1#include <stdlib.h> 2#include <stdio.h> 3#include <stdint.h> 4#include <string.h> 5#include <getopt.h> 6#include <sys/stat.h> 7 8#include <sepol/cil/cil.h> 9#include <sepol/policydb.h> 10 11static void log_handler(__attribute__((unused)) int lvl, __attribute__((unused)) const char *msg) { 12 /* be quiet */ 13} 14 15int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { 16 enum cil_log_level log_level = CIL_ERR; 17 struct sepol_policy_file *pf = NULL; 18 FILE *dev_null = NULL; 19 int target = SEPOL_TARGET_SELINUX; 20 int disable_dontaudit = 0; 21 int multiple_decls = 0; 22 int disable_neverallow = 0; 23 int preserve_tunables = 0; 24 int policyvers = POLICYDB_VERSION_MAX; 25 int mls = -1; 26 int attrs_expand_generated = 0; 27 struct cil_db *db = NULL; 28 sepol_policydb_t *pdb = NULL; 29 30 cil_set_log_level(log_level); 31 cil_set_log_handler(log_handler); 32 33 cil_db_init(&db); 34 cil_set_disable_dontaudit(db, disable_dontaudit); 35 cil_set_multiple_decls(db, multiple_decls); 36 cil_set_disable_neverallow(db, disable_neverallow); 37 cil_set_preserve_tunables(db, preserve_tunables); 38 cil_set_mls(db, mls); 39 cil_set_target_platform(db, target); 40 cil_set_policy_version(db, policyvers); 41 cil_set_attrs_expand_generated(db, attrs_expand_generated); 42 43 if (cil_add_file(db, "fuzz", (const char *)data, size) != SEPOL_OK) 44 goto exit; 45 46 if (cil_compile(db) != SEPOL_OK) 47 goto exit; 48 49 if (cil_build_policydb(db, &pdb) != SEPOL_OK) 50 goto exit; 51 52 if (sepol_policydb_optimize(pdb) != SEPOL_OK) 53 goto exit; 54 55 dev_null = fopen("/dev/null", "w"); 56 if (dev_null == NULL) 57 goto exit; 58 59 if (sepol_policy_file_create(&pf) != 0) 60 goto exit; 61 62 sepol_policy_file_set_fp(pf, dev_null); 63 64 if (sepol_policydb_write(pdb, pf) != 0) 65 goto exit; 66exit: 67 if (dev_null != NULL) 68 fclose(dev_null); 69 70 cil_db_destroy(&db); 71 sepol_policydb_free(pdb); 72 sepol_policy_file_free(pf); 73 return 0; 74} 75