forked from SELinuxProject/selinux
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
libsepol/cil: move the fuzz target and build script to the selinux re…
…pository It should make it easier to reproduce bugs found by OSS-Fuzz locally without docker. The fuzz target can be built and run with the corpus OSS-Fuzz has accumulated so far by running the following commands: ``` ./scripts/oss-fuzz.sh wget https://storage.googleapis.com/selinux-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/selinux_secilc-fuzzer/public.zip unzip -d CORPUS public.zip ./out/secilc-fuzzer CORPUS/ ``` It was tested in google/oss-fuzz#6026 by pointing OSS-Fuzz to the branch containing the patch and running all the tests with all the sanitizers and fuzzing engines there: https://github.com/google/oss-fuzz/actions/runs/1024673143 Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
- Loading branch information
Showing
2 changed files
with
97 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
#include <stdlib.h> | ||
#include <stdio.h> | ||
#include <stdint.h> | ||
#include <string.h> | ||
#include <getopt.h> | ||
#include <sys/stat.h> | ||
|
||
#include <sepol/cil/cil.h> | ||
#include <sepol/policydb.h> | ||
|
||
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { | ||
enum cil_log_level log_level = CIL_ERR; | ||
struct sepol_policy_file *pf = NULL; | ||
FILE *dev_null = NULL; | ||
int target = SEPOL_TARGET_SELINUX; | ||
int disable_dontaudit = 0; | ||
int multiple_decls = 0; | ||
int disable_neverallow = 0; | ||
int preserve_tunables = 0; | ||
int policyvers = POLICYDB_VERSION_MAX; | ||
int mls = -1; | ||
int attrs_expand_generated = 0; | ||
struct cil_db *db = NULL; | ||
sepol_policydb_t *pdb = NULL; | ||
|
||
cil_set_log_level(log_level); | ||
|
||
cil_db_init(&db); | ||
cil_set_disable_dontaudit(db, disable_dontaudit); | ||
cil_set_multiple_decls(db, multiple_decls); | ||
cil_set_disable_neverallow(db, disable_neverallow); | ||
cil_set_preserve_tunables(db, preserve_tunables); | ||
cil_set_mls(db, mls); | ||
cil_set_target_platform(db, target); | ||
cil_set_policy_version(db, policyvers); | ||
cil_set_attrs_expand_generated(db, attrs_expand_generated); | ||
|
||
if (cil_add_file(db, "fuzz", (const char *)data, size) != SEPOL_OK) | ||
goto exit; | ||
|
||
if (cil_compile(db) != SEPOL_OK) | ||
goto exit; | ||
|
||
if (cil_build_policydb(db, &pdb) != SEPOL_OK) | ||
goto exit; | ||
|
||
if (sepol_policydb_optimize(pdb) != SEPOL_OK) | ||
goto exit; | ||
|
||
dev_null = fopen("/dev/null", "w"); | ||
if (dev_null == NULL) | ||
goto exit; | ||
|
||
if (sepol_policy_file_create(&pf) != 0) | ||
goto exit; | ||
|
||
sepol_policy_file_set_fp(pf, dev_null); | ||
|
||
if (sepol_policydb_write(pdb, pf) != 0) | ||
goto exit; | ||
exit: | ||
if (dev_null != NULL) | ||
fclose(dev_null); | ||
|
||
cil_db_destroy(&db); | ||
sepol_policydb_free(pdb); | ||
sepol_policy_file_free(pf); | ||
return 0; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
#!/bin/bash | ||
|
||
set -eux | ||
|
||
export DESTDIR=$(pwd)/DESTDIR | ||
|
||
SANITIZER=${SANITIZER:-address} | ||
flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER -fsanitize=fuzzer-no-link" | ||
|
||
export CC=${CC:-clang} | ||
export CFLAGS=${CFLAGS:-$flags} | ||
|
||
export CXX=${CXX:-clang++} | ||
export CXXFLAGS=${CXXFLAGS:-$flags} | ||
|
||
export LDFLAGS="${LDFLAGS:-} $CFLAGS" | ||
|
||
export OUT=${OUT:-$(pwd)/out} | ||
mkdir -p $OUT | ||
|
||
export LIB_FUZZING_ENGINE=${LIB_FUZZING_ENGINE:--fsanitize=fuzzer} | ||
|
||
find -name Makefile | xargs sed -i 's/,-z,defs//' | ||
make V=1 -j$(nproc) install | ||
|
||
$CC $CFLAGS -I$DESTDIR/usr/include -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -c -o secilc-fuzzer.o libsepol/fuzz/secilc-fuzzer.c | ||
$CXX $CXXFLAGS $LIB_FUZZING_ENGINE secilc-fuzzer.o $DESTDIR/usr/lib/libsepol.a -o $OUT/secilc-fuzzer | ||
zip -r $OUT/secilc-fuzzer_seed_corpus.zip secilc/test |