binder_parcel_fuzzer: add markSensitive coverage

Steven Moreland · Steven Moreland · commit cae288b8d396 · 2024-12-30T22:19:47.000Z
Small change to improve fuzzing coverage on Parcel.

Bug: 369404061
Test: binder_parcel_fuzzer
Change-Id: I4acabf22dc4e7d2ad0b416f2dd02d8e04b1e5736
diff --git a/libs/binder/tests/parcel_fuzzer/binder.cpp b/libs/binder/tests/parcel_fuzzer/binder.cpp
@@ -121,6 +121,11 @@ std::vector<ParcelRead<::android::Parcel>> BINDER_PARCEL_READ_FUNCTIONS {
     PARCEL_READ_NO_STATUS(size_t, hasFileDescriptors),
     PARCEL_READ_NO_STATUS(std::vector<android::sp<android::IBinder>>, debugReadAllStrongBinders),
     PARCEL_READ_NO_STATUS(std::vector<int>, debugReadAllFileDescriptors),
+    [] (const ::android::Parcel& p, FuzzedDataProvider&) {
+        FUZZ_LOG() << "about to markSensitive";
+        p.markSensitive();
+        FUZZ_LOG() << "markSensitive done";
+    },
     [] (const ::android::Parcel& p, FuzzedDataProvider& provider) {
         std::string interface = provider.ConsumeRandomLengthString();
         FUZZ_LOG() << "about to enforceInterface: " << interface;
diff --git a/libs/binder/tests/parcel_fuzzer/random_parcel.cpp b/libs/binder/tests/parcel_fuzzer/random_parcel.cpp
@@ -40,6 +40,13 @@ void fillRandomParcel(Parcel* outputParcel, FuzzedDataProvider&& provider,
     const uint8_t fuzzerParcelOptions = provider.ConsumeIntegral<uint8_t>();
     const bool resultShouldBeView = fuzzerParcelOptions & 1;
     const bool resultShouldBeRpc = fuzzerParcelOptions & 2;
+    const bool resultShouldMarkSensitive = fuzzerParcelOptions & 4;
+
+    auto sensitivity_guard = binder::impl::make_scope_guard([&]() {
+        if (resultShouldMarkSensitive) {
+            outputParcel->markSensitive();
+        }
+    });
 
     Parcel* p;
     if (resultShouldBeView) {
@@ -49,6 +56,9 @@ void fillRandomParcel(Parcel* outputParcel, FuzzedDataProvider&& provider,
     } else {
         p = outputParcel; // directly fill out the output Parcel
     }
+
+    // must be last guard, so outputParcel gets setup as view before
+    // other guards
     auto viewify_guard = binder::impl::make_scope_guard([&]() {
         if (resultShouldBeView) {
             outputParcel->makeDangerousViewOf(p);
