selinux/libsepol/fuzz/binpolicy-fuzzer.c

#include <sepol/debug.h>
#include <sepol/kernel_to_cil.h>
#include <sepol/kernel_to_conf.h>
#include <sepol/policydb/expand.h>
#include <sepol/policydb/hierarchy.h>
#include <sepol/policydb/link.h>
#include <sepol/policydb/policydb.h>

extern int policydb_validate(sepol_handle_t *handle, const policydb_t *p);

extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);


// set to 1 to enable more verbose libsepol logging
#define VERBOSE 0


static int write_binary_policy(policydb_t *p, FILE *outfp)
{
	struct policy_file pf;

	policy_file_init(&pf);
	pf.type = PF_USE_STDIO;
	pf.fp = outfp;
	return policydb_write(p, &pf);
}

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
	policydb_t policydb = {}, out = {};
	sidtab_t sidtab = {};
	struct policy_file pf;
	FILE *devnull = NULL;

	sepol_debug(VERBOSE);

	policy_file_init(&pf);
	pf.type = PF_USE_MEMORY;
	pf.data = (char *) data;
	pf.len = size;

	if (policydb_init(&policydb))
		goto exit;

	if (policydb_read(&policydb, &pf, VERBOSE))
		goto exit;

	if (policydb_load_isids(&policydb, &sidtab))
		goto exit;

	if (policydb.policy_type == POLICY_KERN) {
		(void) policydb_optimize(&policydb);

		if (policydb_validate(NULL, &policydb) == -1)
			abort();
	}

	if (policydb.global->branch_list)
		(void) check_assertions(NULL, &policydb, policydb.global->branch_list->avrules);

	(void) hierarchy_check_constraints(NULL, &policydb);

	devnull = fopen("/dev/null", "we");
	if (!devnull)
		goto exit;

	if (write_binary_policy(&policydb, devnull))
		abort();

	if (policydb.policy_type == POLICY_KERN) {
		if (sepol_kernel_policydb_to_conf(devnull, &policydb))
			abort();

		if (sepol_kernel_policydb_to_cil(devnull, &policydb))
			abort();

	} else if (policydb.policy_type == POLICY_BASE) {
		if (link_modules(NULL, &policydb, NULL, 0, VERBOSE))
			goto exit;

		if (policydb_init(&out))
			goto exit;

		if (expand_module(NULL, &policydb, &out, VERBOSE, /*check_assertions=*/0))
			goto exit;

		(void) check_assertions(NULL, &out, out.global->branch_list->avrules);
		(void) hierarchy_check_constraints(NULL, &out);

		if (write_binary_policy(&out, devnull))
			abort();

		if (sepol_kernel_policydb_to_conf(devnull, &out))
			abort();

		if (sepol_kernel_policydb_to_cil(devnull, &out))
			abort();

	}

exit:
	if (devnull != NULL)
		fclose(devnull);

	policydb_destroy(&out);
	policydb_destroy(&policydb);
	sepol_sidtab_destroy(&sidtab);

	/* Non-zero return values are reserved for future use. */
	return 0;
}
libsepol: add libfuzz based fuzzer for reading binary policies Introduce a libfuzz[1] based fuzzer testing the parsing of a binary policy. Build the fuzzer in the oss-fuzz script. [1]: https://llvm.org/docs/LibFuzzer.html Signed-off-by: Christian Göttsche <cgzones@googlemail.com> 2021-12-09 16:48:56 +00:00			`#include <sepol/debug.h>`
			`#include <sepol/kernel_to_cil.h>`
			`#include <sepol/kernel_to_conf.h>`
libsepol/fuzz: handle empty and non kernel policies Do not check assertions for policies without any av rules. Only output kernel policies in traditional and CIL format. Perform hierarchy constraint checks. Try to link, expand and output base module policies. Also rework argument passing of verbose flags to improve debugging usability. Reported-by: oss-fuzz (issues 64515, 64531) Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> 2023-11-28 18:23:33 +00:00			`#include <sepol/policydb/expand.h>`
			`#include <sepol/policydb/hierarchy.h>`
			`#include <sepol/policydb/link.h>`
libsepol: add libfuzz based fuzzer for reading binary policies Introduce a libfuzz[1] based fuzzer testing the parsing of a binary policy. Build the fuzzer in the oss-fuzz script. [1]: https://llvm.org/docs/LibFuzzer.html Signed-off-by: Christian Göttsche <cgzones@googlemail.com> 2021-12-09 16:48:56 +00:00			`#include <sepol/policydb/policydb.h>`

libsepol/fuzz: more strict fuzzing of binary policies Validate policy after optimizing. Run policy assertion check, ignoring any assertions. Abort on failures writing the parsed policy, as writing should not fail on validated policies. Set close-on-exec flag in case of any sibling thread. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> 2023-07-06 14:02:33 +00:00			`extern int policydb_validate(sepol_handle_t handle, const policydb_t p);`

libsepol: add libfuzz based fuzzer for reading binary policies Introduce a libfuzz[1] based fuzzer testing the parsing of a binary policy. Build the fuzzer in the oss-fuzz script. [1]: https://llvm.org/docs/LibFuzzer.html Signed-off-by: Christian Göttsche <cgzones@googlemail.com> 2021-12-09 16:48:56 +00:00			`extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);`

libsepol/fuzz: handle empty and non kernel policies Do not check assertions for policies without any av rules. Only output kernel policies in traditional and CIL format. Perform hierarchy constraint checks. Try to link, expand and output base module policies. Also rework argument passing of verbose flags to improve debugging usability. Reported-by: oss-fuzz (issues 64515, 64531) Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> 2023-11-28 18:23:33 +00:00
			`// set to 1 to enable more verbose libsepol logging`
			`#define VERBOSE 0`


libsepol: add libfuzz based fuzzer for reading binary policies Introduce a libfuzz[1] based fuzzer testing the parsing of a binary policy. Build the fuzzer in the oss-fuzz script. [1]: https://llvm.org/docs/LibFuzzer.html Signed-off-by: Christian Göttsche <cgzones@googlemail.com> 2021-12-09 16:48:56 +00:00			`static int write_binary_policy(policydb_t p, FILE outfp)`
			`{`
			`struct policy_file pf;`

			`policy_file_init(&pf);`
			`pf.type = PF_USE_STDIO;`
			`pf.fp = outfp;`
			`return policydb_write(p, &pf);`
			`}`

			`int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)`
			`{`
libsepol/fuzz: handle empty and non kernel policies Do not check assertions for policies without any av rules. Only output kernel policies in traditional and CIL format. Perform hierarchy constraint checks. Try to link, expand and output base module policies. Also rework argument passing of verbose flags to improve debugging usability. Reported-by: oss-fuzz (issues 64515, 64531) Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> 2023-11-28 18:23:33 +00:00			`policydb_t policydb = {}, out = {};`
libsepol: add libfuzz based fuzzer for reading binary policies Introduce a libfuzz[1] based fuzzer testing the parsing of a binary policy. Build the fuzzer in the oss-fuzz script. [1]: https://llvm.org/docs/LibFuzzer.html Signed-off-by: Christian Göttsche <cgzones@googlemail.com> 2021-12-09 16:48:56 +00:00			`sidtab_t sidtab = {};`
			`struct policy_file pf;`
			`FILE *devnull = NULL;`

libsepol/fuzz: handle empty and non kernel policies Do not check assertions for policies without any av rules. Only output kernel policies in traditional and CIL format. Perform hierarchy constraint checks. Try to link, expand and output base module policies. Also rework argument passing of verbose flags to improve debugging usability. Reported-by: oss-fuzz (issues 64515, 64531) Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> 2023-11-28 18:23:33 +00:00			`sepol_debug(VERBOSE);`
libsepol: add libfuzz based fuzzer for reading binary policies Introduce a libfuzz[1] based fuzzer testing the parsing of a binary policy. Build the fuzzer in the oss-fuzz script. [1]: https://llvm.org/docs/LibFuzzer.html Signed-off-by: Christian Göttsche <cgzones@googlemail.com> 2021-12-09 16:48:56 +00:00
			`policy_file_init(&pf);`
			`pf.type = PF_USE_MEMORY;`
			`pf.data = (char *) data;`
			`pf.len = size;`

			`if (policydb_init(&policydb))`
			`goto exit;`

libsepol/fuzz: handle empty and non kernel policies Do not check assertions for policies without any av rules. Only output kernel policies in traditional and CIL format. Perform hierarchy constraint checks. Try to link, expand and output base module policies. Also rework argument passing of verbose flags to improve debugging usability. Reported-by: oss-fuzz (issues 64515, 64531) Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> 2023-11-28 18:23:33 +00:00			`if (policydb_read(&policydb, &pf, VERBOSE))`
libsepol: add libfuzz based fuzzer for reading binary policies Introduce a libfuzz[1] based fuzzer testing the parsing of a binary policy. Build the fuzzer in the oss-fuzz script. [1]: https://llvm.org/docs/LibFuzzer.html Signed-off-by: Christian Göttsche <cgzones@googlemail.com> 2021-12-09 16:48:56 +00:00			`goto exit;`

			`if (policydb_load_isids(&policydb, &sidtab))`
			`goto exit;`

libsepol/fuzz: more strict fuzzing of binary policies Validate policy after optimizing. Run policy assertion check, ignoring any assertions. Abort on failures writing the parsed policy, as writing should not fail on validated policies. Set close-on-exec flag in case of any sibling thread. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> 2023-07-06 14:02:33 +00:00			`if (policydb.policy_type == POLICY_KERN) {`
libsepol: add libfuzz based fuzzer for reading binary policies Introduce a libfuzz[1] based fuzzer testing the parsing of a binary policy. Build the fuzzer in the oss-fuzz script. [1]: https://llvm.org/docs/LibFuzzer.html Signed-off-by: Christian Göttsche <cgzones@googlemail.com> 2021-12-09 16:48:56 +00:00			`(void) policydb_optimize(&policydb);`

libsepol/fuzz: more strict fuzzing of binary policies Validate policy after optimizing. Run policy assertion check, ignoring any assertions. Abort on failures writing the parsed policy, as writing should not fail on validated policies. Set close-on-exec flag in case of any sibling thread. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> 2023-07-06 14:02:33 +00:00			`if (policydb_validate(NULL, &policydb) == -1)`
			`abort();`
			`}`

libsepol/fuzz: handle empty and non kernel policies Do not check assertions for policies without any av rules. Only output kernel policies in traditional and CIL format. Perform hierarchy constraint checks. Try to link, expand and output base module policies. Also rework argument passing of verbose flags to improve debugging usability. Reported-by: oss-fuzz (issues 64515, 64531) Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> 2023-11-28 18:23:33 +00:00			`if (policydb.global->branch_list)`
			`(void) check_assertions(NULL, &policydb, policydb.global->branch_list->avrules);`

			`(void) hierarchy_check_constraints(NULL, &policydb);`
libsepol/fuzz: more strict fuzzing of binary policies Validate policy after optimizing. Run policy assertion check, ignoring any assertions. Abort on failures writing the parsed policy, as writing should not fail on validated policies. Set close-on-exec flag in case of any sibling thread. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> 2023-07-06 14:02:33 +00:00
			`devnull = fopen("/dev/null", "we");`
libsepol: add libfuzz based fuzzer for reading binary policies Introduce a libfuzz[1] based fuzzer testing the parsing of a binary policy. Build the fuzzer in the oss-fuzz script. [1]: https://llvm.org/docs/LibFuzzer.html Signed-off-by: Christian Göttsche <cgzones@googlemail.com> 2021-12-09 16:48:56 +00:00			`if (!devnull)`
			`goto exit;`

libsepol/fuzz: more strict fuzzing of binary policies Validate policy after optimizing. Run policy assertion check, ignoring any assertions. Abort on failures writing the parsed policy, as writing should not fail on validated policies. Set close-on-exec flag in case of any sibling thread. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> 2023-07-06 14:02:33 +00:00			`if (write_binary_policy(&policydb, devnull))`
			`abort();`
libsepol: add libfuzz based fuzzer for reading binary policies Introduce a libfuzz[1] based fuzzer testing the parsing of a binary policy. Build the fuzzer in the oss-fuzz script. [1]: https://llvm.org/docs/LibFuzzer.html Signed-off-by: Christian Göttsche <cgzones@googlemail.com> 2021-12-09 16:48:56 +00:00
libsepol/fuzz: handle empty and non kernel policies Do not check assertions for policies without any av rules. Only output kernel policies in traditional and CIL format. Perform hierarchy constraint checks. Try to link, expand and output base module policies. Also rework argument passing of verbose flags to improve debugging usability. Reported-by: oss-fuzz (issues 64515, 64531) Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> 2023-11-28 18:23:33 +00:00			`if (policydb.policy_type == POLICY_KERN) {`
			`if (sepol_kernel_policydb_to_conf(devnull, &policydb))`
			`abort();`
libsepol: add libfuzz based fuzzer for reading binary policies Introduce a libfuzz[1] based fuzzer testing the parsing of a binary policy. Build the fuzzer in the oss-fuzz script. [1]: https://llvm.org/docs/LibFuzzer.html Signed-off-by: Christian Göttsche <cgzones@googlemail.com> 2021-12-09 16:48:56 +00:00
libsepol/fuzz: handle empty and non kernel policies Do not check assertions for policies without any av rules. Only output kernel policies in traditional and CIL format. Perform hierarchy constraint checks. Try to link, expand and output base module policies. Also rework argument passing of verbose flags to improve debugging usability. Reported-by: oss-fuzz (issues 64515, 64531) Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> 2023-11-28 18:23:33 +00:00			`if (sepol_kernel_policydb_to_cil(devnull, &policydb))`
			`abort();`

			`} else if (policydb.policy_type == POLICY_BASE) {`
			`if (link_modules(NULL, &policydb, NULL, 0, VERBOSE))`
			`goto exit;`

			`if (policydb_init(&out))`
			`goto exit;`

			`if (expand_module(NULL, &policydb, &out, VERBOSE, /check_assertions=/0))`
			`goto exit;`

			`(void) check_assertions(NULL, &out, out.global->branch_list->avrules);`
			`(void) hierarchy_check_constraints(NULL, &out);`

			`if (write_binary_policy(&out, devnull))`
			`abort();`

			`if (sepol_kernel_policydb_to_conf(devnull, &out))`
			`abort();`

			`if (sepol_kernel_policydb_to_cil(devnull, &out))`
			`abort();`

			`}`
libsepol: add libfuzz based fuzzer for reading binary policies Introduce a libfuzz[1] based fuzzer testing the parsing of a binary policy. Build the fuzzer in the oss-fuzz script. [1]: https://llvm.org/docs/LibFuzzer.html Signed-off-by: Christian Göttsche <cgzones@googlemail.com> 2021-12-09 16:48:56 +00:00
			`exit:`
			`if (devnull != NULL)`
			`fclose(devnull);`

libsepol/fuzz: handle empty and non kernel policies Do not check assertions for policies without any av rules. Only output kernel policies in traditional and CIL format. Perform hierarchy constraint checks. Try to link, expand and output base module policies. Also rework argument passing of verbose flags to improve debugging usability. Reported-by: oss-fuzz (issues 64515, 64531) Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> 2023-11-28 18:23:33 +00:00			`policydb_destroy(&out);`
libsepol: add libfuzz based fuzzer for reading binary policies Introduce a libfuzz[1] based fuzzer testing the parsing of a binary policy. Build the fuzzer in the oss-fuzz script. [1]: https://llvm.org/docs/LibFuzzer.html Signed-off-by: Christian Göttsche <cgzones@googlemail.com> 2021-12-09 16:48:56 +00:00			`policydb_destroy(&policydb);`
			`sepol_sidtab_destroy(&sidtab);`

			`/* Non-zero return values are reserved for future use. */`
			`return 0;`
			`}`