1. 24 Jun, 2021 26 commits
  2. 22 Jun, 2021 4 commits
    • James Carter's avatar
      libsepol: Quote paths when generating policy.conf from binary policy · ce1025bf
      James Carter authored
      Christian Göttsche <cgzones@googlemail.com> submitted a similar patch
      to quote paths when generating CIL policy from a binary policy.
      
      Since genfscon and devicetreecon rules have paths which are allowed
      to contain spaces, always quote the path when writing out these rules.
      Signed-off-by: default avatarJames Carter <jwcart2@gmail.com>
      Acked-by: default avatarPetr Lautrbach <plautrba@redhat.com>
      ce1025bf
    • James Carter's avatar
      secilc/test: Add test for anonymous args · 4a60fd78
      James Carter authored
      CIL has rules that allow names to be assigned to certain objects
      like MLS category sets, MLS levels, MLS ranges, IP addresses, and
      class permission sets. These objects can also be named as parameters
      for a macro. A call may pass in a name for one of these objects, but
      it also may pass in one of the actual objects. These objects are
      referred as anonymous arguments.
      
      Add CIL policy that can be used to test whether or not anonymous
      arguments are being handled properly in macros. Also test the
      equivalent named arguments to help determine if the problem is with
      that argument type or just with an anonymous argument of that type.
      
      The anonymouse arguments that are tested are categoryset, level,
      levelrange, ipaddr, and classpermission.
      Signed-off-by: default avatarJames Carter <jwcart2@gmail.com>
      Acked-by: default avatarNicolas Iooss <nicolas.iooss@m4x.org>
      4a60fd78
    • James Carter's avatar
      libsepol/cil: Account for anonymous category sets in an expression · 982ec302
      James Carter authored
      It is possible for anonymous category sets to be in a category
      expression if the expression has a macro parameter in it.
      Unfortunately, anonymous category sets are not looked for when
      resolving category expressions and a segfault will occur during
      later processing if there was one.
      
      As an example, consider the following portion of a policy.
        (macro m1 ((categoryset cs))
          (userlevel USER (s0 (cs)))
        )
        (call m1 ((c0 c1)))
      This policy will cause a segault, because the categoryset datum
      for the parameter cs is not seen as a categoryset and is treated
      as a plain category.
      
      When resolving an expression, check whether or not the datum that
      is found is actually an anonymous category set associated with a
      macro parameter. If it is, then resolve the category set if it
      has not already been resolved and treat its categories as a sub
      expression.
      Signed-off-by: default avatarJames Carter <jwcart2@gmail.com>
      Acked-by: default avatarNicolas Iooss <nicolas.iooss@m4x.org>
      982ec302
    • James Carter's avatar
      libsepol/cil: Fix anonymous IP address call arguments · 9ac9d2da
      James Carter authored
      A named IP address (using an ipaddr rule) could be passed as an
      argument, but trying to pass an actual IP address caused an error.
      
      As an exmample, consider the following portion of a policy.
        (macro m4 ((ipaddr ip)(ipaddr nm))
          (nodecon ip nm (USER ROLE TYPE ((s0) (s0))))
        )
        (ipaddr nm1 255.255.255.0)
        (ipaddr ip1 1.2.3.4)
        (call m4 (ip1 nm1)) ; This works
        (call m4 (1.2.3.4 255.255.255.0)) ; This doesn't
      
      Allow actual IP addresses to be passed as a call argument. Now the
      second call works as well.
      Signed-off-by: default avatarJames Carter <jwcart2@gmail.com>
      Acked-by: default avatarNicolas Iooss <nicolas.iooss@m4x.org>
      9ac9d2da
  3. 18 Jun, 2021 3 commits
  4. 14 Jun, 2021 1 commit
  5. 09 Jun, 2021 2 commits
  6. 04 Jun, 2021 4 commits
    • James Carter's avatar
      libsepol/cil: Resolve anonymous levels only once · d8b90f8a
      James Carter authored
      Anonymous levels can be passed as call arguments and they can
      appear in anonymous levelranges as well.
      
      Anonymous call arguments are resolved when they are used in a rule.
      If more than one rule uses the anonymous level, then a memory leak
      will occur when a new list for the category datum expression is
      created without destroying the old one.
      
      When resolving a level, check if the sensitivity datum has already
      been resolved. If it has, then the categories have been as well.
      Signed-off-by: default avatarJames Carter <jwcart2@gmail.com>
      d8b90f8a
    • James Carter's avatar
      libsepol/cil: Pointers to datums should be set to NULL when resetting · 73d991ab
      James Carter authored
      Set the pointer to the sensitivity in levels, the pointers to the low
      and high levels in levelranges, the pointer to the level in userlevels,
      the pointer to the range in userranges, and the pointers to contexts
      in ocontexts to NULL.
      Signed-off-by: default avatarJames Carter <jwcart2@gmail.com>
      73d991ab
    • James Carter's avatar
      libsepol/cil: Resolve anonymous class permission sets only once · a8dcf4d5
      James Carter authored
      Anonymous class permission sets can be passed as call arguments.
      Anonymous call arguments are resolved when they are used in a
      rule. [This is because all the information might not be present
      (like common permissions being added to a class) when the call
      itself is resolved.] If there is more than one rule using an
      anonymous class permission set, then a memory leak will occur
      when a new list for the permission datum expression is created
      without destroying the old one.
      
      When resolving the class and permissions, check if the class has
      already been resolved. If it has, then the permissions have been
      as well.
      
      This bug was found by the secilc-fuzzer.
      Signed-off-by: default avatarJames Carter <jwcart2@gmail.com>
      a8dcf4d5
    • James Carter's avatar
      libsepol/cil: Limit the number of open parenthesis allowed · 69fc31d1
      James Carter authored
      When parsing a CIL policy, the number of open parenthesis is tracked
      to verify that each has a matching close parenthesis. If there are
      too many open parenthesis, a stack overflow could occur during later
      processing.
      
      Exit with an error if the number of open parenthesis exceeds 4096
      (which should be enough for any policy.)
      
      This bug was found by the secilc-fuzzer.
      Signed-off-by: default avatarJames Carter <jwcart2@gmail.com>
      69fc31d1