1 /*
2  * Copyright 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <fuzzer/FuzzedDataProvider.h>
20 
21 #include <binder/Parcel.h>
22 #include <binder/Status.h>
23 #include <stdio.h>
24 #include <utils/String8.h>
25 #include <cstdint>
26 #include <sstream>
27 #include <string>
28 
29 namespace android {
30 /* This is a vector of lambda functions the fuzzer will pull from.
31  *  This is done so new functions can be added to the fuzzer easily
32  *  without requiring modifications to the main fuzzer file. This also
33  *  allows multiple fuzzers to include this file, if functionality is needed.
34  */
35 static const std::vector<std::function<void(FuzzedDataProvider*, binder::Status*, Parcel*)>>
36         gStatusOperations = {
37                 [](FuzzedDataProvider*, binder::Status* status, Parcel* parcel) -> void {
38                     parcel->setDataPosition(0);
39                     status->readFromParcel(*parcel);
40                 },
41                 [](FuzzedDataProvider*, binder::Status* status, Parcel* parcel) -> void {
42                     status->writeToParcel(parcel);
43                 },
44                 [](FuzzedDataProvider* fdp, binder::Status* status, Parcel*) -> void {
45                     std::string message_str =
46                             fdp->ConsumeRandomLengthString(fdp->remaining_bytes());
47                     String8 message(message_str.c_str());
48                     status->setServiceSpecificError(fdp->ConsumeIntegral<int32_t>(), message);
49                 },
50                 [](FuzzedDataProvider* fdp, binder::Status* status, Parcel*) -> void {
51                     std::string message_str =
52                             fdp->ConsumeRandomLengthString(fdp->remaining_bytes());
53                     String8 message(message_str.c_str());
54                     status->setException(fdp->ConsumeIntegral<int32_t>(), message);
55                 },
56                 [](FuzzedDataProvider*, binder::Status* status, Parcel*) -> void { status->ok(); },
57                 [](FuzzedDataProvider* fdp, binder::Status* status, Parcel*) -> void {
58                     std::string message_str =
59                             fdp->ConsumeRandomLengthString(fdp->remaining_bytes());
60                     String8 message(message_str.c_str());
61                     *status = binder::Status::fromExceptionCode(fdp->ConsumeIntegral<int32_t>(),
62                                                                 message);
63                 },
64                 [](FuzzedDataProvider* fdp, binder::Status* status, Parcel*) -> void {
65                     *status = binder::Status::fromServiceSpecificError(
66                             fdp->ConsumeIntegral<int32_t>());
67                 },
68                 [](FuzzedDataProvider* fdp, binder::Status*, Parcel*) -> void {
69                     binder::Status::exceptionToString(fdp->ConsumeIntegral<int32_t>());
70                 },
71                 [](FuzzedDataProvider* fdp, binder::Status* status, Parcel*) -> void {
72                     std::string message_str =
73                             fdp->ConsumeRandomLengthString(fdp->remaining_bytes());
74                     String8 message(message_str.c_str());
75                     *status = binder::Status::fromServiceSpecificError(fdp->ConsumeIntegral<
76                                                                                int32_t>(),
77                                                                        message);
78                 },
79                 [](FuzzedDataProvider* fdp, binder::Status* status, Parcel*) -> void {
80                     *status = binder::Status::fromStatusT(fdp->ConsumeIntegral<status_t>());
81                 },
82                 [](FuzzedDataProvider* fdp, binder::Status* status, Parcel*) -> void {
83                     status->setFromStatusT(fdp->ConsumeIntegral<status_t>());
84                 },
85                 [](FuzzedDataProvider*, binder::Status* status, Parcel*) -> void {
86                     std::stringstream ss;
87                     ss << *status;
88                 },
89 };
90 
91 } // namespace android
92