Adding fuzzers for StoragedService and StoragedPrivateService
- StoragedService and StoragedPrivateService are defined in global
namespace. Moving them to android namespace
- Adding AIDL service fuzzers for both services
Bug: 232439428
Test: adb shell /data/nativetest64/storaged-unit-tests/storaged-unit-tests
Test: m storaged_service_fuzzer && adb sync data && adb shell /data/fuzz/x86_64/storaged_service_fuzzer/storaged_service_fuzzer
Test: m storaged_private_service_fuzzer && adb sync data && adb shell /data/fuzz/x86_64/storaged_private_service_fuzzer/storaged_private_service_fuzzer
Change-Id: Ieb6ff8117f548dd1ef376aab8e6d3dfec9fb06d3
diff --git a/storaged/Android.bp b/storaged/Android.bp
index c3447d2..04f5d79 100644
--- a/storaged/Android.bp
+++ b/storaged/Android.bp
@@ -136,3 +136,27 @@
],
path: "binder",
}
+
+cc_fuzz {
+ name: "storaged_service_fuzzer",
+ defaults: [
+ "storaged_defaults",
+ "service_fuzzer_defaults",
+ ],
+ srcs: ["tests/fuzzers/storaged_service_fuzzer.cpp"],
+ static_libs: [
+ "libstoraged",
+ ],
+}
+
+cc_fuzz {
+ name: "storaged_private_service_fuzzer",
+ defaults: [
+ "storaged_defaults",
+ "service_fuzzer_defaults",
+ ],
+ srcs: ["tests/fuzzers/storaged_private_service_fuzzer.cpp"],
+ static_libs: [
+ "libstoraged",
+ ],
+}
\ No newline at end of file
diff --git a/storaged/include/storaged_service.h b/storaged/include/storaged_service.h
index 7ec6864..bf7af80 100644
--- a/storaged/include/storaged_service.h
+++ b/storaged/include/storaged_service.h
@@ -28,6 +28,7 @@
using namespace android::os;
using namespace android::os::storaged;
+namespace android {
class StoragedService : public BinderService<StoragedService>, public BnStoraged {
private:
void dumpUidRecordsDebug(int fd, const vector<struct uid_record>& entries);
@@ -53,4 +54,5 @@
sp<IStoragedPrivate> get_storaged_pri_service();
+} // namespace android
#endif /* _STORAGED_SERVICE_H_ */
\ No newline at end of file
diff --git a/storaged/storaged_service.cpp b/storaged/storaged_service.cpp
index 45f1d4d..00d36d7 100644
--- a/storaged/storaged_service.cpp
+++ b/storaged/storaged_service.cpp
@@ -38,6 +38,7 @@
extern sp<storaged_t> storaged_sp;
+namespace android {
status_t StoragedService::start() {
return BinderService<StoragedService>::publish();
}
@@ -218,3 +219,4 @@
return interface_cast<IStoragedPrivate>(binder);
}
+} // namespace android
\ No newline at end of file
diff --git a/storaged/tests/fuzzers/storaged_private_service_fuzzer.cpp b/storaged/tests/fuzzers/storaged_private_service_fuzzer.cpp
new file mode 100644
index 0000000..82eb796
--- /dev/null
+++ b/storaged/tests/fuzzers/storaged_private_service_fuzzer.cpp
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <fuzzbinder/libbinder_driver.h>
+
+#include <storaged.h>
+#include <storaged_service.h>
+
+sp<storaged_t> storaged_sp;
+
+extern "C" int LLVMFuzzerInitialize(int /**argc*/, char /****argv*/) {
+ storaged_sp = new storaged_t();
+ storaged_sp->init();
+ return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ auto storagedPrivateService = new StoragedPrivateService();
+ fuzzService(storagedPrivateService, FuzzedDataProvider(data, size));
+ return 0;
+}
\ No newline at end of file
diff --git a/storaged/tests/fuzzers/storaged_service_fuzzer.cpp b/storaged/tests/fuzzers/storaged_service_fuzzer.cpp
new file mode 100644
index 0000000..d11ecc3
--- /dev/null
+++ b/storaged/tests/fuzzers/storaged_service_fuzzer.cpp
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <fuzzbinder/libbinder_driver.h>
+
+#include <storaged.h>
+#include <storaged_service.h>
+
+sp<storaged_t> storaged_sp;
+
+extern "C" int LLVMFuzzerInitialize(int /**argc*/, char /****argv*/) {
+ storaged_sp = new storaged_t();
+ storaged_sp->init();
+ return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ auto storagedService = new StoragedService();
+ fuzzService(storagedService, FuzzedDataProvider(data, size));
+ return 0;
+}
\ No newline at end of file