diff mbox series

[v3,35/36] libsepol: validate fsuse types

Message ID	20211209164928.87459-36-cgzones@googlemail.com (mailing list archive)
State	Accepted
Headers	show Return-Path: <selinux-owner@kernel.org> From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> To: selinux@vger.kernel.org Subject: [PATCH v3 35/36] libsepol: validate fsuse types Date: Thu, 9 Dec 2021 17:49:27 +0100 Message-Id: <20211209164928.87459-36-cgzones@googlemail.com> In-Reply-To: <20211209164928.87459-1-cgzones@googlemail.com> References: <20211105154542.38434-1-cgzones@googlemail.com> <20211209164928.87459-1-cgzones@googlemail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	libsepol: add fuzzer for reading binary policies \| expand [v3,00/36] libsepol: add fuzzer for reading binary policies [v3,01/36] cifuzz: enable report-unreproducible-crashes [v3,02/36] cifuzz: use the default runtime of 600 seconds [v3,03/36] libsepol/fuzz: silence secilc-fuzzer [v3,04/36] libsepol: add libfuzz based fuzzer for reading binary policies [v3,05/36] libsepol/fuzz: limit element sizes for fuzzing [v3,06/36] libsepol: use logging framework in conditional.c [v3,07/36] libsepol: use logging framework in ebitmap.c [v3,08/36] libsepol: use mallocarray wrapper to avoid overflows [v3,09/36] libsepol: use reallocarray wrapper to avoid overflows [v3,10/36] libsepol: add checks for read sizes [v3,11/36] libsepol: enforce avtab item limit [v3,12/36] libsepol: clean memory on conditional insertion failure [v3,13/36] libsepol: reject abnormal huge sid ids [v3,14/36] libsepol: reject invalid filetrans source type [v3,15/36] libsepol: zero member before potential dereference [v3,16/36] libsepol: use size_t for indexes in strs helpers [v3,17/36] libsepol: do not underflow on short format arguments [v3,18/36] libsepol: do not crash on class gaps [v3,19/36] libsepol: do not crash on user gaps [v3,20/36] libsepol: use correct size for initial string list [v3,21/36] libsepol: do not create a string list with initial size zero [v3,22/36] libsepol: split validation of datum array gaps and entries [v3,23/36] libsepol: validate MLS levels [v3,24/36] libsepol: validate expanded user range and level [v3,25/36] libsepol: validate permission count of classes [v3,26/36] libsepol: resolve log message mismatch [v3,27/36] libsepol: validate avtab and avrule types [v3,28/36] libsepol: validate constraint expression operators and attributes [v3,29/36] libsepol: validate type of avtab type rules [v3,30/36] libsepol: validate ocontexts [v3,31/36] libsepol: validate genfs contexts [v3,32/36] libsepol: validate permissive types [v3,33/36] libsepol: validate policy properties [v3,34/36] libsepol: validate categories [v3,35/36] libsepol: validate fsuse types [v3,36/36] libsepol: validate class default targets

Commit Message

Christian Göttsche Dec. 9, 2021, 4:49 p.m. UTC

Check the fsuse type is valid, e.g. of type xattr, trans or task.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

---
v2:
   do not reject in binary reading, but check at validation step
---
 libsepol/src/policydb_validate.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff mbox series

Patch

diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index 2f30a3ad..b2d0e5e5 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -2,6 +2,7 @@ 
 #include <sepol/policydb/conditional.h>
 #include <sepol/policydb/ebitmap.h>
 #include <sepol/policydb/policydb.h>
+#include <sepol/policydb/services.h>
 
 #include "debug.h"
 #include "policydb_validate.h"
@@ -778,6 +779,15 @@  static int validate_ocontexts(sepol_handle_t *handle, policydb_t *p, validate_t
 					if (validate_context(&octx->context[1], flavors, p->mls))
 						goto bad;
 					break;
+				case OCON_FSUSE:
+					switch (octx->v.behavior) {
+					case SECURITY_FS_USE_XATTR:
+					case SECURITY_FS_USE_TRANS:
+					case SECURITY_FS_USE_TASK:
+						break;
+					default:
+						goto bad;
+					}
 				}
 			}
 		}