tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_external_selinux/scripts
History
Evgeny Vereshchagin 33621cb7c8 libsepol/cil: move the fuzz target and build script to the selinux repository 
It should make it easier to reproduce bugs found by OSS-Fuzz locally
without docker. The fuzz target can be built and run with the corpus
OSS-Fuzz has accumulated so far by running the following commands:
```
./scripts/oss-fuzz.sh
wget https://storage.googleapis.com/selinux-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/selinux_secilc-fuzzer/public.zip
unzip -d CORPUS public.zip
./out/secilc-fuzzer CORPUS/
```

It was tested in https://github.com/google/oss-fuzz/pull/6026
by pointing OSS-Fuzz to the branch containing the patch and
running all the tests with all the sanitizers and fuzzing engines
there: https://github.com/google/oss-fuzz/actions/runs/1024673143

[v2]
[1] oss-fuzz: make shellcheck happy

[2] oss-fuzz: build libsepol only

The fuzz target covers libsepol so it's unnecessary to build everything
else. Apart from that, the "LDFLAGS" kludge was removed since libsepol
is compatible with the sanitizers flags passed via CFLAGS only. It
should be brought back one way or another eventually though to fix
build failures like
```
clang -L/home/vagrant/selinux/selinux/DESTDIR/usr/lib -L/home/vagrant/selinux/selinux/DESTDIR/usr/lib -L../src  sefcontext_compile.o ../src/regex.o  -lselinux  -lpcre  ../src/libselinux.a -lsepol -o sefcontext_compile
/usr/bin/ld: sefcontext_compile.o: in function `usage':
/home/vagrant/selinux/selinux/libselinux/utils/sefcontext_compile.c:271: undefined reference to `__asan_report_load8'
/usr/bin/ld: /home/vagrant/selinux/selinux/libselinux/utils/sefcontext_compile.c:292: undefined reference to `__asan_handle_no_return'
/usr/bin/ld: sefcontext_compile.o: in function `asan.module_ctor':
```

[3] oss-fuzz: make it possible to run the script more than once
by removing various build artifacts

[4] oss-fuzz: make it possible to run the script from any directory

[5] oss-fuzz: be a little bit more specific about what the script does

[6] oss-fuzz: stop overwriting all the Makefiles

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
2021-08-17 10:33:47 -04:00
..
ci scripts/ci: use F34 image instead of F33 2021-05-18 10:05:03 +02:00
.gitignore scripts: add a helper script to run clang's static analyzer 2018-06-15 09:03:17 -04:00
env_use_destdir scripts/env_use_destdir: propagate PREFIX, LIBDIR, BINDIR, etc. 2020-05-05 15:19:05 +02:00
Lindent Update to latest Lindent script from kernel tree. 2013-10-30 14:34:25 -04:00
make-update Add make-update script and fix release script. 2013-10-31 14:34:02 -04:00
oss-fuzz.sh libsepol/cil: move the fuzz target and build script to the selinux repository 2021-08-17 10:33:47 -04:00
release scripts/release: make the script more robust, and release a source repository snapshot 2021-02-03 11:26:07 +01:00
run-flake8 run-flake8: Filter out ./.git/ directory 2020-05-13 11:11:27 +02:00
run-scan-build scripts/run-scan-build: update 2021-07-19 10:42:45 -04:00