9711ad3d0e9792eb7073cc8525eaaefe49285b9c - android_frameworks_native

commit	9711ad3d0e9792eb7073cc8525eaaefe49285b9c	[log] [tgz]
author	Steven Moreland <smoreland@google.com>	Wed Mar 16 01:03:02 2022 +0000
committer	Steven Moreland <smoreland@google.com>	Wed Mar 16 01:05:44 2022 +0000
tree	fef24e9b39b89c7ceefa3dd6738a4ee21fa56af3
parent	8a2607c4aa1519e68f2e99529d6f5036a5b2c5dc [diff]

libbinder_random_parcel: driver writes iface token

It's really hard for the fuzzer to guess the interface token, so
rather than generating corpus or dictionaries for these for every
fuzzer, have the driver do this.

As a follow-up, we should have the driver keep track of binder
objects which are returned inside of the reply Parcel and also
fuzz these objects as well as send them back into the service.

Bug: 224646709
Test: vibrator example fuzzer instantly hits code inside of the
    vibrator service when fuzzing.
Change-Id: Idf1970439b87a01b44df1904605858c98a49e81a

libs/binder/tests/parcel_fuzzer/include_random_parcel/fuzzbinder/random_parcel.h[diff]
libs/binder/tests/parcel_fuzzer/libbinder_driver.cpp[diff]
libs/binder/tests/parcel_fuzzer/random_parcel.cpp[diff]

3 files changed

tree: fef24e9b39b89c7ceefa3dd6738a4ee21fa56af3

aidl/
build/
cmds/
data/
docs/
headers/
include/
include_sensor/
libs/
opengl/
services/
vulkan/
.clang-format
.gitignore
Android.bp
CleanSpec.mk
METADATA
MODULE_LICENSE_APACHE2
NOTICE
PREUPLOAD.cfg
TEST_MAPPING