Adding AIDL Service fuzzer for identity service
Test: m credstore_service_fuzzer && adb sync data && adb shell /data/fuzz/x86_64/credstore_service_fuzzer/credstore_service_fuzzer
Test: atest android.security.identity.cts
Bug: 232439428
Change-Id: I57494ad6a17e1a4a9dcb80d778edfd77a892790a
diff --git a/identity/Android.bp b/identity/Android.bp
index da0df07..007a310 100644
--- a/identity/Android.bp
+++ b/identity/Android.bp
@@ -22,8 +22,8 @@
}
-cc_binary {
- name: "credstore",
+cc_defaults {
+ name: "credstore_defaults",
defaults: [
"identity_defaults",
"identity_use_latest_hal_aidl_cpp_static",
@@ -31,7 +31,6 @@
"keymint_use_latest_hal_aidl_cpp_static",
"android.hardware.identity-support-lib-deps",
],
-
srcs: [
"Credential.cpp",
"CredentialData.cpp",
@@ -40,9 +39,7 @@
"Session.cpp",
"Util.cpp",
"WritableCredential.cpp",
- "main.cpp",
],
- init_rc: ["credstore.rc"],
shared_libs: [
"android.hardware.keymaster@4.0",
"android.security.authorization-ndk",
@@ -68,6 +65,17 @@
],
}
+cc_binary {
+ name: "credstore",
+ defaults: [
+ "credstore_defaults",
+ ],
+ srcs: [
+ "main.cpp",
+ ],
+ init_rc: ["credstore.rc"],
+}
+
filegroup {
name: "credstore_aidl",
srcs: [
@@ -112,3 +120,22 @@
"libbinder",
],
}
+
+cc_fuzz {
+ name: "credstore_service_fuzzer",
+ defaults: [
+ "credstore_defaults",
+ "service_fuzzer_defaults",
+ "fuzzer_disable_leaks",
+ ],
+ srcs: [
+ "fuzzers/credstore_service_fuzzer.cpp",
+ ],
+ fuzz_config: {
+ triage_assignee: "waghpawan@google.com",
+ cc: [
+ "trong@google.com",
+ "zeuthen@google.com",
+ ]
+ },
+}
diff --git a/identity/fuzzers/credstore_service_fuzzer.cpp b/identity/fuzzers/credstore_service_fuzzer.cpp
new file mode 100644
index 0000000..008cb0d
--- /dev/null
+++ b/identity/fuzzers/credstore_service_fuzzer.cpp
@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <android-base/logging.h>
+#include <fuzzbinder/libbinder_driver.h>
+#include <sys/stat.h>
+
+#include "CredentialStoreFactory.h"
+
+using android::security::identity::CredentialStoreFactory;
+using namespace android;
+
+void clearDirectory(const char* dirpath, bool recursive) {
+ DIR* dir = opendir(dirpath);
+ CHECK(dir != nullptr);
+ dirent* e;
+ struct stat s;
+ while ((e = readdir(dir)) != nullptr) {
+ if ((strcmp(e->d_name, ".") == 0) || (strcmp(e->d_name, "..") == 0)) {
+ continue;
+ }
+ std::string filename(dirpath);
+ filename.push_back('/');
+ filename.append(e->d_name);
+ int stat_result = lstat(filename.c_str(), &s);
+ CHECK_EQ(0, stat_result) << "unable to stat " << filename;
+ if (S_ISDIR(s.st_mode)) {
+ if (recursive) {
+ clearDirectory(filename.c_str(), true);
+ int rmdir_result = rmdir(filename.c_str());
+ CHECK_EQ(0, rmdir_result) << filename;
+ }
+ } else {
+ int unlink_result = unlink(filename.c_str());
+ CHECK_EQ(0, unlink_result) << filename;
+ }
+ }
+ closedir(dir);
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ std::string dataDir = "/data/cred_store_fuzzer";
+ mkdir(dataDir.c_str(), 0700);
+ sp<CredentialStoreFactory> service = sp<CredentialStoreFactory>::make(dataDir);
+ fuzzService(service, FuzzedDataProvider(data, size));
+ clearDirectory(dataDir.c_str(), true);
+ rmdir(dataDir.c_str());
+ return 0;
+}