Merge "libbinder: document not to use TextOutput"
diff --git a/cmds/atrace/atrace.cpp b/cmds/atrace/atrace.cpp
index 28fdaa4..fc3572c 100644
--- a/cmds/atrace/atrace.cpp
+++ b/cmds/atrace/atrace.cpp
@@ -239,6 +239,10 @@
{ OPT, "events/kmem/ion_heap_shrink/enable" },
{ OPT, "events/ion/ion_stat/enable" },
} },
+ { "thermal", "Thermal event", 0, {
+ { REQ, "events/thermal/thermal_temperature/enable" },
+ { OPT, "events/thermal/cdev_update/enable" },
+ } },
};
struct TracingVendorCategory {
diff --git a/cmds/atrace/atrace.rc b/cmds/atrace/atrace.rc
index 9b2f4a8..28770f2 100644
--- a/cmds/atrace/atrace.rc
+++ b/cmds/atrace/atrace.rc
@@ -164,6 +164,12 @@
chmod 0666 /sys/kernel/tracing/events/filemap/mm_filemap_delete_from_page_cache/enable
chmod 0666 /sys/kernel/debug/tracing/events/filemap/mm_filemap_delete_from_page_cache/enable
+ # thermal
+ chmod 0666 /sys/kernel/debug/tracing/events/thermal/thermal_temperature/enable
+ chmod 0666 /sys/kernel/tracing/events/thermal/thermal_temperature/enable
+ chmod 0666 /sys/kernel/debug/tracing/events/thermal/cdev_update/enable
+ chmod 0666 /sys/kernel/tracing/events/thermal/cdev_update/enable
+
# Tracing disabled by default
write /sys/kernel/debug/tracing/tracing_on 0
write /sys/kernel/tracing/tracing_on 0
diff --git a/cmds/lshal/Android.bp b/cmds/lshal/Android.bp
index 5afae4b..987adaf 100644
--- a/cmds/lshal/Android.bp
+++ b/cmds/lshal/Android.bp
@@ -75,7 +75,7 @@
defaults: ["lshal_defaults"],
gtest: true,
static_libs: [
- "android.hardware.tests.baz@1.0",
+ "android.hardware.tests.inheritance@1.0",
"libgmock",
],
shared_libs: [
diff --git a/cmds/lshal/DebugCommand.cpp b/cmds/lshal/DebugCommand.cpp
index af22ac9..72958bd 100644
--- a/cmds/lshal/DebugCommand.cpp
+++ b/cmds/lshal/DebugCommand.cpp
@@ -39,7 +39,7 @@
// Optargs cannnot be used because the flag should not be considered set
// if it should really be contained in mOptions.
if (std::string(arg.argv[optind]) == "-E") {
- mExcludesParentInstances = true;
+ mParentDebugInfoLevel = ParentDebugInfoLevel::NOTHING;
optind++;
}
@@ -67,7 +67,7 @@
return mLshal.emitDebugInfo(
pair.first, pair.second.empty() ? "default" : pair.second, mOptions,
- mExcludesParentInstances,
+ mParentDebugInfoLevel,
mLshal.out().buf(),
mLshal.err());
}
diff --git a/cmds/lshal/DebugCommand.h b/cmds/lshal/DebugCommand.h
index cd57e31..317cc28 100644
--- a/cmds/lshal/DebugCommand.h
+++ b/cmds/lshal/DebugCommand.h
@@ -21,6 +21,7 @@
#include <android-base/macros.h>
#include "Command.h"
+#include "ParentDebugInfoLevel.h"
#include "utils.h"
namespace android {
@@ -42,9 +43,8 @@
std::string mInterfaceName;
std::vector<std::string> mOptions;
- // Outputs the actual descriptor of a hal instead of the debug output
- // if the arguments provided are a superclass of the actual hal impl.
- bool mExcludesParentInstances;
+ // See comment on ParentDebugInfoLevel.
+ ParentDebugInfoLevel mParentDebugInfoLevel = ParentDebugInfoLevel::FULL;
DISALLOW_COPY_AND_ASSIGN(DebugCommand);
};
diff --git a/cmds/lshal/ListCommand.cpp b/cmds/lshal/ListCommand.cpp
index fb11cee..a805a48 100644
--- a/cmds/lshal/ListCommand.cpp
+++ b/cmds/lshal/ListCommand.cpp
@@ -555,7 +555,7 @@
std::stringstream ss;
auto pair = splitFirst(iName, '/');
mLshal.emitDebugInfo(pair.first, pair.second, {},
- false /* excludesParentInstances */, ss,
+ ParentDebugInfoLevel::FQNAME_ONLY, ss,
NullableOStream<std::ostream>(nullptr));
return ss.str();
};
diff --git a/cmds/lshal/Lshal.cpp b/cmds/lshal/Lshal.cpp
index 132b31e..2c3efe5 100644
--- a/cmds/lshal/Lshal.cpp
+++ b/cmds/lshal/Lshal.cpp
@@ -101,7 +101,7 @@
const std::string &interfaceName,
const std::string &instanceName,
const std::vector<std::string> &options,
- bool excludesParentInstances,
+ ParentDebugInfoLevel parentDebugInfoLevel,
std::ostream &out,
NullableOStream<std::ostream> err) const {
using android::hidl::base::V1_0::IBase;
@@ -126,7 +126,7 @@
return NO_INTERFACE;
}
- if (excludesParentInstances) {
+ if (parentDebugInfoLevel != ParentDebugInfoLevel::FULL) {
const std::string descriptor = getDescriptor(base.get());
if (descriptor.empty()) {
std::string msg = interfaceName + "/" + instanceName + " getDescriptor failed";
@@ -134,6 +134,9 @@
LOG(ERROR) << msg;
}
if (descriptor != interfaceName) {
+ if (parentDebugInfoLevel == ParentDebugInfoLevel::FQNAME_ONLY) {
+ out << "[See " << descriptor << "/" << instanceName << "]";
+ }
return OK;
}
}
diff --git a/cmds/lshal/Lshal.h b/cmds/lshal/Lshal.h
index 830bd87..50279d4 100644
--- a/cmds/lshal/Lshal.h
+++ b/cmds/lshal/Lshal.h
@@ -25,6 +25,7 @@
#include "Command.h"
#include "NullableOStream.h"
+#include "ParentDebugInfoLevel.h"
#include "utils.h"
namespace android {
@@ -49,7 +50,7 @@
const std::string &interfaceName,
const std::string &instanceName,
const std::vector<std::string> &options,
- bool excludesParentInstances,
+ ParentDebugInfoLevel parentDebugInfoLevel,
std::ostream &out,
NullableOStream<std::ostream> err) const;
diff --git a/cmds/lshal/ParentDebugInfoLevel.h b/cmds/lshal/ParentDebugInfoLevel.h
new file mode 100644
index 0000000..12ac9c8
--- /dev/null
+++ b/cmds/lshal/ParentDebugInfoLevel.h
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#pragma once
+
+namespace android {
+namespace lshal {
+
+// Describe verbosity when dumping debug information on a HAL service by
+// referring to a parent HAL interface FQName (for example, when dumping debug information
+// on foo@1.0::IFoo but the HAL implementation is foo@1.1::IFoo).
+enum class ParentDebugInfoLevel {
+ // Write nothing.
+ NOTHING,
+ // Write a short description that includes the FQName of the real implementation.
+ FQNAME_ONLY,
+ // Write full debug info.
+ FULL,
+};
+
+} // namespace lshal
+} // namespace android
diff --git a/cmds/lshal/test.cpp b/cmds/lshal/test.cpp
index 3d550ba..afe5d63 100644
--- a/cmds/lshal/test.cpp
+++ b/cmds/lshal/test.cpp
@@ -24,7 +24,7 @@
#include <gtest/gtest.h>
#include <gmock/gmock.h>
-#include <android/hardware/tests/baz/1.0/IQuux.h>
+#include <android/hardware/tests/inheritance/1.0/IChild.h>
#include <hidl/HidlTransportSupport.h>
#include <vintf/parse_xml.h>
@@ -44,6 +44,7 @@
using ::android::hardware::hidl_handle;
using ::android::hardware::hidl_string;
using ::android::hardware::hidl_vec;
+using ::android::hardware::Void;
using android::vintf::Arch;
using android::vintf::CompatibilityMatrix;
using android::vintf::gCompatibilityMatrixConverter;
@@ -59,10 +60,14 @@
namespace android {
namespace hardware {
namespace tests {
-namespace baz {
+namespace inheritance {
namespace V1_0 {
namespace implementation {
-struct Quux : android::hardware::tests::baz::V1_0::IQuux {
+struct Child : android::hardware::tests::inheritance::V1_0::IChild {
+ ::android::hardware::Return<void> doChild() override { return Void(); }
+ ::android::hardware::Return<void> doParent() override { return Void(); }
+ ::android::hardware::Return<void> doGrandparent() override { return Void(); }
+
::android::hardware::Return<void> debug(const hidl_handle& hh, const hidl_vec<hidl_string>& options) override {
const native_handle_t *handle = hh.getNativeHandle();
if (handle->numFds < 1) {
@@ -76,7 +81,7 @@
}
ssize_t written = write(fd, content.c_str(), content.size());
if (written != (ssize_t)content.size()) {
- LOG(WARNING) << "SERVER(Quux) debug writes " << written << " bytes < "
+ LOG(WARNING) << "SERVER(Child) debug writes " << written << " bytes < "
<< content.size() << " bytes, errno = " << errno;
}
return Void();
@@ -85,7 +90,7 @@
} // namespace implementation
} // namespace V1_0
-} // namespace baz
+} // namespace inheritance
} // namespace tests
} // namespace hardware
@@ -124,18 +129,24 @@
class DebugTest : public ::testing::Test {
public:
void SetUp() override {
- using ::android::hardware::tests::baz::V1_0::IQuux;
- using ::android::hardware::tests::baz::V1_0::implementation::Quux;
+ using ::android::hardware::tests::inheritance::V1_0::IChild;
+ using ::android::hardware::tests::inheritance::V1_0::IParent;
+ using ::android::hardware::tests::inheritance::V1_0::IGrandparent;
+ using ::android::hardware::tests::inheritance::V1_0::implementation::Child;
err.str("");
out.str("");
serviceManager = new testing::NiceMock<MockServiceManager>();
- ON_CALL(*serviceManager, get(_, _)).WillByDefault(Invoke(
- [](const auto &iface, const auto &inst) -> ::android::hardware::Return<sp<IBase>> {
- if (iface == IQuux::descriptor && inst == "default")
- return new Quux();
- return nullptr;
- }));
+ ON_CALL(*serviceManager, get(_, _))
+ .WillByDefault(
+ Invoke([](const auto& iface,
+ const auto& inst) -> ::android::hardware::Return<sp<IBase>> {
+ if (inst != "default") return nullptr;
+ if (iface == IChild::descriptor || iface == IParent::descriptor ||
+ iface == IGrandparent::descriptor)
+ return new Child();
+ return nullptr;
+ }));
lshal = std::make_unique<Lshal>(out, err, serviceManager, serviceManager);
}
@@ -159,17 +170,17 @@
TEST_F(DebugTest, Debug) {
EXPECT_EQ(0u, callMain(lshal, {
- "lshal", "debug", "android.hardware.tests.baz@1.0::IQuux/default", "foo", "bar"
+ "lshal", "debug", "android.hardware.tests.inheritance@1.0::IChild/default", "foo", "bar"
}));
- EXPECT_THAT(out.str(), StrEq("android.hardware.tests.baz@1.0::IQuux\nfoo\nbar"));
+ EXPECT_THAT(out.str(), StrEq("android.hardware.tests.inheritance@1.0::IChild\nfoo\nbar"));
EXPECT_THAT(err.str(), IsEmpty());
}
TEST_F(DebugTest, Debug2) {
EXPECT_EQ(0u, callMain(lshal, {
- "lshal", "debug", "android.hardware.tests.baz@1.0::IQuux", "baz", "quux"
+ "lshal", "debug", "android.hardware.tests.inheritance@1.0::IChild", "baz", "quux"
}));
- EXPECT_THAT(out.str(), StrEq("android.hardware.tests.baz@1.0::IQuux\nbaz\nquux"));
+ EXPECT_THAT(out.str(), StrEq("android.hardware.tests.inheritance@1.0::IChild\nbaz\nquux"));
EXPECT_THAT(err.str(), IsEmpty());
}
@@ -180,6 +191,22 @@
EXPECT_THAT(err.str(), HasSubstr("does not exist"));
}
+TEST_F(DebugTest, DebugParent) {
+ EXPECT_EQ(0u, callMain(lshal, {
+ "lshal", "debug", "android.hardware.tests.inheritance@1.0::IParent", "calling parent"
+ }));
+ EXPECT_THAT(out.str(), StrEq("android.hardware.tests.inheritance@1.0::IChild\ncalling parent"));
+ EXPECT_THAT(err.str(), IsEmpty());
+}
+
+TEST_F(DebugTest, DebugParentExclude) {
+ EXPECT_EQ(0u, callMain(lshal, {
+ "lshal", "debug", "-E", "android.hardware.tests.inheritance@1.0::IParent", "excluding"
+ }));
+ EXPECT_THAT(out.str(), IsEmpty());
+ EXPECT_THAT(err.str(), IsEmpty());
+}
+
class MockLshal : public Lshal {
public:
MockLshal() {}
@@ -766,6 +793,91 @@
EXPECT_EQ("", err.str());
}
+// Fake service returned by mocked IServiceManager::get for DumpDebug.
+// The interfaceChain and getHashChain functions returns
+// foo(id - 1) -> foo(id - 2) -> ... foo1 -> IBase.
+class InheritingService : public IBase {
+public:
+ explicit InheritingService(pid_t id) : mId(id) {}
+ android::hardware::Return<void> interfaceDescriptor(interfaceDescriptor_cb cb) override {
+ cb(getInterfaceName(mId));
+ return hardware::Void();
+ }
+ android::hardware::Return<void> interfaceChain(interfaceChain_cb cb) override {
+ std::vector<hidl_string> ret;
+ for (auto i = mId; i > 0; --i) {
+ ret.push_back(getInterfaceName(i));
+ }
+ ret.push_back(IBase::descriptor);
+ cb(ret);
+ return hardware::Void();
+ }
+ android::hardware::Return<void> getHashChain(getHashChain_cb cb) override {
+ std::vector<hidl_hash> ret;
+ for (auto i = mId; i > 0; --i) {
+ ret.push_back(getHashFromId(i));
+ }
+ ret.push_back(getHashFromId(0xff));
+ cb(ret);
+ return hardware::Void();
+ }
+ android::hardware::Return<void> debug(const hidl_handle& hh,
+ const hidl_vec<hidl_string>&) override {
+ const native_handle_t* handle = hh.getNativeHandle();
+ if (handle->numFds < 1) {
+ return Void();
+ }
+ int fd = handle->data[0];
+ std::string content = "debug info for ";
+ content += getInterfaceName(mId);
+ ssize_t written = write(fd, content.c_str(), content.size());
+ if (written != (ssize_t)content.size()) {
+ LOG(WARNING) << "SERVER(" << descriptor << ") debug writes " << written << " bytes < "
+ << content.size() << " bytes, errno = " << errno;
+ }
+ return Void();
+ }
+
+private:
+ pid_t mId;
+};
+
+TEST_F(ListTest, DumpDebug) {
+ size_t inheritanceLevel = 3;
+ sp<IBase> service = new InheritingService(inheritanceLevel);
+
+ EXPECT_CALL(*serviceManager, list(_)).WillRepeatedly(Invoke([&](IServiceManager::list_cb cb) {
+ std::vector<hidl_string> ret;
+ for (auto i = 1; i <= inheritanceLevel; ++i) {
+ ret.push_back(getInterfaceName(i) + "/default");
+ }
+ cb(ret);
+ return hardware::Void();
+ }));
+ EXPECT_CALL(*serviceManager, get(_, _))
+ .WillRepeatedly(
+ Invoke([&](const hidl_string&, const hidl_string& instance) -> sp<IBase> {
+ int id = getIdFromInstanceName(instance);
+ if (id > inheritanceLevel) return nullptr;
+ return sp<IBase>(service);
+ }));
+
+ const std::string expected = "[fake description 0]\n"
+ "Interface\n"
+ "a.h.foo1@1.0::IFoo/default\n"
+ "[See a.h.foo3@3.0::IFoo/default]\n"
+ "a.h.foo2@2.0::IFoo/default\n"
+ "[See a.h.foo3@3.0::IFoo/default]\n"
+ "a.h.foo3@3.0::IFoo/default\n"
+ "debug info for a.h.foo3@3.0::IFoo\n"
+ "\n";
+
+ optind = 1; // mimic Lshal::parseArg()
+ EXPECT_EQ(0u, mockList->main(createArg({"lshal", "--types=b", "-id"})));
+ EXPECT_EQ(expected, out.str());
+ EXPECT_EQ("", err.str());
+}
+
class ListVintfTest : public ListTest {
public:
virtual void SetUp() override {
diff --git a/libs/vr/libpdx/fuzz/Android.bp b/libs/vr/libpdx/fuzz/Android.bp
index 8ab09f3..b36e0de 100644
--- a/libs/vr/libpdx/fuzz/Android.bp
+++ b/libs/vr/libpdx/fuzz/Android.bp
@@ -1,5 +1,5 @@
cc_fuzz {
- name: "libpdx_fuzz",
+ name: "libpdx_service_dispatcher_fuzzer",
clang: true,
srcs: [
"service_dispatcher_fuzzer.cpp",
@@ -15,6 +15,48 @@
shared_libs: [
"libutils",
"liblog",
- "libcutils",
+ "libcutils"
+ ],
+}
+
+cc_fuzz {
+ name: "libpdx_message_fuzzer",
+ clang: true,
+ srcs: [
+ "message_fuzzer.cpp",
+ ],
+ cflags: [
+ "-Wall",
+ "-Wextra",
+ "-Werror",
+ ],
+ static_libs: [
+ "libpdx",
+ ],
+ shared_libs: [
+ "libutils",
+ "liblog",
+ "libcutils"
+ ],
+}
+
+cc_fuzz {
+ name: "libpdx_serialization_fuzzer",
+ clang: true,
+ srcs: [
+ "serialization_fuzzer.cpp",
+ ],
+ cflags: [
+ "-Wall",
+ "-Wextra",
+ "-Werror",
+ ],
+ static_libs: [
+ "libpdx",
+ ],
+ shared_libs: [
+ "libutils",
+ "liblog",
+ "libcutils"
],
}
diff --git a/libs/vr/libpdx/fuzz/message_fuzzer.cpp b/libs/vr/libpdx/fuzz/message_fuzzer.cpp
new file mode 100644
index 0000000..b627045
--- /dev/null
+++ b/libs/vr/libpdx/fuzz/message_fuzzer.cpp
@@ -0,0 +1,175 @@
+/*
+ * Copyright 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Authors: corbin.souffrant@leviathansecurity.com
+// brian.balling@leviathansecurity.com
+
+#include <fuzzer/FuzzedDataProvider.h>
+#include <helpers.h>
+#include <pdx/client_channel.h>
+#include <pdx/service.h>
+#include <pdx/service_dispatcher.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <sys/eventfd.h>
+#include <thread>
+
+using namespace android::pdx;
+
+// Fuzzer for Message object functions.
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ FuzzedDataProvider fdp = FuzzedDataProvider(data, size);
+
+ FuzzEndpoint* endpoint = new FuzzEndpoint(&fdp);
+ std::shared_ptr<Service> service(
+ new Service("FuzzService", std::unique_ptr<Endpoint>(endpoint)));
+ std::shared_ptr<Channel> channel(nullptr);
+
+ // Generate a random Message object to call functions in.
+ MessageInfo info;
+ info.pid = fdp.ConsumeIntegral<int>();
+ info.tid = fdp.ConsumeIntegral<int>();
+ info.cid = fdp.ConsumeIntegral<int>();
+ info.mid = fdp.ConsumeIntegral<int>();
+ info.euid = fdp.ConsumeIntegral<int>();
+ info.egid = fdp.ConsumeIntegral<int>();
+ info.op = fdp.ConsumeIntegral<int32_t>();
+ info.flags = fdp.ConsumeIntegral<uint32_t>();
+ info.service = service.get();
+ info.channel = channel.get();
+ info.send_len = fdp.ConsumeIntegral<size_t>();
+ info.recv_len = fdp.ConsumeIntegral<size_t>();
+ info.fd_count = fdp.ConsumeIntegral<size_t>();
+ if (fdp.remaining_bytes() >= 32) {
+ std::vector<uint8_t> impulse_vec = fdp.ConsumeBytes<uint8_t>(32);
+ memcpy(info.impulse, impulse_vec.data(), 32);
+ }
+
+ Message message = Message(info);
+
+ // A bunch of getters that probably won't do much, but might as well
+ // get coverage, while we are here.
+ message.GetProcessId();
+ message.GetThreadId();
+ message.GetEffectiveUserId();
+ message.GetEffectiveGroupId();
+ message.GetChannelId();
+ message.GetMessageId();
+ message.GetOp();
+ message.GetFlags();
+ message.GetSendLength();
+ message.GetReceiveLength();
+ message.GetFileDescriptorCount();
+ message.ImpulseEnd();
+ message.replied();
+ message.IsChannelExpired();
+ message.IsServiceExpired();
+ message.GetState();
+ message.GetState();
+
+ // Some misc. functions.
+ unsigned int fd = fdp.ConsumeIntegral<unsigned int>();
+ int clear_mask = fdp.ConsumeIntegral<int>();
+ int set_mask = fdp.ConsumeIntegral<int>();
+ Status<void> status = {};
+ message.ModifyChannelEvents(clear_mask, set_mask);
+
+ // Fuzz the handle functions.
+ LocalHandle l_handle = {};
+ BorrowedHandle b_handle = {};
+ RemoteHandle r_handle = {};
+ LocalChannelHandle lc_handle = {};
+ BorrowedChannelHandle bc_handle = {};
+ RemoteChannelHandle rc_handle = {};
+ FileReference f_ref = fdp.ConsumeIntegral<int32_t>();
+ ChannelReference c_ref = fdp.ConsumeIntegral<int32_t>();
+
+ // These don't actually modify any state in the Message or params.
+ // They can be called in any order.
+ message.PushFileHandle(b_handle);
+ message.PushFileHandle(r_handle);
+ message.PushChannelHandle(lc_handle);
+ message.PushChannelHandle(bc_handle);
+ message.PushChannelHandle(rc_handle);
+ message.GetFileHandle(f_ref, &l_handle);
+ message.GetChannelHandle(c_ref, &lc_handle);
+
+ // Can only reply once, pick at random.
+ switch (fdp.ConsumeIntegral<uint8_t>()) {
+ case 0:
+ message.ReplyFileDescriptor(fd);
+ break;
+ case 1:
+ message.Reply(status);
+ break;
+ case 2:
+ message.Reply(l_handle);
+ break;
+ case 3:
+ message.Reply(b_handle);
+ break;
+ case 4:
+ message.Reply(r_handle);
+ break;
+ case 5:
+ message.Reply(lc_handle);
+ break;
+ case 6:
+ message.Reply(bc_handle);
+ break;
+ case 7:
+ message.Reply(rc_handle);
+ }
+
+ // Fuzz the channel functions.
+ int flags = fdp.ConsumeIntegral<int>();
+ int channel_id = 0;
+ message.PushChannel(flags, channel, &channel_id);
+ message.CheckChannel(service.get(), c_ref, &channel);
+ message.CheckChannel(c_ref, &channel);
+ message.PushChannel(service.get(), flags, channel, &channel_id);
+ size_t iovec_size = sizeof(iovec);
+ struct iovec* iovecs = nullptr;
+
+ // Fuzz the read/write functions. Needs at least one iovec, plus one byte.
+ if (fdp.remaining_bytes() >= iovec_size + 1) {
+ std::vector<uint8_t> tmp_vec = fdp.ConsumeBytes<uint8_t>(iovec_size);
+ struct iovec* vector = reinterpret_cast<struct iovec*>(tmp_vec.data());
+ std::vector<uint8_t> tmp_buf =
+ fdp.ConsumeBytes<uint8_t>(fdp.remaining_bytes());
+ void* buf = reinterpret_cast<void*>(tmp_buf.data());
+ size_t buf_size = fdp.ConsumeIntegral<size_t>();
+
+ // Capping num_vecs to 1024 so it doesn't allocate too much memory.
+ size_t num_vecs = fdp.ConsumeIntegralInRange<size_t>(0, 1024);
+
+ if (num_vecs > 0)
+ iovecs = new struct iovec[num_vecs];
+ for (size_t i = 0; i < num_vecs; i++) {
+ iovecs[i] = *vector;
+ }
+
+ message.ReadAll(vector, buf_size);
+ message.WriteAll(buf, buf_size);
+ message.ReadVectorAll(vector, num_vecs);
+ message.WriteVectorAll(vector, num_vecs);
+ message.ReadVector(vector, buf_size);
+ message.WriteVector(vector, buf_size);
+ }
+
+ if (iovecs != nullptr)
+ delete[] iovecs;
+ return 0;
+}
diff --git a/libs/vr/libpdx/fuzz/serialization_fuzzer.cpp b/libs/vr/libpdx/fuzz/serialization_fuzzer.cpp
new file mode 100644
index 0000000..afde5f7
--- /dev/null
+++ b/libs/vr/libpdx/fuzz/serialization_fuzzer.cpp
@@ -0,0 +1,111 @@
+/*
+ * Copyright 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+// Authors: corbin.souffrant@leviathansecurity.com
+// brian.balling@leviathansecurity.com
+
+#include <errno.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include <memory>
+#include <string>
+#include <thread>
+#include <utility>
+
+#include <fuzzer/FuzzedDataProvider.h>
+#include <pdx/rpc/argument_encoder.h>
+#include <pdx/rpc/array_wrapper.h>
+#include <pdx/rpc/default_initialization_allocator.h>
+#include <pdx/rpc/payload.h>
+#include <pdx/rpc/serializable.h>
+#include <pdx/rpc/serialization.h>
+#include <pdx/rpc/string_wrapper.h>
+#include <pdx/utility.h>
+
+using namespace android::pdx;
+using namespace android::pdx::rpc;
+
+struct FuzzType {
+ int a;
+ float b;
+ std::string c;
+
+ FuzzType() {}
+ FuzzType(int a, float b, const std::string& c) : a(a), b(b), c(c) {}
+
+ private:
+ PDX_SERIALIZABLE_MEMBERS(FuzzType, a, b, c);
+};
+
+// Fuzzer for Serialization operations, this is mostly just lifted from the
+// existing test cases to use fuzzed values as inputs.
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ FuzzedDataProvider fdp = FuzzedDataProvider(data, size);
+ Payload result;
+
+ // Currently, only fuzzing subset of types. In the future, may want
+ // to add more difficult to generate types like array, map, enum, etc...
+ bool b_val = fdp.ConsumeBool();
+ uint8_t u8_val = fdp.ConsumeIntegral<uint8_t>();
+ uint16_t u16_val = fdp.ConsumeIntegral<uint16_t>();
+ uint32_t u32_val = fdp.ConsumeIntegral<uint32_t>();
+ uint64_t u64_val = fdp.ConsumeIntegral<uint64_t>();
+ int8_t i8_val = fdp.ConsumeIntegral<int8_t>();
+ int16_t i16_val = fdp.ConsumeIntegral<uint16_t>();
+ int32_t i32_val = fdp.ConsumeIntegral<uint32_t>();
+ int64_t i64_val = fdp.ConsumeIntegral<uint64_t>();
+ float f_val = fdp.ConsumeFloatingPoint<float>();
+ double d_val = fdp.ConsumeFloatingPoint<double>();
+ std::string s_val = fdp.ConsumeRandomLengthString(fdp.remaining_bytes());
+ std::vector<uint8_t> vec_val =
+ fdp.ConsumeBytes<uint8_t>(fdp.remaining_bytes());
+ FuzzType t1_val{reinterpret_cast<int>(i32_val), f_val, s_val};
+
+ // Types need to be individually fuzzed because code path changes depending
+ // on which type is being serialized/deserialized.
+ Serialize(b_val, &result);
+ Deserialize(&b_val, &result);
+ Serialize(u8_val, &result);
+ Deserialize(&u8_val, &result);
+ Serialize(u16_val, &result);
+ Deserialize(&u16_val, &result);
+ Serialize(u32_val, &result);
+ Deserialize(&u32_val, &result);
+ Serialize(u64_val, &result);
+ Deserialize(&u64_val, &result);
+ Serialize(i8_val, &result);
+ Deserialize(&i8_val, &result);
+ Serialize(i16_val, &result);
+ Deserialize(&i16_val, &result);
+ Serialize(i32_val, &result);
+ Deserialize(&i32_val, &result);
+ Serialize(i64_val, &result);
+ Deserialize(&i64_val, &result);
+ Serialize(f_val, &result);
+ Deserialize(&f_val, &result);
+ Serialize(d_val, &result);
+ Deserialize(&d_val, &result);
+ Serialize(s_val, &result);
+ Deserialize(&s_val, &result);
+ Serialize(WrapString(s_val), &result);
+ Deserialize(&s_val, &result);
+ Serialize(vec_val, &result);
+ Deserialize(&vec_val, &result);
+ Serialize(t1_val, &result);
+ Deserialize(&t1_val, &result);
+
+ return 0;
+}