• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /******************************************************************************
2  *
3  * Copyright (C) 2020 The Android Open Source Project
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at:
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  *****************************************************************************
18  */
19 
20 #include <fuzzer/FuzzedDataProvider.h>
21 #include <selinux/selinux.h>
22 #include <string>
23 
GetClass(FuzzedDataProvider & fdp)24 std::string GetClass(FuzzedDataProvider &fdp) {
25   switch (fdp.ConsumeIntegralInRange(0, 9)) {
26   case 0: return "filesystem";
27   case 1: return "dir";
28   case 2: return "file";
29   case 3: return "lnk_file";
30   case 4: return "chr_file";
31   case 5: return "blk_file";
32   case 6: return "sock_file";
33   case 7: return "fifo_file";
34   case 8: return "fd";
35   default: return fdp.ConsumeRandomLengthString();
36   }
37 }
38 
39 // This is not an exhaustive list.
GetPermission(FuzzedDataProvider & fdp)40 std::string GetPermission(FuzzedDataProvider &fdp) {
41   switch (fdp.ConsumeIntegralInRange(0, 7)) {
42   case 0: return "create";
43   case 1: return "execute";
44   case 2: return "getattr";
45   case 3: return "ioctl";
46   case 4: return "read";
47   case 5: return "setattr";
48   case 6: return "write";
49   default: return fdp.ConsumeRandomLengthString();
50   }
51 }
52 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)53 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
54   FuzzedDataProvider fdp(data, size);
55 
56   std::string tclass = GetClass(fdp);
57   std::string perm = GetPermission(fdp);
58   std::string scon = fdp.ConsumeRandomLengthString();
59   std::string tcon = fdp.ConsumeRandomLengthString();
60 
61   selinux_check_access(scon.data(), tcon.data(), tclass.data(), perm.data(), NULL);
62 
63   return 0;
64 }
65