android: support host and target 32bit build

2025-06-10 17:21:33 +00:00 · 2021-03-25 12:29:27 +08:00 · 2021-03-25 12:29:27 +08:00 · c892642057
commit c892642057
parent 2dac4e785f
5 changed files with 168 additions and 23 deletions
--- a/Android.bp
+++ b/Android.bp
@ -1,8 +1,5 @@
 cc_defaults {
  name: "afl-defaults",
-  sanitize: {
-    never: true,
-  },

  local_include_dirs: [
    "include",
@ -23,18 +20,45 @@ cc_defaults {
    "-DBIN_PATH=\"out/host/linux-x86/bin\"",
    "-DDOC_PATH=\"out/host/linux-x86/shared/doc/afl\"",
    "-D__USE_GNU",
-    "-D__aarch64__",
    "-DDEBUG_BUILD",
    "-U_FORTIFY_SOURCE",
    "-ggdb3",
    "-g",
    "-O0",
    "-fno-omit-frame-pointer",
+    "-fPIC",
  ],
+
+  target: {
+    android_arm64: {
+      cflags: [
+        "-D__aarch64__",
+        "-D__ANDROID__",
+      ],
+    },
+    android_arm: {
+      cflags: [
+        "-D__ANDROID__",
+      ],
+    },
+    android_x86_64: {
+      cflags: [
+        "-D__ANDROID__",
+      ],
+    },
+    android_x86: {
+      cflags: [
+        "-D__ANDROID__",
+      ],
+    },
+  },
 }

 cc_binary {
  name: "afl-fuzz",
+  sanitize: {
+    never: true,
+  },
  host_supported: true,
  compile_multilib: "64",

@ -128,7 +152,6 @@ cc_binary_host {
  ],

  cflags: [
-    "-D__ANDROID__",
    "-DAFL_PATH=\"out/host/linux-x86/lib64\"",
    "-DAFL_CLANG_FLTO=\"-flto=full\"",
    "-DUSE_BINDIR=1",
@ -199,6 +222,7 @@ cc_library_headers {

  export_include_dirs: [
    "include",
+    "instrumentation",
  ],
 }

@ -268,6 +292,116 @@ cc_binary {
  ],
 }

+cc_binary {
+  name: "afl-fuzz-32",
+  sanitize: {
+    never: true,
+  },
+  host_supported: true,
+  compile_multilib: "32",
+
+  defaults: [
+    "afl-defaults",
+  ],
+
+  srcs: [
+    "src/afl-fuzz*.c",
+    "src/afl-common.c",
+    "src/afl-sharedmem.c",
+    "src/afl-forkserver.c",
+    "src/afl-performance.c",
+  ],
+}
+
+cc_binary_host {
+  name: "afl-cc-32",
+  compile_multilib: "32",
+  static_executable: true,
+
+  defaults: [
+    "afl-defaults",
+  ],
+
+  cflags: [
+    "-DAFL_PATH=\"out/host/linux-x86/lib64\"",
+    "-DAFL_CLANG_FLTO=\"-flto=full\"",
+    "-DUSE_BINDIR=1",
+    "-DLLVM_BINDIR=\"prebuilts/clang/host/linux-x86/clang-r383902b/bin\"",
+    "-DLLVM_LIBDIR=\"prebuilts/clang/host/linux-x86/clang-r383902b/lib64\"",
+    "-DCLANGPP_BIN=\"prebuilts/clang/host/linux-x86/clang-r383902b/bin/clang++\"",
+    "-DAFL_REAL_LD=\"prebuilts/clang/host/linux-x86/clang-r383902b/bin/ld.lld\"",
+    "-DLLVM_LTO=1",
+    "-DLLVM_MAJOR=11",
+    "-DLLVM_MINOR=2",
+  ],
+
+  srcs: [
+    "src/afl-cc.c",
+    "src/afl-common.c",
+  ],
+
+  symlinks: [
+    "afl-clang-fast-32",
+    "afl-clang-fast++-32",
+  ],
+}
+
+cc_library_static {
+  name: "afl-llvm-rt-32",
+  compile_multilib: "32",
+  vendor_available: true,
+  host_supported: true,
+  recovery_available: true,
+  sdk_version: "9",
+
+  apex_available: [
+    "com.android.adbd",
+    "com.android.appsearch",
+    "com.android.art",
+    "com.android.bluetooth.updatable",
+    "com.android.cellbroadcast",
+    "com.android.conscrypt",
+    "com.android.extservices",
+    "com.android.cronet",
+    "com.android.neuralnetworks",
+    "com.android.media",
+    "com.android.media.swcodec",
+    "com.android.mediaprovider",
+    "com.android.permission",
+    "com.android.runtime",
+    "com.android.resolv",
+    "com.android.tethering",
+    "com.android.wifi",
+    "com.android.sdkext",
+    "com.android.os.statsd",
+    "//any",
+  ],
+
+  defaults: [
+    "afl-defaults",
+  ],
+
+  srcs: [
+    "instrumentation/afl-compiler-rt.o.c",
+  ],
+}
+
+cc_prebuilt_library_static {
+  name: "libfrida-gum-32",
+  compile_multilib: "32",
+  strip: {
+    none: true,
+  },
+
+  srcs: [
+    "utils/afl_frida/android/arm/libfrida-gum.a",
+  ],
+
+  export_include_dirs: [
+    "utils/afl_frida/android/arm",
+  ],
+}
+
 subdirs = [
  "custom_mutators",
 ]
--- a/custom_mutators/Android.bp
+++ b/custom_mutators/Android.bp
@ -10,6 +10,8 @@ cc_library_shared {
    "-fPIC",
    "-fpermissive",
    "-std=c++11",
+    "-Wno-unused-parameter",
+    "-Wno-unused-variable",
  ],

  srcs: [
@ -77,6 +79,8 @@ cc_library_shared {
    "-O0",
    "-funroll-loops",
    "-fPIC",
+    "-Wno-unused-parameter",
+    "-Wno-unused-function",
  ],

  srcs: [
@ -99,6 +103,8 @@ cc_library_shared {
    "-O0",
    "-funroll-loops",
    "-fPIC",
+    "-Wno-unused-parameter",
+    "-Wno-pointer-sign",
  ],

  srcs: [
--- a/custom_mutators/libprotobuf-mutator-example/Android.bp
+++ b/custom_mutators/libprotobuf-mutator-example/Android.bp
@ -8,6 +8,7 @@ cc_library_shared {
    "-O0",
    "-fPIC",
    "-Wall",
+    "-Wno-unused-parameter",
  ],

  srcs: [
@ -29,4 +30,9 @@ cc_binary {
  srcs: [
    "vuln.c",
  ],
+
+  cflags: [
+    "-Wno-unused-result",
+    "-Wno-unused-parameter",
+  ],
 }
--- a/include/android-ashmem.h
+++ b/include/android-ashmem.h
@ -2,32 +2,31 @@
  #ifndef _ANDROID_ASHMEM_H
    #define _ANDROID_ASHMEM_H

+    #define _GNU_SOURCE
+    #include <sys/syscall.h>
+    #include <unistd.h>
    #include <fcntl.h>
    #include <linux/ashmem.h>
    #include <sys/ioctl.h>
    #include <sys/mman.h>
-
-    #if __ANDROID_API__ >= 26
-      #define shmat bionic_shmat
-      #define shmctl bionic_shmctl
-      #define shmdt bionic_shmdt
-      #define shmget bionic_shmget
-    #endif
    #include <sys/shm.h>
-    #undef shmat
-    #undef shmctl
-    #undef shmdt
-    #undef shmget
    #include <stdio.h>
-
    #define ASHMEM_DEVICE "/dev/ashmem"

+int shmdt(const void* address) {
+#if defined(SYS_shmdt)
+  return syscall(SYS_shmdt, address);
+#else
+  return syscall(SYS_ipc, SHMDT, 0, 0, 0, address, 0);
+#endif
+}
+
 int shmctl(int __shmid, int __cmd, struct shmid_ds *__buf) {

  int ret = 0;
  if (__cmd == IPC_RMID) {

-    int               length = ioctl(__shmid, ASHMEM_GET_SIZE, NULL);
+    int length = ioctl(__shmid, ASHMEM_GET_SIZE, NULL);
    struct ashmem_pin pin = {0, length};
    ret = ioctl(__shmid, ASHMEM_UNPIN, &pin);
    close(__shmid);
@ -78,6 +77,6 @@ void *shmat(int __shmid, const void *__shmaddr, int __shmflg) {

 }

-  #endif                                              /* !_ANDROID_ASHMEM_H */
-#endif                                                      /* !__ANDROID__ */
+  #endif /* !_ANDROID_ASHMEM_H */
+#endif /* !__ANDROID__ */

--- a/src/afl-cc.c
+++ b/src/afl-cc.c
@ -588,9 +588,9 @@ static void edit_params(u32 argc, char **argv, char **envp) {
      if (instrument_mode == INSTRUMENT_PCGUARD) {

 #if LLVM_MAJOR > 10 || (LLVM_MAJOR == 10 && LLVM_MINOR > 0)
-  #ifdef __ANDROID__
+  #if defined __ANDROID__ || ANDROID
        cc_params[cc_par_cnt++] = "-fsanitize-coverage=trace-pc-guard";
-        instrument_mode != INSTRUMENT_LLVMNATIVE;
+        instrument_mode = INSTRUMENT_LLVMNATIVE;
  #else
        if (have_instr_list) {

@ -2023,7 +2023,7 @@ int main(int argc, char **argv, char **envp) {
  if (!be_quiet && cmplog_mode)
    printf("CmpLog mode by <andreafioraldi@gmail.com>\n");

-#ifndef __ANDROID__
+#if !defined(__ANDROID__) && !defined(ANDROID)
  ptr = find_object("afl-compiler-rt.o", argv[0]);

  if (!ptr) {