From: James Carter <jwcart2@gmail.com>
To: selinux@vger.kernel.org
Cc: nicolas.iooss@m4x.org, James Carter <jwcart2@gmail.com>
Subject: [PATCH 07/11 v2] libsepol/cil: Exit with an error if declaration name is a reserved word
Date: Thu, 8 Apr 2021 15:16:10 -0400 [thread overview]
Message-ID: <20210408191614.262173-8-jwcart2@gmail.com> (raw)
In-Reply-To: <20210408191614.262173-1-jwcart2@gmail.com>
When CIL parses sets or conditional expressions, any identifier that
matches an operator name will always be taken as an operator. If a
declaration has the same name as an operator, then there is the
possibility of causing either confusion or a syntax error if it is
used in an expression. The potential for problems is much greater
than any possible advantage in allowing a declaration to share the
name of a reserved word.
Create a new function, __cil_is_reserved_name() that is called when
an identifier is declared and its name is being validated. In this
function, check if the declaration has the same name as a reserved
word for an expression operator that can be used with the identifer's
flavor and exit with an error if it does.
Also, move the check for types, type aliases, and type attributes
matching the reserved word "self" to this new function.
Finally, change the name of the function __cil_verify_name() to
cil_verify_name(), since this function is neither static nor a
helper function.
Signed-off-by: James Carter <jwcart2@gmail.com>
---
v2:
Remove the check for u1, u2, u3, r1, r2, r3, t1, t2, and t3
Removed example because that really shows a different bug
Reworded the explanation
libsepol/cil/src/cil_build_ast.c | 28 ++---------------
libsepol/cil/src/cil_verify.c | 52 +++++++++++++++++++++++++++++++-
libsepol/cil/src/cil_verify.h | 2 +-
3 files changed, 54 insertions(+), 28 deletions(-)
diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
index 4e53f06a..e57de662 100644
--- a/libsepol/cil/src/cil_build_ast.c
+++ b/libsepol/cil/src/cil_build_ast.c
@@ -114,7 +114,7 @@ int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_s
symtab_t *symtab = NULL;
struct cil_symtab_datum *prev;
- rc = __cil_verify_name((const char*)key);
+ rc = cil_verify_name((const char*)key, nflavor);
if (rc != SEPOL_OK) {
goto exit;
}
@@ -1953,12 +1953,6 @@ int cil_gen_roleattribute(struct cil_db *db, struct cil_tree_node *parse_current
goto exit;
}
- if (parse_current->next->data == CIL_KEY_SELF) {
- cil_log(CIL_ERR, "The keyword '%s' is reserved\n", CIL_KEY_SELF);
- rc = SEPOL_ERR;
- goto exit;
- }
-
cil_roleattribute_init(&attr);
key = parse_current->next->data;
@@ -2337,12 +2331,6 @@ int cil_gen_type(struct cil_db *db, struct cil_tree_node *parse_current, struct
goto exit;
}
- if (parse_current->next->data == CIL_KEY_SELF) {
- cil_log(CIL_ERR, "The keyword '%s' is reserved\n", CIL_KEY_SELF);
- rc = SEPOL_ERR;
- goto exit;
- }
-
cil_type_init(&type);
key = parse_current->next->data;
@@ -2391,12 +2379,6 @@ int cil_gen_typeattribute(struct cil_db *db, struct cil_tree_node *parse_current
goto exit;
}
- if (parse_current->next->data == CIL_KEY_SELF) {
- cil_log(CIL_ERR, "The keyword '%s' is reserved\n", CIL_KEY_SELF);
- rc = SEPOL_ERR;
- goto exit;
- }
-
cil_typeattribute_init(&attr);
key = parse_current->next->data;
@@ -3048,12 +3030,6 @@ int cil_gen_alias(struct cil_db *db, struct cil_tree_node *parse_current, struct
goto exit;
}
- if (flavor == CIL_TYPEALIAS && parse_current->next->data == CIL_KEY_SELF) {
- cil_log(CIL_ERR, "The keyword '%s' is reserved\n", CIL_KEY_SELF);
- rc = SEPOL_ERR;
- goto exit;
- }
-
cil_alias_init(&alias);
key = parse_current->next->data;
@@ -5278,7 +5254,7 @@ int cil_gen_macro(struct cil_db *db, struct cil_tree_node *parse_current, struct
param->str = current_item->cl_head->next->data;
- rc = __cil_verify_name(param->str);
+ rc = cil_verify_name(param->str, param->flavor);
if (rc != SEPOL_OK) {
cil_destroy_param(param);
goto exit;
diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c
index 2707b6c9..6e46fef6 100644
--- a/libsepol/cil/src/cil_verify.c
+++ b/libsepol/cil/src/cil_verify.c
@@ -47,7 +47,51 @@
#include "cil_verify.h"
-int __cil_verify_name(const char *name)
+static int __cil_is_reserved_name(const char *name, enum cil_flavor flavor)
+{
+ switch (flavor) {
+ case CIL_BOOL:
+ case CIL_TUNABLE:
+ if ((name == CIL_KEY_EQ) || (name == CIL_KEY_NEQ))
+ return CIL_TRUE;
+ break;
+ case CIL_PERM:
+ case CIL_MAP_PERM:
+ case CIL_USER:
+ case CIL_USERATTRIBUTE:
+ case CIL_ROLE:
+ case CIL_ROLEATTRIBUTE:
+ if ((name == CIL_KEY_ALL))
+ return CIL_TRUE;
+ break;
+ case CIL_TYPE:
+ case CIL_TYPEATTRIBUTE:
+ case CIL_TYPEALIAS:
+ if ((name == CIL_KEY_ALL) || (name == CIL_KEY_SELF))
+ return CIL_TRUE;
+ break;
+ case CIL_CAT:
+ case CIL_CATSET:
+ case CIL_CATALIAS:
+ case CIL_PERMISSIONX:
+ if ((name == CIL_KEY_ALL) || (name == CIL_KEY_RANGE))
+ return CIL_TRUE;
+ break;
+ default:
+ /* All of these are not used in expressions */
+ return CIL_FALSE;
+ break;
+ }
+
+ /* Everything not under the default case is also checked for these */
+ if ((name == CIL_KEY_AND) || (name == CIL_KEY_OR) || (name == CIL_KEY_NOT) || (name == CIL_KEY_XOR)) {
+ return CIL_TRUE;
+ }
+
+ return CIL_FALSE;
+}
+
+int cil_verify_name(const char *name, enum cil_flavor flavor)
{
int rc = SEPOL_ERR;
int len;
@@ -77,6 +121,12 @@ int __cil_verify_name(const char *name)
goto exit;
}
}
+
+ if (__cil_is_reserved_name(name, flavor)) {
+ cil_log(CIL_ERR, "Name %s is a reserved word\n", name);
+ goto exit;
+ }
+
return SEPOL_OK;
exit:
diff --git a/libsepol/cil/src/cil_verify.h b/libsepol/cil/src/cil_verify.h
index 905761b0..1887ae3f 100644
--- a/libsepol/cil/src/cil_verify.h
+++ b/libsepol/cil/src/cil_verify.h
@@ -56,7 +56,7 @@ struct cil_args_verify {
int *pass;
};
-int __cil_verify_name(const char *name);
+int cil_verify_name(const char *name, enum cil_flavor flavor);
int __cil_verify_syntax(struct cil_tree_node *parse_current, enum cil_syntax s[], int len);
int cil_verify_expr_syntax(struct cil_tree_node *current, enum cil_flavor op, enum cil_flavor expr_flavor);
int cil_verify_constraint_leaf_expr_syntax(enum cil_flavor l_flavor, enum cil_flavor r_flavor, enum cil_flavor op, enum cil_flavor expr_flavor);
--
2.26.3
next prev parent reply other threads:[~2021-04-08 19:16 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-08 19:16 [PATCH 00/11] Various CIL patches James Carter
2021-04-08 19:16 ` [PATCH 01/11] libsepol/cil: Fix out-of-bound read of file context pattern ending with "\" James Carter
2021-04-08 19:16 ` [PATCH 02/11] libsepol/cil: Destroy classperms list when resetting classpermission James Carter
2021-04-08 19:16 ` [PATCH 03/11] libsepol/cil: Destroy classperm list when resetting map perms James Carter
2021-04-08 19:16 ` [PATCH 04/11] libsepol/cil: cil_reset_classperms_set() should not reset classpermission James Carter
2021-04-08 19:16 ` [PATCH 05/11] libsepol/cil: Set class field to NULL when resetting struct cil_classperms James Carter
2021-04-08 19:16 ` [PATCH 06/11] libsepol/cil: More strict verification of constraint leaf expressions James Carter
2021-04-08 19:16 ` James Carter [this message]
2021-04-08 19:16 ` [PATCH 08/11] libsepol/cil: Allow permission expressions when using map classes James Carter
2021-04-08 19:16 ` [PATCH 09/11] libsepol/cil: Refactor helper function for cil_gen_node() James Carter
2021-04-08 19:16 ` [PATCH 10/11] libsepol/cil: Create function cil_add_decl_to_symtab() and refactor James Carter
2021-04-08 19:16 ` [PATCH 11/11] libsepol/cil: Move check for the shadowing of macro parameters James Carter
2021-04-15 20:44 ` [PATCH 00/11] Various CIL patches James Carter
2021-04-19 16:20 ` Petr Lautrbach
2021-04-19 18:24 ` James Carter
2021-04-19 15:15 [PATCH 00/11 v2] " James Carter
2021-04-19 15:15 ` [PATCH 07/11 v2] libsepol/cil: Exit with an error if declaration name is a reserved word James Carter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210408191614.262173-8-jwcart2@gmail.com \
--to=jwcart2@gmail.com \
--cc=nicolas.iooss@m4x.org \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.