d6790c4bc6
CheckInterfaceInheritanceHierarchy() is for host_init_verifier to check the interface names at buildtime. We don't need to fuzz the host-side verification code. Bug: 326827772 Test: run init_parser_fuzzer Change-Id: Ie01dc2953fd6e69ef3c2cb9caadf7b9964a3d244 |
||
|---|---|---|
| .. | ||
| Android.bp | ||
| init_parser_fuzzer.cpp | ||
| init_property_fuzzer.cpp | ||
| init_ueventHandler_fuzzer.cpp | ||
| README.md | ||
Fuzzers for libinit
Table of contents
Fuzzer for InitParser
InitParser supports the following parameters:
- ValidPathNames (parameter name: "kValidPaths")
- ValidParseInputs (parameter name: "kValidInputs")
| Parameter | Valid Values | Configured Value |
|---|---|---|
kValidPaths |
0./system/etc/init/hw/init.rc,1. /system/etc/init |
Value obtained from FuzzedDataProvider |
kValidInputs |
0.{"","cpu", "10", "10"},1. {"","RLIM_CPU", "10", "10"},2. {"","12", "unlimited", "10"},3. {"","13", "-1", "10"},4. {"","14", "10", "unlimited"},5. {"","15", "10", "-1"} |
Value obtained from FuzzedDataProvider |
Steps to run
- Build the fuzzer
$ mm -j$(nproc) init_parser_fuzzer
- Run on device
$ adb sync data
$ adb shell /data/fuzz/arm64/init_parser_fuzzer/init_parser_fuzzer
Fuzzer for InitProperty
InitProperty supports the following parameters: PropertyType (parameter name: "PropertyType")
| Parameter | Valid Values | Configured Value |
|---|---|---|
PropertyType |
0.STRING,1. BOOL,2. INT,3. UINT,4. DOUBLE,5. SIZE,6. ENUM,7. RANDOM |
Value obtained from FuzzedDataProvider |
Steps to run
- Build the fuzzer
$ mm -j$(nproc) init_property_fuzzer
- Run on device
$ adb sync data
$ adb shell /data/fuzz/arm64/init_property_fuzzer/init_property_fuzzer
Fuzzer for InitUeventHandler
Maximize code coverage
The configuration parameters are not hardcoded, but instead selected based on incoming data. This ensures more code paths are reached by the fuzzer.
InitUeventHandler supports the following parameters:
- Major (parameter name:
major) - Minor (parameter name:
minor) - PartitionNum (parameter name:
partition_num) - Uid (parameter name:
uid) - Gid (parameter name:
gid) - Action (parameter name:
action) - Path (parameter name:
path) - Subsystem (parameter name:
subsystem) - PartitionName (parameter name:
partition_name) - DeviceName (parameter name:
device_name) - Modalias (parameter name:
modalias) - DevPath (parameter name:
devPath) - HandlerPath (parameter name:
handlerPath)
| Parameter | Valid Values | Configured Value |
|---|---|---|
major |
UINT32_MIN to UINT32_MAX |
Value obtained from FuzzedDataProvider |
minor |
UINT32_MIN to UINT32_MAX |
Value obtained from FuzzedDataProvider |
partition_num |
UINT32_MIN to UINT32_MAX |
Value obtained from FuzzedDataProvider |
uid |
UINT32_MIN to UINT32_MAX |
Value obtained from FuzzedDataProvider |
gid |
UINT32_MIN to UINT32_MAX |
Value obtained from FuzzedDataProvider |
action |
String |
Value obtained from FuzzedDataProvider |
path |
String |
Value obtained from FuzzedDataProvider |
subsystem |
String |
Value obtained from FuzzedDataProvider |
partition_name |
String |
Value obtained from FuzzedDataProvider |
device_name |
String |
Value obtained from FuzzedDataProvider |
modalias |
String |
Value obtained from FuzzedDataProvider |
devPath |
String |
Value obtained from FuzzedDataProvider |
handlerPath |
String |
Value obtained from FuzzedDataProvider |
This also ensures that the plugin is always deterministic for any given input.
Steps to run
- Build the fuzzer
$ mm -j$(nproc) init_ueventHandler_fuzzer
- Run on device
$ adb sync data
$ adb shell /data/fuzz/arm64/init_ueventHandler_fuzzer/init_ueventHandler_fuzzer