Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
libsepol/cil: Improve degenerate inheritance check
The commit 74d00a8 (libsepol/cil: Detect degenerate inheritance and exit with an error) detects the use of inheritance (mostly by the secilc-fuzzer and not in any real policies) that results in the exponential growth of the policy through the copying of blocks that takes place with inheritance in CIL. Unfortunately, the check takes place during the pass when all the blocks are being copied, so it is possible to consume all of a system's memory before an error is produced. The new check happens in two parts. First, a check is made while the block inheritance is being linked to the block it will inherit. In this check, all of the parent nodes of the inheritance rule up to the root node are checked and if enough of these blocks are being inherited (>= CIL_DEGENERATE_INHERITANCE_DEPTH), then a flag is set for a more in-depth check after the pass. This in-depth check will determine the number of potential inheritances that will occur when resolving the all of the inheritance rules. If this value is greater than CIL_DEGENERATE_INHERITANCE_GROWTH * the original number of inheritance rules and greater than CIL_DEGENERATE_INHERITANCE_MINIMUM (which is set to 0x1 << CIL_DEGENERATE_INHERITANCE_DEPTH), then degenerate inheritance is determined to have occurred and an error result will be returned. Since the potential number of inheritances can quickly be an extremely large number, the count of potential inheritances is aborted as soon as the threshold for degenerate inheritance has been exceeded. Normal policies should rarely, if ever, have the in-depth check occur. Signed-off-by: James Carter <jwcart2@gmail.com> Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
- Loading branch information
Showing
2 changed files
with
151 additions
and
80 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters