Adding AIDL service fuzzer for wificond

Test: m wificond_service_fuzzer && adb sync data && adb shell /data/fuzz/arm64/wificond_service_fuzzer/wificond_service_fuzzer Bug: 232439428 Change-Id: I22b1d636f2c5209c9bc996d758331a43c3b8133a
author: Pawan Wagh <waghpawan@google.com> 2023-06-03 01:27:01 +0000
committer: Pawan Wagh <waghpawan@google.com> 2023-06-06 18:19:34 +0000
commit: 1b5c668d71172e2de033b5db4befd96b408eb024 (patch)
tree: 656a4dbe5cbf9f643bb0ed31de2857080ca50e0e
parent: 9b875c8e2f4535c65c32cea68a1dba14913fdaf2 (diff)
download: wificond-1b5c668d71172e2de033b5db4befd96b408eb024.tar.gz
2 files changed, 101 insertions, 11 deletions
diff --git a/Android.bp b/Android.bp
index a239fc9..80ee6b8 100644
--- a/Android.bp
+++ b/Android.bp
@@ -53,20 +53,13 @@ cc_defaults {
     include_dirs: ["system/connectivity"],
 }
 
-//
-// wificond daemon.
-//
-cc_binary {
-    name: "wificond",
+cc_defaults {
+    name: "wificond_default_libs",
     defaults: [
         "keystore2_use_latest_aidl_ndk_shared",
         "wificond_defaults",
     ],
-    init_rc: ["wificond.rc"],
-    srcs: [
-        "main.cpp",
-        "wifi_keystore_hal_connector.cpp"
-    ],
+
     include_dirs: ["system/security/keystore/include"],
 
     shared_libs: [
@@ -87,7 +80,22 @@ cc_binary {
         "android.system.wifi.keystore@1.0",
         "libnlinterceptor",
         "libwificond", // Wificond daemon
-        "libwifikeystorehal"  // Wifi Keystore HAL service
+        "libwifikeystorehal", // Wifi Keystore HAL service
+    ],
+}
+
+//
+// wificond daemon.
+//
+cc_binary {
+    name: "wificond",
+    defaults: [
+        "wificond_default_libs",
+    ],
+    init_rc: ["wificond.rc"],
+    srcs: [
+        "main.cpp",
+        "wifi_keystore_hal_connector.cpp",
     ],
 }
 
@@ -319,3 +327,22 @@ cc_test {
         "libwificond_test_utils",
     ],
 }
+
+cc_fuzz {
+    name: "wificond_service_fuzzer",
+    defaults: [
+        "wificond_default_libs",
+        "service_fuzzer_defaults",
+        "fuzzer_disable_leaks",
+    ],
+    srcs: [
+        "fuzzers/wificond_service_fuzzer.cpp",
+    ],
+    fuzz_config: {
+        triage_assignee: "waghpawan@google.com",
+        cc: [
+            "etancohen@google.com",
+            "gbiren@google.com",
+        ],
+    },
+}
diff --git a/fuzzers/wificond_service_fuzzer.cpp b/fuzzers/wificond_service_fuzzer.cpp
new file mode 100644
index 0000000..503568f
--- /dev/null
+++ b/fuzzers/wificond_service_fuzzer.cpp
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <fuzzbinder/libbinder_driver.h>
+#include <fuzzbinder/random_fd.h>
+
+#include <android-base/logging.h>
+#include <android-base/macros.h>
+#include <cutils/properties.h>
+#include <wifi_system/interface_tool.h>
+
+#include "wificond/looper_backed_event_loop.h"
+#include "wificond/net/netlink_manager.h"
+#include "wificond/net/netlink_utils.h"
+#include "wificond/scanning/scan_utils.h"
+#include "wificond/server.h"
+
+using android::net::wifi::nl80211::IWificond;
+using android::wifi_system::InterfaceTool;
+using std::unique_ptr;
+using android::base::unique_fd;
+using namespace android;
+
+void fuzzOnBinderReadReady(int /*fd*/) {}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+
+    FuzzedDataProvider provider(data, size);
+    auto randomFds = getRandomFds(&provider);
+
+    auto eventDispatcher = std::make_unique<wificond::LooperBackedEventLoop>();
+    eventDispatcher->WatchFileDescriptor(
+        randomFds[provider.ConsumeIntegralInRange<size_t>(0, randomFds.size() - 1)].get(),
+        android::wificond::EventLoop::kModeInput,
+        &fuzzOnBinderReadReady);
+
+    android::wificond::NetlinkManager netlinkManager(eventDispatcher.get());
+    if (!netlinkManager.Start()) {
+        LOG(ERROR) << "Failed to start netlink manager";
+    }
+    android::wificond::NetlinkUtils netlinkUtils(&netlinkManager);
+    android::wificond::ScanUtils scanUtils(&netlinkManager);
+
+    auto server = sp<android::wificond::Server>::make(
+              std::make_unique<InterfaceTool>(),
+              &netlinkUtils,
+              &scanUtils);
+    fuzzService(server, FuzzedDataProvider(data, size));
+    return 0;
+}
author	Pawan Wagh <waghpawan@google.com>	2023-06-03 01:27:01 +0000
committer	Pawan Wagh <waghpawan@google.com>	2023-06-06 18:19:34 +0000
commit	1b5c668d71172e2de033b5db4befd96b408eb024 (patch)
tree	656a4dbe5cbf9f643bb0ed31de2857080ca50e0e
parent	9b875c8e2f4535c65c32cea68a1dba14913fdaf2 (diff)
download	wificond-1b5c668d71172e2de033b5db4befd96b408eb024.tar.gz