f643b354fe
Bazel's intermediates/inputs are symlinks in its execution root, unlike Soong. e.g. $ file $(readlink -f out/bazel/output/execroot/__main__/packages/modules/adb/apex/adbd.rc) /usr/local/google/home/jingwen/aosp/master-with-phones/packages/modules/adb/apex/adbd.rc: ASCII text Test: presubmits Change-Id: I3977a37ee989e07bee56abb019a21055b8cef567 |
||
|---|---|---|
| .. | ||
| Android.bp | ||
| init_parser_fuzzer.cpp | ||
| init_property_fuzzer.cpp | ||
| init_ueventHandler_fuzzer.cpp | ||
| README.md | ||
Fuzzers for libinit
Table of contents
Fuzzer for InitParser
InitParser supports the following parameters:
- ValidPathNames (parameter name: "kValidPaths")
- ValidParseInputs (parameter name: "kValidInputs")
| Parameter | Valid Values | Configured Value |
|---|---|---|
kValidPaths |
0./system/etc/init/hw/init.rc,1. /system/etc/init |
Value obtained from FuzzedDataProvider |
kValidInputs |
0.{"","cpu", "10", "10"},1. {"","RLIM_CPU", "10", "10"},2. {"","12", "unlimited", "10"},3. {"","13", "-1", "10"},4. {"","14", "10", "unlimited"},5. {"","15", "10", "-1"} |
Value obtained from FuzzedDataProvider |
Steps to run
- Build the fuzzer
$ mm -j$(nproc) init_parser_fuzzer
- Run on device
$ adb sync data
$ adb shell /data/fuzz/arm64/init_parser_fuzzer/init_parser_fuzzer
Fuzzer for InitProperty
InitProperty supports the following parameters: PropertyType (parameter name: "PropertyType")
| Parameter | Valid Values | Configured Value |
|---|---|---|
PropertyType |
0.STRING,1. BOOL,2. INT,3. UINT,4. DOUBLE,5. SIZE,6. ENUM,7. RANDOM |
Value obtained from FuzzedDataProvider |
Steps to run
- Build the fuzzer
$ mm -j$(nproc) init_property_fuzzer
- Run on device
$ adb sync data
$ adb shell /data/fuzz/arm64/init_property_fuzzer/init_property_fuzzer
Fuzzer for InitUeventHandler
Maximize code coverage
The configuration parameters are not hardcoded, but instead selected based on incoming data. This ensures more code paths are reached by the fuzzer.
InitUeventHandler supports the following parameters:
- Major (parameter name:
major) - Minor (parameter name:
minor) - PartitionNum (parameter name:
partition_num) - Uid (parameter name:
uid) - Gid (parameter name:
gid) - Action (parameter name:
action) - Path (parameter name:
path) - Subsystem (parameter name:
subsystem) - PartitionName (parameter name:
partition_name) - DeviceName (parameter name:
device_name) - Modalias (parameter name:
modalias) - DevPath (parameter name:
devPath) - HandlerPath (parameter name:
handlerPath)
| Parameter | Valid Values | Configured Value |
|---|---|---|
major |
UINT32_MIN to UINT32_MAX |
Value obtained from FuzzedDataProvider |
minor |
UINT32_MIN to UINT32_MAX |
Value obtained from FuzzedDataProvider |
partition_num |
UINT32_MIN to UINT32_MAX |
Value obtained from FuzzedDataProvider |
uid |
UINT32_MIN to UINT32_MAX |
Value obtained from FuzzedDataProvider |
gid |
UINT32_MIN to UINT32_MAX |
Value obtained from FuzzedDataProvider |
action |
String |
Value obtained from FuzzedDataProvider |
path |
String |
Value obtained from FuzzedDataProvider |
subsystem |
String |
Value obtained from FuzzedDataProvider |
partition_name |
String |
Value obtained from FuzzedDataProvider |
device_name |
String |
Value obtained from FuzzedDataProvider |
modalias |
String |
Value obtained from FuzzedDataProvider |
devPath |
String |
Value obtained from FuzzedDataProvider |
handlerPath |
String |
Value obtained from FuzzedDataProvider |
This also ensures that the plugin is always deterministic for any given input.
Steps to run
- Build the fuzzer
$ mm -j$(nproc) init_ueventHandler_fuzzer
- Run on device
$ adb sync data
$ adb shell /data/fuzz/arm64/init_ueventHandler_fuzzer/init_ueventHandler_fuzzer