friendlyelec
/
rk35xx-android14
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8ce655ce24'
${ noResults }
rk35xx-android14/system/core/init/fuzzer
History
hmz007 36ed224bac
Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 		1 year ago
..
Android.bp Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
README.md Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
init_parser_fuzzer.cpp Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
init_property_fuzzer.cpp Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
init_ueventHandler_fuzzer.cpp Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago

README.md

Fuzzers for libinit

Table of contents

Fuzzer for InitParser

InitParser supports the following parameters:

  1. ValidPathNames (parameter name: "kValidPaths")
  2. ValidParseInputs (parameter name: "kValidInputs")
Parameter Valid Values Configured Value
kValidPaths 0./system/etc/init/hw/init.rc,
1./system/etc/init		 Value obtained from FuzzedDataProvider
kValidInputs 0.{"","cpu", "10", "10"},
1.{"","RLIM_CPU", "10", "10"},
2.{"","12", "unlimited", "10"},
3.{"","13", "-1", "10"},
4.{"","14", "10", "unlimited"},
5.{"","15", "10", "-1"}		 Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) init_parser_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/init_parser_fuzzer/init_parser_fuzzer

Fuzzer for InitProperty

InitProperty supports the following parameters: PropertyType (parameter name: "PropertyType")

Parameter Valid Values Configured Value
PropertyType 0.STRING,
1.BOOL,
2.INT,
3.UINT,
4.DOUBLE,
5.SIZE,
6.ENUM,
7.RANDOM		 Value obtained from FuzzedDataProvider

Steps to run

  1. Build the fuzzer
  $ mm -j$(nproc) init_property_fuzzer
  1. Run on device
  $ adb sync data
  $ adb shell /data/fuzz/arm64/init_property_fuzzer/init_property_fuzzer

Fuzzer for InitUeventHandler

Maximize code coverage

The configuration parameters are not hardcoded, but instead selected based on incoming data. This ensures more code paths are reached by the fuzzer.

InitUeventHandler supports the following parameters:

  1. Major (parameter name: major)
  2. Minor (parameter name: minor)
  3. PartitionNum (parameter name: partition_num)
  4. Uid (parameter name: uid)
  5. Gid (parameter name: gid)
  6. Action (parameter name: action)
  7. Path (parameter name: path)
  8. Subsystem (parameter name: subsystem)
  9. PartitionName (parameter name: partition_name)
  10. DeviceName (parameter name: device_name)
  11. Modalias (parameter name: modalias)
  12. DevPath (parameter name: devPath)
  13. HandlerPath (parameter name: handlerPath)
Parameter Valid Values Configured Value
major UINT32_MIN to UINT32_MAX Value obtained from FuzzedDataProvider
minor UINT32_MIN to UINT32_MAX Value obtained from FuzzedDataProvider
partition_num UINT32_MIN to UINT32_MAX Value obtained from FuzzedDataProvider
uid UINT32_MIN to UINT32_MAX Value obtained from FuzzedDataProvider
gid UINT32_MIN to UINT32_MAX Value obtained from FuzzedDataProvider
action String Value obtained from FuzzedDataProvider
path String Value obtained from FuzzedDataProvider
subsystem String Value obtained from FuzzedDataProvider
partition_name String Value obtained from FuzzedDataProvider
device_name String Value obtained from FuzzedDataProvider
modalias String Value obtained from FuzzedDataProvider
devPath String Value obtained from FuzzedDataProvider
handlerPath String Value obtained from FuzzedDataProvider

This also ensures that the plugin is always deterministic for any given input.

Steps to run

  1. Build the fuzzer
$ mm -j$(nproc) init_ueventHandler_fuzzer
  1. Run on device
$ adb sync data
$ adb shell /data/fuzz/arm64/init_ueventHandler_fuzzer/init_ueventHandler_fuzzer