diff mbox series

[3/3] libsepol: validate several flags

Message ID 20220210185234.41362-3-cgzones@googlemail.com (mailing list archive)
State Accepted
Headers show
Series [1/3] libsepol: use correct error type to please UBSAN | expand

Commit Message

Christian Göttsche Feb. 10, 2022, 6:52 p.m. UTC 
Check the type for type and role sets is valid.

Check the scope of a scope datum is valid.

Check the flavor and flags of a type datum are valid.

Check xperms are set if and only if it is an extended permission avrule.

Check xperms has a valid specified field.

Check the flag of avrule blocks is valid.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/src/policydb_validate.c | 86 +++++++++++++++++++++++++++++++-
 1 file changed, 84 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index 41822e61..735c7a33 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -124,6 +124,15 @@  static int validate_type_set(type_set_t *type_set, validate_t *type)
 	if (validate_ebitmap(&type_set->negset, type))
 		goto bad;
 
+	switch (type_set->flags) {
+	case 0:
+	case TYPE_STAR:
+	case TYPE_COMP:
+		break;
+	default:
+		goto bad;
+	}
+
 	return 0;
 
 bad:
@@ -148,9 +157,21 @@  bad:
 static int validate_role_set(role_set_t *role_set, validate_t *role)
 {
 	if (validate_ebitmap(&role_set->roles, role))
-		return -1;
+		goto bad;
+
+	switch (role_set->flags) {
+	case 0:
+	case ROLE_STAR:
+	case ROLE_COMP:
+		break;
+	default:
+		goto bad;
+	}
 
 	return 0;
+
+bad:
+	return -1;
 }
 
 static int validate_scope(__attribute__ ((unused)) hashtab_key_t k, hashtab_datum_t d, void *args)
@@ -159,12 +180,23 @@  static int validate_scope(__attribute__ ((unused)) hashtab_key_t k, hashtab_datu
 	uint32_t *nprim = (uint32_t *)args;
 	unsigned int i;
 
+	switch (scope_datum->scope) {
+	case SCOPE_REQ:
+	case SCOPE_DECL:
+		break;
+	default:
+		goto bad;
+	}
+
 	for (i = 0; i < scope_datum->decl_ids_len; i++) {
 		if (!value_isvalid(scope_datum->decl_ids[i], *nprim))
-			return -1;
+			goto bad;
 	}
 
 	return 0;
+
+bad:
+	return -1;
 }
 
 static int validate_scopes(sepol_handle_t *handle, symtab_t scopes[], avrule_block_t *block)
@@ -403,6 +435,26 @@  static int validate_type_datum(sepol_handle_t *handle, type_datum_t *type, valid
 	if (type->bounds && validate_value(type->bounds, &flavors[SYM_TYPES]))
 		goto bad;
 
+	switch (type->flavor) {
+	case TYPE_TYPE:
+	case TYPE_ATTRIB:
+	case TYPE_ALIAS:
+		break;
+	default:
+		goto bad;
+	}
+
+	switch (type->flags) {
+	case 0:
+	case TYPE_FLAGS_PERMISSIVE:
+	case TYPE_FLAGS_EXPAND_ATTR_TRUE:
+	case TYPE_FLAGS_EXPAND_ATTR_FALSE:
+	case TYPE_FLAGS_EXPAND_ATTR:
+		break;
+	default:
+		goto bad;
+	}
+
 	return 0;
 
 bad:
@@ -688,6 +740,7 @@  static int validate_avrules(sepol_handle_t *handle, avrule_t *avrule, validate_t
 			if (validate_value(class->tclass, &flavors[SYM_CLASSES]))
 				goto bad;
 		}
+
 		switch(avrule->specified) {
 		case AVRULE_ALLOWED:
 		case AVRULE_AUDITALLOW:
@@ -705,6 +758,27 @@  static int validate_avrules(sepol_handle_t *handle, avrule_t *avrule, validate_t
 		default:
 			goto bad;
 		}
+
+		if (avrule->specified & AVRULE_XPERMS) {
+			if (!avrule->xperms)
+				goto bad;
+			switch (avrule->xperms->specified) {
+			case AVRULE_XPERMS_IOCTLFUNCTION:
+			case AVRULE_XPERMS_IOCTLDRIVER:
+				break;
+			default:
+				goto bad;
+			}
+		} else if (avrule->xperms)
+			goto bad;
+
+		switch(avrule->flags) {
+		case 0:
+		case RULE_SELF:
+			break;
+		default:
+			goto bad;
+		}
 	}
 
 	return 0;
@@ -1041,6 +1115,14 @@  static int validate_avrule_blocks(sepol_handle_t *handle, avrule_block_t *avrule
 			if (validate_symtabs(handle, decl->symtab, flavors))
 				goto bad;
 		}
+
+		switch (avrule_block->flags) {
+		case 0:
+		case AVRULE_OPTIONAL:
+			break;
+		default:
+			goto bad;
+		}
 	}
 
 	return 0;