From 725559a508ac38ddcd8eb2ab92f9a66a4c618e91 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 5 Oct 2021 16:45:04 +0200
Subject: [PATCH] DO NOT MERGE [WIP]
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 .gitignore                            |  5 +++++
 checkpolicy/fuzz/checkpolicy-fuzzer.c | 15 +++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/.gitignore b/.gitignore
index 6ff6126585..e7cacd483f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -25,3 +25,8 @@ cscope.*
 .*.swp
 # Failsafes
 !.gitignore
+
+corpus_dir/
+out/
+DESTDIR/
+fuzz-*.log
diff --git a/checkpolicy/fuzz/checkpolicy-fuzzer.c b/checkpolicy/fuzz/checkpolicy-fuzzer.c
index 62a0a8af09..ae820b8f19 100644
--- a/checkpolicy/fuzz/checkpolicy-fuzzer.c
+++ b/checkpolicy/fuzz/checkpolicy-fuzzer.c
@@ -119,6 +119,19 @@ static int read_source_policy(policydb_t *p, const uint8_t *data, size_t size)
 	return 0;
 }
 
+static int check_level(hashtab_key_t key, hashtab_datum_t datum, void *arg __attribute__ ((unused)))
+{
+	level_datum_t *levdatum = (level_datum_t *) datum;
+
+	if (!levdatum->isalias && !levdatum->defined) {
+		fprintf(stderr,
+			"Error:  sensitivity %s was not used in a level definition!\n",
+			key);
+		abort();
+	}
+	return 0;
+}
+
 static int write_binary_policy(policydb_t *p, FILE *outfp)
 {
 	struct policy_file pf;
@@ -149,6 +162,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
 	if (read_source_policy(&parsepolicydb, data, size))
 		goto exit;
 
+	(void) hashtab_map(parsepolicydb.p_levels.table, check_level, NULL);
+
 	if (hierarchy_check_constraints(NULL, &parsepolicydb))
 		goto exit;