In addition to standard SELinux platform policies also check Xen ones. Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> --- Note: this will break all current reproducers and corpuses due to the changed input format. --- checkpolicy/fuzz/checkpolicy-fuzzer.c | 43 ++++++++++++++++++--------- 1 file changed, 29 insertions(+), 14 deletions(-) diff --git a/checkpolicy/fuzz/checkpolicy-fuzzer.c b/checkpolicy/fuzz/checkpolicy-fuzzer.c index f3a17cce..ab1a6bb8 100644 --- a/checkpolicy/fuzz/checkpolicy-fuzzer.c +++ b/checkpolicy/fuzz/checkpolicy-fuzzer.c @@ -147,15 +147,28 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) policydb_t *finalpolicydb; sidtab_t sidtab = {}; FILE *devnull = NULL; - int mls, policyvers; + int mls, platform, policyvers; sepol_debug(VERBOSE); - /* Take the first byte whether to parse as MLS policy - * and the second byte as policy version. */ - if (size < 2) + /* + * Take the first byte whether to generate a SELinux or Xen policy, + * the second byte whether to parse as MLS policy, + * and the second byte as policy version. + */ + if (size < 3) return 0; switch (data[0]) { + case 'S': + platform = SEPOL_TARGET_SELINUX; + break; + case 'X': + platform = SEPOL_TARGET_XEN; + break; + default: + return 0; + } + switch (data[1]) { case '0': mls = 0; break; @@ -166,11 +179,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) return 0; } static_assert(0x7F - 'A' >= POLICYDB_VERSION_MAX, "Max policy version should be representable"); - policyvers = data[1] - 'A'; + policyvers = data[2] - 'A'; if (policyvers < POLICYDB_VERSION_MIN || policyvers > POLICYDB_VERSION_MAX) return 0; - data += 2; - size -= 2; + data += 3; + size -= 3; if (policydb_init(&parsepolicydb)) goto exit; @@ -178,7 +191,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) parsepolicydb.policy_type = POLICY_BASE; parsepolicydb.mls = mls; parsepolicydb.handle_unknown = DENY_UNKNOWN; - policydb_set_target_platform(&parsepolicydb, SEPOL_TARGET_SELINUX); + policydb_set_target_platform(&parsepolicydb, platform); if (read_source_policy(&parsepolicydb, data, size)) goto exit; @@ -198,15 +211,17 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) kernpolicydb.policyvers = policyvers; - assert(kernpolicydb.policy_type == POLICY_KERN); - assert(kernpolicydb.handle_unknown == SEPOL_DENY_UNKNOWN); - assert(kernpolicydb.mls == mls); + assert(kernpolicydb.policy_type == POLICY_KERN); + assert(kernpolicydb.handle_unknown == SEPOL_DENY_UNKNOWN); + assert(kernpolicydb.mls == mls); + assert(kernpolicydb.target_platform == platform); finalpolicydb = &kernpolicydb; } else { - assert(parsepolicydb.policy_type == POLICY_MOD); - assert(parsepolicydb.handle_unknown == SEPOL_DENY_UNKNOWN); - assert(parsepolicydb.mls == mls); + assert(parsepolicydb.policy_type == POLICY_MOD); + assert(parsepolicydb.handle_unknown == SEPOL_DENY_UNKNOWN); + assert(parsepolicydb.mls == mls); + assert(parsepolicydb.target_platform == platform); finalpolicydb = &parsepolicydb; } -- 2.43.0