Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
libsepol: validate class permissions
Validate the symbol tables for permissions of security classes and common classes: * check their value is valid * check their values are unique * check permission values of classes do not reuse values from inherited permissions This simplifies validating permissions of access vectors a lot, since it is now only a binary and against the valid permission mask of the class. Use UINT32_MAX instead of 0 as the special value for validating constraints signaling a validate-trans rule, since classes with no permissions are permitted, but they must not have a normal constraint attached. Reported-by: oss-fuzz (issue 67893) Improves: 8c64e5b ("libsepol: validate access vector permissions") Signed-off-by: Christian Göttsche <[email protected]> Acked-by: James Carter <[email protected]>
- Loading branch information
Showing
1 changed file
with
68 additions
and
36 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters