Validate policy after optimizing.
Run policy assertion check, ignoring any assertions.
Abort on failures writing the parsed policy, as writing should not fail on
validated policies.
Set close-on-exec flag in case of any sibling thread.
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
libsepol/fuzz/binpolicy-fuzzer.c | 21 ++++++++++++++++-----
1 file changed, 16 insertions(+), 5 deletions(-)
diff --git a/libsepol/fuzz/binpolicy-fuzzer.c b/libsepol/fuzz/binpolicy-fuzzer.c
index 85c59645..79d42b0e 100644
--- a/libsepol/fuzz/binpolicy-fuzzer.c
+++ b/libsepol/fuzz/binpolicy-fuzzer.c
@@ -3,6 +3,8 @@
#include <sepol/kernel_to_conf.h>
#include <sepol/policydb/policydb.h>
+extern int policydb_validate(sepol_handle_t *handle, const policydb_t *p);
+
extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
static int write_binary_policy(policydb_t *p, FILE *outfp)
@@ -38,18 +40,27 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
if (policydb_load_isids(&policydb, &sidtab))
goto exit;
- if (policydb.policy_type == POLICY_KERN)
+ if (policydb.policy_type == POLICY_KERN) {
(void) policydb_optimize(&policydb);
- devnull = fopen("/dev/null", "w");
+ if (policydb_validate(NULL, &policydb) == -1)
+ abort();
+ }
+
+ (void) check_assertions(NULL, &policydb, policydb.global->branch_list->avrules);
+
+ devnull = fopen("/dev/null", "we");
if (!devnull)
goto exit;
- (void) write_binary_policy(&policydb, devnull);
+ if (write_binary_policy(&policydb, devnull))
+ abort();
- (void) sepol_kernel_policydb_to_conf(devnull, &policydb);
+ if (sepol_kernel_policydb_to_conf(devnull, &policydb))
+ abort();
- (void) sepol_kernel_policydb_to_cil(devnull, &policydb);
+ if (sepol_kernel_policydb_to_cil(devnull, &policydb))
+ abort();
exit:
if (devnull != NULL)
--
2.40.1
