summaryrefslogtreecommitdiff
path: root/scripts/selinux
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2017-07-25 12:14:12 -0400
committerPaul Moore <paul@paul-moore.com>2017-07-31 19:03:02 -0400
commit20a8d62eeff844a8624d6b58a0227c057b1aa43f (patch)
tree56877fcae339098e9651439856d37fc0e84cd7a6 /scripts/selinux
parentcd0d877d633ef46ec72d53eebe0bf930e7506fa4 (diff)
selinux: genheaders should fail if too many permissions are defined
Ensure that genheaders fails with an error if too many permissions are defined in a class to fit within an access vector. This is similar to a check performed by checkpolicy when compiling the policy. Also, fix the suffix on the permission constants generated by this program. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'scripts/selinux')
-rw-r--r--scripts/selinux/genheaders/genheaders.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/scripts/selinux/genheaders/genheaders.c b/scripts/selinux/genheaders/genheaders.c
index 6a24569c3578..672b069dcfea 100644
--- a/scripts/selinux/genheaders/genheaders.c
+++ b/scripts/selinux/genheaders/genheaders.c
@@ -129,11 +129,16 @@ int main(int argc, char *argv[])
for (i = 0; secclass_map[i].name; i++) {
struct security_class_mapping *map = &secclass_map[i];
for (j = 0; map->perms[j]; j++) {
+ if (j >= 32) {
+ fprintf(stderr, "Too many permissions to fit into an access vector at (%s, %s).\n",
+ map->name, map->perms[j]);
+ exit(5);
+ }
fprintf(fout, "#define %s__%s", map->name,
map->perms[j]);
for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++)
fprintf(fout, " ");
- fprintf(fout, "0x%08xUL\n", (1<<j));
+ fprintf(fout, "0x%08xU\n", (1<<j));
}
}