On Mon, Apr 20, 2020 at 9:27 AM Ondrej Mosnacek <omosnace@xxxxxxxxxx> wrote:
>
> I thought I fixed the counting in filename_trans_read_helper() to count
> the compat rule count correctly in the final version, but it's still
> wrong. To really count the same thing as in the compat path, we'd need
> to add up the cardinalities of stype bitmaps of all datums.
>
> Since the kernel currently doesn't implement an ebitmap_cardinality()
> function (and computing the proper count would just waste CPU cycles
> anyway), just document that we use the field only in case of the old
> format and stop updating it in filename_trans_read_helper().
>
> Fixes: 430059024389 ("selinux: implement new format of filename transitions")
> Signed-off-by: Ondrej Mosnacek <omosnace@xxxxxxxxxx>
> ---
> security/selinux/ss/policydb.c | 11 +++--------
> security/selinux/ss/policydb.h | 3 ++-
> 2 files changed, 5 insertions(+), 9 deletions(-)
Seems reasonable. Merged into selinux/next.
--
paul moore
www.paul-moore.com
