Merge "Add fuzz targets for SELinux." am: 14e430c1aa am: f938b97422

Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/1464002

Change-Id: I25d6979c61dc4ad15b52b0618cae99d8bf75c45a

libselinux/fuzzers/Android.bp

@@ -0,0 +1,36 @@
+//
+// Copyright (C) 2020 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+cc_defaults {
+    name: "libselinux_fuzzer_defaults",
+    cflags: [
+        "-Wall",
+    ],
+    static_libs: ["libselinux"],
+}
+
+cc_fuzz {
+    name: "libselinux_android_setcontext_fuzzer",
+    defaults: ["libselinux_fuzzer_defaults"],
+    srcs: ["AndroidSetcontextFuzzer.cpp"],
+}
+
+cc_fuzz {
+    name: "libselinux_context_fuzzer",
+    defaults: ["libselinux_fuzzer_defaults"],
+    srcs: ["ContextFuzzer.cpp"],
+    host_supported: true,
+}

libselinux/fuzzers/AndroidSetcontextFuzzer.cpp

@@ -0,0 +1,34 @@
+/*
+ * Copyright 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <fuzzer/FuzzedDataProvider.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <string>
+
+#include <selinux/android.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+  FuzzedDataProvider fdp(data, size);
+  uid_t uid = fdp.ConsumeIntegral<int>();
+  bool isSystemServer = fdp.ConsumeBool();
+  std::string pkgname = fdp.ConsumeRandomLengthString();
+  std::vector<char> seinfo = fdp.ConsumeRemainingBytes<char>();
+
+  selinux_android_setcontext(uid, isSystemServer, seinfo.data(), pkgname.c_str());
+
+  return 0;
+}

libselinux/fuzzers/ContextFuzzer.cpp

@@ -0,0 +1,29 @@
+/*
+ * Copyright 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stddef.h>
+#include <stdint.h>
+
+#include <selinux/context.h>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, [[maybe_unused]] size_t size) {
+  context_t context = context_new((char*) data);
+  // According to docs, this should be safe to call with null pointer
+  // (meaning even if previous call fails).
+  context_free(context);
+
+  return 0;
+}