Loading core/tests/fuzzers/FuzzService/Android.bp 0 → 100644 +28 −0 Original line number Diff line number Diff line package { default_applicable_licenses: ["frameworks_base_license"], } java_library { name: "random_parcel_lib", srcs: ["FuzzBinder.java"], } cc_library_shared { name: "librandom_parcel_jni", defaults: ["service_fuzzer_defaults"], srcs: [ "random_parcel_jni.cpp", ], shared_libs: [ "libandroid_runtime", "libbase", "liblog", ], static_libs: [ "libnativehelper_lazy", "libbinder_random_parcel", ], cflags: [ "-Wno-unused-parameter", ], } core/tests/fuzzers/FuzzService/FuzzBinder.java 0 → 100644 +38 −0 Original line number Diff line number Diff line /* * Copyright (C) 2022 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package randomparcel; import android.os.IBinder; public class FuzzBinder { static { System.loadLibrary("random_parcel_jni"); } // DO NOT REUSE: This API should be called from fuzzer to setup JNI dependencies from // libandroid_runtime. THIS IS WORKAROUND. Please file a bug if you need to use this public static void init() { System.loadLibrary("android_runtime"); registerNatives(); } // This API automatically fuzzes provided service public static void fuzzService(IBinder binder, byte[] data) { fuzzServiceInternal(binder, data); } private static native void fuzzServiceInternal(IBinder binder, byte[] data); private static native int registerNatives(); } core/tests/fuzzers/FuzzService/random_parcel_jni.cpp 0 → 100644 +37 −0 Original line number Diff line number Diff line /* * Copyright (C) 2022 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "random_parcel_jni.h" #include <android_util_Binder.h> #include <fuzzbinder/libbinder_driver.h> #include <fuzzer/FuzzedDataProvider.h> using namespace android; // JNI interface for fuzzService JNIEXPORT void JNICALL Java_randomparcel_FuzzBinder_fuzzServiceInternal(JNIEnv *env, jobject thiz, jobject javaBinder, jbyteArray fuzzData) { size_t len = static_cast<size_t>(env->GetArrayLength(fuzzData)); uint8_t data[len]; env->GetByteArrayRegion(fuzzData, 0, len, reinterpret_cast<jbyte*>(data)); FuzzedDataProvider provider(data, len); sp<IBinder> binder = android::ibinderForJavaObject(env, javaBinder); fuzzService(binder, std::move(provider)); } // API used by AIDL fuzzers to access JNI functions from libandroid_runtime. JNIEXPORT jint JNICALL Java_randomparcel_FuzzBinder_registerNatives(JNIEnv* env) { return registerFrameworkNatives(env); } core/tests/fuzzers/FuzzService/random_parcel_jni.h 0 → 100644 +26 −0 Original line number Diff line number Diff line /* * Copyright (C) 2022 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include <jni.h> extern "C" { JNIEXPORT void JNICALL Java_randomparcel_FuzzBinder_fuzzServiceInternal(JNIEnv *env, jobject thiz, jobject javaBinder, jbyteArray fuzzData); // Function to register libandroid_runtime JNI functions with java env. JNIEXPORT jint JNICALL Java_randomparcel_FuzzBinder_registerNatives(JNIEnv* env); // Function from AndroidRuntime jint registerFrameworkNatives(JNIEnv* env); } core/tests/fuzzers/OWNERS 0 → 100644 +2 −0 Original line number Diff line number Diff line smoreland@google.com waghpawan@google.com Loading
core/tests/fuzzers/FuzzService/Android.bp 0 → 100644 +28 −0 Original line number Diff line number Diff line package { default_applicable_licenses: ["frameworks_base_license"], } java_library { name: "random_parcel_lib", srcs: ["FuzzBinder.java"], } cc_library_shared { name: "librandom_parcel_jni", defaults: ["service_fuzzer_defaults"], srcs: [ "random_parcel_jni.cpp", ], shared_libs: [ "libandroid_runtime", "libbase", "liblog", ], static_libs: [ "libnativehelper_lazy", "libbinder_random_parcel", ], cflags: [ "-Wno-unused-parameter", ], }
core/tests/fuzzers/FuzzService/FuzzBinder.java 0 → 100644 +38 −0 Original line number Diff line number Diff line /* * Copyright (C) 2022 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package randomparcel; import android.os.IBinder; public class FuzzBinder { static { System.loadLibrary("random_parcel_jni"); } // DO NOT REUSE: This API should be called from fuzzer to setup JNI dependencies from // libandroid_runtime. THIS IS WORKAROUND. Please file a bug if you need to use this public static void init() { System.loadLibrary("android_runtime"); registerNatives(); } // This API automatically fuzzes provided service public static void fuzzService(IBinder binder, byte[] data) { fuzzServiceInternal(binder, data); } private static native void fuzzServiceInternal(IBinder binder, byte[] data); private static native int registerNatives(); }
core/tests/fuzzers/FuzzService/random_parcel_jni.cpp 0 → 100644 +37 −0 Original line number Diff line number Diff line /* * Copyright (C) 2022 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "random_parcel_jni.h" #include <android_util_Binder.h> #include <fuzzbinder/libbinder_driver.h> #include <fuzzer/FuzzedDataProvider.h> using namespace android; // JNI interface for fuzzService JNIEXPORT void JNICALL Java_randomparcel_FuzzBinder_fuzzServiceInternal(JNIEnv *env, jobject thiz, jobject javaBinder, jbyteArray fuzzData) { size_t len = static_cast<size_t>(env->GetArrayLength(fuzzData)); uint8_t data[len]; env->GetByteArrayRegion(fuzzData, 0, len, reinterpret_cast<jbyte*>(data)); FuzzedDataProvider provider(data, len); sp<IBinder> binder = android::ibinderForJavaObject(env, javaBinder); fuzzService(binder, std::move(provider)); } // API used by AIDL fuzzers to access JNI functions from libandroid_runtime. JNIEXPORT jint JNICALL Java_randomparcel_FuzzBinder_registerNatives(JNIEnv* env) { return registerFrameworkNatives(env); }
core/tests/fuzzers/FuzzService/random_parcel_jni.h 0 → 100644 +26 −0 Original line number Diff line number Diff line /* * Copyright (C) 2022 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include <jni.h> extern "C" { JNIEXPORT void JNICALL Java_randomparcel_FuzzBinder_fuzzServiceInternal(JNIEnv *env, jobject thiz, jobject javaBinder, jbyteArray fuzzData); // Function to register libandroid_runtime JNI functions with java env. JNIEXPORT jint JNICALL Java_randomparcel_FuzzBinder_registerNatives(JNIEnv* env); // Function from AndroidRuntime jint registerFrameworkNatives(JNIEnv* env); }
core/tests/fuzzers/OWNERS 0 → 100644 +2 −0 Original line number Diff line number Diff line smoreland@google.com waghpawan@google.com
