trusty: Generic parameterizable TIPC fuzzer

        "libtrusty",

    ],

}

// Generic TIPC fuzzer, must parameterized using:

//  -DTRUSTY_APP_PORT=<port name of TA being fuzzed>

//  -DTRUSTY_APP_UUID=<UUID of TA being fuzzed>

//  -DTRUSTY_APP_FILENAME=<name of symbolized elf binary of the TA>

filegroup {

    name: "trusty_tipc_fuzzer",

    srcs: ["tipc_fuzzer.cpp"],

}

cc_fuzz {

    name: "trusty_test_fuzzer",

    defaults: ["trusty_fuzzer_defaults"],

    srcs: ["fuzz.cpp"],

    srcs: [":trusty_tipc_fuzzer"],

    cflags: [

        "-DTRUSTY_APP_PORT=\"com.android.trusty.sancov.test.srv\"",

        "-DTRUSTY_APP_UUID=\"77f68803-c514-43ba-bdce-3254531c3d24\"",

        "-DTRUSTY_APP_FILENAME=\"srv.syms.elf\"",

    ]

}

/*

 * Copyright (C) 2020 The Android Open Source Project

 * Copyright (C) 2021 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

#include <stdlib.h>

#include <trusty/coverage/coverage.h>

#include <trusty/coverage/uuid.h>

#include <trusty/fuzz/counters.h>

#include <trusty/fuzz/utils.h>

#include <unistd.h>

#include <iostream>

#include <memory>

using android::trusty::coverage::CoverageRecord;

using android::trusty::fuzz::ExtraCounters;

using android::trusty::fuzz::TrustyApp;

#define TIPC_DEV "/dev/trusty-ipc-dev0"

#define TEST_SRV_PORT "com.android.trusty.sancov.test.srv"

/* Test server's UUID is 77f68803-c514-43ba-bdce-3254531c3d24 */

static struct uuid test_srv_uuid = {

        0x77f68803,

        0xc514,

        0x43ba,

        {0xbd, 0xce, 0x32, 0x54, 0x53, 0x1c, 0x3d, 0x24},

};

#ifndef TRUSTY_APP_PORT

#error "Port name must be parameterized using -DTRUSTY_APP_PORT."

#endif

static CoverageRecord record(TIPC_DEV, &test_srv_uuid);

#ifndef TRUSTY_APP_UUID

#error "UUID must be parameterized using -DTRUSTY_APP_UUID."

#endif

#ifndef TRUSTY_APP_FILENAME

#error "Binary file name must be parameterized using -DTRUSTY_APP_FILENAME."

#endif

static std::unique_ptr<CoverageRecord> record;

extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {

    auto ret = record.Open();

    uuid module_uuid;

    if (!str_to_uuid(TRUSTY_APP_UUID, &module_uuid)) {

        std::cerr << "Failed to parse UUID: " << TRUSTY_APP_UUID << std::endl;

        exit(-1);

    }

    record = std::make_unique<CoverageRecord>(TIPC_DEV, &module_uuid, TRUSTY_APP_FILENAME);

    if (!record) {

        std::cerr << "Failed to allocate coverage record" << std::endl;

        exit(-1);

    }

    auto ret = record->Open();

    if (!ret.ok()) {

        std::cerr << ret.error() << std::endl;

        exit(-1);

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

    static uint8_t buf[TIPC_MAX_MSG_SIZE];

    ExtraCounters counters(&record);

    ExtraCounters counters(record.get());

    counters.Reset();

    TrustyApp ta(TIPC_DEV, TEST_SRV_PORT);

    TrustyApp ta(TIPC_DEV, TRUSTY_APP_PORT);

    auto ret = ta.Connect();

    if (!ret.ok()) {

        std::cerr << ret.error() << std::endl;

        android::trusty::fuzz::Abort();

    }

    /* Send message to test server */

    ret = ta.Write(data, size);

    if (!ret.ok()) {

        return -1;

    }

    /* Read message from test server */

    ret = ta.Read(&buf, sizeof(buf));

    if (!ret.ok()) {

        return -1;