Add more fuzzers

Test: Run fuzzers
Change-Id: Ia4e459821d9f5d20a238cb27f5a2589897b96e24

libselinux/fuzzers/Android.bp

@@ -58,3 +58,31 @@ cc_fuzz {
     srcs: ["selinux_android_restorecon_fuzzer.cpp"],
     dictionary: "selinux_android_restorecon_fuzzer.dict",
 }
+
+cc_fuzz {
+    name: "libselinux_selinux_android_setcon_fuzzer",
+    defaults: ["libselinux_fuzzer_defaults"],
+    srcs: ["selinux_android_setcon_fuzzer.cpp"],
+    dictionary: "selinux_android_setcon_fuzzer.dict",
+}
+
+cc_fuzz {
+    name: "libselinux_setfilecon_fuzzer",
+    defaults: ["libselinux_fuzzer_defaults"],
+    srcs: ["setfilecon_fuzzer.cpp"],
+    dictionary: "setfilecon_fuzzer.dict",
+}
+
+cc_fuzz {
+    name: "libselinux_lsetfilecon_fuzzer",
+    defaults: ["libselinux_fuzzer_defaults"],
+    srcs: ["lsetfilecon_fuzzer.cpp"],
+    dictionary: "lsetfilecon_fuzzer.dict",
+}
+
+cc_fuzz {
+    name: "libselinux_string_to_security_class_fuzzer",
+    defaults: ["libselinux_fuzzer_defaults"],
+    srcs: ["string_to_security_class_fuzzer.cpp"],
+    dictionary: "string_to_security_class_fuzzer.dict",
+}

libselinux/fuzzers/lsetfilecon_fuzzer.cpp

@@ -0,0 +1,33 @@
+/******************************************************************************
+ *
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *****************************************************************************
+ */
+
+#include <fuzzer/FuzzedDataProvider.h>
+#include <selinux/selinux.h>
+#include <string>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  FuzzedDataProvider fdp(data, size);
+
+  std::string path = fdp.ConsumeRandomLengthString();
+  std::string con = fdp.ConsumeRemainingBytesAsString();
+
+  lsetfilecon(path.c_str(), con.c_str());
+
+  return 0;
+}

libselinux/fuzzers/lsetfilecon_fuzzer.dict

@@ -0,0 +1,15 @@
+# A few paths from frameworks/native.
+
+path="/data/app/com.example/dir/dir/file"
+path="/data/user/0/com.example/secondary.dex"
+path="/dev/socket/pdx"
+path="/proc/net/xt_qtaguid/iface_stat_all"
+path="/sys/devices/system/cpu/cpufreq"
+path="/vendor/bin/hw/android.hardware.media.omx@1.0-service"
+
+# Random contexts from AOSP.
+
+con="u:r:system_server:s0"
+con="u:r:adbd:s0"
+con="u:r:shell:s0"
+con="u:r:adbd:s0"

libselinux/fuzzers/selinux_android_setcon_fuzzer.cpp

@@ -0,0 +1,32 @@
+/******************************************************************************
+ *
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *****************************************************************************
+ */
+
+#include <fuzzer/FuzzedDataProvider.h>
+#include <selinux/android.h>
+#include <string>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  FuzzedDataProvider fdp(data, size);
+
+  std::string con = fdp.ConsumeRemainingBytesAsString();
+
+  selinux_android_setcon(con.c_str());
+
+  return 0;
+}

libselinux/fuzzers/selinux_android_setcon_fuzzer.dict

@@ -0,0 +1,5 @@
+# Random contexts from AOSP.
+"u:r:system_server:s0"
+"u:r:adbd:s0"
+"u:r:shell:s0"
+"u:r:adbd:s0"

libselinux/fuzzers/setfilecon_fuzzer.cpp

@@ -0,0 +1,33 @@
+/******************************************************************************
+ *
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *****************************************************************************
+ */
+
+#include <fuzzer/FuzzedDataProvider.h>
+#include <selinux/selinux.h>
+#include <string>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  FuzzedDataProvider fdp(data, size);
+
+  std::string path = fdp.ConsumeRandomLengthString();
+  std::string con = fdp.ConsumeRemainingBytesAsString();
+
+  setfilecon(path.c_str(), con.c_str());
+
+  return 0;
+}

libselinux/fuzzers/setfilecon_fuzzer.dict

@@ -0,0 +1,15 @@
+# A few paths from frameworks/native.
+
+path="/data/app/com.example/dir/dir/file"
+path="/data/user/0/com.example/secondary.dex"
+path="/dev/socket/pdx"
+path="/proc/net/xt_qtaguid/iface_stat_all"
+path="/sys/devices/system/cpu/cpufreq"
+path="/vendor/bin/hw/android.hardware.media.omx@1.0-service"
+
+# Random contexts from AOSP.
+
+con="u:r:system_server:s0"
+con="u:r:adbd:s0"
+con="u:r:shell:s0"
+con="u:r:adbd:s0"

libselinux/fuzzers/string_to_security_class_fuzzer.cpp

@@ -0,0 +1,32 @@
+/******************************************************************************
+ *
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *****************************************************************************
+ */
+
+#include <fuzzer/FuzzedDataProvider.h>
+#include <selinux/selinux.h>
+#include <string>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  FuzzedDataProvider fdp(data, size);
+
+  std::string name = fdp.ConsumeRemainingBytesAsString();
+
+  string_to_security_class(name.c_str());
+
+  return 0;
+}

libselinux/fuzzers/string_to_security_class_fuzzer.dict

@@ -0,0 +1,7 @@
+"file"
+"dir"
+"chr_file"
+"blk_file"
+"fifo_file"
+"lnk_file"
+"sock_file"