From bf40c084cc850296a3260de5a6f37f3f96e5a637 Mon Sep 17 00:00:00 2001 From: Wenhao Wang Date: Thu, 10 Dec 2020 14:02:13 -0800 Subject: [PATCH] trusty: Add ExtraCounters to Confirmationui Fuzzer Add ExtraCounters to Confirmationui fuzzer so that the fuzzer can grab the coverage information of the Confirmationui TA. Bug: 174402999 Bug: 171750250 Test: /data/fuzz/arm64/trusty_confirmationui_fuzzer/trusty_confirmationui_fuzzer Change-Id: I2e287281e7c8100f0d48413fbe0ff99d397a74c1 --- trusty/confirmationui/fuzz/fuzz.cpp | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/trusty/confirmationui/fuzz/fuzz.cpp b/trusty/confirmationui/fuzz/fuzz.cpp index d2851163a..aa132e8af 100644 --- a/trusty/confirmationui/fuzz/fuzz.cpp +++ b/trusty/confirmationui/fuzz/fuzz.cpp @@ -19,24 +19,47 @@ #include #include #include +#include +#include #include #include +using android::trusty::coverage::CoverageRecord; +using android::trusty::fuzz::ExtraCounters; using android::trusty::fuzz::TrustyApp; #define TIPC_DEV "/dev/trusty-ipc-dev0" #define CONFIRMATIONUI_PORT "com.android.trusty.confirmationui" +/* ConfirmationUI TA's UUID is 7dee2364-c036-425b-b086-df0f6c233c1b */ +static struct uuid confirmationui_uuid = { + 0x7dee2364, + 0xc036, + 0x425b, + {0xb0, 0x86, 0xdf, 0x0f, 0x6c, 0x23, 0x3c, 0x1b}, +}; + +static CoverageRecord record(TIPC_DEV, &confirmationui_uuid); + +extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) { + auto ret = record.Open(); + assert(ret.ok()); + return 0; +} + extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { static uint8_t buf[TIPC_MAX_MSG_SIZE]; + ExtraCounters counters(&record); + counters.Reset(); + TrustyApp ta(TIPC_DEV, CONFIRMATIONUI_PORT); auto ret = ta.Connect(); if (!ret.ok()) { android::trusty::fuzz::Abort(); } - /* Send message to confirmationui server */ + /* Write message to confirmationui server */ ret = ta.Write(data, size); if (!ret.ok()) { return -1;