diff options
| -rw-r--r-- | libs/binder/tests/binderThroughputTest.cpp | 7 | ||||
| -rw-r--r-- | libs/binder/tests/schd-dbg.cpp | 7 | ||||
| -rw-r--r-- | libs/cputimeinstate/fuzz/cputimeinstate_fuzzer/Android.bp | 32 | ||||
| -rw-r--r-- | libs/cputimeinstate/fuzz/cputimeinstate_fuzzer/cputimeinstate_fuzzer.cpp | 56 | ||||
| -rw-r--r-- | libs/sensor/fuzz/bittube_fuzzer/Android.bp | 42 | ||||
| -rw-r--r-- | libs/sensor/fuzz/bittube_fuzzer/bittube_fuzzer.cpp | 37 |
6 files changed, 174 insertions, 7 deletions
diff --git a/libs/binder/tests/binderThroughputTest.cpp b/libs/binder/tests/binderThroughputTest.cpp index 3b1faa8c2f..cfaf2a987f 100644 --- a/libs/binder/tests/binderThroughputTest.cpp +++ b/libs/binder/tests/binderThroughputTest.cpp @@ -249,12 +249,13 @@ Pipe make_worker(int num, int iterations, int worker_count, int payload_size, bo pid_t pid = fork(); if (pid) { /* parent */ - return move(get<0>(pipe_pair)); + return std::move(get<0>(pipe_pair)); } else { /* child */ - worker_fx(num, worker_count, iterations, payload_size, cs_pair, move(get<1>(pipe_pair))); + worker_fx(num, worker_count, iterations, payload_size, cs_pair, + std::move(get<1>(pipe_pair))); /* never get here */ - return move(get<0>(pipe_pair)); + return std::move(get<0>(pipe_pair)); } } diff --git a/libs/binder/tests/schd-dbg.cpp b/libs/binder/tests/schd-dbg.cpp index 56d958c6be..0035e4ee5a 100644 --- a/libs/binder/tests/schd-dbg.cpp +++ b/libs/binder/tests/schd-dbg.cpp @@ -398,14 +398,13 @@ Pipe make_process(int num, int iterations, int no_process, int payload_size) { pid_t pid = fork(); if (pid) { // parent - return move(get<0>(pipe_pair)); + return std::move(get<0>(pipe_pair)); } else { // child thread_dump(is_client(num) ? "client" : "server"); - worker_fx(num, no_process, iterations, payload_size, - move(get<1>(pipe_pair))); + worker_fx(num, no_process, iterations, payload_size, std::move(get<1>(pipe_pair))); // never get here - return move(get<0>(pipe_pair)); + return std::move(get<0>(pipe_pair)); } } diff --git a/libs/cputimeinstate/fuzz/cputimeinstate_fuzzer/Android.bp b/libs/cputimeinstate/fuzz/cputimeinstate_fuzzer/Android.bp new file mode 100644 index 0000000000..416e34e3d2 --- /dev/null +++ b/libs/cputimeinstate/fuzz/cputimeinstate_fuzzer/Android.bp @@ -0,0 +1,32 @@ +/****************************************************************************** + * + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + ***************************************************************************** + */ +cc_fuzz { + name: "cputimeinstate_fuzzer", + srcs: [ + "cputimeinstate_fuzzer.cpp", + ], + static_libs: [ + "libtimeinstate", + ], + shared_libs: [ + "libbpf_bcc", + "libbase", + "libbpf_minimal", + ], +} diff --git a/libs/cputimeinstate/fuzz/cputimeinstate_fuzzer/cputimeinstate_fuzzer.cpp b/libs/cputimeinstate/fuzz/cputimeinstate_fuzzer/cputimeinstate_fuzzer.cpp new file mode 100644 index 0000000000..f835997187 --- /dev/null +++ b/libs/cputimeinstate/fuzz/cputimeinstate_fuzzer/cputimeinstate_fuzzer.cpp @@ -0,0 +1,56 @@ +/****************************************************************************** + * + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + ***************************************************************************** + */ + +#include <fuzzer/FuzzedDataProvider.h> +#include <android-base/unique_fd.h> +#include <cputimeinstate.h> + +using namespace android::bpf; + +static const uint16_t MAX_VEC_SIZE = 500; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + FuzzedDataProvider fdp(data, size); + + uint32_t uid = fdp.ConsumeIntegral<uint32_t>(); + uint64_t lastUpdate = fdp.ConsumeIntegral<uint64_t>(); + uint16_t aggregationKey = fdp.ConsumeIntegral<uint16_t>(); + pid_t pid = fdp.ConsumeIntegral<pid_t>(); + std::vector<uint16_t> aggregationKeys; + uint16_t aggregationKeysSize = fdp.ConsumeIntegralInRange<size_t>(0, MAX_VEC_SIZE); + for (uint16_t i = 0; i < aggregationKeysSize; i++) { + aggregationKeys.push_back(fdp.ConsumeIntegral<uint16_t>()); + } + + // To randomize the API calls + while (fdp.remaining_bytes() > 0) { + auto func = fdp.PickValueInArray<const std::function<void()>>({ + [&]() { getUidCpuFreqTimes(uid); }, + [&]() { getUidsUpdatedCpuFreqTimes(&lastUpdate); }, + [&]() { getUidConcurrentTimes(uid);}, + [&]() { getUidsUpdatedConcurrentTimes(&lastUpdate); }, + [&]() { startAggregatingTaskCpuTimes(pid, aggregationKey); }, + [&]() { getAggregatedTaskCpuFreqTimes(pid, aggregationKeys); }, + }); + + func(); + } + + return 0; +} diff --git a/libs/sensor/fuzz/bittube_fuzzer/Android.bp b/libs/sensor/fuzz/bittube_fuzzer/Android.bp new file mode 100644 index 0000000000..5d8f4019a8 --- /dev/null +++ b/libs/sensor/fuzz/bittube_fuzzer/Android.bp @@ -0,0 +1,42 @@ +/****************************************************************************** + * + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + ***************************************************************************** + */ +cc_fuzz { + name: "bittube_fuzzer", + srcs: [ + "bittube_fuzzer.cpp", + ], + static_libs: [ + ], + shared_libs: [ + "libsensor", + "libbinder", + "libcutils", + "libutils", + "liblog", + "libhardware", + "libpermission", + ], + export_shared_lib_headers: [ + "libbinder", + "libpermission", + "libhardware", + ], + header_libs: [ + ], +} diff --git a/libs/sensor/fuzz/bittube_fuzzer/bittube_fuzzer.cpp b/libs/sensor/fuzz/bittube_fuzzer/bittube_fuzzer.cpp new file mode 100644 index 0000000000..6f10a67ebd --- /dev/null +++ b/libs/sensor/fuzz/bittube_fuzzer/bittube_fuzzer.cpp @@ -0,0 +1,37 @@ +/****************************************************************************** + * + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + ***************************************************************************** + */ +#include <fuzzer/FuzzedDataProvider.h> + +#include <sensor/BitTube.h> +#include <binder/Parcel.h> +using namespace android; + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + FuzzedDataProvider fdp(data, size); + BitTube bittube(size); + Parcel parcel[5]; + bittube.writeToParcel(parcel); + sp<BitTube> tube(new BitTube(size)); + bittube.sendObjects<uint8_t>(tube, data, size); + uint8_t recvData[size]; + for (int i = 0; i < size; i++) recvData[i] = fdp.ConsumeIntegral<uint8_t>(); + bittube.recvObjects<uint8_t>(tube, recvData, size); + + return 0; +} |