/*
* Copyright (C) 2016 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <signal.h>
#include <sys/types.h>
#include <unistd.h>
#include <binder/Binder.h>
#include <binder/IBinder.h>
#include <binder/IServiceManager.h>
#include <binder/Parcel.h>
#include <binder/ProcessState.h>
#include <gtest/gtest.h>
#include "Allocator.h"
#include "Binder.h"
namespace android {
static const String16 service_name("test.libmemunreachable_binder");
// Provides a service that will hold a strong reference to any remote binder
// object, so that the test can verify that a remote strong reference is
// visible to libmemunreachable.
class BinderService : public BBinder {
public:
BinderService() = default;
virtual ~BinderService() = default;
virtual status_t onTransact(uint32_t /*code*/, const Parcel& data, Parcel* reply,
uint32_t /*flags*/ = 0) {
reply->writeStrongBinder(ref);
ref = data.readStrongBinder();
return 0;
}
private:
sp<IBinder> ref;
};
class BinderObject : public BBinder {
public:
BinderObject() = default;
~BinderObject() = default;
};
// Forks a subprocess that registers a BinderService with the global binder
// servicemanager. Requires root permissions.
class ServiceProcess {
public:
ServiceProcess() : child_(0) {}
~ServiceProcess() { Stop(); }
bool Run() {
pid_t ret = fork();
if (ret < 0) {
return false;
} else if (ret == 0) {
// child
_exit(Service());
} else {
// parent
child_ = ret;
return true;
}
}
bool Stop() {
if (child_ > 0) {
if (kill(child_, SIGTERM)) {
return false;
}
int status = 0;
if (TEMP_FAILURE_RETRY(waitpid(child_, &status, 0)) != child_) {
return false;
}
child_ = 0;
return WIFEXITED(status) && WEXITSTATUS(status) == 0;
}
return true;
}
int Service() {
sp<ProcessState> proc{ProcessState::self()};
sp<IServiceManager> sm = defaultServiceManager();
if (sm == nullptr) {
fprintf(stderr, "Failed to get service manager\n");
return 1;
}
// This step requires root permissions
if (sm->addService(service_name, new BinderService()) != OK) {
fprintf(stderr, "Failed to add test service\n");
return 1;
}
proc->startThreadPool();
pause();
return 0;
}
private:
pid_t child_;
};
class MemunreachableBinderTest : public ::testing::Test {
protected:
ServiceProcess service_process_;
};
// Tests that a local binder object with a remote strong reference is visible
// through the libmemunreachable BinderReferences interface, which uses the
// getBinderKernelReferences method in libbinder. Starts a BinderService
// through ServiceProcess as a remote service to hold the strong reference.
TEST_F(MemunreachableBinderTest, binder) {
ASSERT_EQ(static_cast<uid_t>(0), getuid()) << "This test must be run as root.";
ServiceProcess service_process;
ASSERT_TRUE(service_process.Run());
sp<IServiceManager> sm = defaultServiceManager();
ASSERT_TRUE(sm != nullptr);
// A small sleep allows the service to start, which
// prevents a longer sleep in getService.
usleep(100000);
sp<IBinder> service = sm->getService(service_name);
ASSERT_TRUE(service != nullptr);
sp<IBinder> binder{new BinderObject()};
Parcel send;
Parcel reply;
send.writeStrongBinder(binder);
status_t rv = service->transact(0, send, &reply);
ASSERT_EQ(static_cast<status_t>(OK), rv);
Heap heap;
allocator::vector<uintptr_t> refs{heap};
ASSERT_TRUE(BinderReferences(refs));
bool found_ref = false;
for (auto ref : refs) {
if (ref == reinterpret_cast<uintptr_t>(binder.get())) {
found_ref = true;
}
}
ASSERT_TRUE(found_ref);
}
} // namespace android