diff options
author | Christian Göttsche <cgzones@googlemail.com> | 2022-03-08 19:58:10 +0100 |
---|---|---|
committer | James Carter <jwcart2@gmail.com> | 2022-03-11 10:13:00 -0500 |
commit | 672d8c2c6e88c28f2fdfe49422ef5b0a94045c13 (patch) | |
tree | 44a25d66e21bb0de5b2fb90524bd821392c5416d | |
parent | 93ff4ce52443881b6e957d6e27e30033d6bed29b (diff) | |
download | selinux-672d8c2c6e88c28f2fdfe49422ef5b0a94045c13.tar.gz |
libsepol: validate boolean datum arrays
Validate the boolean entries in the policy.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
-rw-r--r-- | libsepol/src/policydb_validate.c | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index fa5c2bef..a2dcebe4 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -602,6 +602,41 @@ static int validate_user_datum_wrapper(__attribute__((unused)) hashtab_key_t k, return validate_user_datum(margs->handle, d, margs->flavors, margs->mls); } +static int validate_bool_datum(sepol_handle_t *handle, cond_bool_datum_t *boolean, validate_t flavors[]) +{ + if (validate_value(boolean->s.value, &flavors[SYM_BOOLS])) + goto bad; + + switch (boolean->state) { + case 0: + case 1: + break; + default: + goto bad; + } + + switch (boolean->flags) { + case 0: + case COND_BOOL_FLAGS_TUNABLE: + break; + default: + goto bad; + } + + return 0; + +bad: + ERR(handle, "Invalid bool datum"); + return -1; +} + +static int validate_bool_datum_wrapper(__attribute__((unused)) hashtab_key_t k, hashtab_datum_t d, void *args) +{ + map_arg_t *margs = args; + + return validate_bool_datum(margs->handle, d, margs->flavors); +} + static int validate_datum_array_gaps(sepol_handle_t *handle, policydb_t *p, validate_t flavors[]) { unsigned int i; @@ -632,6 +667,11 @@ static int validate_datum_array_gaps(sepol_handle_t *handle, policydb_t *p, vali goto bad; } + for (i = 0; i < p->p_bools.nprim; i++) { + if (bool_xnor(p->bool_val_to_struct[i], ebitmap_get_bit(&flavors[SYM_BOOLS].gaps, i))) + goto bad; + } + return 0; bad: @@ -672,6 +712,9 @@ static int validate_datum_array_entries(sepol_handle_t *handle, policydb_t *p, v if (hashtab_map(p->p_cats.table, validate_datum, &flavors[SYM_CATS])) goto bad; + if (hashtab_map(p->p_bools.table, validate_bool_datum_wrapper, &margs)) + goto bad; + return 0; bad: |