1 /* 2 * Copyright (C) 2019 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 #define FUZZ_LOG_TAG "binder_ndk" 17 18 #include "binder_ndk.h" 19 20 #include <android/binder_parcel_utils.h> 21 #include <android/binder_parcelable_utils.h> 22 23 #include "util.h" 24 25 // TODO(b/142061461): parent class 26 class SomeParcelable { 27 public: readFromParcel(const AParcel * parcel)28 binder_status_t readFromParcel(const AParcel* parcel) { 29 return AParcel_readInt32(parcel, &mValue); 30 } 31 32 private: 33 int32_t mValue = 0; 34 }; 35 36 #define PARCEL_READ(T, FUN) \ 37 [](const NdkParcelAdapter& p, uint8_t /*data*/) { \ 38 FUZZ_LOG() << "about to read " #T " using " #FUN " with status"; \ 39 T t{}; \ 40 binder_status_t status = FUN(p.aParcel(), &t); \ 41 FUZZ_LOG() << #T " status: " << status /* << " value: " << t*/; \ 42 } 43 44 // clang-format off 45 std::vector<ParcelRead<NdkParcelAdapter>> BINDER_NDK_PARCEL_READ_FUNCTIONS{ 46 // methods from binder_parcel.h __anona8499bf60102() 47 [](const NdkParcelAdapter& p, uint8_t pos) { 48 FUZZ_LOG() << "about to set data position to " << pos; 49 binder_status_t status = AParcel_setDataPosition(p.aParcel(), pos); 50 FUZZ_LOG() << "set data position: " << status; 51 }, __anona8499bf60202() 52 [](const NdkParcelAdapter& p, uint8_t /*data*/) { 53 FUZZ_LOG() << "about to read status header"; 54 ndk::ScopedAStatus t; 55 binder_status_t status = AParcel_readStatusHeader(p.aParcel(), t.getR()); 56 FUZZ_LOG() << "read status header: " << status; 57 }, __anona8499bf60302() 58 [](const NdkParcelAdapter& p, uint8_t /*data*/) { 59 FUZZ_LOG() << "about to getDataSize the parcel"; 60 AParcel_getDataSize(p.aParcel()); 61 FUZZ_LOG() << "getDataSize done"; 62 }, __anona8499bf60402() 63 [](const NdkParcelAdapter& p, uint8_t data) { 64 FUZZ_LOG() << "about to read a ParcelableHolder"; 65 ndk::AParcelableHolder ph {(data % 2 == 1) ? ndk::STABILITY_LOCAL : ndk::STABILITY_VINTF}; 66 binder_status_t status = AParcel_readParcelable(p.aParcel(), &ph); 67 FUZZ_LOG() << "read the ParcelableHolder: " << status; 68 }, __anona8499bf60502() 69 [](const NdkParcelAdapter& p, uint8_t data) { 70 FUZZ_LOG() << "about to appendFrom"; 71 AParcel* parcel = AParcel_create(); 72 binder_status_t status = AParcel_appendFrom(p.aParcel(), parcel, 0, data); 73 AParcel_delete(parcel); 74 FUZZ_LOG() << "appendFrom: " << status; 75 }, 76 77 PARCEL_READ(int32_t, AParcel_readInt32), 78 PARCEL_READ(uint32_t, AParcel_readUint32), 79 PARCEL_READ(int64_t, AParcel_readInt64), 80 PARCEL_READ(uint64_t, AParcel_readUint64), 81 PARCEL_READ(float, AParcel_readFloat), 82 PARCEL_READ(double, AParcel_readDouble), 83 PARCEL_READ(bool, AParcel_readBool), 84 PARCEL_READ(char16_t, AParcel_readChar), 85 PARCEL_READ(int8_t, AParcel_readByte), 86 87 // methods from binder_parcel_utils.h 88 PARCEL_READ(ndk::SpAIBinder, ndk::AParcel_readNullableStrongBinder), 89 PARCEL_READ(ndk::SpAIBinder, ndk::AParcel_readRequiredStrongBinder), 90 PARCEL_READ(ndk::ScopedFileDescriptor, ndk::AParcel_readNullableParcelFileDescriptor), 91 PARCEL_READ(ndk::ScopedFileDescriptor, ndk::AParcel_readRequiredParcelFileDescriptor), 92 PARCEL_READ(std::string, ndk::AParcel_readString), 93 PARCEL_READ(std::optional<std::string>, ndk::AParcel_readString), 94 // TODO(b/131868573): can force process to allocate arbitrary amount of 95 // memory 96 // PARCEL_READ(std::vector<std::string>, ndk::AParcel_readVector), 97 // PARCEL_READ(std::optional<std::vector<std::optional<std::string>>>, 98 // ndk::AParcel_readVector), PARCEL_READ(std::vector<SomeParcelable>, 99 // ndk::AParcel_readVector), PARCEL_READ(std::vector<int32_t>, ndk::AParcel_readVector), 100 // PARCEL_READ(std::optional<std::vector<int32_t>>, ndk::AParcel_readVector), 101 // PARCEL_READ(std::vector<uint32_t>, ndk::AParcel_readVector), 102 // PARCEL_READ(std::optional<std::vector<uint32_t>>, ndk::AParcel_readVector), 103 // PARCEL_READ(std::vector<int64_t>, ndk::AParcel_readVector), 104 // PARCEL_READ(std::optional<std::vector<int64_t>>, ndk::AParcel_readVector), 105 // PARCEL_READ(std::vector<uint64_t>, ndk::AParcel_readVector), 106 // PARCEL_READ(std::optional<std::vector<uint64_t>>, ndk::AParcel_readVector), 107 // PARCEL_READ(std::vector<float>, ndk::AParcel_readVector), 108 // PARCEL_READ(std::optional<std::vector<float>>, ndk::AParcel_readVector), 109 // PARCEL_READ(std::vector<double>, ndk::AParcel_readVector), 110 // PARCEL_READ(std::optional<std::vector<double>>, ndk::AParcel_readVector), 111 // PARCEL_READ(std::vector<bool>, ndk::AParcel_readVector), 112 // PARCEL_READ(std::optional<std::vector<bool>>, ndk::AParcel_readVector), 113 // PARCEL_READ(std::vector<char16_t>, ndk::AParcel_readVector), 114 // PARCEL_READ(std::optional<std::vector<char16_t>>, ndk::AParcel_readVector), 115 // PARCEL_READ(std::vector<int32_t>, ndk::AParcel_resizeVector), 116 // PARCEL_READ(std::optional<std::vector<int32_t>>, ndk::AParcel_resizeVector), 117 }; 118 // clang-format on 119