1 /*
2  * Copyright (C) 2023 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <fuzzbinder/libbinder_driver.h>
18 #include <fuzzbinder/random_fd.h>
19 
20 #include <android-base/logging.h>
21 #include <android-base/macros.h>
22 #include <cutils/properties.h>
23 #include <wifi_system/interface_tool.h>
24 
25 #include "wificond/looper_backed_event_loop.h"
26 #include "wificond/net/netlink_manager.h"
27 #include "wificond/net/netlink_utils.h"
28 #include "wificond/scanning/scan_utils.h"
29 #include "wificond/server.h"
30 
31 using android::net::wifi::nl80211::IWificond;
32 using android::wifi_system::InterfaceTool;
33 using std::unique_ptr;
34 using android::base::unique_fd;
35 using namespace android;
36 
fuzzOnBinderReadReady(int)37 void fuzzOnBinderReadReady(int /*fd*/) {}
38 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)39 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
40 
41     FuzzedDataProvider provider(data, size);
42     auto randomFds = getRandomFds(&provider);
43 
44     auto eventDispatcher = std::make_unique<wificond::LooperBackedEventLoop>();
45     eventDispatcher->WatchFileDescriptor(
46         randomFds[provider.ConsumeIntegralInRange<size_t>(0, randomFds.size() - 1)].get(),
47         android::wificond::EventLoop::kModeInput,
48         &fuzzOnBinderReadReady);
49 
50     android::wificond::NetlinkManager netlinkManager(eventDispatcher.get());
51     if (!netlinkManager.Start()) {
52         LOG(ERROR) << "Failed to start netlink manager";
53     }
54     android::wificond::NetlinkUtils netlinkUtils(&netlinkManager);
55     android::wificond::ScanUtils scanUtils(&netlinkManager);
56 
57     auto server = sp<android::wificond::Server>::make(
58               std::make_unique<InterfaceTool>(),
59               &netlinkUtils,
60               &scanUtils);
61     fuzzService(server, FuzzedDataProvider(data, size));
62     return 0;
63 }
64