summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorChristian Göttsche <cgzones@googlemail.com>2023-08-07 19:11:38 +0200
committerPaul Moore <paul@paul-moore.com>2023-08-09 19:07:48 -0400
commitaa4b60518280834529f75cb7667ffac91967abea (patch)
treee8aa4d49996aeae2c492804a1b0b222fef180ab6 /security
parent002903e1d10fd8c9e215d88e0c71f609a4af5755 (diff)
selinux: make left shifts well defined
The loops upper bound represent the number of permissions used (for the current class or in general). The limit for this is 32, thus we might left shift of one less, 31. Shifting a base of 1 results in undefined behavior; use (u32)1 as base. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/ss/services.c12
1 files changed, 6 insertions, 6 deletions
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index dacec2ebdcd7..1eeffc66ea7d 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -207,22 +207,22 @@ static void map_decision(struct selinux_map *map,
for (i = 0, result = 0; i < n; i++) {
if (avd->allowed & mapping->perms[i])
- result |= 1<<i;
+ result |= (u32)1<<i;
if (allow_unknown && !mapping->perms[i])
- result |= 1<<i;
+ result |= (u32)1<<i;
}
avd->allowed = result;
for (i = 0, result = 0; i < n; i++)
if (avd->auditallow & mapping->perms[i])
- result |= 1<<i;
+ result |= (u32)1<<i;
avd->auditallow = result;
for (i = 0, result = 0; i < n; i++) {
if (avd->auditdeny & mapping->perms[i])
- result |= 1<<i;
+ result |= (u32)1<<i;
if (!allow_unknown && !mapping->perms[i])
- result |= 1<<i;
+ result |= (u32)1<<i;
}
/*
* In case the kernel has a bug and requests a permission
@@ -230,7 +230,7 @@ static void map_decision(struct selinux_map *map,
* should audit that denial
*/
for (; i < (sizeof(u32)*8); i++)
- result |= 1<<i;
+ result |= (u32)1<<i;
avd->auditdeny = result;
}
}