diff options
author | Pawan Wagh <waghpawan@google.com> | 2023-06-08 21:16:11 +0000 |
---|---|---|
committer | Pawan Wagh <waghpawan@google.com> | 2023-06-12 20:31:57 +0000 |
commit | c14ae0d81fdd6db57edfd6085c969d62e8f59234 (patch) | |
tree | e89e06e507b3ab62439add434081f9a3a3e9bc0e /identity | |
parent | 1600dc1a474ba2e8927e9391ed1c0aa158b42b3f (diff) | |
download | security-c14ae0d81fdd6db57edfd6085c969d62e8f59234.tar.gz |
Adding AIDL Service fuzzer for identity service
Test: m credstore_service_fuzzer && adb sync data && adb shell /data/fuzz/x86_64/credstore_service_fuzzer/credstore_service_fuzzer
Test: atest android.security.identity.cts
Bug: 232439428
Change-Id: I57494ad6a17e1a4a9dcb80d778edfd77a892790a
Diffstat (limited to 'identity')
-rw-r--r-- | identity/Android.bp | 37 | ||||
-rw-r--r-- | identity/fuzzers/credstore_service_fuzzer.cpp | 62 |
2 files changed, 94 insertions, 5 deletions
diff --git a/identity/Android.bp b/identity/Android.bp index da0df076..007a3105 100644 --- a/identity/Android.bp +++ b/identity/Android.bp @@ -22,8 +22,8 @@ cc_defaults { } -cc_binary { - name: "credstore", +cc_defaults { + name: "credstore_defaults", defaults: [ "identity_defaults", "identity_use_latest_hal_aidl_cpp_static", @@ -31,7 +31,6 @@ cc_binary { "keymint_use_latest_hal_aidl_cpp_static", "android.hardware.identity-support-lib-deps", ], - srcs: [ "Credential.cpp", "CredentialData.cpp", @@ -40,9 +39,7 @@ cc_binary { "Session.cpp", "Util.cpp", "WritableCredential.cpp", - "main.cpp", ], - init_rc: ["credstore.rc"], shared_libs: [ "android.hardware.keymaster@4.0", "android.security.authorization-ndk", @@ -68,6 +65,17 @@ cc_binary { ], } +cc_binary { + name: "credstore", + defaults: [ + "credstore_defaults", + ], + srcs: [ + "main.cpp", + ], + init_rc: ["credstore.rc"], +} + filegroup { name: "credstore_aidl", srcs: [ @@ -112,3 +120,22 @@ cc_library_static { "libbinder", ], } + +cc_fuzz { + name: "credstore_service_fuzzer", + defaults: [ + "credstore_defaults", + "service_fuzzer_defaults", + "fuzzer_disable_leaks", + ], + srcs: [ + "fuzzers/credstore_service_fuzzer.cpp", + ], + fuzz_config: { + triage_assignee: "waghpawan@google.com", + cc: [ + "trong@google.com", + "zeuthen@google.com", + ] + }, +} diff --git a/identity/fuzzers/credstore_service_fuzzer.cpp b/identity/fuzzers/credstore_service_fuzzer.cpp new file mode 100644 index 00000000..008cb0d8 --- /dev/null +++ b/identity/fuzzers/credstore_service_fuzzer.cpp @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2023 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <android-base/logging.h> +#include <fuzzbinder/libbinder_driver.h> +#include <sys/stat.h> + +#include "CredentialStoreFactory.h" + +using android::security::identity::CredentialStoreFactory; +using namespace android; + +void clearDirectory(const char* dirpath, bool recursive) { + DIR* dir = opendir(dirpath); + CHECK(dir != nullptr); + dirent* e; + struct stat s; + while ((e = readdir(dir)) != nullptr) { + if ((strcmp(e->d_name, ".") == 0) || (strcmp(e->d_name, "..") == 0)) { + continue; + } + std::string filename(dirpath); + filename.push_back('/'); + filename.append(e->d_name); + int stat_result = lstat(filename.c_str(), &s); + CHECK_EQ(0, stat_result) << "unable to stat " << filename; + if (S_ISDIR(s.st_mode)) { + if (recursive) { + clearDirectory(filename.c_str(), true); + int rmdir_result = rmdir(filename.c_str()); + CHECK_EQ(0, rmdir_result) << filename; + } + } else { + int unlink_result = unlink(filename.c_str()); + CHECK_EQ(0, unlink_result) << filename; + } + } + closedir(dir); +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + std::string dataDir = "/data/cred_store_fuzzer"; + mkdir(dataDir.c_str(), 0700); + sp<CredentialStoreFactory> service = sp<CredentialStoreFactory>::make(dataDir); + fuzzService(service, FuzzedDataProvider(data, size)); + clearDirectory(dataDir.c_str(), true); + rmdir(dataDir.c_str()); + return 0; +} |