sync backport patches from upstream

backport-libsepol-Fix-buffer-overflow-when-using-sepol_av_to_.patch

@@ -0,0 +1,98 @@
+From c205b924e280c4ee161c79d2442c5026ec89597c Mon Sep 17 00:00:00 2001
+From: James Carter <jwcart2@gmail.com>
+Date: Fri, 8 Mar 2024 16:55:56 -0500
+Subject: [PATCH] libsepol: Fix buffer overflow when using
+sepol_av_to_string()
+
+The function sepol_av_to_string() normally returns a list of
+permissions with a space at the beginning, but it will return '\0'
+if there are no permissions. Unfortunately, functions in
+kernel_to_cil, kernel_to_conf, and module_to_cil assume there is a
+space at the beginning and skip the space by using "perms+1".
+
+In kernel_to_cil, kernel_to_conf, and module_to_cil, check for the
+permission string being '\0' and return an error if it is.
+
+Reported-by: oss-fuzz (issue 67276)
+Signed-off-by: James Carter <jwcart2@gmail.com>
+---
+ libsepol/src/kernel_to_cil.c  | 11 +++++++++++
+ libsepol/src/kernel_to_conf.c | 11 +++++++++++
+ libsepol/src/module_to_cil.c  | 12 ++++++++++++
+ 3 files changed, 34 insertions(+)
+
+diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
+index 69efc97..6d7d815 100644
+--- a/libsepol/src/kernel_to_cil.c
++++ b/libsepol/src/kernel_to_cil.c
+@@ -1754,6 +1760,11 @@ static char *avtab_node_to_str(struct policydb *pdb, avtab_key_t *key, avtab_dat
+ 			sepol_log_err("Failed to generate permission string");
+ 			goto exit;
+ 		}
++		if (*perms == '\0') {
++			sepol_log_err("No permisisons in permission string");
++			free(perms);
++			goto exit;
++		}
+ 		rule = create_str("(%s %s %s (%s (%s)))", 5,
+ 				  flavor, src, tgt, class, perms+1);
+ 	} else if (key->specified & AVTAB_XPERMS) {
+diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
+index a1bf05f..f484e2b 100644
+--- a/libsepol/src/kernel_to_conf.c
++++ b/libsepol/src/kernel_to_conf.c
+@@ -291,6 +291,12 @@ static int class_constraint_rules_to_strs(struct policydb *pdb, char *classkey,
+ 		}
+ 
+ 		perms = sepol_av_to_string(pdb, class->s.value, curr->permissions);
++		if (*perms == '\0') {
++			sepol_log_err("No permisisons in permission string");
++			free(perms);
++			rc = -1;
++			goto exit;
++		}
+ 		if (strchr(perms, ' ')) {
+ 			format_str = "%s %s { %s } %s;";
+ 		} else {
+@@ -1728,6 +1734,11 @@ static char *avtab_node_to_str(struct policydb *pdb, avtab_key_t *key, avtab_dat
+ 			sepol_log_err("Failed to generate permission string");
+ 			goto exit;
+ 		}
++		if (*perms == '\0') {
++			sepol_log_err("No permisisons in permission string");
++			free(perms);
++			goto exit;
++		}
+ 		rule = create_str("%s %s %s:%s { %s };", 5,
+ 				  flavor, src, tgt, class, perms+1);
+ 	} else if (key->specified & AVTAB_XPERMS) {
+diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
+index 410a41d..e5e632e 100644
+--- a/libsepol/src/module_to_cil.c
++++ b/libsepol/src/module_to_cil.c
+@@ -606,6 +606,12 @@ static int avrule_to_cil(int indent, struct policydb *pdb, uint32_t type, const
+ 				rc = -1;
+ 				goto exit;
+ 			}
++			if (*perms == '\0') {
++				log_err("No permissions in permission string");
++				free(perms);
++				rc = -1;
++				goto exit;
++			}
+ 			cil_println(indent, "(%s %s %s (%s (%s)))",
+ 					rule, src, tgt,
+ 					pdb->p_class_val_to_name[classperm->tclass - 1],
+@@ -1955,6 +1961,12 @@ static int constraints_to_cil(int indent, struct policydb *pdb, char *classkey,
+ 
+ 		if (is_constraint) {
+ 			perms = sepol_av_to_string(pdb, class->s.value, node->permissions);
++			if (*perms == '\0') {
++				log_err("No permissions in permission string");
++				free(perms);
++				rc = -1;
++				goto exit;
++			}
+ 			cil_println(indent, "(%sconstrain (%s (%s)) %s)", mls, classkey, perms + 1, expr);
+ 		} else {
+ 			cil_println(indent, "(%svalidatetrans %s %s)", mls, classkey, expr);

backport-libsepol-cil-Check-common-perms-when-verifiying-all.patch

@@ -0,0 +1,53 @@
+From c071aa2e635935216e8e504a5b398f58aed2838e Mon Sep 17 00:00:00 2001
+From: James Carter <jwcart2@gmail.com>
+Date: Mon, 1 Apr 2024 10:49:24 -0400
+Subject: [PATCH] libsepol/cil: Check common perms when verifiying "all"
+
+Commit e81c466 "Fix class permission verification in CIL", added a
+check for the use of "all" in a permission expression for a class
+that had no permissions. Unfortunately, that change did not take
+into account a class that had common permissions, so a class that
+has no permmissions of its own, but inherits permissions from a
+common, will fail the verification check.
+
+If the class inherits from a common, then add those permissions to
+the permmission list when verifying the permission expression.
+
+Example/
+(common co1 (cop1))
+(class cl1 ())
+(classcommon cl1 co1)
+(classorder (CLASS cl1))
+
+(classpermission cp1)
+(classpermissionset cp1 (cl1 (all)))
+
+(classmap cm1 (cmp1))
+(classmapping cm1 cmp1 (cl1 (all)))
+
+Previously, both the classpermissionset and the classmapping rules
+would fail verification, but now they pass as expected.
+
+Patch originally from Ben Cressey <bcressey@amazon.com>, I have
+expanded the explanation.
+
+Reported-by: Ben Cressey <bcressey@amazon.com>
+Signed-off-by: James Carter <jwcart2@gmail.com>
+---
+ libsepol/cil/src/cil_verify.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c
+index 0c6d50a18..4ef2cbab3 100644
+--- a/libsepol/cil/src/cil_verify.c
++++ b/libsepol/cil/src/cil_verify.c
+@@ -1842,6 +1842,9 @@ static int __cil_verify_perms(struct cil_class *class, struct cil_list *perms, s
+ 				int count2 = 0;
+ 				cil_list_init(&perm_list, CIL_MAP_PERM);
+ 				cil_symtab_map(&class->perms, __add_perm_to_list, perm_list);
++				if (class->common != NULL) {
++					cil_symtab_map(&class->common->perms, __add_perm_to_list, perm_list);
++				}
+ 				cil_list_for_each(j, perm_list) {
+ 					count2++;
+ 					struct cil_perm *perm = j->data;

backport-libsepol-cil-Fix-detected-RESOURCE_LEAK-CWE-772.patch

@@ -0,0 +1,29 @@
+From 1f173f8efab8e9931898d924057bd0ea8da759b7 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Tue, 30 Apr 2024 17:30:24 +0200
+Subject: [PATCH] libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)
+
+libsepol-3.6/cil/src/cil_binary.c:902: alloc_fn: Storage is returned from allocation function "cil_malloc".
+libsepol-3.6/cil/src/cil_binary.c:902: var_assign: Assigning: "mls_level" = storage returned from "cil_malloc(24UL)".
+libsepol-3.6/cil/src/cil_binary.c:903: noescape: Resource "mls_level" is not freed or pointed-to in "mls_level_init".
+libsepol-3.6/cil/src/cil_binary.c:905: noescape: Resource "mls_level" is not freed or pointed-to in "mls_level_cpy".
+libsepol-3.6/cil/src/cil_binary.c:919: leaked_storage: Variable "mls_level" going out of scope leaks the storage it points to.
+
+Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
+Acked-by: James Carter <jwcart2@gmail.com>
+---
+ libsepol/cil/src/cil_binary.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
+index 95bd18baa..c8144a5af 100644
+--- a/libsepol/cil/src/cil_binary.c
++++ b/libsepol/cil/src/cil_binary.c
+@@ -904,6 +904,7 @@ static int cil_sensalias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alia
+ 
+ 	rc = mls_level_cpy(mls_level, sepol_level->level);
+ 	if (rc != SEPOL_OK) {
++		free(mls_level);
+ 		goto exit;
+ 	}
+ 	sepol_alias->level = mls_level;

backport-libsepol-cil-ensure-transitivity-in-compare-functions.patch

@@ -0,0 +1,77 @@
+From 162a0884cccce80b76e35bc1094d5eaef84728e5 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Wed, 31 Jan 2024 13:56:11 +0100
+Subject: [PATCH] libsepol/cil: ensure transitivity in compare functions
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Ensure comparison functions used by qsort(3) fulfill transitivity, since
+otherwise the resulting array might not be sorted correctly or worse[1]
+in case of integer overflows.
+
+[1]: https://www.qualys.com/2024/01/30/qsort.txt
+
+Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
+Acked-by: James Carter <jwcart2@gmail.com>
+---
+ libsepol/cil/src/cil_post.c | 18 ++++++++++--------
+ 1 file changed, 10 insertions(+), 8 deletions(-)
+
+diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
+index 7f45299a3..ac99997f7 100644
+--- a/libsepol/cil/src/cil_post.c
++++ b/libsepol/cil/src/cil_post.c
+@@ -52,6 +52,8 @@
+ #define GEN_REQUIRE_ATTR "cil_gen_require" /* Also in libsepol/src/module_to_cil.c */
+ #define TYPEATTR_INFIX "_typeattr_"        /* Also in libsepol/src/module_to_cil.c */
+ 
++#define spaceship_cmp(a, b) (((a) > (b)) - ((a) < (b)))
++
+ struct fc_data {
+ 	unsigned int meta;
+ 	size_t stem_len;
+@@ -263,8 +265,8 @@ int cil_post_ibpkeycon_compare(const void *a, const void *b)
+ 	if (rc)
+ 		return rc;
+ 
+-	rc = (aibpkeycon->pkey_high - aibpkeycon->pkey_low)
+-		- (bibpkeycon->pkey_high - bibpkeycon->pkey_low);
++	rc = spaceship_cmp(aibpkeycon->pkey_high - aibpkeycon->pkey_low,
++		bibpkeycon->pkey_high - bibpkeycon->pkey_low);
+ 	if (rc == 0) {
+ 		if (aibpkeycon->pkey_low < bibpkeycon->pkey_low)
+ 			rc = -1;
+@@ -281,8 +283,8 @@ int cil_post_portcon_compare(const void *a, const void *b)
+ 	struct cil_portcon *aportcon = *(struct cil_portcon**)a;
+ 	struct cil_portcon *bportcon = *(struct cil_portcon**)b;
+ 
+-	rc = (aportcon->port_high - aportcon->port_low) 
+-		- (bportcon->port_high - bportcon->port_low);
++	rc = spaceship_cmp(aportcon->port_high - aportcon->port_low,
++		bportcon->port_high - bportcon->port_low);
+ 	if (rc == 0) {
+ 		if (aportcon->port_low < bportcon->port_low) {
+ 			rc = -1;
+@@ -394,8 +396,8 @@ static int cil_post_iomemcon_compare(const void *a, const void *b)
+ 	struct cil_iomemcon *aiomemcon = *(struct cil_iomemcon**)a;
+ 	struct cil_iomemcon *biomemcon = *(struct cil_iomemcon**)b;
+ 
+-	rc = (aiomemcon->iomem_high - aiomemcon->iomem_low) 
+-		- (biomemcon->iomem_high - biomemcon->iomem_low);
++	rc = spaceship_cmp(aiomemcon->iomem_high - aiomemcon->iomem_low,
++		biomemcon->iomem_high - biomemcon->iomem_low);
+ 	if (rc == 0) {
+ 		if (aiomemcon->iomem_low < biomemcon->iomem_low) {
+ 			rc = -1;
+@@ -413,8 +415,8 @@ static int cil_post_ioportcon_compare(const void *a, const void *b)
+ 	struct cil_ioportcon *aioportcon = *(struct cil_ioportcon**)a;
+ 	struct cil_ioportcon *bioportcon = *(struct cil_ioportcon**)b;
+ 
+-	rc = (aioportcon->ioport_high - aioportcon->ioport_low) 
+-		- (bioportcon->ioport_high - bioportcon->ioport_low);
++	rc = spaceship_cmp(aioportcon->ioport_high - aioportcon->ioport_low,
++		bioportcon->ioport_high - bioportcon->ioport_low);
+ 	if (rc == 0) {
+ 		if (aioportcon->ioport_low < bioportcon->ioport_low) {
+ 			rc = -1;

backport-libsepol-ensure-transitivity-in-compare-functions.patch

@@ -0,0 +1,47 @@
+From b52e27aeaa563ac998345a6a670493172411b166 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Wed, 31 Jan 2024 13:56:10 +0100
+Subject: [PATCH] libsepol: ensure transitivity in compare functions
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Ensure comparison functions used by qsort(3) fulfill transitivity, since
+otherwise the resulting array might not be sorted correctly or worse[1]
+in case of integer overflows.
+
+[1]: https://www.qualys.com/2024/01/30/qsort.txt
+
+Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
+Acked-by: James Carter <jwcart2@gmail.com>
+---
+ libsepol/src/kernel_to_common.c | 2 +-
+ libsepol/src/module_to_cil.c    | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c
+index 2422eed08..44f0be23a 100644
+--- a/libsepol/src/kernel_to_common.c
++++ b/libsepol/src/kernel_to_common.c
+@@ -503,7 +503,7 @@ static int ibendport_data_cmp(const void *a, const void *b)
+ 	if (rc)
+ 		return rc;
+ 
+-	return (*aa)->u.ibendport.port - (*bb)->u.ibendport.port;
++	return spaceship_cmp((*aa)->u.ibendport.port, (*bb)->u.ibendport.port);
+ }
+ 
+ static int pirq_data_cmp(const void *a, const void *b)
+diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
+index 0fce7cc7e..6699a46be 100644
+--- a/libsepol/src/module_to_cil.c
++++ b/libsepol/src/module_to_cil.c
+@@ -1681,7 +1681,7 @@ static int class_perm_cmp(const void *a, const void *b)
+ 	const struct class_perm_datum *aa = a;
+ 	const struct class_perm_datum *bb = b;
+ 
+-	return aa->val - bb->val;
++	return spaceship_cmp(aa->val, bb->val);
+ }
+ 
+ static int common_to_cil(char *key, void *data, void *UNUSED(arg))

backport-libsepol-fix-reallocarray-imports.patch

@@ -0,0 +1,45 @@
+From cc1bd5e8344db1016a207c42f8c2962f42c2ffad Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Thi=C3=A9baud=20Weksteen?= <tweek@google.com>
+Date: Thu, 3 Mar 2022 16:23:06 +1100
+Subject: [PATCH] libsepol: fix reallocarray imports
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+In f0a5f6e, calls to reallocarray were introduced. Ensure that the
+correct header (private.h) is included when necessary.
+
+Fixes: f0a5f6e ("libsepol: use reallocarray wrapper to avoid overflows")
+Signed-off-by: Thiébaud Weksteen <tweek@google.com>
+Acked-by: James Carter <jwcart2@gmail.com>
+Test: Built using Android CI (glibc 2.17)
+---
+ libsepol/src/kernel_to_common.c | 1 +
+ libsepol/src/util.c             | 2 ++
+ 2 files changed, 3 insertions(+)
+
+diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c
+index dc9e689e57..972499abc5 100644
+--- a/libsepol/src/kernel_to_common.c
++++ b/libsepol/src/kernel_to_common.c
+@@ -18,6 +18,7 @@
+ #include <sepol/policydb/hashtab.h>
+ #include <sepol/policydb/symtab.h>
+ 
++#include "private.h"
+ #include "kernel_to_common.h"
+ 
+ 
+diff --git a/libsepol/src/util.c b/libsepol/src/util.c
+index b7230564ba..1cd1308d16 100644
+--- a/libsepol/src/util.c
++++ b/libsepol/src/util.c
+@@ -28,6 +28,8 @@
+ #include <sepol/policydb/policydb.h>
+ #include <sepol/policydb/util.h>
+ 
++#include "private.h"
++
+ struct val_to_name {
+ 	unsigned int val;
+ 	char *name;

libsepol.spec

@@ -1,6 +1,6 @@
 Name:           libsepol
 Version:        3.3
-Release:        7
+Release:        8
 Summary:        SELinux binary policy manipulation library
 License:        LGPLv2+
 URL:            https://github.com/SELinuxProject/selinux/wiki/Releases
@@ -42,6 +42,12 @@ Patch0033:      backport-libsepol-validate-MLS-levels.patch
 Patch0034:      backport-libsepol-validate-ocontexts.patch
 Patch0035:      backport-libsepol-validate-the-identifier-for-initials-SID-is.patch
 Patch0036:      backport-libsepol-reorder-calloc-3-arguments.patch
+Patch0037:      backport-libsepol-fix-reallocarray-imports.patch
+Patch0038:      backport-libsepol-ensure-transitivity-in-compare-functions.patch
+Patch0039:      backport-libsepol-cil-ensure-transitivity-in-compare-functions.patch
+Patch0040:      backport-libsepol-Fix-buffer-overflow-when-using-sepol_av_to_.patch
+Patch0041:      backport-libsepol-cil-Check-common-perms-when-verifiying-all.patch
+Patch0042:      backport-libsepol-cil-Fix-detected-RESOURCE_LEAK-CWE-772.patch
 
 BuildRequires:  gcc flex
 
@@ -101,6 +107,9 @@ make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" install
 %{_mandir}/man3/*
 
 %changelog
+* Sat Oct 12 2024 yanglongkang <yanglongkang@h-partners.com> - 3.3-8
+- backport bugfix from upstream
+
 * Tue Mar 26 2024 gengqihu <gengqihu2@h-partners.com> - 3.3-7
 - backport bugfix from upstream