Ensure that genheaders fails with an error if too many permissions are defined in a class to fit within an access vector. This is similar to a check performed by checkpolicy when compiling the policy.
Also, fix the suffix on the permission constants generated by this program. Signed-off-by: Stephen Smalley <[email protected]> --- scripts/selinux/genheaders/genheaders.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/selinux/genheaders/genheaders.c b/scripts/selinux/genheaders/genheaders.c index 6a24569..672b069 100644 --- a/scripts/selinux/genheaders/genheaders.c +++ b/scripts/selinux/genheaders/genheaders.c @@ -129,11 +129,16 @@ int main(int argc, char *argv[]) for (i = 0; secclass_map[i].name; i++) { struct security_class_mapping *map = &secclass_map[i]; for (j = 0; map->perms[j]; j++) { + if (j >= 32) { + fprintf(stderr, "Too many permissions to fit into an access vector at (%s, %s).\n", + map->name, map->perms[j]); + exit(5); + } fprintf(fout, "#define %s__%s", map->name, map->perms[j]); for (k = 0; k < max(1, 40 - strlen(map->name) - strlen(map->perms[j])); k++) fprintf(fout, " "); - fprintf(fout, "0x%08xUL\n", (1<<j)); + fprintf(fout, "0x%08xU\n", (1<<j)); } } -- 2.9.4
