On Fri, Aug 18, 2023 at 11:29 AM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> Reject ebitmaps with a node containing an empty map or with an incorrect
> highbit. Both checks are already performed by userspace, the former
> since 2008 (patch 13cd4c896068 ("initial import from svn trunk revision
> 2950")), the latter since v2.7 in 2017 (patch 75b14a5de10a ("libsepol:
> ebitmap: reject loading bitmaps with incorrect high bit")).
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
Reviewed-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
