Add policy fuzzer

Adds fuzzer for policies, currently fuzzes only ChromeDeviceSettingsProto. ASan' out/libfuzzer && ninja -C out/libfuzzer policy_fuzzer && out/libfuzzer/policy_fuzzer Test: tools/mb/mb.py gen -m chromium.fuzz -b 'Libfuzzer Upload Chrome OS Bug: 811690 Change-Id: Ic4c0a923006515f75bcb51c38f00be5701ab81a9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1845000 Commit-Queue: Olya Kalitova <okalitova@chromium.org> Reviewed-by: Maksim Ivanov <emaxx@chromium.org> Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org> Cr-Commit-Position: refs/heads/master@{#705929}

Add policy fuzzer
Adds fuzzer for policies, currently fuzzes only ChromeDeviceSettingsProto. ASan' out/libfuzzer && ninja -C out/libfuzzer policy_fuzzer && out/libfuzzer/policy_fuzzer Test: tools/mb/mb.py gen -m chromium.fuzz -b 'Libfuzzer Upload Chrome OS Bug: 811690 Change-Id: Ic4c0a923006515f75bcb51c38f00be5701ab81a9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1845000 Commit-Queue: Olya Kalitova <okalitova@chromium.org> Reviewed-by: Maksim Ivanov <emaxx@chromium.org> Reviewed-by: Roman Sorokin [CET] <rsorokin@chromium.org> Cr-Commit-Position: refs/heads/master@{#705929}
38bb2434 · Olya Kalitova · Commit Bot · 248c5598 · 38bb2434 · 38bb2434
Commit 38bb2434 authored Oct 15, 2019 by Olya Kalitova Committed by Commit Bot Oct 15, 2019
4 changed files
--- a/chrome/browser/chromeos/BUILD.gn
+++ b/chrome/browser/chromeos/BUILD.gn
@@ -8,6 +8,7 @@ import("//extensions/buildflags/buildflags.gni")
 import("//media/media_options.gni")
 import("//printing/buildflags/buildflags.gni")
 import("//testing/libfuzzer/fuzzer_test.gni")
+import("//third_party/libprotobuf-mutator/fuzzable_proto_library.gni")
 import("//third_party/protobuf/proto_library.gni")
 import("//ui/ozone/ozone.gni")
@@ -3171,3 +3172,29 @@ fuzzer_test("zeroconf_printer_detector_fuzzer") {
    "//chrome/browser/chromeos",
  ]
 }
+if (use_libfuzzer) {
+  fuzzer_test("policy_fuzzer") {
+    sources = [
+      "policy/fuzzer/policy_fuzzer.cc",
+    ]
+    deps = [
+      ":policy_fuzzer_proto",
+      "//chrome/browser",
+      "//chrome/browser/chromeos",
+      "//third_party/libprotobuf-mutator",
+    ]
+  }
+  fuzzable_proto_library("policy_fuzzer_proto") {
+    sources = [
+      "policy/fuzzer/policy_fuzzer.proto",
+    ]
+    import_dirs = [ "//components/policy/proto" ]
+    link_deps =
+        [ "//components/policy/proto:chrome_device_policy_full_runtime_proto" ]
+  }
+}
--- a/chrome/browser/chromeos/policy/fuzzer/policy_fuzzer.cc
+++ b/chrome/browser/chromeos/policy/fuzzer/policy_fuzzer.cc
+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#include "base/logging.h"
+#include "base/memory/weak_ptr.h"
+#include "chrome/browser/chromeos/policy/device_policy_decoder_chromeos.h"
+#include "chrome/browser/chromeos/policy/fuzzer/policy_fuzzer.pb.h"
+#include "components/policy/core/common/external_data_manager.h"
+#include "components/policy/core/common/policy_map.h"
+#include "components/policy/core/common/policy_types.h"
+#include "testing/libfuzzer/proto/lpm_interface.h"
+namespace policy {
+DEFINE_PROTO_FUZZER(const PolicyFuzzerProto& proto) {
+  if (!proto.has_chrome_device_settings())
+    return;
+  const enterprise_management::ChromeDeviceSettingsProto&
+      chrome_device_settings = proto.chrome_device_settings();
+  base::WeakPtr<ExternalDataManager> data_manager;
+  PolicyMap policy_map;
+  DecodeDevicePolicy(chrome_device_settings, data_manager, &policy_map);
+  for (const auto& it : policy_map) {
+    const std::string& policy_name = it.first;
+    const PolicyMap::Entry& entry = it.second;
+    CHECK(entry.value) << "Policy " << policy_name << " has an empty value";
+    CHECK_EQ(entry.scope, POLICY_SCOPE_MACHINE)
+        << "Policy " << policy_name << " has not machine scope";
+  }
+}
+}  // namespace policy
--- a/chrome/browser/chromeos/policy/fuzzer/policy_fuzzer.proto
+++ b/chrome/browser/chromeos/policy/fuzzer/policy_fuzzer.proto
+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+syntax = "proto3";
+package policy;
+import "chrome_device_policy.proto";
+option optimize_for = LITE_RUNTIME;
+message PolicyFuzzerProto {
+  enterprise_management.ChromeDeviceSettingsProto chrome_device_settings = 1;
+}
--- a/components/policy/proto/BUILD.gn
+++ b/components/policy/proto/BUILD.gn
@@ -2,6 +2,7 @@
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
+import("//third_party/libprotobuf-mutator/fuzzable_proto_library.gni")
 import("//third_party/protobuf/proto_library.gni")
 # The proto files need to be a component to avoid duplicate symbols the way the
@@ -54,3 +55,14 @@ proto_library("proto_internal") {
  component_build_force_source_set = true
  defines = [ "POLICY_PROTO_COMPILATION" ]
 }
+if (use_libfuzzer) {
+  fuzzable_proto_library("chrome_device_policy_full_runtime_proto") {
+    proto_out_dir = "components/policy/proto/fuzzer"
+    sources = [
+      "chrome_device_policy.proto",
+      "policy_common_definitions.proto",
+    ]
+  }
+}