libsnapshot_fuzzer: add additional tests for more APIs (c0df932a) · Commits · e / os / android_system_core

fs_mgr/libsnapshot/android/snapshot/snapshot_fuzz.proto

+12 −6

Original line number	Diff line number	Diff line
		@@ -40,16 +40,19 @@ message SnapshotManagerActionProto {
		bool has_before_cancel = 1;
		bool fail_before_cancel = 2;
		}
		message CreateLogicalAndSnapshotPartitionsArgs {
		bool use_correct_super = 1;
		string super = 2;
		int64 timeout_millis = 3;
		}
		message RecoveryCreateSnapshotDevicesArgs {
		bool has_metadata_device_object = 1;
		bool metadata_mounted = 2;
		}
		reserved 7;
		reserved "create_update_snapshots";
		reserved 8;
		reserved "map_update_snapshot";
		reserved 9;
		reserved "unmap_update_snapshot";
		reserved 11;
		reserved "create_logical_and_snapshot_partitions";
		reserved 14;
		reserved "recovery_create_snapshot_devices_with_metadata";
		oneof value {
		NoArgs begin_update = 1;
		NoArgs cancel_update = 2;
		@@ -57,9 +60,12 @@ message SnapshotManagerActionProto {
		NoArgs initiate_merge = 4;
		ProcessUpdateStateArgs process_update_state = 5;
		bool get_update_state = 6;
		string unmap_update_snapshot = 9;
		NoArgs need_snapshots_in_first_stage_mount = 10;
		CreateLogicalAndSnapshotPartitionsArgs create_logical_and_snapshot_partitions = 11;
		bool handle_imminent_data_wipe = 12;
		NoArgs recovery_create_snapshot_devices = 13;
		RecoveryCreateSnapshotDevicesArgs recovery_create_snapshot_devices_with_metadata = 14;
		NoArgs dump = 15;
		NoArgs ensure_metadata_mounted = 16;
		NoArgs get_snapshot_merge_stats_instance = 17;

fs_mgr/libsnapshot/fuzz_utils.h

+12 −0

Original line number	Diff line number	Diff line
		@@ -169,6 +169,18 @@ struct ActionPerfomer<FuzzFunction, void()> {
		}
		};

		template <typename FuzzFunction>
		struct ActionPerfomer<FuzzFunction, void(const std::string&)> {
		static void Invoke(typename FuzzFunction::Class* module,
		const google::protobuf::Message& action_proto,
		const google::protobuf::FieldDescriptor* field_desc) {
		std::string scratch;
		const std::string& arg = action_proto.GetReflection()->GetStringReference(
		action_proto, field_desc, &scratch);
		FuzzFunction::ImplBody(module, arg);
		}
		};

		} // namespace android::fuzz

		// Fuzz existing C++ class, ClassType, with a collection of functions under the name Action.

fs_mgr/libsnapshot/snapshot_fuzz.cpp

+41 −6

Original line number	Diff line number	Diff line
		@@ -51,9 +51,15 @@ std::string GetDsuSlot(const std::string& install_dir) {

		namespace android::snapshot {

		SnapshotFuzzEnv* GetSnapshotFuzzEnv();

		FUZZ_CLASS(ISnapshotManager, SnapshotManagerAction);

		using ProcessUpdateStateArgs = SnapshotManagerAction::Proto::ProcessUpdateStateArgs;
		using CreateLogicalAndSnapshotPartitionsArgs =
		SnapshotManagerAction::Proto::CreateLogicalAndSnapshotPartitionsArgs;
		using RecoveryCreateSnapshotDevicesArgs =
		SnapshotManagerAction::Proto::RecoveryCreateSnapshotDevicesArgs;

		FUZZ_SIMPLE_FUNCTION(SnapshotManagerAction, BeginUpdate);
		FUZZ_SIMPLE_FUNCTION(SnapshotManagerAction, CancelUpdate);
		@@ -96,6 +102,31 @@ SNAPSHOT_FUZZ_FUNCTION(Dump) {
		(void)snapshot->Dump(ss);
		}

		SNAPSHOT_FUZZ_FUNCTION(UnmapUpdateSnapshot, const std::string& name) {
		(void)snapshot->UnmapUpdateSnapshot(name);
		}

		SNAPSHOT_FUZZ_FUNCTION(CreateLogicalAndSnapshotPartitions,
		const CreateLogicalAndSnapshotPartitionsArgs& args) {
		const std::string* super;
		if (args.use_correct_super()) {
		super = &GetSnapshotFuzzEnv()->super();
		} else {
		super = &args.super();
		}
		(void)snapshot->CreateLogicalAndSnapshotPartitions(
		*super, std::chrono::milliseconds(args.timeout_millis()));
		}

		SNAPSHOT_FUZZ_FUNCTION(RecoveryCreateSnapshotDevicesWithMetadata,
		const RecoveryCreateSnapshotDevicesArgs& args) {
		std::unique_ptr<AutoDevice> device;
		if (args.has_metadata_device_object()) {
		device = std::make_unique<DummyAutoDevice>(args.metadata_mounted());
		}
		(void)snapshot->RecoveryCreateSnapshotDevices(device);
		}

		// During global init, log all messages to stdio. This is only done once.
		int AllowLoggingDuringGlobalInit() {
		SetLogger(&StdioLogger);
		@@ -116,18 +147,22 @@ int StopLoggingAfterGlobalInit() {
		return 0;
		}

		SnapshotFuzzEnv* GetSnapshotFuzzEnv() {
		[[maybe_unused]] static auto allow_logging = AllowLoggingDuringGlobalInit();
		static SnapshotFuzzEnv env;
		[[maybe_unused]] static auto stop_logging = StopLoggingAfterGlobalInit();
		return &env;
		}

		} // namespace android::snapshot

		DEFINE_PROTO_FUZZER(const SnapshotFuzzData& snapshot_fuzz_data) {
		using namespace android::snapshot;

		[[maybe_unused]] static auto allow_logging = AllowLoggingDuringGlobalInit();
		static SnapshotFuzzEnv env;
		[[maybe_unused]] static auto stop_logging = StopLoggingAfterGlobalInit();

		env.CheckSoftReset();
		auto env = GetSnapshotFuzzEnv();
		env->CheckSoftReset();

		auto snapshot_manager = env.CheckCreateSnapshotManager(snapshot_fuzz_data);
		auto snapshot_manager = env->CheckCreateSnapshotManager(snapshot_fuzz_data);
		CHECK(snapshot_manager);

		SnapshotManagerAction::ExecuteAll(snapshot_manager.get(), snapshot_fuzz_data.actions());

fs_mgr/libsnapshot/snapshot_fuzz_utils.h

+5 −0

Original line number	Diff line number	Diff line
		@@ -30,6 +30,11 @@ namespace android::snapshot {

		class AutoMemBasedDir;

		class DummyAutoDevice : public AutoDevice {
		public:
		DummyAutoDevice(bool mounted) : AutoDevice(mounted ? "dummy" : "") {}
		};

		// Prepare test environment. This has a heavy overhead and should be done once.
		class SnapshotFuzzEnv {
		public: