Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> --- libsepol/src/policydb_validate.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 63fd935c..b1dacdad 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -886,6 +886,23 @@ bad: return -1; } +static int validate_permissives(sepol_handle_t *handle, policydb_t *p, validate_t flavors[]) +{ + ebitmap_node_t *node; + unsigned i; + + ebitmap_for_each_positive_bit(&p->permissive_map, node, i) { + if (validate_value(i, &flavors[SYM_TYPES])) + goto bad; + } + + return 0; + +bad: + ERR(handle, "Invalid permissive type"); + return -1; +} + static void validate_array_destroy(validate_t flavors[]) { unsigned int i; @@ -933,6 +950,9 @@ int validate_policydb(sepol_handle_t *handle, policydb_t *p) if (validate_datum_arrays(handle, p, flavors)) goto bad; + if (validate_permissives(handle, p, flavors)) + goto bad; + validate_array_destroy(flavors); return 0; -- 2.33.0