From 2e96b9dce1dcba4fc6e4d88ee8c962fc26e067de Mon Sep 17 00:00:00 2001 From: Steven Moreland Date: Tue, 15 Mar 2022 01:45:28 +0000 Subject: [PATCH] Fuzzer for default vibrator service. As an example for a fuzzer of an AIDL service. Bug: 224646709 Test: run fuzzer for a few minutes (doesn't get very deep in the fuzzer - will follow-up with a dictionary or a corpus if the fuzzer can't get past the header and interface token) Change-Id: Iac02a1f02500a0098d67823ac22de1706778927b --- vibrator/aidl/Android.bp | 1 + vibrator/aidl/default/Android.bp | 45 +++++++++++++++++++++++++++++++- vibrator/aidl/default/fuzzer.cpp | 33 +++++++++++++++++++++++ 3 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 vibrator/aidl/default/fuzzer.cpp diff --git a/vibrator/aidl/Android.bp b/vibrator/aidl/Android.bp index 22219b0f73..d4d5857492 100644 --- a/vibrator/aidl/Android.bp +++ b/vibrator/aidl/Android.bp @@ -10,6 +10,7 @@ package { aidl_interface { name: "android.hardware.vibrator", vendor_available: true, + host_supported: true, srcs: [ "android/hardware/vibrator/*.aidl", ], diff --git a/vibrator/aidl/default/Android.bp b/vibrator/aidl/default/Android.bp index 2e12dfb2dd..acdbdcdd3c 100644 --- a/vibrator/aidl/default/Android.bp +++ b/vibrator/aidl/default/Android.bp @@ -9,7 +9,8 @@ package { cc_library_static { name: "libvibratorexampleimpl", - vendor: true, + vendor_available: true, + host_supported: true, shared_libs: [ "libbase", "libbinder_ndk", @@ -24,6 +25,11 @@ cc_library_static { ":__subpackages__", "//hardware/interfaces/tests/extension/vibrator:__subpackages__", ], + target: { + darwin: { + enabled: false, + }, + }, } filegroup { @@ -47,3 +53,40 @@ cc_binary { ], srcs: ["main.cpp"], } + +cc_fuzz { + name: "android.hardware.vibrator-service.example_fuzzer", + host_supported: true, + static_libs: [ + "android.hardware.vibrator-V2-ndk", + "libbase", + "libbinder_random_parcel", + "libcutils", + "liblog", + "libutils", + "libvibratorexampleimpl", + ], + target: { + android: { + shared_libs: [ + "libbinder_ndk", + "libbinder", + ], + }, + host: { + static_libs: [ + "libbinder_ndk", + "libbinder", + ], + }, + darwin: { + enabled: false, + }, + }, + srcs: ["fuzzer.cpp"], + fuzz_config: { + cc: [ + "smoreland@google.com", + ], + }, +} diff --git a/vibrator/aidl/default/fuzzer.cpp b/vibrator/aidl/default/fuzzer.cpp new file mode 100644 index 0000000000..7d52209747 --- /dev/null +++ b/vibrator/aidl/default/fuzzer.cpp @@ -0,0 +1,33 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include +#include +#include + +using aidl::android::hardware::vibrator::Vibrator; +using aidl::android::hardware::vibrator::VibratorManager; +using android::fuzzService; +using ndk::SharedRefBase; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + auto managedVib = SharedRefBase::make(); + auto vibManager = SharedRefBase::make(std::move(managedVib)); + + fuzzService(vibManager->asBinder().get(), FuzzedDataProvider(data, size)); + + return 0; +}