Message ID | 20230706140233.45990-1-cgzones@googlemail.com (mailing list archive) |
---|---|
State | Accepted |
Commit | 1d2073557d71 |
Headers | show |
Series | libsepol/fuzz: more strict fuzzing of binary policies | expand |
On Thu, Jul 6, 2023 at 10:06 AM Christian Göttsche <cgzones@googlemail.com> wrote: > > Validate policy after optimizing. > > Run policy assertion check, ignoring any assertions. > > Abort on failures writing the parsed policy, as writing should not fail on > validated policies. > > Set close-on-exec flag in case of any sibling thread. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> > --- > libsepol/fuzz/binpolicy-fuzzer.c | 21 ++++++++++++++++----- > 1 file changed, 16 insertions(+), 5 deletions(-) > > diff --git a/libsepol/fuzz/binpolicy-fuzzer.c b/libsepol/fuzz/binpolicy-fuzzer.c > index 85c59645..79d42b0e 100644 > --- a/libsepol/fuzz/binpolicy-fuzzer.c > +++ b/libsepol/fuzz/binpolicy-fuzzer.c > @@ -3,6 +3,8 @@ > #include <sepol/kernel_to_conf.h> > #include <sepol/policydb/policydb.h> > > +extern int policydb_validate(sepol_handle_t *handle, const policydb_t *p); > + > extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); > > static int write_binary_policy(policydb_t *p, FILE *outfp) > @@ -38,18 +40,27 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) > if (policydb_load_isids(&policydb, &sidtab)) > goto exit; > > - if (policydb.policy_type == POLICY_KERN) > + if (policydb.policy_type == POLICY_KERN) { > (void) policydb_optimize(&policydb); > > - devnull = fopen("/dev/null", "w"); > + if (policydb_validate(NULL, &policydb) == -1) > + abort(); > + } > + > + (void) check_assertions(NULL, &policydb, policydb.global->branch_list->avrules); > + > + devnull = fopen("/dev/null", "we"); > if (!devnull) > goto exit; > > - (void) write_binary_policy(&policydb, devnull); > + if (write_binary_policy(&policydb, devnull)) > + abort(); > > - (void) sepol_kernel_policydb_to_conf(devnull, &policydb); > + if (sepol_kernel_policydb_to_conf(devnull, &policydb)) > + abort(); > > - (void) sepol_kernel_policydb_to_cil(devnull, &policydb); > + if (sepol_kernel_policydb_to_cil(devnull, &policydb)) > + abort(); > > exit: > if (devnull != NULL) > -- > 2.40.1 >
On Tue, Jul 11, 2023 at 3:47 PM James Carter <jwcart2@gmail.com> wrote: > > On Thu, Jul 6, 2023 at 10:06 AM Christian Göttsche > <cgzones@googlemail.com> wrote: > > > > Validate policy after optimizing. > > > > Run policy assertion check, ignoring any assertions. > > > > Abort on failures writing the parsed policy, as writing should not fail on > > validated policies. > > > > Set close-on-exec flag in case of any sibling thread. > > > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > > Acked-by: James Carter <jwcart2@gmail.com> > Merged. Thanks, Jim > > --- > > libsepol/fuzz/binpolicy-fuzzer.c | 21 ++++++++++++++++----- > > 1 file changed, 16 insertions(+), 5 deletions(-) > > > > diff --git a/libsepol/fuzz/binpolicy-fuzzer.c b/libsepol/fuzz/binpolicy-fuzzer.c > > index 85c59645..79d42b0e 100644 > > --- a/libsepol/fuzz/binpolicy-fuzzer.c > > +++ b/libsepol/fuzz/binpolicy-fuzzer.c > > @@ -3,6 +3,8 @@ > > #include <sepol/kernel_to_conf.h> > > #include <sepol/policydb/policydb.h> > > > > +extern int policydb_validate(sepol_handle_t *handle, const policydb_t *p); > > + > > extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); > > > > static int write_binary_policy(policydb_t *p, FILE *outfp) > > @@ -38,18 +40,27 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) > > if (policydb_load_isids(&policydb, &sidtab)) > > goto exit; > > > > - if (policydb.policy_type == POLICY_KERN) > > + if (policydb.policy_type == POLICY_KERN) { > > (void) policydb_optimize(&policydb); > > > > - devnull = fopen("/dev/null", "w"); > > + if (policydb_validate(NULL, &policydb) == -1) > > + abort(); > > + } > > + > > + (void) check_assertions(NULL, &policydb, policydb.global->branch_list->avrules); > > + > > + devnull = fopen("/dev/null", "we"); > > if (!devnull) > > goto exit; > > > > - (void) write_binary_policy(&policydb, devnull); > > + if (write_binary_policy(&policydb, devnull)) > > + abort(); > > > > - (void) sepol_kernel_policydb_to_conf(devnull, &policydb); > > + if (sepol_kernel_policydb_to_conf(devnull, &policydb)) > > + abort(); > > > > - (void) sepol_kernel_policydb_to_cil(devnull, &policydb); > > + if (sepol_kernel_policydb_to_cil(devnull, &policydb)) > > + abort(); > > > > exit: > > if (devnull != NULL) > > -- > > 2.40.1 > >
diff --git a/libsepol/fuzz/binpolicy-fuzzer.c b/libsepol/fuzz/binpolicy-fuzzer.c index 85c59645..79d42b0e 100644 --- a/libsepol/fuzz/binpolicy-fuzzer.c +++ b/libsepol/fuzz/binpolicy-fuzzer.c @@ -3,6 +3,8 @@ #include <sepol/kernel_to_conf.h> #include <sepol/policydb/policydb.h> +extern int policydb_validate(sepol_handle_t *handle, const policydb_t *p); + extern int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); static int write_binary_policy(policydb_t *p, FILE *outfp) @@ -38,18 +40,27 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) if (policydb_load_isids(&policydb, &sidtab)) goto exit; - if (policydb.policy_type == POLICY_KERN) + if (policydb.policy_type == POLICY_KERN) { (void) policydb_optimize(&policydb); - devnull = fopen("/dev/null", "w"); + if (policydb_validate(NULL, &policydb) == -1) + abort(); + } + + (void) check_assertions(NULL, &policydb, policydb.global->branch_list->avrules); + + devnull = fopen("/dev/null", "we"); if (!devnull) goto exit; - (void) write_binary_policy(&policydb, devnull); + if (write_binary_policy(&policydb, devnull)) + abort(); - (void) sepol_kernel_policydb_to_conf(devnull, &policydb); + if (sepol_kernel_policydb_to_conf(devnull, &policydb)) + abort(); - (void) sepol_kernel_policydb_to_cil(devnull, &policydb); + if (sepol_kernel_policydb_to_cil(devnull, &policydb)) + abort(); exit: if (devnull != NULL)
Validate policy after optimizing. Run policy assertion check, ignoring any assertions. Abort on failures writing the parsed policy, as writing should not fail on validated policies. Set close-on-exec flag in case of any sibling thread. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- libsepol/fuzz/binpolicy-fuzzer.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-)