trusty: Add ExtraCounters to Confirmationui Fuzzer
Add ExtraCounters to Confirmationui fuzzer so that the fuzzer can
grab the coverage information of the Confirmationui TA.
Bug: 174402999
Bug: 171750250
Test: /data/fuzz/arm64/trusty_confirmationui_fuzzer/trusty_confirmationui_fuzzer
Change-Id: I2e287281e7c8100f0d48413fbe0ff99d397a74c1
diff --git a/trusty/confirmationui/fuzz/fuzz.cpp b/trusty/confirmationui/fuzz/fuzz.cpp
index d285116..aa132e8 100644
--- a/trusty/confirmationui/fuzz/fuzz.cpp
+++ b/trusty/confirmationui/fuzz/fuzz.cpp
@@ -19,24 +19,47 @@
#include <assert.h>
#include <log/log.h>
#include <stdlib.h>
+#include <trusty/coverage/coverage.h>
+#include <trusty/fuzz/counters.h>
#include <trusty/fuzz/utils.h>
#include <unistd.h>
+using android::trusty::coverage::CoverageRecord;
+using android::trusty::fuzz::ExtraCounters;
using android::trusty::fuzz::TrustyApp;
#define TIPC_DEV "/dev/trusty-ipc-dev0"
#define CONFIRMATIONUI_PORT "com.android.trusty.confirmationui"
+/* ConfirmationUI TA's UUID is 7dee2364-c036-425b-b086-df0f6c233c1b */
+static struct uuid confirmationui_uuid = {
+ 0x7dee2364,
+ 0xc036,
+ 0x425b,
+ {0xb0, 0x86, 0xdf, 0x0f, 0x6c, 0x23, 0x3c, 0x1b},
+};
+
+static CoverageRecord record(TIPC_DEV, &confirmationui_uuid);
+
+extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {
+ auto ret = record.Open();
+ assert(ret.ok());
+ return 0;
+}
+
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
static uint8_t buf[TIPC_MAX_MSG_SIZE];
+ ExtraCounters counters(&record);
+ counters.Reset();
+
TrustyApp ta(TIPC_DEV, CONFIRMATIONUI_PORT);
auto ret = ta.Connect();
if (!ret.ok()) {
android::trusty::fuzz::Abort();
}
- /* Send message to confirmationui server */
+ /* Write message to confirmationui server */
ret = ta.Write(data, size);
if (!ret.ok()) {
return -1;