tequilaOS/platform_external_selinux

Fork 0

Commit graph

Author	SHA1	Message	Date
Christian Göttsche	82438341f7	libsepol: add libfuzz based fuzzer for reading binary policies Introduce a libfuzz[1] based fuzzer testing the parsing of a binary policy. Build the fuzzer in the oss-fuzz script. [1]: https://llvm.org/docs/LibFuzzer.html Signed-off-by: Christian Göttsche <cgzones@googlemail.com>	2021-12-15 12:48:28 -05:00
Christian Göttsche	e0ba116803	libsepol/fuzz: silence secilc-fuzzer Do not output CIL log messages while fuzzing, since their amount are huge, e.g. for neverallow or typebounds violations. Signed-off-by: Christian Göttsche <cgzones@googlemail.com>	2021-12-15 12:48:25 -05:00
Evgeny Vereshchagin	33621cb7c8	libsepol/cil: move the fuzz target and build script to the selinux repository It should make it easier to reproduce bugs found by OSS-Fuzz locally without docker. The fuzz target can be built and run with the corpus OSS-Fuzz has accumulated so far by running the following commands: ``` ./scripts/oss-fuzz.sh wget https://storage.googleapis.com/selinux-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/selinux_secilc-fuzzer/public.zip unzip -d CORPUS public.zip ./out/secilc-fuzzer CORPUS/ ``` It was tested in https://github.com/google/oss-fuzz/pull/6026 by pointing OSS-Fuzz to the branch containing the patch and running all the tests with all the sanitizers and fuzzing engines there: https://github.com/google/oss-fuzz/actions/runs/1024673143 [v2] [1] oss-fuzz: make shellcheck happy [2] oss-fuzz: build libsepol only The fuzz target covers libsepol so it's unnecessary to build everything else. Apart from that, the "LDFLAGS" kludge was removed since libsepol is compatible with the sanitizers flags passed via CFLAGS only. It should be brought back one way or another eventually though to fix build failures like ``` clang -L/home/vagrant/selinux/selinux/DESTDIR/usr/lib -L/home/vagrant/selinux/selinux/DESTDIR/usr/lib -L../src sefcontext_compile.o ../src/regex.o -lselinux -lpcre ../src/libselinux.a -lsepol -o sefcontext_compile /usr/bin/ld: sefcontext_compile.o: in function `usage': /home/vagrant/selinux/selinux/libselinux/utils/sefcontext_compile.c:271: undefined reference to `__asan_report_load8' /usr/bin/ld: /home/vagrant/selinux/selinux/libselinux/utils/sefcontext_compile.c:292: undefined reference to `__asan_handle_no_return' /usr/bin/ld: sefcontext_compile.o: in function `asan.module_ctor': ``` [3] oss-fuzz: make it possible to run the script more than once by removing various build artifacts [4] oss-fuzz: make it possible to run the script from any directory [5] oss-fuzz: be a little bit more specific about what the script does [6] oss-fuzz: stop overwriting all the Makefiles Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru> Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>	2021-08-17 10:33:47 -04:00

Author

SHA1

Message

Date

Christian Göttsche

82438341f7

libsepol: add libfuzz based fuzzer for reading binary policies

Introduce a libfuzz[1] based fuzzer testing the parsing of a binary
policy.

Build the fuzzer in the oss-fuzz script.

[1]: https://llvm.org/docs/LibFuzzer.html

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

2021-12-15 12:48:28 -05:00

Christian Göttsche

e0ba116803

libsepol/fuzz: silence secilc-fuzzer

Do not output CIL log messages while fuzzing, since their amount are
huge, e.g. for neverallow or typebounds violations.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

2021-12-15 12:48:25 -05:00

Evgeny Vereshchagin

33621cb7c8

libsepol/cil: move the fuzz target and build script to the selinux repository

It should make it easier to reproduce bugs found by OSS-Fuzz locally
without docker. The fuzz target can be built and run with the corpus
OSS-Fuzz has accumulated so far by running the following commands:
```
./scripts/oss-fuzz.sh
wget https://storage.googleapis.com/selinux-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/selinux_secilc-fuzzer/public.zip
unzip -d CORPUS public.zip
./out/secilc-fuzzer CORPUS/
```

It was tested in https://github.com/google/oss-fuzz/pull/6026
by pointing OSS-Fuzz to the branch containing the patch and
running all the tests with all the sanitizers and fuzzing engines
there: https://github.com/google/oss-fuzz/actions/runs/1024673143

[v2]
[1] oss-fuzz: make shellcheck happy

[2] oss-fuzz: build libsepol only

The fuzz target covers libsepol so it's unnecessary to build everything
else. Apart from that, the "LDFLAGS" kludge was removed since libsepol
is compatible with the sanitizers flags passed via CFLAGS only. It
should be brought back one way or another eventually though to fix
build failures like
```
clang -L/home/vagrant/selinux/selinux/DESTDIR/usr/lib -L/home/vagrant/selinux/selinux/DESTDIR/usr/lib -L../src  sefcontext_compile.o ../src/regex.o  -lselinux  -lpcre  ../src/libselinux.a -lsepol -o sefcontext_compile
/usr/bin/ld: sefcontext_compile.o: in function `usage':
/home/vagrant/selinux/selinux/libselinux/utils/sefcontext_compile.c:271: undefined reference to `__asan_report_load8'
/usr/bin/ld: /home/vagrant/selinux/selinux/libselinux/utils/sefcontext_compile.c:292: undefined reference to `__asan_handle_no_return'
/usr/bin/ld: sefcontext_compile.o: in function `asan.module_ctor':
```

[3] oss-fuzz: make it possible to run the script more than once
by removing various build artifacts

[4] oss-fuzz: make it possible to run the script from any directory

[5] oss-fuzz: be a little bit more specific about what the script does

[6] oss-fuzz: stop overwriting all the Makefiles

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>

2021-08-17 10:33:47 -04:00

3 commits