trusty: fuzz: Helper library

Test: /data/fuzz/arm64/trusty_gatekeeper_fuzzer/trusty_gatekeeper_fuzzer
Change-Id: Ife058ca25417e6bee4bf593b10a4e7e4000f9f2f

trusty/fuzz/Android.bp

@@ -0,0 +1,42 @@
+// Copyright (C) 2020 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//       http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+cc_defaults {
+    name: "trusty_fuzzer_defaults",
+    static_libs: [
+        "libtrusty_fuzz_utils",
+    ],
+    shared_libs: [
+        "libbase",
+        "liblog",
+    ],
+    cflags: [
+        "-Wall",
+        "-Werror",
+    ],
+    fuzz_config: {
+        fuzz_on_haiku_device: false,
+        fuzz_on_haiku_host: false,
+    },
+}
+
+cc_library {
+    name: "libtrusty_fuzz_utils",
+    srcs: ["utils.cpp"],
+    export_include_dirs: ["include"],
+    shared_libs: [
+        "libbase",
+        "liblog",
+    ],
+}

trusty/fuzz/include/trusty/fuzz/utils.h

@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <string>
+
+#include <android-base/result.h>
+#include <android-base/unique_fd.h>
+
+#define TIPC_MAX_MSG_SIZE PAGE_SIZE
+
+namespace android {
+namespace trusty {
+namespace fuzz {
+
+class TrustyApp {
+  public:
+    TrustyApp(std::string tipc_dev, std::string ta_port);
+
+    android::base::Result<void> Connect();
+    android::base::Result<void> Read(void* buf, size_t len);
+    android::base::Result<void> Write(const void* buf, size_t len);
+
+    android::base::Result<int> GetRawFd();
+
+  private:
+    std::string tipc_dev_;
+    std::string ta_port_;
+    android::base::unique_fd ta_fd_;
+};
+
+}  // namespace fuzz
+}  // namespace trusty
+}  // namespace android

trusty/fuzz/utils.cpp

@@ -0,0 +1,109 @@
+/*
+ * Copyright (C) 2020 The Android Open Sourete Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "trusty-fuzz-utils"
+
+#include <trusty/fuzz/utils.h>
+
+#include <android-base/logging.h>
+#include <android-base/unique_fd.h>
+#include <linux/ioctl.h>
+#include <linux/types.h>
+#include <linux/uio.h>
+
+using android::base::ErrnoError;
+using android::base::Error;
+using android::base::Result;
+using android::base::unique_fd;
+
+#define TIPC_IOC_MAGIC 'r'
+#define TIPC_IOC_CONNECT _IOW(TIPC_IOC_MAGIC, 0x80, char*)
+
+static const size_t kTimeoutSeconds = 5;
+
+namespace android {
+namespace trusty {
+namespace fuzz {
+
+TrustyApp::TrustyApp(std::string tipc_dev, std::string ta_port)
+    : tipc_dev_(tipc_dev), ta_port_(ta_port), ta_fd_(-1) {}
+
+Result<void> TrustyApp::Connect() {
+    /*
+     * TODO: We can't use libtrusty because (yet)
+     * (1) cc_fuzz can't deal with vendor components (b/170753563)
+     * (2) We need non-blocking behavior to detect Trusty going down.
+     * (we could implement the timeout in the fuzzing code though, as
+     * it needs to be around the call to read())
+     */
+    alarm(kTimeoutSeconds);
+    int fd = open(tipc_dev_.c_str(), O_RDWR);
+    alarm(0);
+    if (fd < 0) {
+        return ErrnoError() << "failed to open TIPC device: ";
+    }
+    ta_fd_.reset(fd);
+
+    // This ioctl will time out in the kernel if it can't connect.
+    int rc = TEMP_FAILURE_RETRY(ioctl(ta_fd_, TIPC_IOC_CONNECT, ta_port_.c_str()));
+    if (rc < 0) {
+        return ErrnoError() << "failed to connect to TIPC service: ";
+    }
+
+    return {};
+}
+
+Result<void> TrustyApp::Read(void* buf, size_t len) {
+    if (ta_fd_ == -1) {
+        return Error() << "TA is not connected to yet: ";
+    }
+
+    alarm(kTimeoutSeconds);
+    int rc = read(ta_fd_, buf, len);
+    alarm(0);
+    if (rc < 0) {
+        return Error() << "failed to read TIPC message from TA: ";
+    }
+
+    return {};
+}
+
+Result<void> TrustyApp::Write(const void* buf, size_t len) {
+    if (ta_fd_ == -1) {
+        return Error() << "TA is not connected to yet: ";
+    }
+
+    alarm(kTimeoutSeconds);
+    int rc = write(ta_fd_, buf, len);
+    alarm(0);
+    if (rc < 0) {
+        return Error() << "failed to read TIPC message from TA: ";
+    }
+
+    return {};
+}
+
+Result<int> TrustyApp::GetRawFd() {
+    if (ta_fd_ == -1) {
+        return Error() << "TA is not connected to yet: ";
+    }
+
+    return ta_fd_;
+}
+
+}  // namespace fuzz
+}  // namespace trusty
+}  // namespace android