Fix Android UWORKER initialization crash bypassing test account provisioning#5288
Open
jardondiego wants to merge 3 commits into
Open
Fix Android UWORKER initialization crash bypassing test account provisioning#5288jardondiego wants to merge 3 commits into
jardondiego wants to merge 3 commits into
Conversation
added 2 commits
May 20, 2026 22:53
This adds a tactical bypass to 'add_test_accounts_if_needed' so that UWORKERs (which lack Datastore IAM privileges) immediately return without causing a fatal '403 Missing or insufficient permissions' exception during device initialization.
jardondiego
changed the title
fernandofloresg
approved these changes
May 20, 2026
Collaborator
fernandofloresg
left a comment
fernandofloresg
left a comment
There was a problem hiding this comment.
approved only had one question
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
When executing Android fuzzing tasks within the Untrusted Worker (UWORKER) environment on Swarming, the initialization sequence consistently crashes with a fatal gRPC StatusCode.PERMISSION_DENIED (403) error.
Root Cause
During the Android device setup, device.initialize_device() calls add_test_accounts_if_needed(). This legacy function attempts to retrieve test account credentials by executing db_config.get(), which triggers a query to Google Cloud Datastore. Because UWORKER Docker containers are intentionally stripped of IAM privileges (to prevent malicious payloads from
compromising the database), the Datastore query fails and crashes the entire fuzzing pipeline before the fuzzer can even launch.
Solution
This PR implements a tactical bypass to short-circuit the test account provisioning logic when operating inside an untrusted environment.
Rationale
While the "architecturally correct" fix would involve querying these credentials during the Trusted Worker preprocessing phase and serializing them into the uworker_msg.proto payload, that represents a significant engineering effort.
The vast majority of Android fuzzing targets (especially native binaries and blackbox fuzzers) do not strictly require a logged-in Google account to achieve coverage. This bypass is the least invasive way to immediately unblock Android fuzzing on the Swarming fleet without compromising the UWORKER security boundaries.