Adding AIDL Service fuzzer for update engine service am: daa52652c6
Original change: https://android-review.googlesource.com/c/platform/system/update_engine/+/2620465
Change-Id: I5633842e17f09c1106b0cdae9ccdec9383f9bd70
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/Android.bp b/Android.bp
index efcd4db..144dd30 100644
--- a/Android.bp
+++ b/Android.bp
@@ -1342,3 +1342,28 @@
"unsquashfs",
],
}
+
+cc_fuzz {
+ name: "update_engine_service_fuzzer",
+ defaults: [
+ "ue_defaults",
+ "libupdate_engine_android_exports",
+ "service_fuzzer_defaults",
+ "fuzzer_disable_leaks",
+ ],
+ static_libs: [
+ "libupdate_engine_android",
+ "libgflags",
+ ],
+ srcs: [
+ "fuzzers/update_engine_service_fuzzer.cpp",
+ "aosp/metrics_reporter_android.cc",
+ ],
+ fuzz_config: {
+ triage_assignee: "waghpawan@google.com",
+ cc: [
+ "elsk@google.com",
+ "zhangkelvin@google.com",
+ ]
+ },
+}
diff --git a/fuzzers/update_engine_service_fuzzer.cpp b/fuzzers/update_engine_service_fuzzer.cpp
new file mode 100644
index 0000000..f9c28cb
--- /dev/null
+++ b/fuzzers/update_engine_service_fuzzer.cpp
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <fuzzbinder/libbinder_driver.h>
+
+#include "update_engine/aosp/daemon_android.h"
+#include "update_engine/aosp/daemon_state_android.h"
+
+using chromeos_update_engine::BinderUpdateEngineAndroidService;
+using chromeos_update_engine::BinderUpdateEngineAndroidStableService;
+using chromeos_update_engine::DaemonStateAndroid;
+
+using android::fuzzService;
+using android::sp;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ auto daemonStateAndroid = std::make_unique<DaemonStateAndroid>();
+ daemonStateAndroid->Initialize();
+
+ auto binderService = sp<BinderUpdateEngineAndroidService>::make(
+ daemonStateAndroid->service_delegate());
+ auto stableBinderService = sp<BinderUpdateEngineAndroidStableService>::make(
+ daemonStateAndroid->service_delegate());
+ // TODO(b/287253479) - Add seed corpus/dicts for this fuzzer which has valid
+ // urls
+ fuzzService({binderService, stableBinderService},
+ FuzzedDataProvider(data, size));
+ return 0;
+}