From f044f7f3dd94c53b58e8d9b3f0143c9901860b66 Mon Sep 17 00:00:00 2001 From: Pawan Wagh Date: Mon, 24 Apr 2023 22:55:31 +0000 Subject: [PATCH] Adding fuzzers for StoragedService and StoragedPrivateService - StoragedService and StoragedPrivateService are defined in global namespace. Moving them to android namespace - Adding AIDL service fuzzers for both services Bug: 232439428 Test: adb shell /data/nativetest64/storaged-unit-tests/storaged-unit-tests Test: m storaged_service_fuzzer && adb sync data && adb shell /data/fuzz/x86_64/storaged_service_fuzzer/storaged_service_fuzzer Test: m storaged_private_service_fuzzer && adb sync data && adb shell /data/fuzz/x86_64/storaged_private_service_fuzzer/storaged_private_service_fuzzer Change-Id: Ieb6ff8117f548dd1ef376aab8e6d3dfec9fb06d3 --- storaged/Android.bp | 24 +++++++++++++ storaged/include/storaged_service.h | 2 ++ storaged/storaged_service.cpp | 2 ++ .../storaged_private_service_fuzzer.cpp | 34 +++++++++++++++++++ .../tests/fuzzers/storaged_service_fuzzer.cpp | 34 +++++++++++++++++++ 5 files changed, 96 insertions(+) create mode 100644 storaged/tests/fuzzers/storaged_private_service_fuzzer.cpp create mode 100644 storaged/tests/fuzzers/storaged_service_fuzzer.cpp diff --git a/storaged/Android.bp b/storaged/Android.bp index c3447d282..04f5d7953 100644 --- a/storaged/Android.bp +++ b/storaged/Android.bp @@ -136,3 +136,27 @@ filegroup { ], path: "binder", } + +cc_fuzz { + name: "storaged_service_fuzzer", + defaults: [ + "storaged_defaults", + "service_fuzzer_defaults", + ], + srcs: ["tests/fuzzers/storaged_service_fuzzer.cpp"], + static_libs: [ + "libstoraged", + ], +} + +cc_fuzz { + name: "storaged_private_service_fuzzer", + defaults: [ + "storaged_defaults", + "service_fuzzer_defaults", + ], + srcs: ["tests/fuzzers/storaged_private_service_fuzzer.cpp"], + static_libs: [ + "libstoraged", + ], +} \ No newline at end of file diff --git a/storaged/include/storaged_service.h b/storaged/include/storaged_service.h index 7ec686415..bf7af80d2 100644 --- a/storaged/include/storaged_service.h +++ b/storaged/include/storaged_service.h @@ -28,6 +28,7 @@ using namespace std; using namespace android::os; using namespace android::os::storaged; +namespace android { class StoragedService : public BinderService, public BnStoraged { private: void dumpUidRecordsDebug(int fd, const vector& entries); @@ -53,4 +54,5 @@ public: sp get_storaged_pri_service(); +} // namespace android #endif /* _STORAGED_SERVICE_H_ */ \ No newline at end of file diff --git a/storaged/storaged_service.cpp b/storaged/storaged_service.cpp index 45f1d4dfe..00d36d7e9 100644 --- a/storaged/storaged_service.cpp +++ b/storaged/storaged_service.cpp @@ -38,6 +38,7 @@ using namespace android::base; extern sp storaged_sp; +namespace android { status_t StoragedService::start() { return BinderService::publish(); } @@ -218,3 +219,4 @@ sp get_storaged_pri_service() { return interface_cast(binder); } +} // namespace android \ No newline at end of file diff --git a/storaged/tests/fuzzers/storaged_private_service_fuzzer.cpp b/storaged/tests/fuzzers/storaged_private_service_fuzzer.cpp new file mode 100644 index 000000000..82eb79605 --- /dev/null +++ b/storaged/tests/fuzzers/storaged_private_service_fuzzer.cpp @@ -0,0 +1,34 @@ +/* + * Copyright (C) 2023 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include +#include + +sp storaged_sp; + +extern "C" int LLVMFuzzerInitialize(int /**argc*/, char /****argv*/) { + storaged_sp = new storaged_t(); + storaged_sp->init(); + return 0; +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + auto storagedPrivateService = new StoragedPrivateService(); + fuzzService(storagedPrivateService, FuzzedDataProvider(data, size)); + return 0; +} \ No newline at end of file diff --git a/storaged/tests/fuzzers/storaged_service_fuzzer.cpp b/storaged/tests/fuzzers/storaged_service_fuzzer.cpp new file mode 100644 index 000000000..d11ecc325 --- /dev/null +++ b/storaged/tests/fuzzers/storaged_service_fuzzer.cpp @@ -0,0 +1,34 @@ +/* + * Copyright (C) 2023 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include +#include + +sp storaged_sp; + +extern "C" int LLVMFuzzerInitialize(int /**argc*/, char /****argv*/) { + storaged_sp = new storaged_t(); + storaged_sp->init(); + return 0; +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + auto storagedService = new StoragedService(); + fuzzService(storagedService, FuzzedDataProvider(data, size)); + return 0; +} \ No newline at end of file