diff options
Diffstat (limited to 'libs/binder/tests/rpc_fuzzer/main.cpp')
-rw-r--r-- | libs/binder/tests/rpc_fuzzer/main.cpp | 121 |
1 files changed, 0 insertions, 121 deletions
diff --git a/libs/binder/tests/rpc_fuzzer/main.cpp b/libs/binder/tests/rpc_fuzzer/main.cpp deleted file mode 100644 index 3603ebe41b..0000000000 --- a/libs/binder/tests/rpc_fuzzer/main.cpp +++ /dev/null @@ -1,121 +0,0 @@ -/* - * Copyright (C) 2021 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include <android-base/file.h> -#include <android-base/logging.h> -#include <android-base/unique_fd.h> -#include <binder/Binder.h> -#include <binder/Parcel.h> -#include <binder/RpcServer.h> -#include <binder/RpcSession.h> - -#include <sys/resource.h> -#include <sys/un.h> - -namespace android { - -static const std::string kSock = std::string(getenv("TMPDIR") ?: "/tmp") + - "/binderRpcFuzzerSocket_" + std::to_string(getpid()); - -size_t getHardMemoryLimit() { - struct rlimit limit; - CHECK(0 == getrlimit(RLIMIT_AS, &limit)) << errno; - return limit.rlim_max; -} - -void setMemoryLimit(size_t cur, size_t max) { - const struct rlimit kLimit = { - .rlim_cur = cur, - .rlim_max = max, - }; - CHECK(0 == setrlimit(RLIMIT_AS, &kLimit)) << errno; -} - -class SomeBinder : public BBinder { - status_t onTransact(uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags = 0) { - (void)flags; - - if ((code & 1) == 0) { - sp<IBinder> binder; - (void)data.readStrongBinder(&binder); - if (binder != nullptr) { - (void)binder->pingBinder(); - } - } - if ((code & 2) == 0) { - (void)data.readInt32(); - } - if ((code & 4) == 0) { - (void)reply->writeStrongBinder(sp<BBinder>::make()); - } - - return OK; - } -}; - -extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - if (size > 50000) return 0; - - unlink(kSock.c_str()); - - sp<RpcServer> server = RpcServer::make(); - server->setRootObject(sp<SomeBinder>::make()); - server->iUnderstandThisCodeIsExperimentalAndIWillNotUseItInProduction(); - CHECK(server->setupUnixDomainServer(kSock.c_str())); - - static constexpr size_t kMemLimit = 1llu * 1024 * 1024 * 1024; - size_t hardLimit = getHardMemoryLimit(); - setMemoryLimit(std::min(kMemLimit, hardLimit), hardLimit); - - std::thread serverThread([=] { (void)server->acceptOne(); }); - - sockaddr_un addr{ - .sun_family = AF_UNIX, - }; - CHECK_LT(kSock.size(), sizeof(addr.sun_path)); - memcpy(&addr.sun_path, kSock.c_str(), kSock.size()); - - base::unique_fd clientFd(TEMP_FAILURE_RETRY(socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0))); - CHECK_NE(clientFd.get(), -1); - CHECK_EQ(0, - TEMP_FAILURE_RETRY( - connect(clientFd.get(), reinterpret_cast<sockaddr*>(&addr), sizeof(addr)))) - << strerror(errno); - - serverThread.join(); - - // TODO(b/182938024): fuzz multiple sessions, instead of just one - -#if 0 - // make fuzzer more productive locally by forcing it to create a new session - int32_t id = -1; - CHECK(base::WriteFully(clientFd, &id, sizeof(id))); -#endif - - CHECK(base::WriteFully(clientFd, data, size)); - - clientFd.reset(); - - // TODO(b/185167543): better way to force a server to shutdown - while (!server->listSessions().empty() && server->numUninitializedSessions()) { - usleep(1); - } - - setMemoryLimit(hardLimit, hardLimit); - - return 0; -} - -} // namespace android |