Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit bf40c084 authored by Wenhao Wang's avatar Wenhao Wang
Browse files

trusty: Add ExtraCounters to Confirmationui Fuzzer 

Add ExtraCounters to Confirmationui fuzzer so that the fuzzer can
grab the coverage information of the Confirmationui TA.

Bug: 174402999
Bug: 171750250
Test: /data/fuzz/arm64/trusty_confirmationui_fuzzer/trusty_confirmationui_fuzzer
Change-Id: I2e287281e7c8100f0d48413fbe0ff99d397a74c1
parent bca7bfcc

trusty/confirmationui/fuzz/fuzz.cpp

+24 −1
Original line number Diff line number Diff line
@@ -19,24 +19,47 @@ 
#include <assert.h>

#include <log/log.h>

#include <stdlib.h>

#include <trusty/coverage/coverage.h>

#include <trusty/fuzz/counters.h>

#include <trusty/fuzz/utils.h>

#include <unistd.h>



using android::trusty::coverage::CoverageRecord;

using android::trusty::fuzz::ExtraCounters;

using android::trusty::fuzz::TrustyApp;



#define TIPC_DEV "/dev/trusty-ipc-dev0"

#define CONFIRMATIONUI_PORT "com.android.trusty.confirmationui"



/* ConfirmationUI TA's UUID is 7dee2364-c036-425b-b086-df0f6c233c1b */

static struct uuid confirmationui_uuid = {

    0x7dee2364,

    0xc036,

    0x425b,

    {0xb0, 0x86, 0xdf, 0x0f, 0x6c, 0x23, 0x3c, 0x1b},

};



static CoverageRecord record(TIPC_DEV, &confirmationui_uuid);



extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {

    auto ret = record.Open();

    assert(ret.ok());

    return 0;

}



extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

    static uint8_t buf[TIPC_MAX_MSG_SIZE];



    ExtraCounters counters(&record);

    counters.Reset();



    TrustyApp ta(TIPC_DEV, CONFIRMATIONUI_PORT);

    auto ret = ta.Connect();

    if (!ret.ok()) {

        android::trusty::fuzz::Abort();

    }



    /* Send message to confirmationui server */

    /* Write message to confirmationui server */

    ret = ta.Write(data, size);

    if (!ret.ok()) {

        return -1;