Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 010049c6 authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge changes Ib9a1af0c,I807496ec into main

* changes:
  Use OnceLock rather than Once.
  Add safety comments to binder tests.
parents dc176d99 91082644
Loading
Loading
Loading
Loading
+40 −0
Original line number Diff line number Diff line
@@ -723,6 +723,8 @@ fn test_read_write() {

    parcel.write(&1i32).unwrap();

    // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
    // made it any shorter since we got the position.
    unsafe {
        parcel.set_data_position(start).unwrap();
    }
@@ -739,6 +741,8 @@ fn test_read_data() {

    parcel.write(&b"Hello, Binder!\0"[..]).unwrap();
    // Skip over string length
    // SAFETY: str_start is less than the current size of the parcel data buffer, because we haven't
    // made it any shorter since we got the position.
    unsafe {
        assert!(parcel.set_data_position(str_start).is_ok());
    }
@@ -747,42 +751,56 @@ fn test_read_data() {

    assert!(parcel.read::<bool>().unwrap());

    // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
    // made it any shorter since we got the position.
    unsafe {
        assert!(parcel.set_data_position(start).is_ok());
    }

    assert_eq!(parcel.read::<i8>().unwrap(), 72i8);

    // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
    // made it any shorter since we got the position.
    unsafe {
        assert!(parcel.set_data_position(start).is_ok());
    }

    assert_eq!(parcel.read::<u16>().unwrap(), 25928);

    // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
    // made it any shorter since we got the position.
    unsafe {
        assert!(parcel.set_data_position(start).is_ok());
    }

    assert_eq!(parcel.read::<i32>().unwrap(), 1819043144);

    // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
    // made it any shorter since we got the position.
    unsafe {
        assert!(parcel.set_data_position(start).is_ok());
    }

    assert_eq!(parcel.read::<u32>().unwrap(), 1819043144);

    // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
    // made it any shorter since we got the position.
    unsafe {
        assert!(parcel.set_data_position(start).is_ok());
    }

    assert_eq!(parcel.read::<i64>().unwrap(), 4764857262830019912);

    // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
    // made it any shorter since we got the position.
    unsafe {
        assert!(parcel.set_data_position(start).is_ok());
    }

    assert_eq!(parcel.read::<u64>().unwrap(), 4764857262830019912);

    // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
    // made it any shorter since we got the position.
    unsafe {
        assert!(parcel.set_data_position(start).is_ok());
    }
@@ -790,6 +808,8 @@ fn test_read_data() {
    assert_eq!(parcel.read::<f32>().unwrap(), 1143139100000000000000000000.0);
    assert_eq!(parcel.read::<f32>().unwrap(), 40.043392);

    // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
    // made it any shorter since we got the position.
    unsafe {
        assert!(parcel.set_data_position(start).is_ok());
    }
@@ -797,6 +817,8 @@ fn test_read_data() {
    assert_eq!(parcel.read::<f64>().unwrap(), 34732488246.197815);

    // Skip back to before the string length
    // SAFETY: str_start is less than the current size of the parcel data buffer, because we haven't
    // made it any shorter since we got the position.
    unsafe {
        assert!(parcel.set_data_position(str_start).is_ok());
    }
@@ -810,15 +832,21 @@ fn test_utf8_utf16_conversions() {
    let start = parcel.get_data_position();

    assert!(parcel.write("Hello, Binder!").is_ok());
    // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
    // made it any shorter since we got the position.
    unsafe {
        assert!(parcel.set_data_position(start).is_ok());
    }
    assert_eq!(parcel.read::<Option<String>>().unwrap().unwrap(), "Hello, Binder!",);
    // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
    // made it any shorter since we got the position.
    unsafe {
        assert!(parcel.set_data_position(start).is_ok());
    }

    assert!(parcel.write("Embedded null \0 inside a string").is_ok());
    // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
    // made it any shorter since we got the position.
    unsafe {
        assert!(parcel.set_data_position(start).is_ok());
    }
@@ -826,6 +854,8 @@ fn test_utf8_utf16_conversions() {
        parcel.read::<Option<String>>().unwrap().unwrap(),
        "Embedded null \0 inside a string",
    );
    // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
    // made it any shorter since we got the position.
    unsafe {
        assert!(parcel.set_data_position(start).is_ok());
    }
@@ -840,6 +870,8 @@ fn test_utf8_utf16_conversions() {
    let s3 = "Some more text here.";

    assert!(parcel.write(&[s1, s2, s3][..]).is_ok());
    // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
    // made it any shorter since we got the position.
    unsafe {
        assert!(parcel.set_data_position(start).is_ok());
    }
@@ -865,6 +897,8 @@ fn test_sized_write() {

    assert_eq!(parcel.get_data_position(), start + expected_len);

    // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
    // made it any shorter since we got the position.
    unsafe {
        parcel.set_data_position(start).unwrap();
    }
@@ -884,6 +918,8 @@ fn test_append_from() {
    assert_eq!(4, parcel2.get_data_size());
    assert_eq!(Ok(()), parcel2.append_all_from(&parcel1));
    assert_eq!(8, parcel2.get_data_size());
    // SAFETY: 0 is less than the current size of the parcel data buffer, because the parcel is not
    // empty.
    unsafe {
        parcel2.set_data_position(0).unwrap();
    }
@@ -894,6 +930,8 @@ fn test_append_from() {
    assert_eq!(Ok(()), parcel2.append_from(&parcel1, 0, 2));
    assert_eq!(Ok(()), parcel2.append_from(&parcel1, 2, 2));
    assert_eq!(4, parcel2.get_data_size());
    // SAFETY: 0 is less than the current size of the parcel data buffer, because the parcel is not
    // empty.
    unsafe {
        parcel2.set_data_position(0).unwrap();
    }
@@ -902,6 +940,8 @@ fn test_append_from() {
    let mut parcel2 = Parcel::new();
    assert_eq!(Ok(()), parcel2.append_from(&parcel1, 0, 2));
    assert_eq!(2, parcel2.get_data_size());
    // SAFETY: 0 is less than the current size of the parcel data buffer, because the parcel is not
    // empty.
    unsafe {
        parcel2.set_data_position(0).unwrap();
    }
+66 −0
Original line number Diff line number Diff line
@@ -1087,6 +1087,8 @@ mod tests {

        assert!(custom.serialize(&mut parcel.borrowed()).is_ok());

        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
@@ -1109,6 +1111,8 @@ mod tests {

        assert!(bools.serialize(&mut parcel.borrowed()).is_ok());

        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
@@ -1118,6 +1122,8 @@ mod tests {
        assert_eq!(parcel.read::<u32>().unwrap(), 0);
        assert_eq!(parcel.read::<u32>().unwrap(), 0);
        assert_eq!(parcel.read::<u32>().unwrap(), 1);
        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
@@ -1133,12 +1139,17 @@ mod tests {

        assert!(parcel.write(&u8s[..]).is_ok());

        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }

        assert_eq!(parcel.read::<u32>().unwrap(), 4); // 4 items
        assert_eq!(parcel.read::<u32>().unwrap(), 0x752aff65); // bytes

        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
@@ -1148,18 +1159,25 @@ mod tests {

        let i8s = [-128i8, 127, 42, -117];

        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }

        assert!(parcel.write(&i8s[..]).is_ok());

        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }

        assert_eq!(parcel.read::<u32>().unwrap(), 4); // 4 items
        assert_eq!(parcel.read::<u32>().unwrap(), 0x8b2a7f80); // bytes

        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
@@ -1169,10 +1187,14 @@ mod tests {

        let u16s = [u16::max_value(), 12_345, 42, 117];

        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
        assert!(u16s.serialize(&mut parcel.borrowed()).is_ok());
        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
@@ -1182,6 +1204,9 @@ mod tests {
        assert_eq!(parcel.read::<u32>().unwrap(), 12345); // 12,345
        assert_eq!(parcel.read::<u32>().unwrap(), 42); // 42
        assert_eq!(parcel.read::<u32>().unwrap(), 117); // 117

        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
@@ -1192,10 +1217,14 @@ mod tests {

        let i16s = [i16::max_value(), i16::min_value(), 42, -117];

        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
        assert!(i16s.serialize(&mut parcel.borrowed()).is_ok());
        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
@@ -1205,6 +1234,9 @@ mod tests {
        assert_eq!(parcel.read::<u32>().unwrap(), 0x8000); // i16::min_value()
        assert_eq!(parcel.read::<u32>().unwrap(), 42); // 42
        assert_eq!(parcel.read::<u32>().unwrap(), 0xff8b); // -117

        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
@@ -1215,10 +1247,14 @@ mod tests {

        let u32s = [u32::max_value(), 12_345, 42, 117];

        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
        assert!(u32s.serialize(&mut parcel.borrowed()).is_ok());
        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
@@ -1228,6 +1264,9 @@ mod tests {
        assert_eq!(parcel.read::<u32>().unwrap(), 12345); // 12,345
        assert_eq!(parcel.read::<u32>().unwrap(), 42); // 42
        assert_eq!(parcel.read::<u32>().unwrap(), 117); // 117

        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
@@ -1238,10 +1277,14 @@ mod tests {

        let i32s = [i32::max_value(), i32::min_value(), 42, -117];

        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
        assert!(i32s.serialize(&mut parcel.borrowed()).is_ok());
        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
@@ -1251,6 +1294,9 @@ mod tests {
        assert_eq!(parcel.read::<u32>().unwrap(), 0x80000000); // i32::min_value()
        assert_eq!(parcel.read::<u32>().unwrap(), 42); // 42
        assert_eq!(parcel.read::<u32>().unwrap(), 0xffffff8b); // -117

        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
@@ -1261,10 +1307,14 @@ mod tests {

        let u64s = [u64::max_value(), 12_345, 42, 117];

        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
        assert!(u64s.serialize(&mut parcel.borrowed()).is_ok());
        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
@@ -1275,10 +1325,14 @@ mod tests {

        let i64s = [i64::max_value(), i64::min_value(), 42, -117];

        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
        assert!(i64s.serialize(&mut parcel.borrowed()).is_ok());
        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
@@ -1289,10 +1343,14 @@ mod tests {

        let f32s = [std::f32::NAN, std::f32::INFINITY, 1.23456789, std::f32::EPSILON];

        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
        assert!(f32s.serialize(&mut parcel.borrowed()).is_ok());
        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
@@ -1305,10 +1363,14 @@ mod tests {

        let f64s = [std::f64::NAN, std::f64::INFINITY, 1.234567890123456789, std::f64::EPSILON];

        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
        assert!(f64s.serialize(&mut parcel.borrowed()).is_ok());
        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
@@ -1326,10 +1388,14 @@ mod tests {

        let strs = [s1, s2, s3, s4];

        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
        assert!(strs.serialize(&mut parcel.borrowed()).is_ok());
        // SAFETY: start is less than the current size of the parcel data buffer, because we haven't
        // made it any shorter since we got the position.
        unsafe {
            assert!(parcel.set_data_position(start).is_ok());
        }
+5 −0
Original line number Diff line number Diff line
@@ -545,6 +545,11 @@ mod tests {
    }

    fn get_expected_selinux_context() -> &'static str {
        // SAFETY: The pointer we pass to `getcon` is valid because it comes from a reference, and
        // `getcon` doesn't retain it after it returns. If `getcon` succeeds then `out_ptr` will
        // point to a valid C string, otherwise it will remain null. We check for null, so the
        // pointer we pass to `CStr::from_ptr` must be a valid pointer to a C string. There is a
        // memory leak as we don't call `freecon`, but that's fine because this is just a test.
        unsafe {
            let mut out_ptr = ptr::null_mut();
            assert_eq!(selinux_sys::getcon(&mut out_ptr), 0);
+6 −4
Original line number Diff line number Diff line
@@ -28,10 +28,11 @@ use std::os::raw::{c_char, c_int};
///
/// # Safety
///
/// service_name must be a valid, non-null C-style string (null-terminated).
/// service_name must be a valid, non-null C-style string (nul-terminated).
#[no_mangle]
pub unsafe extern "C" fn rust_call_ndk(service_name: *const c_char) -> c_int {
    let service_name = CStr::from_ptr(service_name).to_str().unwrap();
    // SAFETY: Our caller promises that service_name is a valid C string.
    let service_name = unsafe { CStr::from_ptr(service_name) }.to_str().unwrap();

    // The Rust class descriptor pointer will not match the NDK one, but the
    // descriptor strings match so this needs to still associate.
@@ -85,10 +86,11 @@ impl IBinderRustNdkInteropTest for Service {
///
/// # Safety
///
/// service_name must be a valid, non-null C-style string (null-terminated).
/// service_name must be a valid, non-null C-style string (nul-terminated).
#[no_mangle]
pub unsafe extern "C" fn rust_start_service(service_name: *const c_char) -> c_int {
    let service_name = CStr::from_ptr(service_name).to_str().unwrap();
    // SAFETY: Our caller promises that service_name is a valid C string.
    let service_name = unsafe { CStr::from_ptr(service_name) }.to_str().unwrap();
    let service = BnBinderRustNdkInteropTest::new_binder(Service, BinderFeatures::default());
    match binder::add_service(service_name, service.as_binder()) {
        Ok(_) => StatusCode::OK as c_int,
+2 −2
Original line number Diff line number Diff line
@@ -105,9 +105,9 @@ fn do_read_fuzz(read_operations: Vec<ReadOperation>, data: &[u8]) {
    for operation in read_operations {
        match operation {
            ReadOperation::SetDataPosition { pos } => {
                unsafe {
                // Safety: Safe if pos is less than current size of the parcel.
                // It relies on C++ code for bound checks
                unsafe {
                    match parcel.set_data_position(pos) {
                        Ok(result) => result,
                        Err(e) => println!("error occurred while setting data position: {:?}", e),
Loading