1 /*
2 * Copyright (C) 2021 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <stdlib.h>
18 #include <trusty/coverage/coverage.h>
19 #include <trusty/coverage/uuid.h>
20 #include <trusty/fuzz/counters.h>
21 #include <trusty/fuzz/utils.h>
22 #include <unistd.h>
23 #include <iostream>
24 #include <memory>
25
26 using android::trusty::coverage::CoverageRecord;
27 using android::trusty::fuzz::ExtraCounters;
28 using android::trusty::fuzz::TrustyApp;
29
30 #define TIPC_DEV "/dev/trusty-ipc-dev0"
31
32 #ifndef TRUSTY_APP_PORT
33 #error "Port name must be parameterized using -DTRUSTY_APP_PORT."
34 #endif
35
36 #ifndef TRUSTY_APP_UUID
37 #error "UUID must be parameterized using -DTRUSTY_APP_UUID."
38 #endif
39
40 #ifndef TRUSTY_APP_FILENAME
41 #error "Binary file name must be parameterized using -DTRUSTY_APP_FILENAME."
42 #endif
43
44 static TrustyApp kTrustyApp(TIPC_DEV, TRUSTY_APP_PORT);
45 static std::unique_ptr<CoverageRecord> record;
46
LLVMFuzzerInitialize(int *,char ***)47 extern "C" int LLVMFuzzerInitialize(int* /* argc */, char*** /* argv */) {
48 uuid module_uuid;
49
50 if (!str_to_uuid(TRUSTY_APP_UUID, &module_uuid)) {
51 std::cerr << "Failed to parse UUID: " << TRUSTY_APP_UUID << std::endl;
52 exit(-1);
53 }
54
55 /* Make sure lazy-loaded TAs have started and connected to coverage service. */
56 auto ret = kTrustyApp.Connect();
57 if (!ret.ok()) {
58 std::cerr << ret.error() << std::endl;
59 exit(-1);
60 }
61
62 record = std::make_unique<CoverageRecord>(TIPC_DEV, &module_uuid, TRUSTY_APP_FILENAME);
63 if (!record) {
64 std::cerr << "Failed to allocate coverage record" << std::endl;
65 exit(-1);
66 }
67
68 ret = record->Open();
69 if (!ret.ok()) {
70 std::cerr << ret.error() << std::endl;
71 exit(-1);
72 }
73 return 0;
74 }
75
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)76 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
77 static uint8_t buf[TIPC_MAX_MSG_SIZE];
78
79 ExtraCounters counters(record.get());
80 counters.Reset();
81
82 auto ret = kTrustyApp.Write(data, size);
83 if (ret.ok()) {
84 ret = kTrustyApp.Read(&buf, sizeof(buf));
85 }
86
87 // Reconnect to ensure that the service is still up
88 kTrustyApp.Disconnect();
89 ret = kTrustyApp.Connect();
90 if (!ret.ok()) {
91 std::cerr << ret.error() << std::endl;
92 android::trusty::fuzz::Abort();
93 }
94
95 return ret.ok() ? 0 : -1;
96 }
97