Google Git
Sign in
fuchsia / third_party / android / platform / hardware / interfaces / 4f3ac4267d044574155ae1b88f3a83676dc6152b / . / automotive / vehicle / 2.0 / default / tests / fuzzer
tree: d49f21db9bd11dcc06c99400a0646d853a92cb5e [path history] [tgz]
  1. README.md
  2. VehicleManager_fuzzer.cpp
  3. VehicleManager_fuzzer.h
automotive/vehicle/2.0/default/tests/fuzzer/README.md

Fuzzer for android.hardware.automotive.vehicle@2.0-manager-lib

Plugin Design Considerations

The fuzzer plugin for android.hardware.automotive.vehicle@2.0-manager-lib is designed based on the understanding of the library and tries to achieve the following:

Maximize code coverage

The configuration parameters are not hardcoded, but instead selected based on incoming data. This ensures more code paths are reached by the fuzzer.

Vehicle Manager supports the following parameters:

  1. Vehicle Property (parameter name: vehicleProp)
  2. Diagnostic Integer Sensor Index (parameter name: diagnosticIntIndex)
  3. Diagnostic Float Sensor Index (parameter name: diagnosticFloatIndex)
  4. Availability Message Type (parameter name: availabilityMsgType)
  5. Subscription Message Type (parameter name: subscriptionMsgType)
ParameterValid ValuesConfigured Value
vehicleProp0.VehicleProperty::INVALID 1.VehicleProperty::HVAC_FAN_SPEED 2.VehicleProperty::INFO_MAKE 3.VehicleProperty::DISPLAY_BRIGHTNESS 4.VehicleProperty::INFO_FUEL_CAPACITY 5.VehicleProperty::HVAC_SEAT_TEMPERATUREValue obtained from FuzzedDataProvider
diagnosticIntIndex0.DiagnosticIntegerSensorIndex::FUEL_SYSTEM_STATUS 1.DiagnosticIntegerSensorIndex::MALFUNCTION_INDICATOR_LIGHT_ON 2.DiagnosticIntegerSensorIndex::NUM_OXYGEN_SENSORS_PRESENT 3.DiagnosticIntegerSensorIndex::FUEL_TYPEValue obtained from FuzzedDataProvider
diagnosticFloatIndex0.DiagnosticFloatSensorIndex::CALCULATED_ENGINE_LOAD 1.DiagnosticFloatSensorIndex::SHORT_TERM_FUEL_TRIM_BANK1 2.DiagnosticFloatSensorIndex::LONG_TERM_FUEL_TRIM_BANK1 3.DiagnosticFloatSensorIndex::THROTTLE_POSITIONValue obtained from FuzzedDataProvider
availabilityMsgType0.VmsMessageType::AVAILABILITY_CHANGE 1.VmsMessageType::AVAILABILITY_RESPONSEValue obtained from FuzzedDataProvider
subscriptionMsgType0.VmsMessageType::SUBSCRIPTIONS_CHANGE 1.VmsMessageType::SUBSCRIPTIONS_RESPONSEValue obtained from FuzzedDataProvider

This also ensures that the plugin is always deterministic for any given input.

Build

This describes steps to build vehicleManager_fuzzer binary.

Android

Steps to build

Build the fuzzer

  $ mm -j$(nproc) vehicleManager_fuzzer

Steps to run

Create a directory CORPUS_DIR

  $ adb shell mkdir /data/local/tmp/CORPUS_DIR
Some Additional steps needed to run the vehicleManager_fuzzer successfully on device
  1. Push the following libraries from /vendor/lib/ and /vendor/lib64/ folders of your workspace to the device's /vendor/lib/ and /vendor/lib64/ :
1.1  android.hardware.automotive.vehicle@2.0.so
1.2  carwatchdog_aidl_interface-V2-ndk_platform.so
  1. Now, reboot the device using command
  $ adb reboot
To run the fuzzer on device
  $ adb sync data
  $ adb shell LD_LIBRARY_PATH=/vendor/lib64 /data/fuzz/${TARGET_ARCH}/vehicleManager_fuzzer/vendor/vehicleManager_fuzzer /data/local/tmp/CORPUS_DIR

References: