From patchwork Mon Aug 16 19:57:46 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12439179 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DDBA0C4320A for ; Mon, 16 Aug 2021 19:58:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C875260F38 for ; Mon, 16 Aug 2021 19:58:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231243AbhHPT6d (ORCPT ); Mon, 16 Aug 2021 15:58:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56746 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229802AbhHPT6b (ORCPT ); Mon, 16 Aug 2021 15:58:31 -0400 Received: from mail-qv1-xf2a.google.com (mail-qv1-xf2a.google.com [IPv6:2607:f8b0:4864:20::f2a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0B670C0613C1 for ; Mon, 16 Aug 2021 12:57:59 -0700 (PDT) Received: by mail-qv1-xf2a.google.com with SMTP id g11so1185066qvd.2 for ; Mon, 16 Aug 2021 12:57:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=xpxPrrTiM5SRC2n12ZPGSGD0+g4rIv6oPky8lykdC70=; b=um9hgn/4nnAcXov+PAuHQUb7rvIICe/CFnsMFz9Nrt1Z7y3voBRUu6y2V1icnvFB49 xUV3Hm41r0MNLMPrDuzRiEJISr4YQVy7qL/EwZTPVs07iOaDnXJ7RZlb69pT9+6rnjML wykkvaGCUkrgWnTc3ixtmTkSXSRVayTtb6zOoKFBvvO4BoqLW7yrQDbecwXVTuCT9YXE 25OJWFt4BgQNqOmuOzKoIo2T+sojWqONePkReKIXyMm/enf1nfW3WzvYe/N75DqtDL9W PlKM0m6vJOE9nWdErxvhrO4Z1MZGeEWklrUWLRFjpzbrvfePMXSutN3Q5ZxqZwnhCOCC T3tA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=xpxPrrTiM5SRC2n12ZPGSGD0+g4rIv6oPky8lykdC70=; b=accgTQz+nSqTsPevwLa2WldbkmlyvHJYBIdAK62rgbRFP9qkRsZ0lLQdjCyJx8W85O ABEIgIuyHyJmvxgEuisV/xSIml3yF8YBHIopA3AJvXG70IckdTO8JPurgrvWaxmwpAdj shao28FrPaSUuyou4aUAYuf2l6DFSqYNbyU04J+StOGW/rQzM6CQCZglgo+OfWEdqA9M bZuh9LVymxvi9jv4q6Zfpl8Dct3A+B7tlUul0036Iz4r0ufvjkVHGbQjYHD8ag51eh36 5hE3oWQn0HtDOjBBuDBOE/mYijAh0Pao4Wt9GLZIk1pJpeFy5QljYqz+cYjaU0/FVqBS X8Tg== X-Gm-Message-State: AOAM533aXKbqVniDjTixDqL2D40pRm2dBpwVMbHFxZdnBA0v9hf5JeuD S8Vb5wU1U3BFWmud03ogRSLIYV52UnlIIA== X-Google-Smtp-Source: ABdhPJyTZhi9dvdVK2lP/kGKklw4Eh3Q+9pZI+zJ75NDLyxFFBL00xjpYGAD0F2xVVqaRt1fw2RQoQ== X-Received: by 2002:a0c:fe6a:: with SMTP id b10mr480956qvv.6.1629143878102; Mon, 16 Aug 2021 12:57:58 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id f11sm135147qtf.45.2021.08.16.12.57.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Aug 2021 12:57:57 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: nicolas.iooss@m4x.org, James Carter Subject: [PATCH 1/7 v2] libsepol/cil: Check syntax of src_info statement Date: Mon, 16 Aug 2021 15:57:46 -0400 Message-Id: <20210816195752.923028-2-jwcart2@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210816195752.923028-1-jwcart2@gmail.com> References: <20210816195752.923028-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Every rule other than src_info has their syntax checked when building the AST. It wasn't considered necessary for src_info rules because they were expected to always be generated by the parser and aren't part of the CIL language. But there is no check preventing them from occurring in a policy and the secilc fuzzer found some bugs by using src_info rules in a policy. This caused some syntax checking to be added. Since the parse AST from secil2tree will contain src_info rules and since the goal is to be able to compile the output of secil2tree, it makes sense to check the syntax of src_info rules in the same way that all of the other rules are checked. Check the syntax of src_info statements in the same way every other rule is checked. Signed-off-by: James Carter --- libsepol/cil/src/cil_build_ast.c | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index 9da90883..5e65a266 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -6075,12 +6075,24 @@ void cil_destroy_mls(struct cil_mls *mls) int cil_gen_src_info(struct cil_tree_node *parse_current, struct cil_tree_node *ast_node) { - /* No need to check syntax, because this is auto generated */ + int rc = SEPOL_ERR; + enum cil_syntax syntax[] = { + CIL_SYN_STRING, + CIL_SYN_STRING, + CIL_SYN_STRING, + CIL_SYN_N_LISTS | CIL_SYN_END, + CIL_SYN_END + }; + int syntax_len = sizeof(syntax)/sizeof(*syntax); struct cil_src_info *info = NULL; - if (parse_current->next == NULL || parse_current->next->next == NULL) { - cil_tree_log(parse_current, CIL_ERR, "Bad "); - return SEPOL_ERR; + if (parse_current == NULL || ast_node == NULL) { + goto exit; + } + + rc = __cil_verify_syntax(parse_current, syntax, syntax_len); + if (rc != SEPOL_OK) { + goto exit; } cil_src_info_init(&info); @@ -6092,6 +6104,10 @@ int cil_gen_src_info(struct cil_tree_node *parse_current, struct cil_tree_node * ast_node->flavor = CIL_SRC_INFO; return SEPOL_OK; + +exit: + cil_tree_log(parse_current, CIL_ERR, "Bad src info"); + return rc; } void cil_destroy_src_info(struct cil_src_info *info) From patchwork Mon Aug 16 19:57:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12439183 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id E2F59C4320A for ; Mon, 16 Aug 2021 19:58:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CA1DD60EE0 for ; Mon, 16 Aug 2021 19:58:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230481AbhHPT6f (ORCPT ); Mon, 16 Aug 2021 15:58:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56752 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230026AbhHPT6c (ORCPT ); Mon, 16 Aug 2021 15:58:32 -0400 Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7E55FC0613CF for ; Mon, 16 Aug 2021 12:57:59 -0700 (PDT) Received: by mail-qk1-x734.google.com with SMTP id 14so20422725qkc.4 for ; Mon, 16 Aug 2021 12:57:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=BjBl9mguH+i1u3Ey1Gjg/Kzz47+b97m7foNy6YKoWBA=; b=Xyi/x2nQuXIybBkmgPELz2+nAGVWey2k06biGuigLsVzSAGe7iTpZn7q/3xSy81uLe 6oFpS00EHC5f5OFXq/3jEwX0QjQE5Frk2xyBtkRPdhxwXgbuv4o/8VssX0IPztph1x5N fIydaLHctoerJiu1ZzyKeLve96fzFbG7FQZyL1sVOIcz0o6XkO3P+1v+NKR/WEzXW0h2 EKjbkpisSAHKY6eVU5M340lga0Y/cq7vQpT5eGXLKkxN08TKV7AdfcQU/da8MIgN8B71 3vytu/e2p9OYAsvxbkJGRWRRQ8oElNaMqElqxLI+87QIjQCDCsu3MZJJmL4vnc9AR0KQ v/7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=BjBl9mguH+i1u3Ey1Gjg/Kzz47+b97m7foNy6YKoWBA=; b=HK21lg+dCzG+YJrfB/RpC6vtTceJTwfaDTt+Rj8E5VSruXlRCHax0OGd4F7pYQERre p471lMpvJCcT/4YCT/+XqNg0p0QJEu6CZhYaRnF+I0A1lFn9avNoAOEsDi7M2jNP8KlR 8c7IvpHzbO47wuU3TA1CJmwvCttCzC2aN5CE5NyZUXHN+ug7ZD6fplINn/bHIzhVx+zd ycMCp0p2t7cOg6LibitGAoHjJIYktFaiAiw+3n5p/4qw57YFs/9uEhpYQE1rgTHgszqK 027ER07fUAO3ZwsZl1sZU1cL10WdvC5aYWwAgL5c2B7x8t8UY4MV6qCn2ghPGrSDxWoW Vw6Q== X-Gm-Message-State: AOAM532DN0jduyHV0jUsPugQrCA6DunhEclaBzM1MKDtE5PPavhIzlJt ylhXE3rMVgM+J73YEu0jTXZnLBxVsS2pbw== X-Google-Smtp-Source: ABdhPJz7AssQNM3WsS8ipMGsxYTdiZxxQm0cl9GLXbz6h5HEufpJs37TCQp6Ius6QoxaKr9FwffyVg== X-Received: by 2002:ae9:c015:: with SMTP id u21mr1566qkk.205.1629143878640; Mon, 16 Aug 2021 12:57:58 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id f11sm135147qtf.45.2021.08.16.12.57.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Aug 2021 12:57:58 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: nicolas.iooss@m4x.org, James Carter Subject: [PATCH 2/7 v2] libsepol/cil: Check the token type after getting the next token Date: Mon, 16 Aug 2021 15:57:47 -0400 Message-Id: <20210816195752.923028-3-jwcart2@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210816195752.923028-1-jwcart2@gmail.com> References: <20210816195752.923028-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org In add_hll_linemark(), cil_lexer_next() is called and the token type is not checked after the call for the expected type (SYMBOL). Check that the token type is SYMBOL after calling cil_lexer_next(). Signed-off-by: James Carter --- libsepol/cil/src/cil_parser.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libsepol/cil/src/cil_parser.c b/libsepol/cil/src/cil_parser.c index fb95f401..fc90caec 100644 --- a/libsepol/cil/src/cil_parser.c +++ b/libsepol/cil/src/cil_parser.c @@ -111,6 +111,10 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno unsigned long val; cil_lexer_next(&tok); + if (tok.type != SYMBOL) { + cil_log(CIL_ERR, "Invalid line mark syntax\n"); + goto exit; + } hll_type = cil_strpool_add(tok.value); if (hll_type == CIL_KEY_HLL_LME) { if (cil_stack_is_empty(stack)) { From patchwork Mon Aug 16 19:57:48 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12439181 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 76D0EC4338F for ; Mon, 16 Aug 2021 19:58:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 52A1860F38 for ; Mon, 16 Aug 2021 19:58:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231331AbhHPT6e (ORCPT ); Mon, 16 Aug 2021 15:58:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56754 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230481AbhHPT6c (ORCPT ); Mon, 16 Aug 2021 15:58:32 -0400 Received: from mail-qv1-xf31.google.com (mail-qv1-xf31.google.com [IPv6:2607:f8b0:4864:20::f31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 16181C061796 for ; Mon, 16 Aug 2021 12:58:00 -0700 (PDT) Received: by mail-qv1-xf31.google.com with SMTP id v1so9943519qva.7 for ; Mon, 16 Aug 2021 12:58:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=4umRkcaGpCtbzgqA5jpMX6247ba4PQmUVExObBh0Pr8=; b=tG6ftrXW1TCOMIEavf4w9uemXGdpsKLdquvoq4YwaWWsEWWrr9i5nJ26tbL3j0Eznk VrYf1Ai09bbBup2nAqO7ZJDc5nRQw3PXMb4BfovsHSi3HmLqdC3saNJ6Fz44H1T2zC9y cC+du10XB8Jh8yP/nDOCC6EazrfUNrK+oQWCX+Q2qLMORJYnvrYqFH7WxWAs4pVh8XsU x2WpYTDmTBkePx+I/pOraRHb23t1/2kqWWL7YpP0aSmnYgNWTS1oIpB8/Vbqbz+Zai4r FTx4IePZADtSQsACO6CFXgti5Rc8ONsu5i1AE8pdFuGTLoaleMV7Kb7m5ao2R15PTz4j hl2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=4umRkcaGpCtbzgqA5jpMX6247ba4PQmUVExObBh0Pr8=; b=oXE74f5uOpqTaBomhDRsnwpP5QNtBHFy06k2R9pctpWGYIoyuQ3Vc27uedBxfIlgQP FJXq/yA9MLfXKoY9IL0W24sIz2oR87lJVFhHU876eILUQXAKzp8Qlg6eiU0IqX5wTwvx ZQr8PJYeK/+K3IV/IeVs+V6EgApx3b3WFYhvlh8ZbTLYYyZcaIUGEJhQIPqMFm7H396E uq1AvS0ir1yvahY4M00E8X/jfFzqAVjBAmYE7DcLy1x1Nl4ERO5K9nTfq8Mrpgx7UBDx wbxZLFoyRN8pisRSrs/g/2DPmcvu1Zu/K2swJU56GW56gy/NH4UFSsGLjHHkXJLTNJ9F EcnQ== X-Gm-Message-State: AOAM533QUB0DfPZSwwucCdDj8wixgOqjkjgBpk+hmglTlUjfZvx0akWc 7jb6opoVxXxKvRnF3QX5FV8Wy1ZQkmmI1A== X-Google-Smtp-Source: ABdhPJy8z0lHMT51anwy95Nv8Dqu/mQNGGMUhDpMET0s9+EMsyKsCjoNhA0RuHQ/tJX9ZMo4f5Ekqg== X-Received: by 2002:a05:6214:508:: with SMTP id v8mr375667qvw.33.1629143879164; Mon, 16 Aug 2021 12:57:59 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id f11sm135147qtf.45.2021.08.16.12.57.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Aug 2021 12:57:58 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: nicolas.iooss@m4x.org, James Carter Subject: [PATCH 3/7 v2] libsepol/cil: Check for valid line mark type immediately Date: Mon, 16 Aug 2021 15:57:48 -0400 Message-Id: <20210816195752.923028-4-jwcart2@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210816195752.923028-1-jwcart2@gmail.com> References: <20210816195752.923028-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org It clearer to check that the line mark type is a valid option right after getting the token. Check that the line mark type is one of the expected values right awasy. Signed-off-by: James Carter --- libsepol/cil/src/cil_parser.c | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/libsepol/cil/src/cil_parser.c b/libsepol/cil/src/cil_parser.c index fc90caec..24386f60 100644 --- a/libsepol/cil/src/cil_parser.c +++ b/libsepol/cil/src/cil_parser.c @@ -116,6 +116,10 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno goto exit; } hll_type = cil_strpool_add(tok.value); + if (hll_type != CIL_KEY_HLL_LME && hll_type != CIL_KEY_HLL_LMS && hll_type != CIL_KEY_HLL_LMX) { + cil_log(CIL_ERR, "Invalid line mark syntax\n"); + goto exit; + } if (hll_type == CIL_KEY_HLL_LME) { if (cil_stack_is_empty(stack)) { cil_log(CIL_ERR, "Line mark end without start\n"); @@ -134,15 +138,6 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno create_node(&node, *current, tok.line, *hll_lineno, CIL_KEY_SRC_HLL); insert_node(node, *current); - if (hll_type == CIL_KEY_HLL_LMS) { - *hll_expand = 0; - } else if (hll_type == CIL_KEY_HLL_LMX) { - *hll_expand = 1; - } else { - cil_log(CIL_ERR, "Invalid line mark syntax\n"); - goto exit; - } - cil_lexer_next(&tok); if (tok.type != SYMBOL) { cil_log(CIL_ERR, "Invalid line mark syntax\n"); @@ -161,6 +156,7 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno } #endif *hll_lineno = val; + *hll_expand = (hll_type == CIL_KEY_HLL_LMX) ? 1 : 0; push_hll_info(stack, *hll_lineno, *hll_expand); From patchwork Mon Aug 16 19:57:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12439185 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 52E16C432BE for ; Mon, 16 Aug 2021 19:58:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 38EBA60F38 for ; Mon, 16 Aug 2021 19:58:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230026AbhHPT6h (ORCPT ); Mon, 16 Aug 2021 15:58:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56756 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230515AbhHPT6c (ORCPT ); Mon, 16 Aug 2021 15:58:32 -0400 Received: from mail-qk1-x72f.google.com (mail-qk1-x72f.google.com [IPv6:2607:f8b0:4864:20::72f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8C357C06179A for ; Mon, 16 Aug 2021 12:58:00 -0700 (PDT) Received: by mail-qk1-x72f.google.com with SMTP id n11so15585552qkk.1 for ; Mon, 16 Aug 2021 12:58:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=dkeGITQYfGBZQHpR8sGcb4cqda0IhnWGymJDLCWT4fg=; b=cPdOx1kLKus0ldyf9OB24G2mQeQA59ViSTVxVFE6QH5ENKP+qadyRJ8ZogqR7aBc11 9svcA3cqnmy3LBXCmW5N9CyWecDEtwlc+rIh/Vna1TIUxmm5XL9/DA2Gacw/Lia1Pq2g SCwqOm8D4AJkpwlXS2TZHOMRIIoNUskX+tDeNhPPPXMolzMTUVb9X79WLqLbXtX/tSg8 kJf8CtDAcwYno2T2gNmMa33wjX9ZzXCMqMrElH6slzWy7dSeZcVKz7civxcnyRp9cSt4 w6f9zAZYo4Tuv0IygqB7DF/1QJ1lEkNkCt0f3K+SKjmw/f64iKBgrIVAlKncYj011L/K 76dQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=dkeGITQYfGBZQHpR8sGcb4cqda0IhnWGymJDLCWT4fg=; b=nQwYvzcN9oRDgoiSu6pm2iL5U5dil78kjYBpd0yxVkmZEL0aVlfA6Xwht4Uf4zvZn+ uI6PY1ZGC1HDXCtEMpnHkDmtd8fyIjHBQflt7ZehLOGxPqxd5olnqjOdpHRnIyYrz9/H JJQOu0YbvEqS3U1z5OHbnS7mv1Rp8wa9t6SYs9TYpc84y+cPHxJIvvEnQy6b7iVBq9u8 iJy1zGqgE3bePkXqx46RDmffGPQIk+31muzKeAM8+ehhqKpPY/txgAKPU/zWBqwtur4l O0z+v2ClQBEXp7tJugE9x96e4xVNPx4qlVPPURKcaKfGGsMfCJFfZ+cJ+QV7xn8CK0Go AH4w== X-Gm-Message-State: AOAM532WDiX4zRorpIIPXo6HK7Hj3Gu3iff0CIuUhSPDI0EvrIknGMVy ezgKYkRGaX46QOSJWDycb2GzBgQh1ixEJg== X-Google-Smtp-Source: ABdhPJw2jy4cbZQPbX+eCA1Ntcr6qNSjKNdAt/SjMSsaA/I3dxbHIT8KBjvmc1zkViGku6m4HuiMCg== X-Received: by 2002:a37:5dc2:: with SMTP id r185mr38373qkb.186.1629143879706; Mon, 16 Aug 2021 12:57:59 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id f11sm135147qtf.45.2021.08.16.12.57.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Aug 2021 12:57:59 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: nicolas.iooss@m4x.org, James Carter Subject: [PATCH 4/7 v4] libsepol/cil: Push line mark state first when processing a line mark Date: Mon, 16 Aug 2021 15:57:49 -0400 Message-Id: <20210816195752.923028-5-jwcart2@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210816195752.923028-1-jwcart2@gmail.com> References: <20210816195752.923028-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org CIL line mark rules are used to annotate the original line and file of a rule. It is mostly used for neverallow rules that have been converted to CIL. Pushing the current line mark state after processing a line mark section does not make sense since that information is never used. When the line mark section ends the information is just popped and discarded. It also makes pop_hll_info() more complicated than it needs to be. Push the line mark state first and simplfy pop_hll_info(). Signed-off-by: James Carter --- libsepol/cil/src/cil_parser.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/libsepol/cil/src/cil_parser.c b/libsepol/cil/src/cil_parser.c index 24386f60..d36ffc49 100644 --- a/libsepol/cil/src/cil_parser.c +++ b/libsepol/cil/src/cil_parser.c @@ -66,19 +66,15 @@ static void push_hll_info(struct cil_stack *stack, uint32_t hll_lineno, uint32_t static void pop_hll_info(struct cil_stack *stack, uint32_t *hll_lineno, uint32_t *hll_expand) { struct cil_stack_item *curr = cil_stack_pop(stack); - struct cil_stack_item *prev = cil_stack_peek(stack); - struct hll_info *old; + struct hll_info *info; - free(curr->data); - - if (!prev) { - *hll_lineno = 0; - *hll_expand = 0; - } else { - old = prev->data; - *hll_lineno = old->hll_lineno; - *hll_expand = old->hll_expand; + if (!curr) { + return; } + info = curr->data; + *hll_expand = info->hll_expand; + *hll_lineno = info->hll_lineno; + free(curr->data); } static void create_node(struct cil_tree_node **node, struct cil_tree_node *current, uint32_t line, uint32_t hll_line, void *value) @@ -128,6 +124,8 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno pop_hll_info(stack, hll_lineno, hll_expand); *current = (*current)->parent; } else { + push_hll_info(stack, *hll_lineno, *hll_expand); + create_node(&node, *current, tok.line, *hll_lineno, NULL); insert_node(node, *current); *current = node; @@ -158,8 +156,6 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno *hll_lineno = val; *hll_expand = (hll_type == CIL_KEY_HLL_LMX) ? 1 : 0; - push_hll_info(stack, *hll_lineno, *hll_expand); - cil_lexer_next(&tok); if (tok.type != SYMBOL && tok.type != QSTRING) { cil_log(CIL_ERR, "Invalid line mark syntax\n"); From patchwork Mon Aug 16 19:57:50 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12439189 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 99A3DC43214 for ; Mon, 16 Aug 2021 19:58:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 842E860EE0 for ; Mon, 16 Aug 2021 19:58:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230515AbhHPT6h (ORCPT ); Mon, 16 Aug 2021 15:58:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56758 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229587AbhHPT6d (ORCPT ); Mon, 16 Aug 2021 15:58:33 -0400 Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 20D05C061764 for ; Mon, 16 Aug 2021 12:58:01 -0700 (PDT) Received: by mail-qk1-x734.google.com with SMTP id t66so20474932qkb.0 for ; Mon, 16 Aug 2021 12:58:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=4ZC1tyUSk/p8+1UGVwk/XDXPP/x2DbNbs/fWgrSLz+Y=; b=Dz5iwmP04PXTb63vbAHojHUwNLfoUMCM3tmHfxEevOYE0uezGWz7F1RxuGk0qdeW/+ nn7pu/J8YrN9K37ZTeC8NBpGE9zM0PHoOhDD8uxIEfHqvIHl+y5DHWm25C7e8YU70bvg dxoloxZw16anUYeo3mS7oRTJVUtx3Os5QIkwxuCuN6cm7ftMXDFn5I83M3ymVPpUqxvI cIea5qIOAHPNfjQ98XW9MdGwJgFSzjpMKzQXm19Hgp4LcW/eXsU+4NRYOAzcpz6fIAB0 qEzT+Jr1SxzNm2y/1Pb37olYvfq4ndzvGVxIfZgDQvQ81ue944rhrc1Be1eGQXfG/dP0 VirQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=4ZC1tyUSk/p8+1UGVwk/XDXPP/x2DbNbs/fWgrSLz+Y=; b=KvjmgqJMhg+oT7j458gajnKo0PI3GXN1un9svJekO8d048ADIu55vXAXU5/cnpeWc1 7pJYjfmW7s28gT2Q6saaVJ1YEhL2iVJa5xIF6KQ99ruKU8wCNFwnGJEBTSAWeNcl9s+B QJ2hnaqlw+TUGkPsvVA7SZHv44nOLeeWW09QV4u5VcIF0KBzzVKvypzdwErRIQMhZmY0 aw4jlSgALRMKKoQnHi7/1c09LULIi0BaKpfvUF6I+nQNS+82gdhyJj7JXBlq0fQZKBvK uZAs99zBsW8PRcUzg7Gs6hWGCNs3w9ojFCuDbLbbj5avQt9YfwFMd87VMR/Ee13giIz6 wI3g== X-Gm-Message-State: AOAM533y9ZZzEVI6YHkgXAooZI92NYR5Y6haVmoF593hdQR1g86BgJU5 RNNFsUJW0Uo1qODrJmsF0M3dZO5ITucEaA== X-Google-Smtp-Source: ABdhPJwbr7x7R1KF7h3FHPCmK6xfA3sEd/8Wqhw3Yq9l0+9K3yU7lVwPNctmIzDAOMTVI9Cb2x6iFQ== X-Received: by 2002:a37:a80c:: with SMTP id r12mr621252qke.299.1629143880241; Mon, 16 Aug 2021 12:58:00 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id f11sm135147qtf.45.2021.08.16.12.57.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Aug 2021 12:58:00 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: nicolas.iooss@m4x.org, James Carter Subject: [PATCH 5/7 v2] libsepol/cil: Create common string-to-unsigned-integer functions Date: Mon, 16 Aug 2021 15:57:50 -0400 Message-Id: <20210816195752.923028-6-jwcart2@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210816195752.923028-1-jwcart2@gmail.com> References: <20210816195752.923028-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org The functions cil_fill_integer() and cil_fill_integer64() exist in cil_build_ast.c, but these functions take a node and it would be better to have a function that can be used in add_hll_linemark() so that the common functinality is in one place. Create cil_string_to_uint32() and cil_string_to_uint64() and use these functions in cil_fill_integer(), cil_fill_integer64(), and add_hll_linemark(). Signed-off-by: James Carter --- libsepol/cil/src/cil.c | 57 ++++++++++++++++++++++++++++++++ libsepol/cil/src/cil_build_ast.c | 32 ++++-------------- libsepol/cil/src/cil_internal.h | 2 ++ libsepol/cil/src/cil_parser.c | 16 +++------ 4 files changed, 69 insertions(+), 38 deletions(-) diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c index d24c81c8..bdd16eb8 100644 --- a/libsepol/cil/src/cil.c +++ b/libsepol/cil/src/cil.c @@ -1997,6 +1997,63 @@ exit: return SEPOL_ERR; } +int cil_string_to_uint32(const char *string, uint32_t *value, int base) +{ + unsigned long val; + char *end = NULL; + int rc = SEPOL_ERR; + + if (string == NULL || value == NULL) { + goto exit; + } + + errno = 0; + val = strtoul(string, &end, base); + if (errno != 0 || end == string || *end != '\0') { + rc = SEPOL_ERR; + goto exit; + } + + /* Ensure that the value fits a 32-bit integer without triggering -Wtype-limits */ +#if ULONG_MAX > UINT32_MAX + if (val > UINT32_MAX) { + rc = SEPOL_ERR; + goto exit; + } +#endif + + *value = val; + + return SEPOL_OK; + +exit: + cil_log(CIL_ERR, "Failed to create uint32_t from string\n"); + return rc; +} + +int cil_string_to_uint64(const char *string, uint64_t *value, int base) +{ + char *end = NULL; + int rc = SEPOL_ERR; + + if (string == NULL || value == NULL) { + goto exit; + } + + errno = 0; + *value = strtoull(string, &end, base); + if (errno != 0 || end == string || *end != '\0') { + rc = SEPOL_ERR; + goto exit; + } + + return SEPOL_OK; + +exit: + cil_log(CIL_ERR, "Failed to create uint64_t from string\n"); + return rc; +} + void cil_sort_init(struct cil_sort **sort) { *sort = cil_malloc(sizeof(**sort)); diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index 5e65a266..ffbd3082 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -5601,60 +5601,40 @@ void cil_destroy_ipaddr(struct cil_ipaddr *ipaddr) int cil_fill_integer(struct cil_tree_node *int_node, uint32_t *integer, int base) { int rc = SEPOL_ERR; - char *endptr = NULL; - unsigned long val; if (int_node == NULL || int_node->data == NULL || integer == NULL) { goto exit; } - errno = 0; - val = strtoul(int_node->data, &endptr, base); - if (errno != 0 || endptr == int_node->data || *endptr != '\0') { - rc = SEPOL_ERR; - goto exit; - } - - /* Ensure that the value fits a 32-bit integer without triggering -Wtype-limits */ -#if ULONG_MAX > UINT32_MAX - if (val > UINT32_MAX) { - rc = SEPOL_ERR; + rc = cil_string_to_uint32(int_node->data, integer, base); + if (rc != SEPOL_OK) { goto exit; } -#endif - - *integer = val; return SEPOL_OK; exit: - cil_log(CIL_ERR, "Failed to create integer from string\n"); + cil_log(CIL_ERR, "Failed to fill 32-bit integer\n"); return rc; } int cil_fill_integer64(struct cil_tree_node *int_node, uint64_t *integer, int base) { int rc = SEPOL_ERR; - char *endptr = NULL; - uint64_t val; if (int_node == NULL || int_node->data == NULL || integer == NULL) { goto exit; } - errno = 0; - val = strtoull(int_node->data, &endptr, base); - if (errno != 0 || endptr == int_node->data || *endptr != '\0') { - rc = SEPOL_ERR; + rc = cil_string_to_uint64(int_node->data, integer, base); + if (rc != SEPOL_OK) { goto exit; } - *integer = val; - return SEPOL_OK; exit: - cil_log(CIL_ERR, "Failed to create integer from string\n"); + cil_log(CIL_ERR, "Failed to fill 64-bit integer\n"); return rc; } diff --git a/libsepol/cil/src/cil_internal.h b/libsepol/cil/src/cil_internal.h index 98e303d1..b9a03a37 100644 --- a/libsepol/cil/src/cil_internal.h +++ b/libsepol/cil/src/cil_internal.h @@ -986,6 +986,8 @@ void cil_symtab_array_init(symtab_t symtab[], const int symtab_sizes[CIL_SYM_NUM void cil_symtab_array_destroy(symtab_t symtab[]); void cil_destroy_ast_symtabs(struct cil_tree_node *root); int cil_get_symtab(struct cil_tree_node *ast_node, symtab_t **symtab, enum cil_sym_index sym_index); +int cil_string_to_uint32(const char *string, uint32_t *value, int base); +int cil_string_to_uint64(const char *string, uint64_t *value, int base); void cil_sort_init(struct cil_sort **sort); void cil_sort_destroy(struct cil_sort **sort); diff --git a/libsepol/cil/src/cil_parser.c b/libsepol/cil/src/cil_parser.c index d36ffc49..9ca1432e 100644 --- a/libsepol/cil/src/cil_parser.c +++ b/libsepol/cil/src/cil_parser.c @@ -103,8 +103,7 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno struct cil_tree_node *node; struct token tok; char *hll_file; - char *end = NULL; - unsigned long val; + int rc; cil_lexer_next(&tok); if (tok.type != SYMBOL) { @@ -142,18 +141,11 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno goto exit; } - val = strtoul(tok.value, &end, 10); - if (errno == ERANGE || *end != '\0') { - cil_log(CIL_ERR, "Problem parsing line number for line mark\n"); + rc = cil_string_to_uint32(tok.value, hll_lineno, 10); + if (rc != SEPOL_OK) { goto exit; } -#if ULONG_MAX > UINT32_MAX - if (val > UINT32_MAX) { - cil_log(CIL_ERR, "Line mark line number > UINT32_MAX\n"); - goto exit; - } -#endif - *hll_lineno = val; + *hll_expand = (hll_type == CIL_KEY_HLL_LMX) ? 1 : 0; cil_lexer_next(&tok); From patchwork Mon Aug 16 19:57:51 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12439187 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CB934C4320E for ; Mon, 16 Aug 2021 19:58:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id B314860EE0 for ; Mon, 16 Aug 2021 19:58:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231272AbhHPT6i (ORCPT ); Mon, 16 Aug 2021 15:58:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56768 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231298AbhHPT6e (ORCPT ); Mon, 16 Aug 2021 15:58:34 -0400 Received: from mail-qk1-x735.google.com (mail-qk1-x735.google.com [IPv6:2607:f8b0:4864:20::735]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id AFFE2C0613C1 for ; Mon, 16 Aug 2021 12:58:01 -0700 (PDT) Received: by mail-qk1-x735.google.com with SMTP id e14so20429849qkg.3 for ; Mon, 16 Aug 2021 12:58:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=idsAyLZVFW30qpvWM4morzDFdqyLfxYGoSjOdW3gsr8=; b=jvc+o4BaKjAiHZ+3OjwvvCVBcc41TmSQP9GBGPn0oIswDqWs3OhZdBw4iEzX8jOldI D8lV/cDr5rGySmZLMRRUnpW39aCvcXnKe4iMQomb+9tgYsW1UIkAXvDxqy4byd26lXzu zacEunAIPDYeEACsSXRDgPV4Q8dY9qdYqgV9XiU+T37MvFjDchy50GMK7tv5ThBcu6j3 rZJEj1x7aSOkfzVP52738lvDM5YBHa6esC+Pz9sigJKXU4vI5EFCPfExr9plqT9RxXe/ KxYV3KofMQb36CoqGX4jbFgz2YZlLc7DaMBPEU0cXmoAT9YzF8m+WjzQRTXAnhvBorxQ xlRg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=idsAyLZVFW30qpvWM4morzDFdqyLfxYGoSjOdW3gsr8=; b=GPmr+Kdu+S8qjjNwix/c4k09ZGIKRyJO0sqMb99cssySszxmTYTyFLHzmh71Aw2Asd 7aX3FZ7dNEMJrOf1aelHDvRiIir2ESfXEUnFi/O5WgaVcH80l0xYfaa68SI0nByZPF8k IPj2mkymIuVD1sOgcRUnBvruP8p9Mk0SowKs+7iVepuOKUE/WpINoUYEZAeFDLxcFopI OYRw33y2YmzfL7IetB0I8V2npqXuHPwYAg3UTV//9VwNZp6pbK/tsG39EQjX1dxuco9z 0/Vv4p9dlmZSu/OuId7EhE06spZfi7afJc6iTh4+AIJZEU4tJPs8feUy/54zNtIIFpkI rtnA== X-Gm-Message-State: AOAM532kXYDPXDnSVBsuMZz6RvAhiXX75KXnkrORvngD03pdWu2rIG04 WN3X1tkqISHcPuBvJqGlx38Q0SreDdrm/g== X-Google-Smtp-Source: ABdhPJxWWT1ijCQaBuP9ZFS4iC1LEBsz1jsVoeoxdlsbDO0tOkDWiTZI0dCFGeBTwfaKwETUkzUHyQ== X-Received: by 2002:ae9:c011:: with SMTP id u17mr642199qkk.365.1629143880787; Mon, 16 Aug 2021 12:58:00 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id f11sm135147qtf.45.2021.08.16.12.58.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Aug 2021 12:58:00 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: nicolas.iooss@m4x.org, James Carter Subject: [PATCH 6/7 v2] libsepol/cil: Add line mark kind and line number to src info Date: Mon, 16 Aug 2021 15:57:51 -0400 Message-Id: <20210816195752.923028-7-jwcart2@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210816195752.923028-1-jwcart2@gmail.com> References: <20210816195752.923028-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org To be able to write line mark information when writing the AST, the line mark kind and line number is needed in the src info. Instead of indicating whether the src info is for CIL or a hll, differentiate between CIL, a normal hll line mark, and an expanded hll line mark. Also include the line mark line number in the src info nodes. Signed-off-by: James Carter --- v2: Use cil_strpool_add("1") instead of "1" in add_cil_path() libsepol/cil/src/cil.c | 13 +++++++++---- libsepol/cil/src/cil_build_ast.c | 17 +++++++++++++++-- libsepol/cil/src/cil_copy_ast.c | 3 ++- libsepol/cil/src/cil_internal.h | 7 +++++-- libsepol/cil/src/cil_parser.c | 27 +++++++++++---------------- libsepol/cil/src/cil_tree.c | 2 +- 6 files changed, 43 insertions(+), 26 deletions(-) diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c index bdd16eb8..caec5dad 100644 --- a/libsepol/cil/src/cil.c +++ b/libsepol/cil/src/cil.c @@ -220,7 +220,9 @@ char *CIL_KEY_IOCTL; char *CIL_KEY_UNORDERED; char *CIL_KEY_SRC_INFO; char *CIL_KEY_SRC_CIL; -char *CIL_KEY_SRC_HLL; +char *CIL_KEY_SRC_HLL_LMS; +char *CIL_KEY_SRC_HLL_LMX; +char *CIL_KEY_SRC_HLL_LME; static void cil_init_keys(void) { @@ -384,8 +386,10 @@ static void cil_init_keys(void) CIL_KEY_IOCTL = cil_strpool_add("ioctl"); CIL_KEY_UNORDERED = cil_strpool_add("unordered"); CIL_KEY_SRC_INFO = cil_strpool_add(""); - CIL_KEY_SRC_CIL = cil_strpool_add(""); - CIL_KEY_SRC_HLL = cil_strpool_add(""); + CIL_KEY_SRC_CIL = cil_strpool_add("cil"); + CIL_KEY_SRC_HLL_LMS = cil_strpool_add("lms"); + CIL_KEY_SRC_HLL_LMX = cil_strpool_add("lmx"); + CIL_KEY_SRC_HLL_LME = cil_strpool_add("lme"); } void cil_db_init(struct cil_db **db) @@ -2881,6 +2885,7 @@ void cil_mls_init(struct cil_mls **mls) void cil_src_info_init(struct cil_src_info **info) { *info = cil_malloc(sizeof(**info)); - (*info)->is_cil = 0; + (*info)->kind = NULL; + (*info)->hll_line = 0; (*info)->path = NULL; } diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index ffbd3082..a0f58b1e 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -6060,6 +6060,7 @@ int cil_gen_src_info(struct cil_tree_node *parse_current, struct cil_tree_node * CIL_SYN_STRING, CIL_SYN_STRING, CIL_SYN_STRING, + CIL_SYN_STRING, CIL_SYN_N_LISTS | CIL_SYN_END, CIL_SYN_END }; @@ -6077,8 +6078,19 @@ int cil_gen_src_info(struct cil_tree_node *parse_current, struct cil_tree_node * cil_src_info_init(&info); - info->is_cil = (parse_current->next->data == CIL_KEY_SRC_CIL) ? CIL_TRUE : CIL_FALSE; - info->path = parse_current->next->next->data; + info->kind = parse_current->next->data; + if (info->kind != CIL_KEY_SRC_CIL && info->kind != CIL_KEY_SRC_HLL_LMS && info->kind != CIL_KEY_SRC_HLL_LMX) { + cil_log(CIL_ERR, "Invalid src info kind\n"); + rc = SEPOL_ERR; + goto exit; + } + + rc = cil_string_to_uint32(parse_current->next->next->data, &info->hll_line, 10); + if (rc != SEPOL_OK) { + goto exit; + } + + info->path = parse_current->next->next->next->data; ast_node->data = info; ast_node->flavor = CIL_SRC_INFO; @@ -6087,6 +6099,7 @@ int cil_gen_src_info(struct cil_tree_node *parse_current, struct cil_tree_node * exit: cil_tree_log(parse_current, CIL_ERR, "Bad src info"); + cil_destroy_src_info(info); return rc; } diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c index 9c0231f2..02b9828f 100644 --- a/libsepol/cil/src/cil_copy_ast.c +++ b/libsepol/cil/src/cil_copy_ast.c @@ -1692,7 +1692,8 @@ int cil_copy_src_info(__attribute__((unused)) struct cil_db *db, void *data, voi cil_src_info_init(&new); - new->is_cil = orig->is_cil; + new->kind = orig->kind; + new->hll_line = orig->hll_line; new->path = orig->path; *copy = new; diff --git a/libsepol/cil/src/cil_internal.h b/libsepol/cil/src/cil_internal.h index b9a03a37..385677d4 100644 --- a/libsepol/cil/src/cil_internal.h +++ b/libsepol/cil/src/cil_internal.h @@ -236,7 +236,9 @@ extern char *CIL_KEY_IOCTL; extern char *CIL_KEY_UNORDERED; extern char *CIL_KEY_SRC_INFO; extern char *CIL_KEY_SRC_CIL; -extern char *CIL_KEY_SRC_HLL; +extern char *CIL_KEY_SRC_HLL_LMS; +extern char *CIL_KEY_SRC_HLL_LMX; +extern char *CIL_KEY_SRC_HLL_LME; /* Symbol Table Array Indices @@ -963,7 +965,8 @@ struct cil_mls { }; struct cil_src_info { - int is_cil; + char *kind; + uint32_t hll_line; char *path; }; diff --git a/libsepol/cil/src/cil_parser.c b/libsepol/cil/src/cil_parser.c index 9ca1432e..cde6e5c0 100644 --- a/libsepol/cil/src/cil_parser.c +++ b/libsepol/cil/src/cil_parser.c @@ -44,10 +44,6 @@ #define CIL_PARSER_MAX_EXPR_DEPTH (0x1 << 12) -char *CIL_KEY_HLL_LMS; -char *CIL_KEY_HLL_LMX; -char *CIL_KEY_HLL_LME; - struct hll_info { uint32_t hll_lineno; uint32_t hll_expand; @@ -102,7 +98,6 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno char *hll_type; struct cil_tree_node *node; struct token tok; - char *hll_file; int rc; cil_lexer_next(&tok); @@ -111,11 +106,11 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno goto exit; } hll_type = cil_strpool_add(tok.value); - if (hll_type != CIL_KEY_HLL_LME && hll_type != CIL_KEY_HLL_LMS && hll_type != CIL_KEY_HLL_LMX) { + if (hll_type != CIL_KEY_SRC_HLL_LME && hll_type != CIL_KEY_SRC_HLL_LMS && hll_type != CIL_KEY_SRC_HLL_LMX) { cil_log(CIL_ERR, "Invalid line mark syntax\n"); goto exit; } - if (hll_type == CIL_KEY_HLL_LME) { + if (hll_type == CIL_KEY_SRC_HLL_LME) { if (cil_stack_is_empty(stack)) { cil_log(CIL_ERR, "Line mark end without start\n"); goto exit; @@ -132,7 +127,7 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno create_node(&node, *current, tok.line, *hll_lineno, CIL_KEY_SRC_INFO); insert_node(node, *current); - create_node(&node, *current, tok.line, *hll_lineno, CIL_KEY_SRC_HLL); + create_node(&node, *current, tok.line, *hll_lineno, hll_type); insert_node(node, *current); cil_lexer_next(&tok); @@ -141,12 +136,15 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno goto exit; } + create_node(&node, *current, tok.line, *hll_lineno, cil_strpool_add(tok.value)); + insert_node(node, *current); + rc = cil_string_to_uint32(tok.value, hll_lineno, 10); if (rc != SEPOL_OK) { goto exit; } - *hll_expand = (hll_type == CIL_KEY_HLL_LMX) ? 1 : 0; + *hll_expand = (hll_type == CIL_KEY_SRC_HLL_LMX) ? 1 : 0; cil_lexer_next(&tok); if (tok.type != SYMBOL && tok.type != QSTRING) { @@ -159,9 +157,7 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno tok.value = tok.value+1; } - hll_file = cil_strpool_add(tok.value); - - create_node(&node, *current, tok.line, *hll_lineno, hll_file); + create_node(&node, *current, tok.line, *hll_lineno, cil_strpool_add(tok.value)); insert_node(node, *current); } @@ -192,6 +188,9 @@ static void add_cil_path(struct cil_tree_node **current, char *path) create_node(&node, *current, 0, 0, CIL_KEY_SRC_CIL); insert_node(node, *current); + create_node(&node, *current, 0, 0, cil_strpool_add("1")); + insert_node(node, *current); + create_node(&node, *current, 0, 0, path); insert_node(node, *current); } @@ -211,10 +210,6 @@ int cil_parser(const char *_path, char *buffer, uint32_t size, struct cil_tree * struct token tok; int rc = SEPOL_OK; - CIL_KEY_HLL_LMS = cil_strpool_add("lms"); - CIL_KEY_HLL_LMX = cil_strpool_add("lmx"); - CIL_KEY_HLL_LME = cil_strpool_add("lme"); - cil_stack_init(&stack); cil_lexer_setup(buffer, size); diff --git a/libsepol/cil/src/cil_tree.c b/libsepol/cil/src/cil_tree.c index 4cf8dcc8..52b28999 100644 --- a/libsepol/cil/src/cil_tree.c +++ b/libsepol/cil/src/cil_tree.c @@ -71,7 +71,7 @@ struct cil_tree_node *cil_tree_get_next_path(struct cil_tree_node *node, char ** /* AST */ struct cil_src_info *info = node->data; *path = info->path; - *is_cil = info->is_cil; + *is_cil = (info->kind == CIL_KEY_SRC_CIL); return node; } else { if (node->flavor == CIL_CALL) { From patchwork Mon Aug 16 19:57:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12439191 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0F081C43216 for ; Mon, 16 Aug 2021 19:58:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EFEC360F38 for ; Mon, 16 Aug 2021 19:58:06 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231298AbhHPT6i (ORCPT ); Mon, 16 Aug 2021 15:58:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56774 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229802AbhHPT6e (ORCPT ); Mon, 16 Aug 2021 15:58:34 -0400 Received: from mail-qv1-xf31.google.com (mail-qv1-xf31.google.com [IPv6:2607:f8b0:4864:20::f31]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 93B50C06179A for ; Mon, 16 Aug 2021 12:58:02 -0700 (PDT) Received: by mail-qv1-xf31.google.com with SMTP id dt3so8100312qvb.6 for ; Mon, 16 Aug 2021 12:58:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=eVkRqafI4PODlSWzJ+BXUFQ+tawFQiB9daGN4KiKpUU=; b=RSsybppiqv32jQ+QCQaumYds+e45pcnSlkoyENt0/YG+V020SaLKfd4WYL/zIKhvsN NUdDbF+MpigAKDdVaDcX80IchGw4OWOKEmafVX2VYKCpqR5fPyhvalC/IcSyQ+ShaKhE eqGxRgawPtTRNDVG27CTaO5HON+zaFP+ewGL/DNEfXLpOwuMlDouSUash0bU5nYpIX0I u25M48lld9DZ6lrtYk4ASQmn0rRKXOhpzQxcRgmIZIYDPPfdcUCBNoNFfbNRLdWAUBJe Trv8BWHIpOuEMsfi/78vA8Dyyhxqkzx5BHgNITJ2Uo2PIkJe/0OmJ5nqCAdP9NTbnIrH T7dA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=eVkRqafI4PODlSWzJ+BXUFQ+tawFQiB9daGN4KiKpUU=; b=abm0YFBn5Zqq8Fb6mbSH6ss6L8R74A2KujdfY0bJGi8PvtJnjIq15wgLPmu7rgIwia MGKz2V1erLaBgnbiTlmGroVrPxNEbAW1/eW524KzNUBN2TtHowS7MeL4ecI3S6WI0SEw MgdBwwURNKY7Hja0CP2RKzo7GJv9oFGjeZisyTuZUzAYD27ugygzzTfkKMQuWsN+ienG SUT4Qogi3G2fDKK5KC5VD+3hzIza8YV0VzmpBDxcuP/yeF3kjuB4cNU5m/06dtRuxUwZ F4fFXNOpnoNtq27tL3pPR+ej/78oXo8ESQW1PH2k9TeiSziH2a4s0a1AdMdVzXZuWVvJ GiwA== X-Gm-Message-State: AOAM531d6nDPJXg30PjdLnYpelg1cmNO4u2wkKNEq0LX+U0WVnvTzyKP QkJH9kDVo1vidZaFWbZJHFK4KT0amCjSxw== X-Google-Smtp-Source: ABdhPJyLohP40nzjW8puZZc5ML6r/w1PazxpV9Ukdl8MBiprSUsetFKOWui4X8rhM/P2aE82g4DcMQ== X-Received: by 2002:a0c:aad9:: with SMTP id g25mr458743qvb.27.1629143881307; Mon, 16 Aug 2021 12:58:01 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id f11sm135147qtf.45.2021.08.16.12.58.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 16 Aug 2021 12:58:01 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: nicolas.iooss@m4x.org, James Carter Subject: [PATCH 7/7 v2] libsepol/cil: Report correct high-level language line numbers Date: Mon, 16 Aug 2021 15:57:52 -0400 Message-Id: <20210816195752.923028-8-jwcart2@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210816195752.923028-1-jwcart2@gmail.com> References: <20210816195752.923028-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org CIL supports specifiying the original high-level language file and line numbers when reporting errors. This is done through line marks and is mostly used to report the original Refpolicy file and line number for neverallow rules that have been converted to CIL. As long as the line mark remain simple, everything works fine, but the wrong line numbers will be reported with more complex nextings of line marks. Example: ;;* lms 100 file01.hll (type t1a) (allow t1a self (CLASS (PERM))) ;;* lmx 200 file02.hll (type t2a) (allow t2a self (CLASS (PERM))) ;;* lme (type t1b) (allow t1b self (CLASS (PERM))) (allow bad1b self (CLASS (PERM))) ; file01.hll:101 (Should be 106) ;;* lme The primary problem is that the tree nodes can only store one hll line number. Instead a number is needed that can be used by any number of stacked line mark sections. This number would increment line a normal line number except when in lmx sections (that have the same line number throughout the section because they represent an expansion of a line -- like the expansion of a macro call. This number can go backwards when exiting a lms section within a lmx section, because line number will increase in the lms section, but outside the lmx section, the line number did not advance. This number is called the hll_offset and this is the value that is now stored in tree nodes instead of the hll line number. To calculate the hll line number for a rule, a search is made for an ancestor of the node that is a line mark and the line number for a lms section is the hll line number stored in the line mark, plus the hll offset of the rule, minus the hll offset of the line mark node, minus one. (hll_lineno + hll_offset_rule - hll_offset_lm - 1) Signed-off-by: James Carter --- v2: Fix confusing usage of pre_hll_expand and pre_hll_offset Initialize pre_hll_offset Change format specifiers in cil_tree.c to use %u instead of %d libsepol/cil/src/cil_binary.c | 9 ++-- libsepol/cil/src/cil_build_ast.c | 4 +- libsepol/cil/src/cil_copy_ast.c | 2 +- libsepol/cil/src/cil_parser.c | 72 +++++++++++++++++++------------- libsepol/cil/src/cil_tree.c | 57 ++++++++++++++++--------- libsepol/cil/src/cil_tree.h | 4 +- 6 files changed, 90 insertions(+), 58 deletions(-) diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c index 2b65c622..43c37fc2 100644 --- a/libsepol/cil/src/cil_binary.c +++ b/libsepol/cil/src/cil_binary.c @@ -4480,7 +4480,8 @@ static avrule_t *__cil_init_sepol_avrule(uint32_t kind, struct cil_tree_node *no avrule_t *avrule; struct cil_tree_node *source_node; char *source_path; - int is_cil; + char *lm_kind; + uint32_t hll_line; avrule = cil_malloc(sizeof(avrule_t)); avrule->specified = kind; @@ -4492,11 +4493,11 @@ static avrule_t *__cil_init_sepol_avrule(uint32_t kind, struct cil_tree_node *no avrule->source_filename = NULL; avrule->source_line = node->line; - source_node = cil_tree_get_next_path(node, &source_path, &is_cil); + source_node = cil_tree_get_next_path(node, &lm_kind, &hll_line, &source_path); if (source_node) { avrule->source_filename = source_path; - if (!is_cil) { - avrule->source_line = node->hll_line; + if (lm_kind != CIL_KEY_SRC_CIL) { + avrule->source_line = hll_line + node->hll_offset - source_node->hll_offset - 1; } } diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index a0f58b1e..a5afc267 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -619,7 +619,7 @@ int cil_gen_perm_nodes(struct cil_db *db, struct cil_tree_node *current_perm, st cil_tree_node_init(&new_ast); new_ast->parent = ast_node; new_ast->line = current_perm->line; - new_ast->hll_line = current_perm->hll_line; + new_ast->hll_offset = current_perm->hll_offset; rc = cil_gen_perm(db, current_perm, new_ast, flavor, num_perms); if (rc != SEPOL_OK) { @@ -6203,7 +6203,7 @@ int __cil_build_ast_node_helper(struct cil_tree_node *parse_current, uint32_t *f ast_node->parent = ast_current; ast_node->line = parse_current->line; - ast_node->hll_line = parse_current->hll_line; + ast_node->hll_offset = parse_current->hll_offset; if (parse_current->data == CIL_KEY_BLOCK) { rc = cil_gen_block(db, parse_current, ast_node, 0); diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c index 02b9828f..34282a92 100644 --- a/libsepol/cil/src/cil_copy_ast.c +++ b/libsepol/cil/src/cil_copy_ast.c @@ -2010,7 +2010,7 @@ int __cil_copy_node_helper(struct cil_tree_node *orig, __attribute__((unused)) u new->parent = parent; new->line = orig->line; - new->hll_line = orig->hll_line; + new->hll_offset = orig->hll_offset; new->flavor = orig->flavor; new->data = data; diff --git a/libsepol/cil/src/cil_parser.c b/libsepol/cil/src/cil_parser.c index cde6e5c0..a967b9ed 100644 --- a/libsepol/cil/src/cil_parser.c +++ b/libsepol/cil/src/cil_parser.c @@ -45,21 +45,21 @@ #define CIL_PARSER_MAX_EXPR_DEPTH (0x1 << 12) struct hll_info { - uint32_t hll_lineno; + uint32_t hll_offset; uint32_t hll_expand; }; -static void push_hll_info(struct cil_stack *stack, uint32_t hll_lineno, uint32_t hll_expand) +static void push_hll_info(struct cil_stack *stack, uint32_t hll_offset, uint32_t hll_expand) { struct hll_info *new = cil_malloc(sizeof(*new)); - new->hll_lineno = hll_lineno; + new->hll_offset = hll_offset; new->hll_expand = hll_expand; cil_stack_push(stack, CIL_NONE, new); } -static void pop_hll_info(struct cil_stack *stack, uint32_t *hll_lineno, uint32_t *hll_expand) +static void pop_hll_info(struct cil_stack *stack, uint32_t *hll_offset, uint32_t *hll_expand) { struct cil_stack_item *curr = cil_stack_pop(stack); struct hll_info *info; @@ -69,17 +69,17 @@ static void pop_hll_info(struct cil_stack *stack, uint32_t *hll_lineno, uint32_t } info = curr->data; *hll_expand = info->hll_expand; - *hll_lineno = info->hll_lineno; + *hll_offset = info->hll_offset; free(curr->data); } -static void create_node(struct cil_tree_node **node, struct cil_tree_node *current, uint32_t line, uint32_t hll_line, void *value) +static void create_node(struct cil_tree_node **node, struct cil_tree_node *current, uint32_t line, uint32_t hll_offset, void *value) { cil_tree_node_init(node); (*node)->parent = current; (*node)->flavor = CIL_NODE; (*node)->line = line; - (*node)->hll_line = hll_line; + (*node)->hll_offset = hll_offset; (*node)->data = value; } @@ -93,12 +93,12 @@ static void insert_node(struct cil_tree_node *node, struct cil_tree_node *curren current->cl_tail = node; } -static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno, uint32_t *hll_expand, struct cil_stack *stack, char *path) +static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_offset, uint32_t *hll_expand, struct cil_stack *stack, char *path) { char *hll_type; struct cil_tree_node *node; struct token tok; - int rc; + uint32_t prev_hll_expand, prev_hll_offset; cil_lexer_next(&tok); if (tok.type != SYMBOL) { @@ -115,19 +115,31 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno cil_log(CIL_ERR, "Line mark end without start\n"); goto exit; } - pop_hll_info(stack, hll_lineno, hll_expand); + prev_hll_expand = *hll_expand; + prev_hll_offset = *hll_offset; + pop_hll_info(stack, hll_offset, hll_expand); + if (!*hll_expand) { + /* This is needed if not going back to an lmx section. */ + *hll_offset = prev_hll_offset; + } + if (prev_hll_expand && !*hll_expand) { + /* This is needed to count the lme at the end of an lmx section + * within an lms section (or within no hll section). + */ + (*hll_offset)++; + } *current = (*current)->parent; } else { - push_hll_info(stack, *hll_lineno, *hll_expand); + push_hll_info(stack, *hll_offset, *hll_expand); - create_node(&node, *current, tok.line, *hll_lineno, NULL); + create_node(&node, *current, tok.line, *hll_offset, NULL); insert_node(node, *current); *current = node; - create_node(&node, *current, tok.line, *hll_lineno, CIL_KEY_SRC_INFO); + create_node(&node, *current, tok.line, *hll_offset, CIL_KEY_SRC_INFO); insert_node(node, *current); - create_node(&node, *current, tok.line, *hll_lineno, hll_type); + create_node(&node, *current, tok.line, *hll_offset, hll_type); insert_node(node, *current); cil_lexer_next(&tok); @@ -136,16 +148,9 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno goto exit; } - create_node(&node, *current, tok.line, *hll_lineno, cil_strpool_add(tok.value)); + create_node(&node, *current, tok.line, *hll_offset, cil_strpool_add(tok.value)); insert_node(node, *current); - rc = cil_string_to_uint32(tok.value, hll_lineno, 10); - if (rc != SEPOL_OK) { - goto exit; - } - - *hll_expand = (hll_type == CIL_KEY_SRC_HLL_LMX) ? 1 : 0; - cil_lexer_next(&tok); if (tok.type != SYMBOL && tok.type != QSTRING) { cil_log(CIL_ERR, "Invalid line mark syntax\n"); @@ -157,8 +162,10 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno tok.value = tok.value+1; } - create_node(&node, *current, tok.line, *hll_lineno, cil_strpool_add(tok.value)); + create_node(&node, *current, tok.line, *hll_offset, cil_strpool_add(tok.value)); insert_node(node, *current); + + *hll_expand = (hll_type == CIL_KEY_SRC_HLL_LMX) ? 1 : 0; } cil_lexer_next(&tok); @@ -167,6 +174,11 @@ static int add_hll_linemark(struct cil_tree_node **current, uint32_t *hll_lineno goto exit; } + if (!*hll_expand) { + /* Need to increment because of the NEWLINE */ + (*hll_offset)++; + } + return SEPOL_OK; exit: @@ -205,7 +217,7 @@ int cil_parser(const char *_path, char *buffer, uint32_t size, struct cil_tree * struct cil_tree_node *current = NULL; char *path = cil_strpool_add(_path); struct cil_stack *stack; - uint32_t hll_lineno = 0; + uint32_t hll_offset = 1; uint32_t hll_expand = 0; struct token tok; int rc = SEPOL_OK; @@ -223,7 +235,7 @@ int cil_parser(const char *_path, char *buffer, uint32_t size, struct cil_tree * cil_lexer_next(&tok); switch (tok.type) { case HLL_LINEMARK: - rc = add_hll_linemark(¤t, &hll_lineno, &hll_expand, stack, path); + rc = add_hll_linemark(¤t, &hll_offset, &hll_expand, stack, path); if (rc != SEPOL_OK) { goto exit; } @@ -234,7 +246,7 @@ int cil_parser(const char *_path, char *buffer, uint32_t size, struct cil_tree * cil_log(CIL_ERR, "Number of open parenthesis exceeds limit of %d at line %d of %s\n", CIL_PARSER_MAX_EXPR_DEPTH, tok.line, path); goto exit; } - create_node(&node, current, tok.line, hll_lineno, NULL); + create_node(&node, current, tok.line, hll_offset, NULL); insert_node(node, current); current = node; break; @@ -256,12 +268,12 @@ int cil_parser(const char *_path, char *buffer, uint32_t size, struct cil_tree * goto exit; } - create_node(&node, current, tok.line, hll_lineno, cil_strpool_add(tok.value)); + create_node(&node, current, tok.line, hll_offset, cil_strpool_add(tok.value)); insert_node(node, current); break; case NEWLINE : if (!hll_expand) { - hll_lineno++; + hll_offset++; } break; case COMMENT: @@ -269,7 +281,7 @@ int cil_parser(const char *_path, char *buffer, uint32_t size, struct cil_tree * cil_lexer_next(&tok); } if (!hll_expand) { - hll_lineno++; + hll_offset++; } if (tok.type != END_OF_FILE) { break; @@ -306,7 +318,7 @@ int cil_parser(const char *_path, char *buffer, uint32_t size, struct cil_tree * exit: while (!cil_stack_is_empty(stack)) { - pop_hll_info(stack, &hll_lineno, &hll_expand); + pop_hll_info(stack, &hll_offset, &hll_expand); } cil_lexer_destroy(); cil_stack_destroy(&stack); diff --git a/libsepol/cil/src/cil_tree.c b/libsepol/cil/src/cil_tree.c index 52b28999..75293005 100644 --- a/libsepol/cil/src/cil_tree.c +++ b/libsepol/cil/src/cil_tree.c @@ -50,10 +50,12 @@ __attribute__((noreturn)) __attribute__((format (printf, 1, 2))) void cil_tree_e exit(1); } -struct cil_tree_node *cil_tree_get_next_path(struct cil_tree_node *node, char **path, int* is_cil) +struct cil_tree_node *cil_tree_get_next_path(struct cil_tree_node *node, char **info_kind, uint32_t *hll_line, char **path) { + int rc; + if (!node) { - return NULL; + goto exit; } node = node->parent; @@ -62,16 +64,21 @@ struct cil_tree_node *cil_tree_get_next_path(struct cil_tree_node *node, char ** if (node->flavor == CIL_NODE && node->data == NULL) { if (node->cl_head->data == CIL_KEY_SRC_INFO && node->cl_head->next != NULL && node->cl_head->next->next != NULL) { /* Parse Tree */ - *path = node->cl_head->next->next->data; - *is_cil = (node->cl_head->next->data == CIL_KEY_SRC_CIL); + *info_kind = node->cl_head->next->data; + rc = cil_string_to_uint32(node->cl_head->next->next->data, hll_line, 10); + if (rc != SEPOL_OK) { + goto exit; + } + *path = node->cl_head->next->next->next->data; return node; } node = node->parent; } else if (node->flavor == CIL_SRC_INFO) { /* AST */ struct cil_src_info *info = node->data; + *info_kind = info->kind; + *hll_line = info->hll_line; *path = info->path; - *is_cil = (info->kind == CIL_KEY_SRC_CIL); return node; } else { if (node->flavor == CIL_CALL) { @@ -86,17 +93,22 @@ struct cil_tree_node *cil_tree_get_next_path(struct cil_tree_node *node, char ** } } +exit: + *info_kind = NULL; + *hll_line = 0; + *path = NULL; return NULL; } char *cil_tree_get_cil_path(struct cil_tree_node *node) { - char *path = NULL; - int is_cil; + char *info_kind; + uint32_t hll_line; + char *path; while (node) { - node = cil_tree_get_next_path(node, &path, &is_cil); - if (node && is_cil) { + node = cil_tree_get_next_path(node, &info_kind, &hll_line, &path); + if (node && info_kind == CIL_KEY_SRC_CIL) { return path; } } @@ -114,22 +126,29 @@ __attribute__((format (printf, 3, 4))) void cil_tree_log(struct cil_tree_node *n if (node) { char *path = NULL; - int is_cil; - unsigned hll_line = node->hll_line; + uint32_t hll_offset = node->hll_offset; path = cil_tree_get_cil_path(node); if (path != NULL) { - cil_log(lvl, " at %s:%d", path, node->line); + cil_log(lvl, " at %s:%u", path, node->line); } while (node) { - node = cil_tree_get_next_path(node, &path, &is_cil); - if (node && !is_cil) { - cil_log(lvl," from %s:%d", path, hll_line); - path = NULL; - hll_line = node->hll_line; - } + do { + char *info_kind; + uint32_t hll_line; + + node = cil_tree_get_next_path(node, &info_kind, &hll_line, &path); + if (!node || info_kind == CIL_KEY_SRC_CIL) { + break; + } + if (info_kind == CIL_KEY_SRC_HLL_LMS) { + hll_line += hll_offset - node->hll_offset - 1; + } + + cil_log(lvl," from %s:%u", path, hll_line); + } while (1); } } @@ -222,7 +241,7 @@ void cil_tree_node_init(struct cil_tree_node **node) new_node->next = NULL; new_node->flavor = CIL_ROOT; new_node->line = 0; - new_node->hll_line = 0; + new_node->hll_offset = 0; *node = new_node; } diff --git a/libsepol/cil/src/cil_tree.h b/libsepol/cil/src/cil_tree.h index f4d22071..5a98da55 100644 --- a/libsepol/cil/src/cil_tree.h +++ b/libsepol/cil/src/cil_tree.h @@ -46,11 +46,11 @@ struct cil_tree_node { struct cil_tree_node *next; //Each element in the list points to the next element enum cil_flavor flavor; uint32_t line; - uint32_t hll_line; + uint32_t hll_offset; void *data; }; -struct cil_tree_node *cil_tree_get_next_path(struct cil_tree_node *node, char **path, int* is_cil); +struct cil_tree_node *cil_tree_get_next_path(struct cil_tree_node *node, char **info_kind, uint32_t *hll_line, char **path); char *cil_tree_get_cil_path(struct cil_tree_node *node); __attribute__((format (printf, 3, 4))) void cil_tree_log(struct cil_tree_node *node, enum cil_log_level lvl, const char* msg, ...);