diff options
author | Stephen Smalley <sds@tycho.nsa.gov> | 2017-07-25 12:14:12 -0400 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2017-07-31 19:03:02 -0400 |
commit | 20a8d62eeff844a8624d6b58a0227c057b1aa43f (patch) | |
tree | 56877fcae339098e9651439856d37fc0e84cd7a6 /scripts/selinux | |
parent | cd0d877d633ef46ec72d53eebe0bf930e7506fa4 (diff) |
selinux: genheaders should fail if too many permissions are defined
Ensure that genheaders fails with an error if too many permissions
are defined in a class to fit within an access vector. This is similar
to a check performed by checkpolicy when compiling the policy.
Also, fix the suffix on the permission constants generated by this program.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'scripts/selinux')
-rw-r--r-- | scripts/selinux/genheaders/genheaders.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/scripts/selinux/genheaders/genheaders.c b/scripts/selinux/genheaders/genheaders.c index 6a24569c3578..672b069dcfea 100644 --- a/scripts/selinux/genheaders/genheaders.c +++ b/scripts/selinux/genheaders/genheaders.c @@ -129,11 +129,16 @@ int main(int argc, char *argv[]) for (i = 0; secclass_map[i].name; i++) { struct security_class_mapping *map = &secclass_map[i]; for (j = 0; map->perms[j]; j++) { + if (j >= 32) { + fprintf(stderr, "Too many permissions to fit into an access vector at (%s, %s).\n", + map->name, map->perms[j]); + exit(5); + } fprintf(fout, "#define %s__%s", map->name, map->perms[j]); for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++) fprintf(fout, " "); - fprintf(fout, "0x%08xUL\n", (1<<j)); + fprintf(fout, "0x%08xU\n", (1<<j)); } } |