From patchwork Thu Aug 19 16:53:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12447619 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 10029C4320A for ; Thu, 19 Aug 2021 16:53:45 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E2EAE6101A for ; Thu, 19 Aug 2021 16:53:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229907AbhHSQyU (ORCPT ); Thu, 19 Aug 2021 12:54:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49424 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229840AbhHSQyO (ORCPT ); Thu, 19 Aug 2021 12:54:14 -0400 Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D3D49C061575 for ; Thu, 19 Aug 2021 09:53:37 -0700 (PDT) Received: by mail-qt1-x82a.google.com with SMTP id d25so2048813qtq.9 for ; Thu, 19 Aug 2021 09:53:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=vfd6/XVm4ZGbjCxulQi7eQN6VXYus53zvvBVac8ySr8=; b=lGamhlKU0nhgzi9KT8J2P6BKfKzY13afHRFjjiD4dGeWQHPu7yO9W4jh/WaYgJSOb0 oF3GamWK3QQWa7YtE2Xn3chk1rhwRmq1Ccdn1W6ZV8lDbPGUNAtK8ZKiSsT/xiBRJ5K9 nA7CbTOW5mypXVTvBISU8RrMOKoTYBWjAbqLyIgvZIvbbllOjdjMURSyM5WsEcLsfn+M +qHfWXuY2H9Q2+Aps0itjoFIEDAiZqTt+KQssiQBruvNKHH1CnMnZZcsCiPcLQiI5yK/ jJQEqybw0dTNWE5AxfS2Na0a9SH44SUAjCZEmFMF/vSgdqLVdNCU3NO4ZpUzl8urTVCL lZ8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=vfd6/XVm4ZGbjCxulQi7eQN6VXYus53zvvBVac8ySr8=; b=M3rvYRcZlZtVwSPLkJ5/12BHiZ3Kr3OZS8SOaI6Y36cAA0Fc15t8d+HhUi5Xu+G7wU SBaAY+74DwBEMSb3kzDveAltE9UQhYKXZdSU2QlPfqkOapeH4MgkTydUSIBZKRVyhCHk FQFjAartVMSRtOkUvpx97rFhbLUOZi9JJSasxQE+fLQD7r68jDgRgierVS1p8KxR7Pg8 GCc5iZdD0BAxRuABuslKTJZ2uhhwb9tDEhfeVetdvJSnzfkX37p3zPgQjoi6b5ld84iT zvDqCfBXhl1XbWyAWoxp3AXep1sMaYul6jyOI0lmUqO7g385Sw6AcougOa6p/KqvZehV VtXg== X-Gm-Message-State: AOAM53163eqbjEcexB+rz3YD2w+MTGsmGCBEqN40EN0T5CQxmgw7xwlV UOHFsqQ/2+IsDIExGiG3RhzMXmmfkgCeRw== X-Google-Smtp-Source: ABdhPJxdzyjkCRm1T3zZm2cEgb9X4h8YoGrUDDg+xWQhbiTEZF1dZJXjdR1MOnJbSWBXXjRyZdmajQ== X-Received: by 2002:a05:622a:106:: with SMTP id u6mr13470372qtw.288.1629392016961; Thu, 19 Aug 2021 09:53:36 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id h140sm1895411qke.112.2021.08.19.09.53.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Aug 2021 09:53:36 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: nicolas.iooss@m4x.org, James Carter Subject: [PATCH 1/2] libsepol/cil: Remove redundant syntax checking Date: Thu, 19 Aug 2021 12:53:31 -0400 Message-Id: <20210819165332.58896-1-jwcart2@gmail.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org For every call to cil_fill_classperms_list(), the syntax of the whole rule, including the class permissions, has already been checked. There is no reason to check it again. Also, because the class permissions appear in the middle of some rules, like constraints, the syntax array does not end with CIL_SYN_END. This is the only case where the syntax array does not end with CIL_SYN_END. This prevents __cil_verify_syntax() from requiring that the syntax array ends with CIL_SYN_END. Remove the redundant syntax checking in cil_fill_classperms_list(). Signed-off-by: James Carter --- libsepol/cil/src/cil_build_ast.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index 9da90883..514cac8d 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -736,20 +736,11 @@ int cil_fill_classperms_list(struct cil_tree_node *parse_current, struct cil_lis { int rc = SEPOL_ERR; struct cil_tree_node *curr; - enum cil_syntax syntax[] = { - CIL_SYN_STRING | CIL_SYN_LIST, - }; - int syntax_len = sizeof(syntax)/sizeof(*syntax); if (parse_current == NULL || cp_list == NULL) { goto exit; } - rc = __cil_verify_syntax(parse_current, syntax, syntax_len); - if (rc != SEPOL_OK) { - goto exit; - } - cil_list_init(cp_list, CIL_CLASSPERMS); curr = parse_current->cl_head; From patchwork Thu Aug 19 16:53:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 12447621 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD1B8C4338F for ; Thu, 19 Aug 2021 16:53:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A56ED610A6 for ; Thu, 19 Aug 2021 16:53:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229451AbhHSQyU (ORCPT ); Thu, 19 Aug 2021 12:54:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49430 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230029AbhHSQyP (ORCPT ); Thu, 19 Aug 2021 12:54:15 -0400 Received: from mail-qk1-x731.google.com (mail-qk1-x731.google.com [IPv6:2607:f8b0:4864:20::731]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9D5A3C061756 for ; Thu, 19 Aug 2021 09:53:38 -0700 (PDT) Received: by mail-qk1-x731.google.com with SMTP id y144so7845416qkb.6 for ; Thu, 19 Aug 2021 09:53:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=+CY1oivaNcgGqc+60GpGh5iHHVbeaHELLIOa6qzVNR8=; b=DkROTkCIzClmqeJIvte61/V42G1hg3fQvMXbY1odrnd0ngYooINX+AtZXq5ZODBMI3 7a6+hu4jzhNYorGO7tQuq+KLzGA1rsUZrWoZIMhGamyaqx4EfBrVUneqIVmzynE2sKcd DezL4ppC7C8ONp0aqNNOk70wOOloC7XIa4YlH9ftmAfXRiPBxZT+rZ+haCH/T2MDdU3k HUfx595VezzaRX4pqwykmcCC70ywJIvEx/AugrYUfHTCFa4iCZueCawzI60ZigOZAYHt 2xTG3Rb8dh47OqLaG9L6XEJYq/2zK682UTPlzjuJm5nXUiPQEZ7ovNdCLbcxoDqXGobS LcEA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=+CY1oivaNcgGqc+60GpGh5iHHVbeaHELLIOa6qzVNR8=; b=VW/+0DLOG3vH7/KhLVl1RpfW1QB+aMD+Hp44QR+RyiAbuHcLXnqnK8XULV9ZoKjJ0T Tq/yLd3ieADYB+sSaMdNedFrC3FlprxPXRtN5YiARWrSvPJHum5FQEwsgib/ZbDNT8gt slG5bPOVh4eTOtGp1Ls4puP+HuEp/+2VbQ6FAY/1fyu1MWkheUe8R680vcRVrRow02sh ZHy9sJxuCrDIkThefD+iddmg3Bz/Z/t+DyHuwe9tamo8QVD5ulfs9i36Y9Ngmi7rjBJE NvK/N8dzrHgDGS6rRoZkNUbTQ2PpdlOtgNH2ohKE2NdCbj6M9RdEBcBYLMYZCOqGnYH+ XYMA== X-Gm-Message-State: AOAM532PdT94FtCwvLS2i4IWG3tRyCNtsQpP88FGKNVHYUZkZQTZREMS OpsYS9j2uLXUep+8Zv4CdtrqtaMp/uxtCA== X-Google-Smtp-Source: ABdhPJxwYZvS+JvfMpyPGwfgxTgl1jpsnj5X/FPF2cI4EinAzYhfEvRWFGsmenj7PMcnJIX7dr0GhQ== X-Received: by 2002:a05:620a:1222:: with SMTP id v2mr4659864qkj.1.1629392017721; Thu, 19 Aug 2021 09:53:37 -0700 (PDT) Received: from localhost.localdomain (c-73-200-157-122.hsd1.md.comcast.net. [73.200.157.122]) by smtp.gmail.com with ESMTPSA id h140sm1895411qke.112.2021.08.19.09.53.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 19 Aug 2021 09:53:37 -0700 (PDT) From: James Carter To: selinux@vger.kernel.org Cc: nicolas.iooss@m4x.org, James Carter Subject: [PATCH 2/2] libsepol/cil: Fix syntax checking in __cil_verify_syntax() Date: Thu, 19 Aug 2021 12:53:32 -0400 Message-Id: <20210819165332.58896-2-jwcart2@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210819165332.58896-1-jwcart2@gmail.com> References: <20210819165332.58896-1-jwcart2@gmail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org The function __cil_verify_syntax() is used to check the syntax of CIL rules (and a few other common things like contexts and class permissions). It does not correctly check the syntax combination "CIL_SYN_STRING | CIL_SYN_N_LISTS, CIL_SYN_N_LISTS | CIL_SYN_END". This should mean either a string followed by any number of lists or any number of lists followed by the end of the rule. Instead, while allowing the correct syntax, it allows any number of lists followed by a string followed by any number of more lists followed by the end of the rule and, also, any number of lists followed by a string followed by the end of the rule. Refactor the function to make it clearer to follow and so that once checking begins for CIL_SYN_N_LISTS or CIL_SYN_N_STRINGS, then only strings or lists are allowed until the end of the rule is found. In addition, always check for CIL_SYN_END at the end. Signed-off-by: James Carter Acked-by: Nicolas Iooss --- libsepol/cil/src/cil_verify.c | 71 ++++++++++++----------------------- 1 file changed, 23 insertions(+), 48 deletions(-) diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c index fc8a8a40..b1c2270e 100644 --- a/libsepol/cil/src/cil_verify.c +++ b/libsepol/cil/src/cil_verify.c @@ -146,68 +146,43 @@ exit: int __cil_verify_syntax(struct cil_tree_node *parse_current, enum cil_syntax s[], int len) { - int rc = SEPOL_ERR; - int num_extras = 0; struct cil_tree_node *c = parse_current; int i = 0; - while (i < len) { - if ((s[i] & CIL_SYN_END) && c == NULL) { - break; - } - if (s[i] & CIL_SYN_N_LISTS || s[i] & CIL_SYN_N_STRINGS) { - if (c == NULL) { - if (num_extras > 0) { - i++; - continue; + while (i < len && c != NULL) { + if (s[i] & CIL_SYN_STRING && c->data != NULL && c->cl_head == NULL) { + c = c->next; + i++; + } else if (s[i] & CIL_SYN_LIST && c->data == NULL && c->cl_head != NULL) { + c = c->next; + i++; + } else if (s[i] & CIL_SYN_EMPTY_LIST && c->data == NULL && c->cl_head == NULL) { + c = c->next; + i++; + } else if (s[i] & CIL_SYN_N_LISTS || s[i] & CIL_SYN_N_STRINGS) { + while (c != NULL) { + if (s[i] & CIL_SYN_N_LISTS && c->data == NULL && c->cl_head != NULL) { + c = c->next; + } else if (s[i] & CIL_SYN_N_STRINGS && c->data != NULL && c->cl_head == NULL) { + c = c->next; } else { goto exit; } - } else if ((s[i] & CIL_SYN_N_LISTS) && (c->data == NULL && c->cl_head != NULL)) { - c = c->next; - num_extras++; - continue; - } else if ((s[i] & CIL_SYN_N_STRINGS) && (c->data != NULL && c->cl_head == NULL)) { - c = c->next; - num_extras++; - continue; } - } - - if (c == NULL) { + i++; + break; /* Only CIL_SYN_END allowed after these */ + } else { goto exit; } + } - if (s[i] & CIL_SYN_STRING) { - if (c->data != NULL && c->cl_head == NULL) { - c = c->next; - i++; - continue; - } - } - - if (s[i] & CIL_SYN_LIST) { - if (c->data == NULL && c->cl_head != NULL) { - c = c->next; - i++; - continue; - } - } - - if (s[i] & CIL_SYN_EMPTY_LIST) { - if (c->data == NULL && c->cl_head == NULL) { - c = c->next; - i++; - continue; - } - } - goto exit; + if (i < len && s[i] & CIL_SYN_END && c == NULL) { + return SEPOL_OK; } - return SEPOL_OK; exit: cil_log(CIL_ERR, "Invalid syntax\n"); - return rc; + return SEPOL_ERR; } int cil_verify_expr_syntax(struct cil_tree_node *current, enum cil_flavor op, enum cil_flavor expr_flavor)