commit 6dfc509ab2e4b41af14d2cb041ada2a2d2532de5
author Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Mon Mar 03 18:55:12 2025 -0800
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Mar 03 18:55:12 2025 -0800
tree 9690a20d3d6817c0c9e2895026b5bfd251b13b3c
parent 48f26a3c63d9d96f2dab906b81142aaa9ecd03c9
parent 19561e21b3a60f3938180de1ddde6b1294948557

Merge "Add meta transactions in fuzzService" into main

libs/binder/tests/parcel_fuzzer/Android.bp

diff --git a/libs/binder/tests/parcel_fuzzer/Android.bp b/libs/binder/tests/parcel_fuzzer/Android.bp
index cac054e..457eaa5 100644
--- a/libs/binder/tests/parcel_fuzzer/Android.bp
+++ b/libs/binder/tests/parcel_fuzzer/Android.bp
@@ -109,6 +109,9 @@
         "libcutils",
         "libutils",
     ],
+    header_libs: [
+        "libaidl_transactions",
+    ],
     local_include_dirs: ["include_random_parcel"],
     export_include_dirs: ["include_random_parcel"],
 }

libs/binder/tests/parcel_fuzzer/libbinder_driver.cpp

diff --git a/libs/binder/tests/parcel_fuzzer/libbinder_driver.cpp b/libs/binder/tests/parcel_fuzzer/libbinder_driver.cpp
index 02e69cc..11aa768 100644
--- a/libs/binder/tests/parcel_fuzzer/libbinder_driver.cpp
+++ b/libs/binder/tests/parcel_fuzzer/libbinder_driver.cpp
@@ -13,6 +13,8 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
+
+#include <aidl/transaction_ids.h>
 #include <fuzzbinder/libbinder_driver.h>
 
 #include <fuzzbinder/random_parcel.h>
@@ -31,6 +33,28 @@
     fuzzService(std::vector<sp<IBinder>>{binder}, std::move(provider));
 }
 
+uint32_t getCode(FuzzedDataProvider& provider) {
+    if (provider.ConsumeBool()) {
+        return provider.ConsumeIntegral<uint32_t>();
+    }
+
+    // Most of the AIDL services will have small set of transaction codes.
+    if (provider.ConsumeBool()) {
+        return provider.ConsumeIntegralInRange<uint32_t>(0, 100);
+    }
+
+    if (provider.ConsumeBool()) {
+        return provider.PickValueInArray<uint32_t>(
+                {IBinder::DUMP_TRANSACTION, IBinder::PING_TRANSACTION,
+                 IBinder::SHELL_COMMAND_TRANSACTION, IBinder::INTERFACE_TRANSACTION,
+                 IBinder::SYSPROPS_TRANSACTION, IBinder::EXTENSION_TRANSACTION,
+                 IBinder::TWEET_TRANSACTION, IBinder::LIKE_TRANSACTION});
+    }
+
+    return provider.ConsumeIntegralInRange<uint32_t>(aidl::kLastMetaMethodId,
+                                                     aidl::kFirstMetaMethodId);
+}
+
 void fuzzService(const std::vector<sp<IBinder>>& binders, FuzzedDataProvider&& provider) {
     RandomParcelOptions options{
             .extraBinders = binders,
@@ -61,16 +85,7 @@
     }
 
     while (provider.remaining_bytes() > 0) {
-        // Most of the AIDL services will have small set of transaction codes.
-        // TODO(b/295942369) : Add remaining transact codes from IBinder.h
-        uint32_t code = provider.ConsumeBool() ? provider.ConsumeIntegral<uint32_t>()
-                : provider.ConsumeBool()
-                ? provider.ConsumeIntegralInRange<uint32_t>(0, 100)
-                : provider.PickValueInArray<uint32_t>(
-                          {IBinder::DUMP_TRANSACTION, IBinder::PING_TRANSACTION,
-                           IBinder::SHELL_COMMAND_TRANSACTION, IBinder::INTERFACE_TRANSACTION,
-                           IBinder::SYSPROPS_TRANSACTION, IBinder::EXTENSION_TRANSACTION,
-                           IBinder::TWEET_TRANSACTION, IBinder::LIKE_TRANSACTION});
+        uint32_t code = getCode(provider);
         uint32_t flags = provider.ConsumeIntegral<uint32_t>();
         Parcel data;
         // for increased fuzz coverage