libsepol/fuzz: more strict fuzzing of binary policies

Message ID	20230706140233.45990-1-cgzones@googlemail.com (mailing list archive)
State	Accepted
Commit	1d2073557d71
Headers	show Return-Path: <selinux-owner@vger.kernel.org> From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> To: selinux@vger.kernel.org Subject: [PATCH] libsepol/fuzz: more strict fuzzing of binary policies Date: Thu, 6 Jul 2023 16:02:33 +0200 Message-Id: <20230706140233.45990-1-cgzones@googlemail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	libsepol/fuzz: more strict fuzzing of binary policies \| expand libsepol/fuzz: more strict fuzzing of binary policies

Message ID

20230706140233.45990-1-cgzones@googlemail.com (mailing list archive)

State

Accepted

Commit

1d2073557d71

Headers

From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH] libsepol/fuzz: more strict fuzzing of binary policies
Date: Thu,  6 Jul 2023 16:02:33 +0200
Message-Id: <20230706140233.45990-1-cgzones@googlemail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

libsepol/fuzz: more strict fuzzing of binary policies | expand

Commit Message

Christian Göttsche July 6, 2023, 2:02 p.m. UTC

Validate policy after optimizing.

Run policy assertion check, ignoring any assertions.

Abort on failures writing the parsed policy, as writing should not fail on
validated policies.

Set close-on-exec flag in case of any sibling thread.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/fuzz/binpolicy-fuzzer.c | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

Comments

James Carter July 11, 2023, 7:47 p.m. UTC | #1

On Thu, Jul 6, 2023 at 10:06 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> Validate policy after optimizing.
>
> Run policy assertion check, ignoring any assertions.
>
> Abort on failures writing the parsed policy, as writing should not fail on
> validated policies.
>
> Set close-on-exec flag in case of any sibling thread.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

Acked-by: James Carter <jwcart2@gmail.com>

> ---
>  libsepol/fuzz/binpolicy-fuzzer.c | 21 ++++++++++++++++-----
>  1 file changed, 16 insertions(+), 5 deletions(-)
>
> diff --git a/libsepol/fuzz/binpolicy-fuzzer.c b/libsepol/fuzz/binpolicy-fuzzer.c
> index 85c59645..79d42b0e 100644
> --- a/libsepol/fuzz/binpolicy-fuzzer.c
> +++ b/libsepol/fuzz/binpolicy-fuzzer.c
> @@ -3,6 +3,8 @@
>  #include <sepol/kernel_to_conf.h>
>  #include <sepol/policydb/policydb.h>
>
> +extern int policydb_validate(sepol_handle_t *handle, const policydb_t *p);
> +
>  extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
>
>  static int write_binary_policy(policydb_t *p, FILE *outfp)
> @@ -38,18 +40,27 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
>         if (policydb_load_isids(&policydb, &sidtab))
>                 goto exit;
>
> -       if (policydb.policy_type == POLICY_KERN)
> +       if (policydb.policy_type == POLICY_KERN) {
>                 (void) policydb_optimize(&policydb);
>
> -       devnull = fopen("/dev/null", "w");
> +               if (policydb_validate(NULL, &policydb) == -1)
> +                       abort();
> +       }
> +
> +       (void) check_assertions(NULL, &policydb, policydb.global->branch_list->avrules);
> +
> +       devnull = fopen("/dev/null", "we");
>         if (!devnull)
>                 goto exit;
>
> -       (void) write_binary_policy(&policydb, devnull);
> +       if (write_binary_policy(&policydb, devnull))
> +               abort();
>
> -       (void) sepol_kernel_policydb_to_conf(devnull, &policydb);
> +       if (sepol_kernel_policydb_to_conf(devnull, &policydb))
> +               abort();
>
> -       (void) sepol_kernel_policydb_to_cil(devnull, &policydb);
> +       if (sepol_kernel_policydb_to_cil(devnull, &policydb))
> +               abort();
>
>  exit:
>         if (devnull != NULL)
> --
> 2.40.1
>

James Carter July 12, 2023, 5:35 p.m. UTC | #2

On Tue, Jul 11, 2023 at 3:47 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Thu, Jul 6, 2023 at 10:06 AM Christian Göttsche
> <cgzones@googlemail.com> wrote:
> >
> > Validate policy after optimizing.
> >
> > Run policy assertion check, ignoring any assertions.
> >
> > Abort on failures writing the parsed policy, as writing should not fail on
> > validated policies.
> >
> > Set close-on-exec flag in case of any sibling thread.
> >
> > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> Acked-by: James Carter <jwcart2@gmail.com>
>

Merged.
Thanks,
Jim

> > ---
> >  libsepol/fuzz/binpolicy-fuzzer.c | 21 ++++++++++++++++-----
> >  1 file changed, 16 insertions(+), 5 deletions(-)
> >
> > diff --git a/libsepol/fuzz/binpolicy-fuzzer.c b/libsepol/fuzz/binpolicy-fuzzer.c
> > index 85c59645..79d42b0e 100644
> > --- a/libsepol/fuzz/binpolicy-fuzzer.c
> > +++ b/libsepol/fuzz/binpolicy-fuzzer.c
> > @@ -3,6 +3,8 @@
> >  #include <sepol/kernel_to_conf.h>
> >  #include <sepol/policydb/policydb.h>
> >
> > +extern int policydb_validate(sepol_handle_t *handle, const policydb_t *p);
> > +
> >  extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
> >
> >  static int write_binary_policy(policydb_t *p, FILE *outfp)
> > @@ -38,18 +40,27 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
> >         if (policydb_load_isids(&policydb, &sidtab))
> >                 goto exit;
> >
> > -       if (policydb.policy_type == POLICY_KERN)
> > +       if (policydb.policy_type == POLICY_KERN) {
> >                 (void) policydb_optimize(&policydb);
> >
> > -       devnull = fopen("/dev/null", "w");
> > +               if (policydb_validate(NULL, &policydb) == -1)
> > +                       abort();
> > +       }
> > +
> > +       (void) check_assertions(NULL, &policydb, policydb.global->branch_list->avrules);
> > +
> > +       devnull = fopen("/dev/null", "we");
> >         if (!devnull)
> >                 goto exit;
> >
> > -       (void) write_binary_policy(&policydb, devnull);
> > +       if (write_binary_policy(&policydb, devnull))
> > +               abort();
> >
> > -       (void) sepol_kernel_policydb_to_conf(devnull, &policydb);
> > +       if (sepol_kernel_policydb_to_conf(devnull, &policydb))
> > +               abort();
> >
> > -       (void) sepol_kernel_policydb_to_cil(devnull, &policydb);
> > +       if (sepol_kernel_policydb_to_cil(devnull, &policydb))
> > +               abort();
> >
> >  exit:
> >         if (devnull != NULL)
> > --
> > 2.40.1
> >

diff --git a/libsepol/fuzz/binpolicy-fuzzer.c b/libsepol/fuzz/binpolicy-fuzzer.c
index 85c59645..79d42b0e 100644
--- a/libsepol/fuzz/binpolicy-fuzzer.c
+++ b/libsepol/fuzz/binpolicy-fuzzer.c
@@ -3,6 +3,8 @@ 
 #include <sepol/kernel_to_conf.h>
 #include <sepol/policydb/policydb.h>
 
+extern int policydb_validate(sepol_handle_t *handle, const policydb_t *p);
+
 extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
 
 static int write_binary_policy(policydb_t *p, FILE *outfp)
@@ -38,18 +40,27 @@  int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	if (policydb_load_isids(&policydb, &sidtab))
 		goto exit;
 
-	if (policydb.policy_type == POLICY_KERN)
+	if (policydb.policy_type == POLICY_KERN) {
 		(void) policydb_optimize(&policydb);
 
-	devnull = fopen("/dev/null", "w");
+		if (policydb_validate(NULL, &policydb) == -1)
+			abort();
+	}
+
+	(void) check_assertions(NULL, &policydb, policydb.global->branch_list->avrules);
+
+	devnull = fopen("/dev/null", "we");
 	if (!devnull)
 		goto exit;
 
-	(void) write_binary_policy(&policydb, devnull);
+	if (write_binary_policy(&policydb, devnull))
+		abort();
 
-	(void) sepol_kernel_policydb_to_conf(devnull, &policydb);
+	if (sepol_kernel_policydb_to_conf(devnull, &policydb))
+		abort();
 
-	(void) sepol_kernel_policydb_to_cil(devnull, &policydb);
+	if (sepol_kernel_policydb_to_cil(devnull, &policydb))
+		abort();
 
 exit:
 	if (devnull != NULL)

libsepol/fuzz: more strict fuzzing of binary policies

Commit Message

Comments

Patch