From 093f894b25128f94533dd05541719e8a48e687ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Fri, 24 Jun 2022 22:34:22 +0200
Subject: [PATCH] TODO: mls
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 checkpolicy/fuzz/checkpolicy-fuzzer.c | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/checkpolicy/fuzz/checkpolicy-fuzzer.c b/checkpolicy/fuzz/checkpolicy-fuzzer.c
index 3488b92dc7..e906b01341 100644
--- a/checkpolicy/fuzz/checkpolicy-fuzzer.c
+++ b/checkpolicy/fuzz/checkpolicy-fuzzer.c
@@ -136,14 +136,34 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	policydb_t kernpolicydb = {};
 	sidtab_t sidtab = {};
 	FILE *devnull = NULL;
+	int mls, policyvers;
 
 	sepol_debug(0);
 
+	/* Take the first byte whether to parse as MLS policy
+	* and the second byte as policy version. */
+	if (size < 2)
+		return 0;
+	switch (data[0]) {
+	case '0':
+		mls = 0;
+		break;
+	case '1':
+		mls = 1;
+		break;
+	default:
+		return 0;
+	}
+	policyvers = data[1] - 'A';
+	if (policyvers < POLICYDB_VERSION_MIN || policyvers > POLICYDB_VERSION_MAX)
+		return 0;
+	size -= 2;
+
 	if (policydb_init(&parsepolicydb))
 		goto exit;
 
 	parsepolicydb.policy_type = POLICY_BASE;
-	parsepolicydb.mls = 1;
+	parsepolicydb.mls = mls;
 	parsepolicydb.handle_unknown = DENY_UNKNOWN;
 	policydb_set_target_platform(&parsepolicydb, SEPOL_TARGET_SELINUX);
 
@@ -162,10 +182,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	if (expand_module(NULL, &parsepolicydb, &kernpolicydb, 0, 1))
 		goto exit;
 
-	assert(kernpolicydb.policyvers     == POLICYDB_VERSION_MAX);
+	kernpolicydb.policyvers = policyvers;
+
 	assert(kernpolicydb.policy_type    == POLICY_KERN);
 	assert(kernpolicydb.handle_unknown == SEPOL_DENY_UNKNOWN);
-	assert(kernpolicydb.mls            == 1);
+	assert(kernpolicydb.mls            == mls);
 
 	if (policydb_load_isids(&kernpolicydb, &sidtab))
 		goto exit;