Skip to content

Commit

Permalink
TODO: mls
Browse files Browse the repository at this point in the history
Signed-off-by: Christian Göttsche <[email protected]>
  • Loading branch information
cgzones committed Jul 6, 2023
1 parent 34de0f8 commit cde219e
Showing 1 changed file with 24 additions and 3 deletions.
27 changes: 24 additions & 3 deletions checkpolicy/fuzz/checkpolicy-fuzzer.c
Original file line number Diff line number Diff line change
Expand Up @@ -136,14 +136,34 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
policydb_t kernpolicydb = {};
sidtab_t sidtab = {};
FILE *devnull = NULL;
int mls, policyvers;

sepol_debug(0);

/* Take the first byte whether to parse as MLS policy
* and the second byte as policy version. */
if (size < 2)
return 0;
switch (data[0]) {
case '0':
mls = 0;
break;
case '1':
mls = 1;
break;
default:
return 0;
}
policyvers = data[1] - 'A';
if (policyvers < POLICYDB_VERSION_MIN || policyvers > POLICYDB_VERSION_MAX)
return 0;
size -= 2;

if (policydb_init(&parsepolicydb))
goto exit;

parsepolicydb.policy_type = POLICY_BASE;
parsepolicydb.mls = 1;
parsepolicydb.mls = mls;
parsepolicydb.handle_unknown = DENY_UNKNOWN;
policydb_set_target_platform(&parsepolicydb, SEPOL_TARGET_SELINUX);

Expand All @@ -162,10 +182,11 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
if (expand_module(NULL, &parsepolicydb, &kernpolicydb, 0, 1))
goto exit;

assert(kernpolicydb.policyvers == POLICYDB_VERSION_MAX);
kernpolicydb.policyvers = policyvers;

assert(kernpolicydb.policy_type == POLICY_KERN);
assert(kernpolicydb.handle_unknown == SEPOL_DENY_UNKNOWN);
assert(kernpolicydb.mls == 1);
assert(kernpolicydb.mls == mls);

if (policydb_load_isids(&kernpolicydb, &sidtab))
goto exit;
Expand Down

0 comments on commit cde219e

Please sign in to comment.