Fuzzing Android Native System Libraries via Dynamic Data Dependency Graph.

Google suggests using only the APIs documented in Android SDK. However, many app developers still choose Java Native Interface (JNI) to access system libraries because of the flexibility and freedom that non-SDK methods provide in implementing complex functions. However, using JNI may have unexpected consequences, including low-level bug-driven crashes. The bugs in system libraries can propagate to Android apps, and further cost much time and energy for developers to debug them. We develop a fuzzing tool, called JDYNUZZ, that exposes the bugs in system JNI to mitigate the aftermath of direct invocation of JNI. To fuzz a system library, one needs to not only prepare appropriate inputs, but also deal with the challenge of maintaining a correct sequence of API calls, both syntactically and semantically. To solve the challenge, the crux of JDYNUZZ is the dynamic refinement of a data dependency graph, which gradually resolves the problem of syntactic and semantic incorrectness when constructing API sequences. JDYNUZZ achieves the dynamic refinement based on the feature of Java reflection, which enables us to dynamically modify API sequences and test different code regions. We evaluate JDYNUZZ on the most recent version of Android Open Source Project (AOSP), i.e ., version android-12.0.0 r31. In our experiments, JDYNUZZ discovers 34 new bugs in system JNI libraries, all confirmed by Google.