From patchwork Tue Aug 10 18:05:30 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12429323 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8A762C4320E for ; Tue, 10 Aug 2021 18:21:47 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6B2A46056C for ; Tue, 10 Aug 2021 18:21:47 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235011AbhHJSWI (ORCPT ); Tue, 10 Aug 2021 14:22:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60430 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237212AbhHJSWB (ORCPT ); Tue, 10 Aug 2021 14:22:01 -0400 Received: from mail-qk1-x730.google.com (mail-qk1-x730.google.com [IPv6:2607:f8b0:4864:20::730]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5F7EBC07AF5A for ; Tue, 10 Aug 2021 11:05:44 -0700 (PDT) Received: by mail-qk1-x730.google.com with SMTP id f23so7080840qkk.13 for ; Tue, 10 Aug 2021 11:05:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=xpxPrrTiM5SRC2n12ZPGSGD0+g4rIv6oPky8lykdC70=; b=ixuwpJ9HSKbT2gv7k1GoBT2mIPjXUa9RxHYCWWMLPkfMwZI2TvZ3o1oLynGRSRDkMc UCAv1/cpe+KTgk/uSeKqTq9PEep5/KHtU9tWEVgG2vUhJfo4+SYVvnji1boFuG8SDQSy p2uC4/s341LndvF9vG/jyLNNxR8dfFoBiMKNv1agK3WLQVIbfnfJHs/pqgEZ2dubAcGE b0jTT+QYhRNjO2zcmW/EauEWqW+ON+hsgw8Em7ztzR7XzLdsgyHBNF5uJlMbB41hTiTO ngIUK+fYZMPWAZPuiXTiJFWrHdDbIUU/i3etDTKebo9f5yY/a3VVKG4kVGNN8aPc25/9 lWAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xpxPrrTiM5SRC2n12ZPGSGD0+g4rIv6oPky8lykdC70=; b=HOB1RGNf0KnALDJmklGQQn3LYeaFssraHhfhsQTLYqLNcSqhHWMbS5GjfTC6C9ihu8 y2/43aym/NFLxiudRZbd9Nga9NqjBSnwuGtT4NIfNcSfmK26QnBcsnvFPfVkc2xnzAt+ ptTeP0PyfNGViKTVd8RUmtFJg0/Km83tYhrNVwkC8U+SD7bEQtxaqikcWpl34jG1VEGs yHb20phOR5084YBshfIeWnGsInUDAKo67hNOZivYKnmhdxcUO1Zf17wAIwMZbWPDo3ED oDzHVRMxshNFLFhweKOpC9VZhfg3Ka/HIDXFwz2H5gjXnidrD6KjEuJbmXPEsWSX5igF DT8A== X-Gm-Message-State: AOAM532o1vtdGpaz82BnnqAj+AZtAjh6efzrv+KIi26POv8YvSg2AyV4 6JpZbtTZQ/jnJNCOAPLO3kjfHLWaFWb3Jg== X-Google-Smtp-Source: ABdhPJwhFO0xDkUjFC1Xwq9kNptgUPiVYwY2XEy86ZeKrFkQBnrt1qBjm+mOFDBynk+wgzuu64ZUMA== X-Received: by 2002:a37:43ca:: with SMTP id q193mr29989388qka.459.1628618743421; Tue, 10 Aug 2021 11:05:43 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id m16sm3057415qki.19.2021.08.10.11.05.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Aug 2021 11:05:43 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: James Carter Subject: [PATCH 1/8] libsepol/cil: Check syntax of src_info statement Date: Tue, 10 Aug 2021 14:05:30 -0400 Message-Id: <20210810180537.669439-2-jwcart2@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210810180537.669439-1-jwcart2@gmail.com> References: <20210810180537.669439-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Every rule other than src_info has their syntax checked when building the AST. It wasn't considered necessary for src_info rules because they were expected to always be generated by the parser and aren't part of the CIL language. But there is no check preventing them from occurring in a policy and the secilc fuzzer found some bugs by using src_info rules in a policy. This caused some syntax checking to be added. Since the parse AST from secil2tree will contain src_info rules and since the goal is to be able to compile the output of secil2tree, it makes sense to check the syntax of src_info rules in the same way that all of the other rules are checked. Check the syntax of src_info statements in the same way every other rule is checked. Signed-off-by: James Carter --- libsepol/cil/src/cil_build_ast.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index 9da90883..5e65a266 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -6075,12 +6075,24 @@ void cil_destroy_mls(struct cil_mls *mls) int cil_gen_src_info(struct cil_tree_node *parse_current, struct cil_tree_node *ast_node) { - /* No need to check syntax, because this is auto generated */ + int rc = SEPOL_ERR; + enum cil_syntax syntax[] = { + CIL_SYN_STRING, + CIL_SYN_STRING, + CIL_SYN_STRING, + CIL_SYN_N_LISTS | CIL_SYN_END, + CIL_SYN_END + }; + int syntax_len = sizeof(syntax)/sizeof(*syntax); struct cil_src_info *info = NULL; - if (parse_current->next == NULL || parse_current->next->next == NULL) { - cil_tree_log(parse_current, CIL_ERR, "Bad "); - return SEPOL_ERR; + if (parse_current == NULL || ast_node == NULL) { + goto exit; + } + + rc = __cil_verify_syntax(parse_current, syntax, syntax_len); + if (rc != SEPOL_OK) { + goto exit; } cil_src_info_init(&info); @@ -6092,6 +6104,10 @@ int cil_gen_src_info(struct cil_tree_node *parse_current, struct cil_tree_node * ast_node->flavor = CIL_SRC_INFO; return SEPOL_OK; + +exit: + cil_tree_log(parse_current, CIL_ERR, "Bad src info"); + return rc; } void cil_destroy_src_info(struct cil_src_info *info) From patchwork Tue Aug 10 18:05:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12429325 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 57BEBC43214 for ; Tue, 10 Aug 2021 18:21:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3A7E660231 for ; Tue, 10 Aug 2021 18:21:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237352AbhHJSWJ (ORCPT ); Tue, 10 Aug 2021 14:22:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60402 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237215AbhHJSWB (ORCPT ); Tue, 10 Aug 2021 14:22:01 -0400 Received: from mail-qk1-x72a.google.com (mail-qk1-x72a.google.com [IPv6:2607:f8b0:4864:20::72a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1AA12C07AF5B for ; Tue, 10 Aug 2021 11:05:45 -0700 (PDT) Received: by mail-qk1-x72a.google.com with SMTP id e14so23393462qkg.3 for ; Tue, 10 Aug 2021 11:05:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=BjBl9mguH+i1u3Ey1Gjg/Kzz47+b97m7foNy6YKoWBA=; b=dC1F/nPVq/sBMhuaV343dxlFhzvLyiTVZKCH1sBF7J+2MfhW+HYN5wCLdUkxTd5Psu GJYjUuc7yc5NVo08eUoj0XWA4YQWuMGhMgEvqt3k4hYavmICDZpya1h45YkScK2ql3o2 xRL9HaDw5P7wohuVZUy64ksLdLHpu+qVWD0QKjCqNx1HKB2/nsE/rcYL8UtEy0ImXU8u MNUUae2JmEfp5MzZ/NFPyZSGcLZul3OpJvBUyUP54xRPKXkATOhyqpkfQgdVkpz0dYDE uobQ4/SjeocZ6vPL1qcsUPT9jzql3jg7v1/IpEKxA5LPDT81TuHaUArXYF9yP95EVic1 oQjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=BjBl9mguH+i1u3Ey1Gjg/Kzz47+b97m7foNy6YKoWBA=; b=PozqdIjSEl8mA+mQIIb85kMbryI/5p/I5heNYUeOTf4qLxIhpvgb9xliIph/q7KL+A o50BmbChblJCe0dfMEFYwegcU+FZR5nN/eXuIE3bBIro2QOWSFgY7vCgEUnjc4WE1c87 NYMdS07nAIH5wGz0FmkyQ53gEmXLZ+qp5VdItYBYV2dD3YF1mnDyHuyx41FjzRp0YCBC tnSMqbLeskzO6rlAbCbI//Sa36XRIIe5AMeOqf1aWw7nsRDa5l2c+HEQwJdue5XY9peD tXLkNPN2GmtynJzocp8Ap2/2X+KRouP7P3Hy9Jl77NsWYM7NFzwtvL+QMhAXTgW/FJ+u nlnA== X-Gm-Message-State: AOAM530rWY4/eT/KswgCCMk8bvfX9p3+NbMnfMzw9t/E4gdkQTdeq0ip ai8GeSX6AoQcK8TWjqlVHJGWjzzy+AMKdA== X-Google-Smtp-Source: ABdhPJybFMdfMyvswinGXkwjgx5f771wqYJZ1T9JMgv87dPJU3Hf3/4CD1WnPAxGrkAh2yujcuuDyQ== X-Received: by 2002:a05:620a:12f6:: with SMTP id f22mr10247215qkl.159.1628618744215; Tue, 10 Aug 2021 11:05:44 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id m16sm3057415qki.19.2021.08.10.11.05.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Aug 2021 11:05:43 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: James Carter Subject: [PATCH 2/8] libsepol/cil: Check the token type after getting the next token Date: Tue, 10 Aug 2021 14:05:31 -0400 Message-Id: <20210810180537.669439-3-jwcart2@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210810180537.669439-1-jwcart2@gmail.com> References: <20210810180537.669439-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org In add_hll_linemark(), cil_lexer_next() is called and the token type is not checked after the call for the expected type (SYMBOL). Check that the token type is SYMBOL after calling cil_lexer_next(). Signed-off-by: James Carter --- libsepol/cil/src/cil_parser.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libsepol/cil/src/cil_parser.c b/libsepol/cil/src/cil_parser.c index fb95f401..fc90caec 100644 --- a/libsepol/cil/src/cil_parser.c +++ b/libsepol/cil/src/cil_parser.c @@ -111,6 +111,10 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno unsigned long val; cil_lexer_next(&tok); + if (tok.type != SYMBOL) { + cil_log(CIL_ERR, "Invalid line mark syntax\n"); + goto exit; + } hll_type = cil_strpool_add(tok.value); if (hll_type == CIL_KEY_HLL_LME) { if (cil_stack_is_empty(stack)) { From patchwork Tue Aug 10 18:05:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12429329 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7AF1EC432BE for ; Tue, 10 Aug 2021 18:21:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 534A66056C for ; Tue, 10 Aug 2021 18:21:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237362AbhHJSWK (ORCPT ); Tue, 10 Aug 2021 14:22:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33178 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237217AbhHJSWC (ORCPT ); Tue, 10 Aug 2021 14:22:02 -0400 Received: from mail-qk1-x735.google.com (mail-qk1-x735.google.com [IPv6:2607:f8b0:4864:20::735]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 44B34C07AF5C for ; Tue, 10 Aug 2021 11:05:46 -0700 (PDT) Received: by mail-qk1-x735.google.com with SMTP id s132so2546238qke.9 for ; Tue, 10 Aug 2021 11:05:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=4umRkcaGpCtbzgqA5jpMX6247ba4PQmUVExObBh0Pr8=; b=S1V4sc/YaRtFYH6NaGoHYbYPhnVv4L0Dyyaz0diYTjoIXG8DUeaEiFfIt9o2nB+tGE 3s4fTrP8pe40mDMCx+nEH/NKRe8a7PdiDX39oBuUeTzkWlRRsHeOvkHGl62NT+XGbdfb ec5ft927npiNexXKepeuYh9fNJ75lqy0oXiyjFdE+NrdkprQeP6TqtoIwqEAy/suz2ZB wai6yNE/RKe13Ndam6WW9oX1nQc+5PhyS68G7xVHM25dCv0Ri2tpsJRZY+MFl2irhS/p BKUM8BEVSMbGEktJCvXwbJHZh0Mpdz84N9FjTg2u+YwuFVvZTEfSS695lk8YJBytoFNg ejyg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=4umRkcaGpCtbzgqA5jpMX6247ba4PQmUVExObBh0Pr8=; b=d65YXkYYh2etjcNney8OMXYKPy7EH6H4KFvOmTHDgiTMvy6E6Ip0pT1b//BW335o1a xlEJ0fWEvqoFrrOc9Lhms9yP/Tti+UBUHHn39vr75i5JqzuZZYIMk2U61GHw8wyBCr0w D20aBcN4uEpFU+dVYghm0Opt1DSXqs+oUiIB8T0SMzCCm6QQNOIq2WmPrkBKjxGtJN2r 55QzXbojk9zhEuMTdo31DyLR6LmI7ojAURZKbxXz099feFLSBIoKA1n7O+/v1UCgArf4 x5acoAYhrAvtGM9W0+usEYClYUR7+igTp7ygV+W9NIXqk38ZCaa4CDeu4PJ2mdhTo+hp gNvw== X-Gm-Message-State: AOAM531I0kTgKvSrk7iNKnHGaoHdnFNGS4Zcd0Ei55oQ7zCGCu/a7BDt TQlviVmfXjsCtTbTzOWO4akNP9DJO1+U8Q== X-Google-Smtp-Source: ABdhPJy43Qn+EKoBcUN9MyFL/rD+jdUCH9WWGxpv/0NP5Sp/1t1PoyVd2RshBRbVipCXKibW9qZl3g== X-Received: by 2002:a37:9643:: with SMTP id y64mr28556423qkd.213.1628618745409; Tue, 10 Aug 2021 11:05:45 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id m16sm3057415qki.19.2021.08.10.11.05.44 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Aug 2021 11:05:44 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: James Carter Subject: [PATCH 3/8] libsepol/cil: Check for valid line mark type immediately Date: Tue, 10 Aug 2021 14:05:32 -0400 Message-Id: <20210810180537.669439-4-jwcart2@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210810180537.669439-1-jwcart2@gmail.com> References: <20210810180537.669439-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org It clearer to check that the line mark type is a valid option right after getting the token. Check that the line mark type is one of the expected values right awasy. Signed-off-by: James Carter --- libsepol/cil/src/cil_parser.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/libsepol/cil/src/cil_parser.c b/libsepol/cil/src/cil_parser.c index fc90caec..24386f60 100644 --- a/libsepol/cil/src/cil_parser.c +++ b/libsepol/cil/src/cil_parser.c @@ -116,6 +116,10 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno goto exit; } hll_type = cil_strpool_add(tok.value); + if (hll_type != CIL_KEY_HLL_LME && hll_type != CIL_KEY_HLL_LMS && hll_type != CIL_KEY_HLL_LMX) { + cil_log(CIL_ERR, "Invalid line mark syntax\n"); + goto exit; + } if (hll_type == CIL_KEY_HLL_LME) { if (cil_stack_is_empty(stack)) { cil_log(CIL_ERR, "Line mark end without start\n"); @@ -134,15 +138,6 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno create_node(&node, *current, tok.line, *hll_lineno, CIL_KEY_SRC_HLL); insert_node(node, *current); - if (hll_type == CIL_KEY_HLL_LMS) { - *hll_expand = 0; - } else if (hll_type == CIL_KEY_HLL_LMX) { - *hll_expand = 1; - } else { - cil_log(CIL_ERR, "Invalid line mark syntax\n"); - goto exit; - } - cil_lexer_next(&tok); if (tok.type != SYMBOL) { cil_log(CIL_ERR, "Invalid line mark syntax\n"); @@ -161,6 +156,7 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno } #endif *hll_lineno = val; + *hll_expand = (hll_type == CIL_KEY_HLL_LMX) ? 1 : 0; push_hll_info(stack, *hll_lineno, *hll_expand); From patchwork Tue Aug 10 18:05:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12429327 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1B1D5C4320A for ; Tue, 10 Aug 2021 18:21:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 006C360231 for ; Tue, 10 Aug 2021 18:21:48 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237361AbhHJSWJ (ORCPT ); Tue, 10 Aug 2021 14:22:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60428 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237218AbhHJSWC (ORCPT ); Tue, 10 Aug 2021 14:22:02 -0400 Received: from mail-qv1-xf2f.google.com (mail-qv1-xf2f.google.com [IPv6:2607:f8b0:4864:20::f2f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 057EBC07AF5D for ; Tue, 10 Aug 2021 11:05:47 -0700 (PDT) Received: by mail-qv1-xf2f.google.com with SMTP id s11so11391777qvz.7 for ; Tue, 10 Aug 2021 11:05:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=dkeGITQYfGBZQHpR8sGcb4cqda0IhnWGymJDLCWT4fg=; b=Mm/+I2FqA7Ouw1J+/4J8BqYvNUYRFjSORnWM/xmAwHGpFk5o6DYS0TtTYMOv/DU6OQ pts7NLNZVmdxzEENGnKvWIabRi/R7sfcge0vXFIIp+4bHdVI9TbO9sGTy18mCwokEGfA RUJsAq4PO6fHCCFlpLHfsMOAupBTM0lw5Jc+J2u6nAlo+3nDwq4BgQ+Q7XffPfnYmIU9 Tr+Xhxoj8Nx596rfQ4QLjrRvtDNTALZIlhng1xuD5MNxdgH3DPuiFkOEq6KSO+aROL8m G3a3dxDEjdSG5schgll39FhDwGj5fluSPPebmZCsg/eqflg8GhLei0mGH5DMeJR67qga 539A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=dkeGITQYfGBZQHpR8sGcb4cqda0IhnWGymJDLCWT4fg=; b=FMZ/AqYm+dzFWolewAdfl04wuOVyCXP+31SHxCSxjbGujcbloWSkHqZxvUlYAUPkcB sylbKQFT5ix74trlJGjaNUEB8zu0+1m2XyiH11yRRhUgt9RtwfogrLRsv5cS2SQGldEA 6AOkXrkAhUfQYkO2DelhVyoctOLVyc1zZA9DJBhHzZTiHDHnjXU1RWFxb88ycJsxHfg6 /sZmAF2UscV11732/VyIiyN6ubZADCpw4imVej5EsrOrw2/UTFtNLmVThde8z8WzqPwY 62IFsYDCjp0hrh7DpaGBOiOsnADwh5F7AbmKyjIVAVV31i+HSa+v3F7tlOP4VBZ/finU uFjQ== X-Gm-Message-State: AOAM530Bz5OqLAsBaGEK0xaoyQJVAGbwTy1dLJJh0kEcYU2V1GbZeN87 guT7o36m5cGEilhz23qgqOtfIdgDjVzJrw== X-Google-Smtp-Source: ABdhPJxbaB8Bm0zrIvUHFQ/41kjMytuSPL08Eo0nXmYeMOHTx/2Nf5ybFrq/x2kVd6fHLuAI3TN/1Q== X-Received: by 2002:a05:6214:e4e:: with SMTP id o14mr19155441qvc.55.1628618746080; Tue, 10 Aug 2021 11:05:46 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id m16sm3057415qki.19.2021.08.10.11.05.45 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Aug 2021 11:05:45 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: James Carter Subject: [PATCH 4/8] libsepol/cil: Push line mark state first when processing a line mark Date: Tue, 10 Aug 2021 14:05:33 -0400 Message-Id: <20210810180537.669439-5-jwcart2@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210810180537.669439-1-jwcart2@gmail.com> References: <20210810180537.669439-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org CIL line mark rules are used to annotate the original line and file of a rule. It is mostly used for neverallow rules that have been converted to CIL. Pushing the current line mark state after processing a line mark section does not make sense since that information is never used. When the line mark section ends the information is just popped and discarded. It also makes pop_hll_info() more complicated than it needs to be. Push the line mark state first and simplfy pop_hll_info(). Signed-off-by: James Carter --- libsepol/cil/src/cil_parser.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/libsepol/cil/src/cil_parser.c b/libsepol/cil/src/cil_parser.c index 24386f60..d36ffc49 100644 --- a/libsepol/cil/src/cil_parser.c +++ b/libsepol/cil/src/cil_parser.c @@ -66,19 +66,15 @@ static void push_hll_info(struct cil_stack *stack, uint32_t hll_lineno, uint32_t static void pop_hll_info(struct cil_stack *stack, uint32_t *hll_lineno, uint32_t *hll_expand) { struct cil_stack_item *curr = cil_stack_pop(stack); - struct cil_stack_item *prev = cil_stack_peek(stack); - struct hll_info *old; + struct hll_info *info; - free(curr->data); - - if (!prev) { - *hll_lineno = 0; - *hll_expand = 0; - } else { - old = prev->data; - *hll_lineno = old->hll_lineno; - *hll_expand = old->hll_expand; + if (!curr) { + return; } + info = curr->data; + *hll_expand = info->hll_expand; + *hll_lineno = info->hll_lineno; + free(curr->data); } static void create_node(struct cil_tree_node **node, struct cil_tree_node *current, uint32_t line, uint32_t hll_line, void *value) @@ -128,6 +124,8 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno pop_hll_info(stack, hll_lineno, hll_expand); *current = (*current)->parent; } else { + push_hll_info(stack, *hll_lineno, *hll_expand); + create_node(&node, *current, tok.line, *hll_lineno, NULL); insert_node(node, *current); *current = node; @@ -158,8 +156,6 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno *hll_lineno = val; *hll_expand = (hll_type == CIL_KEY_HLL_LMX) ? 1 : 0; - push_hll_info(stack, *hll_lineno, *hll_expand); - cil_lexer_next(&tok); if (tok.type != SYMBOL && tok.type != QSTRING) { cil_log(CIL_ERR, "Invalid line mark syntax\n"); From patchwork Tue Aug 10 18:05:34 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12429331 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D19C5C4320E for ; Tue, 10 Aug 2021 18:21:51 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B0A896056C for ; Tue, 10 Aug 2021 18:21:51 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235887AbhHJSWL (ORCPT ); Tue, 10 Aug 2021 14:22:11 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60662 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237229AbhHJSWC (ORCPT ); Tue, 10 Aug 2021 14:22:02 -0400 Received: from mail-qv1-xf2b.google.com (mail-qv1-xf2b.google.com [IPv6:2607:f8b0:4864:20::f2b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 91861C07AF5E for ; Tue, 10 Aug 2021 11:05:47 -0700 (PDT) Received: by mail-qv1-xf2b.google.com with SMTP id x12so11374917qvo.12 for ; Tue, 10 Aug 2021 11:05:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=4ZC1tyUSk/p8+1UGVwk/XDXPP/x2DbNbs/fWgrSLz+Y=; b=riA28tzzgMBzg9xVKyprmWPXt2WDKLo5oQnv+E8pZltOGrxVy9mzruXtrQ3PN9fmBe mS3GzlTfWDWt81/apOmvDOpTXduCsFAbmnFlX7K5feiHzc+6+1k9R8aONh5II3a6CLmt GmHhbH8cGqDywjRIOOKKm7RXzuTM1xSJiwnAcJSJkIxfxg831/H1sJryTzlc4/YyaEo1 pKFYFccRXbcyIGlAwZFUSqeN/CtrON9IG0/UUckb3iCY7R8Shi8icmvLtkYQWQ84im+b EY/vobetIBeCEyvxWrUxwzszuBkm0W5IE77ReGVQGR4Qzjg7Gm2k6ScpwDQH/lACwBXb sKCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=4ZC1tyUSk/p8+1UGVwk/XDXPP/x2DbNbs/fWgrSLz+Y=; b=WGuC3HEdFDS6k1bHyrap9h72a+ZSPvUmo5oZfXAUR7waBDtB/4IpZYZNtsVKcdqJIc iGhN7SOB2rC0VocfCN2a8zRIXSvB1Bd2ccn594A4OIGklAzD4zIgV5boIL5fYKolBjfN N7qB0ztBLDBN/vY623mST66o3pF3zfS9/ogF3rHi0iRMexX2mjWMCrsHLTSLINkXswUN xPawxUCrOyU256ZDozQwckLZuROw7BN+JW5KF1VHuuDlL/gdLrIcOflfLQR552YYHI+p 5c/kOhtTIJzfyIJh+GCoWIzgLAUkUFDV92VCY+5IQ/msfwxLasMz/Fsuuct3bOC0x2f6 v8wg== X-Gm-Message-State: AOAM533d1jE3H+t0WpEAabDhXU79vVnvL+HbnjUkgioPK5JPitUqytvw VhLIYEu2AU5tuYaaX10/wpIHIlwuSwq1pg== X-Google-Smtp-Source: ABdhPJzHatoHsebIknOJ8dwxNliXNOUy2Ka+64m9zWtc/9xgUMy7db1qlL+B5M6eHAGtB93U956e0g== X-Received: by 2002:a05:6214:21a4:: with SMTP id t4mr16950755qvc.21.1628618746675; Tue, 10 Aug 2021 11:05:46 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id m16sm3057415qki.19.2021.08.10.11.05.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Aug 2021 11:05:46 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: James Carter Subject: [PATCH 5/8] libsepol/cil: Create common string-to-unsigned-integer functions Date: Tue, 10 Aug 2021 14:05:34 -0400 Message-Id: <20210810180537.669439-6-jwcart2@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210810180537.669439-1-jwcart2@gmail.com> References: <20210810180537.669439-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org The functions cil_fill_integer() and cil_fill_integer64() exist in cil_build_ast.c, but these functions take a node and it would be better to have a function that can be used in add_hll_linemark() so that the common functinality is in one place. Create cil_string_to_uint32() and cil_string_to_uint64() and use these functions in cil_fill_integer(), cil_fill_integer64(), and add_hll_linemark(). Signed-off-by: James Carter --- libsepol/cil/src/cil.c | 57 ++++++++++++++++++++++++++++++++ libsepol/cil/src/cil_build_ast.c | 32 ++++-------------- libsepol/cil/src/cil_internal.h | 2 ++ libsepol/cil/src/cil_parser.c | 16 +++------ 4 files changed, 69 insertions(+), 38 deletions(-) diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c index d24c81c8..bdd16eb8 100644 --- a/libsepol/cil/src/cil.c +++ b/libsepol/cil/src/cil.c @@ -1997,6 +1997,63 @@ exit: return SEPOL_ERR; } +int cil_string_to_uint32(const char *string, uint32_t *value, int base) +{ + unsigned long val; + char *end = NULL; + int rc = SEPOL_ERR; + + if (string == NULL || value == NULL) { + goto exit; + } + + errno = 0; + val = strtoul(string, &end, base); + if (errno != 0 || end == string || *end != '\0') { + rc = SEPOL_ERR; + goto exit; + } + + /* Ensure that the value fits a 32-bit integer without triggering -Wtype-limits */ +#if ULONG_MAX > UINT32_MAX + if (val > UINT32_MAX) { + rc = SEPOL_ERR; + goto exit; + } +#endif + + *value = val; + + return SEPOL_OK; + +exit: + cil_log(CIL_ERR, "Failed to create uint32_t from string\n"); + return rc; +} + +int cil_string_to_uint64(const char *string, uint64_t *value, int base) +{ + char *end = NULL; + int rc = SEPOL_ERR; + + if (string == NULL || value == NULL) { + goto exit; + } + + errno = 0; + *value = strtoull(string, &end, base); + if (errno != 0 || end == string || *end != '\0') { + rc = SEPOL_ERR; + goto exit; + } + + return SEPOL_OK; + +exit: + cil_log(CIL_ERR, "Failed to create uint64_t from string\n"); + return rc; +} + void cil_sort_init(struct cil_sort **sort) { *sort = cil_malloc(sizeof(**sort)); diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index 5e65a266..ffbd3082 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -5601,60 +5601,40 @@ void cil_destroy_ipaddr(struct cil_ipaddr *ipaddr) int cil_fill_integer(struct cil_tree_node *int_node, uint32_t *integer, int base) { int rc = SEPOL_ERR; - char *endptr = NULL; - unsigned long val; if (int_node == NULL || int_node->data == NULL || integer == NULL) { goto exit; } - errno = 0; - val = strtoul(int_node->data, &endptr, base); - if (errno != 0 || endptr == int_node->data || *endptr != '\0') { - rc = SEPOL_ERR; - goto exit; - } - - /* Ensure that the value fits a 32-bit integer without triggering -Wtype-limits */ -#if ULONG_MAX > UINT32_MAX - if (val > UINT32_MAX) { - rc = SEPOL_ERR; + rc = cil_string_to_uint32(int_node->data, integer, base); + if (rc != SEPOL_OK) { goto exit; } -#endif - - *integer = val; return SEPOL_OK; exit: - cil_log(CIL_ERR, "Failed to create integer from string\n"); + cil_log(CIL_ERR, "Failed to fill 32-bit integer\n"); return rc; } int cil_fill_integer64(struct cil_tree_node *int_node, uint64_t *integer, int base) { int rc = SEPOL_ERR; - char *endptr = NULL; - uint64_t val; if (int_node == NULL || int_node->data == NULL || integer == NULL) { goto exit; } - errno = 0; - val = strtoull(int_node->data, &endptr, base); - if (errno != 0 || endptr == int_node->data || *endptr != '\0') { - rc = SEPOL_ERR; + rc = cil_string_to_uint64(int_node->data, integer, base); + if (rc != SEPOL_OK) { goto exit; } - *integer = val; - return SEPOL_OK; exit: - cil_log(CIL_ERR, "Failed to create integer from string\n"); + cil_log(CIL_ERR, "Failed to fill 64-bit integer\n"); return rc; } diff --git a/libsepol/cil/src/cil_internal.h b/libsepol/cil/src/cil_internal.h index 98e303d1..b9a03a37 100644 --- a/libsepol/cil/src/cil_internal.h +++ b/libsepol/cil/src/cil_internal.h @@ -986,6 +986,8 @@ void cil_symtab_array_init(symtab_t symtab[], const int symtab_sizes[CIL_SYM_NUM void cil_symtab_array_destroy(symtab_t symtab[]); void cil_destroy_ast_symtabs(struct cil_tree_node *root); int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_sym_index sym_index); +int cil_string_to_uint32(const char *string, uint32_t *value, int base); +int cil_string_to_uint64(const char *string, uint64_t *value, int base); void cil_sort_init(struct cil_sort **sort); void cil_sort_destroy(struct cil_sort **sort); diff --git a/libsepol/cil/src/cil_parser.c b/libsepol/cil/src/cil_parser.c index d36ffc49..9ca1432e 100644 --- a/libsepol/cil/src/cil_parser.c +++ b/libsepol/cil/src/cil_parser.c @@ -103,8 +103,7 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno struct cil_tree_node *node; struct token tok; char *hll_file; - char *end = NULL; - unsigned long val; + int rc; cil_lexer_next(&tok); if (tok.type != SYMBOL) { @@ -142,18 +141,11 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno goto exit; } - val = strtoul(tok.value, &end, 10); - if (errno == ERANGE || *end != '\0') { - cil_log(CIL_ERR, "Problem parsing line number for line mark\n"); + rc = cil_string_to_uint32(tok.value, hll_lineno, 10); + if (rc != SEPOL_OK) { goto exit; } -#if ULONG_MAX > UINT32_MAX - if (val > UINT32_MAX) { - cil_log(CIL_ERR, "Line mark line number > UINT32_MAX\n"); - goto exit; - } -#endif - *hll_lineno = val; + *hll_expand = (hll_type == CIL_KEY_HLL_LMX) ? 1 : 0; cil_lexer_next(&tok); From patchwork Tue Aug 10 18:05:35 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12429335 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5E772C432BE for ; Tue, 10 Aug 2021 18:22:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4349B60231 for ; Tue, 10 Aug 2021 18:22:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237391AbhHJSWV (ORCPT ); Tue, 10 Aug 2021 14:22:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33182 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237291AbhHJSWD (ORCPT ); Tue, 10 Aug 2021 14:22:03 -0400 Received: from mail-qv1-xf2e.google.com (mail-qv1-xf2e.google.com [IPv6:2607:f8b0:4864:20::f2e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 65C23C07AF64 for ; Tue, 10 Aug 2021 11:05:48 -0700 (PDT) Received: by mail-qv1-xf2e.google.com with SMTP id 3so11384468qvd.2 for ; Tue, 10 Aug 2021 11:05:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=zguFDXV+WK4mQGxz7VuN/jiCM5azEzkdnGTb2ASezTQ=; b=GuNsqxhH4uC4cLVuQckv1+eHZhnR4RIYs0kkV317Ldc6oOE4SNMzbUgl7Zyk+fczPg 210qjju6T4pmayirWrCoC433cLk7h8OIwxz8kPsRJw5vCj4faDANbWt6b1sFQe8wwUhU 3IKabApJIKo6ofexJtypbdTYuO1Yny0rtwf0HJ9QHdN5jVoy94IR7eQh4h0tOW0E0par uJtK6/R7ATPSxI+WpPr7Zg+dXiAgt4FiiKX1w2YoyXo+QktHtlqvfAYVlNaIxvBO+IMI I5+GqU8l1/pDq/MT5U6gyLk93wGSz7WbO+LIrIigKLopWcJXJjx/3GNhsjyxLVfifke/ RVXA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=zguFDXV+WK4mQGxz7VuN/jiCM5azEzkdnGTb2ASezTQ=; b=aCsPK/JHbLTsEKaNLrXbADkvNtBiXro8hUAdn8WNO6CSbggI5RJ3NzYmO26vn18SEg 5I/dDI+bnZYcIa8OOq2JUuuO5RvPhM+odc6ESKUTOP3XsKjU+1HEP/BMU/3mkVxneEO2 ONDuO3Wd+pN/c896nyegZ9JIes510UKEWZtbQuj026ODhPVMRpdnmVK7oFP2jzFdxJOI eWpFMXqZlEj6KOeRmRNsBIUjYnuuJg5i04eQBQyFz3TkuV4BXJR7/yj3j66gu0P4UIa/ y69dRFRAB9zzpeTO3sprXaIhHtLpn2UiLHl9oJ0W/FJRwrlJjYWooBX7o0K9+zFSZcq6 +dQg== X-Gm-Message-State: AOAM5316L4p+Wa5H0jLwKu2j9GNgShqb98XlgpQOMKaN47P9EdghlDjX H7N0sb8WNJjvWueuAimZkAakg1ksN+R/dg== X-Google-Smtp-Source: ABdhPJz23XsE+vcpKWKUCcq0Iu4ralunRW51V+rLJj05J5zPqQOvEh9VTRPcoObIHfgKd17Grax01Q== X-Received: by 2002:a05:6214:528a:: with SMTP id kj10mr30339442qvb.38.1628618747451; Tue, 10 Aug 2021 11:05:47 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id m16sm3057415qki.19.2021.08.10.11.05.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Aug 2021 11:05:47 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: James Carter Subject: [PATCH 6/8] libsepol/cil: Add line mark kind and line number to src info Date: Tue, 10 Aug 2021 14:05:35 -0400 Message-Id: <20210810180537.669439-7-jwcart2@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210810180537.669439-1-jwcart2@gmail.com> References: <20210810180537.669439-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org To be able to write line mark information when writing the AST, the line mark kind and line number is needed in the src info. Instead of indicating whether the src info is for CIL or a hll, differentiate between CIL, a normal hll line mark, and an expanded hll line mark. Also include the line mark line number in the src info nodes. Signed-off-by: James Carter --- libsepol/cil/src/cil.c | 13 +++++++++---- libsepol/cil/src/cil_build_ast.c | 17 +++++++++++++++-- libsepol/cil/src/cil_copy_ast.c | 3 ++- libsepol/cil/src/cil_internal.h | 7 +++++-- libsepol/cil/src/cil_parser.c | 27 +++++++++++---------------- libsepol/cil/src/cil_tree.c | 2 +- 6 files changed, 43 insertions(+), 26 deletions(-) diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c index bdd16eb8..caec5dad 100644 --- a/libsepol/cil/src/cil.c +++ b/libsepol/cil/src/cil.c @@ -220,7 +220,9 @@ char *CIL_KEY_IOCTL; char *CIL_KEY_UNORDERED; char *CIL_KEY_SRC_INFO; char *CIL_KEY_SRC_CIL; -char *CIL_KEY_SRC_HLL; +char *CIL_KEY_SRC_HLL_LMS; +char *CIL_KEY_SRC_HLL_LMX; +char *CIL_KEY_SRC_HLL_LME; static void cil_init_keys(void) { @@ -384,8 +386,10 @@ static void cil_init_keys(void) CIL_KEY_IOCTL = cil_strpool_add("ioctl"); CIL_KEY_UNORDERED = cil_strpool_add("unordered"); CIL_KEY_SRC_INFO = cil_strpool_add(""); - CIL_KEY_SRC_CIL = cil_strpool_add(""); - CIL_KEY_SRC_HLL = cil_strpool_add(""); + CIL_KEY_SRC_CIL = cil_strpool_add("cil"); + CIL_KEY_SRC_HLL_LMS = cil_strpool_add("lms"); + CIL_KEY_SRC_HLL_LMX = cil_strpool_add("lmx"); + CIL_KEY_SRC_HLL_LME = cil_strpool_add("lme"); } void cil_db_init(struct cil_db **db) @@ -2881,6 +2885,7 @@ void cil_mls_init(struct cil_mls **mls) void cil_src_info_init(struct cil_src_info **info) { *info = cil_malloc(sizeof(**info)); - (*info)->is_cil = 0; + (*info)->kind = NULL; + (*info)->hll_line = 0; (*info)->path = NULL; } diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index ffbd3082..a0f58b1e 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -6060,6 +6060,7 @@ int cil_gen_src_info(struct cil_tree_node *parse_current, struct cil_tree_node * CIL_SYN_STRING, CIL_SYN_STRING, CIL_SYN_STRING, + CIL_SYN_STRING, CIL_SYN_N_LISTS | CIL_SYN_END, CIL_SYN_END }; @@ -6077,8 +6078,19 @@ int cil_gen_src_info(struct cil_tree_node *parse_current, struct cil_tree_node * cil_src_info_init(&info); - info->is_cil = (parse_current->next->data == CIL_KEY_SRC_CIL) ? CIL_TRUE : CIL_FALSE; - info->path = parse_current->next->next->data; + info->kind = parse_current->next->data; + if (info->kind != CIL_KEY_SRC_CIL && info->kind != CIL_KEY_SRC_HLL_LMS && info->kind != CIL_KEY_SRC_HLL_LMX) { + cil_log(CIL_ERR, "Invalid src info kind\n"); + rc = SEPOL_ERR; + goto exit; + } + + rc = cil_string_to_uint32(parse_current->next->next->data, &info->hll_line, 10); + if (rc != SEPOL_OK) { + goto exit; + } + + info->path = parse_current->next->next->next->data; ast_node->data = info; ast_node->flavor = CIL_SRC_INFO; @@ -6087,6 +6099,7 @@ int cil_gen_src_info(struct cil_tree_node *parse_current, struct cil_tree_node * exit: cil_tree_log(parse_current, CIL_ERR, "Bad src info"); + cil_destroy_src_info(info); return rc; } diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c index 9c0231f2..02b9828f 100644 --- a/libsepol/cil/src/cil_copy_ast.c +++ b/libsepol/cil/src/cil_copy_ast.c @@ -1692,7 +1692,8 @@ int cil_copy_src_info(__attribute__((unused)) struct cil_db *db, void *data, voi cil_src_info_init(&new); - new->is_cil = orig->is_cil; + new->kind = orig->kind; + new->hll_line = orig->hll_line; new->path = orig->path; *copy = new; diff --git a/libsepol/cil/src/cil_internal.h b/libsepol/cil/src/cil_internal.h index b9a03a37..385677d4 100644 --- a/libsepol/cil/src/cil_internal.h +++ b/libsepol/cil/src/cil_internal.h @@ -236,7 +236,9 @@ extern char *CIL_KEY_IOCTL; extern char *CIL_KEY_UNORDERED; extern char *CIL_KEY_SRC_INFO; extern char *CIL_KEY_SRC_CIL; -extern char *CIL_KEY_SRC_HLL; +extern char *CIL_KEY_SRC_HLL_LMS; +extern char *CIL_KEY_SRC_HLL_LMX; +extern char *CIL_KEY_SRC_HLL_LME; /* Symbol Table Array Indices @@ -963,7 +965,8 @@ struct cil_mls { }; struct cil_src_info { - int is_cil; + char *kind; + uint32_t hll_line; char *path; }; diff --git a/libsepol/cil/src/cil_parser.c b/libsepol/cil/src/cil_parser.c index 9ca1432e..842c327c 100644 --- a/libsepol/cil/src/cil_parser.c +++ b/libsepol/cil/src/cil_parser.c @@ -44,10 +44,6 @@ #define CIL_PARSER_MAX_EXPR_DEPTH (0x1 << 12) -char *CIL_KEY_HLL_LMS; -char *CIL_KEY_HLL_LMX; -char *CIL_KEY_HLL_LME; - struct hll_info { uint32_t hll_lineno; uint32_t hll_expand; @@ -102,7 +98,6 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno char *hll_type; struct cil_tree_node *node; struct token tok; - char *hll_file; int rc; cil_lexer_next(&tok); @@ -111,11 +106,11 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno goto exit; } hll_type = cil_strpool_add(tok.value); - if (hll_type != CIL_KEY_HLL_LME && hll_type != CIL_KEY_HLL_LMS && hll_type != CIL_KEY_HLL_LMX) { + if (hll_type != CIL_KEY_SRC_HLL_LME && hll_type != CIL_KEY_SRC_HLL_LMS && hll_type != CIL_KEY_SRC_HLL_LMX) { cil_log(CIL_ERR, "Invalid line mark syntax\n"); goto exit; } - if (hll_type == CIL_KEY_HLL_LME) { + if (hll_type == CIL_KEY_SRC_HLL_LME) { if (cil_stack_is_empty(stack)) { cil_log(CIL_ERR, "Line mark end without start\n"); goto exit; @@ -132,7 +127,7 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno create_node(&node, *current, tok.line, *hll_lineno, CIL_KEY_SRC_INFO); insert_node(node, *current); - create_node(&node, *current, tok.line, *hll_lineno, CIL_KEY_SRC_HLL); + create_node(&node, *current, tok.line, *hll_lineno, hll_type); insert_node(node, *current); cil_lexer_next(&tok); @@ -141,12 +136,15 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno goto exit; } + create_node(&node, *current, tok.line, *hll_lineno, cil_strpool_add(tok.value)); + insert_node(node, *current); + rc = cil_string_to_uint32(tok.value, hll_lineno, 10); if (rc != SEPOL_OK) { goto exit; } - *hll_expand = (hll_type == CIL_KEY_HLL_LMX) ? 1 : 0; + *hll_expand = (hll_type == CIL_KEY_SRC_HLL_LMX) ? 1 : 0; cil_lexer_next(&tok); if (tok.type != SYMBOL && tok.type != QSTRING) { @@ -159,9 +157,7 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno tok.value = tok.value+1; } - hll_file = cil_strpool_add(tok.value); - - create_node(&node, *current, tok.line, *hll_lineno, hll_file); + create_node(&node, *current, tok.line, *hll_lineno, cil_strpool_add(tok.value)); insert_node(node, *current); } @@ -192,6 +188,9 @@ static void add_cil_path(struct cil_tree_node **current, char *path) create_node(&node, *current, 0, 0, CIL_KEY_SRC_CIL); insert_node(node, *current); + create_node(&node, *current, 0, 0, "1"); + insert_node(node, *current); + create_node(&node, *current, 0, 0, path); insert_node(node, *current); } @@ -211,10 +210,6 @@ int cil_parser(const char *_path, char *buffer, uint32_t size, struct cil_tree * struct token tok; int rc = SEPOL_OK; - CIL_KEY_HLL_LMS = cil_strpool_add("lms"); - CIL_KEY_HLL_LMX = cil_strpool_add("lmx"); - CIL_KEY_HLL_LME = cil_strpool_add("lme"); - cil_stack_init(&stack); cil_lexer_setup(buffer, size); diff --git a/libsepol/cil/src/cil_tree.c b/libsepol/cil/src/cil_tree.c index 4cf8dcc8..52b28999 100644 --- a/libsepol/cil/src/cil_tree.c +++ b/libsepol/cil/src/cil_tree.c @@ -71,7 +71,7 @@ struct cil_tree_node *cil_tree_get_next_path(struct cil_tree_node *node, char ** /* AST */ struct cil_src_info *info = node->data; *path = info->path; - *is_cil = info->is_cil; + *is_cil = (info->kind == CIL_KEY_SRC_CIL); return node; } else { if (node->flavor == CIL_CALL) { From patchwork Tue Aug 10 18:05:36 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12429333 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C0FEDC4338F for ; Tue, 10 Aug 2021 18:21:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A355D60231 for ; Tue, 10 Aug 2021 18:21:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237229AbhHJSWT (ORCPT ); Tue, 10 Aug 2021 14:22:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60422 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237284AbhHJSWD (ORCPT ); Tue, 10 Aug 2021 14:22:03 -0400 Received: from mail-qk1-x72b.google.com (mail-qk1-x72b.google.com [IPv6:2607:f8b0:4864:20::72b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2A3EBC07AF66 for ; Tue, 10 Aug 2021 11:05:49 -0700 (PDT) Received: by mail-qk1-x72b.google.com with SMTP id t3so22096705qkg.11 for ; Tue, 10 Aug 2021 11:05:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=wD616+2ASxxxZ00lfugFgZYt9saqUlZnfU2NoT9+Iqk=; b=GxiE2PLXIrk100SGS5pOai4ionSSLlEzWOGdi9HEySzpnf7ZAvLmwU82BXDlJsEHsc wgOkQTSZWOssyWBWj0MleDdXKsqvuxbv3ZJKU3wrToLYk+IBDFHWcefnIjYkMZjTS3Dt lVQtmGsROEVJniSHq2xzC6cbpIgXehi51IqQWDSWdS1SFBaP2YrsBmbembiReiMFSqDu J/QzLuVdnFE9x4JHKM56bwNWZosp+gRI3X4iTHCnVzyTHJEnRc1XX3+wp/YDNMXXvF7O PCm5WD7NY666wKvxmqwBzFdKSi0LAc+0P4OlrYKqIe82Wd4NPbvJQWgbh9HA+ljDshX0 YHhA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=wD616+2ASxxxZ00lfugFgZYt9saqUlZnfU2NoT9+Iqk=; b=A2ha43bb1B39i87NblLpqvynfEU+tJEWfKSspY9HH2DK9Enq9aJVL4G8RbkPGbRLDB 7kjHqKPe+5SUinfxGN5tl2ekiz2oS+suw/xSkY11xdyxf8Ewcp6Qm1VpLMAjHT5r718t 8mJVH2ZwalZEP12Xwb1aPgDLUacXvbduhhrf/+vOB/kTC6+UrEK4/66Uu6dza5D60wUk XdKMWPOvBAu3vFn+8OZ88j84NgGdoz4TCl5lwhMqwkDMJFRwXQohsghCJcvZBpccRJrT u2kg3DAqSXLhae5BVx/3h86rjgjQSqAxCG+38wymkvRvt/xWPYvEagUIL2rc+zlQdPCA 4Z0w== X-Gm-Message-State: AOAM531zV0DJI72rJHz9O22K3d+f9U6y49zf17c8W3ZEa9qs34wAaS0+ SnmptIlO/OMLDrQKvXDodPhAKYV4FNx2Og== X-Google-Smtp-Source: ABdhPJwPYk3iChONXfa+47CIzmDI7uejohk3Zq5MVVgbrv8GC4eh67fEfEeAB4Q6n7mxjC/PNbZYfQ== X-Received: by 2002:a05:620a:5b7:: with SMTP id q23mr26626443qkq.386.1628618748128; Tue, 10 Aug 2021 11:05:48 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id m16sm3057415qki.19.2021.08.10.11.05.47 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Aug 2021 11:05:47 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: James Carter Subject: [PATCH 7/8] libsepol/cil: Report correct high-level language line numbers Date: Tue, 10 Aug 2021 14:05:36 -0400 Message-Id: <20210810180537.669439-8-jwcart2@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210810180537.669439-1-jwcart2@gmail.com> References: <20210810180537.669439-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org CIL supports specifiying the original high-level language file and line numbers when reporting errors. This is done through line marks and is mostly used to report the original Refpolicy file and line number for neverallow rules that have been converted to CIL. As long as the line mark remain simple, everything works fine, but the wrong line numbers will be reported with more complex nextings of line marks. Example: ;;* lms 100 file01.hll (type t1a) (allow t1a self (CLASS (PERM))) ;;* lmx 200 file02.hll (type t2a) (allow t2a self (CLASS (PERM))) ;;* lme (type t1b) (allow t1b self (CLASS (PERM))) (allow bad1b self (CLASS (PERM))) ; file01.hll:101 (Should be 106) ;;* lme The primary problem is that the tree nodes can only store one hll line number. Instead a number is needed that can be used by any number of stacked line mark sections. This number would increment line a normal line number except when in lmx sections (that have the same line number throughout the section because they represent an expansion of a line -- like the expansion of a macro call. This number can go backwards when exiting a lms section within a lmx section, because line number will increase in the lms section, but outside the lmx section, the line number did not advance. This number is called the hll_offset and this is the value that is now stored in tree nodes instead of the hll line number. To calculate the hll line number for a rule, a search is made for an ancestor of the node that is a line mark and the line number for a lms section is the hll line number stored in the line mark, plus the hll offset of the rule, minus the hll offset of the line mark node, minus one. (hll_lineno + hll_offset_rule - hll_offset_lm - 1) Signed-off-by: James Carter --- libsepol/cil/src/cil_binary.c | 9 ++-- libsepol/cil/src/cil_build_ast.c | 4 +- libsepol/cil/src/cil_copy_ast.c | 2 +- libsepol/cil/src/cil_parser.c | 74 +++++++++++++++++++------------- libsepol/cil/src/cil_tree.c | 53 +++++++++++++++-------- libsepol/cil/src/cil_tree.h | 4 +- 6 files changed, 90 insertions(+), 56 deletions(-) diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c index 2b65c622..43c37fc2 100644 --- a/libsepol/cil/src/cil_binary.c +++ b/libsepol/cil/src/cil_binary.c @@ -4480,7 +4480,8 @@ static avrule_t *__cil_init_sepol_avrule(uint32_t kind, struct cil_tree_node *no avrule_t *avrule; struct cil_tree_node *source_node; char *source_path; - int is_cil; + char *lm_kind; + uint32_t hll_line; avrule = cil_malloc(sizeof(avrule_t)); avrule->specified = kind; @@ -4492,11 +4493,11 @@ static avrule_t *__cil_init_sepol_avrule(uint32_t kind, struct cil_tree_node *no avrule->source_filename = NULL; avrule->source_line = node->line; - source_node = cil_tree_get_next_path(node, &source_path, &is_cil); + source_node = cil_tree_get_next_path(node, &lm_kind, &hll_line, &source_path); if (source_node) { avrule->source_filename = source_path; - if (!is_cil) { - avrule->source_line = node->hll_line; + if (lm_kind != CIL_KEY_SRC_CIL) { + avrule->source_line = hll_line + node->hll_offset - source_node->hll_offset - 1; } } diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index a0f58b1e..a5afc267 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -619,7 +619,7 @@ int cil_gen_perm_nodes(struct cil_db *db, struct cil_tree_node *current_perm, st cil_tree_node_init(&new_ast); new_ast->parent = ast_node; new_ast->line = current_perm->line; - new_ast->hll_line = current_perm->hll_line; + new_ast->hll_offset = current_perm->hll_offset; rc = cil_gen_perm(db, current_perm, new_ast, flavor, num_perms); if (rc != SEPOL_OK) { @@ -6203,7 +6203,7 @@ int __cil_build_ast_node_helper(struct cil_tree_node *parse_current, uint32_t *f ast_node->parent = ast_current; ast_node->line = parse_current->line; - ast_node->hll_line = parse_current->hll_line; + ast_node->hll_offset = parse_current->hll_offset; if (parse_current->data == CIL_KEY_BLOCK) { rc = cil_gen_block(db, parse_current, ast_node, 0); diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c index 02b9828f..34282a92 100644 --- a/libsepol/cil/src/cil_copy_ast.c +++ b/libsepol/cil/src/cil_copy_ast.c @@ -2010,7 +2010,7 @@ int __cil_copy_node_helper(struct cil_tree_node *orig, __attribute__((unused)) u new->parent = parent; new->line = orig->line; - new->hll_line = orig->hll_line; + new->hll_offset = orig->hll_offset; new->flavor = orig->flavor; new->data = data; diff --git a/libsepol/cil/src/cil_parser.c b/libsepol/cil/src/cil_parser.c index 842c327c..3ccef5d7 100644 --- a/libsepol/cil/src/cil_parser.c +++ b/libsepol/cil/src/cil_parser.c @@ -45,21 +45,21 @@ #define CIL_PARSER_MAX_EXPR_DEPTH (0x1 << 12) struct hll_info { - uint32_t hll_lineno; + uint32_t hll_offset; uint32_t hll_expand; }; -static void push_hll_info(struct cil_stack *stack, uint32_t hll_lineno, uint32_t hll_expand) +static void push_hll_info(struct cil_stack *stack, uint32_t hll_offset, uint32_t hll_expand) { struct hll_info *new = cil_malloc(sizeof(*new)); - new->hll_lineno = hll_lineno; + new->hll_offset = hll_offset; new->hll_expand = hll_expand; cil_stack_push(stack, CIL_NONE, new); } -static void pop_hll_info(struct cil_stack *stack, uint32_t *hll_lineno, uint32_t *hll_expand) +static void pop_hll_info(struct cil_stack *stack, uint32_t *hll_offset, uint32_t *hll_expand) { struct cil_stack_item *curr = cil_stack_pop(stack); struct hll_info *info; @@ -69,17 +69,17 @@ static void pop_hll_info(struct cil_stack *stack, uint32_t *hll_lineno, uint32_t } info = curr->data; *hll_expand = info->hll_expand; - *hll_lineno = info->hll_lineno; + *hll_offset = info->hll_offset; free(curr->data); } -static void create_node(struct cil_tree_node **node, struct cil_tree_node *current, uint32_t line, uint32_t hll_line, void *value) +static void create_node(struct cil_tree_node **node, struct cil_tree_node *current, uint32_t line, uint32_t hll_offset, void *value) { cil_tree_node_init(node); (*node)->parent = current; (*node)->flavor = CIL_NODE; (*node)->line = line; - (*node)->hll_line = hll_line; + (*node)->hll_offset = hll_offset; (*node)->data = value; } @@ -93,12 +93,12 @@ static void insert_node(struct cil_tree_node *node, struct cil_tree_node *curren current->cl_tail = node; } -static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno, uint32_t *hll_expand, struct cil_stack *stack, char *path) +static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_offset, uint32_t *hll_expand, struct cil_stack *stack, char *path) { char *hll_type; struct cil_tree_node *node; struct token tok; - int rc; + uint32_t prev_hll_expand, prev_hll_offset; cil_lexer_next(&tok); if (tok.type != SYMBOL) { @@ -115,19 +115,33 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno cil_log(CIL_ERR, "Line mark end without start\n"); goto exit; } - pop_hll_info(stack, hll_lineno, hll_expand); + prev_hll_expand = *hll_expand; + pop_hll_info(stack, &prev_hll_offset, hll_expand); + if (*hll_expand) { + /* This is needed when exiting an lms section within an lmx section. + * In the lms section, hll_offset will increment and then revert + * back to its previous value when going back into the lmx section. + */ + *hll_offset = prev_hll_offset; + } + if (prev_hll_expand && !*hll_expand) { + /* This is needed to count the lme at the end of an lmx section + * within an lms section (or within no hll section). + */ + (*hll_offset)++; + } *current = (*current)->parent; } else { - push_hll_info(stack, *hll_lineno, *hll_expand); + push_hll_info(stack, *hll_offset, *hll_expand); - create_node(&node, *current, tok.line, *hll_lineno, NULL); + create_node(&node, *current, tok.line, *hll_offset, NULL); insert_node(node, *current); *current = node; - create_node(&node, *current, tok.line, *hll_lineno, CIL_KEY_SRC_INFO); + create_node(&node, *current, tok.line, *hll_offset, CIL_KEY_SRC_INFO); insert_node(node, *current); - create_node(&node, *current, tok.line, *hll_lineno, hll_type); + create_node(&node, *current, tok.line, *hll_offset, hll_type); insert_node(node, *current); cil_lexer_next(&tok); @@ -136,16 +150,9 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno goto exit; } - create_node(&node, *current, tok.line, *hll_lineno, cil_strpool_add(tok.value)); + create_node(&node, *current, tok.line, *hll_offset, cil_strpool_add(tok.value)); insert_node(node, *current); - rc = cil_string_to_uint32(tok.value, hll_lineno, 10); - if (rc != SEPOL_OK) { - goto exit; - } - - *hll_expand = (hll_type == CIL_KEY_SRC_HLL_LMX) ? 1 : 0; - cil_lexer_next(&tok); if (tok.type != SYMBOL && tok.type != QSTRING) { cil_log(CIL_ERR, "Invalid line mark syntax\n"); @@ -157,8 +164,10 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno tok.value = tok.value+1; } - create_node(&node, *current, tok.line, *hll_lineno, cil_strpool_add(tok.value)); + create_node(&node, *current, tok.line, *hll_offset, cil_strpool_add(tok.value)); insert_node(node, *current); + + *hll_expand = (hll_type == CIL_KEY_SRC_HLL_LMX) ? 1 : 0; } cil_lexer_next(&tok); @@ -167,6 +176,11 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno goto exit; } + if (!*hll_expand) { + /* Need to increment because of the NEWLINE */ + (*hll_offset)++; + } + return SEPOL_OK; exit: @@ -205,7 +219,7 @@ int cil_parser(const char *_path, char *buffer, uint32_t size, struct cil_tree * struct cil_tree_node *current = NULL; char *path = cil_strpool_add(_path); struct cil_stack *stack; - uint32_t hll_lineno = 0; + uint32_t hll_offset = 1; uint32_t hll_expand = 0; struct token tok; int rc = SEPOL_OK; @@ -223,7 +237,7 @@ int cil_parser(const char *_path, char *buffer, uint32_t size, struct cil_tree * cil_lexer_next(&tok); switch (tok.type) { case HLL_LINEMARK: - rc = add_hll_linemark(¤t, &hll_lineno, &hll_expand, stack, path); + rc = add_hll_linemark(¤t, &hll_offset, &hll_expand, stack, path); if (rc != SEPOL_OK) { goto exit; } @@ -234,7 +248,7 @@ int cil_parser(const char *_path, char *buffer, uint32_t size, struct cil_tree * cil_log(CIL_ERR, "Number of open parenthesis exceeds limit of %d at line %d of %s\n", CIL_PARSER_MAX_EXPR_DEPTH, tok.line, path); goto exit; } - create_node(&node, current, tok.line, hll_lineno, NULL); + create_node(&node, current, tok.line, hll_offset, NULL); insert_node(node, current); current = node; break; @@ -256,12 +270,12 @@ int cil_parser(const char *_path, char *buffer, uint32_t size, struct cil_tree * goto exit; } - create_node(&node, current, tok.line, hll_lineno, cil_strpool_add(tok.value)); + create_node(&node, current, tok.line, hll_offset, cil_strpool_add(tok.value)); insert_node(node, current); break; case NEWLINE : if (!hll_expand) { - hll_lineno++; + hll_offset++; } break; case COMMENT: @@ -269,7 +283,7 @@ int cil_parser(const char *_path, char *buffer, uint32_t size, struct cil_tree * cil_lexer_next(&tok); } if (!hll_expand) { - hll_lineno++; + hll_offset++; } if (tok.type != END_OF_FILE) { break; @@ -306,7 +320,7 @@ int cil_parser(const char *_path, char *buffer, uint32_t size, struct cil_tree * exit: while (!cil_stack_is_empty(stack)) { - pop_hll_info(stack, &hll_lineno, &hll_expand); + pop_hll_info(stack, &hll_offset, &hll_expand); } cil_lexer_destroy(); cil_stack_destroy(&stack); diff --git a/libsepol/cil/src/cil_tree.c b/libsepol/cil/src/cil_tree.c index 52b28999..4fdf339d 100644 --- a/libsepol/cil/src/cil_tree.c +++ b/libsepol/cil/src/cil_tree.c @@ -50,10 +50,12 @@ __attribute__((noreturn)) __attribute__((format (printf, 1, 2))) void cil_tree_e exit(1); } -struct cil_tree_node *cil_tree_get_next_path(struct cil_tree_node *node, char **path, int* is_cil) +struct cil_tree_node *cil_tree_get_next_path(struct cil_tree_node *node, char **info_kind, uint32_t *hll_line, char **path) { + int rc; + if (!node) { - return NULL; + goto exit; } node = node->parent; @@ -62,16 +64,21 @@ struct cil_tree_node *cil_tree_get_next_path(struct cil_tree_node *node, char ** if (node->flavor == CIL_NODE && node->data == NULL) { if (node->cl_head->data == CIL_KEY_SRC_INFO && node->cl_head->next != NULL && node->cl_head->next->next != NULL) { /* Parse Tree */ - *path = node->cl_head->next->next->data; - *is_cil = (node->cl_head->next->data == CIL_KEY_SRC_CIL); + *info_kind = node->cl_head->next->data; + rc = cil_string_to_uint32(node->cl_head->next->next->data, hll_line, 10); + if (rc != SEPOL_OK) { + goto exit; + } + *path = node->cl_head->next->next->next->data; return node; } node = node->parent; } else if (node->flavor == CIL_SRC_INFO) { /* AST */ struct cil_src_info *info = node->data; + *info_kind = info->kind; + *hll_line = info->hll_line; *path = info->path; - *is_cil = (info->kind == CIL_KEY_SRC_CIL); return node; } else { if (node->flavor == CIL_CALL) { @@ -86,17 +93,22 @@ struct cil_tree_node *cil_tree_get_next_path(struct cil_tree_node *node, char ** } } +exit: + *info_kind = NULL; + *hll_line = 0; + *path = NULL; return NULL; } char *cil_tree_get_cil_path(struct cil_tree_node *node) { - char *path = NULL; - int is_cil; + char *info_kind; + uint32_t hll_line; + char *path; while (node) { - node = cil_tree_get_next_path(node, &path, &is_cil); - if (node && is_cil) { + node = cil_tree_get_next_path(node, &info_kind, &hll_line, &path); + if (node && info_kind == CIL_KEY_SRC_CIL) { return path; } } @@ -114,8 +126,7 @@ __attribute__((format (printf, 3, 4))) void cil_tree_log(struct cil_tree_node *n if (node) { char *path = NULL; - int is_cil; - unsigned hll_line = node->hll_line; + uint32_t hll_offset = node->hll_offset; path = cil_tree_get_cil_path(node); @@ -124,12 +135,20 @@ __attribute__((format (printf, 3, 4))) void cil_tree_log(struct cil_tree_node *n } while (node) { - node = cil_tree_get_next_path(node, &path, &is_cil); - if (node && !is_cil) { + do { + char *info_kind; + uint32_t hll_line; + + node = cil_tree_get_next_path(node, &info_kind, &hll_line, &path); + if (!node || info_kind == CIL_KEY_SRC_CIL) { + break; + } + if (info_kind == CIL_KEY_SRC_HLL_LMS) { + hll_line += hll_offset - node->hll_offset - 1; + } + cil_log(lvl," from %s:%d", path, hll_line); - path = NULL; - hll_line = node->hll_line; - } + } while (1); } } @@ -222,7 +241,7 @@ void cil_tree_node_init(struct cil_tree_node **node) new_node->next = NULL; new_node->flavor = CIL_ROOT; new_node->line = 0; - new_node->hll_line = 0; + new_node->hll_offset = 0; *node = new_node; } diff --git a/libsepol/cil/src/cil_tree.h b/libsepol/cil/src/cil_tree.h index f4d22071..5a98da55 100644 --- a/libsepol/cil/src/cil_tree.h +++ b/libsepol/cil/src/cil_tree.h @@ -46,11 +46,11 @@ struct cil_tree_node { struct cil_tree_node *next; //Each element in the list points to the next element enum cil_flavor flavor; uint32_t line; - uint32_t hll_line; + uint32_t hll_offset; void *data; }; -struct cil_tree_node *cil_tree_get_next_path(struct cil_tree_node *node, char **path, int* is_cil); +struct cil_tree_node *cil_tree_get_next_path(struct cil_tree_node *node, char **info_kind, uint32_t *hll_line, char **path); char *cil_tree_get_cil_path(struct cil_tree_node *node); __attribute__((format (printf, 3, 4))) void cil_tree_log(struct cil_tree_node *node, enum cil_log_level lvl, const char* msg, ...); From patchwork Tue Aug 10 18:05:37 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12429337 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4989DC4320A for ; Tue, 10 Aug 2021 18:22:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3065D60231 for ; Tue, 10 Aug 2021 18:22:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235145AbhHJSWV (ORCPT ); Tue, 10 Aug 2021 14:22:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60436 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237318AbhHJSWD (ORCPT ); Tue, 10 Aug 2021 14:22:03 -0400 Received: from mail-qv1-xf31.google.com (mail-qv1-xf31.google.com [IPv6:2607:f8b0:4864:20::f31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9BC8DC07AF68 for ; Tue, 10 Aug 2021 11:05:49 -0700 (PDT) Received: by mail-qv1-xf31.google.com with SMTP id f91so11394444qva.9 for ; Tue, 10 Aug 2021 11:05:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=AiO72huJQy7Bs+73rWGgr0uqHOoZ+eQpEEolz2qCGjI=; b=J6wvwW1ZojjLe2NPrfZZRxEUcd7jwpGC5i00/Gfv5UH+LpsYpO9rHDWDvqJcJCV2WP marbUEtlgNUInB6R20Jmn0Lb/wA+MMtVtqP08tYEqbrwne1wHmf/G6+ojr5Vy9sQL8aE EjilUqI65qAFRN7/UZB+immHcA/A24754o8t8JXIKKmFHTppimmqYp3LyDIFhamdCC7K /mZ0hIrbmnHFIDbQT2Fxa4Mjrj/8mdEMB8W1qagNLCBcNgV4TPuOJXSVHwztayyXgTis MY9c4mX9/PLfRtZxrsA7qtZkFA2fFD4wMV2UzBTftOhENJ4Wz05RE/+i0jjAGCikVrgX ZvrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=AiO72huJQy7Bs+73rWGgr0uqHOoZ+eQpEEolz2qCGjI=; b=f8TgUkCW5+6At/eUcvYMxlZmnPtfGwg82uIQZ1xy71pgwCzd82kb0LAp8tyrK/XCYI u3ywHA68GzmF+8N+RjFtu2US6CGODOIkpTpswqcEPEsQdfMbGItbag/HYjCNX6M8uSxy L2yxX0XsdHm9mhpNzJjKOfyCxYIYaWPie+7wIs8xLC9N1jwwUwH1KwkwyzDzHIamF3U5 NhvJLP97+PMftHIIwy1Wx+RzvjitHqnLCh6V8fUyEIKbYG6cixa+vq8uykGNySTQ44/O 4BIERbqFjhsGVlW4LEyU4R3BVoHMhIperBp8900XEH5aFknJ+65t6X9o3cWKGh9yTo4d o/Kw== X-Gm-Message-State: AOAM532n86SHF8AlpZNWJ3a6yVJGvOhPD/9qe2Do0eCaHfj7GvC3lc1v 7W9Y35bc1PsXzhX7I19ef7tcpFdF4cpfhQ== X-Google-Smtp-Source: ABdhPJyPu4Iu4hoNfeAcWpoGosODsJ0snkJHa95/e6Gv+VA5sNSlyMj9HsL5zPRnMHw9b7AXjcKUfw== X-Received: by 2002:a0c:b408:: with SMTP id u8mr19439972qve.33.1628618748741; Tue, 10 Aug 2021 11:05:48 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id m16sm3057415qki.19.2021.08.10.11.05.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Aug 2021 11:05:48 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: James Carter Subject: [PATCH 8/8] libsepol/cil: When writing AST use line marks for src_info nodes Date: Tue, 10 Aug 2021 14:05:37 -0400 Message-Id: <20210810180537.669439-9-jwcart2@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210810180537.669439-1-jwcart2@gmail.com> References: <20210810180537.669439-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org In order to retain as much information as possible, when writing out the CIL AST, use line mark notation to write out src_info nodes. This includes using line marks to denote the original CIL files the AST comes from. The line numbers will not always be exactly correct because any blank lines and comments in the original files will not be represented in the AST. Line marks are not written for the parse tree because the line numbers will be widely inaccurate since each token will be on a different line. Signed-off-by: James Carter --- libsepol/cil/src/cil_write_ast.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/libsepol/cil/src/cil_write_ast.c b/libsepol/cil/src/cil_write_ast.c index 186070c1..d7f00bcc 100644 --- a/libsepol/cil/src/cil_write_ast.c +++ b/libsepol/cil/src/cil_write_ast.c @@ -546,6 +546,18 @@ static const char *macro_param_flavor_to_string(enum cil_flavor flavor) return str; } +void cil_write_src_info_node(FILE *out, struct cil_tree_node *node) +{ + struct cil_src_info *info = node->data; + if (info->kind == CIL_KEY_SRC_CIL || info->kind == CIL_KEY_SRC_HLL_LMS) { + fprintf(out, ";;* lms %u %s\n", info->hll_line, info->path); + } else if (info->kind == CIL_KEY_SRC_HLL_LMX) { + fprintf(out, ";;* lmx %u %s\n", info->hll_line, info->path); + } else { + fprintf(out, ";;* %u %s\n", info->hll_line, info->path); + } +} + void cil_write_ast_node(FILE *out, struct cil_tree_node *node) { if (!node->data) { @@ -1508,8 +1520,10 @@ static int __write_cil_ast_node_helper(struct cil_tree_node *node, uint32_t *fin { struct cil_write_ast_args *args = extra_args; - if (node->flavor == CIL_SRC_INFO) + if (node->flavor == CIL_SRC_INFO) { + cil_write_src_info_node(args->out, node); return SEPOL_OK; + } fprintf(args->out, "%*s", args->depth*4, ""); @@ -1539,7 +1553,10 @@ static int __write_cil_ast_last_child_helper(struct cil_tree_node *node, void *e struct cil_write_ast_args *args = extra_args; struct cil_tree_node *parent = node->parent; - if (parent->flavor == CIL_SRC_INFO || parent->flavor == CIL_ROOT) { + if (parent->flavor == CIL_ROOT) { + return SEPOL_OK; + } else if (parent->flavor == CIL_SRC_INFO) { + fprintf(args->out, ";;* lme\n"); return SEPOL_OK; }