| Message ID | 20241111135107.20280-1-cgoettsche@seltendoof.de (mailing list archive) |
|---|---|
| State | New |
| Delegated to: | Petr Lautrbach |
| Headers | show |
| Series | [v5,1/6] libsepol: misc assertion cleanup | expand |
On Mon, Nov 11, 2024 at 8:51 AM Christian Göttsche <cgoettsche@seltendoof.de> wrote: > > From: Christian Göttsche <cgzones@googlemail.com> > > Use const parameters where applicable to signal immutability. > > Rename the passed iterator avrule from avrule to narule, to make clear > its the neverallow rule to assert against, not the allow rule to check. > > Drop needless branch in check_assertions(), since in the case avrules is > NULL the for loop won't execute and errors will stay at 0, so 0 will be > returned regardless. Also there is no call to free() as mentioned in the > outdated comment. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> For these three patches: Acked-by: James Carter <jwcart2@gmail.com> > --- > v3: > - use C99 bool where applicable > - minor additions > v2: > add patch > --- > libsepol/include/sepol/policydb/policydb.h | 4 +- > libsepol/src/assertion.c | 222 ++++++++++----------- > 2 files changed, 107 insertions(+), 119 deletions(-) > > diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h > index f73e21fc..88fb3672 100644 > --- a/libsepol/include/sepol/policydb/policydb.h > +++ b/libsepol/include/sepol/policydb/policydb.h > @@ -698,9 +698,9 @@ extern void level_datum_init(level_datum_t * x); > extern void level_datum_destroy(level_datum_t * x); > extern void cat_datum_init(cat_datum_t * x); > extern void cat_datum_destroy(cat_datum_t * x); > -extern int check_assertion(policydb_t *p, avrule_t *avrule); > +extern int check_assertion(policydb_t *p, const avrule_t *avrule); > extern int check_assertions(sepol_handle_t * handle, > - policydb_t * p, avrule_t * avrules); > + policydb_t * p, const avrule_t * avrules); > > extern int symtab_insert(policydb_t * x, uint32_t sym, > hashtab_key_t key, hashtab_datum_t datum, > diff --git a/libsepol/src/assertion.c b/libsepol/src/assertion.c > index 5e129883..e0e8685f 100644 > --- a/libsepol/src/assertion.c > +++ b/libsepol/src/assertion.c > @@ -20,6 +20,7 @@ > * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA > */ > > +#include <stdbool.h> > #include <sepol/policydb/avtab.h> > #include <sepol/policydb/policydb.h> > #include <sepol/policydb/expand.h> > @@ -31,35 +32,31 @@ > struct avtab_match_args { > sepol_handle_t *handle; > policydb_t *p; > - avrule_t *avrule; > + const avrule_t *narule; > avtab_t *avtab; > unsigned long errors; > }; > > -static const char* policy_name(policydb_t *p) { > - const char *policy_file = "policy.conf"; > - if (p->name) { > - policy_file = p->name; > - } > - return policy_file; > +static const char* policy_name(const policydb_t *p) { > + return p->name ?: "policy.conf"; > } > > -static void report_failure(sepol_handle_t *handle, policydb_t *p, const avrule_t *avrule, > +static void report_failure(sepol_handle_t *handle, const policydb_t *p, const avrule_t *narule, > unsigned int stype, unsigned int ttype, > const class_perm_node_t *curperm, uint32_t perms) > { > char *permstr = sepol_av_to_string(p, curperm->tclass, perms); > > - if (avrule->source_filename) { > + if (narule->source_filename) { > ERR(handle, "neverallow on line %lu of %s (or line %lu of %s) violated by allow %s %s:%s {%s };", > - avrule->source_line, avrule->source_filename, avrule->line, policy_name(p), > + narule->source_line, narule->source_filename, narule->line, policy_name(p), > p->p_type_val_to_name[stype], > p->p_type_val_to_name[ttype], > p->p_class_val_to_name[curperm->tclass - 1], > permstr ?: "<format-failure>"); > - } else if (avrule->line) { > + } else if (narule->line) { > ERR(handle, "neverallow on line %lu violated by allow %s %s:%s {%s };", > - avrule->line, p->p_type_val_to_name[stype], > + narule->line, p->p_type_val_to_name[stype], > p->p_type_val_to_name[ttype], > p->p_class_val_to_name[curperm->tclass - 1], > permstr ?: "<format-failure>"); > @@ -74,29 +71,29 @@ static void report_failure(sepol_handle_t *handle, policydb_t *p, const avrule_t > free(permstr); > } > > -static int match_any_class_permissions(class_perm_node_t *cp, uint32_t class, uint32_t data) > +static bool match_any_class_permissions(const class_perm_node_t *cp, uint32_t class, uint32_t data) > { > for (; cp; cp = cp->next) { > if ((cp->tclass == class) && (cp->data & data)) > - return 1; > + return true; > } > > - return 0; > + return false; > } > > -static int extended_permissions_and(uint32_t *perms1, uint32_t *perms2) { > +static bool extended_permissions_and(const uint32_t *perms1, const uint32_t *perms2) { > size_t i; > for (i = 0; i < EXTENDED_PERMS_LEN; i++) { > if (perms1[i] & perms2[i]) > - return 1; > + return true; > } > > - return 0; > + return false; > } > > -static int check_extended_permissions(av_extended_perms_t *neverallow, avtab_extended_perms_t *allow) > +static bool check_extended_permissions(const av_extended_perms_t *neverallow, const avtab_extended_perms_t *allow) > { > - int rc = 0; > + bool rc = false; > if ((neverallow->specified == AVRULE_XPERMS_IOCTLFUNCTION) > && (allow->specified == AVTAB_XPERMS_IOCTLFUNCTION)) { > if (neverallow->driver == allow->driver) > @@ -121,8 +118,8 @@ static int check_extended_permissions(av_extended_perms_t *neverallow, avtab_ext > > /* Compute which allowed extended permissions violate the neverallow rule */ > static void extended_permissions_violated(avtab_extended_perms_t *result, > - av_extended_perms_t *neverallow, > - avtab_extended_perms_t *allow) > + const av_extended_perms_t *neverallow, > + const avtab_extended_perms_t *allow) > { > size_t i; > if ((neverallow->specified == AVRULE_XPERMS_IOCTLFUNCTION) > @@ -157,21 +154,20 @@ static void extended_permissions_violated(avtab_extended_perms_t *result, > > /* Same scenarios of interest as check_assertion_extended_permissions */ > static int report_assertion_extended_permissions(sepol_handle_t *handle, > - policydb_t *p, const avrule_t *avrule, > + policydb_t *p, const avrule_t *narule, > unsigned int stype, unsigned int ttype, > const class_perm_node_t *curperm, uint32_t perms, > - avtab_key_t *k, avtab_t *avtab) > + const avtab_key_t *k, avtab_t *avtab) > { > avtab_ptr_t node; > avtab_key_t tmp_key; > avtab_extended_perms_t *xperms; > avtab_extended_perms_t error; > - ebitmap_t *sattr = &p->type_attr_map[stype]; > - ebitmap_t *tattr = &p->type_attr_map[ttype]; > + const ebitmap_t *sattr = &p->type_attr_map[stype]; > + const ebitmap_t *tattr = &p->type_attr_map[ttype]; > ebitmap_node_t *snode, *tnode; > unsigned int i, j; > - int rc; > - int found_xperm = 0; > + bool found_xperm = false; > int errors = 0; > > memcpy(&tmp_key, k, sizeof(avtab_key_t)); > @@ -189,18 +185,17 @@ static int report_assertion_extended_permissions(sepol_handle_t *handle, > && (xperms->specified != AVTAB_XPERMS_IOCTLDRIVER) > && (xperms->specified != AVTAB_XPERMS_NLMSG)) > continue; > - found_xperm = 1; > - rc = check_extended_permissions(avrule->xperms, xperms); > + found_xperm = true; > /* failure on the extended permission check_extended_permissions */ > - if (rc) { > + if (check_extended_permissions(narule->xperms, xperms)) { > char *permstring; > > - extended_permissions_violated(&error, avrule->xperms, xperms); > + extended_permissions_violated(&error, narule->xperms, xperms); > permstring = sepol_extended_perms_to_string(&error); > > ERR(handle, "neverallowxperm on line %lu of %s (or line %lu of %s) violated by\n" > "allowxperm %s %s:%s %s;", > - avrule->source_line, avrule->source_filename, avrule->line, policy_name(p), > + narule->source_line, narule->source_filename, narule->line, policy_name(p), > p->p_type_val_to_name[i], > p->p_type_val_to_name[j], > p->p_class_val_to_name[curperm->tclass - 1], > @@ -219,7 +214,7 @@ static int report_assertion_extended_permissions(sepol_handle_t *handle, > > ERR(handle, "neverallowxperm on line %lu of %s (or line %lu of %s) violated by\n" > "allow %s %s:%s {%s };", > - avrule->source_line, avrule->source_filename, avrule->line, policy_name(p), > + narule->source_line, narule->source_filename, narule->line, policy_name(p), > p->p_type_val_to_name[stype], > p->p_type_val_to_name[ttype], > p->p_class_val_to_name[curperm->tclass - 1], > @@ -240,26 +235,26 @@ static int report_assertion_avtab_matches(avtab_key_t *k, avtab_datum_t *d, void > sepol_handle_t *handle = a->handle; > policydb_t *p = a->p; > avtab_t *avtab = a->avtab; > - avrule_t *avrule = a->avrule; > - class_perm_node_t *cp; > + const avrule_t *narule = a->narule; > + const class_perm_node_t *cp; > uint32_t perms; > ebitmap_t src_matches, tgt_matches, self_matches; > ebitmap_node_t *snode, *tnode; > unsigned int i, j; > - const int is_avrule_self = (avrule->flags & RULE_SELF) != 0; > - const int is_avrule_notself = (avrule->flags & RULE_NOTSELF) != 0; > + const bool is_narule_self = (narule->flags & RULE_SELF) != 0; > + const bool is_narule_notself = (narule->flags & RULE_NOTSELF) != 0; > > if ((k->specified & AVTAB_ALLOWED) == 0) > return 0; > > - if (!match_any_class_permissions(avrule->perms, k->target_class, d->data)) > + if (!match_any_class_permissions(narule->perms, k->target_class, d->data)) > return 0; > > ebitmap_init(&src_matches); > ebitmap_init(&tgt_matches); > ebitmap_init(&self_matches); > > - rc = ebitmap_and(&src_matches, &avrule->stypes.types, > + rc = ebitmap_and(&src_matches, &narule->stypes.types, > &p->attr_type_map[k->source_type - 1]); > if (rc < 0) > goto oom; > @@ -267,22 +262,22 @@ static int report_assertion_avtab_matches(avtab_key_t *k, avtab_datum_t *d, void > if (ebitmap_is_empty(&src_matches)) > goto exit; > > - if (is_avrule_notself) { > - if (ebitmap_is_empty(&avrule->ttypes.types)) { > + if (is_narule_notself) { > + if (ebitmap_is_empty(&narule->ttypes.types)) { > /* avrule tgt is of the form ~self */ > rc = ebitmap_cpy(&tgt_matches, &p->attr_type_map[k->target_type -1]); > } else { > /* avrule tgt is of the form {ATTR -self} */ > - rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types, &p->attr_type_map[k->target_type - 1]); > + rc = ebitmap_and(&tgt_matches, &narule->ttypes.types, &p->attr_type_map[k->target_type - 1]); > } > if (rc) > goto oom; > } else { > - rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types, &p->attr_type_map[k->target_type -1]); > + rc = ebitmap_and(&tgt_matches, &narule->ttypes.types, &p->attr_type_map[k->target_type -1]); > if (rc < 0) > goto oom; > > - if (is_avrule_self) { > + if (is_narule_self) { > rc = ebitmap_and(&self_matches, &src_matches, &p->attr_type_map[k->target_type - 1]); > if (rc < 0) > goto oom; > @@ -298,7 +293,7 @@ static int report_assertion_avtab_matches(avtab_key_t *k, avtab_datum_t *d, void > if (ebitmap_is_empty(&tgt_matches)) > goto exit; > > - for (cp = avrule->perms; cp; cp = cp->next) { > + for (cp = narule->perms; cp; cp = cp->next) { > > perms = cp->data & d->data; > if ((cp->tclass != k->target_class) || !perms) { > @@ -307,16 +302,16 @@ static int report_assertion_avtab_matches(avtab_key_t *k, avtab_datum_t *d, void > > ebitmap_for_each_positive_bit(&src_matches, snode, i) { > ebitmap_for_each_positive_bit(&tgt_matches, tnode, j) { > - if (is_avrule_self && i != j) > + if (is_narule_self && i != j) > continue; > - if (is_avrule_notself && i == j) > + if (is_narule_notself && i == j) > continue; > - if (avrule->specified == AVRULE_XPERMS_NEVERALLOW) { > - a->errors += report_assertion_extended_permissions(handle,p, avrule, > + if (narule->specified == AVRULE_XPERMS_NEVERALLOW) { > + a->errors += report_assertion_extended_permissions(handle,p, narule, > i, j, cp, perms, k, avtab); > } else { > a->errors++; > - report_failure(handle, p, avrule, i, j, cp, perms); > + report_failure(handle, p, narule, i, j, cp, perms); > } > } > } > @@ -330,22 +325,22 @@ exit: > return rc; > } > > -static int report_assertion_failures(sepol_handle_t *handle, policydb_t *p, avrule_t *avrule) > +static int report_assertion_failures(sepol_handle_t *handle, policydb_t *p, const avrule_t *narule) > { > int rc; > - struct avtab_match_args args; > - > - args.handle = handle; > - args.p = p; > - args.avrule = avrule; > - args.errors = 0; > + struct avtab_match_args args = { > + .handle = handle, > + .p = p, > + .narule = narule, > + .errors = 0, > + }; > > - args.avtab = &p->te_avtab; > + args.avtab = &p->te_avtab; > rc = avtab_map(&p->te_avtab, report_assertion_avtab_matches, &args); > if (rc < 0) > goto oom; > > - args.avtab = &p->te_cond_avtab; > + args.avtab = &p->te_cond_avtab; > rc = avtab_map(&p->te_cond_avtab, report_assertion_avtab_matches, &args); > if (rc < 0) > goto oom; > @@ -360,19 +355,19 @@ oom: > * Look up the extended permissions in avtab and verify that neverallowed > * permissions are not granted. > */ > -static int check_assertion_extended_permissions_avtab(avrule_t *avrule, avtab_t *avtab, > +static bool check_assertion_extended_permissions_avtab(const avrule_t *narule, avtab_t *avtab, > unsigned int stype, unsigned int ttype, > - avtab_key_t *k, policydb_t *p) > + const avtab_key_t *k, policydb_t *p) > { > avtab_ptr_t node; > avtab_key_t tmp_key; > - avtab_extended_perms_t *xperms; > - av_extended_perms_t *neverallow_xperms = avrule->xperms; > - ebitmap_t *sattr = &p->type_attr_map[stype]; > - ebitmap_t *tattr = &p->type_attr_map[ttype]; > + const avtab_extended_perms_t *xperms; > + const av_extended_perms_t *neverallow_xperms = narule->xperms; > + const ebitmap_t *sattr = &p->type_attr_map[stype]; > + const ebitmap_t *tattr = &p->type_attr_map[ttype]; > ebitmap_node_t *snode, *tnode; > unsigned int i, j; > - int rc = 1; > + bool ret = true; > > memcpy(&tmp_key, k, sizeof(avtab_key_t)); > tmp_key.specified = AVTAB_XPERMS_ALLOWED; > @@ -390,14 +385,14 @@ static int check_assertion_extended_permissions_avtab(avrule_t *avrule, avtab_t > && (xperms->specified != AVTAB_XPERMS_IOCTLDRIVER) > && (xperms->specified != AVTAB_XPERMS_NLMSG)) > continue; > - rc = check_extended_permissions(neverallow_xperms, xperms); > - if (rc) > - return rc; > + ret = check_extended_permissions(neverallow_xperms, xperms); > + if (ret) > + return ret; > } > } > } > > - return rc; > + return ret; > } > > /* > @@ -416,21 +411,21 @@ static int check_assertion_extended_permissions_avtab(avrule_t *avrule, avtab_t > * 4. FAIL - The ioctl permission is granted AND the extended permission is > * granted > */ > -static int check_assertion_extended_permissions(avrule_t *avrule, avtab_t *avtab, > - avtab_key_t *k, policydb_t *p) > +static int check_assertion_extended_permissions(const avrule_t *narule, avtab_t *avtab, > + const avtab_key_t *k, policydb_t *p) > { > ebitmap_t src_matches, tgt_matches, self_matches; > unsigned int i, j; > ebitmap_node_t *snode, *tnode; > - const int is_avrule_self = (avrule->flags & RULE_SELF) != 0; > - const int is_avrule_notself = (avrule->flags & RULE_NOTSELF) != 0; > + const bool is_narule_self = (narule->flags & RULE_SELF) != 0; > + const bool is_narule_notself = (narule->flags & RULE_NOTSELF) != 0; > int rc; > > ebitmap_init(&src_matches); > ebitmap_init(&tgt_matches); > ebitmap_init(&self_matches); > > - rc = ebitmap_and(&src_matches, &avrule->stypes.types, > + rc = ebitmap_and(&src_matches, &narule->stypes.types, > &p->attr_type_map[k->source_type - 1]); > if (rc < 0) > goto oom; > @@ -440,22 +435,22 @@ static int check_assertion_extended_permissions(avrule_t *avrule, avtab_t *avtab > goto exit; > } > > - if (is_avrule_notself) { > - if (ebitmap_is_empty(&avrule->ttypes.types)) { > + if (is_narule_notself) { > + if (ebitmap_is_empty(&narule->ttypes.types)) { > /* avrule tgt is of the form ~self */ > rc = ebitmap_cpy(&tgt_matches, &p->attr_type_map[k->target_type -1]); > } else { > /* avrule tgt is of the form {ATTR -self} */ > - rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types, &p->attr_type_map[k->target_type - 1]); > + rc = ebitmap_and(&tgt_matches, &narule->ttypes.types, &p->attr_type_map[k->target_type - 1]); > } > if (rc < 0) > goto oom; > } else { > - rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types, &p->attr_type_map[k->target_type -1]); > + rc = ebitmap_and(&tgt_matches, &narule->ttypes.types, &p->attr_type_map[k->target_type -1]); > if (rc < 0) > goto oom; > > - if (is_avrule_self) { > + if (is_narule_self) { > rc = ebitmap_and(&self_matches, &src_matches, &p->attr_type_map[k->target_type - 1]); > if (rc < 0) > goto oom; > @@ -475,11 +470,11 @@ static int check_assertion_extended_permissions(avrule_t *avrule, avtab_t *avtab > > ebitmap_for_each_positive_bit(&src_matches, snode, i) { > ebitmap_for_each_positive_bit(&tgt_matches, tnode, j) { > - if (is_avrule_self && i != j) > + if (is_narule_self && i != j) > continue; > - if (is_avrule_notself && i == j) > + if (is_narule_notself && i == j) > continue; > - if (check_assertion_extended_permissions_avtab(avrule, avtab, i, j, k, p)) { > + if (check_assertion_extended_permissions_avtab(narule, avtab, i, j, k, p)) { > rc = 1; > goto exit; > } > @@ -496,7 +491,7 @@ exit: > return rc; > } > > -static int check_assertion_notself_match(avtab_key_t *k, avrule_t *avrule, policydb_t *p) > +static int check_assertion_notself_match(const avtab_key_t *k, const avrule_t *narule, policydb_t *p) > { > ebitmap_t src_matches, tgt_matches; > unsigned int num_src_matches, num_tgt_matches; > @@ -505,16 +500,16 @@ static int check_assertion_notself_match(avtab_key_t *k, avrule_t *avrule, polic > ebitmap_init(&src_matches); > ebitmap_init(&tgt_matches); > > - rc = ebitmap_and(&src_matches, &avrule->stypes.types, &p->attr_type_map[k->source_type - 1]); > + rc = ebitmap_and(&src_matches, &narule->stypes.types, &p->attr_type_map[k->source_type - 1]); > if (rc < 0) > goto oom; > > - if (ebitmap_is_empty(&avrule->ttypes.types)) { > + if (ebitmap_is_empty(&narule->ttypes.types)) { > /* avrule tgt is of the form ~self */ > rc = ebitmap_cpy(&tgt_matches, &p->attr_type_map[k->target_type - 1]); > } else { > /* avrule tgt is of the form {ATTR -self} */ > - rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types, &p->attr_type_map[k->target_type - 1]); > + rc = ebitmap_and(&tgt_matches, &narule->ttypes.types, &p->attr_type_map[k->target_type - 1]); > } > if (rc < 0) > goto oom; > @@ -551,7 +546,7 @@ nomatch: > return rc; > } > > -static int check_assertion_self_match(avtab_key_t *k, avrule_t *avrule, policydb_t *p) > +static int check_assertion_self_match(const avtab_key_t *k, const avrule_t *narule, policydb_t *p) > { > ebitmap_t src_matches; > int rc; > @@ -560,7 +555,7 @@ static int check_assertion_self_match(avtab_key_t *k, avrule_t *avrule, policydb > * and the key's source. > */ > > - rc = ebitmap_and(&src_matches, &avrule->stypes.types, &p->attr_type_map[k->source_type - 1]); > + rc = ebitmap_and(&src_matches, &narule->stypes.types, &p->attr_type_map[k->source_type - 1]); > if (rc < 0) > goto oom; > > @@ -582,29 +577,29 @@ static int check_assertion_avtab_match(avtab_key_t *k, avtab_datum_t *d, void *a > int rc; > struct avtab_match_args *a = (struct avtab_match_args *)args; > policydb_t *p = a->p; > - avrule_t *avrule = a->avrule; > + const avrule_t *narule = a->narule; > avtab_t *avtab = a->avtab; > > if ((k->specified & AVTAB_ALLOWED) == 0) > goto nomatch; > > - if (!match_any_class_permissions(avrule->perms, k->target_class, d->data)) > + if (!match_any_class_permissions(narule->perms, k->target_class, d->data)) > goto nomatch; > > - if (!ebitmap_match_any(&avrule->stypes.types, &p->attr_type_map[k->source_type - 1])) > + if (!ebitmap_match_any(&narule->stypes.types, &p->attr_type_map[k->source_type - 1])) > goto nomatch; > > - if (avrule->flags & RULE_NOTSELF) { > - rc = check_assertion_notself_match(k, avrule, p); > + if (narule->flags & RULE_NOTSELF) { > + rc = check_assertion_notself_match(k, narule, p); > if (rc < 0) > goto oom; > if (rc == 0) > goto nomatch; > } else { > /* neverallow may have tgts even if it uses SELF */ > - if (!ebitmap_match_any(&avrule->ttypes.types, &p->attr_type_map[k->target_type -1])) { > - if (avrule->flags == RULE_SELF) { > - rc = check_assertion_self_match(k, avrule, p); > + if (!ebitmap_match_any(&narule->ttypes.types, &p->attr_type_map[k->target_type -1])) { > + if (narule->flags == RULE_SELF) { > + rc = check_assertion_self_match(k, narule, p); > if (rc < 0) > goto oom; > if (rc == 0) > @@ -615,8 +610,8 @@ static int check_assertion_avtab_match(avtab_key_t *k, avtab_datum_t *d, void *a > } > } > > - if (avrule->specified == AVRULE_XPERMS_NEVERALLOW) { > - rc = check_assertion_extended_permissions(avrule, avtab, k, p); > + if (narule->specified == AVRULE_XPERMS_NEVERALLOW) { > + rc = check_assertion_extended_permissions(narule, avtab, k, p); > if (rc < 0) > goto oom; > if (rc == 0) > @@ -631,17 +626,17 @@ oom: > return rc; > } > > -int check_assertion(policydb_t *p, avrule_t *avrule) > +int check_assertion(policydb_t *p, const avrule_t *narule) > { > int rc; > - struct avtab_match_args args; > + struct avtab_match_args args = { > + .handle = NULL, > + .p = p, > + .narule = narule, > + .errors = 0, > + }; > > - args.handle = NULL; > - args.p = p; > - args.avrule = avrule; > - args.errors = 0; > args.avtab = &p->te_avtab; > - > rc = avtab_map(&p->te_avtab, check_assertion_avtab_match, &args); > > if (rc == 0) { > @@ -653,20 +648,13 @@ int check_assertion(policydb_t *p, avrule_t *avrule) > } > > int check_assertions(sepol_handle_t * handle, policydb_t * p, > - avrule_t * avrules) > + const avrule_t * narules) > { > int rc; > - avrule_t *a; > + const avrule_t *a; > unsigned long errors = 0; > > - if (!avrules) { > - /* Since assertions are stored in avrules, if it is NULL > - there won't be any to check. This also prevents an invalid > - free if the avtabs are never initialized */ > - return 0; > - } > - > - for (a = avrules; a != NULL; a = a->next) { > + for (a = narules; a != NULL; a = a->next) { > if (!(a->specified & (AVRULE_NEVERALLOW | AVRULE_XPERMS_NEVERALLOW))) > continue; > rc = check_assertion(p, a); > -- > 2.45.2 > >
diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h index f73e21fc..88fb3672 100644 --- a/libsepol/include/sepol/policydb/policydb.h +++ b/libsepol/include/sepol/policydb/policydb.h @@ -698,9 +698,9 @@ extern void level_datum_init(level_datum_t * x); extern void level_datum_destroy(level_datum_t * x); extern void cat_datum_init(cat_datum_t * x); extern void cat_datum_destroy(cat_datum_t * x); -extern int check_assertion(policydb_t *p, avrule_t *avrule); +extern int check_assertion(policydb_t *p, const avrule_t *avrule); extern int check_assertions(sepol_handle_t * handle, - policydb_t * p, avrule_t * avrules); + policydb_t * p, const avrule_t * avrules); extern int symtab_insert(policydb_t * x, uint32_t sym, hashtab_key_t key, hashtab_datum_t datum, diff --git a/libsepol/src/assertion.c b/libsepol/src/assertion.c index 5e129883..e0e8685f 100644 --- a/libsepol/src/assertion.c +++ b/libsepol/src/assertion.c @@ -20,6 +20,7 @@ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ +#include <stdbool.h> #include <sepol/policydb/avtab.h> #include <sepol/policydb/policydb.h> #include <sepol/policydb/expand.h> @@ -31,35 +32,31 @@ struct avtab_match_args { sepol_handle_t *handle; policydb_t *p; - avrule_t *avrule; + const avrule_t *narule; avtab_t *avtab; unsigned long errors; }; -static const char* policy_name(policydb_t *p) { - const char *policy_file = "policy.conf"; - if (p->name) { - policy_file = p->name; - } - return policy_file; +static const char* policy_name(const policydb_t *p) { + return p->name ?: "policy.conf"; } -static void report_failure(sepol_handle_t *handle, policydb_t *p, const avrule_t *avrule, +static void report_failure(sepol_handle_t *handle, const policydb_t *p, const avrule_t *narule, unsigned int stype, unsigned int ttype, const class_perm_node_t *curperm, uint32_t perms) { char *permstr = sepol_av_to_string(p, curperm->tclass, perms); - if (avrule->source_filename) { + if (narule->source_filename) { ERR(handle, "neverallow on line %lu of %s (or line %lu of %s) violated by allow %s %s:%s {%s };", - avrule->source_line, avrule->source_filename, avrule->line, policy_name(p), + narule->source_line, narule->source_filename, narule->line, policy_name(p), p->p_type_val_to_name[stype], p->p_type_val_to_name[ttype], p->p_class_val_to_name[curperm->tclass - 1], permstr ?: "<format-failure>"); - } else if (avrule->line) { + } else if (narule->line) { ERR(handle, "neverallow on line %lu violated by allow %s %s:%s {%s };", - avrule->line, p->p_type_val_to_name[stype], + narule->line, p->p_type_val_to_name[stype], p->p_type_val_to_name[ttype], p->p_class_val_to_name[curperm->tclass - 1], permstr ?: "<format-failure>"); @@ -74,29 +71,29 @@ static void report_failure(sepol_handle_t *handle, policydb_t *p, const avrule_t free(permstr); } -static int match_any_class_permissions(class_perm_node_t *cp, uint32_t class, uint32_t data) +static bool match_any_class_permissions(const class_perm_node_t *cp, uint32_t class, uint32_t data) { for (; cp; cp = cp->next) { if ((cp->tclass == class) && (cp->data & data)) - return 1; + return true; } - return 0; + return false; } -static int extended_permissions_and(uint32_t *perms1, uint32_t *perms2) { +static bool extended_permissions_and(const uint32_t *perms1, const uint32_t *perms2) { size_t i; for (i = 0; i < EXTENDED_PERMS_LEN; i++) { if (perms1[i] & perms2[i]) - return 1; + return true; } - return 0; + return false; } -static int check_extended_permissions(av_extended_perms_t *neverallow, avtab_extended_perms_t *allow) +static bool check_extended_permissions(const av_extended_perms_t *neverallow, const avtab_extended_perms_t *allow) { - int rc = 0; + bool rc = false; if ((neverallow->specified == AVRULE_XPERMS_IOCTLFUNCTION) && (allow->specified == AVTAB_XPERMS_IOCTLFUNCTION)) { if (neverallow->driver == allow->driver) @@ -121,8 +118,8 @@ static int check_extended_permissions(av_extended_perms_t *neverallow, avtab_ext /* Compute which allowed extended permissions violate the neverallow rule */ static void extended_permissions_violated(avtab_extended_perms_t *result, - av_extended_perms_t *neverallow, - avtab_extended_perms_t *allow) + const av_extended_perms_t *neverallow, + const avtab_extended_perms_t *allow) { size_t i; if ((neverallow->specified == AVRULE_XPERMS_IOCTLFUNCTION) @@ -157,21 +154,20 @@ static void extended_permissions_violated(avtab_extended_perms_t *result, /* Same scenarios of interest as check_assertion_extended_permissions */ static int report_assertion_extended_permissions(sepol_handle_t *handle, - policydb_t *p, const avrule_t *avrule, + policydb_t *p, const avrule_t *narule, unsigned int stype, unsigned int ttype, const class_perm_node_t *curperm, uint32_t perms, - avtab_key_t *k, avtab_t *avtab) + const avtab_key_t *k, avtab_t *avtab) { avtab_ptr_t node; avtab_key_t tmp_key; avtab_extended_perms_t *xperms; avtab_extended_perms_t error; - ebitmap_t *sattr = &p->type_attr_map[stype]; - ebitmap_t *tattr = &p->type_attr_map[ttype]; + const ebitmap_t *sattr = &p->type_attr_map[stype]; + const ebitmap_t *tattr = &p->type_attr_map[ttype]; ebitmap_node_t *snode, *tnode; unsigned int i, j; - int rc; - int found_xperm = 0; + bool found_xperm = false; int errors = 0; memcpy(&tmp_key, k, sizeof(avtab_key_t)); @@ -189,18 +185,17 @@ static int report_assertion_extended_permissions(sepol_handle_t *handle, && (xperms->specified != AVTAB_XPERMS_IOCTLDRIVER) && (xperms->specified != AVTAB_XPERMS_NLMSG)) continue; - found_xperm = 1; - rc = check_extended_permissions(avrule->xperms, xperms); + found_xperm = true; /* failure on the extended permission check_extended_permissions */ - if (rc) { + if (check_extended_permissions(narule->xperms, xperms)) { char *permstring; - extended_permissions_violated(&error, avrule->xperms, xperms); + extended_permissions_violated(&error, narule->xperms, xperms); permstring = sepol_extended_perms_to_string(&error); ERR(handle, "neverallowxperm on line %lu of %s (or line %lu of %s) violated by\n" "allowxperm %s %s:%s %s;", - avrule->source_line, avrule->source_filename, avrule->line, policy_name(p), + narule->source_line, narule->source_filename, narule->line, policy_name(p), p->p_type_val_to_name[i], p->p_type_val_to_name[j], p->p_class_val_to_name[curperm->tclass - 1], @@ -219,7 +214,7 @@ static int report_assertion_extended_permissions(sepol_handle_t *handle, ERR(handle, "neverallowxperm on line %lu of %s (or line %lu of %s) violated by\n" "allow %s %s:%s {%s };", - avrule->source_line, avrule->source_filename, avrule->line, policy_name(p), + narule->source_line, narule->source_filename, narule->line, policy_name(p), p->p_type_val_to_name[stype], p->p_type_val_to_name[ttype], p->p_class_val_to_name[curperm->tclass - 1], @@ -240,26 +235,26 @@ static int report_assertion_avtab_matches(avtab_key_t *k, avtab_datum_t *d, void sepol_handle_t *handle = a->handle; policydb_t *p = a->p; avtab_t *avtab = a->avtab; - avrule_t *avrule = a->avrule; - class_perm_node_t *cp; + const avrule_t *narule = a->narule; + const class_perm_node_t *cp; uint32_t perms; ebitmap_t src_matches, tgt_matches, self_matches; ebitmap_node_t *snode, *tnode; unsigned int i, j; - const int is_avrule_self = (avrule->flags & RULE_SELF) != 0; - const int is_avrule_notself = (avrule->flags & RULE_NOTSELF) != 0; + const bool is_narule_self = (narule->flags & RULE_SELF) != 0; + const bool is_narule_notself = (narule->flags & RULE_NOTSELF) != 0; if ((k->specified & AVTAB_ALLOWED) == 0) return 0; - if (!match_any_class_permissions(avrule->perms, k->target_class, d->data)) + if (!match_any_class_permissions(narule->perms, k->target_class, d->data)) return 0; ebitmap_init(&src_matches); ebitmap_init(&tgt_matches); ebitmap_init(&self_matches); - rc = ebitmap_and(&src_matches, &avrule->stypes.types, + rc = ebitmap_and(&src_matches, &narule->stypes.types, &p->attr_type_map[k->source_type - 1]); if (rc < 0) goto oom; @@ -267,22 +262,22 @@ static int report_assertion_avtab_matches(avtab_key_t *k, avtab_datum_t *d, void if (ebitmap_is_empty(&src_matches)) goto exit; - if (is_avrule_notself) { - if (ebitmap_is_empty(&avrule->ttypes.types)) { + if (is_narule_notself) { + if (ebitmap_is_empty(&narule->ttypes.types)) { /* avrule tgt is of the form ~self */ rc = ebitmap_cpy(&tgt_matches, &p->attr_type_map[k->target_type -1]); } else { /* avrule tgt is of the form {ATTR -self} */ - rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types, &p->attr_type_map[k->target_type - 1]); + rc = ebitmap_and(&tgt_matches, &narule->ttypes.types, &p->attr_type_map[k->target_type - 1]); } if (rc) goto oom; } else { - rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types, &p->attr_type_map[k->target_type -1]); + rc = ebitmap_and(&tgt_matches, &narule->ttypes.types, &p->attr_type_map[k->target_type -1]); if (rc < 0) goto oom; - if (is_avrule_self) { + if (is_narule_self) { rc = ebitmap_and(&self_matches, &src_matches, &p->attr_type_map[k->target_type - 1]); if (rc < 0) goto oom; @@ -298,7 +293,7 @@ static int report_assertion_avtab_matches(avtab_key_t *k, avtab_datum_t *d, void if (ebitmap_is_empty(&tgt_matches)) goto exit; - for (cp = avrule->perms; cp; cp = cp->next) { + for (cp = narule->perms; cp; cp = cp->next) { perms = cp->data & d->data; if ((cp->tclass != k->target_class) || !perms) { @@ -307,16 +302,16 @@ static int report_assertion_avtab_matches(avtab_key_t *k, avtab_datum_t *d, void ebitmap_for_each_positive_bit(&src_matches, snode, i) { ebitmap_for_each_positive_bit(&tgt_matches, tnode, j) { - if (is_avrule_self && i != j) + if (is_narule_self && i != j) continue; - if (is_avrule_notself && i == j) + if (is_narule_notself && i == j) continue; - if (avrule->specified == AVRULE_XPERMS_NEVERALLOW) { - a->errors += report_assertion_extended_permissions(handle,p, avrule, + if (narule->specified == AVRULE_XPERMS_NEVERALLOW) { + a->errors += report_assertion_extended_permissions(handle,p, narule, i, j, cp, perms, k, avtab); } else { a->errors++; - report_failure(handle, p, avrule, i, j, cp, perms); + report_failure(handle, p, narule, i, j, cp, perms); } } } @@ -330,22 +325,22 @@ exit: return rc; } -static int report_assertion_failures(sepol_handle_t *handle, policydb_t *p, avrule_t *avrule) +static int report_assertion_failures(sepol_handle_t *handle, policydb_t *p, const avrule_t *narule) { int rc; - struct avtab_match_args args; - - args.handle = handle; - args.p = p; - args.avrule = avrule; - args.errors = 0; + struct avtab_match_args args = { + .handle = handle, + .p = p, + .narule = narule, + .errors = 0, + }; - args.avtab = &p->te_avtab; + args.avtab = &p->te_avtab; rc = avtab_map(&p->te_avtab, report_assertion_avtab_matches, &args); if (rc < 0) goto oom; - args.avtab = &p->te_cond_avtab; + args.avtab = &p->te_cond_avtab; rc = avtab_map(&p->te_cond_avtab, report_assertion_avtab_matches, &args); if (rc < 0) goto oom; @@ -360,19 +355,19 @@ oom: * Look up the extended permissions in avtab and verify that neverallowed * permissions are not granted. */ -static int check_assertion_extended_permissions_avtab(avrule_t *avrule, avtab_t *avtab, +static bool check_assertion_extended_permissions_avtab(const avrule_t *narule, avtab_t *avtab, unsigned int stype, unsigned int ttype, - avtab_key_t *k, policydb_t *p) + const avtab_key_t *k, policydb_t *p) { avtab_ptr_t node; avtab_key_t tmp_key; - avtab_extended_perms_t *xperms; - av_extended_perms_t *neverallow_xperms = avrule->xperms; - ebitmap_t *sattr = &p->type_attr_map[stype]; - ebitmap_t *tattr = &p->type_attr_map[ttype]; + const avtab_extended_perms_t *xperms; + const av_extended_perms_t *neverallow_xperms = narule->xperms; + const ebitmap_t *sattr = &p->type_attr_map[stype]; + const ebitmap_t *tattr = &p->type_attr_map[ttype]; ebitmap_node_t *snode, *tnode; unsigned int i, j; - int rc = 1; + bool ret = true; memcpy(&tmp_key, k, sizeof(avtab_key_t)); tmp_key.specified = AVTAB_XPERMS_ALLOWED; @@ -390,14 +385,14 @@ static int check_assertion_extended_permissions_avtab(avrule_t *avrule, avtab_t && (xperms->specified != AVTAB_XPERMS_IOCTLDRIVER) && (xperms->specified != AVTAB_XPERMS_NLMSG)) continue; - rc = check_extended_permissions(neverallow_xperms, xperms); - if (rc) - return rc; + ret = check_extended_permissions(neverallow_xperms, xperms); + if (ret) + return ret; } } } - return rc; + return ret; } /* @@ -416,21 +411,21 @@ static int check_assertion_extended_permissions_avtab(avrule_t *avrule, avtab_t * 4. FAIL - The ioctl permission is granted AND the extended permission is * granted */ -static int check_assertion_extended_permissions(avrule_t *avrule, avtab_t *avtab, - avtab_key_t *k, policydb_t *p) +static int check_assertion_extended_permissions(const avrule_t *narule, avtab_t *avtab, + const avtab_key_t *k, policydb_t *p) { ebitmap_t src_matches, tgt_matches, self_matches; unsigned int i, j; ebitmap_node_t *snode, *tnode; - const int is_avrule_self = (avrule->flags & RULE_SELF) != 0; - const int is_avrule_notself = (avrule->flags & RULE_NOTSELF) != 0; + const bool is_narule_self = (narule->flags & RULE_SELF) != 0; + const bool is_narule_notself = (narule->flags & RULE_NOTSELF) != 0; int rc; ebitmap_init(&src_matches); ebitmap_init(&tgt_matches); ebitmap_init(&self_matches); - rc = ebitmap_and(&src_matches, &avrule->stypes.types, + rc = ebitmap_and(&src_matches, &narule->stypes.types, &p->attr_type_map[k->source_type - 1]); if (rc < 0) goto oom; @@ -440,22 +435,22 @@ static int check_assertion_extended_permissions(avrule_t *avrule, avtab_t *avtab goto exit; } - if (is_avrule_notself) { - if (ebitmap_is_empty(&avrule->ttypes.types)) { + if (is_narule_notself) { + if (ebitmap_is_empty(&narule->ttypes.types)) { /* avrule tgt is of the form ~self */ rc = ebitmap_cpy(&tgt_matches, &p->attr_type_map[k->target_type -1]); } else { /* avrule tgt is of the form {ATTR -self} */ - rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types, &p->attr_type_map[k->target_type - 1]); + rc = ebitmap_and(&tgt_matches, &narule->ttypes.types, &p->attr_type_map[k->target_type - 1]); } if (rc < 0) goto oom; } else { - rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types, &p->attr_type_map[k->target_type -1]); + rc = ebitmap_and(&tgt_matches, &narule->ttypes.types, &p->attr_type_map[k->target_type -1]); if (rc < 0) goto oom; - if (is_avrule_self) { + if (is_narule_self) { rc = ebitmap_and(&self_matches, &src_matches, &p->attr_type_map[k->target_type - 1]); if (rc < 0) goto oom; @@ -475,11 +470,11 @@ static int check_assertion_extended_permissions(avrule_t *avrule, avtab_t *avtab ebitmap_for_each_positive_bit(&src_matches, snode, i) { ebitmap_for_each_positive_bit(&tgt_matches, tnode, j) { - if (is_avrule_self && i != j) + if (is_narule_self && i != j) continue; - if (is_avrule_notself && i == j) + if (is_narule_notself && i == j) continue; - if (check_assertion_extended_permissions_avtab(avrule, avtab, i, j, k, p)) { + if (check_assertion_extended_permissions_avtab(narule, avtab, i, j, k, p)) { rc = 1; goto exit; } @@ -496,7 +491,7 @@ exit: return rc; } -static int check_assertion_notself_match(avtab_key_t *k, avrule_t *avrule, policydb_t *p) +static int check_assertion_notself_match(const avtab_key_t *k, const avrule_t *narule, policydb_t *p) { ebitmap_t src_matches, tgt_matches; unsigned int num_src_matches, num_tgt_matches; @@ -505,16 +500,16 @@ static int check_assertion_notself_match(avtab_key_t *k, avrule_t *avrule, polic ebitmap_init(&src_matches); ebitmap_init(&tgt_matches); - rc = ebitmap_and(&src_matches, &avrule->stypes.types, &p->attr_type_map[k->source_type - 1]); + rc = ebitmap_and(&src_matches, &narule->stypes.types, &p->attr_type_map[k->source_type - 1]); if (rc < 0) goto oom; - if (ebitmap_is_empty(&avrule->ttypes.types)) { + if (ebitmap_is_empty(&narule->ttypes.types)) { /* avrule tgt is of the form ~self */ rc = ebitmap_cpy(&tgt_matches, &p->attr_type_map[k->target_type - 1]); } else { /* avrule tgt is of the form {ATTR -self} */ - rc = ebitmap_and(&tgt_matches, &avrule->ttypes.types, &p->attr_type_map[k->target_type - 1]); + rc = ebitmap_and(&tgt_matches, &narule->ttypes.types, &p->attr_type_map[k->target_type - 1]); } if (rc < 0) goto oom; @@ -551,7 +546,7 @@ nomatch: return rc; } -static int check_assertion_self_match(avtab_key_t *k, avrule_t *avrule, policydb_t *p) +static int check_assertion_self_match(const avtab_key_t *k, const avrule_t *narule, policydb_t *p) { ebitmap_t src_matches; int rc; @@ -560,7 +555,7 @@ static int check_assertion_self_match(avtab_key_t *k, avrule_t *avrule, policydb * and the key's source. */ - rc = ebitmap_and(&src_matches, &avrule->stypes.types, &p->attr_type_map[k->source_type - 1]); + rc = ebitmap_and(&src_matches, &narule->stypes.types, &p->attr_type_map[k->source_type - 1]); if (rc < 0) goto oom; @@ -582,29 +577,29 @@ static int check_assertion_avtab_match(avtab_key_t *k, avtab_datum_t *d, void *a int rc; struct avtab_match_args *a = (struct avtab_match_args *)args; policydb_t *p = a->p; - avrule_t *avrule = a->avrule; + const avrule_t *narule = a->narule; avtab_t *avtab = a->avtab; if ((k->specified & AVTAB_ALLOWED) == 0) goto nomatch; - if (!match_any_class_permissions(avrule->perms, k->target_class, d->data)) + if (!match_any_class_permissions(narule->perms, k->target_class, d->data)) goto nomatch; - if (!ebitmap_match_any(&avrule->stypes.types, &p->attr_type_map[k->source_type - 1])) + if (!ebitmap_match_any(&narule->stypes.types, &p->attr_type_map[k->source_type - 1])) goto nomatch; - if (avrule->flags & RULE_NOTSELF) { - rc = check_assertion_notself_match(k, avrule, p); + if (narule->flags & RULE_NOTSELF) { + rc = check_assertion_notself_match(k, narule, p); if (rc < 0) goto oom; if (rc == 0) goto nomatch; } else { /* neverallow may have tgts even if it uses SELF */ - if (!ebitmap_match_any(&avrule->ttypes.types, &p->attr_type_map[k->target_type -1])) { - if (avrule->flags == RULE_SELF) { - rc = check_assertion_self_match(k, avrule, p); + if (!ebitmap_match_any(&narule->ttypes.types, &p->attr_type_map[k->target_type -1])) { + if (narule->flags == RULE_SELF) { + rc = check_assertion_self_match(k, narule, p); if (rc < 0) goto oom; if (rc == 0) @@ -615,8 +610,8 @@ static int check_assertion_avtab_match(avtab_key_t *k, avtab_datum_t *d, void *a } } - if (avrule->specified == AVRULE_XPERMS_NEVERALLOW) { - rc = check_assertion_extended_permissions(avrule, avtab, k, p); + if (narule->specified == AVRULE_XPERMS_NEVERALLOW) { + rc = check_assertion_extended_permissions(narule, avtab, k, p); if (rc < 0) goto oom; if (rc == 0) @@ -631,17 +626,17 @@ oom: return rc; } -int check_assertion(policydb_t *p, avrule_t *avrule) +int check_assertion(policydb_t *p, const avrule_t *narule) { int rc; - struct avtab_match_args args; + struct avtab_match_args args = { + .handle = NULL, + .p = p, + .narule = narule, + .errors = 0, + }; - args.handle = NULL; - args.p = p; - args.avrule = avrule; - args.errors = 0; args.avtab = &p->te_avtab; - rc = avtab_map(&p->te_avtab, check_assertion_avtab_match, &args); if (rc == 0) { @@ -653,20 +648,13 @@ int check_assertion(policydb_t *p, avrule_t *avrule) } int check_assertions(sepol_handle_t * handle, policydb_t * p, - avrule_t * avrules) + const avrule_t * narules) { int rc; - avrule_t *a; + const avrule_t *a; unsigned long errors = 0; - if (!avrules) { - /* Since assertions are stored in avrules, if it is NULL - there won't be any to check. This also prevents an invalid - free if the avtabs are never initialized */ - return 0; - } - - for (a = avrules; a != NULL; a = a->next) { + for (a = narules; a != NULL; a = a->next) { if (!(a->specified & (AVRULE_NEVERALLOW | AVRULE_XPERMS_NEVERALLOW))) continue; rc = check_assertion(p, a);