[RFC PATCH 00/20] selinux: be more strict about integer conversions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The C language allows implicit conversions between distinct integer types.
These conversions can lead to unintended truncations or sign extensions.
Be more strict about integer types by using identical types where
applicable.

This patches utilizes the C99 feature of declaring loop iterators inside
for loops, supported since Linux 5.18.

Not all implicit conversions are removed, there are still many in the
selinuxfs code related to foreign interfaces, error-pointer related ones,
and some truncations around reading class, type and other identifiers from
binary policies (which might be subject for future work).

A possible instance of a integer conversion related issue might have been
reported at [1].


[1]: https://lore.kernel.org/selinux/0fad7bb5f511433ca59140a813e2d200@xxxxxxxxxxx/


Christian Göttsche (20):
  selinux: check for multiplication overflow in put_entry()
  selinux: avtab: avoid implicit conversions
  selinux: avoid avtab overflows
  selinux: ebitmap: use u32 as bit type
  selinux: hashtab: use identical iterator type
  selinux: mls: avoid implicit conversions
  selinux: services: update type for umber of class permissions
  selinux: services: avoid implicit conversions
  selinux: status: consistently use u32 as sequence number type
  selinux: netif: avoid implicit conversions
  selinux: avc: avoid implicit conversions
  selinux: hooks: avoid implicit conversions
  selinux: selinuxfs: avoid implicit conversions
  selinux: use consistent type for AV rule specifier
  selinux: policydb: implicit conversions
  selinux: symtab: implicit conversion
  selinux: services: implicit conversions
  selinux: nlmsgtab: implicit conversion
  selinux: status: avoid implicit conversions regarding enforcing status
  selinux: selinuxfs: avoid implicit conversions

 security/selinux/avc.c              |  15 ++--
 security/selinux/hooks.c            |  26 +++----
 security/selinux/include/security.h |   8 +-
 security/selinux/netif.c            |   4 +-
 security/selinux/nlmsgtab.c         |   4 +-
 security/selinux/selinuxfs.c        |  33 ++++----
 security/selinux/ss/avtab.c         |  44 ++++++-----
 security/selinux/ss/avtab.h         |   2 +-
 security/selinux/ss/ebitmap.c       |  32 ++++----
 security/selinux/ss/ebitmap.h       |  32 ++++----
 security/selinux/ss/hashtab.c       |   6 +-
 security/selinux/ss/mls.c           |  11 +--
 security/selinux/ss/policydb.c      | 112 ++++++++++++++++------------
 security/selinux/ss/policydb.h      |   7 +-
 security/selinux/ss/services.c      |  36 ++++-----
 security/selinux/ss/services.h      |   2 +-
 security/selinux/ss/symtab.c        |   2 +-
 security/selinux/ss/symtab.h        |   2 +-
 security/selinux/status.c           |   6 +-
 19 files changed, 195 insertions(+), 189 deletions(-)

-- 
2.40.1
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux