Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b09bee95 authored by Pawan Wagh's avatar Pawan Wagh
Browse files

set calling UID in fuzzService 

Test: m servicemanager_fuzzer && out/host/linux-x86/fuzz/x86_64/servicemanager_fuzzer/servicemanager_fuzzer
Bug: 254864895
Change-Id: Iec63eb56ef3c3a39b24ff32a27893fdb4243e923
parent 84af7ae3

libs/binder/tests/parcel_fuzzer/libbinder_driver.cpp

+6 −0
Original line number Diff line number Diff line
@@ -18,6 +18,7 @@ 
#include <fuzzbinder/random_parcel.h>



#include <android-base/logging.h>

#include <binder/IPCThreadState.h>

#include <binder/ProcessState.h>



namespace android {
@@ -30,6 +31,11 @@ void fuzzService(const sp<IBinder>& binder, FuzzedDataProvider&& provider) { 
            .extraFds = {},

    };



    if (provider.ConsumeBool()) {

        // set calling uid

        IPCThreadState::self()->restoreCallingIdentity(provider.ConsumeIntegral<int64_t>());

    }



    while (provider.remaining_bytes() > 0) {

        uint32_t code = provider.ConsumeIntegral<uint32_t>();

        uint32_t flags = provider.ConsumeIntegral<uint32_t>();