selinux: make left shifts well defined

The loops upper bound represent the number of permissions used (for the
current class or in general).  The limit for this is 32, thus we might
left shift of one less, 31.  Shifting a base of 1 results in undefined
behavior; use (u32)1 as base.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index dacec2ebdcd7d8852d9373c06ca7ba9cbc831980..1eeffc66ea7d7a4ead4d92bca14c35a8c98ab01c 100644 (file)
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -207,22 +207,22 @@ static void map_decision(struct selinux_map *map,
 
                for (i = 0, result = 0; i < n; i++) {
                        if (avd->allowed & mapping->perms[i])
-                               result |= 1<<i;
+                               result |= (u32)1<<i;
                        if (allow_unknown && !mapping->perms[i])
-                               result |= 1<<i;
+                               result |= (u32)1<<i;
                }
                avd->allowed = result;
 
                for (i = 0, result = 0; i < n; i++)
                        if (avd->auditallow & mapping->perms[i])
-                               result |= 1<<i;
+                               result |= (u32)1<<i;
                avd->auditallow = result;
 
                for (i = 0, result = 0; i < n; i++) {
                        if (avd->auditdeny & mapping->perms[i])
-                               result |= 1<<i;
+                               result |= (u32)1<<i;
                        if (!allow_unknown && !mapping->perms[i])
-                               result |= 1<<i;
+                               result |= (u32)1<<i;
                }
                /*
                 * In case the kernel has a bug and requests a permission
@@ -230,7 +230,7 @@ static void map_decision(struct selinux_map *map,
                 * should audit that denial
                 */
                for (; i < (sizeof(u32)*8); i++)
-                       result |= 1<<i;
+                       result |= (u32)1<<i;
                avd->auditdeny = result;
        }
 }