Check the type for type and role sets is valid.
Check the scope of a scope datum is valid.
Check the flavor and flags of a type datum are valid.
Check xperms are set if and only if it is an extended permission avrule.
Check xperms has a valid specified field.
Check the flag of avrule blocks is valid.
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
libsepol/src/policydb_validate.c | 86 +++++++++++++++++++++++++++++++-
1 file changed, 84 insertions(+), 2 deletions(-)
diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index 41822e61..735c7a33 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -124,6 +124,15 @@ static int validate_type_set(type_set_t *type_set, validate_t *type)
if (validate_ebitmap(&type_set->negset, type))
goto bad;
+ switch (type_set->flags) {
+ case 0:
+ case TYPE_STAR:
+ case TYPE_COMP:
+ break;
+ default:
+ goto bad;
+ }
+
return 0;
bad:
@@ -148,9 +157,21 @@ bad:
static int validate_role_set(role_set_t *role_set, validate_t *role)
{
if (validate_ebitmap(&role_set->roles, role))
- return -1;
+ goto bad;
+
+ switch (role_set->flags) {
+ case 0:
+ case ROLE_STAR:
+ case ROLE_COMP:
+ break;
+ default:
+ goto bad;
+ }
return 0;
+
+bad:
+ return -1;
}
static int validate_scope(__attribute__ ((unused)) hashtab_key_t k, hashtab_datum_t d, void *args)
@@ -159,12 +180,23 @@ static int validate_scope(__attribute__ ((unused)) hashtab_key_t k, hashtab_datu
uint32_t *nprim = (uint32_t *)args;
unsigned int i;
+ switch (scope_datum->scope) {
+ case SCOPE_REQ:
+ case SCOPE_DECL:
+ break;
+ default:
+ goto bad;
+ }
+
for (i = 0; i < scope_datum->decl_ids_len; i++) {
if (!value_isvalid(scope_datum->decl_ids[i], *nprim))
- return -1;
+ goto bad;
}
return 0;
+
+bad:
+ return -1;
}
static int validate_scopes(sepol_handle_t *handle, symtab_t scopes[], avrule_block_t *block)
@@ -403,6 +435,26 @@ static int validate_type_datum(sepol_handle_t *handle, type_datum_t *type, valid
if (type->bounds && validate_value(type->bounds, &flavors[SYM_TYPES]))
goto bad;
+ switch (type->flavor) {
+ case TYPE_TYPE:
+ case TYPE_ATTRIB:
+ case TYPE_ALIAS:
+ break;
+ default:
+ goto bad;
+ }
+
+ switch (type->flags) {
+ case 0:
+ case TYPE_FLAGS_PERMISSIVE:
+ case TYPE_FLAGS_EXPAND_ATTR_TRUE:
+ case TYPE_FLAGS_EXPAND_ATTR_FALSE:
+ case TYPE_FLAGS_EXPAND_ATTR:
+ break;
+ default:
+ goto bad;
+ }
+
return 0;
bad:
@@ -688,6 +740,7 @@ static int validate_avrules(sepol_handle_t *handle, avrule_t *avrule, validate_t
if (validate_value(class->tclass, &flavors[SYM_CLASSES]))
goto bad;
}
+
switch(avrule->specified) {
case AVRULE_ALLOWED:
case AVRULE_AUDITALLOW:
@@ -705,6 +758,27 @@ static int validate_avrules(sepol_handle_t *handle, avrule_t *avrule, validate_t
default:
goto bad;
}
+
+ if (avrule->specified & AVRULE_XPERMS) {
+ if (!avrule->xperms)
+ goto bad;
+ switch (avrule->xperms->specified) {
+ case AVRULE_XPERMS_IOCTLFUNCTION:
+ case AVRULE_XPERMS_IOCTLDRIVER:
+ break;
+ default:
+ goto bad;
+ }
+ } else if (avrule->xperms)
+ goto bad;
+
+ switch(avrule->flags) {
+ case 0:
+ case RULE_SELF:
+ break;
+ default:
+ goto bad;
+ }
}
return 0;
@@ -1041,6 +1115,14 @@ static int validate_avrule_blocks(sepol_handle_t *handle, avrule_block_t *avrule
if (validate_symtabs(handle, decl->symtab, flavors))
goto bad;
}
+
+ switch (avrule_block->flags) {
+ case 0:
+ case AVRULE_OPTIONAL:
+ break;
+ default:
+ goto bad;
+ }
}
return 0;
--
2.34.1
