binder_parcel_fuzzer: add markSensitive coverage (cae288b8) · Commits · e / devices / smdk4412 / android_frameworks_native

libs/binder/tests/parcel_fuzzer/binder.cpp

+5 −0

Original line number	Diff line number	Diff line
		@@ -121,6 +121,11 @@ std::vector<ParcelRead<::android::Parcel>> BINDER_PARCEL_READ_FUNCTIONS {
		PARCEL_READ_NO_STATUS(size_t, hasFileDescriptors),
		PARCEL_READ_NO_STATUS(std::vector<android::sp<android::IBinder>>, debugReadAllStrongBinders),
		PARCEL_READ_NO_STATUS(std::vector<int>, debugReadAllFileDescriptors),
		[] (const ::android::Parcel& p, FuzzedDataProvider&) {
		FUZZ_LOG() << "about to markSensitive";
		p.markSensitive();
		FUZZ_LOG() << "markSensitive done";
		},
		[] (const ::android::Parcel& p, FuzzedDataProvider& provider) {
		std::string interface = provider.ConsumeRandomLengthString();
		FUZZ_LOG() << "about to enforceInterface: " << interface;

+10 −0

Original line number	Diff line number	Diff line
		@@ -40,6 +40,13 @@ void fillRandomParcel(Parcel* outputParcel, FuzzedDataProvider&& provider,
		const uint8_t fuzzerParcelOptions = provider.ConsumeIntegral<uint8_t>();
		const bool resultShouldBeView = fuzzerParcelOptions & 1;
		const bool resultShouldBeRpc = fuzzerParcelOptions & 2;
		const bool resultShouldMarkSensitive = fuzzerParcelOptions & 4;

		auto sensitivity_guard = binder::impl::make_scope_guard([&]() {
		if (resultShouldMarkSensitive) {
		outputParcel->markSensitive();
		}
		});

		Parcel* p;
		if (resultShouldBeView) {
		@@ -49,6 +56,9 @@ void fillRandomParcel(Parcel* outputParcel, FuzzedDataProvider&& provider,
		} else {
		p = outputParcel; // directly fill out the output Parcel
		}

		// must be last guard, so outputParcel gets setup as view before
		// other guards
		auto viewify_guard = binder::impl::make_scope_guard([&]() {
		if (resultShouldBeView) {
		outputParcel->makeDangerousViewOf(p);