Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6981fe0a authored by Steven Moreland's avatar Steven Moreland
Browse files

libbinder fuzzer driver: clear calling identity 

This gets set in thread local state.

Bug: N/A
Test: servicemanager fuzzer will test past SELinux checks (gives
  even mix of this and specifically set UID)
Change-Id: I42d39eecd3ceca6e702dec1df725e5f7e83b6a26
parent d9154a7a

libs/binder/tests/parcel_fuzzer/libbinder_driver.cpp

+4 −0
Original line number Diff line number Diff line
@@ -33,6 +33,10 @@ void fuzzService(const std::vector<sp<IBinder>>& binders, FuzzedDataProvider&& p 
            .extraFds = {},

    };



    // always refresh the calling identity, because we sometimes set it below, but also,

    // the code we're fuzzing might reset it

    IPCThreadState::self()->clearCallingIdentity();



    // Always take so that a perturbation of just the one ConsumeBool byte will always

    // take the same path, but with a different UID. Without this, the fuzzer needs to

    // guess both the change in value and the shift at the same time.