* [PATCH] libsepol: fix validation of user declarations in modules
@ 2022-06-07 15:01 Christian Göttsche
2022-06-08 18:41 ` James Carter
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Christian Göttsche @ 2022-06-07 15:01 UTC (permalink / raw)
To: selinux; +Cc: bauen1
Users are allowed to be declared in modules. Modules do not get expanded
leaving the `struct user_datum` members `exp_range` and `exp_dfltlevel`
empty.
Do no validate the expanded range and level for modular polices.
Reported-by: bauen1 <j2468h@gmail.com>
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libsepol/src/policydb_validate.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index da18282b..99d4eb7f 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -18,7 +18,7 @@ typedef struct validate {
typedef struct map_arg {
validate_t *flavors;
sepol_handle_t *handle;
- int mls;
+ policydb_t *policy;
} map_arg_t;
static int create_gap_ebitmap(char **val_to_name, uint32_t nprim, ebitmap_t *gaps)
@@ -571,7 +571,7 @@ static int validate_mls_range(mls_range_t *range, validate_t *sens, validate_t *
return -1;
}
-static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[], int mls)
+static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[], policydb_t *p)
{
if (validate_value(user->s.value, &flavors[SYM_USERS]))
goto bad;
@@ -581,9 +581,9 @@ static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, valid
goto bad;
if (validate_mls_semantic_level(&user->dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
goto bad;
- if (mls && validate_mls_range(&user->exp_range, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
+ if (p->mls && p->policy_type != POLICY_MOD && validate_mls_range(&user->exp_range, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
goto bad;
- if (mls && validate_mls_level(&user->exp_dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
+ if (p->mls && p->policy_type != POLICY_MOD && validate_mls_level(&user->exp_dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
goto bad;
if (user->bounds && validate_value(user->bounds, &flavors[SYM_USERS]))
goto bad;
@@ -599,7 +599,7 @@ static int validate_user_datum_wrapper(__attribute__((unused)) hashtab_key_t k,
{
map_arg_t *margs = args;
- return validate_user_datum(margs->handle, d, margs->flavors, margs->mls);
+ return validate_user_datum(margs->handle, d, margs->flavors, margs->policy);
}
static int validate_bool_datum(sepol_handle_t *handle, cond_bool_datum_t *boolean, validate_t flavors[])
@@ -689,7 +689,7 @@ static int validate_datum(__attribute__ ((unused))hashtab_key_t k, hashtab_datum
static int validate_datum_array_entries(sepol_handle_t *handle, policydb_t *p, validate_t flavors[])
{
- map_arg_t margs = { flavors, handle, p->mls };
+ map_arg_t margs = { flavors, handle, p };
if (hashtab_map(p->p_commons.table, validate_common_datum_wrapper, &margs))
goto bad;
--
2.36.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] libsepol: fix validation of user declarations in modules
2022-06-07 15:01 [PATCH] libsepol: fix validation of user declarations in modules Christian Göttsche
@ 2022-06-08 18:41 ` James Carter
2022-06-15 13:47 ` James Carter
2022-06-08 19:16 ` Nicolas Iooss
2022-06-09 8:19 ` [PATCH v2] libsepol: fix validation of user declarations in non-base modules Christian Göttsche
2 siblings, 1 reply; 7+ messages in thread
From: James Carter @ 2022-06-08 18:41 UTC (permalink / raw)
To: Christian Göttsche; +Cc: SElinux list, bauen1
On Tue, Jun 7, 2022 at 11:54 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> Users are allowed to be declared in modules. Modules do not get expanded
> leaving the `struct user_datum` members `exp_range` and `exp_dfltlevel`
> empty.
> Do no validate the expanded range and level for modular polices.
>
> Reported-by: bauen1 <j2468h@gmail.com>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>
> ---
> libsepol/src/policydb_validate.c | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
> index da18282b..99d4eb7f 100644
> --- a/libsepol/src/policydb_validate.c
> +++ b/libsepol/src/policydb_validate.c
> @@ -18,7 +18,7 @@ typedef struct validate {
> typedef struct map_arg {
> validate_t *flavors;
> sepol_handle_t *handle;
> - int mls;
> + policydb_t *policy;
> } map_arg_t;
>
> static int create_gap_ebitmap(char **val_to_name, uint32_t nprim, ebitmap_t *gaps)
> @@ -571,7 +571,7 @@ static int validate_mls_range(mls_range_t *range, validate_t *sens, validate_t *
> return -1;
> }
>
> -static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[], int mls)
> +static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[], policydb_t *p)
> {
> if (validate_value(user->s.value, &flavors[SYM_USERS]))
> goto bad;
> @@ -581,9 +581,9 @@ static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, valid
> goto bad;
> if (validate_mls_semantic_level(&user->dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
> goto bad;
> - if (mls && validate_mls_range(&user->exp_range, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
> + if (p->mls && p->policy_type != POLICY_MOD && validate_mls_range(&user->exp_range, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
> goto bad;
> - if (mls && validate_mls_level(&user->exp_dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
> + if (p->mls && p->policy_type != POLICY_MOD && validate_mls_level(&user->exp_dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
> goto bad;
> if (user->bounds && validate_value(user->bounds, &flavors[SYM_USERS]))
> goto bad;
> @@ -599,7 +599,7 @@ static int validate_user_datum_wrapper(__attribute__((unused)) hashtab_key_t k,
> {
> map_arg_t *margs = args;
>
> - return validate_user_datum(margs->handle, d, margs->flavors, margs->mls);
> + return validate_user_datum(margs->handle, d, margs->flavors, margs->policy);
> }
>
> static int validate_bool_datum(sepol_handle_t *handle, cond_bool_datum_t *boolean, validate_t flavors[])
> @@ -689,7 +689,7 @@ static int validate_datum(__attribute__ ((unused))hashtab_key_t k, hashtab_datum
>
> static int validate_datum_array_entries(sepol_handle_t *handle, policydb_t *p, validate_t flavors[])
> {
> - map_arg_t margs = { flavors, handle, p->mls };
> + map_arg_t margs = { flavors, handle, p };
>
> if (hashtab_map(p->p_commons.table, validate_common_datum_wrapper, &margs))
> goto bad;
> --
> 2.36.1
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] libsepol: fix validation of user declarations in modules
2022-06-07 15:01 [PATCH] libsepol: fix validation of user declarations in modules Christian Göttsche
2022-06-08 18:41 ` James Carter
@ 2022-06-08 19:16 ` Nicolas Iooss
2022-06-09 8:27 ` Christian Göttsche
2022-06-09 8:19 ` [PATCH v2] libsepol: fix validation of user declarations in non-base modules Christian Göttsche
2 siblings, 1 reply; 7+ messages in thread
From: Nicolas Iooss @ 2022-06-08 19:16 UTC (permalink / raw)
To: Christian Göttsche; +Cc: SElinux list, bauen1
On Tue, Jun 7, 2022 at 5:02 PM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> Users are allowed to be declared in modules. Modules do not get expanded
> leaving the `struct user_datum` members `exp_range` and `exp_dfltlevel`
> empty.
> Do no validate the expanded range and level for modular polices.
>
> Reported-by: bauen1 <j2468h@gmail.com>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
> libsepol/src/policydb_validate.c | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
> index da18282b..99d4eb7f 100644
> --- a/libsepol/src/policydb_validate.c
> +++ b/libsepol/src/policydb_validate.c
> @@ -18,7 +18,7 @@ typedef struct validate {
> typedef struct map_arg {
> validate_t *flavors;
> sepol_handle_t *handle;
> - int mls;
> + policydb_t *policy;
> } map_arg_t;
Hello,
As the policy is not modified, could this pointer be "const policydb_t
*policy;"? (And the last parameter of validate_user_datum be "const
policydb_t *p"). On the other hand, as policydb_validate.c does not
use any const pointer, feel free to disregard my comment.
This patch nevertheless looks good to me too.
Thanks!
Nicolas
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v2] libsepol: fix validation of user declarations in non-base modules
2022-06-07 15:01 [PATCH] libsepol: fix validation of user declarations in modules Christian Göttsche
2022-06-08 18:41 ` James Carter
2022-06-08 19:16 ` Nicolas Iooss
@ 2022-06-09 8:19 ` Christian Göttsche
2022-06-15 18:18 ` James Carter
2 siblings, 1 reply; 7+ messages in thread
From: Christian Göttsche @ 2022-06-09 8:19 UTC (permalink / raw)
To: selinux; +Cc: Christian Göttsche, bauen1
Users may be declared in non-base modules, which do not get expanded,
leaving the `struct user_datum` members `exp_range` and `exp_dfltlevel`
empty.
Skip validation of the expanded range and level for non-base module
polices.
Reported-by: bauen1 <j2468h@gmail.com>
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
v2:
- update commit description and fix typos
---
libsepol/src/policydb_validate.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index da18282b..99d4eb7f 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -18,7 +18,7 @@ typedef struct validate {
typedef struct map_arg {
validate_t *flavors;
sepol_handle_t *handle;
- int mls;
+ policydb_t *policy;
} map_arg_t;
static int create_gap_ebitmap(char **val_to_name, uint32_t nprim, ebitmap_t *gaps)
@@ -571,7 +571,7 @@ static int validate_mls_range(mls_range_t *range, validate_t *sens, validate_t *
return -1;
}
-static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[], int mls)
+static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[], policydb_t *p)
{
if (validate_value(user->s.value, &flavors[SYM_USERS]))
goto bad;
@@ -581,9 +581,9 @@ static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, valid
goto bad;
if (validate_mls_semantic_level(&user->dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
goto bad;
- if (mls && validate_mls_range(&user->exp_range, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
+ if (p->mls && p->policy_type != POLICY_MOD && validate_mls_range(&user->exp_range, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
goto bad;
- if (mls && validate_mls_level(&user->exp_dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
+ if (p->mls && p->policy_type != POLICY_MOD && validate_mls_level(&user->exp_dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
goto bad;
if (user->bounds && validate_value(user->bounds, &flavors[SYM_USERS]))
goto bad;
@@ -599,7 +599,7 @@ static int validate_user_datum_wrapper(__attribute__((unused)) hashtab_key_t k,
{
map_arg_t *margs = args;
- return validate_user_datum(margs->handle, d, margs->flavors, margs->mls);
+ return validate_user_datum(margs->handle, d, margs->flavors, margs->policy);
}
static int validate_bool_datum(sepol_handle_t *handle, cond_bool_datum_t *boolean, validate_t flavors[])
@@ -689,7 +689,7 @@ static int validate_datum(__attribute__ ((unused))hashtab_key_t k, hashtab_datum
static int validate_datum_array_entries(sepol_handle_t *handle, policydb_t *p, validate_t flavors[])
{
- map_arg_t margs = { flavors, handle, p->mls };
+ map_arg_t margs = { flavors, handle, p };
if (hashtab_map(p->p_commons.table, validate_common_datum_wrapper, &margs))
goto bad;
--
2.36.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] libsepol: fix validation of user declarations in modules
2022-06-08 19:16 ` Nicolas Iooss
@ 2022-06-09 8:27 ` Christian Göttsche
0 siblings, 0 replies; 7+ messages in thread
From: Christian Göttsche @ 2022-06-09 8:27 UTC (permalink / raw)
To: Nicolas Iooss; +Cc: SElinux list, bauen1, Paul Moore
On Wed, 8 Jun 2022 at 21:16, Nicolas Iooss <nicolas.iooss@m4x.org> wrote:
>
> On Tue, Jun 7, 2022 at 5:02 PM Christian Göttsche
> <cgzones@googlemail.com> wrote:
> >
> > Users are allowed to be declared in modules. Modules do not get expanded
> > leaving the `struct user_datum` members `exp_range` and `exp_dfltlevel`
> > empty.
> > Do no validate the expanded range and level for modular polices.
> >
> > Reported-by: bauen1 <j2468h@gmail.com>
> > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> > ---
> > libsepol/src/policydb_validate.c | 12 ++++++------
> > 1 file changed, 6 insertions(+), 6 deletions(-)
> >
> > diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
> > index da18282b..99d4eb7f 100644
> > --- a/libsepol/src/policydb_validate.c
> > +++ b/libsepol/src/policydb_validate.c
> > @@ -18,7 +18,7 @@ typedef struct validate {
> > typedef struct map_arg {
> > validate_t *flavors;
> > sepol_handle_t *handle;
> > - int mls;
> > + policydb_t *policy;
> > } map_arg_t;
>
> Hello,
> As the policy is not modified, could this pointer be "const policydb_t
> *policy;"? (And the last parameter of validate_user_datum be "const
> policydb_t *p"). On the other hand, as policydb_validate.c does not
> use any const pointer, feel free to disregard my comment.
>
Since policydb_validate.c does not use const pointer at all yet I
followed that style.
I might prepare a patch to constify all pointers and refactor the
logging mechanism,
since I like to add validation into the kernel to avoid crashes like
[1], especially
if SELinux gets namespace support [2].
[1]: https://github.com/SELinuxProject/selinux-testsuite/issues/76
[2]: https://patchwork.kernel.org/project/selinux/list/?series=632975
> This patch nevertheless looks good to me too.
> Thanks!
> Nicolas
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] libsepol: fix validation of user declarations in modules
2022-06-08 18:41 ` James Carter
@ 2022-06-15 13:47 ` James Carter
0 siblings, 0 replies; 7+ messages in thread
From: James Carter @ 2022-06-15 13:47 UTC (permalink / raw)
To: Christian Göttsche; +Cc: SElinux list, bauen1
On Wed, Jun 8, 2022 at 2:41 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Tue, Jun 7, 2022 at 11:54 AM Christian Göttsche
> <cgzones@googlemail.com> wrote:
> >
> > Users are allowed to be declared in modules. Modules do not get expanded
> > leaving the `struct user_datum` members `exp_range` and `exp_dfltlevel`
> > empty.
> > Do no validate the expanded range and level for modular polices.
> >
> > Reported-by: bauen1 <j2468h@gmail.com>
> > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> Acked-by: James Carter <jwcart2@gmail.com>
>
Merged.
Thanks,
Jim
> > ---
> > libsepol/src/policydb_validate.c | 12 ++++++------
> > 1 file changed, 6 insertions(+), 6 deletions(-)
> >
> > diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
> > index da18282b..99d4eb7f 100644
> > --- a/libsepol/src/policydb_validate.c
> > +++ b/libsepol/src/policydb_validate.c
> > @@ -18,7 +18,7 @@ typedef struct validate {
> > typedef struct map_arg {
> > validate_t *flavors;
> > sepol_handle_t *handle;
> > - int mls;
> > + policydb_t *policy;
> > } map_arg_t;
> >
> > static int create_gap_ebitmap(char **val_to_name, uint32_t nprim, ebitmap_t *gaps)
> > @@ -571,7 +571,7 @@ static int validate_mls_range(mls_range_t *range, validate_t *sens, validate_t *
> > return -1;
> > }
> >
> > -static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[], int mls)
> > +static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[], policydb_t *p)
> > {
> > if (validate_value(user->s.value, &flavors[SYM_USERS]))
> > goto bad;
> > @@ -581,9 +581,9 @@ static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, valid
> > goto bad;
> > if (validate_mls_semantic_level(&user->dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
> > goto bad;
> > - if (mls && validate_mls_range(&user->exp_range, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
> > + if (p->mls && p->policy_type != POLICY_MOD && validate_mls_range(&user->exp_range, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
> > goto bad;
> > - if (mls && validate_mls_level(&user->exp_dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
> > + if (p->mls && p->policy_type != POLICY_MOD && validate_mls_level(&user->exp_dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
> > goto bad;
> > if (user->bounds && validate_value(user->bounds, &flavors[SYM_USERS]))
> > goto bad;
> > @@ -599,7 +599,7 @@ static int validate_user_datum_wrapper(__attribute__((unused)) hashtab_key_t k,
> > {
> > map_arg_t *margs = args;
> >
> > - return validate_user_datum(margs->handle, d, margs->flavors, margs->mls);
> > + return validate_user_datum(margs->handle, d, margs->flavors, margs->policy);
> > }
> >
> > static int validate_bool_datum(sepol_handle_t *handle, cond_bool_datum_t *boolean, validate_t flavors[])
> > @@ -689,7 +689,7 @@ static int validate_datum(__attribute__ ((unused))hashtab_key_t k, hashtab_datum
> >
> > static int validate_datum_array_entries(sepol_handle_t *handle, policydb_t *p, validate_t flavors[])
> > {
> > - map_arg_t margs = { flavors, handle, p->mls };
> > + map_arg_t margs = { flavors, handle, p };
> >
> > if (hashtab_map(p->p_commons.table, validate_common_datum_wrapper, &margs))
> > goto bad;
> > --
> > 2.36.1
> >
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2] libsepol: fix validation of user declarations in non-base modules
2022-06-09 8:19 ` [PATCH v2] libsepol: fix validation of user declarations in non-base modules Christian Göttsche
@ 2022-06-15 18:18 ` James Carter
0 siblings, 0 replies; 7+ messages in thread
From: James Carter @ 2022-06-15 18:18 UTC (permalink / raw)
To: Christian Göttsche; +Cc: SElinux list, bauen1
On Thu, Jun 9, 2022 at 4:27 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> Users may be declared in non-base modules, which do not get expanded,
> leaving the `struct user_datum` members `exp_range` and `exp_dfltlevel`
> empty.
> Skip validation of the expanded range and level for non-base module
> polices.
>
> Reported-by: bauen1 <j2468h@gmail.com>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
> v2:
> - update commit description and fix typos
Sorry, I didn't see this patch before I applied the first one.
Jim
> ---
> libsepol/src/policydb_validate.c | 12 ++++++------
> 1 file changed, 6 insertions(+), 6 deletions(-)
>
> diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
> index da18282b..99d4eb7f 100644
> --- a/libsepol/src/policydb_validate.c
> +++ b/libsepol/src/policydb_validate.c
> @@ -18,7 +18,7 @@ typedef struct validate {
> typedef struct map_arg {
> validate_t *flavors;
> sepol_handle_t *handle;
> - int mls;
> + policydb_t *policy;
> } map_arg_t;
>
> static int create_gap_ebitmap(char **val_to_name, uint32_t nprim, ebitmap_t *gaps)
> @@ -571,7 +571,7 @@ static int validate_mls_range(mls_range_t *range, validate_t *sens, validate_t *
> return -1;
> }
>
> -static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[], int mls)
> +static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, validate_t flavors[], policydb_t *p)
> {
> if (validate_value(user->s.value, &flavors[SYM_USERS]))
> goto bad;
> @@ -581,9 +581,9 @@ static int validate_user_datum(sepol_handle_t *handle, user_datum_t *user, valid
> goto bad;
> if (validate_mls_semantic_level(&user->dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
> goto bad;
> - if (mls && validate_mls_range(&user->exp_range, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
> + if (p->mls && p->policy_type != POLICY_MOD && validate_mls_range(&user->exp_range, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
> goto bad;
> - if (mls && validate_mls_level(&user->exp_dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
> + if (p->mls && p->policy_type != POLICY_MOD && validate_mls_level(&user->exp_dfltlevel, &flavors[SYM_LEVELS], &flavors[SYM_CATS]))
> goto bad;
> if (user->bounds && validate_value(user->bounds, &flavors[SYM_USERS]))
> goto bad;
> @@ -599,7 +599,7 @@ static int validate_user_datum_wrapper(__attribute__((unused)) hashtab_key_t k,
> {
> map_arg_t *margs = args;
>
> - return validate_user_datum(margs->handle, d, margs->flavors, margs->mls);
> + return validate_user_datum(margs->handle, d, margs->flavors, margs->policy);
> }
>
> static int validate_bool_datum(sepol_handle_t *handle, cond_bool_datum_t *boolean, validate_t flavors[])
> @@ -689,7 +689,7 @@ static int validate_datum(__attribute__ ((unused))hashtab_key_t k, hashtab_datum
>
> static int validate_datum_array_entries(sepol_handle_t *handle, policydb_t *p, validate_t flavors[])
> {
> - map_arg_t margs = { flavors, handle, p->mls };
> + map_arg_t margs = { flavors, handle, p };
>
> if (hashtab_map(p->p_commons.table, validate_common_datum_wrapper, &margs))
> goto bad;
> --
> 2.36.1
>
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-06-15 18:18 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-06-07 15:01 [PATCH] libsepol: fix validation of user declarations in modules Christian Göttsche
2022-06-08 18:41 ` James Carter
2022-06-15 13:47 ` James Carter
2022-06-08 19:16 ` Nicolas Iooss
2022-06-09 8:27 ` Christian Göttsche
2022-06-09 8:19 ` [PATCH v2] libsepol: fix validation of user declarations in non-base modules Christian Göttsche
2022-06-15 18:18 ` James Carter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.