From 362e4da21fe93e231ae60960ad6dbcdb21930d5a Mon Sep 17 00:00:00 2001
From: Steven Moreland <smoreland@google.com>
Date: Fri, 16 Oct 2020 19:49:39 +0000
Subject: binder_parcel_fuzzer: split out random_parcel.h

This creates libbinder_random_parcel which can create a random libbinder
parcel, complete with random fds/random binder objects, for use in other
fuzzers.

Future considerations:
- also export NdkBinderParcelAdapter, for use fuzzing libbinder_ndk
  users
- implement similar functionality for libhwbinder

Bug: N/A
Test: binder_parcel_fuzzer
Change-Id: I4943c5e8b6662a8155dc42109eda245f35eedef8
---
 libs/binder/parcel_fuzzer/Android.bp               | 18 +++++++++++++++
 .../include_random_parcel/fuzzbinder/random_fd.h   | 27 ++++++++++++++++++++++
 .../fuzzbinder/random_parcel.h                     | 24 +++++++++++++++++++
 libs/binder/parcel_fuzzer/main.cpp                 |  7 +++++-
 libs/binder/parcel_fuzzer/random_fd.cpp            |  2 +-
 libs/binder/parcel_fuzzer/random_fd.h              | 27 ----------------------
 libs/binder/parcel_fuzzer/random_parcel.cpp        |  9 ++------
 libs/binder/parcel_fuzzer/random_parcel.h          | 27 ----------------------
 8 files changed, 78 insertions(+), 63 deletions(-)
 create mode 100644 libs/binder/parcel_fuzzer/include_random_parcel/fuzzbinder/random_fd.h
 create mode 100644 libs/binder/parcel_fuzzer/include_random_parcel/fuzzbinder/random_parcel.h
 delete mode 100644 libs/binder/parcel_fuzzer/random_fd.h
 delete mode 100644 libs/binder/parcel_fuzzer/random_parcel.h

diff --git a/libs/binder/parcel_fuzzer/Android.bp b/libs/binder/parcel_fuzzer/Android.bp
index 1a6789833c..c5b3d8049b 100644
--- a/libs/binder/parcel_fuzzer/Android.bp
+++ b/libs/binder/parcel_fuzzer/Android.bp
@@ -18,6 +18,7 @@ cc_fuzz {
     ],
     static_libs: [
         "libbase",
+        "libbinder_random_parcel",
         "libcgrouprc",
         "libcgrouprc_format",
         "libcutils",
@@ -47,3 +48,20 @@ cc_fuzz {
     // produced, you may find uncommenting the below line very useful.
     // cflags: ["-DENABLE_LOG_FUZZ"],
 }
+
+cc_library_static {
+    name: "libbinder_random_parcel",
+    host_supported: true,
+    srcs: [
+        "random_fd.cpp",
+        "random_parcel.cpp",
+    ],
+    shared_libs: [
+        "libbase",
+        "libbinder",
+        "libcutils",
+        "libutils",
+    ],
+    local_include_dirs: ["include_random_parcel"],
+    export_include_dirs: ["include_random_parcel"],
+}
diff --git a/libs/binder/parcel_fuzzer/include_random_parcel/fuzzbinder/random_fd.h b/libs/binder/parcel_fuzzer/include_random_parcel/fuzzbinder/random_fd.h
new file mode 100644
index 0000000000..0a083d7665
--- /dev/null
+++ b/libs/binder/parcel_fuzzer/include_random_parcel/fuzzbinder/random_fd.h
@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <fuzzer/FuzzedDataProvider.h>
+
+namespace android {
+
+// ownership to callee, always valid or aborts
+// get a random FD for use in fuzzing, of a few different specific types
+int getRandomFd(FuzzedDataProvider* provider);
+
+} // namespace android
diff --git a/libs/binder/parcel_fuzzer/include_random_parcel/fuzzbinder/random_parcel.h b/libs/binder/parcel_fuzzer/include_random_parcel/fuzzbinder/random_parcel.h
new file mode 100644
index 0000000000..b92a6a9f8e
--- /dev/null
+++ b/libs/binder/parcel_fuzzer/include_random_parcel/fuzzbinder/random_parcel.h
@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <binder/Parcel.h>
+#include <fuzzer/FuzzedDataProvider.h>
+
+namespace android {
+void fillRandomParcel(Parcel* p, FuzzedDataProvider&& provider);
+} // namespace android
diff --git a/libs/binder/parcel_fuzzer/main.cpp b/libs/binder/parcel_fuzzer/main.cpp
index 46bf4178d0..386c70ba80 100644
--- a/libs/binder/parcel_fuzzer/main.cpp
+++ b/libs/binder/parcel_fuzzer/main.cpp
@@ -18,10 +18,10 @@
 #include "binder.h"
 #include "binder_ndk.h"
 #include "hwbinder.h"
-#include "random_parcel.h"
 #include "util.h"
 
 #include <android-base/logging.h>
+#include <fuzzbinder/random_parcel.h>
 #include <fuzzer/FuzzedDataProvider.h>
 
 #include <cstdlib>
@@ -30,9 +30,14 @@
 using android::fillRandomParcel;
 
 void fillRandomParcel(::android::hardware::Parcel* p, FuzzedDataProvider&& provider) {
+    // TODO: functionality to create random parcels for libhwbinder parcels
     std::vector<uint8_t> input = provider.ConsumeRemainingBytes<uint8_t>();
     p->setData(input.data(), input.size());
 }
+static void fillRandomParcel(NdkParcelAdapter* p, FuzzedDataProvider&& provider) {
+    // fill underlying parcel using functions to fill random libbinder parcel
+    fillRandomParcel(p->parcel(), std::move(provider));
+}
 
 template <typename P>
 void doFuzz(const char* backend, const std::vector<ParcelRead<P>>& reads,
diff --git a/libs/binder/parcel_fuzzer/random_fd.cpp b/libs/binder/parcel_fuzzer/random_fd.cpp
index eb80ece747..cef6adb82d 100644
--- a/libs/binder/parcel_fuzzer/random_fd.cpp
+++ b/libs/binder/parcel_fuzzer/random_fd.cpp
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-#include "random_fd.h"
+#include <fuzzbinder/random_fd.h>
 
 #include <fcntl.h>
 
diff --git a/libs/binder/parcel_fuzzer/random_fd.h b/libs/binder/parcel_fuzzer/random_fd.h
deleted file mode 100644
index 0a083d7665..0000000000
--- a/libs/binder/parcel_fuzzer/random_fd.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#pragma once
-
-#include <fuzzer/FuzzedDataProvider.h>
-
-namespace android {
-
-// ownership to callee, always valid or aborts
-// get a random FD for use in fuzzing, of a few different specific types
-int getRandomFd(FuzzedDataProvider* provider);
-
-} // namespace android
diff --git a/libs/binder/parcel_fuzzer/random_parcel.cpp b/libs/binder/parcel_fuzzer/random_parcel.cpp
index 3dae9043da..9ca4c8aca4 100644
--- a/libs/binder/parcel_fuzzer/random_parcel.cpp
+++ b/libs/binder/parcel_fuzzer/random_parcel.cpp
@@ -14,20 +14,15 @@
  * limitations under the License.
  */
 
-#include "random_parcel.h"
-
-#include "random_fd.h"
+#include <fuzzbinder/random_parcel.h>
 
 #include <android-base/logging.h>
 #include <binder/IServiceManager.h>
+#include <fuzzbinder/random_fd.h>
 #include <utils/String16.h>
 
 namespace android {
 
-void fillRandomParcel(NdkParcelAdapter* p, FuzzedDataProvider&& provider) {
-    fillRandomParcel(p->parcel(), std::move(provider));
-}
-
 class NamedBinder : public BBinder {
 public:
     NamedBinder(const String16& descriptor) : mDescriptor(descriptor) {}
diff --git a/libs/binder/parcel_fuzzer/random_parcel.h b/libs/binder/parcel_fuzzer/random_parcel.h
deleted file mode 100644
index 2923c47f46..0000000000
--- a/libs/binder/parcel_fuzzer/random_parcel.h
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#pragma once
-
-#include "binder_ndk.h"
-
-#include <binder/Parcel.h>
-#include <fuzzer/FuzzedDataProvider.h>
-
-namespace android {
-void fillRandomParcel(Parcel* p, FuzzedDataProvider&& provider);
-void fillRandomParcel(NdkParcelAdapter* p, FuzzedDataProvider&& provider);
-} // namespace android
-- 
cgit v1.2.3-59-g8ed1b