Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0124a59f authored by Wenhao Wang's avatar Wenhao Wang
Browse files

trusty: Fuzzer for Confirmationui TA 

Note: We need to add Confirmationui TA into
TRUSTY_BUILTIN_USER_TASKS to run the fuzzer.

Bug: 174402999
Bug: 171750250
Test: /data/fuzz/arm64/trusty_confirmationui_fuzzer/trusty_confirmationui_fuzzer
Change-Id: I22769782ded05eeedeb111f7537b5ba76e98ce73
parent f28a6041

trusty/confirmationui/fuzz/Android.bp

0 → 100644
+19 −0
Original line number Diff line number Diff line 
// Copyright (C) 2020 The Android Open Source Project

//

// Licensed under the Apache License, Version 2.0 (the "License");

// you may not use this file except in compliance with the License.

// You may obtain a copy of the License at

//

//       http://www.apache.org/licenses/LICENSE-2.0

//

// Unless required by applicable law or agreed to in writing, software

// distributed under the License is distributed on an "AS IS" BASIS,

// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

// See the License for the specific language governing permissions and

// limitations under the License.



cc_fuzz {

    name: "trusty_confirmationui_fuzzer",

    defaults: ["trusty_fuzzer_defaults"],

    srcs: ["fuzz.cpp"],

}

trusty/confirmationui/fuzz/fuzz.cpp

0 → 100644
+52 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2020 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



#undef NDEBUG



#include <assert.h>

#include <log/log.h>

#include <stdlib.h>

#include <trusty/fuzz/utils.h>

#include <unistd.h>



using android::trusty::fuzz::TrustyApp;



#define TIPC_DEV "/dev/trusty-ipc-dev0"

#define CONFIRMATIONUI_PORT "com.android.trusty.confirmationui"



extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

    static uint8_t buf[TIPC_MAX_MSG_SIZE];



    TrustyApp ta(TIPC_DEV, CONFIRMATIONUI_PORT);

    auto ret = ta.Connect();

    if (!ret.ok()) {

        android::trusty::fuzz::Abort();

    }



    /* Send message to confirmationui server */

    ret = ta.Write(data, size);

    if (!ret.ok()) {

        return -1;

    }



    /* Read message from confirmationui server */

    ret = ta.Read(&buf, sizeof(buf));

    if (!ret.ok()) {

        return -1;

    }



    return 0;

}