Loading fs_mgr/TEST_MAPPING +3 −0 Original line number Diff line number Diff line Loading @@ -14,6 +14,9 @@ }, { "name": "vts_libsnapshot_test" }, { "name": "libsnapshot_fuzzer_test" } ] } fs_mgr/libsnapshot/Android.bp +18 −2 Original line number Diff line number Diff line Loading @@ -246,8 +246,8 @@ cc_test { gtest: false, } cc_fuzz { name: "libsnapshot_fuzzer", cc_defaults { name: "libsnapshot_fuzzer_defaults", // TODO(b/154633114): make host supported. // host_supported: true, Loading Loading @@ -289,7 +289,12 @@ cc_fuzz { canonical_path_from_root: false, local_include_dirs: ["."], }, } cc_fuzz { name: "libsnapshot_fuzzer", defaults: ["libsnapshot_fuzzer_defaults"], corpus: ["corpus/*"], fuzz_config: { cc: ["android-virtual-ab+bugs@google.com"], componentid: 30545, Loading @@ -298,3 +303,14 @@ cc_fuzz { fuzz_on_haiku_device: true, }, } cc_test { name: "libsnapshot_fuzzer_test", defaults: ["libsnapshot_fuzzer_defaults"], data: ["corpus/*"], test_suites: [ "device-tests", ], auto_gen_config: true, require_root: true, } fs_mgr/libsnapshot/android/snapshot/snapshot_fuzz.proto +8 −1 Original line number Diff line number Diff line Loading @@ -64,6 +64,7 @@ message SnapshotManagerActionProto { bool has_metadata_device_object = 1; bool metadata_mounted = 2; } reserved 18 to 9999; oneof value { NoArgs begin_update = 1; NoArgs cancel_update = 2; Loading @@ -82,6 +83,9 @@ message SnapshotManagerActionProto { NoArgs dump = 15; NoArgs ensure_metadata_mounted = 16; NoArgs get_snapshot_merge_stats_instance = 17; // Test directives that has nothing to do with ISnapshotManager API surface. NoArgs switch_slot = 10000; } } Loading @@ -97,7 +101,10 @@ message SnapshotFuzzData { bool is_super_metadata_valid = 3; chromeos_update_engine.DeltaArchiveManifest super_data = 4; // Whether the directory that mocks /metadata/ota/snapshot is created. bool has_metadata_snapshots_dir = 5; // More data used to prep the test before running actions. reserved 5 to 9999; reserved 6 to 9999; repeated SnapshotManagerActionProto actions = 10000; } fs_mgr/libsnapshot/corpus/launch_device.txt 0 → 100644 +161 −0 Original line number Diff line number Diff line device_info_data { slot_suffix_is_a: true is_overlayfs_setup: false allow_set_boot_control_merge_status: true allow_set_slot_as_unbootable: true is_recovery: false } manager_data { is_local_image_manager: false } is_super_metadata_valid: true super_data { partitions { partition_name: "sys_a" new_partition_info { size: 3145728 } } partitions { partition_name: "vnd_a" new_partition_info { size: 3145728 } } partitions { partition_name: "prd_a" new_partition_info { size: 3145728 } } dynamic_partition_metadata { groups { name: "group_google_dp_a" size: 15728640 partition_names: "sys_a" partition_names: "vnd_a" partition_names: "prd_a" } } } has_metadata_snapshots_dir: true actions { begin_update { } } actions { create_update_snapshots { partitions { partition_name: "sys" new_partition_info { size: 3878912 } operations { type: ZERO, dst_extents { start_block: 0 num_blocks: 947 } } } partitions { partition_name: "vnd" new_partition_info { size: 3878912 } operations { type: ZERO, dst_extents { start_block: 0 num_blocks: 947 } } } partitions { partition_name: "prd" new_partition_info { size: 3878912 } operations { type: ZERO, dst_extents { start_block: 0 num_blocks: 947 } } } dynamic_partition_metadata { groups { name: "group_google_dp" size: 15728640 partition_names: "sys" partition_names: "vnd" partition_names: "prd" } } } } actions { map_update_snapshot { use_correct_super: true has_metadata_slot: true metadata_slot: 1 partition_name: "sys_b" force_writable: true timeout_millis: 3000 } } actions { map_update_snapshot { use_correct_super: true has_metadata_slot: true metadata_slot: 1 partition_name: "vnd_b" force_writable: true timeout_millis: 3000 } } actions { map_update_snapshot { use_correct_super: true has_metadata_slot: true metadata_slot: 1 partition_name: "prd_b" force_writable: true timeout_millis: 3000 } } actions { finished_snapshot_writes: false } actions { unmap_update_snapshot: "sys_b" } actions { unmap_update_snapshot: "vnd_b" } actions { unmap_update_snapshot: "prd_b" } actions { switch_slot { } } actions { need_snapshots_in_first_stage_mount { } } actions { create_logical_and_snapshot_partitions { use_correct_super: true timeout_millis: 5000 } } actions { initiate_merge { } } actions { process_update_state { } } fs_mgr/libsnapshot/fuzz.sh +8 −6 Original line number Diff line number Diff line Loading @@ -3,7 +3,8 @@ PROJECT_PATH=system/core/fs_mgr/libsnapshot FUZZ_TARGET=libsnapshot_fuzzer TARGET_ARCH=$(get_build_var TARGET_ARCH) FUZZ_BINARY=/data/fuzz/${TARGET_ARCH}/${FUZZ_TARGET}/${FUZZ_TARGET} DEVICE_CORPSE_DIR=/data/local/tmp/${FUZZ_TARGET} DEVICE_INIT_CORPUS_DIR=/data/fuzz/${TARGET_ARCH}/${FUZZ_TARGET}/corpus DEVICE_GENERATED_CORPUS_DIR=/data/local/tmp/${FUZZ_TARGET}/corpus DEVICE_GCOV_DIR=/data/local/tmp/${FUZZ_TARGET}/gcov HOST_SCRATCH_DIR=/tmp/${FUZZ_TARGET} GCOV_TOOL=${HOST_SCRATCH_DIR}/llvm-gcov Loading @@ -26,13 +27,14 @@ build_cov() { prepare_device() { adb root && adb remount && adb shell mkdir -p ${DEVICE_CORPSE_DIR} && adb shell mkdir -p ${DEVICE_GENERATED_CORPUS_DIR} && adb shell rm -rf ${DEVICE_GCOV_DIR} && adb shell mkdir -p ${DEVICE_GCOV_DIR} } push_binary() { adb push ${ANDROID_PRODUCT_OUT}/${FUZZ_BINARY} ${FUZZ_BINARY} adb push ${ANDROID_PRODUCT_OUT}/${FUZZ_BINARY} ${FUZZ_BINARY} && adb push ${ANDROID_PRODUCT_OUT}/${DEVICE_INIT_CORPUS_DIR} $(dirname ${FUZZ_BINARY}) } prepare_host() { Loading @@ -52,7 +54,7 @@ generate_corpus() { prepare_device && build_normal && push_binary && adb shell ${FUZZ_BINARY} "$@" ${DEVICE_CORPSE_DIR} adb shell ${FUZZ_BINARY} "$@" ${DEVICE_INIT_CORPUS_DIR} ${DEVICE_GENERATED_CORPUS_DIR} } run_snapshot_fuzz() { Loading @@ -62,7 +64,7 @@ run_snapshot_fuzz() { adb shell GCOV_PREFIX=${DEVICE_GCOV_DIR} GCOV_PREFIX_STRIP=3 \ ${FUZZ_BINARY} \ -runs=0 \ ${DEVICE_CORPSE_DIR} ${DEVICE_INIT_CORPUS_DIR} ${DEVICE_GENERATED_CORPUS_DIR} } show_fuzz_result() { Loading @@ -82,7 +84,7 @@ exec llvm-cov gcov "$@" # run_snapshot_fuzz -runs=10000 run_snapshot_fuzz_all() { generate_corpse "$@" && generate_corpus "$@" && run_snapshot_fuzz && show_fuzz_result } Loading
fs_mgr/TEST_MAPPING +3 −0 Original line number Diff line number Diff line Loading @@ -14,6 +14,9 @@ }, { "name": "vts_libsnapshot_test" }, { "name": "libsnapshot_fuzzer_test" } ] }
fs_mgr/libsnapshot/Android.bp +18 −2 Original line number Diff line number Diff line Loading @@ -246,8 +246,8 @@ cc_test { gtest: false, } cc_fuzz { name: "libsnapshot_fuzzer", cc_defaults { name: "libsnapshot_fuzzer_defaults", // TODO(b/154633114): make host supported. // host_supported: true, Loading Loading @@ -289,7 +289,12 @@ cc_fuzz { canonical_path_from_root: false, local_include_dirs: ["."], }, } cc_fuzz { name: "libsnapshot_fuzzer", defaults: ["libsnapshot_fuzzer_defaults"], corpus: ["corpus/*"], fuzz_config: { cc: ["android-virtual-ab+bugs@google.com"], componentid: 30545, Loading @@ -298,3 +303,14 @@ cc_fuzz { fuzz_on_haiku_device: true, }, } cc_test { name: "libsnapshot_fuzzer_test", defaults: ["libsnapshot_fuzzer_defaults"], data: ["corpus/*"], test_suites: [ "device-tests", ], auto_gen_config: true, require_root: true, }
fs_mgr/libsnapshot/android/snapshot/snapshot_fuzz.proto +8 −1 Original line number Diff line number Diff line Loading @@ -64,6 +64,7 @@ message SnapshotManagerActionProto { bool has_metadata_device_object = 1; bool metadata_mounted = 2; } reserved 18 to 9999; oneof value { NoArgs begin_update = 1; NoArgs cancel_update = 2; Loading @@ -82,6 +83,9 @@ message SnapshotManagerActionProto { NoArgs dump = 15; NoArgs ensure_metadata_mounted = 16; NoArgs get_snapshot_merge_stats_instance = 17; // Test directives that has nothing to do with ISnapshotManager API surface. NoArgs switch_slot = 10000; } } Loading @@ -97,7 +101,10 @@ message SnapshotFuzzData { bool is_super_metadata_valid = 3; chromeos_update_engine.DeltaArchiveManifest super_data = 4; // Whether the directory that mocks /metadata/ota/snapshot is created. bool has_metadata_snapshots_dir = 5; // More data used to prep the test before running actions. reserved 5 to 9999; reserved 6 to 9999; repeated SnapshotManagerActionProto actions = 10000; }
fs_mgr/libsnapshot/corpus/launch_device.txt 0 → 100644 +161 −0 Original line number Diff line number Diff line device_info_data { slot_suffix_is_a: true is_overlayfs_setup: false allow_set_boot_control_merge_status: true allow_set_slot_as_unbootable: true is_recovery: false } manager_data { is_local_image_manager: false } is_super_metadata_valid: true super_data { partitions { partition_name: "sys_a" new_partition_info { size: 3145728 } } partitions { partition_name: "vnd_a" new_partition_info { size: 3145728 } } partitions { partition_name: "prd_a" new_partition_info { size: 3145728 } } dynamic_partition_metadata { groups { name: "group_google_dp_a" size: 15728640 partition_names: "sys_a" partition_names: "vnd_a" partition_names: "prd_a" } } } has_metadata_snapshots_dir: true actions { begin_update { } } actions { create_update_snapshots { partitions { partition_name: "sys" new_partition_info { size: 3878912 } operations { type: ZERO, dst_extents { start_block: 0 num_blocks: 947 } } } partitions { partition_name: "vnd" new_partition_info { size: 3878912 } operations { type: ZERO, dst_extents { start_block: 0 num_blocks: 947 } } } partitions { partition_name: "prd" new_partition_info { size: 3878912 } operations { type: ZERO, dst_extents { start_block: 0 num_blocks: 947 } } } dynamic_partition_metadata { groups { name: "group_google_dp" size: 15728640 partition_names: "sys" partition_names: "vnd" partition_names: "prd" } } } } actions { map_update_snapshot { use_correct_super: true has_metadata_slot: true metadata_slot: 1 partition_name: "sys_b" force_writable: true timeout_millis: 3000 } } actions { map_update_snapshot { use_correct_super: true has_metadata_slot: true metadata_slot: 1 partition_name: "vnd_b" force_writable: true timeout_millis: 3000 } } actions { map_update_snapshot { use_correct_super: true has_metadata_slot: true metadata_slot: 1 partition_name: "prd_b" force_writable: true timeout_millis: 3000 } } actions { finished_snapshot_writes: false } actions { unmap_update_snapshot: "sys_b" } actions { unmap_update_snapshot: "vnd_b" } actions { unmap_update_snapshot: "prd_b" } actions { switch_slot { } } actions { need_snapshots_in_first_stage_mount { } } actions { create_logical_and_snapshot_partitions { use_correct_super: true timeout_millis: 5000 } } actions { initiate_merge { } } actions { process_update_state { } }
fs_mgr/libsnapshot/fuzz.sh +8 −6 Original line number Diff line number Diff line Loading @@ -3,7 +3,8 @@ PROJECT_PATH=system/core/fs_mgr/libsnapshot FUZZ_TARGET=libsnapshot_fuzzer TARGET_ARCH=$(get_build_var TARGET_ARCH) FUZZ_BINARY=/data/fuzz/${TARGET_ARCH}/${FUZZ_TARGET}/${FUZZ_TARGET} DEVICE_CORPSE_DIR=/data/local/tmp/${FUZZ_TARGET} DEVICE_INIT_CORPUS_DIR=/data/fuzz/${TARGET_ARCH}/${FUZZ_TARGET}/corpus DEVICE_GENERATED_CORPUS_DIR=/data/local/tmp/${FUZZ_TARGET}/corpus DEVICE_GCOV_DIR=/data/local/tmp/${FUZZ_TARGET}/gcov HOST_SCRATCH_DIR=/tmp/${FUZZ_TARGET} GCOV_TOOL=${HOST_SCRATCH_DIR}/llvm-gcov Loading @@ -26,13 +27,14 @@ build_cov() { prepare_device() { adb root && adb remount && adb shell mkdir -p ${DEVICE_CORPSE_DIR} && adb shell mkdir -p ${DEVICE_GENERATED_CORPUS_DIR} && adb shell rm -rf ${DEVICE_GCOV_DIR} && adb shell mkdir -p ${DEVICE_GCOV_DIR} } push_binary() { adb push ${ANDROID_PRODUCT_OUT}/${FUZZ_BINARY} ${FUZZ_BINARY} adb push ${ANDROID_PRODUCT_OUT}/${FUZZ_BINARY} ${FUZZ_BINARY} && adb push ${ANDROID_PRODUCT_OUT}/${DEVICE_INIT_CORPUS_DIR} $(dirname ${FUZZ_BINARY}) } prepare_host() { Loading @@ -52,7 +54,7 @@ generate_corpus() { prepare_device && build_normal && push_binary && adb shell ${FUZZ_BINARY} "$@" ${DEVICE_CORPSE_DIR} adb shell ${FUZZ_BINARY} "$@" ${DEVICE_INIT_CORPUS_DIR} ${DEVICE_GENERATED_CORPUS_DIR} } run_snapshot_fuzz() { Loading @@ -62,7 +64,7 @@ run_snapshot_fuzz() { adb shell GCOV_PREFIX=${DEVICE_GCOV_DIR} GCOV_PREFIX_STRIP=3 \ ${FUZZ_BINARY} \ -runs=0 \ ${DEVICE_CORPSE_DIR} ${DEVICE_INIT_CORPUS_DIR} ${DEVICE_GENERATED_CORPUS_DIR} } show_fuzz_result() { Loading @@ -82,7 +84,7 @@ exec llvm-cov gcov "$@" # run_snapshot_fuzz -runs=10000 run_snapshot_fuzz_all() { generate_corpse "$@" && generate_corpus "$@" && run_snapshot_fuzz && show_fuzz_result }
