xref: /aosp_15_r20/external/selinux/scripts/oss-fuzz.sh (revision 2d543d20722ada2425b5bdab9d0d1d29470e7bba) 
1#!/bin/bash
2
3# The script is used to build the fuzz targets run on ClusterFuzz. It has to be
4# compatible with the "build.sh" script described at
5# https://google.github.io/oss-fuzz/getting-started/new-project-guide/#buildsh
6# More precisely, it should use environment variables like OUT, LIB_FUZZING_ENGINE
7# and so on (https://google.github.io/oss-fuzz/getting-started/new-project-guide/#buildsh-script-environment),
8# and the fuzz targets have to be linked with $CXX even though the project is written
9# in C: https://google.github.io/oss-fuzz/getting-started/new-project-guide/#Requirements
10
11# To make it easier to build the fuzz targets locally, the script can also work in "local"
12# mode. To run secilc-fuzzer against a test case (named, say, CRASH) triggering an issue
13# the following commands should be run
14#
15# $ ./scripts/oss-fuzz.sh
16# $ ./out/secilc-fuzzer CRASH
17
18# To run the fuzzer against the corpus OSS-Fuzz has accumulated so far it should be
19# downloaded, unpacked and passed to the fuzzer:
20#
21# $ wget https://storage.googleapis.com/selinux-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/selinux_secilc-fuzzer/public.zip
22# $ unzip -d CORPUS public.zip
23# $ ./out/secilc-fuzzer CORPUS/
24
25set -eux
26
27cd "$(dirname -- "$0")/.."
28
29export DESTDIR=${DESTDIR:-$(pwd)/DESTDIR}
30
31SANITIZER=${SANITIZER:-address}
32flags="-O1 -fno-omit-frame-pointer -gline-tables-only -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -fsanitize=$SANITIZER -fsanitize=fuzzer-no-link"
33
34export CC=${CC:-clang}
35export CFLAGS="${CFLAGS:-$flags} -I$DESTDIR/usr/include -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64"
36
37export CXX=${CXX:-clang++}
38export CXXFLAGS=${CXXFLAGS:-$flags}
39
40export OUT=${OUT:-$(pwd)/out}
41mkdir -p "$OUT"
42
43export LIB_FUZZING_ENGINE=${LIB_FUZZING_ENGINE:--fsanitize=fuzzer}
44
45rm -rf "$DESTDIR"
46make -C libsepol clean
47# LIBSO and LIBMAP shouldn't be expanded here because their values are unknown until Makefile
48# has been read by make
49# shellcheck disable=SC2016
50make -C libsepol V=1 LD_SONAME_FLAGS='-soname,$(LIBSO),--version-script=$(LIBMAP)' -j"$(nproc)" install
51
52## secilc fuzzer ##
53
54# CFLAGS, CXXFLAGS and LIB_FUZZING_ENGINE have to be split to be accepted by
55# the compiler/linker so they shouldn't be quoted
56# shellcheck disable=SC2086
57$CC $CFLAGS -c -o secilc-fuzzer.o libsepol/fuzz/secilc-fuzzer.c
58# shellcheck disable=SC2086
59$CXX $CXXFLAGS $LIB_FUZZING_ENGINE secilc-fuzzer.o "$DESTDIR/usr/lib/libsepol.a" -o "$OUT/secilc-fuzzer"
60
61zip -r "$OUT/secilc-fuzzer_seed_corpus.zip" secilc/test
62
63## binary policy fuzzer ##
64
65# CFLAGS, CXXFLAGS and LIB_FUZZING_ENGINE have to be split to be accepted by
66# the compiler/linker so they shouldn't be quoted
67# shellcheck disable=SC2086
68$CC $CFLAGS -c -o binpolicy-fuzzer.o libsepol/fuzz/binpolicy-fuzzer.c
69# shellcheck disable=SC2086
70$CXX $CXXFLAGS $LIB_FUZZING_ENGINE binpolicy-fuzzer.o "$DESTDIR/usr/lib/libsepol.a" -o "$OUT/binpolicy-fuzzer"
71
72zip -j "$OUT/binpolicy-fuzzer_seed_corpus.zip" libsepol/fuzz/policy.bin
73
74## checkpolicy fuzzer ##
75
76make -C checkpolicy clean
77make -C checkpolicy V=1 -j"$(nproc)" checkobjects
78# CFLAGS, CXXFLAGS and LIB_FUZZING_ENGINE have to be split to be accepted by
79# the compiler/linker so they shouldn't be quoted
80# shellcheck disable=SC2086
81$CC $CFLAGS -Icheckpolicy/ -c -o checkpolicy-fuzzer.o checkpolicy/fuzz/checkpolicy-fuzzer.c
82# shellcheck disable=SC2086
83$CXX $CXXFLAGS $LIB_FUZZING_ENGINE checkpolicy-fuzzer.o checkpolicy/*.o "$DESTDIR/usr/lib/libsepol.a" -o "$OUT/checkpolicy-fuzzer"
84
85zip -j "$OUT/checkpolicy-fuzzer_seed_corpus.zip" checkpolicy/fuzz/min_pol.mls.conf
86cp checkpolicy/fuzz/checkpolicy-fuzzer.dict "$OUT/"
87