[RFC,08/20] selinux: services: avoid implicit conversions

Message ID	20230706132337.15924-8-cgzones@googlemail.com (mailing list archive)
State	Changes Requested
Delegated to:	Paul Moore
Headers	show Return-Path: <selinux-owner@vger.kernel.org> From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> To: selinux@vger.kernel.org Cc: Paul Moore <paul@paul-moore.com>, Stephen Smalley <stephen.smalley.work@gmail.com>, Eric Paris <eparis@parisplace.org>, Ondrej Mosnacek <omosnace@redhat.com>, Casey Schaufler <casey@schaufler-ca.com>, Xiu Jianfeng <xiujianfeng@huaweicloud.com>, "GONG, Ruiqi" <gongruiqi1@huawei.com>, linux-kernel@vger.kernel.org Subject: [RFC PATCH 08/20] selinux: services: avoid implicit conversions Date: Thu, 6 Jul 2023 15:23:23 +0200 Message-Id: <20230706132337.15924-8-cgzones@googlemail.com> In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com> References: <20230706132337.15924-1-cgzones@googlemail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	[RFC,01/20] selinux: check for multiplication overflow in put_entry() \| expand [RFC,01/20] selinux: check for multiplication overflow in put_entry() [RFC,02/20] selinux: avtab: avoid implicit conversions [RFC,03/20] selinux: avoid avtab overflows [RFC,04/20] selinux: ebitmap: use u32 as bit type [RFC,05/20] selinux: hashtab: use identical iterator type [RFC,06/20] selinux: mls: avoid implicit conversions [RFC,07/20] selinux: services: update type for umber of class permissions [RFC,08/20] selinux: services: avoid implicit conversions [RFC,09/20] selinux: status: consistently use u32 as sequence number type [RFC,10/20] selinux: netif: avoid implicit conversions [RFC,11/20] selinux: avc: avoid implicit conversions [RFC,12/20] selinux: hooks: avoid implicit conversions [RFC,13/20] selinux: selinuxfs: avoid implicit conversions [RFC,14/20] selinux: use consistent type for AV rule specifier [RFC,15/20] selinux: policydb: implicit conversions [RFC,16/20] selinux: symtab: implicit conversion [RFC,17/20] selinux: services: implicit conversions [RFC,18/20] selinux: nlmsgtab: implicit conversion [RFC,19/20] selinux: status: avoid implicit conversions regarding enforcing status [RFC,20/20] selinux: selinuxfs: avoid implicit conversions

Message ID

20230706132337.15924-8-cgzones@googlemail.com (mailing list archive)

State

Changes Requested

Delegated to:

Paul Moore

Headers

From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Cc: Paul Moore <paul@paul-moore.com>,
        Stephen Smalley <stephen.smalley.work@gmail.com>,
        Eric Paris <eparis@parisplace.org>,
        Ondrej Mosnacek <omosnace@redhat.com>,
        Casey Schaufler <casey@schaufler-ca.com>,
        Xiu Jianfeng <xiujianfeng@huaweicloud.com>,
        "GONG, Ruiqi" <gongruiqi1@huawei.com>, linux-kernel@vger.kernel.org
Subject: [RFC PATCH 08/20] selinux: services: avoid implicit conversions
Date: Thu,  6 Jul 2023 15:23:23 +0200
Message-Id: <20230706132337.15924-8-cgzones@googlemail.com>
In-Reply-To: <20230706132337.15924-1-cgzones@googlemail.com>
References: <20230706132337.15924-1-cgzones@googlemail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

[RFC,01/20] selinux: check for multiplication overflow in put_entry() | expand

Commit Message

Christian Göttsche July 6, 2023, 1:23 p.m. UTC

Use u32 as the output parameter type in security_get_classes() and
security_get_permissions(), based on the type of the symtab nprim
member.

Declare the read-only class string parameter of
security_get_permissions() const.

Avoid several implicit conversions by using the identical type for the
destination.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 security/selinux/include/security.h |  4 ++--
 security/selinux/selinuxfs.c        |  7 ++++---
 security/selinux/ss/services.c      | 22 +++++++++-------------
 3 files changed, 15 insertions(+), 18 deletions(-)

Comments

Paul Moore July 18, 2023, 10:01 p.m. UTC | #1

On Jul  6, 2023 =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com> wrote:
> 
> Use u32 as the output parameter type in security_get_classes() and
> security_get_permissions(), based on the type of the symtab nprim
> member.
> 
> Declare the read-only class string parameter of
> security_get_permissions() const.
> 
> Avoid several implicit conversions by using the identical type for the
> destination.
> 
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
>  security/selinux/include/security.h |  4 ++--
>  security/selinux/selinuxfs.c        |  7 ++++---
>  security/selinux/ss/services.c      | 22 +++++++++-------------
>  3 files changed, 15 insertions(+), 18 deletions(-)

More loop iterators ...

--
paul-moore.com

diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 665c4e5bae99..0f93fd019bb4 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -312,9 +312,9 @@  int security_net_peersid_resolve(u32 nlbl_sid, u32 nlbl_type,
 				 u32 *peer_sid);
 
 int security_get_classes(struct selinux_policy *policy,
-			 char ***classes, int *nclasses);
+			 char ***classes, u32 *nclasses);
 int security_get_permissions(struct selinux_policy *policy,
-			     char *class, char ***perms, int *nperms);
+			     const char *class, char ***perms, u32 *nperms);
 int security_get_reject_unknown(void);
 int security_get_allow_unknown(void);
 
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index bad1f6b685fd..16036633ddd3 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1797,7 +1797,8 @@  static int sel_make_perm_files(struct selinux_policy *newpolicy,
 			char *objclass, int classvalue,
 			struct dentry *dir)
 {
-	int i, rc, nperms;
+	u32 i, nperms;
+	int rc;
 	char **perms;
 
 	rc = security_get_permissions(newpolicy, objclass, &perms, &nperms);
@@ -1867,8 +1868,8 @@  static int sel_make_classes(struct selinux_policy *newpolicy,
 			    struct dentry *class_dir,
 			    unsigned long *last_class_ino)
 {
-
-	int rc, nclasses, i;
+	u32 i, nclasses;
+	int rc;
 	char **classes;
 
 	rc = security_get_classes(newpolicy, &classes, &nclasses);
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 3275cfe2c8f7..2e2b17b00298 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2822,7 +2822,6 @@  static inline int __security_genfs_sid(struct selinux_policy *policy,
 {
 	struct policydb *policydb = &policy->policydb;
 	struct sidtab *sidtab = policy->sidtab;
-	int len;
 	u16 sclass;
 	struct genfs *genfs;
 	struct ocontext *c;
@@ -2844,7 +2843,7 @@  static inline int __security_genfs_sid(struct selinux_policy *policy,
 		return -ENOENT;
 
 	for (c = genfs->head; c; c = c->next) {
-		len = strlen(c->u.name);
+		size_t len = strlen(c->u.name);
 		if ((!c->v.sclass || sclass == c->v.sclass) &&
 		    (strncmp(c->u.name, path, len) == 0))
 			break;
@@ -3332,7 +3331,7 @@  static int get_classes_callback(void *k, void *d, void *args)
 {
 	struct class_datum *datum = d;
 	char *name = k, **classes = args;
-	int value = datum->value - 1;
+	u32 value = datum->value - 1;
 
 	classes[value] = kstrdup(name, GFP_ATOMIC);
 	if (!classes[value])
@@ -3342,7 +3341,7 @@  static int get_classes_callback(void *k, void *d, void *args)
 }
 
 int security_get_classes(struct selinux_policy *policy,
-			 char ***classes, int *nclasses)
+			 char ***classes, u32 *nclasses)
 {
 	struct policydb *policydb;
 	int rc;
@@ -3358,8 +3357,7 @@  int security_get_classes(struct selinux_policy *policy,
 	rc = hashtab_map(&policydb->p_classes.table, get_classes_callback,
 			 *classes);
 	if (rc) {
-		int i;
-		for (i = 0; i < *nclasses; i++)
+		for (u32 i = 0; i < *nclasses; i++)
 			kfree((*classes)[i]);
 		kfree(*classes);
 	}
@@ -3372,7 +3370,7 @@  static int get_permissions_callback(void *k, void *d, void *args)
 {
 	struct perm_datum *datum = d;
 	char *name = k, **perms = args;
-	int value = datum->value - 1;
+	u32 value = datum->value - 1;
 
 	perms[value] = kstrdup(name, GFP_ATOMIC);
 	if (!perms[value])
@@ -3382,10 +3380,10 @@  static int get_permissions_callback(void *k, void *d, void *args)
 }
 
 int security_get_permissions(struct selinux_policy *policy,
-			     char *class, char ***perms, int *nperms)
+			     const char *class, char ***perms, u32 *nperms)
 {
 	struct policydb *policydb;
-	int rc, i;
+	int rc;
 	struct class_datum *match;
 
 	policydb = &policy->policydb;
@@ -3420,7 +3418,7 @@  int security_get_permissions(struct selinux_policy *policy,
 	return rc;
 
 err:
-	for (i = 0; i < *nperms; i++)
+	for (u32 i = 0; i < *nperms; i++)
 		kfree((*perms)[i]);
 	kfree(*perms);
 	return rc;
@@ -3600,9 +3598,7 @@  int selinux_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
 /* Check to see if the rule contains any selinux fields */
 int selinux_audit_rule_known(struct audit_krule *rule)
 {
-	int i;
-
-	for (i = 0; i < rule->field_count; i++) {
+	for (u32 i = 0; i < rule->field_count; i++) {
 		struct audit_field *f = &rule->fields[i];
 		switch (f->type) {
 		case AUDIT_SUBJ_USER:

[RFC,08/20] selinux: services: avoid implicit conversions

Commit Message

Comments

Patch