Loading core/java/Android.bp +1 −0 Original line number Diff line number Diff line Loading @@ -432,6 +432,7 @@ filegroup { "android/os/IInterface.java", "android/os/Binder.java", "android/os/IBinder.java", "android/os/Parcelable.java", ], } Loading core/tests/fuzzers/FuzzService/FuzzBinder.java +4 −4 Original line number Diff line number Diff line Loading @@ -34,12 +34,12 @@ public class FuzzBinder { fuzzServiceInternal(binder, data); } // This API creates random parcel object public static void createRandomParcel(Parcel parcel, byte[] data) { getRandomParcel(parcel, data); // This API fills parcel object public static void fillRandomParcel(Parcel parcel, byte[] data) { fillParcelInternal(parcel, data); } private static native void fuzzServiceInternal(IBinder binder, byte[] data); private static native void getRandomParcel(Parcel parcel, byte[] data); private static native void fillParcelInternal(Parcel parcel, byte[] data); private static native int registerNatives(); } core/tests/fuzzers/FuzzService/random_parcel_jni.cpp +1 −1 Original line number Diff line number Diff line Loading @@ -38,7 +38,7 @@ JNIEXPORT jint JNICALL Java_randomparcel_FuzzBinder_registerNatives(JNIEnv* env) return registerFrameworkNatives(env); } JNIEXPORT void JNICALL Java_randomparcel_FuzzBinder_getRandomParcel(JNIEnv *env, jobject thiz, jobject jparcel, jbyteArray fuzzData) { JNIEXPORT void JNICALL Java_randomparcel_FuzzBinder_fillParcelInternal(JNIEnv *env, jobject thiz, jobject jparcel, jbyteArray fuzzData) { size_t len = static_cast<size_t>(env->GetArrayLength(fuzzData)); uint8_t data[len]; env->GetByteArrayRegion(fuzzData, 0, len, reinterpret_cast<jbyte*>(data)); Loading core/tests/fuzzers/FuzzService/random_parcel_jni.h +1 −1 Original line number Diff line number Diff line Loading @@ -24,5 +24,5 @@ extern "C" { // Function from AndroidRuntime jint registerFrameworkNatives(JNIEnv* env); JNIEXPORT void JNICALL Java_randomparcel_FuzzBinder_getRandomParcel(JNIEnv *env, jobject thiz, jobject parcel, jbyteArray fuzzData); JNIEXPORT void JNICALL Java_randomparcel_FuzzBinder_fillParcelInternal(JNIEnv *env, jobject thiz, jobject parcel, jbyteArray fuzzData); } core/tests/fuzzers/ParcelFuzzer/Android.bp 0 → 100644 +40 −0 Original line number Diff line number Diff line package { default_applicable_licenses: ["frameworks_base_license"], } java_fuzz { name: "java_binder_parcel_fuzzer", srcs: [ "ParcelFuzzer.java", "ReadUtils.java", "FuzzUtils.java", "FuzzOperation.java", "ReadOperation.java", ":framework-core-sources-for-fuzzers", ], static_libs: [ "jazzer", "random_parcel_lib", "binderReadParcelIface-java", ], jni_libs: [ "librandom_parcel_jni", "libc++", "libandroid_runtime", ], libs: [ "framework", "unsupportedappusage", "ext", "framework-res", ], native_bridge_supported: true, fuzz_config: { cc: [ "smoreland@google.com", "waghpawan@google.com", ], // Adds bugs to hotlist "AIDL fuzzers bugs" on buganizer hotlists: ["4637097"], }, } Loading
core/java/Android.bp +1 −0 Original line number Diff line number Diff line Loading @@ -432,6 +432,7 @@ filegroup { "android/os/IInterface.java", "android/os/Binder.java", "android/os/IBinder.java", "android/os/Parcelable.java", ], } Loading
core/tests/fuzzers/FuzzService/FuzzBinder.java +4 −4 Original line number Diff line number Diff line Loading @@ -34,12 +34,12 @@ public class FuzzBinder { fuzzServiceInternal(binder, data); } // This API creates random parcel object public static void createRandomParcel(Parcel parcel, byte[] data) { getRandomParcel(parcel, data); // This API fills parcel object public static void fillRandomParcel(Parcel parcel, byte[] data) { fillParcelInternal(parcel, data); } private static native void fuzzServiceInternal(IBinder binder, byte[] data); private static native void getRandomParcel(Parcel parcel, byte[] data); private static native void fillParcelInternal(Parcel parcel, byte[] data); private static native int registerNatives(); }
core/tests/fuzzers/FuzzService/random_parcel_jni.cpp +1 −1 Original line number Diff line number Diff line Loading @@ -38,7 +38,7 @@ JNIEXPORT jint JNICALL Java_randomparcel_FuzzBinder_registerNatives(JNIEnv* env) return registerFrameworkNatives(env); } JNIEXPORT void JNICALL Java_randomparcel_FuzzBinder_getRandomParcel(JNIEnv *env, jobject thiz, jobject jparcel, jbyteArray fuzzData) { JNIEXPORT void JNICALL Java_randomparcel_FuzzBinder_fillParcelInternal(JNIEnv *env, jobject thiz, jobject jparcel, jbyteArray fuzzData) { size_t len = static_cast<size_t>(env->GetArrayLength(fuzzData)); uint8_t data[len]; env->GetByteArrayRegion(fuzzData, 0, len, reinterpret_cast<jbyte*>(data)); Loading
core/tests/fuzzers/FuzzService/random_parcel_jni.h +1 −1 Original line number Diff line number Diff line Loading @@ -24,5 +24,5 @@ extern "C" { // Function from AndroidRuntime jint registerFrameworkNatives(JNIEnv* env); JNIEXPORT void JNICALL Java_randomparcel_FuzzBinder_getRandomParcel(JNIEnv *env, jobject thiz, jobject parcel, jbyteArray fuzzData); JNIEXPORT void JNICALL Java_randomparcel_FuzzBinder_fillParcelInternal(JNIEnv *env, jobject thiz, jobject parcel, jbyteArray fuzzData); }
core/tests/fuzzers/ParcelFuzzer/Android.bp 0 → 100644 +40 −0 Original line number Diff line number Diff line package { default_applicable_licenses: ["frameworks_base_license"], } java_fuzz { name: "java_binder_parcel_fuzzer", srcs: [ "ParcelFuzzer.java", "ReadUtils.java", "FuzzUtils.java", "FuzzOperation.java", "ReadOperation.java", ":framework-core-sources-for-fuzzers", ], static_libs: [ "jazzer", "random_parcel_lib", "binderReadParcelIface-java", ], jni_libs: [ "librandom_parcel_jni", "libc++", "libandroid_runtime", ], libs: [ "framework", "unsupportedappusage", "ext", "framework-res", ], native_bridge_supported: true, fuzz_config: { cc: [ "smoreland@google.com", "waghpawan@google.com", ], // Adds bugs to hotlist "AIDL fuzzers bugs" on buganizer hotlists: ["4637097"], }, }
