[PATCH] fix checkpolicy segfaults when using role dominance statements

[PATCH] fix checkpolicy segfaults when using role dominance statements

[Darrel Goeddel]

[-- Attachment #1: Type: text/plain, Size: 166 bytes --]

This patch fixes two segfaults in the code path handling a
role dominance statement such as:

dominance { role big_r { role little_r; } }

Look correct?

-- 

Darrel

[-- Attachment #2: role_dominance.patch --]
[-- Type: text/x-patch, Size: 2267 bytes --]

Index: policy_parse.y
===================================================================
RCS file: /cvsroot/selinux/nsa/selinux-usr/checkpolicy/policy_parse.y,v
retrieving revision 1.37
diff -u -p -r1.37 policy_parse.y
--- policy_parse.y	22 Aug 2005 18:06:49 -0000	1.37
+++ policy_parse.y	15 Sep 2005 20:23:51 -0000
@@ -2478,7 +2478,6 @@ static int dominate_role_recheck(hashtab
 {
 	role_datum_t *rdp = (role_datum_t *) arg;
 	role_datum_t *rdatum = (role_datum_t *) datum;
-	ebitmap_t *types = NULL;
 	ebitmap_node_t *node;
 	int i;
 
@@ -2489,17 +2488,22 @@ static int dominate_role_recheck(hashtab
 	/* If a dominating role found */
 	if (ebitmap_get_bit(&(rdatum->dominates), rdp->value - 1))
 	{
-		if (type_set_expand(&rdp->types, types, policydbp, 1)) 
+		ebitmap_t types;
+		ebitmap_init(&types);
+		if (type_set_expand(&rdp->types, &types, policydbp, 1)) {
+			ebitmap_destroy(&types);
 			return -1;
+		}
 		/* raise types and dominates from dominated role */
 		ebitmap_for_each_bit(&rdp->dominates, node, i) {
 			if (ebitmap_node_get_bit(node, i))
 				ebitmap_set_bit(&rdatum->dominates, i, TRUE);
 		}
-		ebitmap_for_each_bit(types, node, i) {
+		ebitmap_for_each_bit(&types, node, i) {
 			if (ebitmap_node_get_bit(node, i))
 				ebitmap_set_bit(&rdatum->types.types, i, TRUE);
 		}		
+		ebitmap_destroy(&types);
 	}
 
 	/* go through all the roles */
@@ -2511,7 +2515,6 @@ static role_datum_t *
 {
 	role_datum_t *role;
 	char *role_id;
-	ebitmap_t *types = NULL;
 	ebitmap_node_t *node;
 	unsigned int i;
 	int ret;
@@ -2563,16 +2566,21 @@ static role_datum_t *
                 }
 	}
 	if (r) {
+		ebitmap_t types;
+		ebitmap_init(&types);
 		ebitmap_for_each_bit(&r->dominates, node, i) {
 			if (ebitmap_node_get_bit(node, i))
 				ebitmap_set_bit(&role->dominates, i, TRUE);
 		}
-		if (type_set_expand(&r->types, types, policydbp, 1)) 
+		if (type_set_expand(&r->types, &types, policydbp, 1)) {
+			ebitmap_destroy(&types);
 			return NULL;
-		ebitmap_for_each_bit(types, node, i) {
+		}
+		ebitmap_for_each_bit(&types, node, i) {
 			if (ebitmap_node_get_bit(node, i))
 				ebitmap_set_bit(&role->types.types, i, TRUE);
 		}
+		ebitmap_destroy(&types);
 		if (!r->value) {
 			/* free intermediate result */
 			type_set_destroy(&r->types);

Re: [PATCH] fix checkpolicy segfaults when using role dominance statements

[Stephen Smalley]

On Thu, 2005-09-15 at 16:52 -0500, Darrel Goeddel wrote:
> This patch fixes two segfaults in the code path handling a
> role dominance statement such as:
> 
> dominance { role big_r { role little_r; } }
> 
> Look correct?

Thanks, merged.  It would likely help if there was a real user of role
dominance in the example policy (and reference policy) so that this code
path is exercised on a regular basis.

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: [PATCH] fix checkpolicy segfaults when using role dominancestatements

[Karl MacMillan]

> -----Original Message-----
> From: owner-selinux@tycho.nsa.gov [mailto:owner-selinux@tycho.nsa.gov] On
> Behalf Of Stephen Smalley
> Sent: Friday, September 16, 2005 1:37 PM
> To: Darrel Goeddel
> Cc: Joshua Brindle; selinux@tycho.nsa.gov
> Subject: Re: [PATCH] fix checkpolicy segfaults when using role
> dominancestatements
> 
> On Thu, 2005-09-15 at 16:52 -0500, Darrel Goeddel wrote:
> > This patch fixes two segfaults in the code path handling a
> > role dominance statement such as:
> >
> > dominance { role big_r { role little_r; } }
> >
> > Look correct?
> 
> Thanks, merged.  It would likely help if there was a real user of role
> dominance in the example policy (and reference policy) so that this code
> path is exercised on a regular basis.
> 

We have discussed using role dominance in reference policy but so far have
not made a large effort in that direction. The idea was that you could
create a large number of fine grained roles - down to the level of a role
for an individual module - and then use dominance to create the higher level
roles. This would make it much simpler to create new roles without having to
add a large number of role statements throughout the policy. Any thoughts on
whether this would work (other than not working because of broken code that
is)?

Karl 

------
Karl MacMillan
Tresys Technology
http://www.tresys.com

> --
> Stephen Smalley
> National Security Agency
> 
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
> with
> the words "unsubscribe selinux" without quotes as the message.



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.