Validate the boolean entries in the policy.
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
libsepol/src/policydb_validate.c | 43 ++++++++++++++++++++++++++++++++
1 file changed, 43 insertions(+)
diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index 72063351..b51dd366 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -577,6 +577,41 @@ static int validate_user_datum_wrapper(__attribute__((unused)) hashtab_key_t k,
return validate_user_datum(margs->handle, d, margs->flavors, margs->mls);
}
+static int validate_bool_datum(sepol_handle_t *handle, cond_bool_datum_t *boolean, validate_t flavors[])
+{
+ if (validate_value(boolean->s.value, &flavors[SYM_BOOLS]))
+ goto bad;
+
+ switch (boolean->state) {
+ case 0:
+ case 1:
+ break;
+ default:
+ goto bad;
+ }
+
+ switch (boolean->flags) {
+ case 0:
+ case COND_BOOL_FLAGS_TUNABLE:
+ break;
+ default:
+ goto bad;
+ }
+
+ return 0;
+
+bad:
+ ERR(handle, "Invalid bool datum");
+ return -1;
+}
+
+static int validate_bool_datum_wrapper(__attribute__((unused)) hashtab_key_t k, hashtab_datum_t d, void *args)
+{
+ map_arg_t *margs = args;
+
+ return validate_bool_datum(margs->handle, d, margs->flavors);
+}
+
static int validate_datum_array_gaps(sepol_handle_t *handle, policydb_t *p, validate_t flavors[])
{
unsigned int i;
@@ -607,6 +642,11 @@ static int validate_datum_array_gaps(sepol_handle_t *handle, policydb_t *p, vali
goto bad;
}
+ for (i = 0; i < p->p_bools.nprim; i++) {
+ if (bool_xnor(p->bool_val_to_struct[i], ebitmap_get_bit(&flavors[SYM_BOOLS].gaps, i)))
+ goto bad;
+ }
+
return 0;
bad:
@@ -647,6 +687,9 @@ static int validate_datum_array_entries(sepol_handle_t *handle, policydb_t *p, v
if (hashtab_map(p->p_cats.table, validate_datum, &flavors[SYM_CATS]))
goto bad;
+ if (hashtab_map(p->p_bools.table, validate_bool_datum_wrapper, &margs))
+ goto bad;
+
return 0;
bad:
--
2.35.1
