Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 11ddac84 authored by Steven Moreland's avatar Steven Moreland
Browse files

libbinder fuzzService: can't start threadpool 

Should also check libhwbinder comms, rpc binder comms,
and other types of communication, but it may be difficult,
may require additional dependencies to these fuzzers. For
now, prevent the obviously problematic things we can
detect immedately.

Bug: 242905949
Test: android.hardware.vibrator-service.example_fuzzer

Change-Id: Icdc7ba4f1df6efe05a60ecc7afb697180ba1a1bb
parent a417e313

libs/binder/tests/parcel_fuzzer/libbinder_driver.cpp

+12 −0
Original line number Diff line number Diff line
@@ -17,6 +17,9 @@ 


#include <fuzzbinder/random_parcel.h>



#include <android-base/logging.h>

#include <binder/ProcessState.h>



namespace android {



void fuzzService(const sp<IBinder>& binder, FuzzedDataProvider&& provider) {
@@ -60,6 +63,15 @@ void fuzzService(const sp<IBinder>& binder, FuzzedDataProvider&& provider) { 
            options.extraFds.push_back(base::unique_fd(dup(retFds[i])));

        }

    }



    // invariants



    auto ps = ProcessState::selfOrNull();

    if (ps) {

        CHECK_EQ(0, ps->getThreadPoolMaxTotalThreadCount())

                << "Binder threadpool should not be started by fuzzer because coverage can only "

                   "cover in-process calls.";

    }

}



} // namespace android