struct range_trans *rt = NULL; struct mls_range *r = NULL; - int i, rc; + int rc; __le32 buf[2]; u32 nel; @@ -1851,7 +1852,7 @@ static int range_read(struct policydb *p, void *fp) if (rc) return rc; - for (i = 0; i < nel; i++) { + for (u32 i = 0; i < nel; i++) { rc = -ENOMEM; rt = kzalloc(sizeof(*rt), GFP_KERNEL); if (!rt) @@ -1996,7 +1997,7 @@ static int filename_trans_read_helper(struct policydb *p, void *fp) struct filename_trans_key *ft = NULL; struct filename_trans_datum **dst, *datum, *first = NULL; char *name = NULL; - u32 len, ttype, tclass, ndatum, i; + u32 len, ttype, ndatum, tclass; __le32 buf[3]; int rc; @@ -2026,7 +2027,7 @@ static int filename_trans_read_helper(struct policydb *p, void *fp) } dst = &first; - for (i = 0; i < ndatum; i++) { + for (u32 i = 0; i < ndatum; i++) { rc = -ENOMEM; datum = kmalloc(sizeof(*datum), GFP_KERNEL); if (!datum) @@ -2082,9 +2083,9 @@ static int filename_trans_read_helper(struct policydb *p, void *fp) static int filename_trans_read(struct policydb *p, void *fp) { - u32 nel; + u32 nel, i; __le32 buf[1]; - int rc, i; + int rc; if (p->policyvers < POLICYDB_VERSION_FILENAME_TRANS) return 0; @@ -2123,7 +2124,7 @@ static int filename_trans_read(struct policydb *p, void *fp) static int genfs_read(struct policydb *p, void *fp) { - int i, j, rc; + int rc; u32 nel, nel2, len, len2; __le32 buf[1]; struct ocontext *l, *c; @@ -2136,7 +2137,7 @@ static int genfs_read(struct policydb *p, void *fp) return rc; nel = le32_to_cpu(buf[0]); - for (i = 0; i < nel; i++) { + for (u32 i = 0; i < nel; i++) { rc = next_entry(buf, fp, sizeof(u32)); if (rc) goto out; @@ -2175,7 +2176,7 @@ static int genfs_read(struct policydb *p, void *fp) goto out; nel2 = le32_to_cpu(buf[0]); - for (j = 0; j < nel2; j++) { + for (u32 j = 0; j < nel2; j++) { rc = next_entry(buf, fp, sizeof(u32)); if (rc) goto out; @@ -2237,8 +2238,8 @@ static int genfs_read(struct policydb *p, void *fp) static int ocontext_read(struct policydb *p, const struct policydb_compat_info *info, void *fp) { - int i, j, rc; - u32 nel, len; + int i, rc; + u32 nel, len, val; __be64 prefixbuf[1]; __le32 buf[3]; struct ocontext *l, *c; @@ -2251,7 +2252,7 @@ static int ocontext_read(struct policydb *p, const struct policydb_compat_info * nel = le32_to_cpu(buf[0]); l = NULL; - for (j = 0; j < nel; j++) { + for (u32 j = 0; j < nel; j++) { rc = -ENOMEM; c = kzalloc(sizeof(*c), GFP_KERNEL); if (!c) @@ -2299,9 +2300,27 @@ static int ocontext_read(struct policydb *p, const struct policydb_compat_info * rc = next_entry(buf, fp, sizeof(u32)*3); if (rc) goto out; - c->u.port.protocol = le32_to_cpu(buf[0]); - c->u.port.low_port = le32_to_cpu(buf[1]); - c->u.port.high_port = le32_to_cpu(buf[2]); + + rc = -EINVAL; + + val = le32_to_cpu(buf[0]); + if (val > U8_MAX) + goto out; + c->u.port.protocol = val; + + val = le32_to_cpu(buf[1]); + if (val > U16_MAX) + goto out; + c->u.port.low_port = val; + + val = le32_to_cpu(buf[2]); + if (val > U16_MAX) + goto out; + c->u.port.high_port = val; + + if (c->u.port.low_port > c->u.port.high_port) + goto out; + rc = context_read_and_validate(&c->context[0], p, fp); if (rc) goto out; @@ -2429,7 +2448,7 @@ int policydb_read(struct policydb *p, void *fp) struct role_allow *ra, *lra; struct role_trans_key *rtk = NULL; struct role_trans_datum *rtd = NULL; - int i, j, rc; + int rc; __le32 buf[4]; u32 len, nprim, nel, perm; @@ -2546,7 +2565,7 @@ int policydb_read(struct policydb *p, void *fp) goto bad; } - for (i = 0; i < info->sym_num; i++) { + for (int i = 0; i < info->sym_num; i++) { rc = next_entry(buf, fp, sizeof(u32)*2); if (rc) goto bad; @@ -2563,7 +2582,7 @@ int policydb_read(struct policydb *p, void *fp) goto out; } - for (j = 0; j < nel; j++) { + for (u32 j = 0; j < nel; j++) { rc = read_f[i](p, &p->symtab[i], fp); if (rc) goto bad; @@ -2597,7 +2616,7 @@ int policydb_read(struct policydb *p, void *fp) rc = hashtab_init(&p->role_tr, nel); if (rc) goto bad; - for (i = 0; i < nel; i++) { + for (u32 i = 0; i < nel; i++) { rc = -ENOMEM; rtk = kmalloc(sizeof(*rtk), GFP_KERNEL); if (!rtk) @@ -2643,7 +2662,7 @@ int policydb_read(struct policydb *p, void *fp) goto bad; nel = le32_to_cpu(buf[0]); lra = NULL; - for (i = 0; i < nel; i++) { + for (u32 i = 0; i < nel; i++) { rc = -ENOMEM; ra = kzalloc(sizeof(*ra), GFP_KERNEL); if (!ra) @@ -2707,10 +2726,10 @@ int policydb_read(struct policydb *p, void *fp) goto bad; /* just in case ebitmap_init() becomes more than just a memset(0): */ - for (i = 0; i < p->p_types.nprim; i++) + for (u32 i = 0; i < p->p_types.nprim; i++) ebitmap_init(&p->type_attr_map_array[i]); - for (i = 0; i < p->p_types.nprim; i++) { + for (u32 i = 0; i < p->p_types.nprim; i++) { struct ebitmap *e = &p->type_attr_map_array[i]; if (p->policyvers >= POLICYDB_VERSION_AVTAB) { @@ -3282,7 +3301,7 @@ static int (*const write_f[SYM_NUM]) (void *key, void *datum, void *datap) = { static int ocontext_write(struct policydb *p, const struct policydb_compat_info *info, void *fp) { - unsigned int i, j, rc; + int i, rc; size_t nel, len; __be64 prefixbuf[1]; __le32 buf[3]; @@ -3360,9 +3379,9 @@ static int ocontext_write(struct policydb *p, const struct policydb_compat_info return rc; break; case OCON_NODE6: - for (j = 0; j < 4; j++) + for (unsigned int j = 0; j < 4; j++) nodebuf[j] = c->u.node6.addr[j]; /* network order */ - for (j = 0; j < 4; j++) + for (unsigned int j = 0; j < 4; j++) nodebuf[j + 4] = c->u.node6.mask[j]; /* network order */ rc = put_entry(nodebuf, sizeof(u32), 8, fp); if (rc) @@ -3631,8 +3650,7 @@ static int filename_trans_write(struct policydb *p, void *fp) */ int policydb_write(struct policydb *p, void *fp) { - unsigned int i, num_syms; - int rc; + int rc, num_syms; __le32 buf[4]; u32 config; size_t len; @@ -3701,7 +3719,7 @@ int policydb_write(struct policydb *p, void *fp) } num_syms = info->sym_num; - for (i = 0; i < num_syms; i++) { + for (int i = 0; i < num_syms; i++) { struct policy_data pd; pd.fp = fp; @@ -3750,7 +3768,7 @@ int policydb_write(struct policydb *p, void *fp) if (rc) return rc; - for (i = 0; i < p->p_types.nprim; i++) { + for (u32 i = 0; i < p->p_types.nprim; i++) { struct ebitmap *e = &p->type_attr_map_array[i]; rc = ebitmap_write(e, fp); From patchwork Thu Jul 6 13:23:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13303730 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 10454EB64DC for ; Thu, 6 Jul 2023 13:24:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232631AbjGFNY3 (ORCPT ); Thu, 6 Jul 2023 09:24:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41266 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232519AbjGFNYO (ORCPT ); Thu, 6 Jul 2023 09:24:14 -0400 Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 36ED51FE0; Thu, 6 Jul 2023 06:24:01 -0700 (PDT) Received: by mail-ed1-x531.google.com with SMTP id 4fb4d7f45d1cf-51e28cac164so2924807a12.1; Thu, 06 Jul 2023 06:24:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649840; x=1691241840; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=ttKtREu8xCq0EEFV7iCGq+Ud9sFqF7ByOvZXs9yYx/w=; b=On9VzKHpPKxOaYVKo8Z80brFWSUTyh4J/bIK3E0JRK833IHVGebZHK0CVm4fvKEk21 hwtqCP6yMGVWBvuWOjDO9SRG0T6lA/cSA6g/3inNBWoZ0jqjgVJrlhX6TKPqui7xUzDp AZ3VfUagGhjPE12LKqSM2axddRsr5kcsaYvNKUGPR2VQdjR4bSYenKyFvAqv0nF2TVK/ zUueeDxqKoiPDzTVjdv2gAvpFjHyEi20zubsYzZYUTM/JwvcbyEJRFbt4OnIXGeJhMzA OCiN+7FTH571xyJg0V5jAmeIBMmQza1O5BO+LH2E2GraA+lK5GNlAJ9mF9X633r/Glsg 42SA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649840; x=1691241840; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ttKtREu8xCq0EEFV7iCGq+Ud9sFqF7ByOvZXs9yYx/w=; b=jo8XwlWEwaIkHscWybB1jNk+ZClYT6BcWl25ws+Pg9e6mL3lobeBRoiN0Vj0PFqbMm lkz/YYZlNtOSfK8MBpwIU+LfbBVabBU2oeXq0FiR8wwekur/m73TumnD7dJp3qcoW1b4 ZmdTI0GOh6bHpC75Opu7UJTtiMh3vTm0oROBV6UdIOJlI0J0sM3tU+1bCR4M8LFJcqOE EarvDu1XS33+53N0DFydrIQ98tSZXjquwL/2fG2NEZuoqefaaQfbxZwq/vVtm+OuKzsq PiT6oLO7tb7uR6ZUUySwpp8hksVxUo7COhhj1Qj3JbEgJF0W6dp+kZOZDM0U7W3OWN7b qq1Q== X-Gm-Message-State: ABy/qLY1y8eU/HRDXjznbEA3SIGZNUDDmm0Ou7q/RunEhf6jX8deT36U 08yocGAtWeS4On6BF+WWTQPDIJpgvRJRI1ny X-Google-Smtp-Source: APBJJlFwnSU5ETFSc8+eBv7cUgVbWkIZg4Hg0j7MfYkdB8+36ZdpdbYMmOlllK4BXcg3a7yaK9FBKw== X-Received: by 2002:a17:906:4fc7:b0:98d:f2c9:a1eb with SMTP id i7-20020a1709064fc700b0098df2c9a1ebmr4961722ejw.24.1688649840250; Thu, 06 Jul 2023 06:24:00 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.23.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:24:00 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 16/20] selinux: symtab: implicit conversion Date: Thu, 6 Jul 2023 15:23:31 +0200 Message-Id: <20230706132337.15924-16-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org hashtab_init() takes an u32 as size parameter type. Signed-off-by: Christian Göttsche --- security/selinux/ss/symtab.c | 2 +- security/selinux/ss/symtab.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/security/selinux/ss/symtab.c b/security/selinux/ss/symtab.c index c42a6648a07d..7a77571fb275 100644 --- a/security/selinux/ss/symtab.c +++ b/security/selinux/ss/symtab.c @@ -37,7 +37,7 @@ static const struct hashtab_key_params symtab_key_params = { .cmp = symcmp, }; -int symtab_init(struct symtab *s, unsigned int size) +int symtab_init(struct symtab *s, u32 size) { s->nprim = 0; return hashtab_init(&s->table, size); diff --git a/security/selinux/ss/symtab.h b/security/selinux/ss/symtab.h index f2614138d0cd..3033c4db6cb6 100644 --- a/security/selinux/ss/symtab.h +++ b/security/selinux/ss/symtab.h @@ -17,7 +17,7 @@ struct symtab { u32 nprim; /* number of primary names in table */ }; -int symtab_init(struct symtab *s, unsigned int size); +int symtab_init(struct symtab *s, u32 size); int symtab_insert(struct symtab *s, char *name, void *datum); void *symtab_search(struct symtab *s, const char *name); From patchwork Thu Jul 6 13:23:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13303731 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 597B6EB64D9 for ; Thu, 6 Jul 2023 13:24:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232681AbjGFNYp (ORCPT ); Thu, 6 Jul 2023 09:24:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41462 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232586AbjGFNYS (ORCPT ); Thu, 6 Jul 2023 09:24:18 -0400 Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 256E41BD2; Thu, 6 Jul 2023 06:24:04 -0700 (PDT) Received: by mail-lj1-x22b.google.com with SMTP id 38308e7fff4ca-2b703d7ed3aso10557661fa.1; Thu, 06 Jul 2023 06:24:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649842; x=1691241842; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=TT7ciLyG4XLP2FDxdoJcpM/orayGJKZgxrCVbgJsD4I=; b=Rczw5F5JKo/dyfkxPmv4W3mIrU152v6CC5K1Bte/H+WvrKIlDnswnvCHB1FfOyN25q uD/9ib9uoPN0+LbqY2Iegrepy/x+8JKDfhFjYLZ+EuIEDJOr8SrzRtuxQ7Hy7M6GrPVS pIhNsIu6mfe39MDdiez3ILlTKuQ6+oGL/GKOWlz+emkgQ6HEbnEOXCaln6q2Hm55JmXb EpmhVCN4yyVHdFH1R3lsL4w7NKoG0eeLpcL35Sbb4v539g1TYrbgF/1+qyuQmUMivKvJ ZlmoGWW4ytgpeoIcQllzTXOqsmd1mf74DywbctEMfmrS9ThvtxDiwk7AHi7+forbsiJU dx4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649842; x=1691241842; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TT7ciLyG4XLP2FDxdoJcpM/orayGJKZgxrCVbgJsD4I=; b=ByzMMnfQ4nitwdXj2XYmeQFwQUJT2n+IyeZbumGb5pVN9E+UQll4LOvEUoFuohyuu5 GixrOiJF/BVP3+19xOEF00WQhoKZ0344yX3jN9jq54Aj5Gr+euhRj/HFg/gIardFaglk K9XNtkuBmOSxSYEP7fpRpuGjk6SMnE3Xlrye006x/4o9HfbEwHZ+Y+BIIUSr6R+1O3i6 Thl6LKp4DruGn7OjnlEQqZUVdWSzqnz8OFIjv4HxZ5s/bbg4dP1jDlq7JgY9amW+Z5Jb ZrVsAW14IsNP6vK+VBBsCidNmEQ8miJmUcAIjQd5OBpxMIX1Mr/Sttnbn+SKWbFVuDzU 0t+A== X-Gm-Message-State: ABy/qLaOtQqpkTzOuKlSeEDimaP9PvlTk+jYzDqlqU8TsEPTXVoucqTO CX8ZrFDNgC0Uz/H3TWaSi372XBN7R6VlRVUP X-Google-Smtp-Source: APBJJlGD+mN/egbEhVFe2WWSkW2qA3GDDP7muMeYVIY7DIE1PJGSNtxVeYrHn2iLEAGh9epVT2v/eg== X-Received: by 2002:a2e:6e19:0:b0:2b6:f009:d1b with SMTP id j25-20020a2e6e19000000b002b6f0090d1bmr1445409ljc.49.1688649841370; Thu, 06 Jul 2023 06:24:01 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.24.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:24:01 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , Ondrej Mosnacek , "GONG, Ruiqi" , linux-kernel@vger.kernel.org Subject: [RFC PATCH 17/20] selinux: services: implicit conversions Date: Thu, 6 Jul 2023 15:23:32 +0200 Message-Id: <20230706132337.15924-17-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the type identical to the source for local variables. Signed-off-by: Christian Göttsche --- security/selinux/ss/services.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 823b000381a4..e2cd6d7ea7cc 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -856,7 +856,7 @@ int security_bounded_transition(u32 old_sid, u32 new_sid) struct sidtab *sidtab; struct sidtab_entry *old_entry, *new_entry; struct type_datum *type; - int index; + u32 index; int rc; if (!selinux_initialized()) @@ -1511,9 +1511,7 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len, return -ENOMEM; if (!selinux_initialized()) { - int i; - - for (i = 1; i < SECINITSID_NUM; i++) { + for (u32 i = 1; i < SECINITSID_NUM; i++) { const char *s = initial_sid_to_string[i]; if (s && !strcmp(s, scontext2)) { From patchwork Thu Jul 6 13:23:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13303732 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 113FCEB64DD for ; Thu, 6 Jul 2023 13:24:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232608AbjGFNYq (ORCPT ); Thu, 6 Jul 2023 09:24:46 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41466 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232066AbjGFNYZ (ORCPT ); Thu, 6 Jul 2023 09:24:25 -0400 Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 11D301996; Thu, 6 Jul 2023 06:24:03 -0700 (PDT) Received: by mail-ej1-x62d.google.com with SMTP id a640c23a62f3a-991ef0b464cso360890266b.0; Thu, 06 Jul 2023 06:24:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649842; x=1691241842; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=+OeRMJNgQLsyF5aimQ/whtrHbhuHPfZmQfqR8CylHYA=; b=hFBEQezXTbHbSD+BN5ywIiq8h4XUw3ruQvxqxfvg6CreyrFM9hC/RYycBwHgQDegmh Ux4JImroUl+lxsB5pQFJ4xmBc7XRQjicyTAoDfSPC+MQc6+tdDUtLdpmKKk6OURtSxLp vkJqThRHzNcvdSw671k8xDg/6BKCEhyLj4P/0+63n+RHvH3SqvWsMk9aR7gxSzkQQuIz DqiezFA2r7xayiU0nql8Fni+Bt/1uXLHdcMWzazTsK9vojpa7Mq29ctoIfaJAJESCycb 9sRAUtMTQ2PJDv/tkygfdvlhkM9IgVB7StGDxrDFSAUiEd3IBhzVKM5hwW9GFc2Z8uVc MGeg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649842; x=1691241842; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+OeRMJNgQLsyF5aimQ/whtrHbhuHPfZmQfqR8CylHYA=; b=In7aU2o3r/u3EpZ0tobJ8w790Pseouk3d8GN/aMgco+16pnb+/6aFNrWWJ7xg7wT0R amBrDCi6Dlq9kHrW7dY72JzrQBEUtbam0gM8fYGD/ay60QgF8DYQ/cbC5tDVCjut/TVA 2QMpOrb5LOqXguyDJwyPfnF7VofHaOkEnJC9pxALn7VawWtK7fbgF/lSWEnyibhOjvl+ tEY28AbXAVJZBklbBbcIrZE+E+1OE9NWD9Pior66MPp4+EGzRaJV5EUeuuZWVC5/cgJK jM87Sbonb6i+B3uSVcIuQa7VcJMTO1nwxxJRm3QECN5c8V4VHDefKH7NplO2ukZNFrY0 7Y+Q== X-Gm-Message-State: ABy/qLZf3u1Yp1oF2ybmVVelQ2GEDUkhzwP4lMZqoK2+R+DsqQKMENZs Nq4VYHb2+AjsRUYnEi63Hfd0cE2EANlMJ2P/ X-Google-Smtp-Source: APBJJlEH7MLcr9wupFkHo2GwM7QB2cL22YDjFv3yD1HXDKEevol4qEEv8Ekf8Yj6z9B2lhHP/TfFvw== X-Received: by 2002:a17:906:29c:b0:977:d660:c5aa with SMTP id 28-20020a170906029c00b00977d660c5aamr2193565ejf.31.1688649842213; Thu, 06 Jul 2023 06:24:02 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.24.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:24:01 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 18/20] selinux: nlmsgtab: implicit conversion Date: Thu, 6 Jul 2023 15:23:33 +0200 Message-Id: <20230706132337.15924-18-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use an unsigned type as loop iterator. Signed-off-by: Christian Göttsche --- security/selinux/nlmsgtab.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/selinux/nlmsgtab.c b/security/selinux/nlmsgtab.c index 2ee7b4ed43ef..b36623d5cf11 100644 --- a/security/selinux/nlmsgtab.c +++ b/security/selinux/nlmsgtab.c @@ -153,9 +153,9 @@ static const struct nlmsg_perm nlmsg_audit_perms[] = { static int nlmsg_perm(u16 nlmsg_type, u32 *perm, const struct nlmsg_perm *tab, size_t tabsize) { - int i, err = -EINVAL; + int err = -EINVAL; - for (i = 0; i < tabsize/sizeof(struct nlmsg_perm); i++) + for (u32 i = 0; i < tabsize/sizeof(struct nlmsg_perm); i++) if (nlmsg_type == tab[i].nlmsg_type) { *perm = tab[i].perm; err = 0; From patchwork Thu Jul 6 13:23:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13303733 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 05A24C001B0 for ; Thu, 6 Jul 2023 13:24:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232490AbjGFNYs (ORCPT ); Thu, 6 Jul 2023 09:24:48 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41862 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232369AbjGFNY1 (ORCPT ); Thu, 6 Jul 2023 09:24:27 -0400 Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F1F3E1FF5; Thu, 6 Jul 2023 06:24:05 -0700 (PDT) Received: by mail-lj1-x232.google.com with SMTP id 38308e7fff4ca-2b5c231c23aso10477831fa.0; Thu, 06 Jul 2023 06:24:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649844; x=1691241844; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=nn4pFvZABfTjKU9YrTeBoguU9feOF4gfW94L1p7i5hU=; b=gUiIINmlSl//9me/XihypS9ph/uurS7b+gobd0svEUr+LMeWisf6Xoxe805QzCKoMm H5inKyTFnh6rEOLylIuyLTm5bgW0tmAMjrVHfvxrX3S/oKyvewXnZfnhWXgbCMFohjbM rILBvZIgaNNGvv9ZqY8GM3gpSnhPLCG5LegeNH86S+or2cOJmNpl0dHUFwSOWr2LLxaq aMTIW4XzZpfD6U0pwnOVqU5HFw8BWfE4zyoq/60ARR1OPLmz9XpdxBljTdxGDPngMEsB KRJVP33Y9Arh0i4QM7LkD9O8BPMtTsst1RfWxUMLWkLIyVvpbuKSmoFxmGKLR+lzX0e2 2dMw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649844; x=1691241844; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=nn4pFvZABfTjKU9YrTeBoguU9feOF4gfW94L1p7i5hU=; b=VWMox+U45fTpK62uqUGEsgfNo8ciU3oVYT7ogVFQkuT/Vglngqak38x9FdeUSxI9MK a52hCccaL7xSJ+X24l+XGld0g+BcJyiRWCxkaMinZtpU8gvj1PvExGok/+Cuyt/eeOUi 4mvBagJlQawkcLWwV1VX3+S4Cgw+knHB+4BHeWJxvtoR/K4HFx/7m0sZh13lxlkn+YWv GSlXhDiiTj+/KA7+i2wpuED6j7ZW7h0f+o34ezzYxqeT1Nj1t+xxc5GQkIVzx8K0OiSA JcJEYlF6ybDgaYc5JTTpP+P0UtYxarS8uUoB+5gTRaHizEtiCpYX7ufWLlF47sHcGfkW 4mfw== X-Gm-Message-State: ABy/qLaxcAjLLKfOMEt39tv3O1j0+cnCX5CM2qMi9x9HS0WWIG6JQsKm 2eqweVEh8+LSgFh40/voDlJvqD429aPkWcV+ X-Google-Smtp-Source: APBJJlFEqQMUrys4nGsDxvqdKjjZ1NGFrY/klrFAXnZ+WkS3ux2ihxid1z/5bXCE2FEGk/h2O/34jg== X-Received: by 2002:a2e:8210:0:b0:2b6:ece0:a3c1 with SMTP id w16-20020a2e8210000000b002b6ece0a3c1mr1365397ljg.35.1688649843757; Thu, 06 Jul 2023 06:24:03 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.24.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:24:03 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , Ondrej Mosnacek , Xiu Jianfeng , linux-kernel@vger.kernel.org Subject: [RFC PATCH 19/20] selinux: status: avoid implicit conversions regarding enforcing status Date: Thu, 6 Jul 2023 15:23:34 +0200 Message-Id: <20230706132337.15924-19-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the type bool as parameter type in selinux_status_update_setenforce(). The related function enforcing_enabled() returns the type bool, while the struct selinux_kernel_status member enforcing uses an u32. Signed-off-by: Christian Göttsche --- security/selinux/include/security.h | 2 +- security/selinux/selinuxfs.c | 7 ++++--- security/selinux/status.c | 4 ++-- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index a16c52d553e1..d0837efde62b 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -375,7 +375,7 @@ struct selinux_kernel_status { */ } __packed; -extern void selinux_status_update_setenforce(int enforcing); +extern void selinux_status_update_setenforce(bool enforcing); extern void selinux_status_update_policyload(u32 seqno); extern void selinux_complete_init(void); extern struct path selinux_null; diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index c3ac0468f698..88d856f5c6bc 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -137,7 +137,8 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf, { char *page = NULL; ssize_t length; - int old_value, new_value; + int scan_value; + bool old_value, new_value; if (count >= PAGE_SIZE) return -ENOMEM; @@ -151,10 +152,10 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf, return PTR_ERR(page); length = -EINVAL; - if (sscanf(page, "%d", &new_value) != 1) + if (sscanf(page, "%d", &scan_value) != 1) goto out; - new_value = !!new_value; + new_value = !!scan_value; old_value = enforcing_enabled(); if (new_value != old_value) { diff --git a/security/selinux/status.c b/security/selinux/status.c index e436e4975adc..dffca22ce6f7 100644 --- a/security/selinux/status.c +++ b/security/selinux/status.c @@ -76,7 +76,7 @@ struct page *selinux_kernel_status_page(void) * * It updates status of the current enforcing/permissive mode. */ -void selinux_status_update_setenforce(int enforcing) +void selinux_status_update_setenforce(bool enforcing) { struct selinux_kernel_status *status; @@ -87,7 +87,7 @@ void selinux_status_update_setenforce(int enforcing) status->sequence++; smp_wmb(); - status->enforcing = enforcing; + status->enforcing = enforcing ? 1 : 0; smp_wmb(); status->sequence++; From patchwork Thu Jul 6 13:23:35 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13303734 X-Patchwork-Delegate: paul@paul-moore.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 43DA5EB64DC for ; Thu, 6 Jul 2023 13:24:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232624AbjGFNYt (ORCPT ); Thu, 6 Jul 2023 09:24:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41258 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232477AbjGFNY1 (ORCPT ); Thu, 6 Jul 2023 09:24:27 -0400 Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4816D1FFA; Thu, 6 Jul 2023 06:24:06 -0700 (PDT) Received: by mail-ej1-x630.google.com with SMTP id a640c23a62f3a-9741caaf9d4so80309866b.0; Thu, 06 Jul 2023 06:24:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1688649844; x=1691241844; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=PKZMCCQ7wVVZeBi4fnxNrrCgfWKmBY0QQttlYN04RUs=; b=muMEGpAzBHoY1MUttdjulommg6urYMBgqAf79lMnKAkKiLzwVe8gSTZQ9T/xHy04ZV 9hg+R5svbXxS3mCWeU+qFOrB+knC7NugjL8h5lNJv3ApRtujq9SNzam0CiOmapqlJj5H cPSDQOn1VanGnQEwDtu3z92yA30uD+fryYr7sMce4KVF2KK4te5NqVXCs5qoYitIJKXR lXCOAVmr/sMlosDCDntFJEDuJUJHRDDvs6qVEiRBBuiMfhJml818V4oJSbvQcuLznkz8 m8qkeKKbBfFAj2/71tqIwx9ABUTOWLOX191nLz1wsyyRT3jQFsy0+s05QFFA5KoI6BCm HerA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688649844; x=1691241844; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=PKZMCCQ7wVVZeBi4fnxNrrCgfWKmBY0QQttlYN04RUs=; b=emcbEmzGA4LGmi+S1u0GXOqjaW42ThHa05udoUT0n7PGEco/uu1B3u2oifcDKVUElR 98l6H19QIV2qHI23YykiGOgHzJBpZn96QI2it8jfEB1zsvK7koURcvc6IVjASpBNeXih znussI0X3VZsO/CO4cpkqZCBw+fWo40XO1PMbeGqrfW8o/P2GyR+KX6f3PtELuVtT7Sf 6kSjJcpl56AbClFiOmMzCG4eDDawTalxLRFJWN43HJiAjx/DtKl9mqAMYVsmHNFk/yFk KdsqpbpMTOYIDcO6dha8SY5QYVUEjmdiqK6s1lqOG51bZlrBuwE3lpbGUyVfqiSbO58V PXuw== X-Gm-Message-State: ABy/qLYsfXiRGJszNVBhUeXXFBSBYMO5b5kUsH4lFBK8HxOZBVpweklr bxZsEvlwrAvKUCYmlSUuhgGzhwK3gLjXTfBZ X-Google-Smtp-Source: APBJJlFckSqvoDXL/eQidtpW3U+6Djau0WKh/p6TYRKDgZMhLIer1UJ7Tx87tsWh35bpRmAih2z3ZA== X-Received: by 2002:a17:906:7e11:b0:988:699d:64d0 with SMTP id e17-20020a1709067e1100b00988699d64d0mr1759883ejr.32.1688649844399; Thu, 06 Jul 2023 06:24:04 -0700 (PDT) Received: from debian_development.DebianHome (dynamic-077-008-088-179.77.8.pool.telefonica.de. [77.8.88.179]) by smtp.gmail.com with ESMTPSA id r2-20020a170906364200b00988dbbd1f7esm808024ejb.213.2023.07.06.06.24.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 Jul 2023 06:24:04 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Cc: Paul Moore , Stephen Smalley , Eric Paris , linux-kernel@vger.kernel.org Subject: [RFC PATCH 20/20] selinux: selinuxfs: avoid implicit conversions Date: Thu, 6 Jul 2023 15:23:35 +0200 Message-Id: <20230706132337.15924-20-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use unsigned loop counters where the upper bound is of unsigned type. Signed-off-by: Christian Göttsche --- security/selinux/selinuxfs.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 88d856f5c6bc..a2dc415779ae 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1074,7 +1074,7 @@ static ssize_t sel_write_user(struct file *file, char *buf, size_t size) u32 sid, *sids = NULL; ssize_t length; char *newcon; - int i, rc; + int rc; u32 len, nsids; length = avc_has_perm(current_sid(), SECINITSID_SECURITY, @@ -1107,7 +1107,7 @@ static ssize_t sel_write_user(struct file *file, char *buf, size_t size) length = sprintf(buf, "%u", nsids) + 1; ptr = buf + length; - for (i = 0; i < nsids; i++) { + for (u32 i = 0; i < nsids; i++) { rc = security_sid_to_context(sids[i], &newcon, &len); if (rc) { length = rc; @@ -1612,7 +1612,6 @@ static int sel_make_avc_files(struct dentry *dir) { struct super_block *sb = dir->d_sb; struct selinux_fs_info *fsi = sb->s_fs_info; - int i; static const struct tree_descr files[] = { { "cache_threshold", &sel_avc_cache_threshold_ops, S_IRUGO|S_IWUSR }, @@ -1622,7 +1621,7 @@ static int sel_make_avc_files(struct dentry *dir) #endif }; - for (i = 0; i < ARRAY_SIZE(files); i++) { + for (u32 i = 0; i < ARRAY_SIZE(files); i++) { struct inode *inode; struct dentry *dentry; @@ -1648,12 +1647,11 @@ static int sel_make_ss_files(struct dentry *dir) { struct super_block *sb = dir->d_sb; struct selinux_fs_info *fsi = sb->s_fs_info; - int i; static const struct tree_descr files[] = { { "sidtab_hash_stats", &sel_sidtab_hash_stats_ops, S_IRUGO }, }; - for (i = 0; i < ARRAY_SIZE(files); i++) { + for (u32 i = 0; i < ARRAY_SIZE(files); i++) { struct inode *inode; struct dentry *dentry; @@ -1699,9 +1697,7 @@ static const struct file_operations sel_initcon_ops = { static int sel_make_initcon_files(struct dentry *dir) { - int i; - - for (i = 1; i <= SECINITSID_NUM; i++) { + for (u32 i = 1; i <= SECINITSID_NUM; i++) { struct inode *inode; struct dentry *dentry; const char *s = security_get_initial_sid_context(i);