Fuzz incident AIDL service (2bf6dd97) · Commits · e / os / android_frameworks_base

cmds/incidentd/Android.bp

+51 −13

Original line number	Original line	Diff line number	Diff line
	@@ -82,17 +82,11 @@ cc_binary {
	},		},
	},		},


	init_rc: ["incidentd.rc"],		init_rc: ["incidentd.rc"],
	}		}

	// ==============		cc_defaults {
	// incidentd_test		name: "incidentd_test_defaults",
	// ==============

	cc_test {
	name: "incidentd_test",
	test_suites: ["device-tests"],

	cflags: [		cflags: [
	"-Werror",		"-Werror",
	@@ -110,8 +104,6 @@ cc_test {
	generated_headers: ["framework-cppstream-protos"],		generated_headers: ["framework-cppstream-protos"],

	srcs: [		srcs: [
	"tests/*/.cpp",
	"tests/*/.proto",
	"src/FdBuffer.cpp",		"src/FdBuffer.cpp",
	"src/Privacy.cpp",		"src/Privacy.cpp",
	"src/PrivacyFilter.cpp",		"src/PrivacyFilter.cpp",
	@@ -125,13 +117,11 @@ cc_test {
	"src/*/.proto",		"src/*/.proto",
	],		],

	data: ["testdata/*/"],

	static_libs: [		static_libs: [
	"libgmock",
	"libincidentcompanion",		"libincidentcompanion",
	"libplatformprotos-test",		"libplatformprotos-test",
	],		],

	shared_libs: [		shared_libs: [
	"libbase",		"libbase",
	"libbinder",		"libbinder",
	@@ -144,6 +134,30 @@ cc_test {
	"libservices",		"libservices",
	"libutils",		"libutils",
	],		],
			}

			// ==============
			// incidentd_test
			// ==============
			cc_test {
			name: "incidentd_test",

			defaults: [
			"incidentd_test_defaults",
			],

			test_suites: ["device-tests"],

			srcs: [
			"tests/*/.cpp",
			"tests/*/.proto",
			],

			data: ["testdata/*/"],

			static_libs: [
			"libgmock",
			],

	target: {		target: {
	android: {		android: {
	@@ -160,3 +174,27 @@ genrule {
	out: ["section_list.cpp"],		out: ["section_list.cpp"],
	cmd: "$(location incident-section-gen) incidentd > $(out)",		cmd: "$(location incident-section-gen) incidentd > $(out)",
	}		}

			cc_fuzz {
			name: "incidentd_service_fuzzer",
			defaults: [
			"service_fuzzer_defaults",
			"fuzzer_disable_leaks",
			"incidentd_test_defaults",
			],

			fuzz_config: {
			cc: [
			"yaochen@google.com",
			"yanmin@google.com",
			],
			triage_assignee: "waghpawan@google.com",
			},

			srcs: [
			"fuzzers/IncidentServiceFuzzer.cpp",
			"src/IncidentService.cpp",
			"src/Broadcaster.cpp",
			":incidentd_section_list",
			],
			}

cmds/incidentd/fuzzers/IncidentServiceFuzzer.cpp

0 → 100644

+31 −0

Original line number	Original line	Diff line number	Diff line
			/*
			* Copyright (C) 2023 The Android Open Source Project
			*
			* Licensed under the Apache License, Version 2.0 (the "License");
			* you may not use this file except in compliance with the License.
			* You may obtain a copy of the License at
			*
			* http://www.apache.org/licenses/LICENSE-2.0
			*
			* Unless required by applicable law or agreed to in writing, software
			* distributed under the License is distributed on an "AS IS" BASIS,
			* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
			* See the License for the specific language governing permissions and
			* limitations under the License.
			*/
			#include <fuzzbinder/libbinder_driver.h>
			#include <utils/Looper.h>

			#include "IncidentService.h"

			using ::android::fuzzService;
			using ::android::os::incidentd::IncidentService;
			using ::android::Looper;
			using ::android::sp;

			extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
			sp<Looper> looper(Looper::prepare(0));
			sp<IncidentService> service = sp<IncidentService>::make(looper);
			fuzzService(service, FuzzedDataProvider(data, size));
			return 0;
			}