On Fri, Dec 8, 2023 at 11:05 AM Stephen Smalley
<stephen.smalley.work@xxxxxxxxx> wrote:
>
> On Thu, Dec 7, 2023 at 11:53 AM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
> >
> > Limit the maximum length of permission identifiers. Otherwise
> > formatting an access vector might fail in the common used helper
> > sepol_av_to_string().
> >
> > The current longest permission within the Reference Policy is
> > x_application_data { paste_after_confirm } with a length of 19.
>
> Android has longer permission names. I'd rather just fix
> sepol_av_to_string() than impose some arbitrary limit here.
Looking at AOSP master, it appears that the longest permission is
32-bytes but since we haven't imposed such a limit in the past, we
have no way of knowing what any particular version of refpolicy, AOSP
policy, or downstream policies might have used.
