StrixOS/build_soong
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add ISE requested params to soong bp

Browse Source 
The newly added params will be used to help automatically assign bugs
found by fuzzers.

Test: m example_fuzzer
Bug: 236732888
Change-Id: I80e38fae171f8a5798a1495d057bfa6942857c4a
This commit is contained in:
hamzeh
2022-06-21 12:22:06 -07:00
parent c180dbd4c7
commit e8a1bfa39f
1 changed files with 58 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
fuzz/fuzz_common.go
View File

@@ -18,6 +18,7 @@ package fuzz
import ( import (
"encoding/json" "encoding/json"
"fmt"
"sort" "sort"
"strings" "strings"
@@ -59,9 +60,65 @@ type ArchOs struct {
Dir string Dir string
} }
type PrivilegedLevel string
const (
// Environment with the most minimal permissions.
Constrained PrivilegedLevel = "Constrained"
// Typical execution environment running unprivileged code.
Unprivileged = "Unprivileged"
// May have access to elevated permissions.
Privileged = "Privileged"
// Trusted computing base.
Tcb = "TCB"
// Bootloader chain.
Bootloader = "Bootloader"
// Tusted execution environment.
Tee = "Tee"
// Secure enclave.
Se = "Se"
// Other.
Other = "Other"
)
func IsValidConfig(fuzzModule FuzzPackagedModule, moduleName string) bool {
var config = fuzzModule.FuzzProperties.Fuzz_config
if config != nil {
var level = PrivilegedLevel(config.Privilege_level)
if level != "" {
switch level {
case Constrained, Unprivileged, Privileged, Tcb, Bootloader, Tee, Se, Other:
return true
}
panic(fmt.Errorf("Invalid privileged level in fuzz config in %s", moduleName))
}
return true
} else {
return false
}
}
type FuzzConfig struct { type FuzzConfig struct {
// Email address of people to CC on bugs or contact about this fuzz target. // Email address of people to CC on bugs or contact about this fuzz target.
Cc []string `json:"cc,omitempty"` Cc []string `json:"cc,omitempty"`
// A brief description of what the fuzzed code does.
Description string `json:"description,omitempty"`
// Can this code be triggered remotely or only locally.
Remotely_accessible bool `json:"remotely_accessible,omitempty"`
// Is the fuzzed code host only, i.e. test frameworks or support utilities.
Host_only bool `json:"access_vector,omitempty"`
// Can third party/untrusted apps supply data to fuzzed code.
Untrusted_data bool `json:"untrusted_data,omitempty"`
// Is the code being fuzzed in a privileged, constrained or any other
// context from:
// https://source.android.com/security/overview/updates-resources#context_types.
Privilege_level PrivilegedLevel `json:"privilege_level,omitempty"`
// Can the fuzzed code isolated or can be called by multiple users/processes.
Isolated bool `json:"users_isolation,omitempty"`
// When code was relaeased or will be released.
Production_date string `json:"production_date,omitempty"`
// Prevents critical service functionality like phone calls, bluetooth, etc.
Critical bool `json:"critical,omitempty"`
// Specify whether to enable continuous fuzzing on devices. Defaults to true. // Specify whether to enable continuous fuzzing on devices. Defaults to true.
Fuzz_on_haiku_device *bool `json:"fuzz_on_haiku_device,omitempty"` Fuzz_on_haiku_device *bool `json:"fuzz_on_haiku_device,omitempty"`
// Specify whether to enable continuous fuzzing on host. Defaults to true. // Specify whether to enable continuous fuzzing on host. Defaults to true.
@@ -157,7 +214,7 @@ func (s *FuzzPackager) PackageArtifacts(ctx android.SingletonContext, module and
} }
// Additional fuzz config. // Additional fuzz config.
if fuzzModule.Config != nil { if fuzzModule.Config != nil && IsValidConfig(fuzzModule, module.Name()) {
files = append(files, FileToZip{fuzzModule.Config, ""}) files = append(files, FileToZip{fuzzModule.Config, ""})
} }