Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit 418914a7 authored by Steven Moreland's avatar Steven Moreland
Browse files

libbinder_ndk: fwd fuzzing status to NDK binders 

When passing binders into NDK backend services, we always
type check them immediately. This allows errors to show
up earlier there, but may be inefficient because the type
will also be checked on every transaction. Anyway...

This poses a problem for our automatic fuzzers because
callbacks passed into services (e.g. RandomBinder) will
be ignored for NDK backend fuzzers unless they correctly
guess their interface descriptor.

There are a few things we could do:
- use random strings from the environment
- export a list of possible interface descriptors from AIDL
- generate our corpuses from other data

However, the simplest thing we can do is ignore the check,
which this CL does.

Of course, it isn't great to continue differentiated fuzzer
behavior from actual behavior, so we'd like to revert this
once we have a more comprehensive solution. However, callbacks
are a fundamental AIDL building blocks, so forcing good
fuzzer coverage for these pieces seems justified.

Bug: N/A
Test: I added an abort in an NDK backend service. Without this
  change, that path is never found, but with this change, it
  was hit after only ~6,000 iterations.

Change-Id: I4cbe5c56b93b9300fbd57e72e24075c02df38ba9
parent d9154a7a
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment