Android.md - Android社区 - https://www.androidos.net.cn/

# Android Platform #

Honggfuzz (as of version 0.6) supports Android OS (NDK cross-compilation) using
both ptrace() API and POSIX signals interface. When ptrace() API is enabled,
honggfuzz's engine prevents monitored signals from reaching the debugger (no
logcat backtraces & tombstones), since the fuzzer's runtime analysis is
affected.

## Requirements ##

* [Android NDK](https://developer.android.com/ndk/index.html): User has to
manually install NDK and set environment PATH
* [libunwind](http://www.nongnu.org/libunwind/download.html): In case of first
build an upstream git fork is executed followed by required patches
* [capstone](http://www.capstone-engine.org/download.html): In case of first
build an upstream git fork is executed

| **Dependency** | **Last Tested Version** |
|:-------|:-----------|
| **Android NDK** | r16 with Android API 24 (Nougat 7.0) |
| **libunwind** | upstream master commit [bc8698f] |
| **capstone** | 3.0.4 stable version |

## Compatibility list ##

It has been tested under the following CPU architectures:

| **ABI** | **Status** |
|:-------|:-----------|
| **armeabi** | ptrace() API & POSIX signal interface |
| **armeabi-v7a** | ptrace() API & POSIX signal interface |
| **arm64-v8a** | ptrace() API & POSIX signal interface `*`|
| **x86** | ptrace() API & POSIX signal interface |
| **x86_64** | ptrace() API & POSIX signal interface |

_`*`) libunwind fails to extract frames if fuzzing target is 32bit. Prefer a32bit build for such targets._

## Cross-Compiling ##
## Dependencies ##

A series of helper bash scripts have been created under the
`third_party/android/scripts` directory to automate the dependencies
configuration & build process. The scripts are automatically invoked from the
makefile, based on the selected target CPU. Normally you'll not need to manually
execute or modify them.

## Building
### All CPUs ###
For convenience the master makefile defines an `android-all` target that
automatically builds honggfuzz (and its dependencies) for all the supported
Android CPUs.

From the root directory execute the following. Build output is available under
the `libs` directory.

```
$ make android-all
...
$ tree libs/
libs/
├── arm64-v8a
│   ├── android_api.txt
│   ├── honggfuzz
│   ├── libhfuzz.a
│   └── ndk_toolchain.txt
├── armeabi
│   ├── android_api.txt
│   ├── honggfuzz
│   ├── libhfuzz.a
│   └── ndk_toolchain.txt
├── armeabi-v7a
│   ├── android_api.txt
│   ├── honggfuzz
│   ├── libhfuzz.a
│   └── ndk_toolchain.txt
├── x86
│   ├── android_api.txt
│   ├── honggfuzz
│   ├── libhfuzz.a
│   └── ndk_toolchain.txt
└── x86_64
    ├── android_api.txt
    ├── honggfuzz
    ├── libhfuzz.a
    └── ndk_toolchain.txt

5 directories, 20 files
```

### Specific CPU ###
To build for a specific CPU use the `android` target with one of the supported
ABI descriptions. Again the dependencies are automatically build.

```
$ make android ANDROID_APP_ABI=<arch>
...
```

Were `<arch>` can be:

* armeabi
* armeabi-v7a (**default**)
* arm64-v8a
* x86
* x86_64

## Android specific flags ##

| **Flag** | **Options** | **Description** |
|:----------|:------------|:----------------|
| **ANDROID_DEBUG_ENABLED** | true, false (default: false) | Enable Android debug builds |
| **ANDROID_APP_ABI** | armeabi, armeabi-v7a, arm64-v8a, x86, x86_64 (default: armeabi-v7a) | Target CPU |
| **ANDROID_WITH_PTRACE** | true, false (default: true) `1`| Fuzzing engine backend architecture |
| **ANDROID_API** | android-21, android-22, ... (default: android-26) `2` | Target Android API |
| **ANDROID_CLANG** | true, false (default: true) | Android NDK compiler toolchain to use |

_`1`) If false, POSIX signals interface is used instead of PTRACE API_

_`2`) Due to bionic incompatibilities, only APIs >= 21 are supported_

普通文本 | 123行 | 3.9 KB

# Android Platform #

Honggfuzz (as of version 0.6) supports Android OS (NDK cross-compilation) using
both ptrace() API and POSIX signals interface. When ptrace() API is enabled,
honggfuzz's engine prevents monitored signals from reaching the debugger (no
logcat backtraces & tombstones), since the fuzzer's runtime analysis is
affected.

## Requirements ##

* [Android NDK](https://developer.android.com/ndk/index.html): User has to
manually install NDK and set environment PATH
* [libunwind](http://www.nongnu.org/libunwind/download.html): In case of first
build an upstream git fork is executed followed by required patches
* [capstone](http://www.capstone-engine.org/download.html): In case of first
build an upstream git fork is executed

| **Dependency** | **Last Tested Version** |
|:-------|:-----------|
| **Android NDK** | r16 with Android API 24 (Nougat 7.0) |
| **libunwind** | upstream master commit [bc8698f] |
| **capstone** | 3.0.4 stable version |

## Compatibility list ##

It has been tested under the following CPU architectures:

| **ABI** | **Status** |
|:-------|:-----------|
| **armeabi** | ptrace() API & POSIX signal interface |
| **armeabi-v7a** | ptrace() API & POSIX signal interface |
| **arm64-v8a** | ptrace() API & POSIX signal interface `*`|
| **x86** | ptrace() API & POSIX signal interface |
| **x86_64** | ptrace() API & POSIX signal interface |

_`*`) libunwind fails to extract frames if fuzzing target is 32bit. Prefer a32bit build for such targets._


## Cross-Compiling ##
## Dependencies ##

A series of helper bash scripts have been created under the
`third_party/android/scripts` directory to automate the dependencies
configuration & build process. The scripts are automatically invoked from the
makefile, based on the selected target CPU. Normally you'll not need to manually
execute or modify them.

## Building
### All CPUs ###
For convenience the master makefile defines an `android-all` target that
automatically builds honggfuzz (and its dependencies) for all the supported
Android CPUs.

From the root directory execute the following. Build output is available under
the `libs` directory.

```
$ make android-all
...
$ tree libs/
libs/
├── arm64-v8a
│   ├── android_api.txt
│   ├── honggfuzz
│   ├── libhfuzz.a
│   └── ndk_toolchain.txt
├── armeabi
│   ├── android_api.txt
│   ├── honggfuzz
│   ├── libhfuzz.a
│   └── ndk_toolchain.txt
├── armeabi-v7a
│   ├── android_api.txt
│   ├── honggfuzz
│   ├── libhfuzz.a
│   └── ndk_toolchain.txt
├── x86
│   ├── android_api.txt
│   ├── honggfuzz
│   ├── libhfuzz.a
│   └── ndk_toolchain.txt
└── x86_64
    ├── android_api.txt
    ├── honggfuzz
    ├── libhfuzz.a
    └── ndk_toolchain.txt

5 directories, 20 files
```


### Specific CPU ###
To build for a specific CPU use the `android` target with one of the supported
ABI descriptions. Again the dependencies are automatically build.

```
$ make android ANDROID_APP_ABI=<arch>
...
```

Were `<arch>` can be:

* armeabi
* armeabi-v7a (**default**)
* arm64-v8a
* x86
* x86_64


## Android specific flags ##

| **Flag** | **Options** | **Description** |
|:----------|:------------|:----------------|
| **ANDROID_DEBUG_ENABLED** | true, false (default: false) | Enable Android debug builds |
| **ANDROID_APP_ABI** | armeabi, armeabi-v7a, arm64-v8a, x86, x86_64 (default: armeabi-v7a) | Target CPU |
| **ANDROID_WITH_PTRACE** | true, false (default: true) `1`| Fuzzing engine backend architecture |
| **ANDROID_API** | android-21, android-22, ... (default: android-26) `2` | Target Android API |
| **ANDROID_CLANG** | true, false (default: true) | Android NDK compiler toolchain to use |

_`1`) If false, POSIX signals interface is used instead of PTRACE API_

_`2`) Due to bionic incompatibilities, only APIs >= 21 are supported_

登录后可以享受更多权益