Merge "Adding java lib for fuzzService"

5 files changed, 131 insertions, 0 deletions

diff --git a/core/tests/fuzzers/FuzzService/Android.bp b/core/tests/fuzzers/FuzzService/Android.bp
new file mode 100644
index 000000000000..5093185688df
--- /dev/null
+++ b/core/tests/fuzzers/FuzzService/Android.bp
@@ -0,0 +1,28 @@
+package {
+    default_applicable_licenses: ["frameworks_base_license"],
+}
+
+java_library {
+    name: "random_parcel_lib",
+    srcs: ["FuzzBinder.java"],
+}
+
+cc_library_shared {
+    name: "librandom_parcel_jni",
+    defaults: ["service_fuzzer_defaults"],
+    srcs: [
+        "random_parcel_jni.cpp",
+    ],
+    shared_libs: [
+        "libandroid_runtime",
+        "libbase",
+        "liblog",
+    ],
+    static_libs: [
+        "libnativehelper_lazy",
+        "libbinder_random_parcel",
+    ],
+    cflags: [
+        "-Wno-unused-parameter",
+    ],
+}
diff --git a/core/tests/fuzzers/FuzzService/FuzzBinder.java b/core/tests/fuzzers/FuzzService/FuzzBinder.java
new file mode 100644
index 000000000000..7c09831d9379
--- /dev/null
+++ b/core/tests/fuzzers/FuzzService/FuzzBinder.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package randomparcel;
+import android.os.IBinder;
+
+public class FuzzBinder {
+    static {
+        System.loadLibrary("random_parcel_jni");
+    }
+
+    // DO NOT REUSE: This API should be called from fuzzer to setup JNI dependencies from
+    // libandroid_runtime. THIS IS WORKAROUND. Please file a bug if you need to use this
+    public static void init() {
+        System.loadLibrary("android_runtime");
+        registerNatives();
+    }
+
+    // This API automatically fuzzes provided service
+    public static void fuzzService(IBinder binder, byte[] data) {
+        fuzzServiceInternal(binder, data);
+    }
+
+    private static native void fuzzServiceInternal(IBinder binder, byte[] data);
+    private static native int registerNatives();
+}
diff --git a/core/tests/fuzzers/FuzzService/random_parcel_jni.cpp b/core/tests/fuzzers/FuzzService/random_parcel_jni.cpp
new file mode 100644
index 000000000000..c0528d5c7b9a
--- /dev/null
+++ b/core/tests/fuzzers/FuzzService/random_parcel_jni.cpp
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "random_parcel_jni.h"
+#include <android_util_Binder.h>
+#include <fuzzbinder/libbinder_driver.h>
+#include <fuzzer/FuzzedDataProvider.h>
+using namespace android;
+
+// JNI interface for fuzzService
+JNIEXPORT void JNICALL Java_randomparcel_FuzzBinder_fuzzServiceInternal(JNIEnv *env, jobject thiz, jobject javaBinder, jbyteArray fuzzData) {
+    size_t len = static_cast<size_t>(env->GetArrayLength(fuzzData));
+    uint8_t data[len];
+    env->GetByteArrayRegion(fuzzData, 0, len, reinterpret_cast<jbyte*>(data));
+
+    FuzzedDataProvider provider(data, len);
+    sp<IBinder> binder = android::ibinderForJavaObject(env, javaBinder);
+    fuzzService(binder, std::move(provider));
+}
+
+// API used by AIDL fuzzers to access JNI functions from libandroid_runtime.
+JNIEXPORT jint JNICALL Java_randomparcel_FuzzBinder_registerNatives(JNIEnv* env) {
+    return registerFrameworkNatives(env);
+}
diff --git a/core/tests/fuzzers/FuzzService/random_parcel_jni.h b/core/tests/fuzzers/FuzzService/random_parcel_jni.h
new file mode 100644
index 000000000000..20a4c9d46aa6
--- /dev/null
+++ b/core/tests/fuzzers/FuzzService/random_parcel_jni.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <jni.h>
+
+extern "C" {
+    JNIEXPORT void JNICALL Java_randomparcel_FuzzBinder_fuzzServiceInternal(JNIEnv *env, jobject thiz, jobject javaBinder, jbyteArray fuzzData);
+
+    // Function to register libandroid_runtime JNI functions with java env.
+    JNIEXPORT jint JNICALL Java_randomparcel_FuzzBinder_registerNatives(JNIEnv* env);
+
+    // Function from AndroidRuntime
+    jint registerFrameworkNatives(JNIEnv* env);
+}
diff --git a/core/tests/fuzzers/OWNERS b/core/tests/fuzzers/OWNERS
new file mode 100644
index 000000000000..b972ac0f74e6
--- /dev/null
+++ b/core/tests/fuzzers/OWNERS
@@ -0,0 +1,2 @@
+smoreland@google.com
+waghpawan@google.com