1 /******************************************************************************
2 *
3 * Copyright (C) 2020 The Android Open Source Project
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 *
17 *****************************************************************************
18 */
19
20 #include <fuzzer/FuzzedDataProvider.h>
21 #include <stdint.h>
22 #include <selinux/android.h>
23 #include <string>
24
GetHandle(FuzzedDataProvider & fdp)25 selabel_handle *GetHandle(FuzzedDataProvider &fdp) {
26 switch (fdp.ConsumeIntegralInRange(0, 4)) {
27 case 0: return selinux_android_file_context_handle();
28 case 1: return selinux_android_service_context_handle();
29 case 2: return selinux_android_hw_service_context_handle();
30 case 3: return selinux_android_vendor_service_context_handle();
31 case 4: return selinux_android_keystore2_key_context_handle();
32 default: return selinux_android_file_context_handle();
33 }
34 }
35
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)36 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
37 FuzzedDataProvider fdp(data, size);
38
39 std::string str = fdp.ConsumeRandomLengthString();
40 static auto handle = GetHandle(fdp);
41 char *conn = NULL;
42 int type = fdp.ConsumeIntegral<int>();
43
44 selabel_lookup(handle, &conn, str.data(), type);
45
46 free(conn);
47
48 return 0;
49 }
50