1 /*
2  * Copyright (C) 2022 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 use binder::binder_impl::Parcel;
18 use binder::unstable_api::{AParcel, AsNative};
19 use binder::SpIBinder;
20 use binder_random_parcel_bindgen::{createRandomParcel, fuzzRustService};
21 use std::os::raw::c_void;
22 
23 /// This API creates a random parcel to be used by fuzzers
create_random_parcel(fuzzer_data: &[u8]) -> Parcel24 pub fn create_random_parcel(fuzzer_data: &[u8]) -> Parcel {
25     let mut parcel = Parcel::new();
26     let aparcel_ptr: *mut AParcel = parcel.as_native_mut();
27     let ptr = aparcel_ptr as *mut c_void;
28     unsafe {
29         // Safety: `Parcel::as_native_mut` and `slice::as_ptr` always
30         // return valid pointers.
31         createRandomParcel(ptr, fuzzer_data.as_ptr(), fuzzer_data.len());
32     }
33     parcel
34 }
35 
36 /// This API automatically fuzzes provided service
fuzz_service(binder: &mut SpIBinder, fuzzer_data: &[u8])37 pub fn fuzz_service(binder: &mut SpIBinder, fuzzer_data: &[u8]) {
38     let mut binders = [binder];
39     fuzz_multiple_services(&mut binders, fuzzer_data);
40 }
41 
42 /// This API automatically fuzzes provided services
fuzz_multiple_services(binders: &mut [&mut SpIBinder], fuzzer_data: &[u8])43 pub fn fuzz_multiple_services(binders: &mut [&mut SpIBinder], fuzzer_data: &[u8]) {
44     let mut cppBinders = vec![];
45     for binder in binders.iter_mut() {
46         let ptr = binder.as_native_mut() as *mut c_void;
47         cppBinders.push(ptr);
48     }
49 
50     unsafe {
51         // Safety: `Vec::as_mut_ptr` and `slice::as_ptr` always
52         // return valid pointers.
53         fuzzRustService(
54             cppBinders.as_mut_ptr(),
55             cppBinders.len(),
56             fuzzer_data.as_ptr(),
57             fuzzer_data.len(),
58         );
59     }
60 }
61