Merge changes I69f41b23,Ib740de5e
* changes:
libsnapshot: Replace IByteSink usage in inspect_cow.
libsnapshot: Deprecate the IByteSink API.
diff --git a/fastboot/fastboot_driver_mock.h b/fastboot/fastboot_driver_mock.h
index 62a5708..d2a123b 100644
--- a/fastboot/fastboot_driver_mock.h
+++ b/fastboot/fastboot_driver_mock.h
@@ -22,8 +22,7 @@
class MockFastbootDriver : public IFastBootDriver {
public:
- MOCK_METHOD(RetCode, FlashPartition,
- (const std::string& partition, android::base::borrowed_fd fd, uint32_t sz),
+ MOCK_METHOD(RetCode, FlashPartition, (const std::string&, android::base::borrowed_fd, uint32_t),
(override));
MOCK_METHOD(RetCode, DeletePartition, (const std::string&), (override));
MOCK_METHOD(RetCode, Reboot, (std::string*, std::vector<std::string>*), (override));
diff --git a/fastboot/task.cpp b/fastboot/task.cpp
index 054c1ed..ce46e91 100644
--- a/fastboot/task.cpp
+++ b/fastboot/task.cpp
@@ -65,7 +65,7 @@
: reboot_target_(reboot_target), fp_(fp){};
void RebootTask::Run() {
- if ((reboot_target_ == "userspace" || reboot_target_ == "fastboot")) {
+ if (reboot_target_ == "fastboot") {
if (!is_userspace_fastboot()) {
reboot_to_userspace_fastboot();
fp_->fb->WaitForDisconnect();
diff --git a/fastboot/task_test.cpp b/fastboot/task_test.cpp
index 145b4d7..6fc2056 100644
--- a/fastboot/task_test.cpp
+++ b/fastboot/task_test.cpp
@@ -16,6 +16,7 @@
#include "task.h"
#include "fastboot.h"
+#include "fastboot_driver_mock.h"
#include <gtest/gtest.h>
#include <fstream>
@@ -24,6 +25,7 @@
#include <unordered_map>
#include "android-base/strings.h"
using android::base::Split;
+using testing::_;
class ParseTest : public ::testing ::Test {
protected:
@@ -58,7 +60,7 @@
return ParseFastbootInfoLine(fp, vec_command);
}
-TEST_F(ParseTest, CORRECT_FlASH_TASK_FORMED) {
+TEST_F(ParseTest, CorrectFlashTaskFormed) {
std::vector<std::string> commands = {"flash dtbo", "flash --slot-other system system_other.img",
"flash system", "flash --apply-vbmeta vbmeta"};
@@ -86,7 +88,7 @@
}
}
-TEST_F(ParseTest, VERSION_CHECK_CORRRECT) {
+TEST_F(ParseTest, VersionCheckCorrect) {
std::vector<std::string> correct_versions = {
"version 1.0",
"version 22.00",
@@ -104,7 +106,7 @@
}
}
-TEST_F(ParseTest, BAD_FASTBOOT_INFO_INPUT) {
+TEST_F(ParseTest, BadFastbootInput) {
ASSERT_EQ(ParseCommand(fp.get(), "flash"), nullptr);
ASSERT_EQ(ParseCommand(fp.get(), "flash --slot-other --apply-vbmeta"), nullptr);
ASSERT_EQ(ParseCommand(fp.get(), "flash --apply-vbmeta"), nullptr);
@@ -121,3 +123,32 @@
ASSERT_EQ(ParseCommand(fp.get(), "erase dtbo dtbo"), nullptr);
ASSERT_EQ(ParseCommand(fp.get(), "wipe this"), nullptr);
}
+
+TEST_F(ParseTest, CorrectTaskFormed) {
+ std::vector<std::string> commands = {"flash dtbo", "flash --slot-other system system_other.img",
+ "reboot bootloader", "update-super", "erase cache"};
+ std::vector<std::unique_ptr<Task>> tasks = collectTasks(fp.get(), commands);
+
+ ASSERT_TRUE(tasks[0]->AsFlashTask());
+ ASSERT_TRUE(tasks[0]->AsFlashTask());
+ ASSERT_TRUE(tasks[1]->AsFlashTask());
+ ASSERT_TRUE(tasks[2]->AsRebootTask());
+ ASSERT_TRUE(tasks[3]->AsUpdateSuperTask());
+ ASSERT_TRUE(tasks[4]->AsWipeTask());
+}
+
+TEST_F(ParseTest, CorrectDriverCalls) {
+ fastboot::MockFastbootDriver fb;
+ fp->fb = &fb;
+
+ EXPECT_CALL(fb, RebootTo(_, _, _)).Times(1);
+ EXPECT_CALL(fb, Reboot(_, _)).Times(1);
+ EXPECT_CALL(fb, WaitForDisconnect()).Times(2);
+
+ std::vector<std::string> commands = {"reboot bootloader", "reboot"};
+ std::vector<std::unique_ptr<Task>> tasks = collectTasks(fp.get(), commands);
+
+ for (auto& task : tasks) {
+ task->Run();
+ }
+}
diff --git a/gatekeeperd/Android.bp b/gatekeeperd/Android.bp
index 838f734..534fc1a 100644
--- a/gatekeeperd/Android.bp
+++ b/gatekeeperd/Android.bp
@@ -18,8 +18,8 @@
default_applicable_licenses: ["Android-Apache-2.0"],
}
-cc_binary {
- name: "gatekeeperd",
+cc_defaults {
+ name: "gatekeeperd_defaults",
cflags: [
"-Wall",
"-Wextra",
@@ -52,6 +52,16 @@
static_libs: ["libscrypt_static"],
include_dirs: ["external/scrypt/lib/crypto"],
+}
+
+cc_binary {
+ name: "gatekeeperd",
+ defaults: [
+ "gatekeeperd_defaults",
+ ],
+ srcs: [
+ "main.cpp",
+ ],
init_rc: ["gatekeeperd.rc"],
}
@@ -88,3 +98,20 @@
"libbinder",
],
}
+
+cc_fuzz {
+ name: "gatekeeperd_service_fuzzer",
+ defaults: [
+ "gatekeeperd_defaults",
+ "service_fuzzer_defaults"
+ ],
+ srcs: [
+ "fuzzer/GateKeeperServiceFuzzer.cpp",
+ ],
+ fuzz_config: {
+ cc: [
+ "subrahmanyaman@google.com",
+ "swillden@google.com",
+ ],
+ },
+}
\ No newline at end of file
diff --git a/gatekeeperd/fuzzer/GateKeeperServiceFuzzer.cpp b/gatekeeperd/fuzzer/GateKeeperServiceFuzzer.cpp
new file mode 100644
index 0000000..bc0d5fe
--- /dev/null
+++ b/gatekeeperd/fuzzer/GateKeeperServiceFuzzer.cpp
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <fuzzbinder/libbinder_driver.h>
+
+#include "gatekeeperd.h"
+
+using android::fuzzService;
+using android::GateKeeperProxy;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ auto gatekeeperService = new GateKeeperProxy();
+ fuzzService(gatekeeperService, FuzzedDataProvider(data, size));
+ return 0;
+}
\ No newline at end of file
diff --git a/gatekeeperd/gatekeeperd.cpp b/gatekeeperd/gatekeeperd.cpp
index eb43a33..e5241b5 100644
--- a/gatekeeperd/gatekeeperd.cpp
+++ b/gatekeeperd/gatekeeperd.cpp
@@ -13,11 +13,9 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
#define LOG_TAG "gatekeeperd"
-#include <android/service/gatekeeper/BnGateKeeperService.h>
-#include <gatekeeper/GateKeeperResponse.h>
+#include "gatekeeperd.h"
#include <endian.h>
#include <errno.h>
@@ -39,25 +37,18 @@
#include <log/log.h>
#include <utils/String16.h>
-#include <aidl/android/hardware/gatekeeper/IGatekeeper.h>
#include <aidl/android/hardware/security/keymint/HardwareAuthToken.h>
#include <aidl/android/security/authorization/IKeystoreAuthorization.h>
-#include <android/hardware/gatekeeper/1.0/IGatekeeper.h>
#include <hidl/HidlSupport.h>
using android::sp;
using android::hardware::Return;
using android::hardware::gatekeeper::V1_0::GatekeeperResponse;
using android::hardware::gatekeeper::V1_0::GatekeeperStatusCode;
-using android::hardware::gatekeeper::V1_0::IGatekeeper;
using AidlGatekeeperEnrollResp = aidl::android::hardware::gatekeeper::GatekeeperEnrollResponse;
using AidlGatekeeperVerifyResp = aidl::android::hardware::gatekeeper::GatekeeperVerifyResponse;
-using AidlIGatekeeper = aidl::android::hardware::gatekeeper::IGatekeeper;
-using ::android::binder::Status;
-using ::android::service::gatekeeper::BnGateKeeperService;
-using GKResponse = ::android::service::gatekeeper::GateKeeperResponse;
using GKResponseCode = ::android::service::gatekeeper::ResponseCode;
using ::aidl::android::hardware::security::keymint::HardwareAuthenticatorType;
using ::aidl::android::hardware::security::keymint::HardwareAuthToken;
@@ -70,172 +61,167 @@
static const String16 DUMP_PERMISSION("android.permission.DUMP");
constexpr const char gatekeeperServiceName[] = "android.hardware.gatekeeper.IGatekeeper/default";
-class GateKeeperProxy : public BnGateKeeperService {
- public:
- GateKeeperProxy() {
- clear_state_if_needed_done = false;
- hw_device = IGatekeeper::getService();
- ::ndk::SpAIBinder ks2Binder(AServiceManager_getService(gatekeeperServiceName));
- aidl_hw_device = AidlIGatekeeper::fromBinder(ks2Binder);
- is_running_gsi = android::base::GetBoolProperty(android::gsi::kGsiBootedProp, false);
+GateKeeperProxy::GateKeeperProxy() {
+ clear_state_if_needed_done = false;
+ hw_device = IGatekeeper::getService();
+ ::ndk::SpAIBinder ks2Binder(AServiceManager_getService(gatekeeperServiceName));
+ aidl_hw_device = AidlIGatekeeper::fromBinder(ks2Binder);
+ is_running_gsi = android::base::GetBoolProperty(android::gsi::kGsiBootedProp, false);
- if (!aidl_hw_device && !hw_device) {
- LOG(ERROR) << "Could not find Gatekeeper device, which makes me very sad.";
+ if (!aidl_hw_device && !hw_device) {
+ LOG(ERROR) << "Could not find Gatekeeper device, which makes me very sad.";
+ }
+}
+
+void GateKeeperProxy::store_sid(uint32_t userId, uint64_t sid) {
+ char filename[21];
+ snprintf(filename, sizeof(filename), "%u", userId);
+ int fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);
+ if (fd < 0) {
+ ALOGE("could not open file: %s: %s", filename, strerror(errno));
+ return;
+ }
+ write(fd, &sid, sizeof(sid));
+ close(fd);
+}
+
+void GateKeeperProxy::clear_state_if_needed() {
+ if (clear_state_if_needed_done) {
+ return;
+ }
+
+ if (mark_cold_boot() && !is_running_gsi) {
+ ALOGI("cold boot: clearing state");
+ if (aidl_hw_device) {
+ aidl_hw_device->deleteAllUsers();
+ } else if (hw_device) {
+ hw_device->deleteAllUsers([](const GatekeeperResponse&) {});
}
}
- virtual ~GateKeeperProxy() {}
+ clear_state_if_needed_done = true;
+}
- void store_sid(uint32_t userId, uint64_t sid) {
- char filename[21];
- snprintf(filename, sizeof(filename), "%u", userId);
+bool GateKeeperProxy::mark_cold_boot() {
+ const char* filename = ".coldboot";
+ if (access(filename, F_OK) == -1) {
int fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);
if (fd < 0) {
- ALOGE("could not open file: %s: %s", filename, strerror(errno));
- return;
+ ALOGE("could not open file: %s : %s", filename, strerror(errno));
+ return false;
}
- write(fd, &sid, sizeof(sid));
close(fd);
+ return true;
}
+ return false;
+}
- void clear_state_if_needed() {
- if (clear_state_if_needed_done) {
- return;
- }
-
- if (mark_cold_boot() && !is_running_gsi) {
- ALOGI("cold boot: clearing state");
- if (aidl_hw_device) {
- aidl_hw_device->deleteAllUsers();
- } else if (hw_device) {
- hw_device->deleteAllUsers([](const GatekeeperResponse&) {});
- }
- }
-
- clear_state_if_needed_done = true;
+void GateKeeperProxy::maybe_store_sid(uint32_t userId, uint64_t sid) {
+ char filename[21];
+ snprintf(filename, sizeof(filename), "%u", userId);
+ if (access(filename, F_OK) == -1) {
+ store_sid(userId, sid);
}
+}
- bool mark_cold_boot() {
- const char* filename = ".coldboot";
- if (access(filename, F_OK) == -1) {
- int fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);
- if (fd < 0) {
- ALOGE("could not open file: %s : %s", filename, strerror(errno));
- return false;
- }
- close(fd);
- return true;
- }
- return false;
- }
+uint64_t GateKeeperProxy::read_sid(uint32_t userId) {
+ char filename[21];
+ uint64_t sid;
+ snprintf(filename, sizeof(filename), "%u", userId);
+ int fd = open(filename, O_RDONLY);
+ if (fd < 0) return 0;
+ read(fd, &sid, sizeof(sid));
+ close(fd);
+ return sid;
+}
- void maybe_store_sid(uint32_t userId, uint64_t sid) {
- char filename[21];
- snprintf(filename, sizeof(filename), "%u", userId);
- if (access(filename, F_OK) == -1) {
- store_sid(userId, sid);
- }
+void GateKeeperProxy::clear_sid(uint32_t userId) {
+ char filename[21];
+ snprintf(filename, sizeof(filename), "%u", userId);
+ if (remove(filename) < 0 && errno != ENOENT) {
+ ALOGE("%s: could not remove file [%s], attempting 0 write", __func__, strerror(errno));
+ store_sid(userId, 0);
}
+}
- uint64_t read_sid(uint32_t userId) {
- char filename[21];
- uint64_t sid;
- snprintf(filename, sizeof(filename), "%u", userId);
- int fd = open(filename, O_RDONLY);
- if (fd < 0) return 0;
- read(fd, &sid, sizeof(sid));
- close(fd);
- return sid;
+uint32_t GateKeeperProxy::adjust_userId(uint32_t userId) {
+ static constexpr uint32_t kGsiOffset = 1000000;
+ CHECK(userId < kGsiOffset);
+ CHECK((aidl_hw_device != nullptr) || (hw_device != nullptr));
+ if (is_running_gsi) {
+ return userId + kGsiOffset;
}
-
- void clear_sid(uint32_t userId) {
- char filename[21];
- snprintf(filename, sizeof(filename), "%u", userId);
- if (remove(filename) < 0 && errno != ENOENT) {
- ALOGE("%s: could not remove file [%s], attempting 0 write", __func__, strerror(errno));
- store_sid(userId, 0);
- }
- }
-
- // This should only be called on userIds being passed to the GateKeeper HAL. It ensures that
- // secure storage shared across a GSI image and a host image will not overlap.
- uint32_t adjust_userId(uint32_t userId) {
- static constexpr uint32_t kGsiOffset = 1000000;
- CHECK(userId < kGsiOffset);
- CHECK((aidl_hw_device != nullptr) || (hw_device != nullptr));
- if (is_running_gsi) {
- return userId + kGsiOffset;
- }
- return userId;
- }
+ return userId;
+}
#define GK_ERROR *gkResponse = GKResponse::error(), Status::ok()
- Status enroll(int32_t userId, const std::optional<std::vector<uint8_t>>& currentPasswordHandle,
- const std::optional<std::vector<uint8_t>>& currentPassword,
- const std::vector<uint8_t>& desiredPassword, GKResponse* gkResponse) override {
- IPCThreadState* ipc = IPCThreadState::self();
- const int calling_pid = ipc->getCallingPid();
- const int calling_uid = ipc->getCallingUid();
- if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
- return GK_ERROR;
- }
+Status GateKeeperProxy::enroll(int32_t userId,
+ const std::optional<std::vector<uint8_t>>& currentPasswordHandle,
+ const std::optional<std::vector<uint8_t>>& currentPassword,
+ const std::vector<uint8_t>& desiredPassword,
+ GKResponse* gkResponse) {
+ IPCThreadState* ipc = IPCThreadState::self();
+ const int calling_pid = ipc->getCallingPid();
+ const int calling_uid = ipc->getCallingUid();
+ if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
+ return GK_ERROR;
+ }
- // Make sure to clear any state from before factory reset as soon as a credential is
- // enrolled (which may happen during device setup).
- clear_state_if_needed();
+ // Make sure to clear any state from before factory reset as soon as a credential is
+ // enrolled (which may happen during device setup).
+ clear_state_if_needed();
- // need a desired password to enroll
- if (desiredPassword.size() == 0) return GK_ERROR;
+ // need a desired password to enroll
+ if (desiredPassword.size() == 0) return GK_ERROR;
- if (!aidl_hw_device && !hw_device) {
- LOG(ERROR) << "has no HAL to talk to";
- return GK_ERROR;
- }
+ if (!aidl_hw_device && !hw_device) {
+ LOG(ERROR) << "has no HAL to talk to";
+ return GK_ERROR;
+ }
- android::hardware::hidl_vec<uint8_t> curPwdHandle;
- android::hardware::hidl_vec<uint8_t> curPwd;
+ android::hardware::hidl_vec<uint8_t> curPwdHandle;
+ android::hardware::hidl_vec<uint8_t> curPwd;
- if (currentPasswordHandle && currentPassword) {
- if (hw_device) {
- // Hidl Implementations expects passwordHandle to be in
- // gatekeeper::password_handle_t format.
- if (currentPasswordHandle->size() != sizeof(gatekeeper::password_handle_t)) {
- LOG(INFO) << "Password handle has wrong length";
- return GK_ERROR;
- }
- }
- curPwdHandle.setToExternal(const_cast<uint8_t*>(currentPasswordHandle->data()),
- currentPasswordHandle->size());
- curPwd.setToExternal(const_cast<uint8_t*>(currentPassword->data()),
- currentPassword->size());
- }
-
- android::hardware::hidl_vec<uint8_t> newPwd;
- newPwd.setToExternal(const_cast<uint8_t*>(desiredPassword.data()), desiredPassword.size());
-
- uint32_t hw_userId = adjust_userId(userId);
- uint64_t secureUserId = 0;
- if (aidl_hw_device) {
- // AIDL gatekeeper service
- AidlGatekeeperEnrollResp rsp;
- auto result = aidl_hw_device->enroll(hw_userId, curPwdHandle, curPwd, newPwd, &rsp);
- if (!result.isOk()) {
- LOG(ERROR) << "enroll transaction failed";
+ if (currentPasswordHandle && currentPassword) {
+ if (hw_device) {
+ // Hidl Implementations expects passwordHandle to be in
+ // gatekeeper::password_handle_t format.
+ if (currentPasswordHandle->size() != sizeof(gatekeeper::password_handle_t)) {
+ LOG(INFO) << "Password handle has wrong length";
return GK_ERROR;
}
- if (rsp.statusCode >= AidlIGatekeeper::STATUS_OK) {
- *gkResponse = GKResponse::ok({rsp.data.begin(), rsp.data.end()});
- secureUserId = static_cast<uint64_t>(rsp.secureUserId);
- } else if (rsp.statusCode == AidlIGatekeeper::ERROR_RETRY_TIMEOUT &&
- rsp.timeoutMs > 0) {
- *gkResponse = GKResponse::retry(rsp.timeoutMs);
- } else {
- *gkResponse = GKResponse::error();
- }
- } else if (hw_device) {
- // HIDL gatekeeper service
- Return<void> hwRes = hw_device->enroll(
+ }
+ curPwdHandle.setToExternal(const_cast<uint8_t*>(currentPasswordHandle->data()),
+ currentPasswordHandle->size());
+ curPwd.setToExternal(const_cast<uint8_t*>(currentPassword->data()),
+ currentPassword->size());
+ }
+
+ android::hardware::hidl_vec<uint8_t> newPwd;
+ newPwd.setToExternal(const_cast<uint8_t*>(desiredPassword.data()), desiredPassword.size());
+
+ uint32_t hw_userId = adjust_userId(userId);
+ uint64_t secureUserId = 0;
+ if (aidl_hw_device) {
+ // AIDL gatekeeper service
+ AidlGatekeeperEnrollResp rsp;
+ auto result = aidl_hw_device->enroll(hw_userId, curPwdHandle, curPwd, newPwd, &rsp);
+ if (!result.isOk()) {
+ LOG(ERROR) << "enroll transaction failed";
+ return GK_ERROR;
+ }
+ if (rsp.statusCode >= AidlIGatekeeper::STATUS_OK) {
+ *gkResponse = GKResponse::ok({rsp.data.begin(), rsp.data.end()});
+ secureUserId = static_cast<uint64_t>(rsp.secureUserId);
+ } else if (rsp.statusCode == AidlIGatekeeper::ERROR_RETRY_TIMEOUT && rsp.timeoutMs > 0) {
+ *gkResponse = GKResponse::retry(rsp.timeoutMs);
+ } else {
+ *gkResponse = GKResponse::error();
+ }
+ } else if (hw_device) {
+ // HIDL gatekeeper service
+ Return<void> hwRes = hw_device->enroll(
hw_userId, curPwdHandle, curPwd, newPwd,
[&gkResponse](const GatekeeperResponse& rsp) {
if (rsp.code >= GatekeeperStatusCode::STATUS_OK) {
@@ -247,110 +233,110 @@
*gkResponse = GKResponse::error();
}
});
- if (!hwRes.isOk()) {
- LOG(ERROR) << "enroll transaction failed";
+ if (!hwRes.isOk()) {
+ LOG(ERROR) << "enroll transaction failed";
+ return GK_ERROR;
+ }
+ if (gkResponse->response_code() == GKResponseCode::OK) {
+ if (gkResponse->payload().size() != sizeof(gatekeeper::password_handle_t)) {
+ LOG(ERROR) << "HAL returned password handle of invalid length "
+ << gkResponse->payload().size();
return GK_ERROR;
}
- if (gkResponse->response_code() == GKResponseCode::OK) {
- if (gkResponse->payload().size() != sizeof(gatekeeper::password_handle_t)) {
- LOG(ERROR) << "HAL returned password handle of invalid length "
- << gkResponse->payload().size();
- return GK_ERROR;
- }
- const gatekeeper::password_handle_t* handle =
+ const gatekeeper::password_handle_t* handle =
reinterpret_cast<const gatekeeper::password_handle_t*>(
- gkResponse->payload().data());
- secureUserId = handle->user_id;
- }
+ gkResponse->payload().data());
+ secureUserId = handle->user_id;
}
-
- if (gkResponse->response_code() == GKResponseCode::OK && !gkResponse->should_reenroll()) {
- store_sid(userId, secureUserId);
-
- GKResponse verifyResponse;
- // immediately verify this password so we don't ask the user to enter it again
- // if they just created it.
- auto status = verify(userId, gkResponse->payload(), desiredPassword, &verifyResponse);
- if (!status.isOk() || verifyResponse.response_code() != GKResponseCode::OK) {
- LOG(ERROR) << "Failed to verify password after enrolling";
- }
- }
-
- return Status::ok();
}
- Status verify(int32_t userId, const ::std::vector<uint8_t>& enrolledPasswordHandle,
- const ::std::vector<uint8_t>& providedPassword, GKResponse* gkResponse) override {
- return verifyChallenge(userId, 0 /* challenge */, enrolledPasswordHandle, providedPassword,
- gkResponse);
+ if (gkResponse->response_code() == GKResponseCode::OK && !gkResponse->should_reenroll()) {
+ store_sid(userId, secureUserId);
+
+ GKResponse verifyResponse;
+ // immediately verify this password so we don't ask the user to enter it again
+ // if they just created it.
+ auto status = verify(userId, gkResponse->payload(), desiredPassword, &verifyResponse);
+ if (!status.isOk() || verifyResponse.response_code() != GKResponseCode::OK) {
+ LOG(ERROR) << "Failed to verify password after enrolling";
+ }
}
- Status verifyChallenge(int32_t userId, int64_t challenge,
- const std::vector<uint8_t>& enrolledPasswordHandle,
- const std::vector<uint8_t>& providedPassword,
- GKResponse* gkResponse) override {
- IPCThreadState* ipc = IPCThreadState::self();
- const int calling_pid = ipc->getCallingPid();
- const int calling_uid = ipc->getCallingUid();
- if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
+ return Status::ok();
+}
+
+Status GateKeeperProxy::verify(int32_t userId, const ::std::vector<uint8_t>& enrolledPasswordHandle,
+ const ::std::vector<uint8_t>& providedPassword,
+ GKResponse* gkResponse) {
+ return verifyChallenge(userId, 0 /* challenge */, enrolledPasswordHandle, providedPassword,
+ gkResponse);
+}
+
+Status GateKeeperProxy::verifyChallenge(int32_t userId, int64_t challenge,
+ const std::vector<uint8_t>& enrolledPasswordHandle,
+ const std::vector<uint8_t>& providedPassword,
+ GKResponse* gkResponse) {
+ IPCThreadState* ipc = IPCThreadState::self();
+ const int calling_pid = ipc->getCallingPid();
+ const int calling_uid = ipc->getCallingUid();
+ if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
+ return GK_ERROR;
+ }
+
+ // can't verify if we're missing either param
+ if (enrolledPasswordHandle.size() == 0 || providedPassword.size() == 0) return GK_ERROR;
+
+ if (!aidl_hw_device && !hw_device) {
+ LOG(ERROR) << "has no HAL to talk to";
+ return GK_ERROR;
+ }
+
+ if (hw_device) {
+ // Hidl Implementations expects passwordHandle to be in gatekeeper::password_handle_t
+ if (enrolledPasswordHandle.size() != sizeof(gatekeeper::password_handle_t)) {
+ LOG(INFO) << "Password handle has wrong length";
return GK_ERROR;
}
+ }
- // can't verify if we're missing either param
- if (enrolledPasswordHandle.size() == 0 || providedPassword.size() == 0) return GK_ERROR;
+ uint32_t hw_userId = adjust_userId(userId);
+ android::hardware::hidl_vec<uint8_t> curPwdHandle;
+ curPwdHandle.setToExternal(const_cast<uint8_t*>(enrolledPasswordHandle.data()),
+ enrolledPasswordHandle.size());
+ android::hardware::hidl_vec<uint8_t> enteredPwd;
+ enteredPwd.setToExternal(const_cast<uint8_t*>(providedPassword.data()),
+ providedPassword.size());
- if (!aidl_hw_device && !hw_device) {
- LOG(ERROR) << "has no HAL to talk to";
+ uint64_t secureUserId = 0;
+ if (aidl_hw_device) {
+ // AIDL gatekeeper service
+ AidlGatekeeperVerifyResp rsp;
+ auto result = aidl_hw_device->verify(hw_userId, challenge, curPwdHandle, enteredPwd, &rsp);
+ if (!result.isOk()) {
+ LOG(ERROR) << "verify transaction failed";
return GK_ERROR;
}
-
- if (hw_device) {
- // Hidl Implementations expects passwordHandle to be in gatekeeper::password_handle_t
- if (enrolledPasswordHandle.size() != sizeof(gatekeeper::password_handle_t)) {
- LOG(INFO) << "Password handle has wrong length";
- return GK_ERROR;
- }
+ if (rsp.statusCode >= AidlIGatekeeper::STATUS_OK) {
+ secureUserId = rsp.hardwareAuthToken.userId;
+ // Serialize HardwareAuthToken to a vector as hw_auth_token_t.
+ *gkResponse = GKResponse::ok(
+ authToken2AidlVec(rsp.hardwareAuthToken),
+ rsp.statusCode == AidlIGatekeeper::STATUS_REENROLL /* reenroll */);
+ } else if (rsp.statusCode == AidlIGatekeeper::ERROR_RETRY_TIMEOUT) {
+ *gkResponse = GKResponse::retry(rsp.timeoutMs);
+ } else {
+ *gkResponse = GKResponse::error();
}
-
- uint32_t hw_userId = adjust_userId(userId);
- android::hardware::hidl_vec<uint8_t> curPwdHandle;
- curPwdHandle.setToExternal(const_cast<uint8_t*>(enrolledPasswordHandle.data()),
- enrolledPasswordHandle.size());
- android::hardware::hidl_vec<uint8_t> enteredPwd;
- enteredPwd.setToExternal(const_cast<uint8_t*>(providedPassword.data()),
- providedPassword.size());
-
- uint64_t secureUserId = 0;
- if (aidl_hw_device) {
- // AIDL gatekeeper service
- AidlGatekeeperVerifyResp rsp;
- auto result =
- aidl_hw_device->verify(hw_userId, challenge, curPwdHandle, enteredPwd, &rsp);
- if (!result.isOk()) {
- LOG(ERROR) << "verify transaction failed";
- return GK_ERROR;
- }
- if (rsp.statusCode >= AidlIGatekeeper::STATUS_OK) {
- secureUserId = rsp.hardwareAuthToken.userId;
- // Serialize HardwareAuthToken to a vector as hw_auth_token_t.
- *gkResponse = GKResponse::ok(authToken2AidlVec(rsp.hardwareAuthToken),
- rsp.statusCode ==
- AidlIGatekeeper::STATUS_REENROLL /* reenroll */);
- } else if (rsp.statusCode == AidlIGatekeeper::ERROR_RETRY_TIMEOUT) {
- *gkResponse = GKResponse::retry(rsp.timeoutMs);
- } else {
- *gkResponse = GKResponse::error();
- }
- } else if (hw_device) {
- // HIDL gatekeeper service
- Return<void> hwRes = hw_device->verify(
+ } else if (hw_device) {
+ // HIDL gatekeeper service
+ Return<void> hwRes = hw_device->verify(
hw_userId, challenge, curPwdHandle, enteredPwd,
[&gkResponse](const GatekeeperResponse& rsp) {
if (rsp.code >= GatekeeperStatusCode::STATUS_OK) {
*gkResponse = GKResponse::ok(
- {rsp.data.begin(), rsp.data.end()},
- rsp.code == GatekeeperStatusCode::STATUS_REENROLL /* reenroll */);
+ {rsp.data.begin(), rsp.data.end()},
+ rsp.code == GatekeeperStatusCode::STATUS_REENROLL /* reenroll */);
} else if (rsp.code == GatekeeperStatusCode::ERROR_RETRY_TIMEOUT) {
*gkResponse = GKResponse::retry(rsp.timeout);
} else {
@@ -358,149 +344,110 @@
}
});
- if (!hwRes.isOk()) {
- LOG(ERROR) << "verify transaction failed";
- return GK_ERROR;
- }
- const gatekeeper::password_handle_t* handle =
- reinterpret_cast<const gatekeeper::password_handle_t*>(
- enrolledPasswordHandle.data());
- secureUserId = handle->user_id;
+ if (!hwRes.isOk()) {
+ LOG(ERROR) << "verify transaction failed";
+ return GK_ERROR;
}
+ const gatekeeper::password_handle_t* handle =
+ reinterpret_cast<const gatekeeper::password_handle_t*>(
+ enrolledPasswordHandle.data());
+ secureUserId = handle->user_id;
+ }
- if (gkResponse->response_code() == GKResponseCode::OK) {
- if (gkResponse->payload().size() != 0) {
- // try to connect to IKeystoreAuthorization AIDL service first.
- AIBinder* authzAIBinder =
- AServiceManager_getService("android.security.authorization");
- ::ndk::SpAIBinder authzBinder(authzAIBinder);
- auto authzService = IKeystoreAuthorization::fromBinder(authzBinder);
- if (authzService) {
- if (gkResponse->payload().size() != sizeof(hw_auth_token_t)) {
- LOG(ERROR) << "Incorrect size of AuthToken payload.";
- return GK_ERROR;
- }
-
- const hw_auth_token_t* hwAuthToken =
- reinterpret_cast<const hw_auth_token_t*>(gkResponse->payload().data());
- HardwareAuthToken authToken;
-
- authToken.timestamp.milliSeconds = betoh64(hwAuthToken->timestamp);
- authToken.challenge = hwAuthToken->challenge;
- authToken.userId = hwAuthToken->user_id;
- authToken.authenticatorId = hwAuthToken->authenticator_id;
- authToken.authenticatorType = static_cast<HardwareAuthenticatorType>(
- betoh32(hwAuthToken->authenticator_type));
- authToken.mac.assign(&hwAuthToken->hmac[0], &hwAuthToken->hmac[32]);
- auto result = authzService->addAuthToken(authToken);
- if (!result.isOk()) {
- LOG(ERROR) << "Failure in sending AuthToken to AuthorizationService.";
- return GK_ERROR;
- }
- } else {
- LOG(ERROR) << "Cannot deliver auth token. Unable to communicate with "
- "Keystore.";
+ if (gkResponse->response_code() == GKResponseCode::OK) {
+ if (gkResponse->payload().size() != 0) {
+ // try to connect to IKeystoreAuthorization AIDL service first.
+ AIBinder* authzAIBinder = AServiceManager_getService("android.security.authorization");
+ ::ndk::SpAIBinder authzBinder(authzAIBinder);
+ auto authzService = IKeystoreAuthorization::fromBinder(authzBinder);
+ if (authzService) {
+ if (gkResponse->payload().size() != sizeof(hw_auth_token_t)) {
+ LOG(ERROR) << "Incorrect size of AuthToken payload.";
return GK_ERROR;
}
+
+ const hw_auth_token_t* hwAuthToken =
+ reinterpret_cast<const hw_auth_token_t*>(gkResponse->payload().data());
+ HardwareAuthToken authToken;
+
+ authToken.timestamp.milliSeconds = betoh64(hwAuthToken->timestamp);
+ authToken.challenge = hwAuthToken->challenge;
+ authToken.userId = hwAuthToken->user_id;
+ authToken.authenticatorId = hwAuthToken->authenticator_id;
+ authToken.authenticatorType = static_cast<HardwareAuthenticatorType>(
+ betoh32(hwAuthToken->authenticator_type));
+ authToken.mac.assign(&hwAuthToken->hmac[0], &hwAuthToken->hmac[32]);
+ auto result = authzService->addAuthToken(authToken);
+ if (!result.isOk()) {
+ LOG(ERROR) << "Failure in sending AuthToken to AuthorizationService.";
+ return GK_ERROR;
+ }
+ } else {
+ LOG(ERROR) << "Cannot deliver auth token. Unable to communicate with "
+ "Keystore.";
+ return GK_ERROR;
}
-
- maybe_store_sid(userId, secureUserId);
}
- return Status::ok();
+ maybe_store_sid(userId, secureUserId);
}
- Status getSecureUserId(int32_t userId, int64_t* sid) override {
- *sid = read_sid(userId);
- return Status::ok();
- }
-
- Status clearSecureUserId(int32_t userId) override {
- IPCThreadState* ipc = IPCThreadState::self();
- const int calling_pid = ipc->getCallingPid();
- const int calling_uid = ipc->getCallingUid();
- if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
- ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid);
- return Status::ok();
- }
- clear_sid(userId);
-
- uint32_t hw_userId = adjust_userId(userId);
- if (aidl_hw_device) {
- aidl_hw_device->deleteUser(hw_userId);
- } else if (hw_device) {
- hw_device->deleteUser(hw_userId, [](const GatekeeperResponse&) {});
- }
- return Status::ok();
- }
-
- Status reportDeviceSetupComplete() override {
- IPCThreadState* ipc = IPCThreadState::self();
- const int calling_pid = ipc->getCallingPid();
- const int calling_uid = ipc->getCallingUid();
- if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
- ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid);
- return Status::ok();
- }
-
- clear_state_if_needed();
- return Status::ok();
- }
-
- status_t dump(int fd, const Vector<String16>&) override {
- IPCThreadState* ipc = IPCThreadState::self();
- const int pid = ipc->getCallingPid();
- const int uid = ipc->getCallingUid();
- if (!PermissionCache::checkPermission(DUMP_PERMISSION, pid, uid)) {
- return PERMISSION_DENIED;
- }
-
- if (aidl_hw_device == nullptr && hw_device == nullptr) {
- const char* result = "Device not available";
- write(fd, result, strlen(result) + 1);
- } else {
- const char* result = "OK";
- write(fd, result, strlen(result) + 1);
- }
-
- return OK;
- }
-
- private:
- // AIDL gatekeeper service.
- std::shared_ptr<AidlIGatekeeper> aidl_hw_device;
- // HIDL gatekeeper service.
- sp<IGatekeeper> hw_device;
-
- bool clear_state_if_needed_done;
- bool is_running_gsi;
-};
-} // namespace android
-
-int main(int argc, char* argv[]) {
- ALOGI("Starting gatekeeperd...");
- if (argc < 2) {
- ALOGE("A directory must be specified!");
- return 1;
- }
- if (chdir(argv[1]) == -1) {
- ALOGE("chdir: %s: %s", argv[1], strerror(errno));
- return 1;
- }
-
- android::sp<android::IServiceManager> sm = android::defaultServiceManager();
- android::sp<android::GateKeeperProxy> proxy = new android::GateKeeperProxy();
- android::status_t ret =
- sm->addService(android::String16("android.service.gatekeeper.IGateKeeperService"), proxy);
- if (ret != android::OK) {
- ALOGE("Couldn't register binder service!");
- return -1;
- }
-
- /*
- * We're the only thread in existence, so we're just going to process
- * Binder transaction as a single-threaded program.
- */
- android::IPCThreadState::self()->joinThreadPool();
- return 0;
+ return Status::ok();
}
+
+Status GateKeeperProxy::getSecureUserId(int32_t userId, int64_t* sid) {
+ *sid = read_sid(userId);
+ return Status::ok();
+}
+
+Status GateKeeperProxy::clearSecureUserId(int32_t userId) {
+ IPCThreadState* ipc = IPCThreadState::self();
+ const int calling_pid = ipc->getCallingPid();
+ const int calling_uid = ipc->getCallingUid();
+ if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
+ ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid);
+ return Status::ok();
+ }
+ clear_sid(userId);
+
+ uint32_t hw_userId = adjust_userId(userId);
+ if (aidl_hw_device) {
+ aidl_hw_device->deleteUser(hw_userId);
+ } else if (hw_device) {
+ hw_device->deleteUser(hw_userId, [](const GatekeeperResponse&) {});
+ }
+ return Status::ok();
+}
+
+Status GateKeeperProxy::reportDeviceSetupComplete() {
+ IPCThreadState* ipc = IPCThreadState::self();
+ const int calling_pid = ipc->getCallingPid();
+ const int calling_uid = ipc->getCallingUid();
+ if (!PermissionCache::checkPermission(KEYGUARD_PERMISSION, calling_pid, calling_uid)) {
+ ALOGE("%s: permission denied for [%d:%d]", __func__, calling_pid, calling_uid);
+ return Status::ok();
+ }
+
+ clear_state_if_needed();
+ return Status::ok();
+}
+
+status_t GateKeeperProxy::dump(int fd, const Vector<String16>&) {
+ IPCThreadState* ipc = IPCThreadState::self();
+ const int pid = ipc->getCallingPid();
+ const int uid = ipc->getCallingUid();
+ if (!PermissionCache::checkPermission(DUMP_PERMISSION, pid, uid)) {
+ return PERMISSION_DENIED;
+ }
+
+ if (aidl_hw_device == nullptr && hw_device == nullptr) {
+ const char* result = "Device not available";
+ write(fd, result, strlen(result) + 1);
+ } else {
+ const char* result = "OK";
+ write(fd, result, strlen(result) + 1);
+ }
+
+ return OK;
+}
+} // namespace android
diff --git a/gatekeeperd/gatekeeperd.h b/gatekeeperd/gatekeeperd.h
new file mode 100644
index 0000000..29873da
--- /dev/null
+++ b/gatekeeperd/gatekeeperd.h
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <aidl/android/hardware/gatekeeper/IGatekeeper.h>
+#include <android/hardware/gatekeeper/1.0/IGatekeeper.h>
+#include <android/service/gatekeeper/BnGateKeeperService.h>
+#include <gatekeeper/GateKeeperResponse.h>
+
+using ::android::hardware::gatekeeper::V1_0::IGatekeeper;
+using AidlIGatekeeper = ::aidl::android::hardware::gatekeeper::IGatekeeper;
+using ::android::binder::Status;
+using ::android::service::gatekeeper::BnGateKeeperService;
+using GKResponse = ::android::service::gatekeeper::GateKeeperResponse;
+
+namespace android {
+
+class GateKeeperProxy : public BnGateKeeperService {
+ public:
+ GateKeeperProxy();
+
+ virtual ~GateKeeperProxy() {}
+
+ void store_sid(uint32_t userId, uint64_t sid);
+
+ void clear_state_if_needed();
+
+ bool mark_cold_boot();
+
+ void maybe_store_sid(uint32_t userId, uint64_t sid);
+
+ uint64_t read_sid(uint32_t userId);
+
+ void clear_sid(uint32_t userId);
+
+ // This should only be called on userIds being passed to the GateKeeper HAL. It ensures that
+ // secure storage shared across a GSI image and a host image will not overlap.
+ uint32_t adjust_userId(uint32_t userId);
+
+#define GK_ERROR *gkResponse = GKResponse::error(), Status::ok()
+
+ Status enroll(int32_t userId, const std::optional<std::vector<uint8_t>>& currentPasswordHandle,
+ const std::optional<std::vector<uint8_t>>& currentPassword,
+ const std::vector<uint8_t>& desiredPassword, GKResponse* gkResponse) override;
+
+ Status verify(int32_t userId, const ::std::vector<uint8_t>& enrolledPasswordHandle,
+ const ::std::vector<uint8_t>& providedPassword, GKResponse* gkResponse) override;
+
+ Status verifyChallenge(int32_t userId, int64_t challenge,
+ const std::vector<uint8_t>& enrolledPasswordHandle,
+ const std::vector<uint8_t>& providedPassword,
+ GKResponse* gkResponse) override;
+
+ Status getSecureUserId(int32_t userId, int64_t* sid) override;
+
+ Status clearSecureUserId(int32_t userId) override;
+
+ Status reportDeviceSetupComplete() override;
+
+ status_t dump(int fd, const Vector<String16>&) override;
+
+ private:
+ // AIDL gatekeeper service.
+ std::shared_ptr<AidlIGatekeeper> aidl_hw_device;
+ // HIDL gatekeeper service.
+ sp<IGatekeeper> hw_device;
+
+ bool clear_state_if_needed_done;
+ bool is_running_gsi;
+};
+} // namespace android
diff --git a/gatekeeperd/main.cpp b/gatekeeperd/main.cpp
new file mode 100644
index 0000000..a05584a
--- /dev/null
+++ b/gatekeeperd/main.cpp
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <binder/IPCThreadState.h>
+#include <binder/IServiceManager.h>
+
+#include <log/log.h>
+
+#include "gatekeeperd.h"
+
+int main(int argc, char* argv[]) {
+ ALOGI("Starting gatekeeperd...");
+ if (argc < 2) {
+ ALOGE("A directory must be specified!");
+ return 1;
+ }
+ if (chdir(argv[1]) == -1) {
+ ALOGE("chdir: %s: %s", argv[1], strerror(errno));
+ return 1;
+ }
+
+ android::sp<android::IServiceManager> sm = android::defaultServiceManager();
+ android::sp<android::GateKeeperProxy> proxy = new android::GateKeeperProxy();
+ android::status_t ret = sm->addService(
+ android::String16("android.service.gatekeeper.IGateKeeperService"), proxy);
+ if (ret != android::OK) {
+ ALOGE("Couldn't register binder service!");
+ return -1;
+ }
+
+ /*
+ * We're the only thread in existence, so we're just going to process
+ * Binder transaction as a single-threaded program.
+ */
+ android::IPCThreadState::self()->joinThreadPool();
+ return 0;
+}
diff --git a/libprocessgroup/processgroup.cpp b/libprocessgroup/processgroup.cpp
index a021594..e294260 100644
--- a/libprocessgroup/processgroup.cpp
+++ b/libprocessgroup/processgroup.cpp
@@ -216,7 +216,6 @@
static int RemoveProcessGroup(const char* cgroup, uid_t uid, int pid, unsigned int retries) {
int ret = 0;
auto uid_pid_path = ConvertUidPidToPath(cgroup, uid, pid);
- auto uid_path = ConvertUidToPath(cgroup, uid);
while (retries--) {
ret = rmdir(uid_pid_path.c_str());
diff --git a/storaged/Android.bp b/storaged/Android.bp
index c3447d2..04f5d79 100644
--- a/storaged/Android.bp
+++ b/storaged/Android.bp
@@ -136,3 +136,27 @@
],
path: "binder",
}
+
+cc_fuzz {
+ name: "storaged_service_fuzzer",
+ defaults: [
+ "storaged_defaults",
+ "service_fuzzer_defaults",
+ ],
+ srcs: ["tests/fuzzers/storaged_service_fuzzer.cpp"],
+ static_libs: [
+ "libstoraged",
+ ],
+}
+
+cc_fuzz {
+ name: "storaged_private_service_fuzzer",
+ defaults: [
+ "storaged_defaults",
+ "service_fuzzer_defaults",
+ ],
+ srcs: ["tests/fuzzers/storaged_private_service_fuzzer.cpp"],
+ static_libs: [
+ "libstoraged",
+ ],
+}
\ No newline at end of file
diff --git a/storaged/include/storaged_service.h b/storaged/include/storaged_service.h
index 7ec6864..bf7af80 100644
--- a/storaged/include/storaged_service.h
+++ b/storaged/include/storaged_service.h
@@ -28,6 +28,7 @@
using namespace android::os;
using namespace android::os::storaged;
+namespace android {
class StoragedService : public BinderService<StoragedService>, public BnStoraged {
private:
void dumpUidRecordsDebug(int fd, const vector<struct uid_record>& entries);
@@ -53,4 +54,5 @@
sp<IStoragedPrivate> get_storaged_pri_service();
+} // namespace android
#endif /* _STORAGED_SERVICE_H_ */
\ No newline at end of file
diff --git a/storaged/storaged_service.cpp b/storaged/storaged_service.cpp
index 45f1d4d..00d36d7 100644
--- a/storaged/storaged_service.cpp
+++ b/storaged/storaged_service.cpp
@@ -38,6 +38,7 @@
extern sp<storaged_t> storaged_sp;
+namespace android {
status_t StoragedService::start() {
return BinderService<StoragedService>::publish();
}
@@ -218,3 +219,4 @@
return interface_cast<IStoragedPrivate>(binder);
}
+} // namespace android
\ No newline at end of file
diff --git a/storaged/tests/fuzzers/storaged_private_service_fuzzer.cpp b/storaged/tests/fuzzers/storaged_private_service_fuzzer.cpp
new file mode 100644
index 0000000..82eb796
--- /dev/null
+++ b/storaged/tests/fuzzers/storaged_private_service_fuzzer.cpp
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <fuzzbinder/libbinder_driver.h>
+
+#include <storaged.h>
+#include <storaged_service.h>
+
+sp<storaged_t> storaged_sp;
+
+extern "C" int LLVMFuzzerInitialize(int /**argc*/, char /****argv*/) {
+ storaged_sp = new storaged_t();
+ storaged_sp->init();
+ return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ auto storagedPrivateService = new StoragedPrivateService();
+ fuzzService(storagedPrivateService, FuzzedDataProvider(data, size));
+ return 0;
+}
\ No newline at end of file
diff --git a/storaged/tests/fuzzers/storaged_service_fuzzer.cpp b/storaged/tests/fuzzers/storaged_service_fuzzer.cpp
new file mode 100644
index 0000000..d11ecc3
--- /dev/null
+++ b/storaged/tests/fuzzers/storaged_service_fuzzer.cpp
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <fuzzbinder/libbinder_driver.h>
+
+#include <storaged.h>
+#include <storaged_service.h>
+
+sp<storaged_t> storaged_sp;
+
+extern "C" int LLVMFuzzerInitialize(int /**argc*/, char /****argv*/) {
+ storaged_sp = new storaged_t();
+ storaged_sp->init();
+ return 0;
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
+ auto storagedService = new StoragedService();
+ fuzzService(storagedService, FuzzedDataProvider(data, size));
+ return 0;
+}
\ No newline at end of file