c59879b8aa
Rebase on upstream commit 32611aea6543
See
$ cd SELinuxProject/selinux
$ git log --pretty=oneline libsepol-3.2..32611aea6543 -- libsepol
164 lines
4.7 KiB
Diff
164 lines
4.7 KiB
Diff
From d155b410d4bbc90d28f361b966f0429598da8188 Mon Sep 17 00:00:00 2001
|
|
From: James Carter <jwcart2@gmail.com>
|
|
Date: Tue, 16 Mar 2021 10:26:28 -0400
|
|
Subject: [PATCH] libsepol/cil: Check for duplicate blocks, optionals, and
|
|
macros
|
|
|
|
In CIL, blocks, optionals, and macros share the same symbol table so
|
|
that the targets of "in" statements can be located. Because of this,
|
|
they cannot have the same name in the same namespace, but, because
|
|
they do not show up in the final policy, they can have the same name
|
|
as long as they are in different namespaces. Unfortunately, when
|
|
copying from one namespace to another, no check was being done to see
|
|
if there was a conflict.
|
|
|
|
When copying blocks, optionals, and macros, if a datum is found in
|
|
the destination namespace, then there is a conflict with a previously
|
|
declared block, optional, or macro, so exit with an error.
|
|
|
|
Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org>
|
|
Reported-by: Evgeny Vereshchagin <evvers@ya.ru>
|
|
Signed-off-by: James Carter <jwcart2@gmail.com>
|
|
---
|
|
libsepol/cil/src/cil_copy_ast.c | 89 +++++++++------------------------
|
|
1 file changed, 25 insertions(+), 64 deletions(-)
|
|
|
|
diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c
|
|
index c9aada9db348..ed96786115d3 100644
|
|
--- a/libsepol/cil/src/cil_copy_ast.c
|
|
+++ b/libsepol/cil/src/cil_copy_ast.c
|
|
@@ -100,16 +100,17 @@ int cil_copy_block(__attribute__((unused)) struct cil_db *db, void *data, void *
|
|
struct cil_block *orig = data;
|
|
char *key = orig->datum.name;
|
|
struct cil_symtab_datum *datum = NULL;
|
|
+ struct cil_block *new;
|
|
|
|
cil_symtab_get_datum(symtab, key, &datum);
|
|
- if (datum == NULL) {
|
|
- struct cil_block *new;
|
|
- cil_block_init(&new);
|
|
- *copy = new;
|
|
- } else {
|
|
- *copy = datum;;
|
|
+ if (datum != NULL) {
|
|
+ cil_tree_log(NODE(datum), CIL_ERR, "Re-declaration of %s %s", cil_node_to_string(NODE(datum)), key);
|
|
+ return SEPOL_ERR;
|
|
}
|
|
|
|
+ cil_block_init(&new);
|
|
+ *copy = new;
|
|
+
|
|
return SEPOL_OK;
|
|
}
|
|
|
|
@@ -1509,64 +1510,22 @@ int cil_copy_macro(__attribute__((unused)) struct cil_db *db, void *data, void *
|
|
struct cil_macro *orig = data;
|
|
char *key = orig->datum.name;
|
|
struct cil_symtab_datum *datum = NULL;
|
|
+ struct cil_macro *new;
|
|
|
|
cil_symtab_get_datum(symtab, key, &datum);
|
|
- if (datum == NULL) {
|
|
- struct cil_macro *new;
|
|
- cil_macro_init(&new);
|
|
- if (orig->params != NULL) {
|
|
- cil_copy_list(orig->params, &new->params);
|
|
- }
|
|
-
|
|
- *copy = new;
|
|
-
|
|
- } else {
|
|
- struct cil_list_item *curr_orig = NULL;
|
|
- struct cil_list_item *curr_new = NULL;
|
|
- struct cil_param *param_orig = NULL;
|
|
- struct cil_param *param_new = NULL;
|
|
-
|
|
- if (((struct cil_macro*)datum)->params != NULL) {
|
|
- curr_new = ((struct cil_macro*)datum)->params->head;
|
|
- }
|
|
-
|
|
- if (orig->params != NULL) {
|
|
- curr_orig = orig->params->head;
|
|
- }
|
|
-
|
|
- if (curr_orig != NULL && curr_new != NULL) {
|
|
- while (curr_orig != NULL) {
|
|
- if (curr_new == NULL) {
|
|
- goto exit;
|
|
- }
|
|
-
|
|
- param_orig = (struct cil_param*)curr_orig->data;
|
|
- param_new = (struct cil_param*)curr_new->data;
|
|
- if (param_orig->str != param_new->str) {
|
|
- goto exit;
|
|
- } else if (param_orig->flavor != param_new->flavor) {
|
|
- goto exit;
|
|
- }
|
|
-
|
|
- curr_orig = curr_orig->next;
|
|
- curr_new = curr_new->next;
|
|
- }
|
|
-
|
|
- if (curr_new != NULL) {
|
|
- goto exit;
|
|
- }
|
|
- } else if (!(curr_orig == NULL && curr_new == NULL)) {
|
|
- goto exit;
|
|
- }
|
|
+ if (datum != NULL) {
|
|
+ cil_tree_log(NODE(datum), CIL_ERR, "Re-declaration of %s %s", cil_node_to_string(NODE(datum)), key);
|
|
+ return SEPOL_ERR;
|
|
+ }
|
|
|
|
- *copy = datum;
|
|
+ cil_macro_init(&new);
|
|
+ if (orig->params != NULL) {
|
|
+ cil_copy_list(orig->params, &new->params);
|
|
}
|
|
|
|
- return SEPOL_OK;
|
|
+ *copy = new;
|
|
|
|
-exit:
|
|
- cil_log(CIL_INFO, "cil_copy_macro: macro cannot be redefined\n");
|
|
- return SEPOL_ERR;
|
|
+ return SEPOL_OK;
|
|
}
|
|
|
|
int cil_copy_optional(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
|
|
@@ -1574,16 +1533,17 @@ int cil_copy_optional(__attribute__((unused)) struct cil_db *db, void *data, voi
|
|
struct cil_optional *orig = data;
|
|
char *key = orig->datum.name;
|
|
struct cil_symtab_datum *datum = NULL;
|
|
+ struct cil_optional *new;
|
|
|
|
cil_symtab_get_datum(symtab, key, &datum);
|
|
- if (datum == NULL) {
|
|
- struct cil_optional *new;
|
|
- cil_optional_init(&new);
|
|
- *copy = new;
|
|
- } else {
|
|
- *copy = datum;
|
|
+ if (datum != NULL) {
|
|
+ cil_tree_log(NODE(datum), CIL_ERR, "Re-declaration of %s %s", cil_node_to_string(NODE(datum)), key);
|
|
+ return SEPOL_ERR;
|
|
}
|
|
|
|
+ cil_optional_init(&new);
|
|
+ *copy = new;
|
|
+
|
|
return SEPOL_OK;
|
|
}
|
|
|
|
@@ -2122,6 +2082,7 @@ int __cil_copy_node_helper(struct cil_tree_node *orig, __attribute__((unused)) u
|
|
args->dest = new;
|
|
}
|
|
} else {
|
|
+ cil_tree_log(orig, CIL_ERR, "Problem copying %s node", cil_node_to_string(orig));
|
|
goto exit;
|
|
}
|
|
|
|
--
|
|
2.32.0
|
|
|