capabilities: correct the <<-operator width everwhere
The <<-operator here needs to always be 64bit, so use a variable instead
of trying to pick the right bit width, which will be arch-sensitive.
BUG=chromium-os:38643
TEST=link and daisy build, both pass security_Minijail
Change-Id: Ifab3037bf74f09256924993a8e91315b4b0ac998
Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-on: https://gerrit.chromium.org/gerrit/42806
Reviewed-by: Jorge Lucangeli Obes <jorgelo@chromium.org>
diff --git a/libminijail.c b/libminijail.c
index 1d8869c..bc65829 100644
--- a/libminijail.c
+++ b/libminijail.c
@@ -595,6 +595,7 @@
{
cap_t caps = cap_get_proc();
cap_value_t flag[1];
+ const uint64_t one = 1;
unsigned int i;
if (!caps)
die("can't get process caps");
@@ -606,7 +607,7 @@
die("can't clear permitted caps");
for (i = 0; i < sizeof(j->caps) * 8 && cap_valid((int)i); ++i) {
/* Keep CAP_SETPCAP for dropping bounding set bits. */
- if (i != CAP_SETPCAP && !(j->caps & (1UL << i)))
+ if (i != CAP_SETPCAP && !(j->caps & (one << i)))
continue;
flag[0] = i;
if (cap_set_flag(caps, CAP_EFFECTIVE, 1, flag, CAP_SET))
@@ -626,14 +627,14 @@
* present. This requires CAP_SETPCAP, so we raised/kept it above.
*/
for (i = 0; i < sizeof(j->caps) * 8 && cap_valid((int)i); ++i) {
- if (j->caps & (1UL << i))
+ if (j->caps & (one << i))
continue;
if (prctl(PR_CAPBSET_DROP, i))
pdie("prctl(PR_CAPBSET_DROP)");
}
/* If CAP_SETPCAP wasn't specifically requested, now we remove it. */
- if ((j->caps & (1UL << CAP_SETPCAP)) == 0) {
+ if ((j->caps & (one << CAP_SETPCAP)) == 0) {
flag[0] = CAP_SETPCAP;
if (cap_set_flag(caps, CAP_EFFECTIVE, 1, flag, CAP_CLEAR))
die("can't clear effective cap");