From ec4df1d5479348794a0b53ba740923dce7488f52 Mon Sep 17 00:00:00 2001
From: Rajesh Nyamagoud <nyamagoud@google.com>
Date: Thu, 13 Oct 2022 00:20:56 +0000
Subject: [PATCH] Adding fuzzer for trusty-confirmationui service.

Bug: b/205760172
Test: Run android.hardware.confirmationui-service.trusty_fuzzer, confirmation UI test using CTS Verifier and atest VtsHalConfirmationUITargetTest
Change-Id: If0e97c9ae5f89fbbfa994c12ece53d3996e17a33
---
 trusty/confirmationui/Android.bp | 18 ++++++++++++++++++
 trusty/confirmationui/fuzzer.cpp | 31 +++++++++++++++++++++++++++++++
 2 files changed, 49 insertions(+)
 create mode 100644 trusty/confirmationui/fuzzer.cpp

diff --git a/trusty/confirmationui/Android.bp b/trusty/confirmationui/Android.bp
index 29ef3c098..c5c501295 100644
--- a/trusty/confirmationui/Android.bp
+++ b/trusty/confirmationui/Android.bp
@@ -53,6 +53,24 @@ cc_binary {
     ],
 }
 
+cc_fuzz {
+    name: "android.hardware.confirmationui-service.trusty_fuzzer",
+    defaults: ["service_fuzzer_defaults"],
+    vendor: true,
+    shared_libs: [
+        "android.hardware.confirmationui-V1-ndk",
+        "android.hardware.confirmationui.not-so-secure-input",
+        "android.hardware.confirmationui-lib.trusty",
+        "liblog",
+    ],
+    srcs: ["fuzzer.cpp"],
+    fuzz_config: {
+        cc: [
+            "nyamagoud@google.com",
+        ],
+    },
+}
+
 cc_library {
     name: "android.hardware.confirmationui-lib.trusty",
     defaults: [
diff --git a/trusty/confirmationui/fuzzer.cpp b/trusty/confirmationui/fuzzer.cpp
new file mode 100644
index 000000000..4446b79ff
--- /dev/null
+++ b/trusty/confirmationui/fuzzer.cpp
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <TrustyConfirmationuiHal.h>
+#include <android-base/logging.h>
+#include <fuzzbinder/libbinder_ndk_driver.h>
+#include <fuzzer/FuzzedDataProvider.h>
+
+using aidl::android::hardware::confirmationui::createTrustyConfirmationUI;
+using aidl::android::hardware::confirmationui::IConfirmationUI;
+using android::fuzzService;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+    auto confirmationui = createTrustyConfirmationUI();
+
+    fuzzService(confirmationui->asBinder().get(), FuzzedDataProvider(data, size));
+
+    return 0;
+}