mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-18 12:14:33 +00:00
595c4163f0
Introduce a libfuzz[1] based fuzzer testing the parsing and policy generation code used within checkpolicy(8) and checkmodule(8), similar to the fuzzer for secilc(8). The fuzzer will work on generated source policy input and try to parse, link, expand, optimize, sort and output it. This fuzzer will also ensure policy validation is not too strict by checking compilable source policies are valid. Build the fuzzer in the oss-fuzz script. [1]: https://llvm.org/docs/LibFuzzer.html Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com>
83 lines
2.2 KiB
Makefile
83 lines
2.2 KiB
Makefile
#
|
|
# Makefile for building the checkpolicy program
|
|
#
|
|
LINGUAS ?=
|
|
PREFIX ?= /usr
|
|
BINDIR ?= $(PREFIX)/bin
|
|
MANDIR ?= $(PREFIX)/share/man
|
|
TARGETS = checkpolicy checkmodule
|
|
|
|
LEX = flex
|
|
YACC = bison -y
|
|
|
|
CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -fno-strict-aliasing
|
|
|
|
# If no specific libsepol.a is specified, fall back on LDFLAGS search path
|
|
# Otherwise, as $(LIBSEPOLA) already appears in the dependencies, there
|
|
# is no need to define a value for LDLIBS_LIBSEPOLA
|
|
ifeq ($(LIBSEPOLA),)
|
|
LDLIBS_LIBSEPOLA := -l:libsepol.a
|
|
endif
|
|
|
|
CHECKOBJS = y.tab.o lex.yy.o queue.o module_compiler.o parse_util.o \
|
|
policy_define.o
|
|
CHECKPOLOBJS = $(CHECKOBJS) checkpolicy.o
|
|
CHECKMODOBJS = $(CHECKOBJS) checkmodule.o
|
|
|
|
GENERATED=lex.yy.c y.tab.c y.tab.h
|
|
|
|
all: $(TARGETS)
|
|
$(MAKE) -C test
|
|
|
|
checkpolicy: $(CHECKPOLOBJS) $(LIBSEPOLA)
|
|
$(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA)
|
|
|
|
checkmodule: $(CHECKMODOBJS) $(LIBSEPOLA)
|
|
$(CC) $(CPPFLAGS) $(CFLAGS) -o $@ $^ $(LDFLAGS) $(LDLIBS_LIBSEPOLA)
|
|
|
|
%.o: %.c
|
|
$(CC) $(CPPFLAGS) $(CFLAGS) -o $@ -c $<
|
|
|
|
y.tab.o: y.tab.c
|
|
$(CC) $(filter-out -Werror, $(CPPFLAGS) $(CFLAGS)) -o $@ -c $<
|
|
|
|
lex.yy.o: lex.yy.c
|
|
$(CC) $(filter-out -Werror, $(CPPFLAGS) $(CFLAGS)) -o $@ -c $<
|
|
|
|
y.tab.c: policy_parse.y
|
|
$(YACC) -d policy_parse.y
|
|
|
|
lex.yy.c: policy_scan.l y.tab.c
|
|
$(LEX) policy_scan.l
|
|
|
|
.PHONY: test
|
|
test: checkpolicy
|
|
./tests/test_roundtrip.sh
|
|
|
|
# helper target for fuzzing
|
|
checkobjects: $(CHECKOBJS)
|
|
|
|
install: all
|
|
-mkdir -p $(DESTDIR)$(BINDIR)
|
|
-mkdir -p $(DESTDIR)$(MANDIR)/man8
|
|
install -m 755 $(TARGETS) $(DESTDIR)$(BINDIR)
|
|
install -m 644 checkpolicy.8 $(DESTDIR)$(MANDIR)/man8
|
|
install -m 644 checkmodule.8 $(DESTDIR)$(MANDIR)/man8
|
|
for lang in $(LINGUAS) ; do \
|
|
if [ -e $${lang} ] ; then \
|
|
mkdir -p $(DESTDIR)$(MANDIR)/$${lang}/man8 ; \
|
|
install -m 644 $${lang}/*.8 $(DESTDIR)$(MANDIR)/$${lang}/man8 ; \
|
|
fi ; \
|
|
done
|
|
|
|
relabel: install
|
|
/sbin/restorecon $(DESTDIR)$(BINDIR)/checkpolicy
|
|
/sbin/restorecon $(DESTDIR)$(BINDIR)/checkmodule
|
|
|
|
clean:
|
|
-rm -f $(TARGETS) $(CHECKPOLOBJS) $(CHECKMODOBJS) y.tab.c y.tab.h lex.yy.c tests/testpol.conf tests/testpol.bin
|
|
$(MAKE) -C test clean
|
|
|
|
indent:
|
|
../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
|