On Mon, Oct 11, 2021 at 12:41 PM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> Reject loading a policy with invalid fsuse declarations, except xattr,
> trans and task, so that all following code, e.g. the different output
> modes, do not need to handle unsupported ones.
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
> ---
> libsepol/src/policydb.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
> index 70b503e1..980af059 100644
> --- a/libsepol/src/policydb.c
> +++ b/libsepol/src/policydb.c
> @@ -48,6 +48,7 @@
> #include <sepol/policydb/expand.h>
> #include <sepol/policydb/conditional.h>
> #include <sepol/policydb/avrule_block.h>
> +#include <sepol/policydb/services.h>
> #include <sepol/policydb/util.h>
>
> #include "kernel_to_common.h"
> @@ -3099,6 +3100,14 @@ static int ocontext_read_selinux(const struct policydb_compat_info *info,
> if (rc < 0)
> return -1;
> c->v.behavior = le32_to_cpu(buf[0]);
> + switch (c->v.behavior) {
> + case SECURITY_FS_USE_XATTR:
> + case SECURITY_FS_USE_TRANS:
> + case SECURITY_FS_USE_TASK:
> + break;
> + default:
> + return -1;
> + }
> len = le32_to_cpu(buf[1]);
> if (zero_or_saturated(len))
> return -1;
> --
> 2.33.0
>
I think that I would prefer this to be in policydb_validate.c
somewhere. Eventually it would be nice to call validate_policydb() on
a policydb before writing it as well as after reading it.
Thanks,
Jim
