From patchwork Wed Nov 2 16:19:33 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Carter X-Patchwork-Id: 9409473 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C06166022E for ; Wed, 2 Nov 2016 16:23:36 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B25FE2A472 for ; Wed, 2 Nov 2016 16:23:36 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A631E2A474; Wed, 2 Nov 2016 16:23:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 45F1A2A472 for ; Wed, 2 Nov 2016 16:23:34 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.31,583,1473120000"; d="scan'208";a="537226" IronPort-PHdr: =?us-ascii?q?9a23=3ASvoCFh2eDUIvNvnHsmDT+DRfVm0co7zxezQtwd8Z?= =?us-ascii?q?segTKvad9pjvdHbS+e9qxAeQG96KsbQU0KGL6+jJYi8p2d65qncMcZhBBVcuqP?= =?us-ascii?q?49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL2PbrnD61zMOABK3bVMz?= =?us-ascii?q?fbWvXN6JxJnvn8mJuLTrKz1SgzS8Zb4gZD6Xli728vcsvI15N6wqwQHIqHYbM8?= =?us-ascii?q?5fxGdvOE7B102kvpT4wYRnuxh0l7phspQYEPayQ6NtVrFcDTI7I0gp9cbrsl/F?= =?us-ascii?q?VgLJ6XwCAUsMlR8dIQHA4QqydZ7rribg/r5/xyKTJ9GsZawlUjSlqaFwQVnnjz?= =?us-ascii?q?lRZG1xy33elsEl1PETmxmmvREqhtSMbQ=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2HzBACBEhpY/wHyM5BdHAEBBAEBCgEBGAEFAQsBgwEBAQE?= =?us-ascii?q?BAR+BRQ+6fySIKlMBAQEBAQEBAQIBAl8ogjMEAxMFghcCJBMUIA4DCQIXKQgIA?= =?us-ascii?q?wEtFR8LBRgEiDW6VY8rEQGFfAWBJgGHG4YPgTyKDgKQOgKKCoV7ApEcVFZMgie?= =?us-ascii?q?CUVaGMHiBNAEBAQ?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 02 Nov 2016 16:22:40 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id uA2GJrWv011889; Wed, 2 Nov 2016 12:20:34 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id uA2GJpcF065759 for ; Wed, 2 Nov 2016 12:19:51 -0400 Received: from moss-lions.infosec.tycho.ncsc.mil (moss-lions [192.168.25.4]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id uA2GJoIU011886 for ; Wed, 2 Nov 2016 12:19:50 -0400 From: James Carter To: selinux@tycho.nsa.gov Subject: [PATCH] libsepol/cil: Exit with an error for an unknown map permission Date: Wed, 2 Nov 2016 12:19:33 -0400 Message-Id: <1478103573-19175-1-git-send-email-jwcart2@tycho.nsa.gov> X-Mailer: git-send-email 2.7.4 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Nicholas Iooss discovered that using an unknown permission with a map class will cause a segfault. CIL will only give a warning when it fails to resolve an unknown permission to support the use of policy module packages that use permissions that don't exit on the current system. When resolving the unknown map class permission an empty list is used to represent the unknown permission. When it is evaluated later the list is assumed to be a permission and a segfault occurs. There is no reason to allow unknown class map permissions because the class maps and permissions are defined by the policy. Exit with an error when failing to resolve a class map permission. Reported-by: Nicolas Iooss Signed-off-by: James Carter --- libsepol/cil/src/cil_resolve_ast.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c index ec547d3..7fe4a74 100644 --- a/libsepol/cil/src/cil_resolve_ast.c +++ b/libsepol/cil/src/cil_resolve_ast.c @@ -106,7 +106,7 @@ static struct cil_name * __cil_insert_name(struct cil_db *db, hashtab_key_t key, return name; } -static int __cil_resolve_perms(symtab_t *class_symtab, symtab_t *common_symtab, struct cil_list *perm_strs, struct cil_list **perm_datums) +static int __cil_resolve_perms(symtab_t *class_symtab, symtab_t *common_symtab, struct cil_list *perm_strs, struct cil_list **perm_datums, enum cil_flavor class_flavor) { int rc = SEPOL_ERR; struct cil_list_item *curr; @@ -116,7 +116,7 @@ static int __cil_resolve_perms(symtab_t *class_symtab, symtab_t *common_symtab, cil_list_for_each(curr, perm_strs) { if (curr->flavor == CIL_LIST) { struct cil_list *sub_list; - rc = __cil_resolve_perms(class_symtab, common_symtab, curr->data, &sub_list); + rc = __cil_resolve_perms(class_symtab, common_symtab, curr->data, &sub_list, class_flavor); if (rc != SEPOL_OK) { cil_log(CIL_ERR, "Failed to resolve permission list\n"); goto exit; @@ -132,6 +132,10 @@ static int __cil_resolve_perms(symtab_t *class_symtab, symtab_t *common_symtab, } if (rc != SEPOL_OK) { struct cil_list *empty_list; + if (class_flavor == CIL_MAP_CLASS) { + cil_log(CIL_ERR, "Failed to resolve permission %s for map class\n", (char*)curr->data); + goto exit; + } cil_log(CIL_WARN, "Failed to resolve permission %s\n", (char*)curr->data); /* Use an empty list to represent unknown perm */ cil_list_init(&empty_list, perm_strs->flavor); @@ -170,7 +174,7 @@ int cil_resolve_classperms(struct cil_tree_node *current, struct cil_classperms cp->class = class; - rc = __cil_resolve_perms(&class->perms, common_symtab, cp->perm_strs, &cp->perms); + rc = __cil_resolve_perms(&class->perms, common_symtab, cp->perm_strs, &cp->perms, FLAVOR(datum)); if (rc != SEPOL_OK) { goto exit; }