From patchwork Thu Feb 10 18:52:32 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12742304 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DE580C433EF for ; Thu, 10 Feb 2022 18:52:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239478AbiBJSwk (ORCPT ); Thu, 10 Feb 2022 13:52:40 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:38876 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229590AbiBJSwk (ORCPT ); Thu, 10 Feb 2022 13:52:40 -0500 Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A916CF01 for ; Thu, 10 Feb 2022 10:52:40 -0800 (PST) Received: by mail-ed1-x534.google.com with SMTP id cn6so12505731edb.5 for ; Thu, 10 Feb 2022 10:52:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=+srpHDz7CPZlQqVCRFFOR4Wso90T6cv/aufdHR1zKUI=; b=qKyC4QcsMXTAIMdD26IoX8sLOD4MsOzRZlKj4dURBMSzoJLkH1pmVhG9tK2113Pbn/ TDc9p+BguLFSbfYzALxWKZ6nfp2QBIMyUMbKx//UUTl1qCDWeY5fn/KH2F0uYvy3ohI6 2oLtkq1bRcQVd//2ivj1yhSdLBieXRpmHVUcVaXEGdK4eGJ6OcmJzycsLp3Y5aK6Tdc5 WxwIvxf8KtTH4IX1JJ9sBV4JkrCxcaiB/oqQnEodzF6b7xpLhGjtU/QLSW5lwaadxVEZ 7kHgxAfxaNpc3VajuAvYa+C2+Q51DERMlfAH4qYxvWgHHXaIKT+CCBwPNFI6woaAarfU YaBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=+srpHDz7CPZlQqVCRFFOR4Wso90T6cv/aufdHR1zKUI=; b=uhu8Bowocsw6CF1rJy5pwIZ/22DboYzncdIjG6its9QETT9p6W5P27PGRNGvKlth4/ kI6hTfJSZn1RVGUUGNsCvuVGFmOWfXIWUTgP4KEy873E2y2eJ8Rv2U0EB96GjUSaBdY+ D6PfwKjHLadQG6W4n/8IzrNVy7HTGsAlDPackDp8+cVzx/QvzXu1MVOYgNiXj65OFG6c 9JGr29fNRSr5GTN4bvDKZmdwztdTo5ltRoFZw1nimHfOOMXhed4BDXnNuTCghBEwIg6h 9WugT7HOSx5rrVh9GbzXWkfiT55Xgtbe15a7DIa2e4jO56y37NMAISZGVa+cJfvFijds 5ogg== X-Gm-Message-State: AOAM533YmyGq4XZacl7EMFZtNEXJ0IP4pZ6PW+YFSt39XWPr//givia7 WxdpZxCIVK6jiuHK8BC1EnlT4GNShso= X-Google-Smtp-Source: ABdhPJyAg7wpvuew1REcAfVob45NofQMlBd8qJbr3nFP+uGD2lz2RORg0Akk49Rfn5qIEEEUvw8dTw== X-Received: by 2002:aa7:dbcc:: with SMTP id v12mr9684147edt.263.1644519159232; Thu, 10 Feb 2022 10:52:39 -0800 (PST) Received: from debianHome.localdomain (dynamic-077-000-131-054.77.0.pool.telefonica.de. [77.0.131.54]) by smtp.gmail.com with ESMTPSA id gi15sm4666070ejc.139.2022.02.10.10.52.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Feb 2022 10:52:38 -0800 (PST) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 1/3] libsepol: use correct error type to please UBSAN Date: Thu, 10 Feb 2022 19:52:32 +0100 Message-Id: <20220210185234.41362-1-cgzones@googlemail.com> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org The callback function apply in hashtap_map has a return type of int and can return -1 on error. Use int as type to save the return value to avoid implicit conversions: hashtab.c:236:10: runtime error: implicit conversion from type 'int' of value -1 (32-bit, signed) to type 'unsigned int' changed the value to 4294967295 (32-bit, unsigned) Signed-off-by: Christian Göttsche Acked-by: James Carter --- libsepol/src/hashtab.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libsepol/src/hashtab.c b/libsepol/src/hashtab.c index 2eb35212..3ecaf165 100644 --- a/libsepol/src/hashtab.c +++ b/libsepol/src/hashtab.c @@ -224,8 +224,9 @@ int hashtab_map(hashtab_t h, int (*apply) (hashtab_key_t k, hashtab_datum_t d, void *args), void *args) { - unsigned int i, ret; + unsigned int i; hashtab_ptr_t cur; + int ret; if (!h) return SEPOL_OK; From patchwork Thu Feb 10 18:52:33 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12742305 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 476A3C433F5 for ; Thu, 10 Feb 2022 18:52:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229590AbiBJSwl (ORCPT ); Thu, 10 Feb 2022 13:52:41 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:38890 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243255AbiBJSwk (ORCPT ); Thu, 10 Feb 2022 13:52:40 -0500 Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5A371F28 for ; Thu, 10 Feb 2022 10:52:41 -0800 (PST) Received: by mail-ej1-x636.google.com with SMTP id e7so13456759ejn.13 for ; Thu, 10 Feb 2022 10:52:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=46c/pBBVAt5wIgF80hVXdkR6N98zzl+fl7ohI4vU8/Q=; b=T0s+cYDZKFvqFxz9JVRVKKCtVmvShej7m/TRVUYPYgJ1pfhmlyd+ULEa62HAvEtKIK 2U8X3hPSz2wDOGzYShaAOvCBrQjM70j8KuIqvpj1hZmPkvxHYHKwloeVRqFkmXyji0iv BvRBuZ91TC9ajTbEQJIemsSLPagjkoyEzuBc5IvchBZWl9C/1S6ZVieTsECsgZweJul1 hc0T+ySis1zoXU7TOnn8dqRo74n3GCRVMeAh1KuGRP7debRTjU/bNuCOFa24FKX6EZL4 aj69pVcAdUyBJykn6EqZ+9JROYoHNNhHzt2LpJSGdCwziqynFyG1LcFSs29/TEJ4MdIS 0jHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=46c/pBBVAt5wIgF80hVXdkR6N98zzl+fl7ohI4vU8/Q=; b=22wTf0FFf6+hp5mr8e19ZSLU6F8hDN76o+JarObEp8ZEuroj8jiJUEoqG1H9WnAHAR NSZwi858906B7p7pG1ca9Tg9DjcELhenCEAyMSwPXKJun94yK0XicCiotOkj59e2+u6t Prj57Iw+M/8pHLsErd2hoigFkFkjoJR8X58FSz1GWkrLySRGKtL38UWPaUO1paMuq9Br l3tgP410qzETTuv/DVsFgw4vmD4KY2hrLj3EyAwzIBbRqHYnE9T3CMy+Qs3Z8M9xfjmK MukiHc7+CwnSJVO/91FakwoEVGl22rpcMXvA1ItexSOAxd5IV70zPnHiHHe4vbeXGKVs AGvQ== X-Gm-Message-State: AOAM53206PLAMStYcZSAJyZcsFHUt4vRxTE5kDheKZXo1sL/keBoCgDn ZJp6Y3veiqjfiVWTbeXVPtoxUX+VuB4= X-Google-Smtp-Source: ABdhPJx+yWy0xOv2ikd4DsLfWb4F2AVD5bFYk3xv22VaXCs5B6I1A3ERmDI8uEnKbtipYJ0zpCD3Wg== X-Received: by 2002:a17:906:7289:: with SMTP id b9mr7583110ejl.171.1644519159936; Thu, 10 Feb 2022 10:52:39 -0800 (PST) Received: from debianHome.localdomain (dynamic-077-000-131-054.77.0.pool.telefonica.de. [77.0.131.54]) by smtp.gmail.com with ESMTPSA id gi15sm4666070ejc.139.2022.02.10.10.52.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Feb 2022 10:52:39 -0800 (PST) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 2/3] libsepol: more strict constraint validation Date: Thu, 10 Feb 2022 19:52:33 +0100 Message-Id: <20220210185234.41362-2-cgzones@googlemail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220210185234.41362-1-cgzones@googlemail.com> References: <20220210185234.41362-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check the permission bitset in normal constraints is not empty and has no invalid bits set. Check the names and type_names members are empty in case they are not used. Check the operator and attribute type are not set for simple expression types. Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 43 +++++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 0650f4d1..41822e61 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -130,6 +130,21 @@ bad: return -1; } +static int validate_empty_type_set(type_set_t *type_set) +{ + if (!ebitmap_is_empty(&type_set->types)) + goto bad; + if (!ebitmap_is_empty(&type_set->negset)) + goto bad; + if (type_set->flags != 0) + goto bad; + + return 0; + +bad: + return -1; +} + static int validate_role_set(role_set_t *role_set, validate_t *role) { if (validate_ebitmap(&role_set->roles, role)) @@ -176,23 +191,37 @@ bad: return -1; } -static int validate_constraint_nodes(sepol_handle_t *handle, constraint_node_t *cons, validate_t flavors[]) +static int validate_constraint_nodes(sepol_handle_t *handle, unsigned int nperms, constraint_node_t *cons, validate_t flavors[]) { constraint_expr_t *cexp; for (; cons; cons = cons->next) { + if (nperms > 0 && cons->permissions == 0) + goto bad; + if (nperms > 0 && nperms != PERM_SYMTAB_SIZE && cons->permissions >= (UINT32_C(1) << nperms)) + goto bad; + for (cexp = cons->expr; cexp; cexp = cexp->next) { if (cexp->attr & CEXPR_USER) { if (validate_ebitmap(&cexp->names, &flavors[SYM_USERS])) goto bad; + if (validate_empty_type_set(cexp->type_names)) + goto bad; } else if (cexp->attr & CEXPR_ROLE) { if (validate_ebitmap(&cexp->names, &flavors[SYM_ROLES])) goto bad; + if (validate_empty_type_set(cexp->type_names)) + goto bad; } else if (cexp->attr & CEXPR_TYPE) { if (validate_ebitmap(&cexp->names, &flavors[SYM_TYPES])) goto bad; if (validate_type_set(cexp->type_names, &flavors[SYM_TYPES])) goto bad; + } else { + if (!ebitmap_is_empty(&cexp->names)) + goto bad; + if (validate_empty_type_set(cexp->type_names)) + goto bad; } if (cexp->expr_type == CEXPR_ATTR || cexp->expr_type == CEXPR_NAMES) { @@ -236,6 +265,12 @@ static int validate_constraint_nodes(sepol_handle_t *handle, constraint_node_t * default: goto bad; } + + if (cexp->op != 0) + goto bad; + + if (cexp->attr != 0) + goto bad; } } } @@ -251,11 +286,11 @@ static int validate_class_datum(sepol_handle_t *handle, class_datum_t *class, va { if (validate_value(class->s.value, &flavors[SYM_CLASSES])) goto bad; - if (validate_constraint_nodes(handle, class->constraints, flavors)) + if (class->permissions.nprim > PERM_SYMTAB_SIZE) goto bad; - if (validate_constraint_nodes(handle, class->validatetrans, flavors)) + if (validate_constraint_nodes(handle, class->permissions.nprim, class->constraints, flavors)) goto bad; - if (class->permissions.nprim > PERM_SYMTAB_SIZE) + if (validate_constraint_nodes(handle, 0, class->validatetrans, flavors)) goto bad; switch (class->default_user) { From patchwork Thu Feb 10 18:52:34 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 12742306 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8ECCBC433FE for ; Thu, 10 Feb 2022 18:52:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343544AbiBJSwm (ORCPT ); Thu, 10 Feb 2022 13:52:42 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:38916 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243255AbiBJSwl (ORCPT ); Thu, 10 Feb 2022 13:52:41 -0500 Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2CE38F54 for ; Thu, 10 Feb 2022 10:52:42 -0800 (PST) Received: by mail-ed1-x529.google.com with SMTP id b13so12680822edn.0 for ; Thu, 10 Feb 2022 10:52:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20210112; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=Nog+bdpN4G0Lx3adnFJRBEOyha29dgljkyg7NlpIc2w=; b=Q8WdjfyJRC/vkeI8qW9kFhFS8vDwfeTHxs92ZIQWn9llF8dVGEeKU3C/7AWmjxTNdS qZ/X0T8b+04mP4Buq6fqv5D5ekjSF9iqc9te86nRrXC5Q4b9yWRuUWFEPgj+Zu6t1hGL EOgcaWpAnVgya0ftaFYS5fv4GihovYXZ1EA6Lq/b+4OsKE0ngiDiUFgCOxKUFE22dcVu Sig+usF06KyQ0jix0c9rz/cIsVcjBNYmLT+RQuZ6oPDhA+E+NfSpwZSSf4fQvqss4B6X b8E7VimuQ82MytpHpaRheltlJCtvSUWaf/e6+SuLtnh/EXgUEB0MsjBUSqqpodtegpxd djSg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Nog+bdpN4G0Lx3adnFJRBEOyha29dgljkyg7NlpIc2w=; b=Fwj7f7pgv0cvNyG8A0AHHdCENNr8BHeZ08rj/TtAp471tCY+pedPaDIos4HVnD7NXd LC/NeFMCfIYRhzfiJy0zhJBN+ud3pP1J0dgIvnH9479PNGL0Z121ZT+UaZEJ6zWijBYB STw0aZlUA2MzyHwR+bnze9EcSeUmhSHIWm1zbPmFlMf9Lpp/8TV3uO4DhuTrkIIb/wx3 m+1jXfErcRwbhWRIgf5cwmzcOllCj9UCVCGv7e9jeXauF2e2Zp+WC18MIuW6m46MTdp/ 8NNiYBZbzHvxotEPQDhhQhzqTaCkwfHZpDGFUZPRzQopyeYDFkW8kl9vQWc9Q8epoRe4 8TYA== X-Gm-Message-State: AOAM530w+abCmHxgP1tsVAsItPJ6McCjcOfVAVVJaRS06kdk7PM8UUhE pYYMNIHNRrPh97tobjW2Q4tDXEbY348= X-Google-Smtp-Source: ABdhPJy6ADuFY5+9gEdijEFN/DjhIb0yx8I10k2dJ0/fvqzUqACHO3QKcRaJ/WmQBQO/BAJuesZn0g== X-Received: by 2002:aa7:d541:: with SMTP id u1mr9656759edr.388.1644519160649; Thu, 10 Feb 2022 10:52:40 -0800 (PST) Received: from debianHome.localdomain (dynamic-077-000-131-054.77.0.pool.telefonica.de. [77.0.131.54]) by smtp.gmail.com with ESMTPSA id gi15sm4666070ejc.139.2022.02.10.10.52.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Feb 2022 10:52:40 -0800 (PST) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 3/3] libsepol: validate several flags Date: Thu, 10 Feb 2022 19:52:34 +0100 Message-Id: <20220210185234.41362-3-cgzones@googlemail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20220210185234.41362-1-cgzones@googlemail.com> References: <20220210185234.41362-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Check the type for type and role sets is valid. Check the scope of a scope datum is valid. Check the flavor and flags of a type datum are valid. Check xperms are set if and only if it is an extended permission avrule. Check xperms has a valid specified field. Check the flag of avrule blocks is valid. Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 86 +++++++++++++++++++++++++++++++- 1 file changed, 84 insertions(+), 2 deletions(-) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 41822e61..735c7a33 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -124,6 +124,15 @@ static int validate_type_set(type_set_t *type_set, validate_t *type) if (validate_ebitmap(&type_set->negset, type)) goto bad; + switch (type_set->flags) { + case 0: + case TYPE_STAR: + case TYPE_COMP: + break; + default: + goto bad; + } + return 0; bad: @@ -148,9 +157,21 @@ bad: static int validate_role_set(role_set_t *role_set, validate_t *role) { if (validate_ebitmap(&role_set->roles, role)) - return -1; + goto bad; + + switch (role_set->flags) { + case 0: + case ROLE_STAR: + case ROLE_COMP: + break; + default: + goto bad; + } return 0; + +bad: + return -1; } static int validate_scope(__attribute__ ((unused)) hashtab_key_t k, hashtab_datum_t d, void *args) @@ -159,12 +180,23 @@ static int validate_scope(__attribute__ ((unused)) hashtab_key_t k, hashtab_datu uint32_t *nprim = (uint32_t *)args; unsigned int i; + switch (scope_datum->scope) { + case SCOPE_REQ: + case SCOPE_DECL: + break; + default: + goto bad; + } + for (i = 0; i < scope_datum->decl_ids_len; i++) { if (!value_isvalid(scope_datum->decl_ids[i], *nprim)) - return -1; + goto bad; } return 0; + +bad: + return -1; } static int validate_scopes(sepol_handle_t *handle, symtab_t scopes[], avrule_block_t *block) @@ -403,6 +435,26 @@ static int validate_type_datum(sepol_handle_t *handle, type_datum_t *type, valid if (type->bounds && validate_value(type->bounds, &flavors[SYM_TYPES])) goto bad; + switch (type->flavor) { + case TYPE_TYPE: + case TYPE_ATTRIB: + case TYPE_ALIAS: + break; + default: + goto bad; + } + + switch (type->flags) { + case 0: + case TYPE_FLAGS_PERMISSIVE: + case TYPE_FLAGS_EXPAND_ATTR_TRUE: + case TYPE_FLAGS_EXPAND_ATTR_FALSE: + case TYPE_FLAGS_EXPAND_ATTR: + break; + default: + goto bad; + } + return 0; bad: @@ -688,6 +740,7 @@ static int validate_avrules(sepol_handle_t *handle, avrule_t *avrule, validate_t if (validate_value(class->tclass, &flavors[SYM_CLASSES])) goto bad; } + switch(avrule->specified) { case AVRULE_ALLOWED: case AVRULE_AUDITALLOW: @@ -705,6 +758,27 @@ static int validate_avrules(sepol_handle_t *handle, avrule_t *avrule, validate_t default: goto bad; } + + if (avrule->specified & AVRULE_XPERMS) { + if (!avrule->xperms) + goto bad; + switch (avrule->xperms->specified) { + case AVRULE_XPERMS_IOCTLFUNCTION: + case AVRULE_XPERMS_IOCTLDRIVER: + break; + default: + goto bad; + } + } else if (avrule->xperms) + goto bad; + + switch(avrule->flags) { + case 0: + case RULE_SELF: + break; + default: + goto bad; + } } return 0; @@ -1041,6 +1115,14 @@ static int validate_avrule_blocks(sepol_handle_t *handle, avrule_block_t *avrule if (validate_symtabs(handle, decl->symtab, flavors)) goto bad; } + + switch (avrule_block->flags) { + case 0: + case AVRULE_OPTIONAL: + break; + default: + goto bad; + } } return 0;