Merge "Move CtsLiblogTestCases and CtsLogdTestCases to system/logging/TEST_MAPPING"
diff --git a/debuggerd/debuggerd_test.cpp b/debuggerd/debuggerd_test.cpp
index 5ed9e57..5565e8b 100644
--- a/debuggerd/debuggerd_test.cpp
+++ b/debuggerd/debuggerd_test.cpp
@@ -312,7 +312,7 @@
if (mte_supported()) {
// Test that the default TAGGED_ADDR_CTRL value is set.
- ASSERT_MATCH(result, R"(tagged_addr_ctrl: 000000000007fff3)");
+ ASSERT_MATCH(result, R"(tagged_addr_ctrl: 000000000007fff5)");
}
}
diff --git a/fs_mgr/fs_mgr.cpp b/fs_mgr/fs_mgr.cpp
index fe72393..6294b3f 100644
--- a/fs_mgr/fs_mgr.cpp
+++ b/fs_mgr/fs_mgr.cpp
@@ -1534,6 +1534,8 @@
attempted_entry.mount_point},
nullptr)) {
++error_count;
+ } else if (current_entry.mount_point == "/data") {
+ userdata_mounted = true;
}
encryptable = FS_MGR_MNTALL_DEV_IS_METADATA_ENCRYPTED;
continue;
diff --git a/init/first_stage_init.cpp b/init/first_stage_init.cpp
index 554f301..d2a952f 100644
--- a/init/first_stage_init.cpp
+++ b/init/first_stage_init.cpp
@@ -99,6 +99,34 @@
return cmdline.find("androidboot.force_normal_boot=1") != std::string::npos;
}
+// Move e2fsck before switching root, so that it is available at the same path
+// after switching root.
+void PrepareSwitchRoot() {
+ constexpr const char* src = "/system/bin/e2fsck";
+ constexpr const char* dst = "/first_stage_ramdisk/system/bin/e2fsck";
+
+ if (access(dst, X_OK) == 0) {
+ LOG(INFO) << dst << " already exists and it can be executed";
+ return;
+ }
+
+ if (access(src, F_OK) != 0) {
+ PLOG(INFO) << "Not moving " << src << " because it cannot be accessed";
+ return;
+ }
+
+ auto dst_dir = android::base::Dirname(dst);
+ std::error_code ec;
+ if (!fs::create_directories(dst_dir, ec)) {
+ LOG(FATAL) << "Cannot create " << dst_dir << ": " << ec.message();
+ }
+ if (rename(src, dst) != 0) {
+ PLOG(FATAL) << "Cannot move " << src << " to " << dst
+ << ". Either install e2fsck.ramdisk so that it is at the correct place (" << dst
+ << "), or make ramdisk writable";
+ }
+}
+
} // namespace
std::string GetModuleLoadList(bool recovery, const std::string& dir_path) {
@@ -298,6 +326,7 @@
if (ForceNormalBoot(cmdline)) {
mkdir("/first_stage_ramdisk", 0755);
+ PrepareSwitchRoot();
// SwitchRoot() must be called with a mount point as the target, so we bind mount the
// target directory to itself here.
if (mount("/first_stage_ramdisk", "/first_stage_ramdisk", nullptr, MS_BIND, nullptr) != 0) {
diff --git a/libpackagelistparser/Android.bp b/libpackagelistparser/Android.bp
index b56dcdb..c3f8692 100644
--- a/libpackagelistparser/Android.bp
+++ b/libpackagelistparser/Android.bp
@@ -1,5 +1,7 @@
cc_library {
name: "libpackagelistparser",
+ ramdisk_available: true,
+ vendor_ramdisk_available: true,
recovery_available: true,
srcs: ["packagelistparser.cpp"],
shared_libs: ["liblog"],
diff --git a/libprocessgroup/Android.bp b/libprocessgroup/Android.bp
index d101774..71e2b91 100644
--- a/libprocessgroup/Android.bp
+++ b/libprocessgroup/Android.bp
@@ -32,6 +32,8 @@
name: "libprocessgroup",
host_supported: true,
native_bridge_supported: true,
+ ramdisk_available: true,
+ vendor_ramdisk_available: true,
recovery_available: true,
vendor_available: true,
vndk: {
diff --git a/libprocessgroup/cgrouprc/Android.bp b/libprocessgroup/cgrouprc/Android.bp
index a107baa..bb59942 100644
--- a/libprocessgroup/cgrouprc/Android.bp
+++ b/libprocessgroup/cgrouprc/Android.bp
@@ -15,6 +15,8 @@
cc_library {
name: "libcgrouprc",
host_supported: true,
+ ramdisk_available: true,
+ vendor_ramdisk_available: true,
recovery_available: true,
// Do not ever mark this as vendor_available; otherwise, vendor modules
// that links to the static library will behave unexpectedly. All on-device
diff --git a/libprocessgroup/cgrouprc_format/Android.bp b/libprocessgroup/cgrouprc_format/Android.bp
index 559a869..6428930 100644
--- a/libprocessgroup/cgrouprc_format/Android.bp
+++ b/libprocessgroup/cgrouprc_format/Android.bp
@@ -15,6 +15,8 @@
cc_library_static {
name: "libcgrouprc_format",
host_supported: true,
+ ramdisk_available: true,
+ vendor_ramdisk_available: true,
recovery_available: true,
native_bridge_supported: true,
srcs: [
diff --git a/libprocinfo b/libprocinfo
deleted file mode 120000
index dec8cf8..0000000
--- a/libprocinfo
+++ /dev/null
@@ -1 +0,0 @@
-../libprocinfo
\ No newline at end of file
diff --git a/shell_and_utilities/Android.bp b/shell_and_utilities/Android.bp
index f83c43e..5e013fe 100644
--- a/shell_and_utilities/Android.bp
+++ b/shell_and_utilities/Android.bp
@@ -51,3 +51,13 @@
"toybox_vendor",
],
}
+
+// shell and utilities for first stage console. The list of binaries are
+// enough for debugging purposes.
+phony {
+ name: "shell_and_utilities_vendor_ramdisk",
+ required: [
+ "sh.vendor_ramdisk",
+ "toybox.vendor_ramdisk",
+ ],
+}
diff --git a/trusty/fuzz/Android.bp b/trusty/fuzz/Android.bp
new file mode 100644
index 0000000..969431c
--- /dev/null
+++ b/trusty/fuzz/Android.bp
@@ -0,0 +1,42 @@
+// Copyright (C) 2020 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+cc_defaults {
+ name: "trusty_fuzzer_defaults",
+ static_libs: [
+ "libtrusty_fuzz_utils",
+ ],
+ shared_libs: [
+ "libbase",
+ "liblog",
+ ],
+ cflags: [
+ "-Wall",
+ "-Werror",
+ ],
+ fuzz_config: {
+ fuzz_on_haiku_device: false,
+ fuzz_on_haiku_host: false,
+ },
+}
+
+cc_library {
+ name: "libtrusty_fuzz_utils",
+ srcs: ["utils.cpp"],
+ export_include_dirs: ["include"],
+ shared_libs: [
+ "libbase",
+ "liblog",
+ ],
+}
diff --git a/trusty/fuzz/include/trusty/fuzz/utils.h b/trusty/fuzz/include/trusty/fuzz/utils.h
new file mode 100644
index 0000000..bca84e9
--- /dev/null
+++ b/trusty/fuzz/include/trusty/fuzz/utils.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <string>
+
+#include <android-base/result.h>
+#include <android-base/unique_fd.h>
+
+#define TIPC_MAX_MSG_SIZE PAGE_SIZE
+
+namespace android {
+namespace trusty {
+namespace fuzz {
+
+class TrustyApp {
+ public:
+ TrustyApp(std::string tipc_dev, std::string ta_port);
+
+ android::base::Result<void> Connect();
+ android::base::Result<void> Read(void* buf, size_t len);
+ android::base::Result<void> Write(const void* buf, size_t len);
+
+ android::base::Result<int> GetRawFd();
+
+ private:
+ std::string tipc_dev_;
+ std::string ta_port_;
+ android::base::unique_fd ta_fd_;
+};
+
+void Abort();
+
+} // namespace fuzz
+} // namespace trusty
+} // namespace android
diff --git a/trusty/fuzz/utils.cpp b/trusty/fuzz/utils.cpp
new file mode 100644
index 0000000..240afe7
--- /dev/null
+++ b/trusty/fuzz/utils.cpp
@@ -0,0 +1,152 @@
+/*
+ * Copyright (C) 2020 The Android Open Sourete Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "trusty-fuzz-utils"
+
+#include <trusty/fuzz/utils.h>
+
+#include <android-base/logging.h>
+#include <android-base/unique_fd.h>
+#include <linux/ioctl.h>
+#include <linux/types.h>
+#include <linux/uio.h>
+#include <log/log_read.h>
+#include <time.h>
+#include <iostream>
+
+using android::base::ErrnoError;
+using android::base::Error;
+using android::base::Result;
+using android::base::unique_fd;
+
+#define TIPC_IOC_MAGIC 'r'
+#define TIPC_IOC_CONNECT _IOW(TIPC_IOC_MAGIC, 0x80, char*)
+
+namespace {
+
+const size_t kTimeoutSeconds = 5;
+const std::string kTrustyLogTag = "trusty-log";
+
+const time_t kInitialTime = time(nullptr);
+
+void PrintTrustyLog() {
+ auto logger_list = android_logger_list_open(LOG_ID_KERNEL, ANDROID_LOG_NONBLOCK, 1000, 0);
+ if (logger_list == nullptr) {
+ std::cerr << "Could not open android kernel log\n";
+ return;
+ }
+
+ while (true) {
+ log_msg log_msg;
+ int rc = android_logger_list_read(logger_list, &log_msg);
+ if (rc < 0) {
+ break;
+ }
+ if (log_msg.entry.sec < kInitialTime) {
+ continue;
+ }
+ char* msg = log_msg.msg();
+ if (msg) {
+ std::string line(msg, log_msg.entry.len);
+ if (line.find(kTrustyLogTag) != std::string::npos) {
+ std::cerr << line.substr(kTrustyLogTag.length() + 2) << std::endl;
+ }
+ }
+ }
+
+ android_logger_list_free(logger_list);
+}
+
+} // namespace
+
+namespace android {
+namespace trusty {
+namespace fuzz {
+
+TrustyApp::TrustyApp(std::string tipc_dev, std::string ta_port)
+ : tipc_dev_(tipc_dev), ta_port_(ta_port), ta_fd_(-1) {}
+
+Result<void> TrustyApp::Connect() {
+ /*
+ * TODO: We can't use libtrusty because (yet)
+ * (1) cc_fuzz can't deal with vendor components (b/170753563)
+ * (2) We need non-blocking behavior to detect Trusty going down.
+ * (we could implement the timeout in the fuzzing code though, as
+ * it needs to be around the call to read())
+ */
+ alarm(kTimeoutSeconds);
+ int fd = open(tipc_dev_.c_str(), O_RDWR);
+ alarm(0);
+ if (fd < 0) {
+ return ErrnoError() << "failed to open TIPC device: ";
+ }
+ ta_fd_.reset(fd);
+
+ // This ioctl will time out in the kernel if it can't connect.
+ int rc = TEMP_FAILURE_RETRY(ioctl(ta_fd_, TIPC_IOC_CONNECT, ta_port_.c_str()));
+ if (rc < 0) {
+ return ErrnoError() << "failed to connect to TIPC service: ";
+ }
+
+ return {};
+}
+
+Result<void> TrustyApp::Read(void* buf, size_t len) {
+ if (ta_fd_ == -1) {
+ return Error() << "TA is not connected to yet: ";
+ }
+
+ alarm(kTimeoutSeconds);
+ int rc = read(ta_fd_, buf, len);
+ alarm(0);
+ if (rc < 0) {
+ return Error() << "failed to read TIPC message from TA: ";
+ }
+
+ return {};
+}
+
+Result<void> TrustyApp::Write(const void* buf, size_t len) {
+ if (ta_fd_ == -1) {
+ return Error() << "TA is not connected to yet: ";
+ }
+
+ alarm(kTimeoutSeconds);
+ int rc = write(ta_fd_, buf, len);
+ alarm(0);
+ if (rc < 0) {
+ return Error() << "failed to read TIPC message from TA: ";
+ }
+
+ return {};
+}
+
+Result<int> TrustyApp::GetRawFd() {
+ if (ta_fd_ == -1) {
+ return Error() << "TA is not connected to yet: ";
+ }
+
+ return ta_fd_;
+}
+
+void Abort() {
+ PrintTrustyLog();
+ exit(-1);
+}
+
+} // namespace fuzz
+} // namespace trusty
+} // namespace android
diff --git a/trusty/gatekeeper/fuzz/Android.bp b/trusty/gatekeeper/fuzz/Android.bp
new file mode 100644
index 0000000..7ffa776
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/Android.bp
@@ -0,0 +1,24 @@
+// Copyright (C) 2020 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+cc_fuzz {
+ name: "trusty_gatekeeper_fuzzer",
+ defaults: ["trusty_fuzzer_defaults"],
+ srcs: ["fuzz.cpp"],
+
+ // The initial corpus for this fuzzer was derived by dumping messages from
+ // the `secure_env` emulator interface for cuttlefish while enrolling a new
+ // password in the emulator.
+ corpus: ["corpus/*"],
+}
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-2MMzSr b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-2MMzSr
new file mode 100644
index 0000000..f3c1f79
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-2MMzSr
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-Et63W0 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-Et63W0
new file mode 100644
index 0000000..b3e6585
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-Et63W0
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-G41Iz8 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-G41Iz8
new file mode 100644
index 0000000..1cec413
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-G41Iz8
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-ItEoqJ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-ItEoqJ
new file mode 100644
index 0000000..85d38c7
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-ItEoqJ
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-MGXdfu b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-MGXdfu
new file mode 100644
index 0000000..f8e1467
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-MGXdfu
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-Yq4f10 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-Yq4f10
new file mode 100644
index 0000000..c221077
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-Yq4f10
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-agxKZa b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-agxKZa
new file mode 100644
index 0000000..1cec413
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-agxKZa
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-alhn2v b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-alhn2v
new file mode 100644
index 0000000..1cec413
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-alhn2v
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-eVJFHV b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-eVJFHV
new file mode 100644
index 0000000..f3c1f79
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-eVJFHV
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-et5K21 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-et5K21
new file mode 100644
index 0000000..f3c1f79
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-et5K21
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-gun5YX b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-gun5YX
new file mode 100644
index 0000000..1cec413
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-gun5YX
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-kXw1R9 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-kXw1R9
new file mode 100644
index 0000000..1cec413
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-kXw1R9
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-moapss b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-moapss
new file mode 100644
index 0000000..85d38c7
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-moapss
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-u5QySb b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-u5QySb
new file mode 100644
index 0000000..09f9d74
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-u5QySb
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-uZtvkq b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-uZtvkq
new file mode 100644
index 0000000..1cec413
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-uZtvkq
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-w5G2SF b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-w5G2SF
new file mode 100644
index 0000000..d42956d
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-w5G2SF
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-y3H74x b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-y3H74x
new file mode 100644
index 0000000..1cec413
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-y3H74x
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-yALfeS b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-yALfeS
new file mode 100644
index 0000000..f3c1f79
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-recv-yALfeS
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-2S1GLi b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-2S1GLi
new file mode 100644
index 0000000..08b3449
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-2S1GLi
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-4j7hUc b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-4j7hUc
new file mode 100644
index 0000000..5507400
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-4j7hUc
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-6hsSQG b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-6hsSQG
new file mode 100644
index 0000000..ffa74cb
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-6hsSQG
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-E8CE7b b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-E8CE7b
new file mode 100644
index 0000000..21cdd9c
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-E8CE7b
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-GEDmHj b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-GEDmHj
new file mode 100644
index 0000000..23a8c08
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-GEDmHj
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-MpwDEN b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-MpwDEN
new file mode 100644
index 0000000..1795d09
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-MpwDEN
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Qutf8O b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Qutf8O
new file mode 100644
index 0000000..4f69edf
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Qutf8O
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Sg1WMt b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Sg1WMt
new file mode 100644
index 0000000..ba6d1cb
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Sg1WMt
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-U6Y1My b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-U6Y1My
new file mode 100644
index 0000000..631ef79
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-U6Y1My
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-WdSRky b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-WdSRky
new file mode 100644
index 0000000..02d4820
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-WdSRky
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Ypw6WP b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Ypw6WP
new file mode 100644
index 0000000..6d7574f
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Ypw6WP
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Yyj4Af b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Yyj4Af
new file mode 100644
index 0000000..47f518d
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-Yyj4Af
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-amyF62 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-amyF62
new file mode 100644
index 0000000..3a5fdf5
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-amyF62
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-gu8ziA b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-gu8ziA
new file mode 100644
index 0000000..bab5da1
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-gu8ziA
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-iCATsM b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-iCATsM
new file mode 100644
index 0000000..fae9173
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-iCATsM
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-kawT3I b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-kawT3I
new file mode 100644
index 0000000..51e3630
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-kawT3I
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-sYFzM5 b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-sYFzM5
new file mode 100644
index 0000000..173d77e
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-sYFzM5
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-yNFMdn b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-yNFMdn
new file mode 100644
index 0000000..96f9e42
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/corpus/gatekeeper-send-yNFMdn
Binary files differ
diff --git a/trusty/gatekeeper/fuzz/fuzz.cpp b/trusty/gatekeeper/fuzz/fuzz.cpp
new file mode 100644
index 0000000..f8ec931
--- /dev/null
+++ b/trusty/gatekeeper/fuzz/fuzz.cpp
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#undef NDEBUG
+
+#include <assert.h>
+#include <log/log.h>
+#include <stdlib.h>
+#include <trusty/fuzz/utils.h>
+#include <unistd.h>
+
+#define TIPC_DEV "/dev/trusty-ipc-dev0"
+#define GATEKEEPER_PORT "com.android.trusty.gatekeeper"
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ static uint8_t buf[TIPC_MAX_MSG_SIZE];
+
+ android::trusty::fuzz::TrustyApp ta(TIPC_DEV, GATEKEEPER_PORT);
+
+ auto ret = ta.Connect();
+ /*
+ * If we can't connect, then assume TA crashed.
+ * TODO: Get some more info, e.g. stacks, to help Haiku dedup crashes.
+ */
+ if (!ret.ok()) {
+ android::trusty::fuzz::Abort();
+ }
+
+ /* Send message to test server */
+ ret = ta.Write(data, size);
+ if (!ret.ok()) {
+ return -1;
+ }
+
+ /* Read message from test server */
+ ret = ta.Read(&buf, sizeof(buf));
+ if (!ret.ok()) {
+ return -1;
+ }
+
+ return 0;
+}