backport bugfix from upstream

(cherry picked from commit 43a82f031f3f216969ba3baa2053109752f7a311)
2023-02-15 14:15:41 +08:00 · 2023-02-15 14:15:41 +08:00 · f442c6877c
commit f442c6877c
parent 74d88c96ef
7 changed files with 348 additions and 1 deletions
--- a/backport-libsepol-add-missing-oom-checks.patch
+++ b/backport-libsepol-add-missing-oom-checks.patch
@ -0,0 +1,77 @@
+From 0233e4f6d59a96b759e32661a20be4bbadb374a4 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Thu, 31 Mar 2022 16:44:52 +0200
+Subject: [PATCH] libsepol: add missing oom checks
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Check return values of memory allocation functions and propagate their
+failure.
+
+Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
+Acked-by: James Carter <jwcart2@gmail.com>
+---
+ src/kernel_to_cil.c | 5 +++++
+ src/module_to_cil.c | 7 +++++++
+ src/policydb.c      | 3 ++-
+ 3 files changed, 14 insertions(+), 1 deletion(-)
+
+diff --git a/src/kernel_to_cil.c b/src/kernel_to_cil.c
+index d4dee8d..ef6161c 100644
+--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
+@@ -555,6 +555,11 @@ static int write_sids_to_cil(FILE *out, const char *const *sid_to_str,
+ 		} else {
+ 			snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
+ 			sid = strdup(unknown);
+			if (!sid) {
+				sepol_log_err("Out of memory");
+				rc = -1;
+				goto exit;
+			}
+ 		}
+ 		rc = strs_add_at_index(strs, sid, i);
+ 		if (rc != 0) {
+diff --git a/src/module_to_cil.c b/src/module_to_cil.c
+index 3e17018..5027fb7 100644
+--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
+@@ -391,6 +391,8 @@ static int typealias_list_create(struct policydb *pdb)
+ 	}
+ 
+ 	typealias_lists = calloc(max_decl_id + 1, sizeof(*typealias_lists));
+	if (!typealias_lists)
+		goto exit;
+ 	typealias_lists_len = max_decl_id + 1;
+ 
+ 	rc = hashtab_map(pdb->p_types.table, typealiases_gather_map, pdb);
+@@ -2551,6 +2553,11 @@ static int ocontext_isid_to_cil(struct policydb *pdb, const char *const *sid_to_
+ 			goto exit;
+ 		}
+ 		item->sid_key = strdup(sid);
+		if (!item->sid_key) {
+			log_err("Out of memory");
+			rc = -1;
+			goto exit;
+		}
+ 		item->next = head;
+ 		head = item;
+ 	}
+diff --git a/src/policydb.c b/src/policydb.c
+index 3992ea5..982bc23 100644
+--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
+@@ -1248,7 +1248,8 @@ int policydb_index_others(sepol_handle_t * handle,
+ 	if (!p->type_val_to_struct)
+ 		return -1;
+ 
+-	cond_init_bool_indexes(p);
+	if (cond_init_bool_indexes(p))
+		return -1;
+ 
+ 	for (i = SYM_ROLES; i < SYM_NUM; i++) {
+ 		free(p->sym_val_to_name[i]);
+-- 
+2.27.0
+
--- a/backport-libsepol-avoid-potential-NULL-dereference-on-optional-parameter.patch
+++ b/backport-libsepol-avoid-potential-NULL-dereference-on-optional-parameter.patch
@ -0,0 +1,32 @@
+From f505a73b06302ba5e84f8c56851121d4a410c1ea Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Fri, 10 Jun 2022 17:06:23 +0200
+Subject: [PATCH] libsepol: avoid potential NULL dereference on optional
+ parameter
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The parameter `reason` of `context_struct_compute_av()` is optional and
+can be passed in as NULL, like from `type_attribute_bounds_av()`.
+
+Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
+Acked-by: James Carter <jwcart2@gmail.com>
+---
+ libsepol/src/services.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libsepol/src/services.c b/libsepol/src/services.c
+index d7510e9da..24412d837 100644
+--- a/libsepol/src/services.c
+++ b/libsepol/src/services.c
+@@ -894,7 +894,8 @@ static void type_attribute_bounds_av(context_struct_t *scontext,
+ 	/* mask violated permissions */
+ 	avd->allowed &= ~masked;
+ 
+-	*reason |= SEPOL_COMPUTEAV_BOUNDS;
+	if (reason)
+		*reason |= SEPOL_COMPUTEAV_BOUNDS;
+ }
+ 
+ /*
--- a/backport-libsepol-check-correct-pointer-for-oom.patch
+++ b/backport-libsepol-check-correct-pointer-for-oom.patch
@ -0,0 +1,34 @@
+From 68a29c3aee60a6dd4e0d435fc10adb0f2cc1c0ef Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Fri, 8 Apr 2022 15:10:51 +0200
+Subject: [PATCH] libsepol: check correct pointer for oom
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Check the actual pointer which memory was assigned to, not its parent
+array pointer.
+
+    services.c:810:14: warning: Assigned value is garbage or undefined [core.uninitialized.Assign]
+                                            **r_buf = **new_buf;
+                                                    ^ ~~~~~~~~~
+
+Acked-by: James Carter <jwcart2@gmail.com>
+Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
+---
+ libsepol/src/services.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsepol/src/services.c b/libsepol/src/services.c
+index 47e564df4..d7510e9da 100644
+--- a/libsepol/src/services.c
+++ b/libsepol/src/services.c
+@@ -803,7 +803,7 @@ static int constraint_expr_eval_reason(context_struct_t *scontext,
+ 				if (len < 0 || len >= reason_buf_len - reason_buf_used) {
+ 					new_buf_len = reason_buf_len + REASON_BUF_SIZE;
+ 					*new_buf = realloc(*r_buf, new_buf_len);
+-					if (!new_buf) {
+					if (!*new_buf) {
+ 						ERR(NULL, "failed to realloc reason buffer");
+ 						goto out1;
+ 					}
--- a/backport-libsepol-do-not-modify-policy-during-write.patch
+++ b/backport-libsepol-do-not-modify-policy-during-write.patch
@ -0,0 +1,49 @@
+From 2651989d3b94dd15459fbef4384f114b24850665 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Thu, 30 Jun 2022 19:03:01 +0200
+Subject: [PATCH] libsepol: do not modify policy during write
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Do not modify the in memory default_range value of a class datum while
+writing a policy.
+
+While on it fix indentation.
+
+Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
+Acked-by: James Carter <jwcart2@gmail.com>
+---
+ libsepol/src/write.c | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/libsepol/src/write.c b/libsepol/src/write.c
+index 48ed21ea6..a9fdf93a8 100644
+--- a/libsepol/src/write.c
+++ b/libsepol/src/write.c
+@@ -1097,16 +1097,18 @@ static int class_write(hashtab_key_t key, hashtab_datum_t datum, void *ptr)
+ 	     p->policyvers >= POLICYDB_VERSION_NEW_OBJECT_DEFAULTS) ||
+ 	    (p->policy_type == POLICY_BASE &&
+ 	     p->policyvers >= MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS)) {
+		char default_range = cladatum->default_range;
+
+ 		buf[0] = cpu_to_le32(cladatum->default_user);
+ 		buf[1] = cpu_to_le32(cladatum->default_role);
+-		if (!glblub_version && cladatum->default_range == DEFAULT_GLBLUB) {
+		if (!glblub_version && default_range == DEFAULT_GLBLUB) {
+ 			WARN(fp->handle,
+-                             "class %s default_range set to GLBLUB but policy version is %d (%d required), discarding",
+-                             p->p_class_val_to_name[cladatum->s.value - 1], p->policyvers,
+-                             p->policy_type == POLICY_KERN? POLICYDB_VERSION_GLBLUB:MOD_POLICYDB_VERSION_GLBLUB);
+-                        cladatum->default_range = 0;
+-                }
+-		buf[2] = cpu_to_le32(cladatum->default_range);
+			     "class %s default_range set to GLBLUB but policy version is %d (%d required), discarding",
+			     p->p_class_val_to_name[cladatum->s.value - 1], p->policyvers,
+			     p->policy_type == POLICY_KERN? POLICYDB_VERSION_GLBLUB:MOD_POLICYDB_VERSION_GLBLUB);
+			default_range = 0;
+		}
+		buf[2] = cpu_to_le32(default_range);
+ 		items = put_entry(buf, sizeof(uint32_t), 3, fp);
+ 		if (items != 3)
+ 			return POLICYDB_ERROR;
--- a/backport-libsepol-enclose-macro-parameters-and-replacement-lists-in-parentheses.patch
+++ b/backport-libsepol-enclose-macro-parameters-and-replacement-lists-in-parentheses.patch
@ -0,0 +1,113 @@
+From 65b3f695be306ad8f525d4db2befd55336bd0a09 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Wed, 13 Jul 2022 15:43:43 +0200
+Subject: [PATCH] libsepol: enclose macro parameters and replacement lists in
+ parentheses
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
+Acked-by: James Carter <jwcart2@gmail.com>
+---
+ libsepol/include/sepol/errcodes.h          | 13 ++++++-------
+ libsepol/include/sepol/policydb/policydb.h | 10 +++++-----
+ libsepol/src/kernel_to_cil.c               |  2 +-
+ libsepol/src/module_to_cil.c               |  2 +-
+ libsepol/src/util.c                        |  2 +-
+ 5 files changed, 14 insertions(+), 15 deletions(-)
+
+diff --git a/libsepol/include/sepol/errcodes.h b/libsepol/include/sepol/errcodes.h
+index 6e9ff3161..e5fe71e36 100644
+--- a/libsepol/include/sepol/errcodes.h
+++ b/libsepol/include/sepol/errcodes.h
+@@ -16,15 +16,14 @@ extern "C" {
+  * codes that don't map to system error codes should be defined
+  * outside of the range of system error codes.
+  */
+-#define SEPOL_ERR            -1
+-#define SEPOL_ENOTSUP        -2  /* feature not supported in module language */
+-#define SEPOL_EREQ           -3  /* requirements not met */
+#define SEPOL_ERR            (-1)
+#define SEPOL_ENOTSUP        (-2)  /* feature not supported in module language */
+#define SEPOL_EREQ           (-3)  /* requirements not met */
+ 
+ /* Error codes that map to system error codes */
+-#define SEPOL_ENOMEM         -ENOMEM
+-#define SEPOL_ERANGE         -ERANGE
+-#define SEPOL_EEXIST         -EEXIST
+-#define SEPOL_ENOENT         -ENOENT
+#define SEPOL_ENOMEM         (-ENOMEM)
+#define SEPOL_EEXIST         (-EEXIST)
+#define SEPOL_ENOENT         (-ENOENT)
+ 
+ #ifdef __cplusplus
+ }
+diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h
+index de0068a6c..ef1a014a5 100644
+--- a/libsepol/include/sepol/policydb/policydb.h
+++ b/libsepol/include/sepol/policydb/policydb.h
+@@ -251,9 +251,9 @@ typedef struct class_perm_node {
+ 	struct class_perm_node *next;
+ } class_perm_node_t;
+ 
+-#define xperm_test(x, p) (1 & (p[x >> 5] >> (x & 0x1f)))
+-#define xperm_set(x, p) (p[x >> 5] |= (1 << (x & 0x1f)))
+-#define xperm_clear(x, p) (p[x >> 5] &= ~(1 << (x & 0x1f)))
+#define xperm_test(x, p) (1 & ((p)[(x) >> 5] >> ((x) & 0x1f)))
+#define xperm_set(x, p) ((p)[(x) >> 5] |= (1 << ((x) & 0x1f)))
+#define xperm_clear(x, p) ((p)[(x) >> 5] &= ~(1 << ((x) & 0x1f)))
+ #define EXTENDED_PERMS_LEN 8
+ 
+ typedef struct av_extended_perms {
+@@ -795,9 +795,9 @@ extern int policydb_set_target_platform(policydb_t *p, int platform);
+ 
+ #define policydb_has_boundary_feature(p)			\
+ 	(((p)->policy_type == POLICY_KERN			\
+-	  && p->policyvers >= POLICYDB_VERSION_BOUNDARY) ||	\
+	  && (p)->policyvers >= POLICYDB_VERSION_BOUNDARY) ||	\
+ 	 ((p)->policy_type != POLICY_KERN			\
+-	  && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY))
+	  && (p)->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY))
+ 
+ /* the config flags related to unknown classes/perms are bits 2 and 3 */
+ #define DENY_UNKNOWN	SEPOL_DENY_UNKNOWN
+diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
+index 9128ac553..5a1336a33 100644
+--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
+@@ -1626,7 +1626,7 @@ static int write_type_permissive_rules_to_cil(FILE *out, struct policydb *pdb)
+ 	return rc;
+ }
+ 
+-#define next_bit_in_range(i, p) ((i + 1 < sizeof(p)*8) && xperm_test((i + 1), p))
+#define next_bit_in_range(i, p) (((i) + 1 < sizeof(p)*8) && xperm_test(((i) + 1), p))
+ 
+ static char *xperms_to_str(avtab_extended_perms_t *xperms)
+ {
+diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
+index b35bf055f..b900290a7 100644
+--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
+@@ -624,7 +624,7 @@ static int avrule_to_cil(int indent, struct policydb *pdb, uint32_t type, const
+ 	return rc;
+ }
+ 
+-#define next_bit_in_range(i, p) ((i + 1 < sizeof(p)*8) && xperm_test((i + 1), p))
+#define next_bit_in_range(i, p) (((i) + 1 < sizeof(p)*8) && xperm_test(((i) + 1), p))
+ 
+ static int xperms_to_cil(const av_extended_perms_t *xperms)
+ {
+diff --git a/libsepol/src/util.c b/libsepol/src/util.c
+index 1cd1308d1..0a2edc852 100644
+--- a/libsepol/src/util.c
+++ b/libsepol/src/util.c
+@@ -124,7 +124,7 @@ char *sepol_av_to_string(policydb_t * policydbp, uint32_t tclass,
+ 	return avbuf;
+ }
+ 
+-#define next_bit_in_range(i, p) ((i + 1 < sizeof(p)*8) && xperm_test((i + 1), p))
+#define next_bit_in_range(i, p) (((i) + 1 < sizeof(p)*8) && xperm_test(((i) + 1), p))
+ 
+ char *sepol_extended_perms_to_string(avtab_extended_perms_t *xperms)
+ {
--- a/backport-libsepol-fix-missing-double-quotes-in-typetransition-CIL-rule.patch
+++ b/backport-libsepol-fix-missing-double-quotes-in-typetransition-CIL-rule.patch
@ -0,0 +1,33 @@
+From eca72d8e47ac8b962f87c46aa77fb893aa0df0f8 Mon Sep 17 00:00:00 2001
+From: Juraj Marcin <juraj@jurajmarcin.com>
+Date: Thu, 25 Aug 2022 15:27:18 +0200
+Subject: [PATCH] libsepol: fix missing double quotes in typetransition CIL
+ rule
+
+CIL Reference Guide defines typetransition rule with double quotes
+around object name, but those are not present in the format string.
+
+This patch fixes this issue, so the CIL output produced by
+sepol_kernel_policydb_to_cil() is in the correct format.
+
+Signed-off-by: Juraj Marcin <juraj@jurajmarcin.com>
+---
+ libsepol/src/kernel_to_cil.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
+index 5a1336a330..ad4121d50a 100644
+--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
+@@ -1854,7 +1854,7 @@ static int map_filename_trans_to_str(hashtab_key_t key, void *data, void *arg)
+ 	filename = ft->name;
+ 	new =  pdb->p_type_val_to_name[datum->otype - 1];
+ 
+-	return strs_create_and_add(strs, "(typetransition %s %s %s %s %s)", 5,
+	return strs_create_and_add(strs, "(typetransition %s %s %s \"%s\" %s)", 5,
+ 				   src, tgt, class, filename, new);
+ }
+ 
+-- 
+2.27.0
+
--- a/libsepol.spec
+++ b/libsepol.spec
@ -1,6 +1,6 @@
 Name:           libsepol
 Version:        3.1
-Release:        9
+Release:        10
 Summary:        SELinux binary policy manipulation library
 License:        LGPLv2+
 URL:            https://github.com/SELinuxProject/selinux/wiki/Releases
@ -54,6 +54,12 @@ Patch44:        backport-libsepol-cil-Reorder-checks-for-invalid-rules-when-b.pa
 Patch45:        backport-libsepol-cil-Cleanup-build-AST-helper-functions.patch
 Patch46:        backport-libsepol-cil-Create-new-first-child-helper-function-.patch
 Patch47:        backport-CVE-2021-36087.patch
+Patch48:        backport-libsepol-avoid-potential-NULL-dereference-on-optional-parameter.patch
+Patch49:        backport-libsepol-check-correct-pointer-for-oom.patch
+Patch50:        backport-libsepol-do-not-modify-policy-during-write.patch
+Patch51:        backport-libsepol-enclose-macro-parameters-and-replacement-lists-in-parentheses.patch
+Patch52:        backport-libsepol-fix-missing-double-quotes-in-typetransition-CIL-rule.patch
+Patch53:        backport-libsepol-add-missing-oom-checks.patch

 BuildRequires:  gcc flex

@ -113,6 +119,9 @@ make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" install
 %{_mandir}/man3/*

 %changelog
+* Wed Feb 15 2023 jinlun <jinlun@huawei.com> - 3.1-10
+- backport bugfix from upstream
+
 * Thu Dec 15 2022 jinlun <jinlun@huawei.com> - 3.1-9
 - fix CVE-2021-36084 CVE-2021-36085 CVE-2021-36087