selinux/scripts/oss-fuzz.sh
Christian Göttsche 82438341f7 libsepol: add libfuzz based fuzzer for reading binary policies
Introduce a libfuzz[1] based fuzzer testing the parsing of a binary
policy.

Build the fuzzer in the oss-fuzz script.

[1]: https://llvm.org/docs/LibFuzzer.html

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2021-12-15 12:48:28 -05:00

73 lines
2.9 KiB
Bash
Executable File

#!/bin/bash
# The script is used to build the fuzz targets run on ClusterFuzz. It has to be
# compatible with the "build.sh" script described at
# https://google.github.io/oss-fuzz/getting-started/new-project-guide/#buildsh
# More precisely, it should use environment variables like OUT, LIB_FUZZING_ENGINE
# and so on (https://google.github.io/oss-fuzz/getting-started/new-project-guide/#buildsh-script-environment),
# and the fuzz targets have to be linked with $CXX even though the project is written
# in C: https://google.github.io/oss-fuzz/getting-started/new-project-guide/#Requirements
# To make it easier to build the fuzz targets locally, the script can also work in "local"
# mode. To run secilc-fuzzer against a test case (named, say, CRASH) triggering an issue
# the following commands should be run
#
# $ ./scripts/oss-fuzz.sh
# $ ./out/secilc-fuzzer CRASH
# To run the fuzzer against the corpus OSS-Fuzz has accumulated so far it should be
# downloaded, unpacked and passed to the fuzzer:
#
# $ wget https://storage.googleapis.com/selinux-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/selinux_secilc-fuzzer/public.zip
# $ unzip -d CORPUS public.zip
# $ ./out/secilc-fuzzer CORPUS/
set -eux
cd "$(dirname -- "$0")/.."
export DESTDIR=${DESTDIR:-$(pwd)/DESTDIR}
SANITIZER=${SANITIZER:-address}
flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER -fsanitize=fuzzer-no-link"
export CC=${CC:-clang}
export CFLAGS="${CFLAGS:-$flags} -I$DESTDIR/usr/include -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64"
export CXX=${CXX:-clang++}
export CXXFLAGS=${CXXFLAGS:-$flags}
export OUT=${OUT:-$(pwd)/out}
mkdir -p "$OUT"
export LIB_FUZZING_ENGINE=${LIB_FUZZING_ENGINE:--fsanitize=fuzzer}
rm -rf "$DESTDIR"
make -C libsepol clean
# LIBSO and LIBMAP shouldn't be expanded here because their values are unknown until Makefile
# has been read by make
# shellcheck disable=SC2016
make -C libsepol V=1 LD_SONAME_FLAGS='-soname,$(LIBSO),--version-script=$(LIBMAP)' -j"$(nproc)" install
## secilc fuzzer ##
# CFLAGS, CXXFLAGS and LIB_FUZZING_ENGINE have to be split to be accepted by
# the compiler/linker so they shouldn't be quoted
# shellcheck disable=SC2086
$CC $CFLAGS -c -o secilc-fuzzer.o libsepol/fuzz/secilc-fuzzer.c
# shellcheck disable=SC2086
$CXX $CXXFLAGS $LIB_FUZZING_ENGINE secilc-fuzzer.o "$DESTDIR/usr/lib/libsepol.a" -o "$OUT/secilc-fuzzer"
zip -r "$OUT/secilc-fuzzer_seed_corpus.zip" secilc/test
## binary policy fuzzer ##
# CFLAGS, CXXFLAGS and LIB_FUZZING_ENGINE have to be split to be accepted by
# the compiler/linker so they shouldn't be quoted
# shellcheck disable=SC2086
$CC $CFLAGS -c -o binpolicy-fuzzer.o libsepol/fuzz/binpolicy-fuzzer.c
# shellcheck disable=SC2086
$CXX $CXXFLAGS $LIB_FUZZING_ENGINE binpolicy-fuzzer.o "$DESTDIR/usr/lib/libsepol.a" -o "$OUT/binpolicy-fuzzer"
zip -j "$OUT/binpolicy-fuzzer_seed_corpus.zip" libsepol/fuzz/policy.bin