SELinux: add more validity checks on policy load

Add more validity checks at policy load time to reject malformed policies and prevent subsequent out-of-range indexing when in permissive mode. Resolves the NULL pointer dereference reported in https://bugzilla.redhat.com/show_bug.cgi?id=357541. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
author: Stephen Smalley <sds@tycho.nsa.gov> 2007-11-07 10:08:00 -0500
committer: James Morris <jmorris@namei.org> 2007-11-07 16:56:23 -0500
commit: 45e5421eb5bbcd9efa037d682dd357284e3ef982 (patch)
tree: ceb24143024fe335d08ac30fb4da9ca25fbeb6e6 /security/selinux/ss/policydb.h
parent: 6d2b685564ba417f4c6d80c3661f0dfee13fff85 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index 844d310f4f1b..ed6fc687c66f 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -251,6 +251,9 @@ struct policydb {
 extern void policydb_destroy(struct policydb *p);
 extern int policydb_load_isids(struct policydb *p, struct sidtab *s);
 extern int policydb_context_isvalid(struct policydb *p, struct context *c);
+extern int policydb_class_isvalid(struct policydb *p, unsigned int class);
+extern int policydb_type_isvalid(struct policydb *p, unsigned int type);
+extern int policydb_role_isvalid(struct policydb *p, unsigned int role);
 extern int policydb_read(struct policydb *p, void *fp);
 #define PERM_SYMTAB_SIZE 32
author	Stephen Smalley <sds@tycho.nsa.gov>	2007-11-07 10:08:00 -0500
committer	James Morris <jmorris@namei.org>	2007-11-07 16:56:23 -0500
commit	45e5421eb5bbcd9efa037d682dd357284e3ef982 (patch)
tree	ceb24143024fe335d08ac30fb4da9ca25fbeb6e6 /security/selinux/ss/policydb.h
parent	6d2b685564ba417f4c6d80c3661f0dfee13fff85 (diff)