Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
libsepol/src/policydb_validate.c | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index 11f13d65..d9968a8e 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -961,6 +961,23 @@ bad:
return -1;
}
+static int validate_permissives(sepol_handle_t *handle, policydb_t *p, validate_t flavors[])
+{
+ ebitmap_node_t *node;
+ unsigned i;
+
+ ebitmap_for_each_positive_bit(&p->permissive_map, node, i) {
+ if (validate_value(i, &flavors[SYM_TYPES]))
+ goto bad;
+ }
+
+ return 0;
+
+bad:
+ ERR(handle, "Invalid permissive type");
+ return -1;
+}
+
static void validate_array_destroy(validate_t flavors[])
{
unsigned int i;
@@ -1013,6 +1030,9 @@ int validate_policydb(sepol_handle_t *handle, policydb_t *p)
if (validate_datum_array_entries(handle, p, flavors))
goto bad;
+ if (validate_permissives(handle, p, flavors))
+ goto bad;
+
validate_array_destroy(flavors);
return 0;
--
2.34.1
