Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 24bc0d16 authored by Steven Moreland's avatar Steven Moreland
Browse files

binder_parcel_fuzzer: reduce host/device differences 

Before, the host code had certain cases disabled b/c ProcessState abrt
when /dev/binder is unavailable. However, it turns out in several
placess, ProcessState is still reachable (e.g. unflattenBinder). So,
instead, now, on host, the abort is just removed (and failures will
happen only when host tries to invoke binder later).

Bug: 142543448
Test: run binder_parcel_fuzzer for a few minutes
Change-Id: I0a322d3191be3aee630f735986064d502016c05d
parent b92c27b6

libs/binder/ProcessState.cpp

+2 −0
Original line number Diff line number Diff line
@@ -373,7 +373,9 @@ ProcessState::ProcessState(const char *driver) 
        }

    }



#ifdef __ANDROID__

    LOG_ALWAYS_FATAL_IF(mDriverFD < 0, "Binder driver '%s' could not be opened.  Terminating.", driver);

#endif

}



ProcessState::~ProcessState()

libs/binder/fuzzer/binder.cpp

+2 −12
Original line number Diff line number Diff line
@@ -93,26 +93,16 @@ std::vector<ParcelRead<::android::Parcel>> BINDER_PARCEL_READ_FUNCTIONS { 
    PARCEL_READ_NO_STATUS(size_t, allowFds),

    PARCEL_READ_NO_STATUS(size_t, hasFileDescriptors),

    [] (const ::android::Parcel& p, uint8_t len) {

#ifdef __ANDROID__

        std::string interface(len, 'a');

        FUZZ_LOG() << "about to enforceInterface: " << interface;

        bool b = p.enforceInterface(::android::String16(interface.c_str()));

        FUZZ_LOG() << "enforced interface: " << b;

#else

        FUZZ_LOG() << "skipping enforceInterface";

        (void)p;

        (void)len;

#endif // __ANDROID__

    },

    [] (const ::android::Parcel& p, uint8_t /*len*/) {

#ifdef __ANDROID__

        FUZZ_LOG() << "about to checkInterface";

        bool b = p.checkInterface(new android::BBinder());

        android::sp<android::IBinder> aBinder = new android::BBinder();

        bool b = p.checkInterface(aBinder.get());

        FUZZ_LOG() << "checked interface: " << b;

#else

        FUZZ_LOG() << "skipping checkInterface";

        (void)p;

#endif // __ANDROID__

    },

    PARCEL_READ_NO_STATUS(size_t, objectsCount),

    PARCEL_READ_NO_STATUS(status_t, errorCheck),