/src/selinux/libsepol/fuzz/binpolicy-fuzzer.c

Source
#include <sepol/debug.h>
#include <sepol/kernel_to_cil.h>
#include <sepol/kernel_to_conf.h>
#include <sepol/policydb/expand.h>
#include <sepol/policydb/hierarchy.h>
#include <sepol/policydb/link.h>
#include <sepol/policydb/policydb.h>

extern int policydb_validate(sepol_handle_t *handle, const policydb_t *p);

extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);


// set to 1 to enable more verbose libsepol logging
#define VERBOSE 0


static int write_binary_policy(policydb_t *p, FILE *outfp)
{
  struct policy_file pf;

  policy_file_init(&pf);
  pf.type = PF_USE_STDIO;
  pf.fp = outfp;
  return policydb_write(p, &pf);
}

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
  policydb_t policydb = {}, out = {};
  sidtab_t sidtab = {};
  struct policy_file pf;
  FILE *devnull = NULL;

  sepol_debug(VERBOSE);

  policy_file_init(&pf);
  pf.type = PF_USE_MEMORY;
  pf.data = (char *) data;
  pf.len = size;

  if (policydb_init(&policydb))
    goto exit;

  if (policydb_read(&policydb, &pf, VERBOSE))
    goto exit;

  if (policydb_load_isids(&policydb, &sidtab))
    goto exit;

  if (policydb.policy_type == POLICY_KERN) {
    (void) policydb_optimize(&policydb);

    if (policydb_validate(NULL, &policydb) == -1)
      abort();
  }

  if (policydb.global->branch_list)
    (void) check_assertions(NULL, &policydb, policydb.global->branch_list->avrules);

  (void) hierarchy_check_constraints(NULL, &policydb);

  devnull = fopen("/dev/null", "we");
  if (!devnull)
    goto exit;

  if (write_binary_policy(&policydb, devnull))
    abort();

  if (policydb.policy_type == POLICY_KERN) {
    if (sepol_kernel_policydb_to_conf(devnull, &policydb))
      abort();

    if (sepol_kernel_policydb_to_cil(devnull, &policydb))
      abort();

  } else if (policydb.policy_type == POLICY_BASE) {
    if (link_modules(NULL, &policydb, NULL, 0, VERBOSE))
      goto exit;

    if (policydb_init(&out))
      goto exit;

    if (expand_module(NULL, &policydb, &out, VERBOSE, /*check_assertions=*/0))
      goto exit;

    (void) check_assertions(NULL, &out, out.global->branch_list->avrules);
    (void) hierarchy_check_constraints(NULL, &out);

    if (write_binary_policy(&out, devnull))
      abort();

    if (sepol_kernel_policydb_to_conf(devnull, &out))
      abort();

    if (sepol_kernel_policydb_to_cil(devnull, &out))
      abort();

  }

exit:
  if (devnull != NULL)
    fclose(devnull);

  policydb_destroy(&out);
  policydb_destroy(&policydb);
  sepol_sidtab_destroy(&sidtab);

  /* Non-zero return values are reserved for future use. */
  return 0;
}

Line	Count	Source
1		#include <sepol/debug.h>
2		#include <sepol/kernel_to_cil.h>
3		#include <sepol/kernel_to_conf.h>
4		#include <sepol/policydb/expand.h>
5		#include <sepol/policydb/hierarchy.h>
6		#include <sepol/policydb/link.h>
7		#include <sepol/policydb/policydb.h>
8
9		extern int policydb_validate(sepol_handle_t handle, const policydb_t p);
10
11		extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
12
13
14		// set to 1 to enable more verbose libsepol logging
15	25.7k	#define VERBOSE 0
16
17
18		static int write_binary_policy(policydb_t p, FILE outfp)
19	1.44k	{
20	1.44k	struct policy_file pf;
21
22	1.44k	policy_file_init(&pf);
23	1.44k	pf.type = PF_USE_STDIO;
24	1.44k	pf.fp = outfp;
25	1.44k	return policydb_write(p, &pf);
26	1.44k	}
27
28		int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
29	12.7k	{
30	12.7k	policydb_t policydb = {}, out = {};
31	12.7k	sidtab_t sidtab = {};
32	12.7k	struct policy_file pf;
33	12.7k	FILE *devnull = NULL;
34
35	12.7k	sepol_debug(VERBOSE);
36
37	12.7k	policy_file_init(&pf);
38	12.7k	pf.type = PF_USE_MEMORY;
39	12.7k	pf.data = (char *) data;
40	12.7k	pf.len = size;
41
42	12.7k	if (policydb_init(&policydb))
43	0	goto exit;
44
45	12.7k	if (policydb_read(&policydb, &pf, VERBOSE))
46	11.4k	goto exit;
47
48	1.30k	if (policydb_load_isids(&policydb, &sidtab))
49	5	goto exit;
50
51	1.29k	if (policydb.policy_type == POLICY_KERN) {
52	980	(void) policydb_optimize(&policydb);
53
54	980	if (policydb_validate(NULL, &policydb) == -1)
55	0	abort();
56	980	}
57
58	1.29k	if (policydb.global->branch_list)
59	1.27k	(void) check_assertions(NULL, &policydb, policydb.global->branch_list->avrules);
60
61	1.29k	(void) hierarchy_check_constraints(NULL, &policydb);
62
63	1.29k	devnull = fopen("/dev/null", "we");
64	1.29k	if (!devnull)
65	0	goto exit;
66
67	1.29k	if (write_binary_policy(&policydb, devnull))
68	0	abort();
69
70	1.29k	if (policydb.policy_type == POLICY_KERN) {
71	980	if (sepol_kernel_policydb_to_conf(devnull, &policydb))
72	0	abort();
73
74	980	if (sepol_kernel_policydb_to_cil(devnull, &policydb))
75	0	abort();
76
77	980	} else if (policydb.policy_type == POLICY_BASE) {
78	170	if (link_modules(NULL, &policydb, NULL, 0, VERBOSE))
79	24	goto exit;
80
81	146	if (policydb_init(&out))
82	0	goto exit;
83
84	146	if (expand_module(NULL, &policydb, &out, VERBOSE, /check_assertions=/0))
85	1	goto exit;
86
87	145	(void) check_assertions(NULL, &out, out.global->branch_list->avrules);
88	145	(void) hierarchy_check_constraints(NULL, &out);
89
90	145	if (write_binary_policy(&out, devnull))
91	0	abort();
92
93	145	if (sepol_kernel_policydb_to_conf(devnull, &out))
94	0	abort();
95
96	145	if (sepol_kernel_policydb_to_cil(devnull, &out))
97	0	abort();
98
99	145	}
100
101	12.7k	exit:
102	12.7k	if (devnull != NULL)
103	1.29k	fclose(devnull);
104
105	12.7k	policydb_destroy(&out);
106	12.7k	policydb_destroy(&policydb);
107	12.7k	sepol_sidtab_destroy(&sidtab);
108
109		/* Non-zero return values are reserved for future use. */
110	12.7k	return 0;
111	1.29k	}

Coverage Report

Created: 2025-11-09 06:43