topjohnwu/selinux
1
0
Fork 0
mirror of https://github.com/topjohnwu/selinux.git synced 2025-03-01 16:05:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

libsepol: validate genfs contexts

Browse Source 
Check the literal contexts in a genfs statement are defined.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
This commit is contained in:
Christian Göttsche 2021-12-09 17:49:23 +01:00 committed by James Carter
parent 8628133757
commit 88e280a1d9
1 changed files with 22 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
libsepol/src/policydb_validate.c
View File

@ -779,6 +779,25 @@ bad:
return -1;
}
static int validate_genfs(sepol_handle_t *handle, policydb_t *p, validate_t flavors[])
{
genfs_t *genfs;
ocontext_t *octx;
for (genfs = p->genfs; genfs; genfs = genfs->next) {
for (octx = genfs->head; octx; octx = octx->next) {
if (validate_context(&octx->context[0], flavors, p->mls))
goto bad;
}
}
return 0;
bad:
ERR(handle, "Invalid genfs");
return -1;
}
/*
* Functions to validate a module policydb
*/
@ -982,6 +1001,9 @@ int validate_policydb(sepol_handle_t *handle, policydb_t *p)
if (validate_ocontexts(handle, p, flavors))
goto bad;
if (validate_genfs(handle, p, flavors))
goto bad;
if (validate_scopes(handle, p->scope, p->global))
goto bad;