From patchwork Mon Mar 11 14:57:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13588934 X-Patchwork-Delegate: plautrba@redhat.com Received: from mail-ej1-f42.google.com (mail-ej1-f42.google.com [209.85.218.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8DC19446AF for ; Mon, 11 Mar 2024 14:57:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.42 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710169044; cv=none; b=Tu46wr3oyD/5Lg93EvSL+cjhxAkjSsDL0oOCWH3CiIXgDbSOciREVgL6YizDEHWND6T/BUje/e34Tu+iVyY8ns9Khm/RnW9rWn+C95ZXZ9xOaolIcddyxGa9gV45VjAOqUI5+aekolPCOZfQnjQ9sEibvEaHZMc/sp1VQ9Uih4M= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710169044; c=relaxed/simple; bh=pA0n39FFKnPjsb/rZUrl0s7KTMCvg1zZFICntiW7faU=; h=From:To:Subject:Date:Message-ID:MIME-Version:Content-Type; b=DK4A5mwZn2Zs54pD8/yNj9PhZ6oLW2Clh6k2XV7Mats+JkrKQQNVHk48Vv8AwGxhwXsGYogINnhz6ADvdtrvgRhOFoYcgzEZ9GznQfFZJxoh7d5ThyLYsNq+woujFcuaNs8C7YPIWNOWf5q1agvGng1HmQTawdbj97A04sKIwkg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=googlemail.com; spf=pass smtp.mailfrom=googlemail.com; dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com header.b=Q0Cs4voD; arc=none smtp.client-ip=209.85.218.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=googlemail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=googlemail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com header.b="Q0Cs4voD" Received: by mail-ej1-f42.google.com with SMTP id a640c23a62f3a-a45b6fcd5e8so538291466b.1 for ; Mon, 11 Mar 2024 07:57:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20230601; t=1710169040; x=1710773840; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=Gmtvx7LqOG/LXpuj5qmOVl/ShF5x4+OYKJoxYdnVXHA=; b=Q0Cs4voDjUQfJbfINQPgHztIF/QgwzF/H90idayM2I8hj+YLMLEKuW7qbq307jZ5vG EqtO9R/y46FPSvAlIXC24T/4g8ocrHS6t3Cwdbr+/8rarjHx13CyZU7ug+onj1VdwxS8 jHHmpS9yVNHwn94PXVmkaCIj1KvTq1n5FAWSXP1Q7jkFHct9kwXZotRfwsWFEIP5ww/g /LmCofJOzraxyPordU76MtDx5BGfljXKBOg/XeGwivW0l6H+vcHD/aQliArcd7TSbayZ 9CL+OxYLJoWrWgVcc00xjWaBnHWtcsKbWL01Lt6v48VN6ck1VQf6VfzfyQALtP/QANb5 LQig== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710169040; x=1710773840; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Gmtvx7LqOG/LXpuj5qmOVl/ShF5x4+OYKJoxYdnVXHA=; b=Y4EZwdyAxMNFEdQDIUcYqxCe70QVeDMMomM1XjE1P09CBpO91wRQptRVkfdYz3+2AH 015mTTmwEa6AMTv/ngsJG1q8Yc+JpdZtzm0yOFuwILQ5MpKILFRR0ULP6+ua+ofeQPik J/qrr9ojNFnVnGKRiT1A3DAY2UdVnVPJou44dpws825MwvTFm/p5Ub7N1Co9eGRFVqWs 3qcWmZeMF+51NGOA1Zgbvq38EGhhrtZlEUXIgNqjKlkFUH4CGjCJxKMRvJiT2odSlH1I pr0m04hsSFB56Wi8rnApU8b9erpHfF3Kj+YXBugJ9VOKOSVGpCrIhNAhSM6sewCEPDjk uMPw== X-Gm-Message-State: AOJu0YwO1gJaa+0gIK2f/KBFQsQDQ0VYBxxwzG+m+bhEcsOIBCgZPuw5 X72OiH06DwVj6XsHUrVWLz5sKqzXZ+osclHxJ4c1BuZ6pdU4Q+a+hWQRykXi8Sg= X-Google-Smtp-Source: AGHT+IGDMuE8mmtMv/IkRVXImkG6nzWu4yMgGtDeBOVQL6e3RdXfR34ehi3pL9dtGiHW86UTVwuAQg== X-Received: by 2002:a17:906:6b86:b0:a46:3785:4adc with SMTP id l6-20020a1709066b8600b00a4637854adcmr742824ejr.57.1710169039836; Mon, 11 Mar 2024 07:57:19 -0700 (PDT) Received: from ddev.DebianHome (dynamic-095-112-075-004.95.112.pool.telefonica.de. [95.112.75.4]) by smtp.gmail.com with ESMTPSA id r24-20020a170906549800b00a45a62e0ed0sm2945240ejo.98.2024.03.11.07.57.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Mar 2024 07:57:19 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 1/5] checkpolicy/fuzz: drop redundant notdefined check Date: Mon, 11 Mar 2024 15:57:02 +0100 Message-ID: <20240311145706.34885-1-cgzones@googlemail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 The level_datum_t member notdefined is checked to be 1 during validation and the fuzzer calls policydb_validate(). Drop the redundant check (as announced in the TODO). Signed-off-by: Christian Göttsche Acked-by: James Carter --- checkpolicy/fuzz/checkpolicy-fuzzer.c | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/checkpolicy/fuzz/checkpolicy-fuzzer.c b/checkpolicy/fuzz/checkpolicy-fuzzer.c index a3da0b57..f3a17cce 100644 --- a/checkpolicy/fuzz/checkpolicy-fuzzer.c +++ b/checkpolicy/fuzz/checkpolicy-fuzzer.c @@ -130,21 +130,6 @@ static int read_source_policy(policydb_t *p, const uint8_t *data, size_t size) return 0; } -static int check_level(hashtab_key_t key, hashtab_datum_t datum, void *arg __attribute__ ((unused))) -{ - const level_datum_t *levdatum = (level_datum_t *) datum; - - // TODO: drop member defined if proven to be always set - if (!levdatum->isalias && levdatum->notdefined) { - fprintf(stderr, - "Error: sensitivity %s was not used in a level definition!\n", - key); - abort(); - } - - return 0; -} - static int write_binary_policy(FILE *outfp, policydb_t *p) { struct policy_file pf; @@ -198,8 +183,6 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) if (read_source_policy(&parsepolicydb, data, size)) goto exit; - (void) hashtab_map(parsepolicydb.p_levels.table, check_level, NULL); - if (parsepolicydb.policy_type == POLICY_BASE) { if (link_modules(NULL, &parsepolicydb, NULL, 0, VERBOSE)) goto exit; From patchwork Mon Mar 11 14:57:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13588933 X-Patchwork-Delegate: plautrba@redhat.com Received: from mail-ej1-f46.google.com (mail-ej1-f46.google.com [209.85.218.46]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 54CDE44C6A for ; Mon, 11 Mar 2024 14:57:21 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.46 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710169044; cv=none; b=i51uUTZkyiOWnuQxqm7HSHZ13qEB/v840V3U79PPuZueABDGaYVBVKoo9184hI+0c736CPaNGJUgFJBiRTbF51s2GXU6M8ffPMisaVty9/YBKAlfv85oAPw8pvp2WBaQ6QGO2vFJXgsZj3+38HBeAPXcF9eoU2NcquoNZOJCKo8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710169044; c=relaxed/simple; bh=GdVfQ2RAFeIccrX5lLcssS3Urq48dB7KXw2XVUcGyPQ=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=KGVUZ9ftpKM1bEkajjS6zcj141kTg5PXCsTO3MmQ4wHS08qu5Z7dw1Wls0Tplg9o3RJtVjFmMbnJT7SH0lS0PGhBy4WZfYhCXPgKZkCCpFPl+uiaPN6xsQ4s7veOP4iQPuG8hHs/5CtoVHwrCv+oGT3smth/PVY1SkZ58PGLGKY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=googlemail.com; spf=pass smtp.mailfrom=googlemail.com; dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com header.b=b33Ur30U; arc=none smtp.client-ip=209.85.218.46 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=googlemail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=googlemail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com header.b="b33Ur30U" Received: by mail-ej1-f46.google.com with SMTP id a640c23a62f3a-a45f257b81fso362290066b.0 for ; Mon, 11 Mar 2024 07:57:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20230601; t=1710169040; x=1710773840; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=a0iYYYdvG5cWiYGJ9sNkOrrkthB52qPTCP52aLWK3Q4=; b=b33Ur30UUJTOgUMjIgu/OkK+H5zyITPaI37v3ci6maRUaDc69asAO5rj8cEr8VAxvK EDzqjCZnerrE42IXotl3HfLyMozpcNjbowkJBUDPClgl7IG5H/9C60lFmwcgGvab5451 x4+PJxaFqhArGMloXi3zgk2TSD1Ua8kahoKt5pSDgwM1k/1yktkyN6X/tCT4xHrZ43BJ wZeS6cHs/kk5qvFGT8sIUjWg1yH8c4C/m1Iyu/GvKaFrDfuBoNw4hVJHQPE1DH9BDocv WkRIuFnMyKb5ggjx5vzAYU8k8Y35qROgrXpqrsA7ZLVdipDpNa6Qc/N1SFAw/Xp3DtfT 7avw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710169040; x=1710773840; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=a0iYYYdvG5cWiYGJ9sNkOrrkthB52qPTCP52aLWK3Q4=; b=gBtMC3IBCCL/a6VPGLbaj/OAix4SpjdLhEk8+YqyjxaD7CXN2c/3CmTzPKLwAi+D9t jRb/TjbH6mhWW8bQnLEhL3WayAYuWX92iBR699N1OVYcqMKc2NKU1B9nA3dVwY18c7xj RBmX5I/45kD8byYvt47j8DpZ3p1KOrFoK2hDB1d9TZW2ySvL2nYXQDNTI3MQ/+LW4eEY P1d6Ez/fZX7bcHRRAPhHOfIsAYmuIj2MsCSbsIoUBXLyCQVhU7AgaNS65xpZzT5nuI+3 0LABBit5vt0OiAnhjb3OrZuRsX6RrCR8Cx1idt/OtawMt2OzSKPQmngeLVVxu4ro9hVf RwKQ== X-Gm-Message-State: AOJu0YwdPv3RepjnAtAx/g7z3Oher3H3AlcjUNZvKeT1Y4pPc+DW4vJw 6gs3Nj44Mlx1i1cnAS0JTTU8KB9/XuZ3w8U/F/iF7ir7hI8g5JEaOW/YJHWzslE= X-Google-Smtp-Source: AGHT+IEgwfNAJ+K9LsXzm/LU3jZOGQ5l0UbN+HN/B+DT94Eusp48Pb5iQXm0VECYwJXqYCR5r84vow== X-Received: by 2002:a17:906:3ad3:b0:a44:9fe3:d7d1 with SMTP id z19-20020a1709063ad300b00a449fe3d7d1mr3391918ejd.43.1710169040395; Mon, 11 Mar 2024 07:57:20 -0700 (PDT) Received: from ddev.DebianHome (dynamic-095-112-075-004.95.112.pool.telefonica.de. [95.112.75.4]) by smtp.gmail.com with ESMTPSA id r24-20020a170906549800b00a45a62e0ed0sm2945240ejo.98.2024.03.11.07.57.19 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Mar 2024 07:57:20 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 2/5] checkpolicy: clone level only once Date: Mon, 11 Mar 2024 15:57:03 +0100 Message-ID: <20240311145706.34885-2-cgzones@googlemail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240311145706.34885-1-cgzones@googlemail.com> References: <20240311145706.34885-1-cgzones@googlemail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In case of aliases clone the level only once to avoid leaking the fist one. Example policy: class p sid h class p{d}sensitivity d alias s0;dominance{s0}level d;level s0; Reported-by: oss-fuzz (issue #67308) Signed-off-by: Christian Göttsche --- checkpolicy/policy_define.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c index 614b7706..0cf938ea 100644 --- a/checkpolicy/policy_define.c +++ b/checkpolicy/policy_define.c @@ -1038,7 +1038,7 @@ static int clone_level(hashtab_key_t key __attribute__ ((unused)), hashtab_datum level_datum_t *levdatum = (level_datum_t *) datum; mls_level_t *level = (mls_level_t *) arg, *newlevel; - if (levdatum->level == level) { + if (levdatum->notdefined && levdatum->level == level) { if (!levdatum->isalias) { levdatum->notdefined = FALSE; return 0; From patchwork Mon Mar 11 14:57:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13588935 X-Patchwork-Delegate: plautrba@redhat.com Received: from mail-ej1-f50.google.com (mail-ej1-f50.google.com [209.85.218.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EEF3D44C69 for ; Mon, 11 Mar 2024 14:57:22 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.50 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710169044; cv=none; b=V9uNG8jJgDu6bcEoCgX1i5Y45UheteeTaGpfTF1BxIXrLgQ+J028x/AxDqyZYeP1m+2zlRDZtN5TrPyupCOqRwgcIFE2STLBgdAD+0y8CoLtled9vuM+iiz17Tjb+dZ3YAM6cfYFNcz8jGLBYaPTEPvQTPhQUoy7wsamOd+F8p8= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710169044; c=relaxed/simple; bh=TXd3U/zrejxgCu5aU3wl3fPG3/0gYTKtVw/7H4WFed8=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=SWh86pyupqMsipKl/64XRpmNcNWjfbLNDx+964BrCqvAoj/DTnfbuigo2Q7fpCl/Ofss/gwlKyG/LzQ3znAqnQ28Gj6kKHssraTSnrVJBECDYHanXmFdA90691+iQZKl0zwIQ6xsQQ+suEcyaYxYp8WxJj0/dPOB6CSqZt/YI4A= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=googlemail.com; spf=pass smtp.mailfrom=googlemail.com; dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com header.b=gt6v7xQM; arc=none smtp.client-ip=209.85.218.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=googlemail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=googlemail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com header.b="gt6v7xQM" Received: by mail-ej1-f50.google.com with SMTP id a640c23a62f3a-a45bb2a9c20so539305366b.0 for ; Mon, 11 Mar 2024 07:57:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20230601; t=1710169041; x=1710773841; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=4I5KhzfmHFGGuAR/lQY6X3o8j0qn+/rtGl35Juu1UDQ=; b=gt6v7xQMHeDk3FSfud7CDPyx++tHBS7Z6RTlPIAO7z3y/ZVW50EW9rQrm7UltdRYqt 6iXakPMelUiTTgkg89PbtKN1Muwws+ZttCp1vLqYS5cdEP2oXJ/6MaMUypIveyNuV+I1 kNP89FBYv7etRctB7FjbxOj1QI5dvHKZvK4GU3mJBzUj5Np/D3f97pXyibaDMkvPV90g U8tMhxB4kXtspr992HYV9jcZ7tkvv0YBbM+6BwRsNgiZ5pVFnRVi04BW6+1Wx3XgLLfL QzJnuU/waD97wuTjKgvU9M0KeBjq8GZRty8TlBD32ctrk1+iugrHbgqch5YQTGbTa/bb us3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710169041; x=1710773841; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4I5KhzfmHFGGuAR/lQY6X3o8j0qn+/rtGl35Juu1UDQ=; b=OgADlzHynF6HGrjUQE5hTYgjf/OK7Vl8eat1QIMu5nEVSlSwTstbEcHlCzrW+g8SCp KA5QotNFU/R4V4BlHVmyDmylgi3HlPNILX8XSteloTMNKeDCn+AtZL2Py2x6yUkvPhE1 AbSgws0yUqiAFQAEHMMmJxE8kPPzV3lEUH4dWdf5YT4yD/sDDcnHnH4VYYYYjXUDh9Z8 ElN2YD0XN1uoOEOHzke4fGKoTrg9/+gry93f7hRA6i7Bxuj9bnhUSbsqtBLBN7eyXIgu Dk/lMj0qC+203tra60ula3sQ1zTcyHeZ96iMLm5NN9Huwj8sFQXaD/Jg/MxVQADEgr8k E+uA== X-Gm-Message-State: AOJu0YzFcEvuot82mdArdJtuOA1vFXcUxCtwng+1e7ENzoaj8ICAXWBx jIJnEtPp2cqeXQlqth7OtMUh7adPlTd8+alC/4KknctSygm1vkeELB4PFzJZCeA= X-Google-Smtp-Source: AGHT+IGyRNoGAImU852bZFCc4iPijEGgIIGT6Z5fY6cOtYugOhYjvv+43P+DlKjAY0VxzGP5JbY/rA== X-Received: by 2002:a17:906:2e86:b0:a45:4416:1fbd with SMTP id o6-20020a1709062e8600b00a4544161fbdmr410304eji.39.1710169041057; Mon, 11 Mar 2024 07:57:21 -0700 (PDT) Received: from ddev.DebianHome (dynamic-095-112-075-004.95.112.pool.telefonica.de. [95.112.75.4]) by smtp.gmail.com with ESMTPSA id r24-20020a170906549800b00a45a62e0ed0sm2945240ejo.98.2024.03.11.07.57.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Mar 2024 07:57:20 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 3/5] checkpolicy: return YYerror on invalid character Date: Mon, 11 Mar 2024 15:57:04 +0100 Message-ID: <20240311145706.34885-3-cgzones@googlemail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240311145706.34885-1-cgzones@googlemail.com> References: <20240311145706.34885-1-cgzones@googlemail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Inform bison about an invalid character by returning YYerror, so the parser can cleanup internal state and return the failure via yyparse(). Currently the error is only observable via the global variable policydb_errors, which needs to be checked separately. Reported-by: oss-fuzz (issue #67270) Signed-off-by: Christian Göttsche --- Should also fix issue #67327 (leak) due to the now performed cleanup. Also fixes issue #67272 for me, but this one might resurface. --- checkpolicy/policy_scan.l | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l index 19c05a58..1926129c 100644 --- a/checkpolicy/policy_scan.l +++ b/checkpolicy/policy_scan.l @@ -308,7 +308,7 @@ GLBLUB { return(GLBLUB); } "]" | "~" | "*" { return(yytext[0]); } -. { yyerror("unrecognized character");} +. { yyerror("unrecognized character"); return YYerror; } %% int yyerror(const char *msg) { From patchwork Mon Mar 11 14:57:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13588936 X-Patchwork-Delegate: plautrba@redhat.com Received: from mail-lf1-f48.google.com (mail-lf1-f48.google.com [209.85.167.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D3C9544C68 for ; Mon, 11 Mar 2024 14:57:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.167.48 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710169045; cv=none; b=CrQbxS7QDmzj3a+WDuOJx8+KPNvwUAzne1d/Ch5NayebtbHEqOoiCL4LKu5afrycsHD9xDvCWdvIF0sCOHN5NPixoBrCDeDxWS5mWcAZ0whdHbj+3fmqk7To841vVOMAAfLgxlz1m0gJPSH5eGdhIk8w9mqIqowzkHphfxwR0cE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710169045; c=relaxed/simple; bh=WHwUIAOhmod7DA7pi3lXEavucN0NclfVxFHWbfcZXz0=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=cBs2y5xJM+9CEFb0UU0ChGlcMeMFcgCCh0Ih5yjatZ6Teq7pwOUSi/tL1YLjnhp1dX5FmlG9YThcc8uPjko3FsVMNDS5ZWEsJFFRAXQa+zql334v7PgfrZNPTBrQbtksgS6OzKbDoQkpcy5BGYC3mn/7E1WHr8I0X4BF7rji/Fs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=googlemail.com; spf=pass smtp.mailfrom=googlemail.com; dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com header.b=fYdO5j3j; arc=none smtp.client-ip=209.85.167.48 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=googlemail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=googlemail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com header.b="fYdO5j3j" Received: by mail-lf1-f48.google.com with SMTP id 2adb3069b0e04-513a06ef9b6so2353610e87.2 for ; Mon, 11 Mar 2024 07:57:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20230601; t=1710169042; x=1710773842; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=wINX5Kq21cNkSQQzKKoh47mlcuLKgswKSygSKstGDCM=; b=fYdO5j3jD+3dGEy00GHHn04ZFahFzqZw+P+YrF3/O6vQT0UK+roCSGOVSnro7mRzmn RgBXeNjeCXpgtDdIKAi6r5YoN4e8wDuykUmgh1wsYfHjIjRIZXEpA14xqmY0s+3+MXxO 0IpWFhptxCiu8VlqvyLn4hEd7Dm1UNYf2GYKDFqoRwiCCdNUf967CdIuRxdewmgvg6sZ bqRmup9iv+D7jSbTIyRSGp95i+AmsV9F34tzpQUGQc3dvboe5iqGQC1cLpRxwM8b2mJI E8wwxaEi1kHolol3LQLLM3uw+ArnAWAMh24AqBmarODDZbVOFCLdjTLkO6d2EngCY55/ 3cAQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710169042; x=1710773842; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=wINX5Kq21cNkSQQzKKoh47mlcuLKgswKSygSKstGDCM=; b=WgpoZI1dpWMbPEmbpt3eDoSKixTSuWy/r0Mfkrd+qfUlB9q9+qau95Mkexdpe+OhNS NR84Yr76m9J7tA8ZKKHOwkFpP+HoGWPMIauQLCNDlibS9vp+wAbqAUTcUmlWst7EsNnp 5aQ7ciaQB9CSw9lFncW9mQMlBCbVC2/K4m3H4FdkRu380JUD4knKkhvugmQr4XUBI/A3 ghnEN5ACyHpWgh4bAdUaqYJmQID81MMe4nMueCsgbwsOPUQZPzFIiyVnotZzl8xuVkkD fLgEU42DbhTN1f6K7iiFfq2nDTU67YM9w94FmJGAQRhLbrvfZKHj/pn8BUQU1VkwD8x7 SzCw== X-Gm-Message-State: AOJu0YyAumGp7Sn5T3y38JfmMjmi89kZNrxWsICyjFJZ98x9m/IFfV0G 5+xskt0TQF8MuMLBm1HlzM5SMQQl3P7wPsL+7wdTn3Ic35IvP6W1p2PTsk5IdO4= X-Google-Smtp-Source: AGHT+IGAOfdjZG6vEIzzoVa71w81htR6yKGsDgdT9UamkkRR3Nc76eVGx6WWqlNoftgS0DgrTL4B1w== X-Received: by 2002:a05:6512:281e:b0:512:fe1f:d3c1 with SMTP id cf30-20020a056512281e00b00512fe1fd3c1mr6162556lfb.58.1710169041685; Mon, 11 Mar 2024 07:57:21 -0700 (PDT) Received: from ddev.DebianHome (dynamic-095-112-075-004.95.112.pool.telefonica.de. [95.112.75.4]) by smtp.gmail.com with ESMTPSA id r24-20020a170906549800b00a45a62e0ed0sm2945240ejo.98.2024.03.11.07.57.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Mar 2024 07:57:21 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 4/5] libsepol: reject MLS support in pre-MLS policies Date: Mon, 11 Mar 2024 15:57:05 +0100 Message-ID: <20240311145706.34885-4-cgzones@googlemail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240311145706.34885-1-cgzones@googlemail.com> References: <20240311145706.34885-1-cgzones@googlemail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 If MLS support is enabled check the policy version supports MLS. Reported-by: oss-fuzz (issue #67322) Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 6e46f426..e987d8da 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -1554,11 +1554,15 @@ static int validate_properties(sepol_handle_t *handle, const policydb_t *p) case POLICY_KERN: if (p->policyvers < POLICYDB_VERSION_MIN || p->policyvers > POLICYDB_VERSION_MAX) goto bad; + if (p->mls && p->policyvers < POLICYDB_VERSION_MLS) + goto bad; break; case POLICY_BASE: case POLICY_MOD: if (p->policyvers < MOD_POLICYDB_VERSION_MIN || p->policyvers > MOD_POLICYDB_VERSION_MAX) goto bad; + if (p->mls && p->policyvers < MOD_POLICYDB_VERSION_MLS) + goto bad; break; default: goto bad; From patchwork Mon Mar 11 14:57:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13588937 X-Patchwork-Delegate: plautrba@redhat.com Received: from mail-ej1-f41.google.com (mail-ej1-f41.google.com [209.85.218.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1ADF944C65 for ; Mon, 11 Mar 2024 14:57:23 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.218.41 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710169046; cv=none; b=gQAYQPloEvTMXG3XVJ362rLwTw2tUj368tH2njdW3iAGhtHseyfa3i/Xb4ZxazK0rfjjwj1d26QwrrFGRBShcK1oWVrEKzJzrV3zDePfH95NE5kbYtvP6bX53kIxewKONxK2EWCu0P5dZQUJvDaw56ci0LZ4euw/5fL/JEAlhAE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710169046; c=relaxed/simple; bh=AhFwo/oeQnbK30h5kxew5d1N2gh4bgN9cCPH6yLlNSc=; h=From:To:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=SD+mcmHiAYLUBb8Iu1aJMcGVr82kc3cySDpdzdSgVCKwiiGidHk7ueQ+5qXwjZB2RIrxgzzZlRKMj88SUjiZGapTNTmQwYNVI53Z0HzVKp8gS2NgEsncYzCiorPoUyjFZ1clNKAaDgBzfi4vaWmM2ojRCNJ8RPPCkXlZHi3SaD8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=googlemail.com; spf=pass smtp.mailfrom=googlemail.com; dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com header.b=WOUqsE2S; arc=none smtp.client-ip=209.85.218.41 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=googlemail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=googlemail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=googlemail.com header.i=@googlemail.com header.b="WOUqsE2S" Received: by mail-ej1-f41.google.com with SMTP id a640c23a62f3a-a4499ef8b5aso293589166b.0 for ; Mon, 11 Mar 2024 07:57:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20230601; t=1710169042; x=1710773842; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=FYPVbf3IT0Vmc0Jp16W9fYh/IjfBkHVtxPIQ6zQUmq8=; b=WOUqsE2SF825pIJ2+SoHbi4bhZoQ+U0RvGSYykeJKllA/8ZXfsSpcc3bNcZs6ppjj1 KWIi70I2CJNkOt6rK/7wDG5duIAYi0ch43y5V9JPPiZsgXwvcJz7+px8Q96LcUSdnBbB V15x9jLJVVzdrYhHpFjLOCMnZAluKum1MUx9MJeB6uqIwLM2IYntXE7f6Are2TwbO4Dk Myij4IsIaqvJKMUdwPL2PyBlMehn37tSxeDfQHNw4SlaPlUhQvRL18e1/+mGIGw8+cXx wTkWMMiuSL7aP2Fyv6D+n7GQLiYoeSd5hvBTkq5VTv1e/OcDMQ6cDpN/gSqKmv7K+fH3 UqiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710169042; x=1710773842; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FYPVbf3IT0Vmc0Jp16W9fYh/IjfBkHVtxPIQ6zQUmq8=; b=KKf7xlSFlEGreTvYqck4ldFMq1wwfM2+RSGnaUKNhux0SG8HTu260h4jPgdHXcyf+d OHBcFjl+wVsYOzvi4hk+KVlhpaImiz12McyqrXaexOogPmXqhRe81dVKF2lUwfmNXvzP JZ0W+ilEmad+QXR/Ztr+Gc/ki0Y6uM4gjafB6iRGTj/pcoRwzfS6LzqbgOn7VelLoQib MA3++cOSKmJJ31jrAbiJ/rMbRqMVPGJ7eFh0Zr7A0LsvQOfnrDYar2wpPvLgszPhfbp1 vCKEwHXOITQ9ehvBZwnfjrPX9KQz95S/odrip+Po52Zew5hUCSBzlWyGV0vHYH4feHMF En8A== X-Gm-Message-State: AOJu0YxfTslTwjGByYWqei8DXJulYx+UJc1ndrRNCqYdBKox6anAgwRl AQqtsATmSekfP7ePLRuh2n/ulKizGB0Kpvqk5qEM3hzFXHZDyBsNA5Lpk3oHeR4= X-Google-Smtp-Source: AGHT+IGV/7cIT8L79JcUQ419dINh5ZpRLvuvppqLgvxsXlZLbHM1vHLhU85Ho/2BZEKnIvgy5MJlcA== X-Received: by 2002:a17:907:c30c:b0:a46:2649:16f9 with SMTP id tl12-20020a170907c30c00b00a46264916f9mr2748923ejc.2.1710169042304; Mon, 11 Mar 2024 07:57:22 -0700 (PDT) Received: from ddev.DebianHome (dynamic-095-112-075-004.95.112.pool.telefonica.de. [95.112.75.4]) by smtp.gmail.com with ESMTPSA id r24-20020a170906549800b00a45a62e0ed0sm2945240ejo.98.2024.03.11.07.57.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Mar 2024 07:57:21 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 5/5] checkpolicy/fuzz: scan Xen policies Date: Mon, 11 Mar 2024 15:57:06 +0100 Message-ID: <20240311145706.34885-5-cgzones@googlemail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240311145706.34885-1-cgzones@googlemail.com> References: <20240311145706.34885-1-cgzones@googlemail.com> Precedence: bulk X-Mailing-List: selinux@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In addition to standard SELinux platform policies also check Xen ones. Signed-off-by: Christian Göttsche --- Note: this will break all current reproducers and corpuses due to the changed input format. --- checkpolicy/fuzz/checkpolicy-fuzzer.c | 43 ++++++++++++++++++--------- 1 file changed, 29 insertions(+), 14 deletions(-) diff --git a/checkpolicy/fuzz/checkpolicy-fuzzer.c b/checkpolicy/fuzz/checkpolicy-fuzzer.c index f3a17cce..ab1a6bb8 100644 --- a/checkpolicy/fuzz/checkpolicy-fuzzer.c +++ b/checkpolicy/fuzz/checkpolicy-fuzzer.c @@ -147,15 +147,28 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) policydb_t *finalpolicydb; sidtab_t sidtab = {}; FILE *devnull = NULL; - int mls, policyvers; + int mls, platform, policyvers; sepol_debug(VERBOSE); - /* Take the first byte whether to parse as MLS policy - * and the second byte as policy version. */ - if (size < 2) + /* + * Take the first byte whether to generate a SELinux or Xen policy, + * the second byte whether to parse as MLS policy, + * and the second byte as policy version. + */ + if (size < 3) return 0; switch (data[0]) { + case 'S': + platform = SEPOL_TARGET_SELINUX; + break; + case 'X': + platform = SEPOL_TARGET_XEN; + break; + default: + return 0; + } + switch (data[1]) { case '0': mls = 0; break; @@ -166,11 +179,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) return 0; } static_assert(0x7F - 'A' >= POLICYDB_VERSION_MAX, "Max policy version should be representable"); - policyvers = data[1] - 'A'; + policyvers = data[2] - 'A'; if (policyvers < POLICYDB_VERSION_MIN || policyvers > POLICYDB_VERSION_MAX) return 0; - data += 2; - size -= 2; + data += 3; + size -= 3; if (policydb_init(&parsepolicydb)) goto exit; @@ -178,7 +191,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) parsepolicydb.policy_type = POLICY_BASE; parsepolicydb.mls = mls; parsepolicydb.handle_unknown = DENY_UNKNOWN; - policydb_set_target_platform(&parsepolicydb, SEPOL_TARGET_SELINUX); + policydb_set_target_platform(&parsepolicydb, platform); if (read_source_policy(&parsepolicydb, data, size)) goto exit; @@ -198,15 +211,17 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) kernpolicydb.policyvers = policyvers; - assert(kernpolicydb.policy_type == POLICY_KERN); - assert(kernpolicydb.handle_unknown == SEPOL_DENY_UNKNOWN); - assert(kernpolicydb.mls == mls); + assert(kernpolicydb.policy_type == POLICY_KERN); + assert(kernpolicydb.handle_unknown == SEPOL_DENY_UNKNOWN); + assert(kernpolicydb.mls == mls); + assert(kernpolicydb.target_platform == platform); finalpolicydb = &kernpolicydb; } else { - assert(parsepolicydb.policy_type == POLICY_MOD); - assert(parsepolicydb.handle_unknown == SEPOL_DENY_UNKNOWN); - assert(parsepolicydb.mls == mls); + assert(parsepolicydb.policy_type == POLICY_MOD); + assert(parsepolicydb.handle_unknown == SEPOL_DENY_UNKNOWN); + assert(parsepolicydb.mls == mls); + assert(parsepolicydb.target_platform == platform); finalpolicydb = &parsepolicydb; }