diff options
| author | John Johansen <john.johansen@canonical.com> | 2022-09-06 00:38:20 -0700 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2022-10-03 14:49:04 -0700 |
| commit | 3bf3d728a58d7dcf2bbf179e3263fb8651f6097b (patch) | |
| tree | df69e5bb641129014e487a9cf3ae607bb327d025 /security/apparmor | |
| parent | 3dfd16ab697ff23973b6fbb89808372bcd008dd1 (diff) | |
| download | linux-3bf3d728a58d7dcf2bbf179e3263fb8651f6097b.tar.bz2 | |
apparmor: verify loaded permission bits masks don't overlap
Add an additional verification that loaded permission sets don't
overlap in ways that are not intended. This will help ensure that
permission accumulation can't result in an invalid permission set.
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security/apparmor')
| -rw-r--r-- | security/apparmor/policy_unpack.c | 34 |
1 files changed, 30 insertions, 4 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index 312bd632a472..5a78aaa0eea4 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -1150,11 +1150,37 @@ static bool verify_dfa_xindex(struct aa_dfa *dfa, int table_size) return true; } -static bool verify_perm_indexes(struct aa_policydb *pdb) +static bool verify_perm(struct aa_perms *perm) +{ + /* TODO: allow option to just force the perms into a valid state */ + if (perm->allow & perm->deny) + return false; + if (perm->subtree & ~perm->allow) + return false; + if (perm->cond & (perm->allow | perm->deny)) + return false; + if (perm->kill & perm->allow) + return false; + if (perm->complain & (perm->allow | perm->deny)) + return false; + if (perm->prompt & (perm->allow | perm->deny)) + return false; + if (perm->complain & perm->prompt) + return false; + if (perm->hide & perm->allow) + return false; + + return true; +} + +static bool verify_perms(struct aa_policydb *pdb) { int i; for (i = 0; i < pdb->size; i++) { + if (!verify_perm(&pdb->perms[i])) + return false; + /* verify indexes into str table */ if (pdb->perms[i].xindex >= pdb->trans.size) return false; if (pdb->perms[i].tag >= pdb->trans.size) @@ -1187,17 +1213,17 @@ static int verify_profile(struct aa_profile *profile) return -EPROTO; } - if (!verify_perm_indexes(&profile->file)) { + if (!verify_perms(&profile->file)) { audit_iface(profile, NULL, NULL, "Unpack: Invalid perm index", NULL, -EPROTO); return -EPROTO; } - if (!verify_perm_indexes(&profile->policy)) { + if (!verify_perms(&profile->policy)) { audit_iface(profile, NULL, NULL, "Unpack: Invalid perm index", NULL, -EPROTO); return -EPROTO; } - if (!verify_perm_indexes(&profile->xmatch)) { + if (!verify_perms(&profile->xmatch)) { audit_iface(profile, NULL, NULL, "Unpack: Invalid perm index", NULL, -EPROTO); return -EPROTO; |