1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <android-base/logging.h>
18 #include <binder/Binder.h>
19 #include <binder/IBinder.h>
20 #include <binder/IPCThreadState.h>
21 #include <binder/IServiceManager.h>
22 #include <binder/Parcel.h>
23 #include <binder/Stability.h>
24 #include <gtest/gtest.h>
25 
26 #include <sys/prctl.h>
27 #include <thread>
28 
29 using namespace android;
30 
31 const String16 kServerName = String16("binderClearBuf");
32 
hexString(const void * bytes,size_t len)33 std::string hexString(const void* bytes, size_t len) {
34     if (bytes == nullptr) return "<null>";
35 
36     const uint8_t* bytes8 = static_cast<const uint8_t*>(bytes);
37     char chars[] = "0123456789abcdef";
38     std::string result;
39     result.resize(len * 2);
40 
41     for (size_t i = 0; i < len; i++) {
42         result[2 * i] = chars[bytes8[i] >> 4];
43         result[2 * i + 1] = chars[bytes8[i] & 0xf];
44     }
45 
46     return result;
47 }
48 
49 class FooBar : public BBinder {
50  public:
51     enum {
52         TRANSACTION_REPEAT_STRING = IBinder::FIRST_CALL_TRANSACTION,
53     };
54 
55     std::mutex foo;
56     std::string last;
57 
onTransact(uint32_t code,const Parcel & data,Parcel * reply,uint32_t flags)58     status_t onTransact(uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) {
59         // not checking data, since there is no hook at the time this test is
60         // written to check values there are set to zero. Instead, we only check
61         // the reply parcel.
62 
63         switch (code) {
64             case TRANSACTION_REPEAT_STRING: {
65                 const char* str = data.readCString();
66                 return reply->writeCString(str == nullptr ? "<null>" : str);
67             }
68         }
69         return BBinder::onTransact(code, data, reply, flags);
70     }
RepeatString(const sp<IBinder> binder,const std::string & repeat,std::string * outBuffer)71     static std::string RepeatString(const sp<IBinder> binder,
72                                     const std::string& repeat,
73                                     std::string* outBuffer) {
74         Parcel data;
75         data.writeCString(repeat.c_str());
76         std::string result;
77         const uint8_t* lastReply;
78         size_t lastReplySize;
79         {
80             Parcel reply;
81             binder->transact(TRANSACTION_REPEAT_STRING, data, &reply, FLAG_CLEAR_BUF);
82             result = reply.readCString();
83             lastReply = reply.data();
84             lastReplySize = reply.dataSize();
85         }
86         *outBuffer = hexString(lastReply, lastReplySize);
87         return result;
88     }
89 };
90 
TEST(BinderClearBuf,ClearKernelBuffer)91 TEST(BinderClearBuf, ClearKernelBuffer) {
92     sp<IBinder> binder = defaultServiceManager()->getService(kServerName);
93     ASSERT_NE(nullptr, binder);
94 
95     std::string replyBuffer;
96     std::string result = FooBar::RepeatString(binder, "foo", &replyBuffer);
97     EXPECT_EQ("foo", result);
98 
99     // the buffer must have at least some length for the string, but we will
100     // just check it has some length, to avoid assuming anything about the
101     // format
102     EXPECT_GT(replyBuffer.size(), 0);
103 
104     for (size_t i = 0; i < replyBuffer.size(); i++) {
105         EXPECT_EQ(replyBuffer[i], '0') << "reply buffer at " << i;
106     }
107 }
108 
main(int argc,char ** argv)109 int main(int argc, char** argv) {
110     ::testing::InitGoogleTest(&argc, argv);
111 
112     if (fork() == 0) {
113         prctl(PR_SET_PDEATHSIG, SIGHUP);
114 
115         sp<IBinder> server = new FooBar;
116         android::defaultServiceManager()->addService(kServerName, server);
117 
118         IPCThreadState::self()->joinThreadPool(true);
119         exit(1);  // should not reach
120     }
121 
122     // This is not racey. Just giving these services some time to register before we call
123     // getService which sleeps for much longer. One alternative would be to
124     // start a threadpool + use waitForService, but we want to have as few
125     // binder things going on in this test as possible, since we are checking
126     // memory is zero'd which the kernel has a right to change.
127     usleep(100000);
128 
129     return RUN_ALL_TESTS();
130 }
131