mirror of
https://github.com/SELinuxProject/selinux
synced 2025-01-28 16:22:45 +00:00
595c4163f0
Introduce a libfuzz[1] based fuzzer testing the parsing and policy generation code used within checkpolicy(8) and checkmodule(8), similar to the fuzzer for secilc(8). The fuzzer will work on generated source policy input and try to parse, link, expand, optimize, sort and output it. This fuzzer will also ensure policy validation is not too strict by checking compilable source policies are valid. Build the fuzzer in the oss-fuzz script. [1]: https://llvm.org/docs/LibFuzzer.html Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com>
66 lines
1.5 KiB
Plaintext
66 lines
1.5 KiB
Plaintext
class process
|
|
class blk_file
|
|
class chr_file
|
|
class dir
|
|
class fifo_file
|
|
class file
|
|
class lnk_file
|
|
class sock_file
|
|
sid kernel
|
|
sid security
|
|
sid unlabeled
|
|
sid fs
|
|
sid file
|
|
sid file_labels
|
|
sid init
|
|
sid any_socket
|
|
sid port
|
|
sid netif
|
|
sid netmsg
|
|
sid node
|
|
sid igmp_packet
|
|
sid icmp_socket
|
|
sid tcp_socket
|
|
sid sysctl_modprobe
|
|
sid sysctl
|
|
sid sysctl_fs
|
|
sid sysctl_kernel
|
|
sid sysctl_net
|
|
sid sysctl_net_unix
|
|
sid sysctl_vm
|
|
sid sysctl_dev
|
|
sid kmod
|
|
sid policy
|
|
sid scmp_packet
|
|
sid devnull
|
|
class process { dyntransition transition }
|
|
default_role { blk_file } source;
|
|
default_role { chr_file } source;
|
|
default_role { dir } source;
|
|
default_role { fifo_file } source;
|
|
default_role { file } source;
|
|
default_role { lnk_file } source;
|
|
default_role { sock_file } source;
|
|
sensitivity s0;
|
|
dominance { s0 }
|
|
category c0;
|
|
level s0:c0;
|
|
mlsconstrain process transition t1 eq t2;
|
|
type sys_isid;
|
|
typealias sys_isid alias { dpkg_script_t rpm_script_t };
|
|
allow sys_isid self : process { dyntransition transition };
|
|
role sys_role;
|
|
role sys_role types { sys_isid };
|
|
user sys_user roles sys_role level s0 range s0 - s0:c0;
|
|
sid kernel sys_user:sys_role:sys_isid:s0
|
|
sid security sys_user:sys_role:sys_isid:s0
|
|
sid unlabeled sys_user:sys_role:sys_isid:s0
|
|
sid file sys_user:sys_role:sys_isid:s0
|
|
sid port sys_user:sys_role:sys_isid:s0
|
|
sid netif sys_user:sys_role:sys_isid:s0
|
|
sid netmsg sys_user:sys_role:sys_isid:s0
|
|
sid node sys_user:sys_role:sys_isid:s0
|
|
sid devnull sys_user:sys_role:sys_isid:s0
|
|
fs_use_trans devpts sys_user:sys_role:sys_isid:s0;
|
|
fs_use_trans devtmpfs sys_user:sys_role:sys_isid:s0;
|