forked from SELinuxProject/selinux
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
- Loading branch information
Showing
5 changed files
with
449 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -3,3 +3,7 @@ checkpolicy | |
lex.yy.c | ||
y.tab.c | ||
y.tab.h | ||
checkmodule-fuzzer | ||
checkpolicy-fuzzer | ||
corpus_dir/ | ||
fuzz-*.log |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,153 @@ | ||
#define _GNU_SOURCE | ||
|
||
#include <unistd.h> | ||
#include <sys/mman.h> | ||
|
||
#include <sepol/debug.h> | ||
#include <sepol/policydb/policydb.h> | ||
#include <sepol/policydb/services.h> | ||
#include <sepol/policydb/hierarchy.h> | ||
#include <sepol/policydb/expand.h> | ||
#include <sepol/policydb/link.h> | ||
|
||
#include "queue.h" | ||
|
||
extern void yyerror(const char *msg); | ||
extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); | ||
|
||
extern int mlspol; | ||
extern int werror; | ||
extern policydb_t *policydbp; | ||
extern queue_t id_queue; | ||
extern unsigned int policydb_errors; | ||
|
||
unsigned int policy_type = POLICY_BASE; | ||
unsigned int policyvers = MOD_POLICYDB_VERSION_MAX; | ||
|
||
extern FILE *yyin; | ||
extern void init_parser(int); | ||
extern int yyparse(void); | ||
extern void yyrestart(FILE *); | ||
extern void set_source_file(const char *name); | ||
|
||
void yyerror(const char *msg __attribute__((unused))) | ||
{ | ||
policydb_errors++; | ||
} | ||
|
||
static int read_source_policy(policydb_t * p, const uint8_t *data, size_t size) | ||
{ | ||
int fd; | ||
ssize_t wr; | ||
|
||
fd = memfd_create("fuzz-input", MFD_CLOEXEC); | ||
if (fd < 0) | ||
return -1; | ||
|
||
wr = write(fd, data, size); | ||
if (wr < 0 || (size_t)wr != size) | ||
return -1; | ||
|
||
|
||
yyin = fdopen(fd, "r"); | ||
if (!yyin) | ||
return -1; | ||
|
||
set_source_file("fuzz-input"); | ||
|
||
if ((id_queue = queue_create()) == NULL) | ||
goto exit; | ||
|
||
policydbp = p; | ||
mlspol = p->mls; | ||
|
||
init_parser(1); | ||
|
||
if (yyparse() || policydb_errors) | ||
goto exit; | ||
|
||
rewind(yyin); | ||
init_parser(2); | ||
set_source_file("fuzz-input"); | ||
yyrestart(yyin); | ||
|
||
if (yyparse() || policydb_errors) | ||
goto exit; | ||
|
||
exit: | ||
queue_destroy(id_queue); | ||
fclose(yyin); | ||
|
||
return 0; | ||
} | ||
|
||
/*static int write_binary_policy(policydb_t * p, FILE *outfp) | ||
{ | ||
struct policy_file pf; | ||
p->policy_type = policy_type; | ||
p->policyvers = policyvers; | ||
p->handle_unknown = SEPOL_DENY_UNKNOWN; | ||
policy_file_init(&pf); | ||
pf.type = PF_USE_STDIO; | ||
pf.fp = outfp; | ||
return policydb_write(p, &pf); | ||
}*/ | ||
|
||
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) | ||
{ | ||
sidtab_t sidtab; | ||
policydb_t modpolicydb; | ||
policydb_t kernpolicydb; | ||
FILE *devnull = NULL; | ||
|
||
werror = 1; | ||
sepol_debug(0); | ||
sepol_set_policydb(&modpolicydb); | ||
sepol_set_sidtab(&sidtab); | ||
|
||
if (policydb_init(&modpolicydb)) | ||
goto exit; | ||
|
||
modpolicydb.policy_type = POLICY_BASE; | ||
modpolicydb.mls = 1; | ||
modpolicydb.handle_unknown = DENY_UNKNOWN; | ||
|
||
if (read_source_policy(&modpolicydb, data, size)) | ||
goto exit; | ||
|
||
if (hierarchy_check_constraints(NULL, &modpolicydb)) | ||
goto exit; | ||
|
||
if (policydb_init(&kernpolicydb)) | ||
goto exit; | ||
|
||
if (link_modules(NULL, &modpolicydb, NULL, 0, 0)) | ||
goto exit; | ||
|
||
if (expand_module(NULL, &modpolicydb, &kernpolicydb, 0, 1)) | ||
goto exit; | ||
|
||
if (policydb_load_isids(&modpolicydb, &sidtab)) | ||
goto exit; | ||
|
||
sepol_sidtab_destroy(&sidtab); | ||
|
||
/*devnull = fopen("/dev/null", "w"); | ||
if (devnull == NULL) | ||
goto exit; | ||
if (write_binary_policy(&modpolicydb, devnull)) | ||
goto exit;*/ | ||
|
||
exit: | ||
if (devnull != NULL) | ||
fclose(devnull); | ||
|
||
policydb_destroy(&kernpolicydb); | ||
policydb_destroy(&modpolicydb); | ||
|
||
return 0; | ||
} |
Oops, something went wrong.