selinux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] libsepol/cil: Check if name is a macro parameter first
@ 2020-03-04 21:28 James Carter
  2020-03-09 12:03 ` Ondrej Mosnacek
  0 siblings, 1 reply; 3+ messages in thread
From: James Carter @ 2020-03-04 21:28 UTC (permalink / raw)
  To: selinux; +Cc: jwcart2, James Carter

Type transition file names are stored in a symbol table. Before the
name is added, the symbol table is searched to see if the name had
already been inserted. If it has, then the already existing datum is
returned. If it has not, then the name is added if either the
typetransition rule does not occur in a macro or the name is not one
of the macro parameters.

Checking for a previous insertion before checking if the name is a
macro parameter can cause a macro parameter to be treated as the
actual name if a previous type transition file name is the same as
the parameter.

Now check the name to see if it a macro paramter before checking for
its existence in the symbol table.

Signed-off-by: James Carter <jwcart2@gmail.com>
---
 libsepol/cil/src/cil_resolve_ast.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
index 87575860..daf873be 100644
--- a/libsepol/cil/src/cil_resolve_ast.c
+++ b/libsepol/cil/src/cil_resolve_ast.c
@@ -76,14 +76,6 @@ static struct cil_name * __cil_insert_name(struct cil_db *db, hashtab_key_t key,
 	enum cil_sym_index sym_index;
 	struct cil_symtab_datum *datum = NULL;
 
-	cil_flavor_to_symtab_index(CIL_NAME, &sym_index);
-	symtab = &((struct cil_root *)db->ast->root->data)->symtab[sym_index];
-
-	cil_symtab_get_datum(symtab, key, &datum);
-	if (datum != NULL) {
-		return (struct cil_name *)datum;
-	}
-
 	if (parent->flavor == CIL_CALL) {
 		struct cil_call *call = parent->data;
 		macro = call->macro;	
@@ -99,6 +91,14 @@ static struct cil_name * __cil_insert_name(struct cil_db *db, hashtab_key_t key,
 		}
 	}
 
+	cil_flavor_to_symtab_index(CIL_NAME, &sym_index);
+	symtab = &((struct cil_root *)db->ast->root->data)->symtab[sym_index];
+
+	cil_symtab_get_datum(symtab, key, &datum);
+	if (datum != NULL) {
+		return (struct cil_name *)datum;
+	}
+
 	cil_name_init(&name);
 	cil_symtab_insert(symtab, key, (struct cil_symtab_datum *)name, ast_node);
 	cil_list_append(db->names, CIL_NAME, name);
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] libsepol/cil: Check if name is a macro parameter first
  2020-03-04 21:28 [PATCH] libsepol/cil: Check if name is a macro parameter first James Carter
@ 2020-03-09 12:03 ` Ondrej Mosnacek
  2020-03-11 11:43   ` Ondrej Mosnacek
  0 siblings, 1 reply; 3+ messages in thread
From: Ondrej Mosnacek @ 2020-03-09 12:03 UTC (permalink / raw)
  To: James Carter; +Cc: SElinux list, James Carter

On Wed, Mar 4, 2020 at 10:28 PM James Carter <jwcart2@gmail.com> wrote:
> Type transition file names are stored in a symbol table. Before the
> name is added, the symbol table is searched to see if the name had
> already been inserted. If it has, then the already existing datum is
> returned. If it has not, then the name is added if either the
> typetransition rule does not occur in a macro or the name is not one
> of the macro parameters.
>
> Checking for a previous insertion before checking if the name is a
> macro parameter can cause a macro parameter to be treated as the
> actual name if a previous type transition file name is the same as
> the parameter.
>
> Now check the name to see if it a macro paramter before checking for
> its existence in the symbol table.
>
> Signed-off-by: James Carter <jwcart2@gmail.com>
> ---
>  libsepol/cil/src/cil_resolve_ast.c | 16 ++++++++--------
>  1 file changed, 8 insertions(+), 8 deletions(-)
>
> diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
> index 87575860..daf873be 100644
> --- a/libsepol/cil/src/cil_resolve_ast.c
> +++ b/libsepol/cil/src/cil_resolve_ast.c
> @@ -76,14 +76,6 @@ static struct cil_name * __cil_insert_name(struct cil_db *db, hashtab_key_t key,
>         enum cil_sym_index sym_index;
>         struct cil_symtab_datum *datum = NULL;
>
> -       cil_flavor_to_symtab_index(CIL_NAME, &sym_index);
> -       symtab = &((struct cil_root *)db->ast->root->data)->symtab[sym_index];
> -
> -       cil_symtab_get_datum(symtab, key, &datum);
> -       if (datum != NULL) {
> -               return (struct cil_name *)datum;
> -       }
> -
>         if (parent->flavor == CIL_CALL) {
>                 struct cil_call *call = parent->data;
>                 macro = call->macro;
> @@ -99,6 +91,14 @@ static struct cil_name * __cil_insert_name(struct cil_db *db, hashtab_key_t key,
>                 }
>         }
>
> +       cil_flavor_to_symtab_index(CIL_NAME, &sym_index);
> +       symtab = &((struct cil_root *)db->ast->root->data)->symtab[sym_index];
> +
> +       cil_symtab_get_datum(symtab, key, &datum);
> +       if (datum != NULL) {
> +               return (struct cil_name *)datum;
> +       }
> +
>         cil_name_init(&name);
>         cil_symtab_insert(symtab, key, (struct cil_symtab_datum *)name, ast_node);
>         cil_list_append(db->names, CIL_NAME, name);
> --
> 2.17.1
>

Acked-by: Ondrej Mosnacek <omosnace@redhat.com>

-- 
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] libsepol/cil: Check if name is a macro parameter first
  2020-03-09 12:03 ` Ondrej Mosnacek
@ 2020-03-11 11:43   ` Ondrej Mosnacek
  0 siblings, 0 replies; 3+ messages in thread
From: Ondrej Mosnacek @ 2020-03-11 11:43 UTC (permalink / raw)
  To: James Carter; +Cc: SElinux list, James Carter

On Mon, Mar 9, 2020 at 1:03 PM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> On Wed, Mar 4, 2020 at 10:28 PM James Carter <jwcart2@gmail.com> wrote:
> > Type transition file names are stored in a symbol table. Before the
> > name is added, the symbol table is searched to see if the name had
> > already been inserted. If it has, then the already existing datum is
> > returned. If it has not, then the name is added if either the
> > typetransition rule does not occur in a macro or the name is not one
> > of the macro parameters.
> >
> > Checking for a previous insertion before checking if the name is a
> > macro parameter can cause a macro parameter to be treated as the
> > actual name if a previous type transition file name is the same as
> > the parameter.
> >
> > Now check the name to see if it a macro paramter before checking for
> > its existence in the symbol table.
> >
> > Signed-off-by: James Carter <jwcart2@gmail.com>
> > ---
> >  libsepol/cil/src/cil_resolve_ast.c | 16 ++++++++--------
> >  1 file changed, 8 insertions(+), 8 deletions(-)
> >
> > diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
> > index 87575860..daf873be 100644
> > --- a/libsepol/cil/src/cil_resolve_ast.c
> > +++ b/libsepol/cil/src/cil_resolve_ast.c
> > @@ -76,14 +76,6 @@ static struct cil_name * __cil_insert_name(struct cil_db *db, hashtab_key_t key,
> >         enum cil_sym_index sym_index;
> >         struct cil_symtab_datum *datum = NULL;
> >
> > -       cil_flavor_to_symtab_index(CIL_NAME, &sym_index);
> > -       symtab = &((struct cil_root *)db->ast->root->data)->symtab[sym_index];
> > -
> > -       cil_symtab_get_datum(symtab, key, &datum);
> > -       if (datum != NULL) {
> > -               return (struct cil_name *)datum;
> > -       }
> > -
> >         if (parent->flavor == CIL_CALL) {
> >                 struct cil_call *call = parent->data;
> >                 macro = call->macro;
> > @@ -99,6 +91,14 @@ static struct cil_name * __cil_insert_name(struct cil_db *db, hashtab_key_t key,
> >                 }
> >         }
> >
> > +       cil_flavor_to_symtab_index(CIL_NAME, &sym_index);
> > +       symtab = &((struct cil_root *)db->ast->root->data)->symtab[sym_index];
> > +
> > +       cil_symtab_get_datum(symtab, key, &datum);
> > +       if (datum != NULL) {
> > +               return (struct cil_name *)datum;
> > +       }
> > +
> >         cil_name_init(&name);
> >         cil_symtab_insert(symtab, key, (struct cil_symtab_datum *)name, ast_node);
> >         cil_list_append(db->names, CIL_NAME, name);
> > --
> > 2.17.1
> >
>
> Acked-by: Ondrej Mosnacek <omosnace@redhat.com>

Applied, thanks.

-- 
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-03-11 11:43 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-04 21:28 [PATCH] libsepol/cil: Check if name is a macro parameter first James Carter
2020-03-09 12:03 ` Ondrej Mosnacek
2020-03-11 11:43   ` Ondrej Mosnacek

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).