1 /* 2 * Copyright 2020 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <IBinderFuzzFunctions.h> 20 #include <fuzzer/FuzzedDataProvider.h> 21 22 #include <binder/Binder.h> 23 #include <binder/IBinder.h> 24 #include <binder/Parcel.h> 25 #include <stdint.h> 26 #include <atomic> 27 28 namespace android { 29 30 /* This is a vector of lambda functions the fuzzer will pull from. 31 * This is done so new functions can be added to the fuzzer easily 32 * without requiring modifications to the main fuzzer file. This also 33 * allows multiple fuzzers to include this file, if functionality is needed. 34 */ 35 static const std::vector<std::function<void(FuzzedDataProvider*, const sp<BBinder>&)>> 36 gBBinderOperations = {[](FuzzedDataProvider*, const sp<BBinder>& bbinder) -> void { 37 bbinder->isRequestingSid(); 38 }, 39 [](FuzzedDataProvider* fdp, const sp<BBinder>& bbinder) -> void { 40 bool requestSid = fdp->ConsumeBool(); 41 bbinder->setRequestingSid(requestSid); 42 }, 43 [](FuzzedDataProvider*, const sp<BBinder>& bbinder) -> void { 44 bbinder->getExtension(); 45 }, 46 [](FuzzedDataProvider*, const sp<BBinder>& bbinder) -> void { 47 static IBinder* extension = nullptr; 48 bbinder->setExtension(extension); 49 }, 50 [](FuzzedDataProvider* fdp, const sp<BBinder>& bbinder) -> void { 51 int priority; 52 int policy = fdp->ConsumeIntegralInRange<int>(0, 2); 53 if (policy == 0) { 54 priority = fdp->ConsumeIntegralInRange<int>(-20, 19); 55 } else { 56 priority = fdp->ConsumeIntegralInRange<int>(1, 99); 57 } 58 bbinder->setMinSchedulerPolicy(policy, priority); 59 }, 60 [](FuzzedDataProvider*, const sp<BBinder>& bbinder) -> void { 61 bbinder->getMinSchedulerPolicy(); 62 }, 63 [](FuzzedDataProvider*, const sp<BBinder>& bbinder) -> void { 64 bbinder->getMinSchedulerPriority(); 65 }, 66 [](FuzzedDataProvider* fdp, const sp<BBinder>& bbinder) -> void { 67 bool inheritRt = fdp->ConsumeBool(); 68 bbinder->setInheritRt(inheritRt); 69 }, 70 [](FuzzedDataProvider*, const sp<BBinder>& bbinder) -> void { 71 bbinder->isInheritRt(); 72 }, 73 [](FuzzedDataProvider*, const sp<BBinder>& bbinder) -> void { 74 bbinder->getDebugPid(); 75 }}; 76 77 } // namespace android 78