libsepol: reject self flag in type rules in old policies

The flag RULE_SELF in type rules is only supported in modular policies since version 21 (MOD_POLICYDB_VERSION_SELF_TYPETRANS). Reported-by: oss-fuzz (issue 68731) Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com>
2024-05-06 19:31:07 +02:00 · 2024-05-06 19:31:07 +02:00 · 1c91bc84e6
parent 6a223cb1c2
commit 1c91bc84e6
1 changed files with 13 additions and 1 deletions
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@ -1077,6 +1077,10 @@ static int validate_avrules(sepol_handle_t *handle, const avrule_t *avrule, int
 		switch(avrule->flags) {
 		case 0:
 		case RULE_SELF:
+			if (p->policyvers != POLICY_KERN &&
+			    p->policyvers < MOD_POLICYDB_VERSION_SELF_TYPETRANS &&
+			    (avrule->specified & AVRULE_TYPE))
+				goto bad;
 			break;
 		case RULE_NOTSELF:
 			switch(avrule->specified) {
@ -1503,8 +1507,16 @@ static int validate_filename_trans_rules(sepol_handle_t *handle, const filename_
 			goto bad;

 		/* currently only the RULE_SELF flag can be set */
-		if ((filename_trans->flags & ~RULE_SELF) != 0)
+		switch (filename_trans->flags) {
+		case 0:
+			break;
+		case RULE_SELF:
+			if (p->policyvers != POLICY_KERN && p->policyvers < MOD_POLICYDB_VERSION_SELF_TYPETRANS)
 				goto bad;
+			break;
+		default:
+			goto bad;
+		}
 	}

 	return 0;