Skip to main content

selinux/policy/
error.rs

1// Copyright 2023 The Fuchsia Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5use super::arrays::FsUseType;
6use super::extensible_bitmap::{MAP_NODE_BITS, MAX_BITMAP_ITEMS};
7use super::metadata::{
8    CONFIG_HANDLE_UNKNOWN_MASK, CONFIG_MLS_FLAG, POLICYDB_SIGNATURE, POLICYDB_STRING_MAX_LENGTH,
9    POLICYDB_VERSION_MAX, POLICYDB_VERSION_MIN, SELINUX_MAGIC,
10};
11use crate::new_policy::{ClassDefault, ClassDefaultRange};
12
13use bstr::BString;
14use thiserror::Error;
15
16/// Structured errors that may be encountered parsing a binary policy.
17#[derive(Clone, Debug, Error, PartialEq)]
18pub enum ParseError {
19    #[error("expected MLS-enabled flag ({CONFIG_MLS_FLAG:#032b}), but found {found_config:#032b}")]
20    ConfigMissingMlsFlag { found_config: u32 },
21    #[error(
22        "expected handle-unknown config at most 1 bit set (mask {CONFIG_HANDLE_UNKNOWN_MASK:#032b}), but found {masked_bits:#032b}"
23    )]
24    InvalidHandleUnknownConfigurationBits { masked_bits: u32 },
25    #[error("expected end of policy, but found {num_bytes} additional bytes")]
26    TrailingBytes { num_bytes: usize },
27    #[error("expected data item of type {type_name} ({type_size} bytes), but found {num_bytes}")]
28    MissingData { type_name: &'static str, type_size: usize, num_bytes: usize },
29    #[error("required parsing routine not implemented")]
30    NotImplemented,
31    #[error(
32        "policy is of {observed} bytes, but this implementation only supports policies of up to {limit} bytes"
33    )]
34    UnsupportedlyLarge { observed: usize, limit: usize },
35    #[error("invalid ID value: {value}")]
36    InvalidId { value: u32 },
37}
38
39/// Structured errors that may be encountered validating a binary policy.
40#[derive(Debug, Error, PartialEq)]
41pub enum ValidateError {
42    #[error("expected selinux magic value {SELINUX_MAGIC:#x}, but found {found_magic:#x}")]
43    InvalidMagic { found_magic: u32 },
44    #[error(
45        "expected signature length in range [0, {POLICYDB_STRING_MAX_LENGTH}], but found {found_length}"
46    )]
47    InvalidSignatureLength { found_length: u32 },
48    #[error("expected signature {POLICYDB_SIGNATURE:?}, but found {:?}", bstr::BStr::new(found_signature.as_slice()))]
49    InvalidSignature { found_signature: Vec<u8> },
50    #[error(
51        "expected policy version in range [{POLICYDB_VERSION_MIN}, {POLICYDB_VERSION_MAX}], but found {found_policy_version}"
52    )]
53    InvalidPolicyVersion { found_policy_version: u32 },
54    #[error("expected extensible bitmap items to have at least one bit set")]
55    InvalidExtensibleBitmapItem,
56    #[error(
57        "expected extensible bitmap item size to be exactly {MAP_NODE_BITS}, but found {found_size}"
58    )]
59    InvalidExtensibleBitmapItemSize { found_size: u32 },
60    #[error(
61        "expected extensible bitmap item high bit to be multiple of {found_size}, but found {found_high_bit}"
62    )]
63    MisalignedExtensibleBitmapHighBit { found_size: u32, found_high_bit: u32 },
64    #[error(
65        "expected extensible bitmap item high bit to be at most items_count + items_size = {found_count} + {found_size}, but found {found_high_bit}"
66    )]
67    InvalidExtensibleBitmapHighBit { found_size: u32, found_high_bit: u32, found_count: u32 },
68    #[error(
69        "expected extensible bitmap item count to be in range [0, {MAX_BITMAP_ITEMS}], but found {found_count}"
70    )]
71    InvalidExtensibleBitmapCount { found_count: u32 },
72    #[error("found extensible bitmap item count = 0, but high count != 0")]
73    ExtensibleBitmapNonZeroHighBitAndZeroCount,
74    #[error(
75        "expected extensible bitmap item start bit to be multiple of item size {found_size}, but found {found_start_bit}"
76    )]
77    MisalignedExtensibleBitmapItemStartBit { found_start_bit: u32, found_size: u32 },
78    #[error(
79        "expected extensible bitmap items to be in sorted order, but found item starting at {found_start_bit} after item that ends at {min_start}"
80    )]
81    OutOfOrderExtensibleBitmapItems { found_start_bit: u32, min_start: u32 },
82    #[error(
83        "expected extensible bitmap items to refer to bits in range [0, {found_high_bit}), but found item that ends at {found_items_end}"
84    )]
85    ExtensibleBitmapItemOverflow { found_items_end: u32, found_high_bit: u32 },
86    #[error(
87        "expected class default binary value to be one of {}, {}, or {}, but found {value}",
88        ClassDefault::Unspecified as u32,
89        ClassDefault::Source as u32,
90        ClassDefault::Target as u32
91    )]
92    InvalidClassDefault { value: u32 },
93    #[error(
94        "expected class default binary value to be one of {:?}, but found {value}",
95        [ClassDefaultRange::Unspecified as u32,
96        ClassDefaultRange::SourceLow as u32,
97        ClassDefaultRange::SourceHigh as u32,
98        ClassDefaultRange::SourceLowHigh as u32,
99        ClassDefaultRange::TargetLow as u32,
100        ClassDefaultRange::TargetHigh as u32,
101        ClassDefaultRange::TargetLowHigh as u32,
102        ClassDefaultRange::UnknownUsedValue as u32]
103    )]
104    InvalidClassDefaultRange { value: u32 },
105    #[error("paths not ordered lexicographicaly")]
106    InvalidGenFsPathOrdering,
107    #[error("missing initial SID {initial_sid:?}")]
108    MissingInitialSid { initial_sid: crate::InitialSid },
109    #[error(
110        "invalid SELinux fs_use type; expected one of {:?}, but found {value}",
111        [FsUseType::Xattr as u32,
112        FsUseType::Trans as u32,
113        FsUseType::Task as u32]
114    )]
115    InvalidFsUseType { value: u32 },
116    #[error("non-optional Id field is zero")]
117    NonOptionalIdIsZero,
118    #[error("required validation routine not implemented")]
119    NotImplemented,
120    #[error("undefined {kind} Id value {id}")]
121    UnknownId { kind: &'static str, id: String },
122    #[error("invalid MLS range: {low}-{high}")]
123    InvalidMlsRange { low: BString, high: BString },
124    #[error("invalid extended permissions type: {type_}")]
125    InvalidExtendedPermissionsType { type_: u8 },
126}