[PATCH 5/5] checkpolicy/fuzz: scan Xen policies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In addition to standard SELinux platform policies also check Xen ones.
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
Note: this will break all current reproducers and corpuses due to the
changed input format.
---
 checkpolicy/fuzz/checkpolicy-fuzzer.c | 43 ++++++++++++++++++---------
 1 file changed, 29 insertions(+), 14 deletions(-)

diff --git a/checkpolicy/fuzz/checkpolicy-fuzzer.c b/checkpolicy/fuzz/checkpolicy-fuzzer.c
index f3a17cce..ab1a6bb8 100644
--- a/checkpolicy/fuzz/checkpolicy-fuzzer.c
+++ b/checkpolicy/fuzz/checkpolicy-fuzzer.c
@@ -147,15 +147,28 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	policydb_t *finalpolicydb;
 	sidtab_t sidtab = {};
 	FILE *devnull = NULL;
-	int mls, policyvers;
+	int mls, platform, policyvers;
 
 	sepol_debug(VERBOSE);
 
-	/* Take the first byte whether to parse as MLS policy
-	* and the second byte as policy version. */
-	if (size < 2)
+	/*
+	 * Take the first byte whether to generate a SELinux or Xen policy,
+	 * the second byte whether to parse as MLS policy,
+	 * and the second byte as policy version.
+	 */
+	if (size < 3)
 		return 0;
 	switch (data[0]) {
+	case 'S':
+		platform = SEPOL_TARGET_SELINUX;
+		break;
+	case 'X':
+		platform = SEPOL_TARGET_XEN;
+		break;
+	default:
+		return 0;
+	}
+	switch (data[1]) {
 	case '0':
 		mls = 0;
 		break;
@@ -166,11 +179,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 		return 0;
 	}
 	static_assert(0x7F - 'A' >= POLICYDB_VERSION_MAX, "Max policy version should be representable");
-	policyvers = data[1] - 'A';
+	policyvers = data[2] - 'A';
 	if (policyvers < POLICYDB_VERSION_MIN || policyvers > POLICYDB_VERSION_MAX)
 		return 0;
-	data += 2;
-	size -= 2;
+	data += 3;
+	size -= 3;
 
 	if (policydb_init(&parsepolicydb))
 		goto exit;
@@ -178,7 +191,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	parsepolicydb.policy_type = POLICY_BASE;
 	parsepolicydb.mls = mls;
 	parsepolicydb.handle_unknown = DENY_UNKNOWN;
-	policydb_set_target_platform(&parsepolicydb, SEPOL_TARGET_SELINUX);
+	policydb_set_target_platform(&parsepolicydb, platform);
 
 	if (read_source_policy(&parsepolicydb, data, size))
 		goto exit;
@@ -198,15 +211,17 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 
 		kernpolicydb.policyvers = policyvers;
 
-		assert(kernpolicydb.policy_type    == POLICY_KERN);
-		assert(kernpolicydb.handle_unknown == SEPOL_DENY_UNKNOWN);
-		assert(kernpolicydb.mls            == mls);
+		assert(kernpolicydb.policy_type     == POLICY_KERN);
+		assert(kernpolicydb.handle_unknown  == SEPOL_DENY_UNKNOWN);
+		assert(kernpolicydb.mls             == mls);
+		assert(kernpolicydb.target_platform == platform);
 
 		finalpolicydb = &kernpolicydb;
 	} else {
-		assert(parsepolicydb.policy_type    == POLICY_MOD);
-		assert(parsepolicydb.handle_unknown == SEPOL_DENY_UNKNOWN);
-		assert(parsepolicydb.mls            == mls);
+		assert(parsepolicydb.policy_type     == POLICY_MOD);
+		assert(parsepolicydb.handle_unknown  == SEPOL_DENY_UNKNOWN);
+		assert(parsepolicydb.mls             == mls);
+		assert(parsepolicydb.target_platform == platform);
 
 		finalpolicydb = &parsepolicydb;
 	}
-- 
2.43.0





[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux