libsnapshot_fuzzer: add initial corpus (b2e93959) · Commits · e / os / android_system_core

fs_mgr/libsnapshot/Android.bp

+1 −1

Original line number	Diff line number	Diff line
		@@ -289,7 +289,7 @@ cc_fuzz {
		canonical_path_from_root: false,
		local_include_dirs: ["."],
		},

		corpus: ["corpus/*"],
		fuzz_config: {
		cc: ["android-virtual-ab+bugs@google.com"],
		componentid: 30545,

fs_mgr/libsnapshot/corpus/launch_device.txt

0 → 100644

+161 −0

Original line number	Diff line number	Diff line
		device_info_data {
		slot_suffix_is_a: true
		is_overlayfs_setup: false
		allow_set_boot_control_merge_status: true
		allow_set_slot_as_unbootable: true
		is_recovery: false
		}
		manager_data {
		is_local_image_manager: false
		}
		is_super_metadata_valid: true
		super_data {
		partitions {
		partition_name: "sys_a"
		new_partition_info {
		size: 3145728
		}
		}
		partitions {
		partition_name: "vnd_a"
		new_partition_info {
		size: 3145728
		}
		}
		partitions {
		partition_name: "prd_a"
		new_partition_info {
		size: 3145728
		}
		}
		dynamic_partition_metadata {
		groups {
		name: "group_google_dp_a"
		size: 15728640
		partition_names: "sys_a"
		partition_names: "vnd_a"
		partition_names: "prd_a"
		}
		}
		}
		has_metadata_snapshots_dir: true
		actions {
		begin_update {
		}
		}
		actions {
		create_update_snapshots {
		partitions {
		partition_name: "sys"
		new_partition_info {
		size: 3878912
		}
		operations {
		type: ZERO,
		dst_extents {
		start_block: 0
		num_blocks: 947
		}
		}
		}
		partitions {
		partition_name: "vnd"
		new_partition_info {
		size: 3878912
		}
		operations {
		type: ZERO,
		dst_extents {
		start_block: 0
		num_blocks: 947
		}
		}
		}
		partitions {
		partition_name: "prd"
		new_partition_info {
		size: 3878912
		}
		operations {
		type: ZERO,
		dst_extents {
		start_block: 0
		num_blocks: 947
		}
		}
		}
		dynamic_partition_metadata {
		groups {
		name: "group_google_dp"
		size: 15728640
		partition_names: "sys"
		partition_names: "vnd"
		partition_names: "prd"
		}
		}
		}
		}
		actions {
		map_update_snapshot {
		use_correct_super: true
		has_metadata_slot: true
		metadata_slot: 1
		partition_name: "sys_b"
		force_writable: true
		timeout_millis: 3000
		}
		}
		actions {
		map_update_snapshot {
		use_correct_super: true
		has_metadata_slot: true
		metadata_slot: 1
		partition_name: "vnd_b"
		force_writable: true
		timeout_millis: 3000
		}
		}
		actions {
		map_update_snapshot {
		use_correct_super: true
		has_metadata_slot: true
		metadata_slot: 1
		partition_name: "prd_b"
		force_writable: true
		timeout_millis: 3000
		}
		}
		actions {
		finished_snapshot_writes: false
		}
		actions {
		unmap_update_snapshot: "sys_b"
		}
		actions {
		unmap_update_snapshot: "vnd_b"
		}
		actions {
		unmap_update_snapshot: "prd_b"
		}
		actions {
		switch_slot {
		}
		}
		actions {
		need_snapshots_in_first_stage_mount {
		}
		}
		actions {
		create_logical_and_snapshot_partitions {
		use_correct_super: true
		timeout_millis: 5000
		}
		}
		actions {
		initiate_merge {
		}
		}
		actions {
		process_update_state {
		}
		}

fs_mgr/libsnapshot/fuzz.sh

+8 −6

Original line number	Diff line number	Diff line
		@@ -3,7 +3,8 @@ PROJECT_PATH=system/core/fs_mgr/libsnapshot
		FUZZ_TARGET=libsnapshot_fuzzer
		TARGET_ARCH=$(get_build_var TARGET_ARCH)
		FUZZ_BINARY=/data/fuzz/${TARGET_ARCH}/${FUZZ_TARGET}/${FUZZ_TARGET}
		DEVICE_CORPSE_DIR=/data/local/tmp/${FUZZ_TARGET}
		DEVICE_INIT_CORPUS_DIR=/data/fuzz/${TARGET_ARCH}/${FUZZ_TARGET}/corpus
		DEVICE_GENERATED_CORPUS_DIR=/data/local/tmp/${FUZZ_TARGET}/corpus
		DEVICE_GCOV_DIR=/data/local/tmp/${FUZZ_TARGET}/gcov
		HOST_SCRATCH_DIR=/tmp/${FUZZ_TARGET}
		GCOV_TOOL=${HOST_SCRATCH_DIR}/llvm-gcov
		@@ -26,13 +27,14 @@ build_cov() {

		prepare_device() {
		adb root && adb remount &&
		adb shell mkdir -p ${DEVICE_CORPSE_DIR} &&
		adb shell mkdir -p ${DEVICE_GENERATED_CORPUS_DIR} &&
		adb shell rm -rf ${DEVICE_GCOV_DIR} &&
		adb shell mkdir -p ${DEVICE_GCOV_DIR}
		}

		push_binary() {
		adb push ${ANDROID_PRODUCT_OUT}/${FUZZ_BINARY} ${FUZZ_BINARY}
		adb push ${ANDROID_PRODUCT_OUT}/${FUZZ_BINARY} ${FUZZ_BINARY} &&
		adb push ${ANDROID_PRODUCT_OUT}/${DEVICE_INIT_CORPUS_DIR} $(dirname ${FUZZ_BINARY})
		}

		prepare_host() {
		@@ -52,7 +54,7 @@ generate_corpus() {
		prepare_device &&
		build_normal &&
		push_binary &&
		adb shell ${FUZZ_BINARY} "$@" ${DEVICE_CORPSE_DIR}
		adb shell ${FUZZ_BINARY} "$@" ${DEVICE_INIT_CORPUS_DIR} ${DEVICE_GENERATED_CORPUS_DIR}
		}

		run_snapshot_fuzz() {
		@@ -62,7 +64,7 @@ run_snapshot_fuzz() {
		adb shell GCOV_PREFIX=${DEVICE_GCOV_DIR} GCOV_PREFIX_STRIP=3 \
		${FUZZ_BINARY} \
		-runs=0 \
		${DEVICE_CORPSE_DIR}
		${DEVICE_INIT_CORPUS_DIR} ${DEVICE_GENERATED_CORPUS_DIR}
		}

		show_fuzz_result() {
		@@ -82,7 +84,7 @@ exec llvm-cov gcov "$@"

		# run_snapshot_fuzz -runs=10000
		run_snapshot_fuzz_all() {
		generate_corpse "$@" &&
		generate_corpus "$@" &&
		run_snapshot_fuzz &&
		show_fuzz_result
		}