From patchwork Tue Nov 28 18:23:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13471526 X-Patchwork-Delegate: plautrba@redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com header.b="T/KcrVdR" Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com [IPv6:2a00:1450:4864:20::130]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BE7D8F4 for ; Tue, 28 Nov 2023 10:23:41 -0800 (PST) Received: by mail-lf1-x130.google.com with SMTP id 2adb3069b0e04-507a29c7eefso7625701e87.1 for ; Tue, 28 Nov 2023 10:23:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20230601; t=1701195820; x=1701800620; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=KFyQ53dDVlwujwxUmvBXTBWl0nCizpACNjGojvAvwQg=; b=T/KcrVdRwUh79e38mCr4wKRJT6vxiIZcnuBURvFLsnnFwSnajrrmKQUdKgF4E3YE5u QrWdjy8RRtXSP7z2hTucKUZBCA7e+Pakh9mJrL5xdfuaRo69LhvrJ4+S4v3HVLLgAS+9 YNy1e0UbU93kdVuRN3e/LCNAXmhwjVbXw+JqbsSXWkS0T6aXzxCoExyvm7AaFNQkOneG 0wqf3l6vkckqrwRFQ5HVNIv8cKMZc7L4hnFd4YwPion2gz/tEdC3plhAPxWlR8g8i1by Tz7kVAp8f9QcVRm1Knmy24+cycA7NcTtDR0RatB+IgJc2ajlg1WWf1ulxhMOsqy8ADnm H7ig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701195820; x=1701800620; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=KFyQ53dDVlwujwxUmvBXTBWl0nCizpACNjGojvAvwQg=; b=Oq4sSupOXWsZCkBN+AKs6sCd+eYmyQCKVzWRLLIt4scME7yJ9IVs9scBsvqYmC6AHs 0un4OetCDjd3LnUBCpF0wK7OqeyTTDYYr5Sxotf9P/TENHVYdZs3dV7x+BXXL+lC9RXL yn/yxpxppvJxLo2sDHs5TJMPt03L83yLLVf1+1ufH93wVyNtsFt0e7+bdiSekqKh1YOI ITquNNwcz7EaLnHJJXjaL50F1MgArGAiJbeg2eBNn7e3HqwJ5yf+Y1nBrV2YJ53ffNGC C65gMcggdrVZGIXvp3kxEFg87uw60GAdTwg219F+04SCB1XiVu1eB+KWyiSL4cJuHOGl G4LQ== X-Gm-Message-State: AOJu0YyOctJ3Ebct98VYO5Fey8jEugk6oJqQ96cCgq0XhW9GOrb9T8oW 8qOQTR+4NvG/SaOJEvUPV8ACRCqpCRI= X-Google-Smtp-Source: AGHT+IGrxBVQvv6xPeCvW2T6OyKiPzf+gZ7RJK2WlmRyPPkFyYAQdgKwIV8YWBZQlBfByOGdBAB6rw== X-Received: by 2002:a19:ac47:0:b0:509:2b82:385c with SMTP id r7-20020a19ac47000000b005092b82385cmr6853950lfc.61.1701195819856; Tue, 28 Nov 2023 10:23:39 -0800 (PST) Received: from debian_development.DebianHome (dynamic-077-003-184-154.77.3.pool.telefonica.de. [77.3.184.154]) by smtp.gmail.com with ESMTPSA id v11-20020a1709067d8b00b009dddec5a96fsm7122024ejo.170.2023.11.28.10.23.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 10:23:39 -0800 (PST) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 1/7] libsepol: validate conditional type rules have a simple default type Date: Tue, 28 Nov 2023 19:23:28 +0100 Message-ID: <20231128182334.57740-1-cgzones@googlemail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Similar to unconditional avtab keys check the default type of type av rules are a simple type, not an attribute. Since extended permission rules are not allowed in conditional policies this check does not need to be performed. Signed-off-by: Christian Göttsche Acked-by: James Carter --- libsepol/src/policydb_validate.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 8b87675f..c2f19fa0 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -885,14 +885,21 @@ static int validate_cond_av_list(sepol_handle_t *handle, const cond_av_list_t *c for (; cond_av; cond_av = cond_av->next) { for (avtab_ptr = cond_av->node; avtab_ptr; avtab_ptr = avtab_ptr->next) { - if (validate_avtab_key(&avtab_ptr->key, 1, p, flavors)) { - ERR(handle, "Invalid cond av list"); - return -1; - } + const avtab_key_t *key = &avtab_ptr->key; + const avtab_datum_t *datum = &avtab_ptr->datum; + + if (validate_avtab_key(key, 1, p, flavors)) + goto bad; + if ((key->specified & AVTAB_TYPE) && validate_simpletype(datum->data, p, flavors)) + goto bad; } } return 0; + +bad: + ERR(handle, "Invalid cond av list"); + return -1; } static int validate_avrules(sepol_handle_t *handle, const avrule_t *avrule, int conditional, const policydb_t *p, validate_t flavors[]) From patchwork Tue Nov 28 18:23:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13471528 X-Patchwork-Delegate: plautrba@redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com header.b="f4/a3D5c" Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EDB62137 for ; Tue, 28 Nov 2023 10:23:41 -0800 (PST) Received: by mail-ej1-x62e.google.com with SMTP id a640c23a62f3a-a06e59384b6so747675766b.1 for ; Tue, 28 Nov 2023 10:23:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20230601; t=1701195820; x=1701800620; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=TFDLLt/375wCQgHOdKHJ5Anh2TUSppV9LZ8vI/kMKUw=; b=f4/a3D5cfGSKGJqax2ONZHwGCj7gqpY8Y3E+LNjDjPRE17s7NGbLsb6Q6Z4/AaN0CD YBwNb8iy8+4h2CipMVsp4OFfQPM4LIYWbUrYZeqdKtr7H8jLmF7f62yKy+Jtef7EjQU/ L0cNeuIzX5SaXRZ8ruXNaYkfivT28wks/EOlQgktImHpfqhWunQEJrZ8q4B3yxWjP0ST iflSVyIgdyhiBqCZYKY4hTtMrcjvPp5/8lrqJJG02CB15ifs2ipL2REYirb6Szl5tmYU Y5KD2LTbhN6lepnmhc1Wqb6CsugQUP56v4lWgxoFoimR4y3/2jXdT9Y23gNDQukg6P5T 3bmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701195820; x=1701800620; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=TFDLLt/375wCQgHOdKHJ5Anh2TUSppV9LZ8vI/kMKUw=; b=BWaDTA3LKx1m/RSK/qFqTGM3xEPwcTpz7P/XvcdZ94yAL41Zv8R/UO1wDdagiCK2kA wCuOjlhey+0XZA3ga5vfwRCCflZxerzAHnpFuf5XiQOjuC5wuwQrBPeWU68x/cOYRMaU WxsQsUHefLjDU3QNz246v+0rIG976H+1wHG5Fof7IBgfpOVFXs5/3B7/l9mju7wKSXTm JwDIw1zKklZRkAKRZqiQC4tLHa6h8RAIc6lX32EMpBcxHHZ0v60XHc23GHgfWw21ycIC CcxefI8LAqYVxR9CU1ADGNfYd9lEDbhvgAacbvfn5vrHAi7rsc9K+Mo/m6ef1rZh+1N/ 0Dyw== X-Gm-Message-State: AOJu0Yz41DMpoxbY/2XJv+kOaFONZ1Q+Oy3JbMNwwRUs/5EBEZbtJLWG DDABI96JWbF4Ip1C3CybVlxb9pEaptA= X-Google-Smtp-Source: AGHT+IFi10z/6a+jL6/YJtfbSZwNCEudJlBPpd1aPvXyD75U3SKaBJ723x+K8PMYZxMHGgNcs6TKkA== X-Received: by 2002:a17:906:39c9:b0:a01:d364:ddaf with SMTP id i9-20020a17090639c900b00a01d364ddafmr11190168eje.51.1701195820320; Tue, 28 Nov 2023 10:23:40 -0800 (PST) Received: from debian_development.DebianHome (dynamic-077-003-184-154.77.3.pool.telefonica.de. [77.3.184.154]) by smtp.gmail.com with ESMTPSA id v11-20020a1709067d8b00b009dddec5a96fsm7122024ejo.170.2023.11.28.10.23.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 10:23:40 -0800 (PST) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 2/7] libsepol: use correct type to avoid truncations Date: Tue, 28 Nov 2023 19:23:29 +0100 Message-ID: <20231128182334.57740-2-cgzones@googlemail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231128182334.57740-1-cgzones@googlemail.com> References: <20231128182334.57740-1-cgzones@googlemail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Avoid truncations of the read 32 bit unsigned integer: conditional.c:764:8: runtime error: implicit conversion from type 'uint32_t' (aka 'unsigned int') of value 3758096384 (32-bit, unsigned) to type 'int' changed the value to -536870912 (32-bit, signed) conditional.c:831:8: runtime error: implicit conversion from type 'uint32_t' (aka 'unsigned int') of value 4280295456 (32-bit, unsigned) to type 'int' changed the value to -14671840 (32-bit, signed) Signed-off-by: Christian Göttsche --- libsepol/src/conditional.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c index 24380ea0..420c7b6c 100644 --- a/libsepol/src/conditional.c +++ b/libsepol/src/conditional.c @@ -746,8 +746,8 @@ static int expr_isvalid(policydb_t * p, cond_expr_t * expr) static int cond_read_node(policydb_t * p, cond_node_t * node, void *fp) { - uint32_t buf[2]; - int len, i, rc; + uint32_t buf[2], i, len; + int rc; cond_expr_t *expr = NULL, *last = NULL; rc = next_entry(buf, fp, sizeof(uint32_t)); @@ -821,8 +821,8 @@ static int cond_read_node(policydb_t * p, cond_node_t * node, void *fp) int cond_read_list(policydb_t * p, cond_list_t ** list, void *fp) { cond_node_t *node, *last = NULL; - uint32_t buf[1]; - int i, len, rc; + uint32_t buf[1], i, len; + int rc; rc = next_entry(buf, fp, sizeof(uint32_t)); if (rc < 0) From patchwork Tue Nov 28 18:23:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13471527 X-Patchwork-Delegate: plautrba@redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com header.b="YHzTxlAh" Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5A4C418D for ; Tue, 28 Nov 2023 10:23:42 -0800 (PST) Received: by mail-ed1-x52b.google.com with SMTP id 4fb4d7f45d1cf-543456dbd7bso74585a12.1 for ; Tue, 28 Nov 2023 10:23:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20230601; t=1701195821; x=1701800621; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=+RnimM5kvNkVrioMB7LfLRR0IMws4pz6347/ilPQEl8=; b=YHzTxlAhMO8CNdxHKlG0cpZGbBVOdY3A6/s+h0ZczCQ9064Z0gnedB8MMAy3PBkcdf tpRCbeh9ZZZVr/z+x2tvdwXEmjFxcaRIOrW1Mf0lGQ6V6TeUUHUGb6jEwlxKTTcmrl6y 1P42v2W56rlZTJMkAGwzaDBWKXB7Ri5AEDkdJbe7P8HPCd6qTVvvFyG1HGC99RTqJqUp hAMwkuoCm7+woQaL5Vl3kgr95iBEoiWP1tMt3X1b8fQKm32IIAcF8nT/UIOZWOlo3XQs 3OnOJzvA+pld9vYpR77uWRUadjAidtHDMffGcZGwYy5DjaHcxHqSOs4JW7wW33PAHg6A F69Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701195821; x=1701800621; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+RnimM5kvNkVrioMB7LfLRR0IMws4pz6347/ilPQEl8=; b=Xiw4DX3VT5DnJaHLhI8KkdneVbgqcH0QHcZRQgmklyXuYqwn2rdR4FjD2CaaAcx4JS 6/pYWp1K3FHppLnVkeEIddnw0JDVcpGca3rrOAjDKeW5He1Ft+Uq4H78U1bCZQJUrhd/ zJhxR/J7ffkYI7V/sMagpgQFfmffwL+ikVh7LCEOp65Ngs7fDOgFc7QHENfhUi/dQq8R 91Vx1vwDVUEcevCSp3ASX1PoS7PcKstMVNzbi7q/ONHsPwvFbifkR3fvwQD5KwYxPCjk Fy5L8tbLyLko3XSCp8GyjlRGtMIJt50C/wYtsF3evMvizc0BvPwITpbR6YSjYA4Rgb3K IsZQ== X-Gm-Message-State: AOJu0YwsOYdPs7IGqou+DofayzxeuWittAF09oVZv+FjGviOdQGlKmd4 uCIQQ4Htw3q1MlDArj5IoMTw9hM+Xm8= X-Google-Smtp-Source: AGHT+IE+J1Pd4Go84bDd/90cHhPV+Q+baouxkyIMazLEMxf+9LxSQwwjBV93qXBdIjI0nmHJxt4uZA== X-Received: by 2002:a17:906:3ca:b0:9fe:ae1b:77bc with SMTP id c10-20020a17090603ca00b009feae1b77bcmr14289602eja.34.1701195820753; Tue, 28 Nov 2023 10:23:40 -0800 (PST) Received: from debian_development.DebianHome (dynamic-077-003-184-154.77.3.pool.telefonica.de. [77.3.184.154]) by smtp.gmail.com with ESMTPSA id v11-20020a1709067d8b00b009dddec5a96fsm7122024ejo.170.2023.11.28.10.23.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 10:23:40 -0800 (PST) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 3/7] checkpolicy/dismod: avoid duplicate initialization and fix module linking Date: Tue, 28 Nov 2023 19:23:30 +0100 Message-ID: <20231128182334.57740-3-cgzones@googlemail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231128182334.57740-1-cgzones@googlemail.com> References: <20231128182334.57740-1-cgzones@googlemail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Avoid duplicate policydb initialization when reading a kernel policy. One caller, main(), already performs the initialization. The other one, link_module(), needs to do it also for the module policy case. Also set the target platform to enable module linking. Signed-off-by: Christian Göttsche --- checkpolicy/test/dismod.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/checkpolicy/test/dismod.c b/checkpolicy/test/dismod.c index 9f4a669b..ac2d61d2 100644 --- a/checkpolicy/test/dismod.c +++ b/checkpolicy/test/dismod.c @@ -824,10 +824,6 @@ static int read_policy(char *filename, policydb_t * policy, int verbose) package->policy = NULL; sepol_module_package_free(package); } else { - if (policydb_init(policy)) { - fprintf(stderr, "%s: Out of memory!\n", __FUNCTION__); - exit(1); - } retval = policydb_read(policy, &f, verbose); } fclose(in_fp); @@ -856,9 +852,15 @@ static void link_module(policydb_t * base, FILE * out_fp, int verbose) return; } + if (policydb_init(mods)) { + fprintf(stderr, "Out of memory!\n"); + exit(1); + } + /* read the binary policy */ if (verbose) fprintf(out_fp, "Reading module...\n"); + policydb_set_target_platform(mods, base->target_platform); if (read_policy(module_name, mods, verbose)) { fprintf(stderr, "%s: error(s) encountered while loading policy\n", From patchwork Tue Nov 28 18:23:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13471530 X-Patchwork-Delegate: plautrba@redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com header.b="I7HaYSmP" Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CDC01194 for ; Tue, 28 Nov 2023 10:23:42 -0800 (PST) Received: by mail-ed1-x52c.google.com with SMTP id 4fb4d7f45d1cf-54af0eca12dso6320249a12.3 for ; Tue, 28 Nov 2023 10:23:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20230601; t=1701195821; x=1701800621; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=KTylBJVMK9XMzuJdFv2XBicAbgdq4KMsxu6TmPMJlCk=; b=I7HaYSmPrEUbmdx4plL9RuSeI/CBMqwrqMTEzS2YTK4HwUgj+2ajaVV2Cjyr4nGLBl +cBdYadNl7k1ph8qFrFLpfYDWS3LUw0rp1SXSFxzA/AKgcKTf6zG6hEz5VZs5AImLaSZ L4zVgiePGfHiMSUQzK0NDNg/1yie3N8whTLIDg3t+aa4+7d5WAWIsJCfZ9RrSBcLu5Cr dr/Kjlp0vKewq/izILgNyfDcJiVX3kR+HEvwrukW54Onnuywmz4Uz+tBS883bMdYyowi ALL678EK+5RtLLhxUs8bbNy2Jv0Lv4icYTIYMSyePK74WQHISjaq+o2MVce/oJsNf8fn db0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701195821; x=1701800621; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=KTylBJVMK9XMzuJdFv2XBicAbgdq4KMsxu6TmPMJlCk=; b=gMzi1lN1ksC8nEZWoxNttNRPg1VA5sa6Y9dHeuB5P3kYxLOFovtPDm/d0MFpj7p/cW TNR4Wu/PY/ykL/wDs+q2Ious/JJHDFPQU0kr4ROSr2eH2y/6QOe603GqzhH7SuOVonZ4 dn+thvgBu8U9T5G8TYHLAuf6/4x0x+WK/A81cgpjpXsfL/utNZCacNbMH5j09peDN/Wu GBMEdMov6g+2kshXe6m/Vh2ZsmW+1E6MiTDhR81QI9MHNyQW6mu46damwGOiPF2vKQjR pLedxkJNU8UlLo0571R1rfPgn9QqAoc4JYiKCmS6AGbE1gn3bXL3BYd4UDXzL0Os51QO BhFQ== X-Gm-Message-State: AOJu0YxCw5ek6wFzR6i4oenjGtBlAvztbFHjLE5g4B+0dCWukCi0VLry 1EDJXs1fZNg4+avSE3iCaZ+6+LzAWsc= X-Google-Smtp-Source: AGHT+IEOJnuvWOjuv6cD2hXpBfuyxtw/yh59oafJHPK2glDt0NbKbiFeiDmZp3cT1pvDBKP/fWA5gA== X-Received: by 2002:a17:907:d30c:b0:9ae:699d:8a2a with SMTP id vg12-20020a170907d30c00b009ae699d8a2amr14557996ejc.5.1701195821247; Tue, 28 Nov 2023 10:23:41 -0800 (PST) Received: from debian_development.DebianHome (dynamic-077-003-184-154.77.3.pool.telefonica.de. [77.3.184.154]) by smtp.gmail.com with ESMTPSA id v11-20020a1709067d8b00b009dddec5a96fsm7122024ejo.170.2023.11.28.10.23.40 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 10:23:41 -0800 (PST) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 4/7] checkpolicy/dispol: misc updates Date: Tue, 28 Nov 2023 19:23:31 +0100 Message-ID: <20231128182334.57740-4-cgzones@googlemail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231128182334.57740-1-cgzones@googlemail.com> References: <20231128182334.57740-1-cgzones@googlemail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 * add option to display users * drop duplicate option to display booleans * show number of entries before listing them * drop global variable Signed-off-by: Christian Göttsche --- checkpolicy/test/dispol.c | 53 +++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 25 deletions(-) diff --git a/checkpolicy/test/dispol.c b/checkpolicy/test/dispol.c index 944ef7ec..02cb9499 100644 --- a/checkpolicy/test/dispol.c +++ b/checkpolicy/test/dispol.c @@ -33,9 +33,7 @@ #include #include -static policydb_t policydb; - -static struct command { +static const struct command { enum { EOL = 0, HEADER = 1, @@ -50,7 +48,6 @@ static struct command { {CMD, '2', "display conditional AVTAB (entirely)"}, {CMD, '3', "display conditional AVTAB (only ENABLED rules)"}, {CMD, '4', "display conditional AVTAB (only DISABLED rules)"}, - {CMD, '5', "display conditional bools"}, {CMD, '6', "display conditional expressions"}, {CMD|NOOPT, '7', "change a boolean value"}, {CMD, '8', "display role transitions"}, @@ -58,11 +55,12 @@ static struct command { {CMD, 'c', "display policy capabilities"}, {CMD, 'b', "display booleans"}, {CMD, 'C', "display classes"}, + {CMD, 'u', "display users"}, {CMD, 'r', "display roles"}, {CMD, 't', "display types"}, {CMD, 'a', "display type attributes"}, {CMD, 'p', "display the list of permissive types"}, - {CMD, 'u', "display unknown handling setting"}, + {CMD, 'U', "display unknown handling setting"}, {CMD, 'F', "display filename_trans rules"}, {HEADER, 0, ""}, {CMD|NOOPT, 'f', "set output file"}, @@ -234,17 +232,6 @@ static int display_avtab(avtab_t * a, uint32_t what, policydb_t * p, FILE * fp) return 0; } -static int display_bools(policydb_t * p, FILE * fp) -{ - unsigned int i; - - for (i = 0; i < p->p_bools.nprim; i++) { - fprintf(fp, "%s : %d\n", p->p_bool_val_to_name[i], - p->bool_val_to_struct[i]->state); - } - return 0; -} - static void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp) { @@ -313,6 +300,8 @@ static int display_handle_unknown(policydb_t * p, FILE * out_fp) fprintf(out_fp, "Deny unknown classes and permissions\n"); else if (p->handle_unknown == REJECT_UNKNOWN) fprintf(out_fp, "Reject unknown classes and permissions\n"); + else + fprintf(out_fp, "\n"); return 0; } @@ -334,7 +323,7 @@ static int display_booleans(policydb_t * p, FILE *fp) { uint32_t i; - fprintf(fp, "booleans:\n"); + fprintf(fp, "booleans (#%u):\n", p->p_bools.table->nel); for (i = 0; i < p->p_bools.nprim; i++) { fprintf(fp, "\t%s : %d\n", p->p_bool_val_to_name[i], p->bool_val_to_struct[i]->state); @@ -364,7 +353,7 @@ static int display_classes(policydb_t * p, FILE *fp) { uint32_t i; - fprintf(fp, "classes:\n"); + fprintf(fp, "classes (#%u):\n", p->p_classes.table->nel); for (i = 0; i < p->p_classes.nprim; i++) { if (!p->p_class_val_to_name[i]) continue; @@ -386,7 +375,7 @@ static void display_permissive(policydb_t *p, FILE *fp) ebitmap_node_t *node; unsigned int i; - fprintf(fp, "permissive sids:\n"); + fprintf(fp, "permissive sids (#%u):\n", ebitmap_cardinality(&p->permissive_map)); ebitmap_for_each_positive_bit(&p->permissive_map, node, i) { fprintf(fp, "\t"); display_id(p, fp, SYM_TYPES, i - 1, ""); @@ -394,11 +383,25 @@ static void display_permissive(policydb_t *p, FILE *fp) } } +static int display_users(policydb_t * p, FILE *fp) +{ + uint32_t i; + + fprintf(fp, "users (#%u):\n", p->p_users.table->nel); + for (i = 0; i < p->p_users.nprim; i++) { + if (!p->p_user_val_to_name[i]) + continue; + + fprintf(fp, "\t%s\n", p->p_user_val_to_name[i]); + } + return 0; +} + static int display_roles(policydb_t * p, FILE *fp) { uint32_t i; - fprintf(fp, "roles:\n"); + fprintf(fp, "roles (#%u):\n", p->p_roles.table->nel); for (i = 0; i < p->p_roles.nprim; i++) { if (!p->p_role_val_to_name[i]) continue; @@ -412,7 +415,7 @@ static int display_types(policydb_t * p, FILE *fp) { uint32_t i; - fprintf(fp, "types:\n"); + fprintf(fp, "types (out of #%u):\n", p->p_types.table->nel); for (i = 0; i < p->p_types.nprim; i++) { if (!p->p_type_val_to_name[i]) continue; @@ -429,7 +432,7 @@ static int display_attributes(policydb_t * p, FILE *fp) { uint32_t i; - fprintf(fp, "attributes:\n"); + fprintf(fp, "attributes (out of #%u):\n", p->p_types.table->nel); for (i = 0; i < p->p_types.nprim; i++) { if (!p->p_type_val_to_name[i]) continue; @@ -522,6 +525,7 @@ int main(int argc, char **argv) char *name; int state; struct policy_file pf; + policydb_t policydb; if (argc < 2 || strcmp(argv[1], "-h") == 0 || strcmp(argv[1], "--help") == 0) usage(argv[0]); @@ -616,9 +620,6 @@ int main(int argc, char **argv) display_avtab(&policydb.te_cond_avtab, RENDER_DISABLED, &policydb, out_fp); break; - case '5': - display_bools(&policydb, out_fp); - break; case '6': display_cond_expressions(&policydb, out_fp); break; @@ -678,6 +679,8 @@ int main(int argc, char **argv) display_types(&policydb, out_fp); break; case 'u': + display_users(&policydb, out_fp); + break; case 'U': display_handle_unknown(&policydb, out_fp); break; From patchwork Tue Nov 28 18:23:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13471529 X-Patchwork-Delegate: plautrba@redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com header.b="h6sPjcF3" Received: from mail-ej1-x632.google.com (mail-ej1-x632.google.com [IPv6:2a00:1450:4864:20::632]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 66113D63 for ; Tue, 28 Nov 2023 10:23:43 -0800 (PST) Received: by mail-ej1-x632.google.com with SMTP id a640c23a62f3a-9fa2714e828so799332166b.1 for ; Tue, 28 Nov 2023 10:23:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20230601; t=1701195822; x=1701800622; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=+y4ySQ75FEkbGcypJPO7ndJB+RNgGPOpkBKbmn80fzI=; b=h6sPjcF3nWKlnzPhDXOq/sGOmq5ZauQ60sFUwZv4g6DRnHkaBGi1IAWzsp2owdcpcd 6BZhqWeE5CCKYtcWEOZZNGxnrtZAqFFPHFJSxM2zfhqpL5x9jTj+PiQN16Y2al9FcUCt gkNgSp4x6IdW6m8aQd6Z17Ag9hR2cWq+m433rRO2G7DvatAp4juG2QPoxABUlrUNplTN bm7S7GUvVA9tT5dI9eYyBzhuAvxhYqzm10BWsQdTB0buxWYh/J+VeHFOg4VDpQvaa0tq bQ/bnuJUFg96+1GQt+RSBeT0eR0RqVLoa+kgLWKTbD3V+gUPUxQpA58aERLhrLrNSaRT 6kdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701195822; x=1701800622; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=+y4ySQ75FEkbGcypJPO7ndJB+RNgGPOpkBKbmn80fzI=; b=kofHxkjUOsYDkbxA1hEDUvTBdGImjDVpudYiPRUsLDZuLYk5NUL9V0PrAYQluozRfI zGFqHobb1WntxhdxbLhZQxKXCGfjPPdMELpmqBJ0/00F38TkNtmiAStZTvvlRXL3aN4O Cqq/1NhAZMVx+AiS4dUjtG9nAFzUcAMlKxivM0CxZNWfxJHM1fcILHKlcF5dxd4RiMFG 4ld6xrfVLLjMfL3vMAcAzPAljBQ4m5LJ7b8V5Yb+TPx1qY/NDo1daE9+dLTTUCotsEkL xpCFV+QiWSj9DbLKpZfrZpOqLYy/2RmYs0exmUMm3kH9jFHKkdEldfdRm89b6d6L9Qei HVmA== X-Gm-Message-State: AOJu0YzYDYk7aQhEKbhbdmRbys1H+GlMMm615fi8nmrHUaL8NxEoqrOH 9bpvWXzbS3AsWb6SxJhEOg12+4KZRYY= X-Google-Smtp-Source: AGHT+IHIQy3v7Kooe1OH8MZfSBEuNKuj9v7vkbkQ7xeUGO/RYaqF3HFlwnwyxGfJDX2CwzFF8npiHA== X-Received: by 2002:a17:906:590e:b0:a04:837e:a955 with SMTP id h14-20020a170906590e00b00a04837ea955mr11071655ejq.32.1701195821678; Tue, 28 Nov 2023 10:23:41 -0800 (PST) Received: from debian_development.DebianHome (dynamic-077-003-184-154.77.3.pool.telefonica.de. [77.3.184.154]) by smtp.gmail.com with ESMTPSA id v11-20020a1709067d8b00b009dddec5a96fsm7122024ejo.170.2023.11.28.10.23.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 10:23:41 -0800 (PST) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 5/7] libsepol: reject invalid class datums Date: Tue, 28 Nov 2023 19:23:32 +0100 Message-ID: <20231128182334.57740-5-cgzones@googlemail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231128182334.57740-1-cgzones@googlemail.com> References: <20231128182334.57740-1-cgzones@googlemail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Internally class values are stored in multiple placed in a 16-bit wide integer. Reject class values exceeding the maximum representable value. This avoids truncations in the helper policydb_string_to_security_class(), which gets called before validation of the policy: policydb.c:4082:9: runtime error: implicit conversion from type 'uint32_t' (aka 'unsigned int') of value 2113929220 (32-bit, unsigned) to type 'sepol_security_class_t' (aka 'unsigned short') changed the value to 4 (16-bit, unsigned) Signed-off-by: Christian Göttsche --- libsepol/src/policydb.c | 2 ++ libsepol/src/policydb_validate.c | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index 6ba4f916..f10a8a95 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -2255,6 +2255,8 @@ static int class_read(policydb_t * p, hashtab_t h, struct policy_file *fp) len2 = le32_to_cpu(buf[1]); cladatum->s.value = le32_to_cpu(buf[2]); + if (cladatum->s.value > UINT16_MAX) + goto bad; if (symtab_init(&cladatum->permissions, PERM_SYMTAB_SIZE)) goto bad; diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index c2f19fa0..bd8e9f8f 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -389,7 +389,7 @@ static int validate_common_datum_wrapper(__attribute__((unused)) hashtab_key_t k static int validate_class_datum(sepol_handle_t *handle, const class_datum_t *class, validate_t flavors[]) { - if (validate_value(class->s.value, &flavors[SYM_CLASSES])) + if (class->s.value > UINT16_MAX || validate_value(class->s.value, &flavors[SYM_CLASSES])) goto bad; if (class->comdatum && validate_common_datum(handle, class->comdatum, flavors)) goto bad; From patchwork Tue Nov 28 18:23:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13471531 X-Patchwork-Delegate: plautrba@redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com header.b="BEBSzL/P" Received: from mail-ej1-x630.google.com (mail-ej1-x630.google.com [IPv6:2a00:1450:4864:20::630]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CBCE3198D for ; Tue, 28 Nov 2023 10:23:43 -0800 (PST) Received: by mail-ej1-x630.google.com with SMTP id a640c23a62f3a-a06e59384b6so747678766b.1 for ; Tue, 28 Nov 2023 10:23:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20230601; t=1701195822; x=1701800622; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=cj9FetK8TalEgOQpXVo2+OvMnhwk3+C5zhLDmMJmnec=; b=BEBSzL/PW/lInsxjtocu04C99GlGjsJUNlUu8nEkNYcNs7gJjBwZ0zOUJAeoEnymYc 5gFLYkWHRrLbpcsf7EBDnBdXy4tnPgRG8tMznOar6B8tYceboig1/7nu7dscmYa4Sx6N OUKE+07AwOAjIA07+zZ+bFmEAPQBaxwUL97VDQNCoIaKWp4ATWA5EPicvbT7fyvlG2WI gk0bApbtXU+ZaO4fPp9fwaRobACe52k83T7qmb2nAa0rxAYxvUqxPz/C0VkfLbVYkH1R FT4OJP4cMZZpcFcoA804GpPRuqJRu9XOo/CjM5FBGbxyfCnNy67p/ho92K4JnB7+pvzt nM9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701195822; x=1701800622; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=cj9FetK8TalEgOQpXVo2+OvMnhwk3+C5zhLDmMJmnec=; b=LSbQyv+6TbSZJCauuvpC2p2TLSXhjf5hgpKtw0H1893a9gCZYM7sigrwKEXSnCjrj8 AsPJtnqkmK7xpaHY28YIGKlsDepaM7Lo1VUOuyXWR6XTHfeJt1P3c/yRHmow28goFImq UiAaxm8p9//VRFizNAB7UetzfbfOJEo8w19DFZ8+m0H5lz8Y8j9UG3orxC9sos4qSyl8 tX6q3am1lPGClM1v3y2teA3o/Yyy3cOQxCZhTkB+EPukU7kCam82xoa39p21PIU7+iCE zQBPVu7im7ZlI6pkUY0SvdFpRp5CbMf58w7FQYvufRFgqQDsG+cHYQVzMJI5ZOp3Rars C/UQ== X-Gm-Message-State: AOJu0YwoGnMUk8kdaIZ0msz5fnkV2z4pi3PGW8maudvmk7cuinugKinP fp6YdR95gdek6nUYurZwkfWWyhMf+Ls= X-Google-Smtp-Source: AGHT+IGyvWeOw539g0Z/XGiybTvZEY56ILoeIbq8vdkzKHIxcU0Z5nFdtMgeL3iwsdzEHyFFd+SqQA== X-Received: by 2002:a17:906:20d7:b0:a0f:44c6:8eb5 with SMTP id c23-20020a17090620d700b00a0f44c68eb5mr6388436ejc.22.1701195822122; Tue, 28 Nov 2023 10:23:42 -0800 (PST) Received: from debian_development.DebianHome (dynamic-077-003-184-154.77.3.pool.telefonica.de. [77.3.184.154]) by smtp.gmail.com with ESMTPSA id v11-20020a1709067d8b00b009dddec5a96fsm7122024ejo.170.2023.11.28.10.23.41 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 10:23:41 -0800 (PST) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 6/7] libsepol/fuzz: handle empty and non kernel policies Date: Tue, 28 Nov 2023 19:23:33 +0100 Message-ID: <20231128182334.57740-6-cgzones@googlemail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231128182334.57740-1-cgzones@googlemail.com> References: <20231128182334.57740-1-cgzones@googlemail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Do not check assertions for policies without any av rules. Only output kernel policies in traditional and CIL format. Perform hierarchy constraint checks. Try to link, expand and output base module policies. Also rework argument passing of verbose flags to improve debugging usability. Reported-by: oss-fuzz (issues 64515, 64531) Signed-off-by: Christian Göttsche --- libsepol/fuzz/binpolicy-fuzzer.c | 53 +++++++++++++++++++++++++++----- 1 file changed, 45 insertions(+), 8 deletions(-) diff --git a/libsepol/fuzz/binpolicy-fuzzer.c b/libsepol/fuzz/binpolicy-fuzzer.c index 79d42b0e..c21241ed 100644 --- a/libsepol/fuzz/binpolicy-fuzzer.c +++ b/libsepol/fuzz/binpolicy-fuzzer.c @@ -1,12 +1,20 @@ #include #include #include +#include +#include +#include #include extern int policydb_validate(sepol_handle_t *handle, const policydb_t *p); extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); + +// set to 1 to enable more verbose libsepol logging +#define VERBOSE 0 + + static int write_binary_policy(policydb_t *p, FILE *outfp) { struct policy_file pf; @@ -19,12 +27,12 @@ static int write_binary_policy(policydb_t *p, FILE *outfp) int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - policydb_t policydb = {}; + policydb_t policydb = {}, out = {}; sidtab_t sidtab = {}; struct policy_file pf; FILE *devnull = NULL; - sepol_debug(0); + sepol_debug(VERBOSE); policy_file_init(&pf); pf.type = PF_USE_MEMORY; @@ -34,7 +42,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) if (policydb_init(&policydb)) goto exit; - if (policydb_read(&policydb, &pf, /*verbose=*/0)) + if (policydb_read(&policydb, &pf, VERBOSE)) goto exit; if (policydb_load_isids(&policydb, &sidtab)) @@ -47,7 +55,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) abort(); } - (void) check_assertions(NULL, &policydb, policydb.global->branch_list->avrules); + if (policydb.global->branch_list) + (void) check_assertions(NULL, &policydb, policydb.global->branch_list->avrules); + + (void) hierarchy_check_constraints(NULL, &policydb); devnull = fopen("/dev/null", "we"); if (!devnull) @@ -56,16 +67,42 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) if (write_binary_policy(&policydb, devnull)) abort(); - if (sepol_kernel_policydb_to_conf(devnull, &policydb)) - abort(); + if (policydb.policy_type == POLICY_KERN) { + if (sepol_kernel_policydb_to_conf(devnull, &policydb)) + abort(); - if (sepol_kernel_policydb_to_cil(devnull, &policydb)) - abort(); + if (sepol_kernel_policydb_to_cil(devnull, &policydb)) + abort(); + + } else if (policydb.policy_type == POLICY_BASE) { + if (link_modules(NULL, &policydb, NULL, 0, VERBOSE)) + goto exit; + + if (policydb_init(&out)) + goto exit; + + if (expand_module(NULL, &policydb, &out, VERBOSE, /*check_assertions=*/0)) + goto exit; + + (void) check_assertions(NULL, &out, out.global->branch_list->avrules); + (void) hierarchy_check_constraints(NULL, &out); + + if (write_binary_policy(&out, devnull)) + abort(); + + if (sepol_kernel_policydb_to_conf(devnull, &out)) + abort(); + + if (sepol_kernel_policydb_to_cil(devnull, &out)) + abort(); + + } exit: if (devnull != NULL) fclose(devnull); + policydb_destroy(&out); policydb_destroy(&policydb); sepol_sidtab_destroy(&sidtab); From patchwork Tue Nov 28 18:23:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13471532 X-Patchwork-Delegate: plautrba@redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com header.b="Egc0n0R1" Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5F5769D for ; Tue, 28 Nov 2023 10:23:44 -0800 (PST) Received: by mail-lf1-x12c.google.com with SMTP id 2adb3069b0e04-50bc2e7f1e4so202421e87.1 for ; Tue, 28 Nov 2023 10:23:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20230601; t=1701195822; x=1701800622; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=wbuVTEiIzJiwIo7dN8hiU8dK38A8G5i3SvER6EcQWBI=; b=Egc0n0R1iXSpDI+IS3WNRc6kON+PDRsyt0/1E01KYONwkP5VFe95G7wXD75pB2P1Vt Mj1NvWp7ZMPFIVrFoBTccxn4qH3TNbgVPlBb8eM4MrN6JkAqgk+wjJAL/4R6XIf2fbFw gOqayUc7EUro29uVnTHQl3f45/08lrRvbxVyXdlklKIiIilU09UhX4IwAJpUAwYUhPYR g620pOjX0/NY4R9pldh7VVMBYYVqLBDUr60mh1mCZ3pQcGx03yoTFXuMPEKZSYGSlybn NDEHZUIAk3FUp4u9WJtisMsvzUr1HgQ1TCu3MKyraq2T5TUTxWHcrpXkWZx44Q3YQGOv 4MFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701195822; x=1701800622; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wbuVTEiIzJiwIo7dN8hiU8dK38A8G5i3SvER6EcQWBI=; b=oi+fd4xXpe/RAYQVX7EF59Mx2ZfRHJJHJ2Ke2fLX6T9FR5itJxXFHV2jhI3Jg2UJ79 grpqL7XWhNvHEKIJxf2hFXcr17YeDRmPlYbOh6vFLkdI52z5IEy1BI/un/pqaLpGB0N5 xvDfJD4r5heAioV+nSOKZ7pIp0J6QnxQ8Guj7qara8oz20OiipfjXzzkGC2rF6eK/dpW ETr1NWYmgsfygs/VQ+3qFIlUKz9oltbUv/LknRmkACkew07CtforgjtPo7cz9GCUPrvK AI0IzcbnW/H/KHUHzDWKeYJBLEdy8YlD2yUPOdHTWtFt0sq+9ONvBN0Hoh1mEGWcqwBW Ptow== X-Gm-Message-State: AOJu0YxDIhbWQMYi40npxIXI7vuU/HVblFPTMc/jGKFcj0s1tvy6z+uS 51UAF9SixDPJ6u0YraoedtYr+FlrHEs= X-Google-Smtp-Source: AGHT+IHn9s0tYS0o110lIjAX5BWvqeIwKvS/WJs5zpprXD93P3k85yjzW1pvD+z5iSPu1rPKF3XZvA== X-Received: by 2002:a05:6512:280d:b0:509:e5a4:2b03 with SMTP id cf13-20020a056512280d00b00509e5a42b03mr15449229lfb.13.1701195822564; Tue, 28 Nov 2023 10:23:42 -0800 (PST) Received: from debian_development.DebianHome (dynamic-077-003-184-154.77.3.pool.telefonica.de. [77.3.184.154]) by smtp.gmail.com with ESMTPSA id v11-20020a1709067d8b00b009dddec5a96fsm7122024ejo.170.2023.11.28.10.23.42 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 28 Nov 2023 10:23:42 -0800 (PST) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 7/7] libsepol: reject linking modules with no avrules Date: Tue, 28 Nov 2023 19:23:34 +0100 Message-ID: <20231128182334.57740-7-cgzones@googlemail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20231128182334.57740-1-cgzones@googlemail.com> References: <20231128182334.57740-1-cgzones@googlemail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Standard policy modules generated by compilers have at least one global av rule. Reject modules otherwise, e.g. generated by a fuzzer. Signed-off-by: Christian Göttsche --- libsepol/src/link.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libsepol/src/link.c b/libsepol/src/link.c index 3b7742bc..b8272308 100644 --- a/libsepol/src/link.c +++ b/libsepol/src/link.c @@ -2019,7 +2019,7 @@ static int debug_requirements(link_state_t * state, policydb_t * p) memset(&req, 0, sizeof(req)); for (cur = p->global; cur != NULL; cur = cur->next) { - if (cur->enabled != NULL) + if (cur->enabled != NULL || cur->branch_list == NULL) continue; ret = is_decl_requires_met(state, cur->branch_list, &req); @@ -2142,6 +2142,11 @@ static int enable_avrules(link_state_t * state, policydb_t * pol) /* 1) enable all of the non-else blocks */ for (block = pol->global; block != NULL; block = block->next) { block->enabled = block->branch_list; + if (!block->enabled) { + ERR(state->handle, "Global block has no avrules!"); + ret = SEPOL_ERR; + goto out; + } block->enabled->enabled = 1; for (decl = block->branch_list->next; decl != NULL; decl = decl->next)