Re: [PATCH v3 7/14] selinux: check type attr map overflows
From: Paul Moore
Date: Wed May 06 2026 - 19:43:41 EST
On May 11, 2025 =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgoettsche@xxxxxxxxxxxxx> wrote:
>
> Validate that no types with an invalid too high ID are present in the
> attribute map. Gaps are still not checked.
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> Acked-by: Stephen Smalley <stephen.smalley.work@xxxxxxxxx>
> ---
> v3: squash with previous patch ("selinux: introduce
> ebitmap_highest_set_bit()")
> ---
> security/selinux/ss/ebitmap.c | 27 +++++++++++++++++++++++++++
> security/selinux/ss/ebitmap.h | 1 +
> security/selinux/ss/policydb.c | 5 +++++
> 3 files changed, 33 insertions(+)
I changed the name to ebitmap_get_highest_set_bit(), but otherwise this
looks good to me, merged to selinux/dev, thanks.
--
paul-moore.com