From 1d2073557d7199a5cc3ecce9c0cba6cb45a3e726 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Thu, 6 Jul 2023 16:02:33 +0200 Subject: [PATCH] libsepol/fuzz: more strict fuzzing of binary policies MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Validate policy after optimizing. Run policy assertion check, ignoring any assertions. Abort on failures writing the parsed policy, as writing should not fail on validated policies. Set close-on-exec flag in case of any sibling thread. Signed-off-by: Christian Göttsche Acked-by: James Carter --- libsepol/fuzz/binpolicy-fuzzer.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/libsepol/fuzz/binpolicy-fuzzer.c b/libsepol/fuzz/binpolicy-fuzzer.c index 85c59645..79d42b0e 100644 --- a/libsepol/fuzz/binpolicy-fuzzer.c +++ b/libsepol/fuzz/binpolicy-fuzzer.c @@ -3,6 +3,8 @@ #include #include +extern int policydb_validate(sepol_handle_t *handle, const policydb_t *p); + extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); static int write_binary_policy(policydb_t *p, FILE *outfp) @@ -38,18 +40,27 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) if (policydb_load_isids(&policydb, &sidtab)) goto exit; - if (policydb.policy_type == POLICY_KERN) + if (policydb.policy_type == POLICY_KERN) { (void) policydb_optimize(&policydb); - devnull = fopen("/dev/null", "w"); + if (policydb_validate(NULL, &policydb) == -1) + abort(); + } + + (void) check_assertions(NULL, &policydb, policydb.global->branch_list->avrules); + + devnull = fopen("/dev/null", "we"); if (!devnull) goto exit; - (void) write_binary_policy(&policydb, devnull); + if (write_binary_policy(&policydb, devnull)) + abort(); - (void) sepol_kernel_policydb_to_conf(devnull, &policydb); + if (sepol_kernel_policydb_to_conf(devnull, &policydb)) + abort(); - (void) sepol_kernel_policydb_to_cil(devnull, &policydb); + if (sepol_kernel_policydb_to_cil(devnull, &policydb)) + abort(); exit: if (devnull != NULL)