From patchwork Thu Apr  8 19:16:04 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: James Carter <jwcart2@gmail.com>
X-Patchwork-Id: 12192343
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DC55CC433B4
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:29 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 9DA5D61103
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:29 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232515AbhDHTQk (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 8 Apr 2021 15:16:40 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59020 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231866AbhDHTQh (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 8 Apr 2021 15:16:37 -0400
Received: from mail-qt1-x833.google.com (mail-qt1-x833.google.com
 [IPv6:2607:f8b0:4864:20::833])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8F349C061760
        for <selinux@vger.kernel.org>; Thu,  8 Apr 2021 12:16:24 -0700 (PDT)
Received: by mail-qt1-x833.google.com with SMTP id m16so1689972qtx.9
        for <selinux@vger.kernel.org>; Thu, 08 Apr 2021 12:16:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=yT1pgVzVhgcQ0yx0VNCZ0mT9YDDPJwzu+O7bptRkNJ8=;
        b=WcJSJ5s4ja1/idIAWY7qxSdGvwaBED28NCWgC1jtr00ZDVaLuyL6vOa9Fk4Ju/mDd5
         JcjniUe+lC9E1+gJfAvcdMMYIh45oTuRaxwlMpD6jF2Df5X6xx7ps1ob4kyZ0kOrZja5
         ERKNB+I98CrbOdpPNOfanuU4WTeKCuFzdX43gjQwNPTGTXEW7Ck7+XCTIlplgTP8Hf9R
         UxkV9a/Ga56Sg9Mlljp3ucXC4mrOLKIS8KeJsOLZ0oDvkNIRGAI6RGBSCZsGwO0b/yF0
         IyEmiLNxPjX9pLBuVIZze9cRTu8zv/t5SV6LrJbpqtjdFLVSMiTTKTHJe/2iKw4QBU80
         kQJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=yT1pgVzVhgcQ0yx0VNCZ0mT9YDDPJwzu+O7bptRkNJ8=;
        b=n6vR/x3sfZiHGZEzIAfiXuKLj3Bnm8JxRGDknxxxjDDPb+QrZPlszxlXPW1LVttllo
         eDbuL0RfT04L5SL0qaY9ehVfCvgN5lHFQJ8pjtZTXVupQQi2R4sQi9lcJyL8fOuQ6EPs
         XGvNR3kCqMRd3b6L/Ye2Wu0IXMHbL6LS3AOeVffV9LaLBgftvpF0xOGSLH9/Rks/AfdT
         cYn89KlYvZ1+G5gEiwen+1t6Y6eVGPez2V0BYlZtQ71wJQT7qo+kfQvXp3C+KuKw+6os
         WUKG8GlSYSot7zcVryTF+5x9j4Rt1qNNSys7c6u1MhmfKPyLjBvvb+3uxsGMf8Z9V3a7
         OUcw==
X-Gm-Message-State: AOAM532GHCAKdoyOsJS99xBzaFx/ySFPy1FED2400YZaO6hGUHbeHtba
        a15Ay9DlH65sPl+07gBblCa9v35F9owd/w==
X-Google-Smtp-Source: 
 ABdhPJwWgdNdW3/YY37VTj5K72E1E76pBg2EdbtFhWbB+crymIol6dZkYIkOMibEhLglAvnr6oSlbg==
X-Received: by 2002:ac8:5a0d:: with SMTP id n13mr9085479qta.211.1617909383746;
        Thu, 08 Apr 2021 12:16:23 -0700 (PDT)
Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net.
 [73.200.157.122])
        by smtp.gmail.com with ESMTPSA id
 v128sm147949qkc.127.2021.04.08.12.16.23
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 08 Apr 2021 12:16:23 -0700 (PDT)
From: James Carter <jwcart2@gmail.com>
To: selinux@vger.kernel.org
Cc: nicolas.iooss@m4x.org, James Carter <jwcart2@gmail.com>
Subject: [PATCH 01/11] libsepol/cil: Fix out-of-bound read of file context
 pattern ending with "\"
Date: Thu,  8 Apr 2021 15:16:04 -0400
Message-Id: <20210408191614.262173-2-jwcart2@gmail.com>
X-Mailer: git-send-email 2.26.3
In-Reply-To: <20210408191614.262173-1-jwcart2@gmail.com>
References: <20210408191614.262173-1-jwcart2@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Based on patch by Nicolas Iooss, who writes:
  OSS-Fuzz found a Heap-buffer-overflow in the CIL compiler when trying
  to compile the following policy:

    (sid SID)
    (sidorder(SID))
    (filecon "\" any ())
    (filecon "" any ())

  When cil_post_fc_fill_data() processes "\", it goes beyond the NUL
  terminator of the string. Fix this by returning when '\0' is read
  after a backslash.

To be consistent with the function compute_diffdata() in
refpolicy/support/fc_sort.py, also increment str_len in this case.

Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28484
Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/cil/src/cil_post.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
index d2ecbd43..fd4758dc 100644
--- a/libsepol/cil/src/cil_post.c
+++ b/libsepol/cil/src/cil_post.c
@@ -186,6 +186,13 @@ static void cil_post_fc_fill_data(struct fc_data *fc, const char *path)
 			break;
 		case '\\':
 			c++;
+			if (path[c] == '\0') {
+				if (!fc->meta) {
+					fc->stem_len++;
+				}
+				fc->str_len++;
+				return;
+			}
 			/* FALLTHRU */
 		default:
 			if (!fc->meta) {

From patchwork Thu Apr  8 19:16:05 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: James Carter <jwcart2@gmail.com>
X-Patchwork-Id: 12192345
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 4D821C43460
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:30 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 04F0F610F9
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:29 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231420AbhDHTQk (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 8 Apr 2021 15:16:40 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59028 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231940AbhDHTQk (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 8 Apr 2021 15:16:40 -0400
Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com
 [IPv6:2607:f8b0:4864:20::82a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C3606C061761
        for <selinux@vger.kernel.org>; Thu,  8 Apr 2021 12:16:26 -0700 (PDT)
Received: by mail-qt1-x82a.google.com with SMTP id g24so2317660qts.6
        for <selinux@vger.kernel.org>; Thu, 08 Apr 2021 12:16:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=G08xcHAvZeOnKEFrI6/qJno7ukWbzL3vJBkY5jHXdkI=;
        b=QbR02fI8qUmALjNLGW2yTnAiWVh3gzitmU7m8ITHmvCTmR6I+8fFr2MC8H8FFT59sT
         l9trRrVvisPcQmjwfh5p4XxqYGbgOWnEN9sD5bE0caegdgLfbN5rj6FUb7GMXo+zaRo0
         55ezl04DN6st7jlWyIj0E1XBEtq7mn5plgie9lsSs97Q2Tgp9fimWu+QjszoS+8wFkbx
         0J1jniHuI6WbLO8/6sd7t6BMtkDW5FQKz9RemsYiKovlLHoQxBj5KaYd/LNkKa+hTuuS
         fMbGI2t0gbMO7sBcQUXr/beugW7n06upLw0r64QlA0Q/b065tEexstbR7uZZg+k8byhm
         kU+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=G08xcHAvZeOnKEFrI6/qJno7ukWbzL3vJBkY5jHXdkI=;
        b=CsOB30qUqAYI0anoffV3TGc3KLGdIVTSqtWtSC/4ghbpmVo41V4/0X/m5TtyuOqsrg
         qd5VXMOe8Qdf/UzNJj8Kotj0A4RMZ4A5hDKLmBhzhrNwRJTVgc6KwYB84mwSi5hc7Xhj
         la0cZsDRzwgj/CJL4lhfbmd1qcPS1ekF4pS16qXTonecW2nLck8AQvSlN0l5FuuEewvJ
         SH7lXrnLqHZjUOkJFQ8A6hsBCGVhnecSm3elmPj83NdhdQgSiEHC+rkS83t8ooBCyYEY
         lGv9tIyakpgMkH7hHqvFeKEPpJMPmJ2/2Rj6hhqPXA71YaqP9G3+nfZJzYJTAFTIlmad
         Z2dg==
X-Gm-Message-State: AOAM530iE542vvVBQ/niEAfZdVy4sEcIxjPybbqJpgM64aSgpB3dNX/P
        a+K3cRlPmStZlmILiTG65I9AUKjFAzIw3g==
X-Google-Smtp-Source: 
 ABdhPJy0jYzbg4ILOVN4BlOcBT8ogKeRhLiFejdcoC4h429Weq/jaLYxNmTOXvDmki7giMa6jvCWcQ==
X-Received: by 2002:ac8:734c:: with SMTP id q12mr9265117qtp.160.1617909385776;
        Thu, 08 Apr 2021 12:16:25 -0700 (PDT)
Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net.
 [73.200.157.122])
        by smtp.gmail.com with ESMTPSA id
 v128sm147949qkc.127.2021.04.08.12.16.25
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 08 Apr 2021 12:16:25 -0700 (PDT)
From: James Carter <jwcart2@gmail.com>
To: selinux@vger.kernel.org
Cc: nicolas.iooss@m4x.org, James Carter <jwcart2@gmail.com>
Subject: [PATCH 02/11] libsepol/cil: Destroy classperms list when resetting
 classpermission
Date: Thu,  8 Apr 2021 15:16:05 -0400
Message-Id: <20210408191614.262173-3-jwcart2@gmail.com>
X-Mailer: git-send-email 2.26.3
In-Reply-To: <20210408191614.262173-1-jwcart2@gmail.com>
References: <20210408191614.262173-1-jwcart2@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Nicolas Iooss reports:
  A few months ago, OSS-Fuzz found a crash in the CIL compiler, which
  got reported as
  https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28648 (the title
  is misleading, or is caused by another issue that conflicts with the
  one I report in this message). Here is a minimized CIL policy which
  reproduces the issue:

  (class CLASS (PERM))
  (classorder (CLASS))
  (sid SID)
  (sidorder (SID))
  (user USER)
  (role ROLE)
  (type TYPE)
  (category CAT)
  (categoryorder (CAT))
  (sensitivity SENS)
  (sensitivityorder (SENS))
  (sensitivitycategory SENS (CAT))
  (allow TYPE self (CLASS (PERM)))
  (roletype ROLE TYPE)
  (userrole USER ROLE)
  (userlevel USER (SENS))
  (userrange USER ((SENS)(SENS (CAT))))
  (sidcontext SID (USER ROLE TYPE ((SENS)(SENS))))

  (classpermission CLAPERM)

  (optional OPT
      (roletype nonexistingrole nonexistingtype)
      (classpermissionset CLAPERM (CLASS (PERM)))
  )

  The CIL policy fuzzer (which mimics secilc built with clang Address
  Sanitizer) reports:

  ==36541==ERROR: AddressSanitizer: heap-use-after-free on address
  0x603000004f98 at pc 0x56445134c842 bp 0x7ffe2a256590 sp
  0x7ffe2a256588
  READ of size 8 at 0x603000004f98 thread T0
      #0 0x56445134c841 in __cil_verify_classperms
  /selinux/libsepol/src/../cil/src/cil_verify.c:1620:8
      #1 0x56445134a43e in __cil_verify_classpermission
  /selinux/libsepol/src/../cil/src/cil_verify.c:1650:9
      #2 0x56445134a43e in __cil_pre_verify_helper
  /selinux/libsepol/src/../cil/src/cil_verify.c:1715:8
      #3 0x5644513225ac in cil_tree_walk_core
  /selinux/libsepol/src/../cil/src/cil_tree.c:272:9
      #4 0x564451322ab1 in cil_tree_walk
  /selinux/libsepol/src/../cil/src/cil_tree.c:316:7
      #5 0x5644513226af in cil_tree_walk_core
  /selinux/libsepol/src/../cil/src/cil_tree.c:284:9
      #6 0x564451322ab1 in cil_tree_walk
  /selinux/libsepol/src/../cil/src/cil_tree.c:316:7
      #7 0x5644512b88fd in cil_pre_verify
  /selinux/libsepol/src/../cil/src/cil_post.c:2510:7
      #8 0x5644512b88fd in cil_post_process
  /selinux/libsepol/src/../cil/src/cil_post.c:2524:7
      #9 0x5644511856ff in cil_compile
  /selinux/libsepol/src/../cil/src/cil.c:564:7

The classperms list of a classpermission rule is created and filled
in when classpermissionset rules are processed, so it doesn't own any
part of the list and shouldn't retain any of it when it is reset.

Destroy the classperms list (without destroying the data in it)  when
resetting a classpermission rule.

Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/cil/src/cil_reset_ast.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c
index 3da1b9a6..db70a535 100644
--- a/libsepol/cil/src/cil_reset_ast.c
+++ b/libsepol/cil/src/cil_reset_ast.c
@@ -54,7 +54,7 @@ static void cil_reset_classpermission(struct cil_classpermission *cp)
 		return;
 	}
 
-	cil_reset_classperms_list(cp->classperms);
+	cil_list_destroy(&cp->classperms, CIL_FALSE);
 }
 
 static void cil_reset_classperms_set(struct cil_classperms_set *cp_set)

From patchwork Thu Apr  8 19:16:06 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: James Carter <jwcart2@gmail.com>
X-Patchwork-Id: 12192347
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 6DE88C433ED
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:30 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 2C46B61103
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:30 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231866AbhDHTQl (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 8 Apr 2021 15:16:41 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59038 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231918AbhDHTQk (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 8 Apr 2021 15:16:40 -0400
Received: from mail-qt1-x836.google.com (mail-qt1-x836.google.com
 [IPv6:2607:f8b0:4864:20::836])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 20EE0C061760
        for <selinux@vger.kernel.org>; Thu,  8 Apr 2021 12:16:28 -0700 (PDT)
Received: by mail-qt1-x836.google.com with SMTP id f12so2328691qtf.2
        for <selinux@vger.kernel.org>; Thu, 08 Apr 2021 12:16:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=ZGp8CG8ZwKsh42+s8xC53KdJNxA3ZmtfgGM2bRaeXOI=;
        b=coUepOon4DSmNzCo203453E6SnIWAlK9d9Q9gSJQy/pQl3vGXPcEQvyprSXYh143n6
         c/AaXbYQqChtoloLfdLEfUDzwd4j7df/RbB1pK0LBm9g9DVABBlDwAoic6+vuhQcs0DN
         DQjt1EY1INrOTyVN6Fqs72PQ7xZPnITkKf7entHzrAM5m14nyJ1Ia+N0fipgBFKPylci
         W7z0vSzLKHzGU8kbHLou9Or+ZZ6UtG1wCajb2fwzEci2E+QKJph1o6i+X/ped6izosPN
         JPbFHjfsvZYdad/aqMPuewBTGeD7oyEYIm4jbRbhzxY8HVGWP1jZGPTNYJE3kMvn7EX5
         Ny6g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=ZGp8CG8ZwKsh42+s8xC53KdJNxA3ZmtfgGM2bRaeXOI=;
        b=lprkZnKmiZ49cJwx0kx/oIMPEqVJlQCwM7D673J59l9oZ1iAbhm5++WH5/yaQbUReg
         yQuHkVIvQRPyUmjJp6lM0RlhMrnHOdpyzkSiZddGohKuPXnh4U5VlcMKsqd01NS4N4lQ
         NNIj9tePP/gEARyn1DrC1N7jTeQFr+3xo7SPbpjZGWby8ui0/v2pqqTXvfvhu4Xn+wCm
         +es38uI56aw+7tH0f93bcILWMMy3jQIU460resiwCiP/fBW977faz1pdTaMY9zJmj9E7
         sSmuDVOrcoXtDXx+z5thwkkUDfJPb1fwrw//D38OWY5xyykBLOESGh0dneGuiGBvjsv2
         3r0g==
X-Gm-Message-State: AOAM532jiI6/ghi2CAoiNA6ZA7Dcver5dgufWsht0T2ES5kwv6CB0PVj
        gv6AffYqI13i1YmRSF08gHvf4HMWrlU2NQ==
X-Google-Smtp-Source: 
 ABdhPJxUrtT3oj7tH34oABs1xnA3gk5kYcEC3b9BfEy/nk/ZKFzh041/KJtYZZSRGlS6L58MjCQI3w==
X-Received: by 2002:ac8:7b8d:: with SMTP id p13mr9067839qtu.94.1617909387273;
        Thu, 08 Apr 2021 12:16:27 -0700 (PDT)
Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net.
 [73.200.157.122])
        by smtp.gmail.com with ESMTPSA id
 v128sm147949qkc.127.2021.04.08.12.16.26
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 08 Apr 2021 12:16:27 -0700 (PDT)
From: James Carter <jwcart2@gmail.com>
To: selinux@vger.kernel.org
Cc: nicolas.iooss@m4x.org, James Carter <jwcart2@gmail.com>
Subject: [PATCH 03/11] libsepol/cil: Destroy classperm list when resetting map
 perms
Date: Thu,  8 Apr 2021 15:16:06 -0400
Message-Id: <20210408191614.262173-4-jwcart2@gmail.com>
X-Mailer: git-send-email 2.26.3
In-Reply-To: <20210408191614.262173-1-jwcart2@gmail.com>
References: <20210408191614.262173-1-jwcart2@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Map perms share the same struct as regular perms, but only the
map perms use the classperms field. This field is a pointer to a
list of classperms that is created and added to when resolving
classmapping rules, so the map permission doesn't own any of the
data in the list and this list should be destroyed when the AST is
reset.

When resetting a perm, destroy the classperms list without destroying
the data in the list.

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/cil/src/cil_reset_ast.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c
index db70a535..89f91e56 100644
--- a/libsepol/cil/src/cil_reset_ast.c
+++ b/libsepol/cil/src/cil_reset_ast.c
@@ -36,7 +36,7 @@ static void cil_reset_class(struct cil_class *class)
 
 static void cil_reset_perm(struct cil_perm *perm)
 {
-	cil_reset_classperms_list(perm->classperms);
+	cil_list_destroy(&perm->classperms, CIL_FALSE);
 }
 
 static inline void cil_reset_classperms(struct cil_classperms *cp)

From patchwork Thu Apr  8 19:16:07 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: James Carter <jwcart2@gmail.com>
X-Patchwork-Id: 12192349
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id D43E6C43462
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:31 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 9E315610F9
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:31 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231940AbhDHTQm (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 8 Apr 2021 15:16:42 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59042 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231918AbhDHTQm (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 8 Apr 2021 15:16:42 -0400
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com
 [IPv6:2607:f8b0:4864:20::82c])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A9AEBC061760
        for <selinux@vger.kernel.org>; Thu,  8 Apr 2021 12:16:29 -0700 (PDT)
Received: by mail-qt1-x82c.google.com with SMTP id y12so2310854qtx.11
        for <selinux@vger.kernel.org>; Thu, 08 Apr 2021 12:16:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=Zv1JoDzTu6AkTMma31wcs0OtpJUwcmFUO1jIKrCGjUs=;
        b=M8PKHAIE13LmqSSMkbX/8EY9hQ/SggB0eEfsDPS9669or8jYqV54lVc09015TMN65C
         JXnAyms4DbkNbq3sBNxAxkl3ovr5Z3aOJNHwagj+G470dhOKE7CLwM7kUx9P349NAJOv
         OgOH5byVd4Kjrsm/jzfKri5a71HL4QfcAve2ymYhjezVoMIfptbDaQEBWqvS3HmU5138
         h1aeiarEolngf39kIx/190r9ciWc4YjyQF1jAoqrm8B4vtDShmlk7tbgD6W71sa9pD/n
         bK6dWjRFLkpEm0lgJHMy8rBGiFJst2chE+KwInQp2NTuhnMYcLLnkM/V1DHXEy2l5zbQ
         lwRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=Zv1JoDzTu6AkTMma31wcs0OtpJUwcmFUO1jIKrCGjUs=;
        b=Rijf4BFvd7uCVQIDFUGqnFrb5jz+17z4xOQfFDrxJ5kfRb/7OYB4IN8EgGVfgJx/wn
         6EI7e7HX+Uh5r8XytKZqOKUya4I3w1aKheOudsd7X9SAX7UHkQnOCR5b0zUMvVTyDWQo
         m8tu58Joa7u7t4FMHPN3BEgpp1B3JpVvCpLcMQN9Q8YpR/2EW5b/x/o6qIV4dJ1Iy5kC
         T5jZnXvynTEl1231dKvhVlMyljH2hw2dU2Ql8riGcFc+NCZM/nSUpuSLeWiDHe4RJSne
         q6Q0u6pYUdcnQTBfq8wNos3w984i65nDkQDGA2moFXAhFDzhqruTLHJPmEYyDg4FAHfT
         Eh/g==
X-Gm-Message-State: AOAM532C6pf2Tf40luUca2nFcJHAJl9Nkh9MDELw1ZfKmRZrfavAD1kY
        aNgIvR87aooOitmtRwMHUI6jvWgP8wlOJw==
X-Google-Smtp-Source: 
 ABdhPJzGnU/9Z7lXkfWahvmZ0h8qFDuyR/5K5/IS0MNOh5MpO3zr1SQ1Z0AmKyNryGi4iXAvUf3+kQ==
X-Received: by 2002:a05:622a:1c5:: with SMTP id
 t5mr8692517qtw.49.1617909388847;
        Thu, 08 Apr 2021 12:16:28 -0700 (PDT)
Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net.
 [73.200.157.122])
        by smtp.gmail.com with ESMTPSA id
 v128sm147949qkc.127.2021.04.08.12.16.28
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 08 Apr 2021 12:16:28 -0700 (PDT)
From: James Carter <jwcart2@gmail.com>
To: selinux@vger.kernel.org
Cc: nicolas.iooss@m4x.org, James Carter <jwcart2@gmail.com>
Subject: [PATCH 04/11] libsepol/cil: cil_reset_classperms_set() should not
 reset classpermission
Date: Thu,  8 Apr 2021 15:16:07 -0400
Message-Id: <20210408191614.262173-5-jwcart2@gmail.com>
X-Mailer: git-send-email 2.26.3
In-Reply-To: <20210408191614.262173-1-jwcart2@gmail.com>
References: <20210408191614.262173-1-jwcart2@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

In struct cil_classperms_set, the set field is a pointer to a
struct cil_classpermission which is looked up in the symbol table.
Since the cil_classperms_set does not create the cil_classpermission,
it should not reset it.

Set the set field to NULL instead of resetting the classpermission
that it points to.

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/cil/src/cil_reset_ast.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c
index 89f91e56..1d9ca704 100644
--- a/libsepol/cil/src/cil_reset_ast.c
+++ b/libsepol/cil/src/cil_reset_ast.c
@@ -59,7 +59,11 @@ static void cil_reset_classpermission(struct cil_classpermission *cp)
 
 static void cil_reset_classperms_set(struct cil_classperms_set *cp_set)
 {
-	cil_reset_classpermission(cp_set->set);
+	if (cp_set == NULL) {
+		return;
+	}
+
+	cp_set->set = NULL;
 }
 
 static inline void cil_reset_classperms_list(struct cil_list *cp_list)

From patchwork Thu Apr  8 19:16:08 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: James Carter <jwcart2@gmail.com>
X-Patchwork-Id: 12192351
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 50E1BC433B4
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:32 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 1985661103
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:32 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232459AbhDHTQn (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 8 Apr 2021 15:16:43 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59050 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231918AbhDHTQm (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 8 Apr 2021 15:16:42 -0400
Received: from mail-qk1-x729.google.com (mail-qk1-x729.google.com
 [IPv6:2607:f8b0:4864:20::729])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3D532C061760
        for <selinux@vger.kernel.org>; Thu,  8 Apr 2021 12:16:31 -0700 (PDT)
Received: by mail-qk1-x729.google.com with SMTP id q3so3368519qkq.12
        for <selinux@vger.kernel.org>; Thu, 08 Apr 2021 12:16:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=gKK6va0e2ppEidijJ2JejfttkTrL2zLHSQMqRJT6mMo=;
        b=SyNgpq9g1AuGWt22IcLyY6s5ZZH7lsGnngZ9Gvyh27CSd2a9nvre7I5s2Pe+i5koIC
         Ycd9o1B0feiAmncRcy3XiC9fjG9v3o2aUvQXhcA2lCFnBAV/NJD6jb6BGcvDK6eKcYFi
         X2lsCXxN//AWCe1bNsOTq13aWJjOnbX6xuzOor0b0YXF0XuHnjN1YTuwVh/h+HyfVqYB
         090cZFcdkNC35M1S1QZFH7nWhIZ25p5lWLd2z3PkpICY0ZaN6DfVdSeeLTb2nOpyMDxd
         O4QnsrkRd9RSlUUBdzbbRVpx83XYwmdhAwckz9P5B/rF/4K+qB/6WDuMxUhFM3Vv/DmG
         DpYw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=gKK6va0e2ppEidijJ2JejfttkTrL2zLHSQMqRJT6mMo=;
        b=U2s1pndIK+Xha1JkZEPwZuBWi8DanPD+g+UlXqDw5QHM/KMUQZ35widWOf2yrrePlM
         LvLRTjxaqVhGdnVQJwYZkKSMuc/b28TRF5JXCwCmvqCSk3Sajfjg1Al95uaI1UZu1Q16
         NqMK/EKrFp+C9cfGWYdhrCA6a2nfKZxgrBnMLZctG3uqT3TVRzeGlO3W4MBZx57d2TQ7
         ylAcQ52NWZl4Csf+wY0rJsL96DHGxXLN2BSAjKGUqu5iOO1/xRGLBZfZHddEeB9kxejY
         /KSvnJjsiNqna6NFWGmSPH3CwcRT3rvfStLVLE7/UIKNvyxudHjSMbrGRo2W0EE9HvET
         0OlQ==
X-Gm-Message-State: AOAM532mgANCpqmRT903QmRLjjSs+6AODD8+7hoQUFipY/Rus5s2q3F6
        S3lQLHLLifnZ7rC5Roj5XrkFcR14FsEwAQ==
X-Google-Smtp-Source: 
 ABdhPJxIIMy4dpZyVf4BdiDxvd5szys9a3x9n1lSLiC0HLoDFbbsk0Mivzbe52ELCSfsdDFuX/dMAA==
X-Received: by 2002:ae9:f818:: with SMTP id
 x24mr10169905qkh.101.1617909390444;
        Thu, 08 Apr 2021 12:16:30 -0700 (PDT)
Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net.
 [73.200.157.122])
        by smtp.gmail.com with ESMTPSA id
 v128sm147949qkc.127.2021.04.08.12.16.29
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 08 Apr 2021 12:16:30 -0700 (PDT)
From: James Carter <jwcart2@gmail.com>
To: selinux@vger.kernel.org
Cc: nicolas.iooss@m4x.org, James Carter <jwcart2@gmail.com>
Subject: [PATCH 05/11] libsepol/cil: Set class field to NULL when resetting
 struct cil_classperms
Date: Thu,  8 Apr 2021 15:16:08 -0400
Message-Id: <20210408191614.262173-6-jwcart2@gmail.com>
X-Mailer: git-send-email 2.26.3
In-Reply-To: <20210408191614.262173-1-jwcart2@gmail.com>
References: <20210408191614.262173-1-jwcart2@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

The class field of a struct cil_classperms points to the class looked
up in the symbol table, so that field should be set to NULL when
the cil_classperms is reset.

Set the class field to NULL when resetting the struct cil_classperms.

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/cil/src/cil_reset_ast.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c
index 1d9ca704..76405aba 100644
--- a/libsepol/cil/src/cil_reset_ast.c
+++ b/libsepol/cil/src/cil_reset_ast.c
@@ -45,6 +45,7 @@ static inline void cil_reset_classperms(struct cil_classperms *cp)
 		return;
 	}
 
+	cp->class = NULL;
 	cil_list_destroy(&cp->perms, CIL_FALSE);
 }
 

From patchwork Thu Apr  8 19:16:09 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: James Carter <jwcart2@gmail.com>
X-Patchwork-Id: 12192353
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7A336C433ED
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:34 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 468C061103
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:34 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232538AbhDHTQp (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 8 Apr 2021 15:16:45 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59058 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231918AbhDHTQo (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 8 Apr 2021 15:16:44 -0400
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com
 [IPv6:2607:f8b0:4864:20::82c])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AFF01C061760
        for <selinux@vger.kernel.org>; Thu,  8 Apr 2021 12:16:32 -0700 (PDT)
Received: by mail-qt1-x82c.google.com with SMTP id m16so1690324qtx.9
        for <selinux@vger.kernel.org>; Thu, 08 Apr 2021 12:16:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=VUnMVq5Sg+6wkeESsHiJc01V1ExtbtG8GfueTl6aNoY=;
        b=YUguHDFnLrErc4/UGVCEupUKQCZc/DIBpMa7IyA1KwPTHKip+VW1mtndtsN0iuZ8E0
         +dbAImolZlrLlQp2w1bsO+XTY7An/Y8xTWSr0dlx5hOUpKvci0ZDAm8nBw2UIxwov1tr
         92nmwzmTTPSfK1cb4+7z3d7ZppFVlGS24yl6YtWOU668A27QTmmlE4R42OL5Z7QsRGJW
         +Ag6uFzIYO3El8AI2/4D6QkLmZ6kHpJeUHNsXUlPRbcJIKfdAMdJxnFTvlRO0fTJPdZs
         MXal79HLjifCwzgpLS7yjXPEuWzCbCESuN/l+injVWUwsyOoMaG8anj/mS8S2QsovbQN
         3xRw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=VUnMVq5Sg+6wkeESsHiJc01V1ExtbtG8GfueTl6aNoY=;
        b=l1YSCy31xsIhyCmShksMSvCgxM/U0pUT9+/zjT+Q8xdpHX+lU6Irsxs0Cp5xlYpdVJ
         xP8JqBn5XrojYwtBDm/sU7w97WR6xlc+Xnd2SAg5N/C0bLd2kIIya6KltNn77Sdkr0Lh
         U1T3c3gRNOtoAgJ7JLexsNqTbvHxYtyacTYjXWnxfoTODyp0WuFx0xy4PuNxSoFQyX6X
         iSsiKWKD9eZ/Jz0XdqpM7fjT1J+e7Jf51ung7X/YG0idrLmKQtvOpqCU641L2BfmE315
         IQ6wiZfri6WRR48YIdK/R+FEuKAVUAXeIs/h1T0FV+zzdVRdfW14+pmEA6al2QZVlIWy
         jIGQ==
X-Gm-Message-State: AOAM532iQ6K2I/FJMplE012h1NDTKr4k5xPSyKCVt1IC/8a2+xLI0fUV
        6prcW50/nuV9APJgGQ3Xb+7y5jaU86c2Iw==
X-Google-Smtp-Source: 
 ABdhPJyXaYwsEj/vk34JNqBF+/V+PuGuCYK/gPAR4PkOgjgboCt2tJev+rUsb7REoMQ49xgjCNIndw==
X-Received: by 2002:a05:622a:2c4:: with SMTP id
 a4mr9047523qtx.145.1617909391891;
        Thu, 08 Apr 2021 12:16:31 -0700 (PDT)
Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net.
 [73.200.157.122])
        by smtp.gmail.com with ESMTPSA id
 v128sm147949qkc.127.2021.04.08.12.16.31
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 08 Apr 2021 12:16:31 -0700 (PDT)
From: James Carter <jwcart2@gmail.com>
To: selinux@vger.kernel.org
Cc: nicolas.iooss@m4x.org, James Carter <jwcart2@gmail.com>
Subject: [PATCH 06/11] libsepol/cil: More strict verification of constraint
 leaf expressions
Date: Thu,  8 Apr 2021 15:16:09 -0400
Message-Id: <20210408191614.262173-7-jwcart2@gmail.com>
X-Mailer: git-send-email 2.26.3
In-Reply-To: <20210408191614.262173-1-jwcart2@gmail.com>
References: <20210408191614.262173-1-jwcart2@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

In constraint expressions u1, u3, r1, r3, t1, and t3 are never
allowed on the right side of an expression, but there were no checks
to verify that they were not used on the right side. The result was
that the expression "(eq t1 t1)" would be silently turned into
"(eq t1 t2)" when the binary policy was created.

Verify that u1, u3, r1, r3, t1, and t3 are not used on the right
side of a constraint expression.

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/cil/src/cil_verify.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c
index 09e3daf9..2707b6c9 100644
--- a/libsepol/cil/src/cil_verify.c
+++ b/libsepol/cil/src/cil_verify.c
@@ -227,7 +227,13 @@ int cil_verify_constraint_leaf_expr_syntax(enum cil_flavor l_flavor, enum cil_fl
 			}
 		}
 	} else {
-		if (r_flavor == CIL_CONS_U2) {
+		if (r_flavor == CIL_CONS_U1 || r_flavor == CIL_CONS_R1 || r_flavor == CIL_CONS_T1) {
+			cil_log(CIL_ERR, "u1, r1, and t1 are not allowed on the right side\n");
+			goto exit;
+		} else if (r_flavor == CIL_CONS_U3 || r_flavor == CIL_CONS_R3 || r_flavor == CIL_CONS_T3) {
+			cil_log(CIL_ERR, "u3, r3, and t3 are not allowed on the right side\n");
+			goto exit;
+		} else if (r_flavor == CIL_CONS_U2) {
 			if (op != CIL_EQ && op != CIL_NEQ) {
 				cil_log(CIL_ERR, "u2 on the right side must be used with eq or neq as the operator\n");
 				goto exit;

From patchwork Thu Apr  8 19:16:10 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: James Carter <jwcart2@gmail.com>
X-Patchwork-Id: 12192355
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2F48CC433B4
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:35 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 06F7E610F9
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:35 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232632AbhDHTQq (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 8 Apr 2021 15:16:46 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59064 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231918AbhDHTQp (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 8 Apr 2021 15:16:45 -0400
Received: from mail-qt1-x836.google.com (mail-qt1-x836.google.com
 [IPv6:2607:f8b0:4864:20::836])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 27E2FC061760
        for <selinux@vger.kernel.org>; Thu,  8 Apr 2021 12:16:34 -0700 (PDT)
Received: by mail-qt1-x836.google.com with SMTP id f12so2328945qtf.2
        for <selinux@vger.kernel.org>; Thu, 08 Apr 2021 12:16:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=yxOBB5XvBgjcfRCt3SpPRgSU87/sGnnmSKicJrMBdWY=;
        b=HNVCuYAMuxhIFVmIazR+cG1e7Am/+B1bBCbZ3WxgEfbPSRYShqusXfUONvl/qdDP5b
         1InKhqGEzouAHyr6Ay4+2ZXhiYUS8QkDFrVSBxxQU2oCMWBvIyhsx2/kAc2LNYyrBnOH
         RYkh1udIbeB3+iuiBXDzId1Z+p6sBlF+ymfcD03P+0d+agjkX4DM5c2I0ZM7g/eFkXFJ
         xDh+y1HCgaYL+Tm67L84G8sPKwqLX87VE7EIaYYFj07X7isiaQ8BaLBSPprv5YWqE49w
         YGfitOLvM/3vBcs0xR/eMjB65FIgjR3JZqYgVWLMuvvhFM2NnAmS4YCWEozfud4tROZu
         3rAA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=yxOBB5XvBgjcfRCt3SpPRgSU87/sGnnmSKicJrMBdWY=;
        b=IYSRHb26lcjIiB63G0r+BwMcO1BrtfjDGeg60NL6NL3OMgKhOf7JuHpg3vsnNGkNda
         5uyds7w+go6w31sKYzVCYiN+nsQTDc2NQut9IM9Vv/QAqi0QvuyYz/emjlMLkSLY289k
         aBiZDCUm6KI4x0pbTGfPT5oOaRyyOBKM33GiBE631U6F9TqX9opuOaj9kJcDBtzF3ITR
         1sttSKtihZIq31gssn+xWSoWnrAWn5inYtYuG/4sM+TwX4X3tMvqc+IpYB4kUsIW+YUj
         OxSOHCaZkto3oIQU6i5onPiyN0yfodor0uohwETE6gsa28XV2qrbQv2Iaa4TjkS2JRH8
         cTWA==
X-Gm-Message-State: AOAM531LRObBAa0cbrmQINsyj5iqnhb8XSmoX0mTdCSNg+AeFXOK/MQA
        G7haHlk94MxYX5JO4XaMhE6Ce4qUD76gPA==
X-Google-Smtp-Source: 
 ABdhPJxE0qU8GVEY9pLIhZeHj1xz9wtn9sz1mgslMwByWzJ4nxIZlOPAaHvjZqhlCZ0h0t0RmdunAw==
X-Received: by 2002:ac8:664a:: with SMTP id j10mr9119274qtp.119.1617909393262;
        Thu, 08 Apr 2021 12:16:33 -0700 (PDT)
Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net.
 [73.200.157.122])
        by smtp.gmail.com with ESMTPSA id
 v128sm147949qkc.127.2021.04.08.12.16.32
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 08 Apr 2021 12:16:33 -0700 (PDT)
From: James Carter <jwcart2@gmail.com>
To: selinux@vger.kernel.org
Cc: nicolas.iooss@m4x.org, James Carter <jwcart2@gmail.com>
Subject: [PATCH 07/11 v2] libsepol/cil: Exit with an error if declaration name
 is a reserved word
Date: Thu,  8 Apr 2021 15:16:10 -0400
Message-Id: <20210408191614.262173-8-jwcart2@gmail.com>
X-Mailer: git-send-email 2.26.3
In-Reply-To: <20210408191614.262173-1-jwcart2@gmail.com>
References: <20210408191614.262173-1-jwcart2@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

When CIL parses sets or conditional expressions, any identifier that
matches an operator name will always be taken as an operator. If a
declaration has the same name as an operator, then there is the
possibility of causing either confusion or a syntax error if it is
used in an expression. The potential for problems is much greater
than any possible advantage in allowing a declaration to share the
name of a reserved word.

Create a new function, __cil_is_reserved_name() that is called when
an identifier is declared and its name is being validated. In this
function, check if the declaration has the same name as a reserved
word for an expression operator that can be used with the identifer's
flavor and exit with an error if it does.

Also, move the check for types, type aliases, and type attributes
matching the reserved word "self" to this new function.

Finally, change the name of the function __cil_verify_name() to
cil_verify_name(), since this function is neither static nor a
helper function.

Signed-off-by: James Carter <jwcart2@gmail.com>
---
v2:
 Remove the check for u1, u2, u3, r1, r2, r3, t1, t2, and t3
 Removed example because that really shows a different bug
 Reworded the explanation

 libsepol/cil/src/cil_build_ast.c | 28 ++---------------
 libsepol/cil/src/cil_verify.c    | 52 +++++++++++++++++++++++++++++++-
 libsepol/cil/src/cil_verify.h    |  2 +-
 3 files changed, 54 insertions(+), 28 deletions(-)

diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
index 4e53f06a..e57de662 100644
--- a/libsepol/cil/src/cil_build_ast.c
+++ b/libsepol/cil/src/cil_build_ast.c
@@ -114,7 +114,7 @@ int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_s
 	symtab_t *symtab = NULL;
 	struct cil_symtab_datum *prev;
 
-	rc = __cil_verify_name((const char*)key);
+	rc = cil_verify_name((const char*)key, nflavor);
 	if (rc != SEPOL_OK) {
 		goto exit;
 	}
@@ -1953,12 +1953,6 @@ int cil_gen_roleattribute(struct cil_db *db, struct cil_tree_node *parse_current
 		goto exit;
 	}
 
-	if (parse_current->next->data == CIL_KEY_SELF) {
-		cil_log(CIL_ERR, "The keyword '%s' is reserved\n", CIL_KEY_SELF);
-		rc = SEPOL_ERR;
-		goto exit;
-	}
-
 	cil_roleattribute_init(&attr);
 
 	key = parse_current->next->data;
@@ -2337,12 +2331,6 @@ int cil_gen_type(struct cil_db *db, struct cil_tree_node *parse_current, struct
 		goto exit;
 	}
 
-	if (parse_current->next->data == CIL_KEY_SELF) {
-		cil_log(CIL_ERR, "The keyword '%s' is reserved\n", CIL_KEY_SELF);
-		rc = SEPOL_ERR;
-		goto exit;
-	}
-
 	cil_type_init(&type);
 
 	key = parse_current->next->data;
@@ -2391,12 +2379,6 @@ int cil_gen_typeattribute(struct cil_db *db, struct cil_tree_node *parse_current
 		goto exit;
 	}
 
-	if (parse_current->next->data == CIL_KEY_SELF) {
-		cil_log(CIL_ERR, "The keyword '%s' is reserved\n", CIL_KEY_SELF);
-		rc = SEPOL_ERR;
-		goto exit;
-	}
-
 	cil_typeattribute_init(&attr);
 
 	key = parse_current->next->data;
@@ -3048,12 +3030,6 @@ int cil_gen_alias(struct cil_db *db, struct cil_tree_node *parse_current, struct
 		goto exit;
 	}
 
-	if (flavor == CIL_TYPEALIAS && parse_current->next->data == CIL_KEY_SELF) {
-		cil_log(CIL_ERR, "The keyword '%s' is reserved\n", CIL_KEY_SELF);
-		rc = SEPOL_ERR;
-		goto exit;
-	}
-
 	cil_alias_init(&alias);
 
 	key = parse_current->next->data;
@@ -5278,7 +5254,7 @@ int cil_gen_macro(struct cil_db *db, struct cil_tree_node *parse_current, struct
 
 		param->str =  current_item->cl_head->next->data;
 
-		rc = __cil_verify_name(param->str);
+		rc = cil_verify_name(param->str, param->flavor);
 		if (rc != SEPOL_OK) {
 			cil_destroy_param(param);
 			goto exit;
diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c
index 2707b6c9..6e46fef6 100644
--- a/libsepol/cil/src/cil_verify.c
+++ b/libsepol/cil/src/cil_verify.c
@@ -47,7 +47,51 @@
 
 #include "cil_verify.h"
 
-int __cil_verify_name(const char *name)
+static int __cil_is_reserved_name(const char *name, enum cil_flavor flavor)
+{
+	switch (flavor) {
+	case CIL_BOOL:
+	case CIL_TUNABLE:
+		if ((name == CIL_KEY_EQ) || (name == CIL_KEY_NEQ))
+			return CIL_TRUE;
+		break;
+	case CIL_PERM:
+	case CIL_MAP_PERM:
+	case CIL_USER:
+	case CIL_USERATTRIBUTE:
+	case CIL_ROLE:
+	case CIL_ROLEATTRIBUTE:
+		if ((name == CIL_KEY_ALL))
+			return CIL_TRUE;
+		break;
+	case CIL_TYPE:
+	case CIL_TYPEATTRIBUTE:
+	case CIL_TYPEALIAS:
+		if ((name == CIL_KEY_ALL) || (name == CIL_KEY_SELF))
+			return CIL_TRUE;
+		break;
+	case CIL_CAT:
+	case CIL_CATSET:
+	case CIL_CATALIAS:
+	case CIL_PERMISSIONX:
+		if ((name == CIL_KEY_ALL) || (name == CIL_KEY_RANGE))
+			return CIL_TRUE;
+		break;
+	default:
+		/* All of these are not used in expressions */
+		return CIL_FALSE;
+		break;
+	}
+
+	/* Everything not under the default case is also checked for these */
+	if ((name == CIL_KEY_AND) || (name == CIL_KEY_OR) || (name == CIL_KEY_NOT) || (name == CIL_KEY_XOR)) {
+		return CIL_TRUE;
+	}
+
+	return CIL_FALSE;
+}
+
+int cil_verify_name(const char *name, enum cil_flavor flavor)
 {
 	int rc = SEPOL_ERR;
 	int len;
@@ -77,6 +121,12 @@ int __cil_verify_name(const char *name)
 			goto exit;
 		}
 	}
+
+	if (__cil_is_reserved_name(name, flavor)) {
+		cil_log(CIL_ERR, "Name %s is a reserved word\n", name);
+		goto exit;
+	}
+
 	return SEPOL_OK;
 
 exit:
diff --git a/libsepol/cil/src/cil_verify.h b/libsepol/cil/src/cil_verify.h
index 905761b0..1887ae3f 100644
--- a/libsepol/cil/src/cil_verify.h
+++ b/libsepol/cil/src/cil_verify.h
@@ -56,7 +56,7 @@ struct cil_args_verify {
 	int *pass;
 };
 
-int __cil_verify_name(const char *name);
+int cil_verify_name(const char *name, enum cil_flavor flavor);
 int __cil_verify_syntax(struct cil_tree_node *parse_current, enum cil_syntax s[], int len);
 int cil_verify_expr_syntax(struct cil_tree_node *current, enum cil_flavor op, enum cil_flavor expr_flavor);
 int cil_verify_constraint_leaf_expr_syntax(enum cil_flavor l_flavor, enum cil_flavor r_flavor, enum cil_flavor op, enum cil_flavor expr_flavor);

From patchwork Thu Apr  8 19:16:11 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: James Carter <jwcart2@gmail.com>
X-Patchwork-Id: 12192357
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 7FC5FC43460
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:36 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 49BBF610F9
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:36 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232735AbhDHTQr (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 8 Apr 2021 15:16:47 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59074 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S231918AbhDHTQr (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 8 Apr 2021 15:16:47 -0400
Received: from mail-qk1-x735.google.com (mail-qk1-x735.google.com
 [IPv6:2607:f8b0:4864:20::735])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8D695C061760
        for <selinux@vger.kernel.org>; Thu,  8 Apr 2021 12:16:35 -0700 (PDT)
Received: by mail-qk1-x735.google.com with SMTP id c4so3430884qkg.3
        for <selinux@vger.kernel.org>; Thu, 08 Apr 2021 12:16:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=uNVjxbwsKrqwRb8jBBJOfCRPJrEs0SiZcbQRvn8IZOU=;
        b=uYNg8p8E81CpsSIx0WDbkdb3ze/Vt6pR3L2IgymOglBCCc3JY392ZQXb3M6Av8ZfpI
         ThgeA7wC0cUyaiCEIw34KNQ9EsegfFShLU6jZ808LMKrvXT3VHP1d8zuoX6Q3EtAMCbn
         coP4sZqVV9GlDohl/fdg4lReUoYwyiL1XxAH1HOLWN7B6CNro8ZAtQduTQA6qKvVGAL+
         rOMrTEfMcrd39Nkrbqw1OHpmDzmfmVP0W3B4tzhJzIPGCSkbBV+z1XcdzhguvprVandS
         oslMMg0ATUwQu9poZsmLPwcX9p3mIgqjOcWIRLBQn2lFuERzxzNNPurYQQR/oymCE4PU
         rXZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=uNVjxbwsKrqwRb8jBBJOfCRPJrEs0SiZcbQRvn8IZOU=;
        b=n+pH8R63zuj+gjihVLfSGptUItSwrNMGVmXb5QtO0Rag330F3pCJl8o9mRezJm/+fV
         VLfpf88ioefmdwaBJZEjQ2l5jPnZT4ByiFyCtDsZ4iwjLbV8CFyie8o4ryWu9wC3PyRf
         uC+XlM02H5vfP3nR8VoVtCFXPNYYmtcrdgECmm86lYx88YvrkCGkVMSuZmBTIdIiVAwU
         9v0EovP0/5HtJd4C0lBK6sFTo6FtRNIWLGSh0oJEM129KvmudywlyDDFOQa/iFPTsEjg
         LAKiLqxRfzbLynmVx0pB1IxNSBf079X5gF6SeoE5CJi7DLOgsrAwPojt7Qk2kGSZpp4a
         lUfw==
X-Gm-Message-State: AOAM53296sm1DO3+5KJEqRMGsfNfE4Qsljt4vW7sfkKL7uOOPB2v8lPC
        rooa4nXCVFRqVwT65vnUR8OAxZxWxlWwDw==
X-Google-Smtp-Source: 
 ABdhPJwxRcZ6WP3oqCJLPio+wEvfzE/i6GaIIYD/3d9w7o5TEDVbBP49xfLHfpUdNUnLopwmBFZr2g==
X-Received: by 2002:a05:620a:4c7:: with SMTP id
 7mr10358637qks.31.1617909394729;
        Thu, 08 Apr 2021 12:16:34 -0700 (PDT)
Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net.
 [73.200.157.122])
        by smtp.gmail.com with ESMTPSA id
 v128sm147949qkc.127.2021.04.08.12.16.34
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 08 Apr 2021 12:16:34 -0700 (PDT)
From: James Carter <jwcart2@gmail.com>
To: selinux@vger.kernel.org
Cc: nicolas.iooss@m4x.org, James Carter <jwcart2@gmail.com>
Subject: [PATCH 08/11] libsepol/cil: Allow permission expressions when using
 map classes
Date: Thu,  8 Apr 2021 15:16:11 -0400
Message-Id: <20210408191614.262173-9-jwcart2@gmail.com>
X-Mailer: git-send-email 2.26.3
In-Reply-To: <20210408191614.262173-1-jwcart2@gmail.com>
References: <20210408191614.262173-1-jwcart2@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

The following policy will cause a segfault:
  (class CLASS (PERM))
  (class C (P1 P2 P3))
  (classorder (CLASS C))
  (sid SID)
  (sidorder (SID))
  (user USER)
  (role ROLE)
  (type TYPE)
  (category CAT)
  (categoryorder (CAT))
  (sensitivity SENS)
  (sensitivityorder (SENS))
  (sensitivitycategory SENS (CAT))
  (allow TYPE self (CLASS (PERM)))
  (roletype ROLE TYPE)
  (userrole USER ROLE)
  (userlevel USER (SENS))
  (userrange USER ((SENS)(SENS (CAT))))
  (sidcontext SID (USER ROLE TYPE ((SENS)(SENS))))

  (classmap CM (PM1 PM2 PM3))
  (classmapping CM PM1 (C (P1)))
  (classmapping CM PM2 (C (P2)))
  (classmapping CM PM3 (C (P3)))
  (allow TYPE self (CM (and (all) (not PM2))))

The problem is that, while permission expressions are allowed for
normal classes, map classes are expected to only have permission
lists and no check is done to verify that only a permission list
is being used.

When the above policy is parsed, the "and" and "all" are seen as
expression operators, but when the map permissions are converted to
normal class and permissions, the permission expression is assumed
to be a list of datums and since the operators are not datums a
segfault is the result.

There is no reason to limit map classes to only using a list of
permissions and, in fact, it would be better to be able to use them
in the same way normal classes are used.

Allow permissions expressions to be used for map classes by first
evaluating the permission expression and then converting the
resulting list to normal classes and permissions.

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/cil/src/cil_post.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
index fd4758dc..05842b64 100644
--- a/libsepol/cil/src/cil_post.c
+++ b/libsepol/cil/src/cil_post.c
@@ -2137,6 +2137,10 @@ static int __evaluate_classperms_list(struct cil_list *classperms, struct cil_db
 				}
 			} else { /* MAP */
 				struct cil_list_item *i = NULL;
+				rc = __evaluate_classperms(cp, db);
+				if (rc != SEPOL_OK) {
+					goto exit;
+				}
 				cil_list_for_each(i, cp->perms) {
 					struct cil_perm *cmp = i->data;
 					rc = __evaluate_classperms_list(cmp->classperms, db);

From patchwork Thu Apr  8 19:16:12 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: James Carter <jwcart2@gmail.com>
X-Patchwork-Id: 12192359
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id E006AC433ED
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:37 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id BAB13610F9
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:37 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231918AbhDHTQs (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 8 Apr 2021 15:16:48 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59084 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232748AbhDHTQs (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 8 Apr 2021 15:16:48 -0400
Received: from mail-qt1-x82c.google.com (mail-qt1-x82c.google.com
 [IPv6:2607:f8b0:4864:20::82c])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E1358C061761
        for <selinux@vger.kernel.org>; Thu,  8 Apr 2021 12:16:36 -0700 (PDT)
Received: by mail-qt1-x82c.google.com with SMTP id j7so2319191qtx.5
        for <selinux@vger.kernel.org>; Thu, 08 Apr 2021 12:16:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=z2uGQ4SMR7NT/I1qLKeRT+vuzQsg1knGf1Lzc4GrxRc=;
        b=ZY3kHRPzEA6TaOsp12A3IIxnW5ghjWf2zwn56Qcqe+QzWi3fRPvwXVUA66Z3DfHV/u
         3uWb5RY1hv74SdB/PiqwmKmBkUTHx8o8t/FPTAJ7tnQSgTWC1K6YtUWPChbV7PmHUDao
         jJ7ofwgpVb3pGZLwaD57mCrsUHVrjo9Tword6E6Od5P/eMqZQsbNLln39VEIwsN2gaEs
         ZgCT7do7R6NKwVF1IwDlq4llRgDbIJvSayfnglPZ83/BwbnvRXluNAQlhTGgEcvLoWk+
         0u1wsvsr7Rb3qdBvkQx1rBnazKvY3TFcUQzVkPGUYTdEzbo514Bfcu2m4TRExQH3ZfBV
         k4/w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=z2uGQ4SMR7NT/I1qLKeRT+vuzQsg1knGf1Lzc4GrxRc=;
        b=OgUZm9PvltKo2H2dTkK2qCtkgVyQuNl6kbM4sEqu9Y8LSmjK514Nhp3CGWtdn7bV4a
         GrCk+o0H4uOXXXwLRU+rYBTi3PYLsMRC1HXS94rBmgPZum0oPUOphgHOVEfd8T0qN2Dl
         rwqK7zZ1WgWOuk/jeD1gtZPOW6EB0VKbMLXok1YtpKXHqnSzdPwp3Pi7Al33rkMQFppq
         NfdcqNUTbqICXioxxjyZLbYI3CQFkUokDgRCHKRHMPW/pGyXXKlMlmci0uDFFylnjGec
         stqIpsxM72l7PzZZNsM+Q9xP7z3NvfPaAS6cuC1E6P6ePzQZ1WsuTBSVUxMEZGR6tSUV
         4TUQ==
X-Gm-Message-State: AOAM530jei+T4rqvGBRrprMTM53U4XVn28xdElHjyD/i5+H8/Vsfs+uE
        lv8/EI6e5R82XbbXYTXcaKGzrcjArJ6TKQ==
X-Google-Smtp-Source: 
 ABdhPJws7IXmQPioOlZKiQrnl+qicVH8EVXyLq0jbc2g14PBVhXBvEkkFUEnffatxaO6yXGBDvTCeQ==
X-Received: by 2002:a05:622a:1347:: with SMTP id
 w7mr2554466qtk.199.1617909396090;
        Thu, 08 Apr 2021 12:16:36 -0700 (PDT)
Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net.
 [73.200.157.122])
        by smtp.gmail.com with ESMTPSA id
 v128sm147949qkc.127.2021.04.08.12.16.35
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 08 Apr 2021 12:16:35 -0700 (PDT)
From: James Carter <jwcart2@gmail.com>
To: selinux@vger.kernel.org
Cc: nicolas.iooss@m4x.org, James Carter <jwcart2@gmail.com>
Subject: [PATCH 09/11] libsepol/cil: Refactor helper function for
 cil_gen_node()
Date: Thu,  8 Apr 2021 15:16:12 -0400
Message-Id: <20210408191614.262173-10-jwcart2@gmail.com>
X-Mailer: git-send-email 2.26.3
In-Reply-To: <20210408191614.262173-1-jwcart2@gmail.com>
References: <20210408191614.262173-1-jwcart2@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

Change the name of cil_is_datum_multiple_decl() to
cil_allow_multiple_decls() and make it static. The new function
takes the CIL db and the flavors of the old and new datum as
arguments. Also, put all of the logic of determining if multiple
declarations are allowed into the new function. Finally, update
the call from cil_gen_node().

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/cil/src/cil_build_ast.c | 27 ++++++++++-----------------
 1 file changed, 10 insertions(+), 17 deletions(-)

diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
index e57de662..14cdce14 100644
--- a/libsepol/cil/src/cil_build_ast.c
+++ b/libsepol/cil/src/cil_build_ast.c
@@ -82,30 +82,24 @@ exit:
 	return rc;
 }
 
-/*
- * Determine whether or not multiple declarations of the same key can share a
- * datum, given the new datum and the one already present in a given symtab.
- */
-int cil_is_datum_multiple_decl(__attribute__((unused)) struct cil_symtab_datum *cur,
-                               struct cil_symtab_datum *old,
-                               enum cil_flavor f)
+static int cil_allow_multiple_decls(struct cil_db *db, enum cil_flavor f_new, enum cil_flavor f_old)
 {
-	int rc = CIL_FALSE;
+	if (f_new != f_old) {
+		return CIL_FALSE;
+	}
 
-	switch (f) {
+	switch (f_new) {
 	case CIL_TYPE:
 	case CIL_TYPEATTRIBUTE:
-		if (!old || f != FLAVOR(old)) {
-			rc = CIL_FALSE;
-		} else {
-			/* type and typeattribute statements insert empty datums */
-			rc = CIL_TRUE;
+		if (db->multiple_decls) {
+			return CIL_TRUE;
 		}
 		break;
 	default:
 		break;
 	}
-	return rc;
+
+	return CIL_FALSE;
 }
 
 int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_symtab_datum *datum, hashtab_key_t key, enum cil_sym_index sflavor, enum cil_flavor nflavor)
@@ -135,8 +129,7 @@ int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_s
 				cil_log(CIL_ERR, "Re-declaration of %s %s, but previous declaration could not be found\n",cil_node_to_string(ast_node), key);
 				goto exit;
 			}
-			if (!db->multiple_decls ||
-			    !cil_is_datum_multiple_decl(datum, prev, nflavor)) {
+			if (!cil_allow_multiple_decls(db, nflavor, FLAVOR(prev))) {
 				/* multiple_decls not ok, ret error */
 				struct cil_tree_node *node = NODE(prev);
 				cil_log(CIL_ERR, "Re-declaration of %s %s\n",

From patchwork Thu Apr  8 19:16:13 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: James Carter <jwcart2@gmail.com>
X-Patchwork-Id: 12192363
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id A1375C433ED
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:41 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 706A9610F9
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:41 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232749AbhDHTQw (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 8 Apr 2021 15:16:52 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59098 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232748AbhDHTQv (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 8 Apr 2021 15:16:51 -0400
Received: from mail-qv1-xf2b.google.com (mail-qv1-xf2b.google.com
 [IPv6:2607:f8b0:4864:20::f2b])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7A364C061761
        for <selinux@vger.kernel.org>; Thu,  8 Apr 2021 12:16:38 -0700 (PDT)
Received: by mail-qv1-xf2b.google.com with SMTP id o11so1467466qvh.11
        for <selinux@vger.kernel.org>; Thu, 08 Apr 2021 12:16:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=evPRVxbFwAWkC5R48FuxkwmxPxWXmzzBFPOqwYJ8ZkA=;
        b=aBZ6oySNaf2Mtfd0x8IRXj6tYGNWJmLE3nKUK65nQqxloYPbsjYRBogG5gwzKBk5ei
         kP7QNnpgtU/jJpoqfVGwl+11cwYnjHsZp0HjyoMvtkL6I7+v+pbe/P5oev2A3X3+lGyQ
         6DtbHym7ge0boE8uWqZV2SkMv4uoXXC2iLbe4mIADSLpU0RpgHSwXyoPHYqcRoDd0zU+
         KLL8EnIrnwRnGJrBlC3gBJN10vkJeicA07U0MPNEpSEkqfBdKPaNePw+MEByrjefzlId
         97BMw/MXVsfjAzLPHaXMQeqWpcG+8OEwHfbdVQ00TBtjsiq02inj2LFuGiljjzRqg4Uw
         LgiQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=evPRVxbFwAWkC5R48FuxkwmxPxWXmzzBFPOqwYJ8ZkA=;
        b=cgoV1Ry5dDRpW/wLgtXEoiSQK9T0t4bwqXTFG1IcMnIltvx06oPzi3D34gsF3Bgej1
         lWe3VvffOE75lF3CrZ4spLLKpOLLY7vuhzrAoLEnbbkPCKwRzRLjudfCNctCcBuR/bub
         viy0pr+Pr8tt1I7ZfeHaZ7OwmEqsvcd/iNtXlGawS2cFFxw15nEo8XDF4jkZ33LIhgpr
         egF8DlDcE+lfPHEol9Zw+lSnXEW/jB9uCwIR/CSltvHy93U1szG5o5xXAuNRjGOSihy0
         FVLLgIzC0cVheliDdPKq12MOFqODztZJwYtXhaZuwI4gnR23Xj9nbdyqZDUWjNjnaaoT
         Vu2Q==
X-Gm-Message-State: AOAM5319+XtOc8BWmcDUm4zNxoO1pEgHHomcbkTypPhsP9nAxV5v0q+5
        ZmQtA8aZCbn6BHvbr/vleI9AMNzXRsc8oQ==
X-Google-Smtp-Source: 
 ABdhPJz74qkqHeUTV/HfMNLLo/BGoTltUcUElQxOsyZwkwS1H0MZvnn1I7podTH4mkH6bTXhcXb6gA==
X-Received: by 2002:a0c:f74d:: with SMTP id e13mr10980010qvo.8.1617909397501;
        Thu, 08 Apr 2021 12:16:37 -0700 (PDT)
Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net.
 [73.200.157.122])
        by smtp.gmail.com with ESMTPSA id
 v128sm147949qkc.127.2021.04.08.12.16.37
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 08 Apr 2021 12:16:37 -0700 (PDT)
From: James Carter <jwcart2@gmail.com>
To: selinux@vger.kernel.org
Cc: nicolas.iooss@m4x.org, James Carter <jwcart2@gmail.com>
Subject: [PATCH 10/11] libsepol/cil: Create function cil_add_decl_to_symtab()
 and refactor
Date: Thu,  8 Apr 2021 15:16:13 -0400
Message-Id: <20210408191614.262173-11-jwcart2@gmail.com>
X-Mailer: git-send-email 2.26.3
In-Reply-To: <20210408191614.262173-1-jwcart2@gmail.com>
References: <20210408191614.262173-1-jwcart2@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

The functionality of adding a declaration to a symbol table is also
needed in __cil_copy_node_helper() and not just cil_gen_node().

Create a new function called cil_add_decl_to_symtab() to add a
declaration to a symtab and refactor cil_gen_node() and
__cil_copy_node_helper() to use the new function.

By using the new function, __cil_copy_node_helper() will now allow
duplicate declarations when appropriate.

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/cil/src/cil_build_ast.c | 63 +++++++++++++++++++-------------
 libsepol/cil/src/cil_build_ast.h |  2 +
 libsepol/cil/src/cil_copy_ast.c  |  6 ++-
 3 files changed, 45 insertions(+), 26 deletions(-)

diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
index 14cdce14..ec81db55 100644
--- a/libsepol/cil/src/cil_build_ast.c
+++ b/libsepol/cil/src/cil_build_ast.c
@@ -102,11 +102,45 @@ static int cil_allow_multiple_decls(struct cil_db *db, enum cil_flavor f_new, en
 	return CIL_FALSE;
 }
 
+int cil_add_decl_to_symtab(struct cil_db *db, symtab_t *symtab, hashtab_key_t key, struct cil_symtab_datum *datum, struct cil_tree_node *node)
+{
+	int rc;
+
+	if (symtab == NULL || datum == NULL || node == NULL) {
+		return SEPOL_ERR;
+	}
+
+	rc = cil_symtab_insert(symtab, key, datum, node);
+	if (rc == SEPOL_EEXIST) {
+		struct cil_symtab_datum *prev;
+		rc = cil_symtab_get_datum(symtab, key, &prev);
+		if (rc != SEPOL_OK) {
+			cil_log(CIL_ERR, "Re-declaration of %s %s, but previous declaration could not be found\n",cil_node_to_string(node), key);
+			return SEPOL_ERR;
+		}
+		if (!cil_allow_multiple_decls(db, node->flavor, FLAVOR(prev))) {
+			/* multiple_decls not ok, ret error */
+			struct cil_tree_node *n = NODE(prev);
+			cil_log(CIL_ERR, "Re-declaration of %s %s\n",
+				cil_node_to_string(node), key);
+			cil_tree_log(node, CIL_ERR, "Previous declaration of %s",
+				     cil_node_to_string(n));
+			return SEPOL_ERR;
+		}
+		/* multiple_decls is enabled and works for this datum type, add node */
+		cil_list_append(prev->nodes, CIL_NODE, node);
+		node->data = prev;
+		cil_symtab_datum_destroy(datum);
+		free(datum);
+	}
+
+	return SEPOL_OK;
+}
+
 int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_symtab_datum *datum, hashtab_key_t key, enum cil_sym_index sflavor, enum cil_flavor nflavor)
 {
 	int rc = SEPOL_ERR;
 	symtab_t *symtab = NULL;
-	struct cil_symtab_datum *prev;
 
 	rc = cil_verify_name((const char*)key, nflavor);
 	if (rc != SEPOL_OK) {
@@ -121,30 +155,9 @@ int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_s
 	ast_node->data = datum;
 	ast_node->flavor = nflavor;
 
-	if (symtab != NULL) {
-		rc = cil_symtab_insert(symtab, (hashtab_key_t)key, datum, ast_node);
-		if (rc == SEPOL_EEXIST) {
-			rc = cil_symtab_get_datum(symtab, (hashtab_key_t)key, &prev);
-			if (rc != SEPOL_OK) {
-				cil_log(CIL_ERR, "Re-declaration of %s %s, but previous declaration could not be found\n",cil_node_to_string(ast_node), key);
-				goto exit;
-			}
-			if (!cil_allow_multiple_decls(db, nflavor, FLAVOR(prev))) {
-				/* multiple_decls not ok, ret error */
-				struct cil_tree_node *node = NODE(prev);
-				cil_log(CIL_ERR, "Re-declaration of %s %s\n",
-					cil_node_to_string(ast_node), key);
-				cil_tree_log(node, CIL_ERR, "Previous declaration of %s",
-					cil_node_to_string(node));
-				rc = SEPOL_ERR;
-				goto exit;
-			}
-			/* multiple_decls is enabled and works for this datum type, add node */
-			cil_list_append(prev->nodes, CIL_NODE, ast_node);
-			ast_node->data = prev;
-			cil_symtab_datum_destroy(datum);
-			free(datum);
-		}
+	rc = cil_add_decl_to_symtab(db, symtab, key, datum, ast_node);
+	if (rc != SEPOL_OK) {
+		goto exit;
 	}
 
 	if (ast_node->parent->flavor == CIL_MACRO) {
diff --git a/libsepol/cil/src/cil_build_ast.h b/libsepol/cil/src/cil_build_ast.h
index 8153e51e..fd9053ce 100644
--- a/libsepol/cil/src/cil_build_ast.h
+++ b/libsepol/cil/src/cil_build_ast.h
@@ -37,6 +37,8 @@
 #include "cil_tree.h"
 #include "cil_list.h"
 
+int cil_add_decl_to_symtab(struct cil_db *db, symtab_t *symtab, hashtab_key_t key, struct cil_symtab_datum *datum, struct cil_tree_node *node);
+
 int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_symtab_datum *datum, hashtab_key_t key, enum cil_sym_index sflavor, enum cil_flavor nflavor);
 int cil_parse_to_list(struct cil_tree_node *parse_cl_head, struct cil_list *ast_cl, enum cil_flavor flavor);
 
diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c
index ed967861..12bc553c 100644
--- a/libsepol/cil/src/cil_copy_ast.c
+++ b/libsepol/cil/src/cil_copy_ast.c
@@ -2031,7 +2031,11 @@ int __cil_copy_node_helper(struct cil_tree_node *orig, __attribute__((unused)) u
 				rc = SEPOL_ERR;
 				goto exit;
 			}
-			rc = cil_symtab_insert(symtab, ((struct cil_symtab_datum*)orig->data)->name, ((struct cil_symtab_datum*)data), new);
+
+			rc = cil_add_decl_to_symtab(db, symtab, DATUM(orig->data)->name, DATUM(data), new);
+			if (rc != SEPOL_OK) {
+				goto exit;
+			}
 
 			namespace = new;
 			while (namespace->flavor != CIL_MACRO && namespace->flavor != CIL_BLOCK && namespace->flavor != CIL_ROOT) {

From patchwork Thu Apr  8 19:16:14 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: James Carter <jwcart2@gmail.com>
X-Patchwork-Id: 12192361
Return-Path: <selinux-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-15.7 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH,
	MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham
	autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 389DDC433B4
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:41 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id 0F322610F9
	for <selinux@archiver.kernel.org>; Thu,  8 Apr 2021 19:16:41 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232804AbhDHTQv (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Thu, 8 Apr 2021 15:16:51 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59102 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232749AbhDHTQv (ORCPT
        <rfc822;selinux@vger.kernel.org>); Thu, 8 Apr 2021 15:16:51 -0400
Received: from mail-qk1-x72d.google.com (mail-qk1-x72d.google.com
 [IPv6:2607:f8b0:4864:20::72d])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B433DC061760
        for <selinux@vger.kernel.org>; Thu,  8 Apr 2021 12:16:39 -0700 (PDT)
Received: by mail-qk1-x72d.google.com with SMTP id x14so3390159qki.10
        for <selinux@vger.kernel.org>; Thu, 08 Apr 2021 12:16:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=5I513em49Dz2W4TdVQyv3bQ8tL3cbfCKk+IwJkJ5qxs=;
        b=oy2SoUtPVKv3B/6ybnN6fFFOhYBjbRSdc7R0T+clJFF/hs6zbX7MkWQv17HJOrpa8c
         eDmHTSaJuxycNb/oqwhbJfKgXSFKq7Q6SLVK3greS7tdSR3AwspdlLtXO/I1H9np42i7
         kSz/vx/rVxosY+RqP49onGc5QsMgKym1dPjQ4Y5CU84m1+1W7UzvHXZuxOUnxXXEYrOa
         1NGgtG2iI/5O9i18Oq+F4Pf3mKGG2D1MwWiakYKx/9vxdou2RkuMAsC80GJVW2V7W8Mo
         Hz0K0oFxfQom22kX4xcPx4TEFKmtMaFhOwftn4c5N5Tow/bwZvTTNDFQIvDltb9M91SU
         xKRg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=5I513em49Dz2W4TdVQyv3bQ8tL3cbfCKk+IwJkJ5qxs=;
        b=fDfAiX6iuEgAREuKP4UGnZnsAijFrmC3nvpvJyINoWn1eC/bRfTz/wNfsVd78Y8c3n
         A4GJirKqLsrpm0PX9cc8drc6+orbJLCvMjPkI9TDUVOMdLFznmx4dkfneEAuNbuKPMkJ
         /5peUvME2O+tYcHMsMmw0l05Po13y4QfGovXeNgWpqvh6WC6YJBzhDoPEGDPNJjKwTTd
         Z6M972Gb6kSjVdVuTflXHVzAcozbIRDp2K56fBIbLLB7Xo2sbT3q+znLuFRQObx9Rny8
         wnX4/0Ihf9ZarmI5rvtpO2CSndT2x1LDb+wRueLqQdtwsESREFZFILl/LKXiywxF1KK6
         TD4Q==
X-Gm-Message-State: AOAM53260fJkXVQQnyEiL1TZv6xfWnndd3mX2ctFouR/KX4+HOlzxMT/
        5xkXDPsEQ/Kv4GFDIGHaK+wFfZ70WizuCg==
X-Google-Smtp-Source: 
 ABdhPJxwVzRmziSQTihYncB5Zi+cJZg0XQKdpfWVNcYf6LR1c2quw1vpHq57S42s3Cw+SSyYcOtTrQ==
X-Received: by 2002:a05:620a:102f:: with SMTP id
 a15mr10502847qkk.87.1617909398862;
        Thu, 08 Apr 2021 12:16:38 -0700 (PDT)
Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net.
 [73.200.157.122])
        by smtp.gmail.com with ESMTPSA id
 v128sm147949qkc.127.2021.04.08.12.16.38
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 08 Apr 2021 12:16:38 -0700 (PDT)
From: James Carter <jwcart2@gmail.com>
To: selinux@vger.kernel.org
Cc: nicolas.iooss@m4x.org, James Carter <jwcart2@gmail.com>
Subject: [PATCH 11/11] libsepol/cil: Move check for the shadowing of macro
 parameters
Date: Thu,  8 Apr 2021 15:16:14 -0400
Message-Id: <20210408191614.262173-12-jwcart2@gmail.com>
X-Mailer: git-send-email 2.26.3
In-Reply-To: <20210408191614.262173-1-jwcart2@gmail.com>
References: <20210408191614.262173-1-jwcart2@gmail.com>
MIME-Version: 1.0
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

In cil_gen_node(), after the declaration is added to the symbol
table, if the parent is a macro, then a check is made to ensure
the declaration does not shadow any of the macro's parameters.
This check also needs to be done when copying the AST.

Move the check for the shadowing of macro parameters to its own
function, cil_verify_decl_does_not_shadow_macro_parameter(), and
refactor cil_gen_node() and __cil_copy_node_helper() to use the
new function.

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/cil/src/cil_build_ast.c | 16 +++-------------
 libsepol/cil/src/cil_copy_ast.c  | 20 ++++----------------
 libsepol/cil/src/cil_verify.c    | 18 ++++++++++++++++++
 libsepol/cil/src/cil_verify.h    |  1 +
 4 files changed, 26 insertions(+), 29 deletions(-)

diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
index ec81db55..a4a2baa0 100644
--- a/libsepol/cil/src/cil_build_ast.c
+++ b/libsepol/cil/src/cil_build_ast.c
@@ -161,19 +161,9 @@ int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_s
 	}
 
 	if (ast_node->parent->flavor == CIL_MACRO) {
-		struct cil_list_item *item;
-		struct cil_list *param_list = ((struct cil_macro*)ast_node->parent->data)->params;
-		if (param_list != NULL) {
-			cil_list_for_each(item, param_list) {
-				struct cil_param *param = item->data;
-				if (param->flavor == ast_node->flavor) {
-					if (param->str == key) {
-						cil_log(CIL_ERR, "%s %s shadows a macro parameter in macro declaration\n", cil_node_to_string(ast_node), key);
-						rc = SEPOL_ERR;
-						goto exit;
-					}
-				}
-			}
+		rc = cil_verify_decl_does_not_shadow_macro_parameter(ast_node->parent->data, ast_node, key);
+		if (rc != SEPOL_OK) {
+			goto exit;
 		}
 	}
 
diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c
index 12bc553c..954eab33 100644
--- a/libsepol/cil/src/cil_copy_ast.c
+++ b/libsepol/cil/src/cil_copy_ast.c
@@ -40,6 +40,7 @@
 #include "cil_copy_ast.h"
 #include "cil_build_ast.h"
 #include "cil_strpool.h"
+#include "cil_verify.h"
 
 struct cil_args_copy {
 	struct cil_tree_node *dest;
@@ -1716,7 +1717,6 @@ int __cil_copy_node_helper(struct cil_tree_node *orig, __attribute__((unused)) u
 	struct cil_db *db = NULL;
 	struct cil_args_copy *args = NULL;
 	struct cil_tree_node *namespace = NULL;
-	struct cil_param *param = NULL;
 	enum cil_sym_index sym_index = CIL_SYM_UNKNOWN;
 	symtab_t *symtab = NULL;
 	void *data = NULL;
@@ -2043,21 +2043,9 @@ int __cil_copy_node_helper(struct cil_tree_node *orig, __attribute__((unused)) u
 			}
 
 			if (namespace->flavor == CIL_MACRO) {
-				struct cil_macro *macro = namespace->data;
-				struct cil_list *param_list = macro->params;
-				if (param_list != NULL) {
-					struct cil_list_item *item;
-					cil_list_for_each(item, param_list) {
-						param = item->data;
-						if (param->flavor == new->flavor) {
-							if (param->str == ((struct cil_symtab_datum*)new->data)->name) {
-								cil_tree_log(orig, CIL_ERR, "%s %s shadows a macro parameter", cil_node_to_string(new), ((struct cil_symtab_datum*)orig->data)->name);
-								cil_tree_log(namespace, CIL_ERR, "Note: macro declaration");
-								rc = SEPOL_ERR;
-								goto exit;
-							}
-						}
-					}
+				rc = cil_verify_decl_does_not_shadow_macro_parameter(namespace->data, orig, DATUM(orig->data)->name);
+				if (rc != SEPOL_OK) {
+					goto exit;
 				}
 			}
 		}
diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c
index 6e46fef6..5517461c 100644
--- a/libsepol/cil/src/cil_verify.c
+++ b/libsepol/cil/src/cil_verify.c
@@ -412,6 +412,24 @@ int cil_verify_conditional_blocks(struct cil_tree_node *current)
 	return SEPOL_OK;
 }
 
+int cil_verify_decl_does_not_shadow_macro_parameter(struct cil_macro *macro, struct cil_tree_node *node, const char *name)
+{
+	struct cil_list_item *item;
+	struct cil_list *param_list = macro->params;
+	if (param_list != NULL) {
+		cil_list_for_each(item, param_list) {
+			struct cil_param *param = item->data;
+			if (param->flavor == node->flavor) {
+				if (param->str == name) {
+					cil_log(CIL_ERR, "%s %s shadows a macro parameter in macro declaration\n", cil_node_to_string(node), name);
+					return SEPOL_ERR;
+				}
+			}
+		}
+	}
+	return SEPOL_OK;
+}
+
 int cil_verify_no_self_reference(struct cil_symtab_datum *datum, struct cil_list *datum_list)
 {
 	struct cil_list_item *i;
diff --git a/libsepol/cil/src/cil_verify.h b/libsepol/cil/src/cil_verify.h
index 1887ae3f..c497018f 100644
--- a/libsepol/cil/src/cil_verify.h
+++ b/libsepol/cil/src/cil_verify.h
@@ -62,6 +62,7 @@ int cil_verify_expr_syntax(struct cil_tree_node *current, enum cil_flavor op, en
 int cil_verify_constraint_leaf_expr_syntax(enum cil_flavor l_flavor, enum cil_flavor r_flavor, enum cil_flavor op, enum cil_flavor expr_flavor);
 int cil_verify_constraint_expr_syntax(struct cil_tree_node *current, enum cil_flavor op);
 int cil_verify_conditional_blocks(struct cil_tree_node *current);
+int cil_verify_decl_does_not_shadow_macro_parameter(struct cil_macro *macro, struct cil_tree_node *node, const char *name);
 int cil_verify_no_self_reference(struct cil_symtab_datum *datum, struct cil_list *datum_list);
 int __cil_verify_ranges(struct cil_list *list);
 int __cil_verify_ordered_node_helper(struct cil_tree_node *node, uint32_t *finished, void *extra_args);