trusty: fuzz: Helper library
Test: /data/fuzz/arm64/trusty_gatekeeper_fuzzer/trusty_gatekeeper_fuzzer
Change-Id: Ife058ca25417e6bee4bf593b10a4e7e4000f9f2f
diff --git a/trusty/fuzz/Android.bp b/trusty/fuzz/Android.bp
new file mode 100644
index 0000000..969431c
--- /dev/null
+++ b/trusty/fuzz/Android.bp
@@ -0,0 +1,42 @@
+// Copyright (C) 2020 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+cc_defaults {
+ name: "trusty_fuzzer_defaults",
+ static_libs: [
+ "libtrusty_fuzz_utils",
+ ],
+ shared_libs: [
+ "libbase",
+ "liblog",
+ ],
+ cflags: [
+ "-Wall",
+ "-Werror",
+ ],
+ fuzz_config: {
+ fuzz_on_haiku_device: false,
+ fuzz_on_haiku_host: false,
+ },
+}
+
+cc_library {
+ name: "libtrusty_fuzz_utils",
+ srcs: ["utils.cpp"],
+ export_include_dirs: ["include"],
+ shared_libs: [
+ "libbase",
+ "liblog",
+ ],
+}
diff --git a/trusty/fuzz/include/trusty/fuzz/utils.h b/trusty/fuzz/include/trusty/fuzz/utils.h
new file mode 100644
index 0000000..7418927
--- /dev/null
+++ b/trusty/fuzz/include/trusty/fuzz/utils.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <string>
+
+#include <android-base/result.h>
+#include <android-base/unique_fd.h>
+
+#define TIPC_MAX_MSG_SIZE PAGE_SIZE
+
+namespace android {
+namespace trusty {
+namespace fuzz {
+
+class TrustyApp {
+ public:
+ TrustyApp(std::string tipc_dev, std::string ta_port);
+
+ android::base::Result<void> Connect();
+ android::base::Result<void> Read(void* buf, size_t len);
+ android::base::Result<void> Write(const void* buf, size_t len);
+
+ android::base::Result<int> GetRawFd();
+
+ private:
+ std::string tipc_dev_;
+ std::string ta_port_;
+ android::base::unique_fd ta_fd_;
+};
+
+} // namespace fuzz
+} // namespace trusty
+} // namespace android
diff --git a/trusty/fuzz/utils.cpp b/trusty/fuzz/utils.cpp
new file mode 100644
index 0000000..a389e0b
--- /dev/null
+++ b/trusty/fuzz/utils.cpp
@@ -0,0 +1,109 @@
+/*
+ * Copyright (C) 2020 The Android Open Sourete Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "trusty-fuzz-utils"
+
+#include <trusty/fuzz/utils.h>
+
+#include <android-base/logging.h>
+#include <android-base/unique_fd.h>
+#include <linux/ioctl.h>
+#include <linux/types.h>
+#include <linux/uio.h>
+
+using android::base::ErrnoError;
+using android::base::Error;
+using android::base::Result;
+using android::base::unique_fd;
+
+#define TIPC_IOC_MAGIC 'r'
+#define TIPC_IOC_CONNECT _IOW(TIPC_IOC_MAGIC, 0x80, char*)
+
+static const size_t kTimeoutSeconds = 5;
+
+namespace android {
+namespace trusty {
+namespace fuzz {
+
+TrustyApp::TrustyApp(std::string tipc_dev, std::string ta_port)
+ : tipc_dev_(tipc_dev), ta_port_(ta_port), ta_fd_(-1) {}
+
+Result<void> TrustyApp::Connect() {
+ /*
+ * TODO: We can't use libtrusty because (yet)
+ * (1) cc_fuzz can't deal with vendor components (b/170753563)
+ * (2) We need non-blocking behavior to detect Trusty going down.
+ * (we could implement the timeout in the fuzzing code though, as
+ * it needs to be around the call to read())
+ */
+ alarm(kTimeoutSeconds);
+ int fd = open(tipc_dev_.c_str(), O_RDWR);
+ alarm(0);
+ if (fd < 0) {
+ return ErrnoError() << "failed to open TIPC device: ";
+ }
+ ta_fd_.reset(fd);
+
+ // This ioctl will time out in the kernel if it can't connect.
+ int rc = TEMP_FAILURE_RETRY(ioctl(ta_fd_, TIPC_IOC_CONNECT, ta_port_.c_str()));
+ if (rc < 0) {
+ return ErrnoError() << "failed to connect to TIPC service: ";
+ }
+
+ return {};
+}
+
+Result<void> TrustyApp::Read(void* buf, size_t len) {
+ if (ta_fd_ == -1) {
+ return Error() << "TA is not connected to yet: ";
+ }
+
+ alarm(kTimeoutSeconds);
+ int rc = read(ta_fd_, buf, len);
+ alarm(0);
+ if (rc < 0) {
+ return Error() << "failed to read TIPC message from TA: ";
+ }
+
+ return {};
+}
+
+Result<void> TrustyApp::Write(const void* buf, size_t len) {
+ if (ta_fd_ == -1) {
+ return Error() << "TA is not connected to yet: ";
+ }
+
+ alarm(kTimeoutSeconds);
+ int rc = write(ta_fd_, buf, len);
+ alarm(0);
+ if (rc < 0) {
+ return Error() << "failed to read TIPC message from TA: ";
+ }
+
+ return {};
+}
+
+Result<int> TrustyApp::GetRawFd() {
+ if (ta_fd_ == -1) {
+ return Error() << "TA is not connected to yet: ";
+ }
+
+ return ta_fd_;
+}
+
+} // namespace fuzz
+} // namespace trusty
+} // namespace android