Merge "Revert "rpc_binder: Change trusty_tipc_fuzzer to support multiple connections and messages"" into main am: 81190566f9

Original change: https://android-review.googlesource.com/c/platform/system/core/+/2907204

Change-Id: I465fbbd890c5f401fdd4201f8c268df7505a017b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
This commit is contained in:
David Drysdale 2024-01-26 10:46:27 +00:00 committed by Automerger Merge Worker
commit c4d82f3d84

View file

@ -14,8 +14,6 @@
* limitations under the License.
*/
#include <android-base/result.h>
#include <fuzzer/FuzzedDataProvider.h>
#include <stdlib.h>
#include <trusty/coverage/coverage.h>
#include <trusty/coverage/uuid.h>
@ -25,7 +23,6 @@
#include <iostream>
#include <memory>
using android::base::Result;
using android::trusty::coverage::CoverageRecord;
using android::trusty::fuzz::ExtraCounters;
using android::trusty::fuzz::TrustyApp;
@ -44,14 +41,7 @@ using android::trusty::fuzz::TrustyApp;
#error "Binary file name must be parameterized using -DTRUSTY_APP_FILENAME."
#endif
#ifdef TRUSTY_APP_MAX_CONNECTIONS
constexpr size_t MAX_CONNECTIONS = TRUSTY_APP_MAX_CONNECTIONS;
#else
constexpr size_t MAX_CONNECTIONS = 1;
#endif
static_assert(MAX_CONNECTIONS >= 1);
static TrustyApp kTrustyApp(TIPC_DEV, TRUSTY_APP_PORT);
static std::unique_ptr<CoverageRecord> record;
extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {
@ -63,8 +53,7 @@ extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {
}
/* Make sure lazy-loaded TAs have started and connected to coverage service. */
TrustyApp ta(TIPC_DEV, TRUSTY_APP_PORT);
auto ret = ta.Connect();
auto ret = kTrustyApp.Connect();
if (!ret.ok()) {
std::cerr << ret.error() << std::endl;
exit(-1);
@ -84,56 +73,24 @@ extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {
return 0;
}
Result<void> testOneInput(FuzzedDataProvider& provider) {
std::vector<TrustyApp> trustyApps;
while (provider.remaining_bytes() > 0) {
if (trustyApps.size() < MAX_CONNECTIONS && provider.ConsumeBool()) {
auto& ta = trustyApps.emplace_back(TIPC_DEV, TRUSTY_APP_PORT);
const auto result = ta.Connect();
if (!result.ok()) {
return result;
}
} else {
const auto i = provider.ConsumeIntegralInRange<size_t>(0, trustyApps.size());
std::swap(trustyApps[i], trustyApps.back());
if (provider.ConsumeBool()) {
auto& ta = trustyApps.back();
const auto data = provider.ConsumeRandomLengthString();
auto result = ta.Write(data.data(), data.size());
if (!result.ok()) {
return result;
}
std::array<uint8_t, TIPC_MAX_MSG_SIZE> buf;
result = ta.Read(buf.data(), buf.size());
if (!result.ok()) {
return result;
}
// Reconnect to ensure that the service is still up.
ta.Disconnect();
result = ta.Connect();
if (!result.ok()) {
std::cerr << result.error() << std::endl;
android::trusty::fuzz::Abort();
return result;
}
} else {
trustyApps.pop_back();
}
}
}
return {};
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
static uint8_t buf[TIPC_MAX_MSG_SIZE];
ExtraCounters counters(record.get());
counters.Reset();
FuzzedDataProvider provider(data, size);
const auto result = testOneInput(provider);
return result.ok() ? 0 : -1;
auto ret = kTrustyApp.Write(data, size);
if (ret.ok()) {
ret = kTrustyApp.Read(&buf, sizeof(buf));
}
// Reconnect to ensure that the service is still up
kTrustyApp.Disconnect();
ret = kTrustyApp.Connect();
if (!ret.ok()) {
std::cerr << ret.error() << std::endl;
android::trusty::fuzz::Abort();
}
return ret.ok() ? 0 : -1;
}