Check the fsuse type is valid, e.g. of type xattr, trans or task.
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
v2:
do not reject in binary reading, but check at validation step
---
libsepol/src/policydb_validate.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index 2f30a3ad..b2d0e5e5 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -2,6 +2,7 @@
#include <sepol/policydb/conditional.h>
#include <sepol/policydb/ebitmap.h>
#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/services.h>
#include "debug.h"
#include "policydb_validate.h"
@@ -778,6 +779,15 @@ static int validate_ocontexts(sepol_handle_t *handle, policydb_t *p, validate_t
if (validate_context(&octx->context[1], flavors, p->mls))
goto bad;
break;
+ case OCON_FSUSE:
+ switch (octx->v.behavior) {
+ case SECURITY_FS_USE_XATTR:
+ case SECURITY_FS_USE_TRANS:
+ case SECURITY_FS_USE_TASK:
+ break;
+ default:
+ goto bad;
+ }
}
}
}
--
2.34.1
