• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2019 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 #define FUZZ_LOG_TAG "binder_ndk"
17 
18 #include "binder_ndk.h"
19 
20 #include <android/binder_parcel_utils.h>
21 #include <android/binder_parcelable_utils.h>
22 
23 #include "util.h"
24 
25 // TODO(b/142061461): parent class
26 class SomeParcelable {
27 public:
writeToParcel(AParcel *)28     binder_status_t writeToParcel(AParcel* /*parcel*/) { return STATUS_OK; }
readFromParcel(const AParcel * parcel)29     binder_status_t readFromParcel(const AParcel* parcel) {
30         return AParcel_readInt32(parcel, &mValue);
31     }
32 
33 private:
34     int32_t mValue = 0;
35 };
36 
37 class ISomeInterface : public ::ndk::ICInterface {
38 public:
39     ISomeInterface() = default;
40     virtual ~ISomeInterface() = default;
41     static binder_status_t readFromParcel(const AParcel* parcel,
42                                           std::shared_ptr<ISomeInterface>* instance);
43 };
44 
onTransact(AIBinder *,transaction_code_t,const AParcel *,AParcel *)45 static binder_status_t onTransact(AIBinder*, transaction_code_t, const AParcel*, AParcel*) {
46     return STATUS_UNKNOWN_TRANSACTION;
47 }
48 
49 static AIBinder_Class* g_class = ::ndk::ICInterface::defineClass("ISomeInterface", onTransact);
50 
51 class BpSomeInterface : public ::ndk::BpCInterface<ISomeInterface> {
52 public:
BpSomeInterface(const::ndk::SpAIBinder & binder)53     explicit BpSomeInterface(const ::ndk::SpAIBinder& binder) : BpCInterface(binder) {}
54     virtual ~BpSomeInterface() = default;
55 };
56 
readFromParcel(const AParcel * parcel,std::shared_ptr<ISomeInterface> * instance)57 binder_status_t ISomeInterface::readFromParcel(const AParcel* parcel,
58                                                std::shared_ptr<ISomeInterface>* instance) {
59     ::ndk::SpAIBinder binder;
60     binder_status_t status = AParcel_readStrongBinder(parcel, binder.getR());
61     if (status == STATUS_OK) {
62         if (AIBinder_associateClass(binder.get(), g_class)) {
63             *instance = std::static_pointer_cast<ISomeInterface>(
64                     ::ndk::ICInterface::asInterface(binder.get()));
65         } else {
66             *instance = ::ndk::SharedRefBase::make<BpSomeInterface>(binder);
67         }
68     }
69     return status;
70 }
71 
72 #define PARCEL_READ(T, FUN)                                              \
73     [](const NdkParcelAdapter& p, uint8_t /*data*/) {                    \
74         FUZZ_LOG() << "about to read " #T " using " #FUN " with status"; \
75         T t{};                                                           \
76         binder_status_t status = FUN(p.aParcel(), &t);                   \
77         FUZZ_LOG() << #T " status: " << status /* << " value: " << t*/;  \
78     }
79 
80 // clang-format off
81 std::vector<ParcelRead<NdkParcelAdapter>> BINDER_NDK_PARCEL_READ_FUNCTIONS{
82         // methods from binder_parcel.h
__anon80e3ea3b0102() 83         [](const NdkParcelAdapter& p, uint8_t pos) {
84             FUZZ_LOG() << "about to set data position to " << pos;
85             binder_status_t status = AParcel_setDataPosition(p.aParcel(), pos);
86             FUZZ_LOG() << "set data position: " << status;
87         },
__anon80e3ea3b0202() 88         [](const NdkParcelAdapter& p, uint8_t /*data*/) {
89             FUZZ_LOG() << "about to read status header";
90             ndk::ScopedAStatus t;
91             binder_status_t status = AParcel_readStatusHeader(p.aParcel(), t.getR());
92             FUZZ_LOG() << "read status header: " << status;
93         },
__anon80e3ea3b0302() 94         [](const NdkParcelAdapter& p, uint8_t /*data*/) {
95             FUZZ_LOG() << "about to getDataSize the parcel";
96             AParcel_getDataSize(p.aParcel());
97             FUZZ_LOG() << "getDataSize done";
98         },
__anon80e3ea3b0402() 99         [](const NdkParcelAdapter& p, uint8_t data) {
100             FUZZ_LOG() << "about to read a ParcelableHolder";
101             ndk::AParcelableHolder ph {(data % 2 == 1) ? ndk::STABILITY_LOCAL : ndk::STABILITY_VINTF};
102             binder_status_t status = AParcel_readParcelable(p.aParcel(), &ph);
103             FUZZ_LOG() << "read the ParcelableHolder: " << status;
104         },
__anon80e3ea3b0502() 105         [](const NdkParcelAdapter& p, uint8_t data) {
106             FUZZ_LOG() << "about to appendFrom";
107             AParcel* parcel = AParcel_create();
108             binder_status_t status = AParcel_appendFrom(p.aParcel(), parcel, 0, data);
109             AParcel_delete(parcel);
110             FUZZ_LOG() << "appendFrom: " << status;
111         },
112 
113         PARCEL_READ(int32_t, AParcel_readInt32),
114         PARCEL_READ(uint32_t, AParcel_readUint32),
115         PARCEL_READ(int64_t, AParcel_readInt64),
116         PARCEL_READ(uint64_t, AParcel_readUint64),
117         PARCEL_READ(float, AParcel_readFloat),
118         PARCEL_READ(double, AParcel_readDouble),
119         PARCEL_READ(bool, AParcel_readBool),
120         PARCEL_READ(char16_t, AParcel_readChar),
121         PARCEL_READ(int8_t, AParcel_readByte),
122 
123         // methods from binder_parcel_utils.h
124         PARCEL_READ(ndk::SpAIBinder, ndk::AParcel_readNullableStrongBinder),
125         PARCEL_READ(ndk::SpAIBinder, ndk::AParcel_readRequiredStrongBinder),
126         PARCEL_READ(ndk::ScopedFileDescriptor, ndk::AParcel_readNullableParcelFileDescriptor),
127         PARCEL_READ(ndk::ScopedFileDescriptor, ndk::AParcel_readRequiredParcelFileDescriptor),
128         PARCEL_READ(std::string, ndk::AParcel_readString),
129         PARCEL_READ(std::optional<std::string>, ndk::AParcel_readString),
130 
131         PARCEL_READ(std::vector<std::string>, ndk::AParcel_readVector),
132         PARCEL_READ(std::optional<std::vector<std::optional<std::string>>>, ndk::AParcel_readVector),
133         PARCEL_READ(std::vector<SomeParcelable>, ndk::AParcel_readVector),
134         PARCEL_READ(std::optional<std::vector<std::optional<SomeParcelable>>>, ndk::AParcel_readVector),
135         PARCEL_READ(std::vector<ndk::SpAIBinder>, ndk::AParcel_readVector),
136         PARCEL_READ(std::optional<std::vector<ndk::SpAIBinder>>, ndk::AParcel_readVector),
137         PARCEL_READ(std::vector<ndk::ScopedFileDescriptor>, ndk::AParcel_readVector),
138         PARCEL_READ(std::optional<std::vector<ndk::ScopedFileDescriptor>>, ndk::AParcel_readVector),
139         PARCEL_READ(std::vector<std::shared_ptr<ISomeInterface>>, ndk::AParcel_readVector),
140         PARCEL_READ(std::optional<std::vector<std::shared_ptr<ISomeInterface>>>, ndk::AParcel_readVector),
141         PARCEL_READ(std::vector<int32_t>, ndk::AParcel_readVector),
142         PARCEL_READ(std::optional<std::vector<int32_t>>, ndk::AParcel_readVector),
143         PARCEL_READ(std::vector<uint32_t>, ndk::AParcel_readVector),
144         PARCEL_READ(std::optional<std::vector<uint32_t>>, ndk::AParcel_readVector),
145         PARCEL_READ(std::vector<int64_t>, ndk::AParcel_readVector),
146         PARCEL_READ(std::optional<std::vector<int64_t>>, ndk::AParcel_readVector),
147         PARCEL_READ(std::vector<uint64_t>, ndk::AParcel_readVector),
148         PARCEL_READ(std::optional<std::vector<uint64_t>>, ndk::AParcel_readVector),
149         PARCEL_READ(std::vector<float>, ndk::AParcel_readVector),
150         PARCEL_READ(std::optional<std::vector<float>>, ndk::AParcel_readVector),
151         PARCEL_READ(std::vector<double>, ndk::AParcel_readVector),
152         PARCEL_READ(std::optional<std::vector<double>>, ndk::AParcel_readVector),
153         PARCEL_READ(std::vector<bool>, ndk::AParcel_readVector),
154         PARCEL_READ(std::optional<std::vector<bool>>, ndk::AParcel_readVector),
155         PARCEL_READ(std::vector<char16_t>, ndk::AParcel_readVector),
156         PARCEL_READ(std::optional<std::vector<char16_t>>, ndk::AParcel_readVector),
157         PARCEL_READ(std::vector<int32_t>, ndk::AParcel_resizeVector),
158         PARCEL_READ(std::optional<std::vector<int32_t>>, ndk::AParcel_resizeVector),
159 
160         // methods for std::array<T,N>
161 #define COMMA ,
162         PARCEL_READ(std::array<bool COMMA 3>, ndk::AParcel_readData),
163         PARCEL_READ(std::array<uint8_t COMMA 3>, ndk::AParcel_readData),
164         PARCEL_READ(std::array<char16_t COMMA 3>, ndk::AParcel_readData),
165         PARCEL_READ(std::array<int32_t COMMA 3>, ndk::AParcel_readData),
166         PARCEL_READ(std::array<int64_t COMMA 3>, ndk::AParcel_readData),
167         PARCEL_READ(std::array<float COMMA 3>, ndk::AParcel_readData),
168         PARCEL_READ(std::array<double COMMA 3>, ndk::AParcel_readData),
169         PARCEL_READ(std::array<std::string COMMA 3>, ndk::AParcel_readData),
170         PARCEL_READ(std::array<SomeParcelable COMMA 3>, ndk::AParcel_readData),
171         PARCEL_READ(std::array<ndk::SpAIBinder COMMA 3>, ndk::AParcel_readData),
172         PARCEL_READ(std::array<ndk::ScopedFileDescriptor COMMA 3>, ndk::AParcel_readData),
173         PARCEL_READ(std::array<std::shared_ptr<ISomeInterface> COMMA 3>, ndk::AParcel_readData),
174 #undef COMMA
175 };
176 // clang-format on
177