Google Git
Sign in
android-security-tools/autorepro/9d90763de4dc9c42c9488b22d696691b3b8dfb3f^!/.
commit
9d90763de4dc9c42c9488b22d696691b3b8dfb3f
[log] [tgz]
author
Chris Dombroski <cdombroski@google.com>
Mon Sep 15 22:34:25 2025 +0000
committer
Chris Dombroski <cdombroski@google.com>
Mon Oct 20 22:06:58 2025 +0000
tree
ac2a75f4a7af333a734caa75ea6505f6997df95e
parent
0c0eb852a69ab4dc27a868054ea8a01c49c4932e [diff]
Add READMEs to the examples and templates

Bug: 441727732
Test: none
Change-Id: I138dee06ba6791eacbffc7f916f7abf84c65f651

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..1713675
--- /dev/null
+++ b/README.md

@@ -0,0 +1,23 @@
+# AutoRepro Examples and Templates
+
+This repository contains standalone examples and templates for creating Android Vulnerability Reward Program (VRP) submissions using the AutoRepro framework.
+
+The goal of these projects is to help you write effective, automatically reproducible proofs-of-concept.
+
+## Choosing a Starting Point
+
+To get started, choose the project that best fits your proof-of-concept:
+
+*   [`example/`](./example): A comprehensive project that demonstrates all major AutoRepro features working together, including multiple device-side apps and a native (NDK) test. This is a good resource to see how different parts can interact.
+
+*   [`templates/`](./templates): A collection of minimal, use-case-specific projects. We recommend starting with one of these templates.
+
+## What is the "AutoRepro Placeholder"?
+
+Throughout the projects, you will find variants of the string `autorepro_placeholder` used in package names, resource files, and other identifiers.
+
+When your submission is processed, our internal tooling performs a find-and-replace on this token to assign your test a unique name for translation into the Android build system.
+
+Please do not modify the `autorepro_placeholder` string. Leave it as-is in all file names, package names, and resource paths.
+
+For full documentation on writing an AutoRepro test, please see the [public documentation](https://source.android.com/docs/security/overview/autorepro).

diff --git a/example/README.md b/example/README.md
new file mode 100644
index 0000000..7abc4d8
--- /dev/null
+++ b/example/README.md

@@ -0,0 +1,5 @@
+# AutoRepro Full Example
+
+This project is a comprehensive example that demonstrates all major features of the AutoRepro framework working together in a single submission.
+
+It is intended as a reference to show how different components can interact. For most submissions, starting with one of the more minimal projects in the [`templates/`](../templates) directory is recommended.

diff --git a/templates/README.md b/templates/README.md
new file mode 100644
index 0000000..35ecb6d
--- /dev/null
+++ b/templates/README.md

@@ -0,0 +1,7 @@
+# AutoRepro Templates
+
+This directory contains minimal, standalone templates for common proof-of-concept (PoC) patterns.
+
+Each subdirectory is a self-contained, runnable Gradle project. Please see the `README.md` file inside each template's directory for a description of its specific use case.
+
+We recommend finding the template that most closely matches your vulnerability and using it as the starting point for your submission.

diff --git a/templates/same-app-id/README.md b/templates/same-app-id/README.md
new file mode 100644
index 0000000..ca8cc1a
--- /dev/null
+++ b/templates/same-app-id/README.md

@@ -0,0 +1,10 @@
+# Same App ID Test Template
+
+This is an advanced template for proofs-of-concept that involve multiple apps sharing the same `applicationId`.
+
+## Use Case
+
+Use this template for vulnerabilities related to:
+*   App update mechanisms.
+*   Interactions between two different versions of an app.
+*   Scenarios where one app can gain the privileges of another by sharing an application ID and being signed with the same key.

diff --git a/templates/single-app/README.md b/templates/single-app/README.md
new file mode 100644
index 0000000..d436511
--- /dev/null
+++ b/templates/single-app/README.md

@@ -0,0 +1,9 @@
+# Single App Test Template
+
+This template is the most common starting point for an AutoRepro submission.
+
+## Use Case
+
+Use this template for vulnerabilities that can be demonstrated with:
+1.  A host-side test that runs on a computer and controls the device.
+2.  A single device-side app that is installed on the device to trigger the vulnerability.

diff --git a/templates/single-ndk/README.md b/templates/single-ndk/README.md
new file mode 100644
index 0000000..28784d6
--- /dev/null
+++ b/templates/single-ndk/README.md

@@ -0,0 +1,7 @@
+# Single NDK Test Template
+
+This template is designed for proofs-of-concept that involve native (C/C++) code, especially using the Android NDK.
+
+## Use Case
+
+Use this template for vulnerabilities that are triggered or demonstrated by running a native executable on the device.