diff options
author | Pawan Wagh <waghpawan@google.com> | 2023-06-07 17:59:41 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-06-07 17:59:41 +0000 |
commit | e0a843d5f4666f3c4f76d7d24541f157a8fad8c7 (patch) | |
tree | fa99ebbf75f43584f6fa82cb98327d4044821cc1 | |
parent | 75251cc522fe742b4b77dd497043231119f5db83 (diff) | |
parent | 8551d6a0d74f33e5d01a81b3ad8c54f1193cc84e (diff) | |
download | wificond-e0a843d5f4666f3c4f76d7d24541f157a8fad8c7.tar.gz |
Adding AIDL service fuzzer for wificond am: 8551d6a0d7
Original change: https://android-review.googlesource.com/c/platform/system/connectivity/wificond/+/2612933
Change-Id: I738745afa3d4e452ffb55b0bfcc52f7bd70f3793
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | Android.bp | 49 | ||||
-rw-r--r-- | fuzzers/wificond_service_fuzzer.cpp | 63 |
2 files changed, 101 insertions, 11 deletions
@@ -53,20 +53,13 @@ cc_defaults { include_dirs: ["system/connectivity"], } -// -// wificond daemon. -// -cc_binary { - name: "wificond", +cc_defaults { + name: "wificond_default_libs", defaults: [ "keystore2_use_latest_aidl_ndk_shared", "wificond_defaults", ], - init_rc: ["wificond.rc"], - srcs: [ - "main.cpp", - "wifi_keystore_hal_connector.cpp" - ], + include_dirs: ["system/security/keystore/include"], shared_libs: [ @@ -87,7 +80,22 @@ cc_binary { static_libs: [ "libnlinterceptor", "libwificond", // Wificond daemon - "libwifikeystorehal" // Wifi Keystore HAL service + "libwifikeystorehal", // Wifi Keystore HAL service + ], +} + +// +// wificond daemon. +// +cc_binary { + name: "wificond", + defaults: [ + "wificond_default_libs", + ], + init_rc: ["wificond.rc"], + srcs: [ + "main.cpp", + "wifi_keystore_hal_connector.cpp", ], } @@ -319,3 +327,22 @@ cc_test { "libwificond_test_utils", ], } + +cc_fuzz { + name: "wificond_service_fuzzer", + defaults: [ + "wificond_default_libs", + "service_fuzzer_defaults", + "fuzzer_disable_leaks", + ], + srcs: [ + "fuzzers/wificond_service_fuzzer.cpp", + ], + fuzz_config: { + triage_assignee: "waghpawan@google.com", + cc: [ + "etancohen@google.com", + "gbiren@google.com", + ], + }, +} diff --git a/fuzzers/wificond_service_fuzzer.cpp b/fuzzers/wificond_service_fuzzer.cpp new file mode 100644 index 0000000..503568f --- /dev/null +++ b/fuzzers/wificond_service_fuzzer.cpp @@ -0,0 +1,63 @@ +/* + * Copyright (C) 2023 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <fuzzbinder/libbinder_driver.h> +#include <fuzzbinder/random_fd.h> + +#include <android-base/logging.h> +#include <android-base/macros.h> +#include <cutils/properties.h> +#include <wifi_system/interface_tool.h> + +#include "wificond/looper_backed_event_loop.h" +#include "wificond/net/netlink_manager.h" +#include "wificond/net/netlink_utils.h" +#include "wificond/scanning/scan_utils.h" +#include "wificond/server.h" + +using android::net::wifi::nl80211::IWificond; +using android::wifi_system::InterfaceTool; +using std::unique_ptr; +using android::base::unique_fd; +using namespace android; + +void fuzzOnBinderReadReady(int /*fd*/) {} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + + FuzzedDataProvider provider(data, size); + auto randomFds = getRandomFds(&provider); + + auto eventDispatcher = std::make_unique<wificond::LooperBackedEventLoop>(); + eventDispatcher->WatchFileDescriptor( + randomFds[provider.ConsumeIntegralInRange<size_t>(0, randomFds.size() - 1)].get(), + android::wificond::EventLoop::kModeInput, + &fuzzOnBinderReadReady); + + android::wificond::NetlinkManager netlinkManager(eventDispatcher.get()); + if (!netlinkManager.Start()) { + LOG(ERROR) << "Failed to start netlink manager"; + } + android::wificond::NetlinkUtils netlinkUtils(&netlinkManager); + android::wificond::ScanUtils scanUtils(&netlinkManager); + + auto server = sp<android::wificond::Server>::make( + std::make_unique<InterfaceTool>(), + &netlinkUtils, + &scanUtils); + fuzzService(server, FuzzedDataProvider(data, size)); + return 0; +} |