From 6120ef4b334a8bc79ab78538408d0d92d5f253f6 Mon Sep 17 00:00:00 2001
From: lujie42 <lujie42@huawei.com>
Date: Tue, 16 Nov 2021 11:45:00 +0800
Subject: [PATCH] fix potential undefined shifts

---
 ...linux-Fix-potential-undefined-shifts.patch | 135 ++++++++++++++++++
 do-malloc-trim-after-load-policy.patch        |   8 +-
 libselinux.spec                               |   9 +-
 3 files changed, 146 insertions(+), 6 deletions(-)
 create mode 100644 backport-libselinux-Fix-potential-undefined-shifts.patch

diff --git a/backport-libselinux-Fix-potential-undefined-shifts.patch b/backport-libselinux-Fix-potential-undefined-shifts.patch
new file mode 100644
index 0000000..38c67ea
--- /dev/null
+++ b/backport-libselinux-Fix-potential-undefined-shifts.patch
@@ -0,0 +1,135 @@
+From c3ad59cc975d4848b6af37cbcb5caeb6fcb9bdb4 Mon Sep 17 00:00:00 2001
+From: James Carter <jwcart2@gmail.com>
+Date: Fri, 8 Oct 2021 15:07:36 -0400
+Reference:https://github.com/SELinuxProject/selinux/commit/c3ad59cc975d4848b6af37cbcb5caeb6fcb9bdb4
+Conflict:adapter filepath
+Subject: [PATCH] libselinux: Fix potential undefined shifts
+
+An expression of the form "1 << x" is undefined if x == 31 because
+the "1" is an int and cannot be left shifted by 31.
+
+Instead, use "UINT32_C(1) << x" which will be an unsigned int of
+at least 32 bits.
+
+Signed-off-by: James Carter <jwcart2@gmail.com>
+Signed-off-by: lujie42  <lujie42@huawei.com>
+---
+ src/mapping.c   | 22 +++++++++++-----------
+ src/stringrep.c |  8 ++++----
+ 2 files changed, 15 insertions(+), 15 deletions(-)
+
+diff --git a/src/mapping.c b/src/mapping.c
+index 96395fd4..dd2f1039 100644
+--- a/src/mapping.c
++++ b/src/mapping.c
+@@ -144,9 +144,9 @@ unmap_perm(security_class_t tclass, access_vector_t tperm)
+ 		access_vector_t kperm = 0;
+ 
+ 		for (i = 0; i < current_mapping[tclass].num_perms; i++)
+-			if (tperm & (1<<i)) {
++			if (tperm & (UINT32_C(1)<<i)) {
+ 				kperm |= current_mapping[tclass].perms[i];
+-				tperm &= ~(1<<i);
++				tperm &= ~(UINT32_C(1)<<i);
+ 			}
+ 		return kperm;
+ 	}
+@@ -191,7 +191,7 @@ map_perm(security_class_t tclass, access_vector_t kperm)
+ 
+ 		for (i = 0; i < current_mapping[tclass].num_perms; i++)
+ 			if (kperm & current_mapping[tclass].perms[i]) {
+-				tperm |= 1<<i;
++				tperm |= UINT32_C(1)<<i;
+ 				kperm &= ~current_mapping[tclass].perms[i];
+ 			}
+ 
+@@ -216,30 +216,30 @@ map_decision(security_class_t tclass, struct av_decision *avd)
+ 
+ 		for (i = 0, result = 0; i < n; i++) {
+ 			if (avd->allowed & mapping->perms[i])
+-				result |= 1<<i;
++				result |= UINT32_C(1)<<i;
+ 			else if (allow_unknown && !mapping->perms[i])
+-				result |= 1<<i;
++				result |= UINT32_C(1)<<i;
+ 		}
+ 		avd->allowed = result;
+ 
+ 		for (i = 0, result = 0; i < n; i++) {
+ 			if (avd->decided & mapping->perms[i])
+-				result |= 1<<i;
++				result |= UINT32_C(1)<<i;
+ 			else if (allow_unknown && !mapping->perms[i])
+-				result |= 1<<i;
++				result |= UINT32_C(1)<<i;
+ 		}
+ 		avd->decided = result;
+ 
+ 		for (i = 0, result = 0; i < n; i++)
+ 			if (avd->auditallow & mapping->perms[i])
+-				result |= 1<<i;
++				result |= UINT32_C(1)<<i;
+ 		avd->auditallow = result;
+ 
+ 		for (i = 0, result = 0; i < n; i++) {
+ 			if (avd->auditdeny & mapping->perms[i])
+-				result |= 1<<i;
++				result |= UINT32_C(1)<<i;
+ 			else if (!allow_unknown && !mapping->perms[i])
+-				result |= 1<<i;
++				result |= UINT32_C(1)<<i;
+ 		}
+ 
+ 		/*
+@@ -248,7 +248,7 @@ map_decision(security_class_t tclass, struct av_decision *avd)
+ 		 * a bug in the object manager.
+ 		 */
+ 		for (; i < (sizeof(result)*8); i++)
+-			result |= 1<<i;
++			result |= UINT32_C(1)<<i;
+ 		avd->auditdeny = result;
+ 	}
+ }
+diff --git a/src/stringrep.c b/src/stringrep.c
+index 012a740a..2fe69f43 100644
+--- a/src/stringrep.c
++++ b/src/stringrep.c
+@@ -229,7 +229,7 @@ access_vector_t string_to_av_perm(security_class_t tclass, const char *s)
+ 		size_t i;
+ 		for (i = 0; i < MAXVECTORS && node->perms[i] != NULL; i++)
+ 			if (strcmp(node->perms[i],s) == 0)
+-				return map_perm(tclass, 1<<i);
++				return map_perm(tclass, UINT32_C(1)<<i);
+ 	}
+ 
+ 	errno = EINVAL;
+@@ -261,7 +261,7 @@ const char *security_av_perm_to_string(security_class_t tclass,
+ 	node = get_class_cache_entry_value(tclass);
+ 	if (av && node)
+ 		for (i = 0; i<MAXVECTORS; i++)
+-			if ((1<<i) & av)
++			if ((UINT32_C(1)<<i) & av)
+ 				return node->perms[i];
+ 
+ 	return NULL;
+@@ -279,7 +279,7 @@ int security_av_string(security_class_t tclass, access_vector_t av, char **res)
+ 	/* first pass computes the required length */
+ 	for (i = 0; tmp; tmp >>= 1, i++) {
+ 		if (tmp & 1) {
+-			str = security_av_perm_to_string(tclass, av & (1<<i));
++			str = security_av_perm_to_string(tclass, av & (UINT32_C(1)<<i));
+ 			if (str)
+ 				len += strlen(str) + 1;
+ 		}
+@@ -303,7 +303,7 @@ int security_av_string(security_class_t tclass, access_vector_t av, char **res)
+ 	ptr += sprintf(ptr, "{ ");
+ 	for (i = 0; tmp; tmp >>= 1, i++) {
+ 		if (tmp & 1) {
+-			str = security_av_perm_to_string(tclass, av & (1<<i));
++			str = security_av_perm_to_string(tclass, av & (UINT32_C(1)<<i));
+ 			if (str)
+ 				ptr += sprintf(ptr, "%s ", str);
+ 		}
+-- 
+1.8.3.1
+
diff --git a/do-malloc-trim-after-load-policy.patch b/do-malloc-trim-after-load-policy.patch
index a69d44f..e4eb7f2 100644
--- a/do-malloc-trim-after-load-policy.patch
+++ b/do-malloc-trim-after-load-policy.patch
@@ -4,13 +4,13 @@ Date: Wed, 2 Jun 2021 16:24:47 +0800
 Subject: [PATCH] do malloc trim after load policy
 
 ---
- libselinux/src/load_policy.c | 5 ++++-
+ src/load_policy.c | 5 ++++-
  1 file changed, 4 insertions(+), 1 deletion(-)
 
-diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
+diff --git a/src/load_policy.c b/src/load_policy.c
 index 2aea826..ace898c 100644
---- a/libselinux/src/load_policy.c
-+++ b/libselinux/src/load_policy.c
+--- a/src/load_policy.c
++++ b/src/load_policy.c
 @@ -18,6 +18,7 @@
  #include <dlfcn.h>
  #include "policy.h"
diff --git a/libselinux.spec b/libselinux.spec
index a527bab..9214770 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -3,7 +3,7 @@
 
 Name:    libselinux
 Version: 3.1
-Release: 3
+Release: 4
 License: Public Domain
 Summary: SELinux library and simple utilities
 Url:     https://github.com/SELinuxProject/selinux/wiki
@@ -12,6 +12,8 @@ Source0: https://github.com/SELinuxProject/selinux/releases/download/20200710/li
 #Patch0:  libselinux-Use-Python-distutils-to-install-SELinux-p.patch
 Patch1: do-malloc-trim-after-load-policy.patch
 
+Patch6000: backport-libselinux-Fix-potential-undefined-shifts.patch
+
 BuildRequires: gcc python3-devel systemd swig pcre2-devel xz-devel
 BuildRequires: ruby-devel libsepol-static
 
@@ -59,7 +61,7 @@ SELinux applications.
 %package_help
 
 %prep
-%autosetup -p 2 -n libselinux-%{version}
+%autosetup -p 1 -n libselinux-%{version}
 
 %build
 export LDFLAGS="%{?__global_ldflags}"
@@ -129,6 +131,9 @@ mv %{buildroot}%{_sbindir}/getconlist %{buildroot}%{_sbindir}/selinuxconlist
 %{_mandir}/ru/man8/*
 
 %changelog
+* Tue Nov 16 2021 lujie <lujie42@huawei.com> - 3.1-4
+- fix potential undefined shifts
+
 * Wed Jul 2 2021 luhuaxin <1539327763@qq.com> - 3.1-3
 - do malloc trim after load policy
 
-- 
Gitee