Gitiles
Code Review Sign In
review.blissroms.org / platform_frameworks_native / e2930c4a3f87e37699c7d0c0232d30ea324978f0 / . / libs / binder / fuzzer / binder.cpp
blob: ce21178ea24a5999d85dc4cd5200b58769394f39 [file] [log] [blame]
Steven Moreland46e0da72019-09-05 15:52:02 -0700[diff] [blame]1/*
2 * Copyright (C) 2019 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16#define FUZZ_LOG_TAG "binder"
17
18#include "binder.h"
19#include "util.h"
20
21using ::android::status_t;
22
23#define PARCEL_READ_WITH_STATUS(T, FUN) \
24 [] (const ::android::Parcel& p, uint8_t /*data*/) {\
25 FUZZ_LOG() << "about to read " #T " using " #FUN " with status";\
26 T t{};\
27 status_t status = p.FUN(&t);\
28 FUZZ_LOG() << #T " status: " << status /* << " value: " << t*/;\
29 }
30
31#define PARCEL_READ_NO_STATUS(T, FUN) \
32 [] (const ::android::Parcel& p, uint8_t /*data*/) {\
33 FUZZ_LOG() << "about to read " #T " using " #FUN " with no status";\
34 T t = p.FUN();\
35 (void) t;\
36 FUZZ_LOG() << #T " done " /* << " value: " << t*/;\
37 }
38
39#define PARCEL_READ_OPT_STATUS(T, FUN) \
40 PARCEL_READ_WITH_STATUS(T, FUN), \
41 PARCEL_READ_NO_STATUS(T, FUN)
42
43std::vector<ParcelRead<::android::Parcel>> BINDER_PARCEL_READ_FUNCTIONS {
44 PARCEL_READ_NO_STATUS(size_t, dataSize),
45 PARCEL_READ_NO_STATUS(size_t, dataAvail),
46 PARCEL_READ_NO_STATUS(size_t, dataPosition),
47 PARCEL_READ_NO_STATUS(size_t, dataCapacity),
48 [] (const ::android::Parcel& p, uint8_t pos) {
49 FUZZ_LOG() << "about to setDataPosition: " << pos;
50 p.setDataPosition(pos);
51 FUZZ_LOG() << "setDataPosition done";
52 },
53 PARCEL_READ_NO_STATUS(size_t, allowFds),
54 PARCEL_READ_NO_STATUS(size_t, hasFileDescriptors),
55 [] (const ::android::Parcel& p, uint8_t len) {
56#ifdef __ANDROID__
57 std::string interface(len, 'a');
58 FUZZ_LOG() << "about to enforceInterface: " << interface;
59 bool b = p.enforceInterface(::android::String16(interface.c_str()));
60 FUZZ_LOG() << "enforced interface: " << b;
61#else
62 FUZZ_LOG() << "skipping enforceInterface";
63 (void)p;
64 (void)len;
65#endif // __ANDROID__
66 },
67 [] (const ::android::Parcel& p, uint8_t /*len*/) {
68#ifdef __ANDROID__
69 FUZZ_LOG() << "about to checkInterface";
70 bool b = p.checkInterface(new android::BBinder());
71 FUZZ_LOG() << "checked interface: " << b;
72#else
73 FUZZ_LOG() << "skipping checkInterface";
74 (void)p;
75#endif // __ANDROID__
76 },
77 PARCEL_READ_NO_STATUS(size_t, objectsCount),
78 PARCEL_READ_NO_STATUS(status_t, errorCheck),
79 [] (const ::android::Parcel& p, uint8_t len) {
80 FUZZ_LOG() << "about to read void*";
81 std::vector<uint8_t> data(len);
82 status_t status = p.read(data.data(), len);
83 FUZZ_LOG() << "read status: " << status;
84 },
85 [] (const ::android::Parcel& p, uint8_t len) {
86 FUZZ_LOG() << "about to readInplace";
87 const void* r = p.readInplace(len);
88 FUZZ_LOG() << "readInplace done. pointer: " << r;
89 },
90 PARCEL_READ_OPT_STATUS(int32_t, readInt32),
91 PARCEL_READ_OPT_STATUS(uint32_t, readUint32),
92 PARCEL_READ_OPT_STATUS(int64_t, readInt64),
93 PARCEL_READ_OPT_STATUS(uint64_t, readUint64),
94 PARCEL_READ_OPT_STATUS(float, readFloat),
95 PARCEL_READ_OPT_STATUS(double, readDouble),
96 PARCEL_READ_OPT_STATUS(intptr_t, readIntPtr),
97 PARCEL_READ_OPT_STATUS(bool, readBool),
98 PARCEL_READ_OPT_STATUS(char16_t, readChar),
99 PARCEL_READ_OPT_STATUS(int8_t, readByte),
100
101 PARCEL_READ_WITH_STATUS(std::string, readUtf8FromUtf16),
102 PARCEL_READ_WITH_STATUS(std::unique_ptr<std::string>, readUtf8FromUtf16),
103 [] (const ::android::Parcel& p, uint8_t /*data*/) {
104 FUZZ_LOG() << "about to read c-str";
105 const char* str = p.readCString();
106 FUZZ_LOG() << "read c-str: " << (str ? str : "<empty string>");
107 },
108 PARCEL_READ_OPT_STATUS(android::String8, readString8),
109 PARCEL_READ_OPT_STATUS(android::String16, readString16),
110 PARCEL_READ_WITH_STATUS(std::unique_ptr<android::String16>, readString16),
111 // TODO: readString16Inplace
112 PARCEL_READ_WITH_STATUS(android::sp<android::IBinder>, readStrongBinder),
113 PARCEL_READ_WITH_STATUS(android::sp<android::IBinder>, readNullableStrongBinder),
114
115 // TODO: all templated versions of readParcelableVector, readParcelable
116 // TODO: readParcelable
117 // TODO: templated versions of readStrongBinder, readNullableStrongBinder
118
119 // TODO(b/131868573): can force read of arbitrarily sized vector
120 // PARCEL_READ_WITH_STATUS(::std::unique_ptr<std::vector<android::sp<android::IBinder>>>, readStrongBinderVector),
121 // PARCEL_READ_WITH_STATUS(std::vector<android::sp<android::IBinder>>, readStrongBinderVector),
122
123 // TODO(b/131868573): can force read of arbitrarily sized vector
124 // PARCEL_READ_WITH_STATUS(std::unique_ptr<std::vector<int8_t>>, readByteVector),
125 // PARCEL_READ_WITH_STATUS(std::vector<int8_t>, readByteVector),
126 // PARCEL_READ_WITH_STATUS(std::unique_ptr<std::vector<uint8_t>>, readByteVector),
127 // PARCEL_READ_WITH_STATUS(std::vector<uint8_t>, readByteVector),
128 // PARCEL_READ_WITH_STATUS(std::unique_ptr<std::vector<int32_t>>, readInt32Vector),
129 // PARCEL_READ_WITH_STATUS(std::vector<int32_t>, readInt32Vector),
130 // PARCEL_READ_WITH_STATUS(std::unique_ptr<std::vector<int64_t>>, readInt64Vector),
131 // PARCEL_READ_WITH_STATUS(std::vector<int64_t>, readInt64Vector),
132 // PARCEL_READ_WITH_STATUS(std::unique_ptr<std::vector<uint64_t>>, readUint64Vector),
133 // PARCEL_READ_WITH_STATUS(std::vector<uint64_t>, readUint64Vector),
134 // PARCEL_READ_WITH_STATUS(std::unique_ptr<std::vector<float>>, readFloatVector),
135 // PARCEL_READ_WITH_STATUS(std::vector<float>, readFloatVector),
136 // PARCEL_READ_WITH_STATUS(std::unique_ptr<std::vector<double>>, readDoubleVector),
137 // PARCEL_READ_WITH_STATUS(std::vector<double>, readDoubleVector),
138 // PARCEL_READ_WITH_STATUS(std::unique_ptr<std::vector<bool>>, readBoolVector),
139 // PARCEL_READ_WITH_STATUS(std::vector<bool>, readBoolVector),
140 // PARCEL_READ_WITH_STATUS(std::unique_ptr<std::vector<char16_t>>, readCharVector),
141 // PARCEL_READ_WITH_STATUS(std::vector<char16_t>, readCharVector),
142 // PARCEL_READ_WITH_STATUS(std::unique_ptr<std::vector<std::unique_ptr<android::String16>>>, readString16Vector),
143 // PARCEL_READ_WITH_STATUS(std::vector<android::String16>, readString16Vector),
144 // PARCEL_READ_WITH_STATUS(std::unique_ptr<std::vector<std::unique_ptr<std::string>>>, readUtf8VectorFromUtf16Vector),
145 // PARCEL_READ_WITH_STATUS(std::vector<std::string>, readUtf8VectorFromUtf16Vector),
146
147 // TODO: read(Flattenable<T>)
148 // TODO: read(LightFlattenable<T>)
149 // TODO: resizeOutVector
150
151 PARCEL_READ_NO_STATUS(int32_t, readExceptionCode),
152 // TODO: readNativeHandle
153 PARCEL_READ_NO_STATUS(int, readFileDescriptor),
154 PARCEL_READ_NO_STATUS(int, readParcelFileDescriptor),
155 PARCEL_READ_WITH_STATUS(android::base::unique_fd, readUniqueFileDescriptor),
156
157 // TODO(b/131868573): can force read of arbitrarily sized vector
158 // PARCEL_READ_WITH_STATUS(std::unique_ptr<std::vector<android::base::unique_fd>>, readUniqueFileDescriptorVector),
159 // PARCEL_READ_WITH_STATUS(std::vector<android::base::unique_fd>, readUniqueFileDescriptorVector),
160
161 [] (const android::Parcel& p, uint8_t len) {
162 FUZZ_LOG() << "about to readBlob";
163 ::android::Parcel::ReadableBlob blob;
164 status_t status = p.readBlob(len, &blob);
165 FUZZ_LOG() << "readBlob status: " << status;
166 },
167 // TODO: readObject
168 PARCEL_READ_NO_STATUS(uid_t, readCallingWorkSourceUid),
169 PARCEL_READ_NO_STATUS(size_t, getBlobAshmemSize),
170 PARCEL_READ_NO_STATUS(size_t, getOpenAshmemSize),
171};