selinux: use u16 for security classes

Security class identifiers are limited to 2^16, thus use the appropriate
type u16 consistently.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 250402a03758d723c7aeb4b570efb62eddd25afb..c28bae6364eec665d30a436ebdf3ea3c76411a1b 100644 (file)
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -932,7 +932,7 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s)
        return 0;
 }
 
-int policydb_class_isvalid(struct policydb *p, unsigned int class)
+int policydb_class_isvalid(struct policydb *p, u16 class)
 {
        if (!class || class > p->p_classes.nprim)
                return 0;
@@ -2006,7 +2006,8 @@ static int filename_trans_read_helper(struct policydb *p, struct policy_file *fp
        struct filename_trans_key *ft = NULL;
        struct filename_trans_datum **dst, *datum, *first = NULL;
        char *name = NULL;
-       u32 len, ttype, tclass, ndatum, i;
+       u32 len, ttype, ndatum, i;
+       u16 tclass;
        __le32 buf[3];
        int rc;
 

diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index 89a180b1742fb8a2469971dc558433e834373ad6..a49275d1168d8239b9683181a8bb0ec6d8d4640d 100644 (file)
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -48,7 +48,7 @@ struct common_datum {
 
 /* Class attributes */
 struct class_datum {
-       u32 value; /* class value */
+       u16 value; /* class value */
        char *comkey; /* common name */
        struct common_datum *comdatum; /* common datum */
        struct symtab permissions; /* class-specific permission symbol table */
@@ -82,7 +82,7 @@ struct role_datum {
 struct role_trans_key {
        u32 role; /* current role */
        u32 type; /* program executable type, or new object type */
-       u32 tclass; /* process class, or new object class */
+       u16 tclass; /* process class, or new object class */
 };
 
 struct role_trans_datum {
@@ -139,7 +139,7 @@ struct cat_datum {
 struct range_trans {
        u32 source_type;
        u32 target_type;
-       u32 target_class;
+       u16 target_class;
 };
 
 /* Boolean data type */
@@ -195,7 +195,7 @@ struct ocontext {
                } ibendport;
        } u;
        union {
-               u32 sclass; /* security class for genfs */
+               u16 sclass; /* security class for genfs */
                u32 behavior; /* labeling behavior for fs_use */
        } v;
        struct context context[2]; /* security context(s) */
@@ -322,7 +322,7 @@ struct policy_file {
 extern void policydb_destroy(struct policydb *p);
 extern int policydb_load_isids(struct policydb *p, struct sidtab *s);
 extern int policydb_context_isvalid(struct policydb *p, struct context *c);
-extern int policydb_class_isvalid(struct policydb *p, unsigned int class);
+extern int policydb_class_isvalid(struct policydb *p, u16 class);
 extern int policydb_type_isvalid(struct policydb *p, unsigned int type);
 extern int policydb_role_isvalid(struct policydb *p, unsigned int role);
 extern int policydb_read(struct policydb *p, struct policy_file *fp);

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index e8e7ccbd1e44851ec6c489a7c3af87f5c067620e..406d351b50434a8eb7dcf9e8890228ad111832da 100644 (file)
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -3413,7 +3413,7 @@ static int get_classes_callback(void *k, void *d, void *args)
 {
        struct class_datum *datum = d;
        char *name = k, **classes = args;
-       u32 value = datum->value - 1;
+       u16 value = datum->value - 1;
 
        classes[value] = kstrdup(name, GFP_ATOMIC);
        if (!classes[value])