Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0d4a47b0 authored by Yifan Hong's avatar Yifan Hong
Browse files

libsnapshot_fuzzer: Fuzz MapUpdateSnapshot. 

Test: run it
Bug: 154633114
Change-Id: I15ea0fb28df5b0f6d32096aab808549c3855c289
parent db0e62b8

fs_mgr/libsnapshot/android/snapshot/snapshot_fuzz.proto

+14 −2
Original line number Diff line number Diff line
@@ -33,6 +33,19 @@ message FuzzSnapshotManagerData { 
    bool is_local_image_manager = 1;

}



// A simplified version of CreateLogicalPartitionParams for fuzzing.

// Next: 9

message CreateLogicalPartitionParamsProto {

    bool use_correct_super = 1;

    string block_device = 2;

    bool has_metadata_slot = 3;

    uint32 metadata_slot = 4;

    string partition_name = 5;

    bool force_writable = 6;

    int64 timeout_millis = 7;

    string device_name = 8;

}



// Mimics the API of ISnapshotManager. Defines one action on the snapshot

// manager.

// Next: 18
@@ -51,8 +64,6 @@ message SnapshotManagerActionProto { 
        bool has_metadata_device_object = 1;

        bool metadata_mounted = 2;

    }

    reserved 8;

    reserved "map_update_snapshot";

    oneof value {

        NoArgs begin_update = 1;

        NoArgs cancel_update = 2;
@@ -61,6 +72,7 @@ message SnapshotManagerActionProto { 
        ProcessUpdateStateArgs process_update_state = 5;

        bool get_update_state = 6;

        chromeos_update_engine.DeltaArchiveManifest create_update_snapshots = 7;

        CreateLogicalPartitionParamsProto map_update_snapshot = 8;

        string unmap_update_snapshot = 9;

        NoArgs need_snapshots_in_first_stage_mount = 10;

        CreateLogicalAndSnapshotPartitionsArgs create_logical_and_snapshot_partitions = 11;

fs_mgr/libsnapshot/include/libsnapshot/snapshot.h

+1 −0
Original line number Diff line number Diff line
@@ -173,6 +173,7 @@ class ISnapshotManager { 


    // Map a snapshotted partition for OTA clients to write to. Write-protected regions are

    // determined previously in CreateSnapshots.

    // |snapshot_path| must not be nullptr.

    virtual bool MapUpdateSnapshot(const android::fs_mgr::CreateLogicalPartitionParams& params,

                                   std::string* snapshot_path) = 0;

fs_mgr/libsnapshot/snapshot_fuzz.cpp

+21 −0
Original line number Diff line number Diff line
@@ -32,6 +32,7 @@ using android::base::LogSeverity; 
using android::base::SetLogger;

using android::base::StderrLogger;

using android::base::StdioLogger;

using android::fs_mgr::CreateLogicalPartitionParams;

using android::fuzz::CheckedCast;

using android::snapshot::SnapshotFuzzData;

using android::snapshot::SnapshotFuzzEnv;
@@ -132,6 +133,26 @@ SNAPSHOT_FUZZ_FUNCTION(RecoveryCreateSnapshotDevicesWithMetadata, 
    (void)snapshot->RecoveryCreateSnapshotDevices(device);

}



SNAPSHOT_FUZZ_FUNCTION(MapUpdateSnapshot, const CreateLogicalPartitionParamsProto& params_proto) {

    auto partition_opener = std::make_unique<TestPartitionOpener>(GetSnapshotFuzzEnv()->super());

    CreateLogicalPartitionParams params;

    if (params_proto.use_correct_super()) {

        params.block_device = GetSnapshotFuzzEnv()->super();

    } else {

        params.block_device = params_proto.block_device();

    }

    if (params_proto.has_metadata_slot()) {

        params.metadata_slot = params_proto.metadata_slot();

    }

    params.partition_name = params_proto.partition_name();

    params.force_writable = params_proto.force_writable();

    params.timeout_ms = std::chrono::milliseconds(params_proto.timeout_millis());

    params.device_name = params_proto.device_name();

    params.partition_opener = partition_opener.get();

    std::string path;

    (void)snapshot->MapUpdateSnapshot(params, &path);

}



// During global init, log all messages to stdio. This is only done once.

int AllowLoggingDuringGlobalInit() {

    SetLogger(&StdioLogger);