[RFC,v2,38/40,WIP] checkpolicy: validate generated policies

Message ID	20211105154542.38434-39-cgzones@googlemail.com (mailing list archive)
State	Not Applicable
Headers	show Return-Path: <selinux-owner@kernel.org> From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> To: selinux@vger.kernel.org Subject: [RFC PATCH v2 38/40] [WIP] checkpolicy: validate generated policies Date: Fri, 5 Nov 2021 16:45:40 +0100 Message-Id: <20211105154542.38434-39-cgzones@googlemail.com> In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com> References: <20211011162533.53404-1-cgzones@googlemail.com> <20211105154542.38434-1-cgzones@googlemail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	libsepol: add fuzzer for reading binary policies \| expand [RFC,v2,00/36] libsepol: add fuzzer for reading binary policies [RFC,v2,01/36] cifuzz: enable report-unreproducible-crashes [RFC,v2,02/36] cifuzz: use the default runtime of 600 seconds [RFC,v2,03/36] libsepol/fuzz: silence secilc-fuzzer [RFC,v2,04/36] libsepol: add libfuzz based fuzzer for reading binary policies [RFC,v2,05/36] libsepol/fuzz: limit element sizes for fuzzing [RFC,v2,06/36] libsepol: use logging framework in conditional.c [RFC,v2,07/36] libsepol: use logging framework in ebitmap.c [RFC,v2,08/36] libsepol: use mallocarray wrapper to avoid overflows [RFC,v2,09/36] libsepol: use reallocarray wrapper to avoid overflows [RFC,v2,10/36] libsepol: add checks for read sizes [RFC,v2,11/36] libsepol: enforce avtab item limit [RFC,v2,12/36] libsepol: clean memory on conditional insertion failure [RFC,v2,13/36] libsepol: reject abnormal huge sid ids [RFC,v2,14/36] libsepol: reject invalid filetrans source type [RFC,v2,15/36] libsepol: zero member before potential dereference [RFC,v2,16/36] libsepol: use size_t for indexes in strs helpers [RFC,v2,17/36] libsepol: do not underflow on short format arguments [RFC,v2,18/36] libsepol: do not crash on class gaps [RFC,v2,19/36] libsepol: do not crash on user gaps [RFC,v2,20/36] libsepol: use correct size for initial string list [RFC,v2,21/36] libsepol: do not create a string list with initial size zero [RFC,v2,22/36] libsepol: split validation of datum array gaps and entries [RFC,v2,23/36] libsepol: validate MLS levels [RFC,v2,24/36] libsepol: validate expanded user range and level [RFC,v2,25/36] libsepol: validate permission count of classes [RFC,v2,26/36] libsepol: resolve log message mismatch [RFC,v2,27/36] libsepol: validate avtab and avrule types [RFC,v2,28/36] libsepol: validate constraint expression operators and attributes [RFC,v2,29/36] libsepol: validate type of avtab type rules [RFC,v2,30/36] libsepol: validate ocontexts [RFC,v2,31/36] libsepol: validate genfs contexts [RFC,v2,32/36] libsepol: validate permissive types [RFC,v2,33/36] libsepol: validate policy properties [RFC,v2,34/36] libsepol: validate categories [RFC,v2,35/36] libsepol: validate fsuse types [RFC,v2,36/36] libsepol: validate class default targets [RFC,v2,37/40,WIP] libsepol: export policydb_validate [RFC,v2,38/40,WIP] checkpolicy: validate generated policies [RFC,v2,39/40,CROSS-PATCH] libsepol: avoid passing NULL pointer to memcpy [RFC,v2,40/40,CROSS-PATCH] libsepol: do not pass NULL to memcpy

Message ID

20211105154542.38434-39-cgzones@googlemail.com (mailing list archive)

State

Not Applicable

Headers

From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [RFC PATCH v2 38/40] [WIP] checkpolicy: validate generated policies
Date: Fri,  5 Nov 2021 16:45:40 +0100
Message-Id: <20211105154542.38434-39-cgzones@googlemail.com>
In-Reply-To: <20211105154542.38434-1-cgzones@googlemail.com>
References: <20211011162533.53404-1-cgzones@googlemail.com>
 <20211105154542.38434-1-cgzones@googlemail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

libsepol: add fuzzer for reading binary policies | expand

Commit Message

Christian Göttsche Nov. 5, 2021, 3:45 p.m. UTC

After generating policies validate them.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 checkpolicy/checkmodule.c | 8 ++++++++
 checkpolicy/checkpolicy.c | 6 ++++++
 2 files changed, 14 insertions(+)

diff --git a/checkpolicy/checkmodule.c b/checkpolicy/checkmodule.c
index 3432608b..846e5a36 100644
--- a/checkpolicy/checkmodule.c
+++ b/checkpolicy/checkmodule.c
@@ -29,6 +29,7 @@ 
 #include <sepol/policydb/expand.h>
 #include <sepol/policydb/link.h>
 #include <sepol/policydb/sidtab.h>
+#include <sepol/policydb/validate.h>
 
 #include "queue.h"
 #include "checkpolicy.h"
@@ -329,6 +330,13 @@  int main(int argc, char **argv)
 
 	sepol_sidtab_destroy(&sidtab);
 
+	modpolicydb.policyvers = policyvers;
+
+	if (validate_policydb(NULL, &modpolicydb)) {
+		fprintf(stderr, "%s:  validation of generated policy failed\n", argv[0]);
+		exit(1);
+	}
+
 	if (outfile) {
 		FILE *outfp = fopen(outfile, "w");
 
diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index 926ce72c..3ce63d06 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c
@@ -87,6 +87,7 @@ 
 #include <sepol/policydb/hierarchy.h>
 #include <sepol/policydb/expand.h>
 #include <sepol/policydb/link.h>
+#include <sepol/policydb/validate.h>
 
 #include "queue.h"
 #include "checkpolicy.h"
@@ -652,6 +653,11 @@  int main(int argc, char **argv)
 		}
 	}
 
+	if (validate_policydb(NULL, policydbp)) {
+		fprintf(stderr, "%s:  validation of generated policy failed\n", argv[0]);
+		exit(1);
+	}
+
 	if (outfile) {
 		if (!strcmp(outfile, "-")) {
 			outfp = stdout;

[RFC,v2,38/40,WIP] checkpolicy: validate generated policies

Commit Message

Patch