Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 04c90eb5 authored by Pawan Wagh's avatar Pawan Wagh
Browse files

Updating fuzzService with IBinder transact codes 

Using transaction codes defined in IBinder with B_PACK_CHARS
so that these functions can be easily covered in fuzzing.

Test: atest -c fuzz_service_test
Test: atest -c binderRecordReplayTest
Bug: 295191685
Change-Id: Ic6bd5b22d943c38343e177794bdff3b991f8103b
parent 6cd02207

libs/binder/tests/parcel_fuzzer/libbinder_driver.cpp

+9 −2
Original line number Diff line number Diff line
@@ -60,8 +60,15 @@ void fuzzService(const std::vector<sp<IBinder>>& binders, FuzzedDataProvider&& p 


    while (provider.remaining_bytes() > 0) {

        // Most of the AIDL services will have small set of transaction codes.

        uint32_t code = provider.ConsumeBool() ? provider.ConsumeIntegral<uint32_t>()

                                               : provider.ConsumeIntegralInRange<uint32_t>(0, 100);

        // TODO(b/295942369) : Add remaining transact codes from IBinder.h

        uint32_t code = provider.ConsumeBool()

                ? provider.ConsumeIntegral<uint32_t>()

                : provider.PickValueInArray<int64_t>(

                          {provider.ConsumeIntegralInRange<uint32_t>(0, 100),

                           IBinder::DUMP_TRANSACTION, IBinder::PING_TRANSACTION,

                           IBinder::SHELL_COMMAND_TRANSACTION, IBinder::INTERFACE_TRANSACTION,

                           IBinder::SYSPROPS_TRANSACTION, IBinder::EXTENSION_TRANSACTION,

                           IBinder::TWEET_TRANSACTION, IBinder::LIKE_TRANSACTION});

        uint32_t flags = provider.ConsumeIntegral<uint32_t>();

        Parcel data;

        // for increased fuzz coverage