Fuzzer for default vibrator service.
As an example for a fuzzer of an AIDL service.
Bug: 224646709
Test: run fuzzer for a few minutes (doesn't get very
deep in the fuzzer - will follow-up with a dictionary
or a corpus if the fuzzer can't get past the header
and interface token)
Change-Id: Iac02a1f02500a0098d67823ac22de1706778927b
diff --git a/vibrator/aidl/Android.bp b/vibrator/aidl/Android.bp
index 22219b0..d4d5857 100644
--- a/vibrator/aidl/Android.bp
+++ b/vibrator/aidl/Android.bp
@@ -10,6 +10,7 @@
aidl_interface {
name: "android.hardware.vibrator",
vendor_available: true,
+ host_supported: true,
srcs: [
"android/hardware/vibrator/*.aidl",
],
diff --git a/vibrator/aidl/default/Android.bp b/vibrator/aidl/default/Android.bp
index 2e12dfb..acdbdcd 100644
--- a/vibrator/aidl/default/Android.bp
+++ b/vibrator/aidl/default/Android.bp
@@ -9,7 +9,8 @@
cc_library_static {
name: "libvibratorexampleimpl",
- vendor: true,
+ vendor_available: true,
+ host_supported: true,
shared_libs: [
"libbase",
"libbinder_ndk",
@@ -24,6 +25,11 @@
":__subpackages__",
"//hardware/interfaces/tests/extension/vibrator:__subpackages__",
],
+ target: {
+ darwin: {
+ enabled: false,
+ },
+ },
}
filegroup {
@@ -47,3 +53,40 @@
],
srcs: ["main.cpp"],
}
+
+cc_fuzz {
+ name: "android.hardware.vibrator-service.example_fuzzer",
+ host_supported: true,
+ static_libs: [
+ "android.hardware.vibrator-V2-ndk",
+ "libbase",
+ "libbinder_random_parcel",
+ "libcutils",
+ "liblog",
+ "libutils",
+ "libvibratorexampleimpl",
+ ],
+ target: {
+ android: {
+ shared_libs: [
+ "libbinder_ndk",
+ "libbinder",
+ ],
+ },
+ host: {
+ static_libs: [
+ "libbinder_ndk",
+ "libbinder",
+ ],
+ },
+ darwin: {
+ enabled: false,
+ },
+ },
+ srcs: ["fuzzer.cpp"],
+ fuzz_config: {
+ cc: [
+ "smoreland@google.com",
+ ],
+ },
+}
diff --git a/vibrator/aidl/default/fuzzer.cpp b/vibrator/aidl/default/fuzzer.cpp
new file mode 100644
index 0000000..7d52209
--- /dev/null
+++ b/vibrator/aidl/default/fuzzer.cpp
@@ -0,0 +1,33 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <fuzzbinder/libbinder_ndk_driver.h>
+#include <fuzzer/FuzzedDataProvider.h>
+#include <vibrator-impl/Vibrator.h>
+#include <vibrator-impl/VibratorManager.h>
+
+using aidl::android::hardware::vibrator::Vibrator;
+using aidl::android::hardware::vibrator::VibratorManager;
+using android::fuzzService;
+using ndk::SharedRefBase;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ auto managedVib = SharedRefBase::make<Vibrator>();
+ auto vibManager = SharedRefBase::make<VibratorManager>(std::move(managedVib));
+
+ fuzzService(vibManager->asBinder().get(), FuzzedDataProvider(data, size));
+
+ return 0;
+}