Merge "Add more fuzzers" am: 14de5345d4
Original change: https://android-review.googlesource.com/c/platform/external/selinux/+/1493596
Change-Id: I8bea3db67f2d82fed79cfbd36a53e9992f479c3a
diff --git a/libselinux/fuzzers/Android.bp b/libselinux/fuzzers/Android.bp
index 8b4e960..1fd86e1 100644
--- a/libselinux/fuzzers/Android.bp
+++ b/libselinux/fuzzers/Android.bp
@@ -58,3 +58,31 @@
srcs: ["selinux_android_restorecon_fuzzer.cpp"],
dictionary: "selinux_android_restorecon_fuzzer.dict",
}
+
+cc_fuzz {
+ name: "libselinux_selinux_android_setcon_fuzzer",
+ defaults: ["libselinux_fuzzer_defaults"],
+ srcs: ["selinux_android_setcon_fuzzer.cpp"],
+ dictionary: "selinux_android_setcon_fuzzer.dict",
+}
+
+cc_fuzz {
+ name: "libselinux_setfilecon_fuzzer",
+ defaults: ["libselinux_fuzzer_defaults"],
+ srcs: ["setfilecon_fuzzer.cpp"],
+ dictionary: "setfilecon_fuzzer.dict",
+}
+
+cc_fuzz {
+ name: "libselinux_lsetfilecon_fuzzer",
+ defaults: ["libselinux_fuzzer_defaults"],
+ srcs: ["lsetfilecon_fuzzer.cpp"],
+ dictionary: "lsetfilecon_fuzzer.dict",
+}
+
+cc_fuzz {
+ name: "libselinux_string_to_security_class_fuzzer",
+ defaults: ["libselinux_fuzzer_defaults"],
+ srcs: ["string_to_security_class_fuzzer.cpp"],
+ dictionary: "string_to_security_class_fuzzer.dict",
+}
diff --git a/libselinux/fuzzers/lsetfilecon_fuzzer.cpp b/libselinux/fuzzers/lsetfilecon_fuzzer.cpp
new file mode 100644
index 0000000..b5303e5
--- /dev/null
+++ b/libselinux/fuzzers/lsetfilecon_fuzzer.cpp
@@ -0,0 +1,33 @@
+/******************************************************************************
+ *
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *****************************************************************************
+ */
+
+#include <fuzzer/FuzzedDataProvider.h>
+#include <selinux/selinux.h>
+#include <string>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ FuzzedDataProvider fdp(data, size);
+
+ std::string path = fdp.ConsumeRandomLengthString();
+ std::string con = fdp.ConsumeRemainingBytesAsString();
+
+ lsetfilecon(path.c_str(), con.c_str());
+
+ return 0;
+}
diff --git a/libselinux/fuzzers/lsetfilecon_fuzzer.dict b/libselinux/fuzzers/lsetfilecon_fuzzer.dict
new file mode 100644
index 0000000..778b557
--- /dev/null
+++ b/libselinux/fuzzers/lsetfilecon_fuzzer.dict
@@ -0,0 +1,15 @@
+# A few paths from frameworks/native.
+
+path="/data/app/com.example/dir/dir/file"
+path="/data/user/0/com.example/secondary.dex"
+path="/dev/socket/pdx"
+path="/proc/net/xt_qtaguid/iface_stat_all"
+path="/sys/devices/system/cpu/cpufreq"
+path="/vendor/bin/hw/android.hardware.media.omx@1.0-service"
+
+# Random contexts from AOSP.
+
+con="u:r:system_server:s0"
+con="u:r:adbd:s0"
+con="u:r:shell:s0"
+con="u:r:adbd:s0"
diff --git a/libselinux/fuzzers/selinux_android_setcon_fuzzer.cpp b/libselinux/fuzzers/selinux_android_setcon_fuzzer.cpp
new file mode 100644
index 0000000..28d637f
--- /dev/null
+++ b/libselinux/fuzzers/selinux_android_setcon_fuzzer.cpp
@@ -0,0 +1,32 @@
+/******************************************************************************
+ *
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *****************************************************************************
+ */
+
+#include <fuzzer/FuzzedDataProvider.h>
+#include <selinux/android.h>
+#include <string>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ FuzzedDataProvider fdp(data, size);
+
+ std::string con = fdp.ConsumeRemainingBytesAsString();
+
+ selinux_android_setcon(con.c_str());
+
+ return 0;
+}
diff --git a/libselinux/fuzzers/selinux_android_setcon_fuzzer.dict b/libselinux/fuzzers/selinux_android_setcon_fuzzer.dict
new file mode 100644
index 0000000..1e286d6
--- /dev/null
+++ b/libselinux/fuzzers/selinux_android_setcon_fuzzer.dict
@@ -0,0 +1,5 @@
+# Random contexts from AOSP.
+"u:r:system_server:s0"
+"u:r:adbd:s0"
+"u:r:shell:s0"
+"u:r:adbd:s0"
diff --git a/libselinux/fuzzers/setfilecon_fuzzer.cpp b/libselinux/fuzzers/setfilecon_fuzzer.cpp
new file mode 100644
index 0000000..790bcf6
--- /dev/null
+++ b/libselinux/fuzzers/setfilecon_fuzzer.cpp
@@ -0,0 +1,33 @@
+/******************************************************************************
+ *
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *****************************************************************************
+ */
+
+#include <fuzzer/FuzzedDataProvider.h>
+#include <selinux/selinux.h>
+#include <string>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ FuzzedDataProvider fdp(data, size);
+
+ std::string path = fdp.ConsumeRandomLengthString();
+ std::string con = fdp.ConsumeRemainingBytesAsString();
+
+ setfilecon(path.c_str(), con.c_str());
+
+ return 0;
+}
diff --git a/libselinux/fuzzers/setfilecon_fuzzer.dict b/libselinux/fuzzers/setfilecon_fuzzer.dict
new file mode 100644
index 0000000..778b557
--- /dev/null
+++ b/libselinux/fuzzers/setfilecon_fuzzer.dict
@@ -0,0 +1,15 @@
+# A few paths from frameworks/native.
+
+path="/data/app/com.example/dir/dir/file"
+path="/data/user/0/com.example/secondary.dex"
+path="/dev/socket/pdx"
+path="/proc/net/xt_qtaguid/iface_stat_all"
+path="/sys/devices/system/cpu/cpufreq"
+path="/vendor/bin/hw/android.hardware.media.omx@1.0-service"
+
+# Random contexts from AOSP.
+
+con="u:r:system_server:s0"
+con="u:r:adbd:s0"
+con="u:r:shell:s0"
+con="u:r:adbd:s0"
diff --git a/libselinux/fuzzers/string_to_security_class_fuzzer.cpp b/libselinux/fuzzers/string_to_security_class_fuzzer.cpp
new file mode 100644
index 0000000..d264bf8
--- /dev/null
+++ b/libselinux/fuzzers/string_to_security_class_fuzzer.cpp
@@ -0,0 +1,32 @@
+/******************************************************************************
+ *
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ *****************************************************************************
+ */
+
+#include <fuzzer/FuzzedDataProvider.h>
+#include <selinux/selinux.h>
+#include <string>
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+ FuzzedDataProvider fdp(data, size);
+
+ std::string name = fdp.ConsumeRemainingBytesAsString();
+
+ string_to_security_class(name.c_str());
+
+ return 0;
+}
diff --git a/libselinux/fuzzers/string_to_security_class_fuzzer.dict b/libselinux/fuzzers/string_to_security_class_fuzzer.dict
new file mode 100644
index 0000000..86aeb76
--- /dev/null
+++ b/libselinux/fuzzers/string_to_security_class_fuzzer.dict
@@ -0,0 +1,7 @@
+"file"
+"dir"
+"chr_file"
+"blk_file"
+"fifo_file"
+"lnk_file"
+"sock_file"
