1 /*
2 * Copyright (C) 2018 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <gtest/gtest.h>
18
19 #include "BionicDeathTest.h"
20
21 #include <dirent.h>
22 #include <errno.h>
23 #include <fcntl.h>
24 #include <stdlib.h>
25 #include <sys/types.h>
26 #include <unistd.h>
27
28 #if defined(__BIONIC__)
29 #include <android/fdsan.h>
30 #endif
31
32 #include <unordered_map>
33
34 #include <android-base/unique_fd.h>
35
36 #define FDSAN_TEST(test_name) TEST_F(FdsanTest, test_name)
37 #define EXPECT_FDSAN_DEATH(expression, regex) \
38 EXPECT_DEATH((android_fdsan_set_error_level(ANDROID_FDSAN_ERROR_LEVEL_FATAL), expression), \
39 (regex))
40
41 struct FdsanTest : public ::testing::Test {
SetUpFdsanTest42 void SetUp() override {
43 #if defined(__BIONIC__)
44 // The bionic unit test running forks for each test by default, which turns
45 // fdsan off as a side-effect, so we need to turn it back on.
46 android_fdsan_set_error_level(ANDROID_FDSAN_ERROR_LEVEL_FATAL);
47 #endif
48 }
49 };
50
TEST_F(FdsanTest,unowned_untagged_close)51 TEST_F(FdsanTest, unowned_untagged_close) {
52 #if defined(__BIONIC__)
53 int fd = open("/dev/null", O_RDONLY);
54 ASSERT_EQ(0, close(fd));
55 #endif
56 }
57
TEST_F(FdsanTest,unowned_tagged_close)58 TEST_F(FdsanTest, unowned_tagged_close) {
59 #if defined(__BIONIC__)
60 int fd = open("/dev/null", O_RDONLY);
61 ASSERT_EQ(0, android_fdsan_close_with_tag(fd, 0));
62 #endif
63 }
64
TEST_F(FdsanTest,unowned_improperly_tagged_close)65 TEST_F(FdsanTest, unowned_improperly_tagged_close) {
66 #if defined(__BIONIC__)
67 int fd = open("/dev/null", O_RDONLY);
68 EXPECT_FDSAN_DEATH(android_fdsan_close_with_tag(fd, 0xdeadbeef), "actually unowned");
69 #endif
70 }
71
TEST_F(FdsanTest,unowned_incorrect_exchange)72 TEST_F(FdsanTest, unowned_incorrect_exchange) {
73 #if defined(__BIONIC__)
74 int fd = open("/dev/null", O_RDONLY);
75 EXPECT_FDSAN_DEATH(android_fdsan_exchange_owner_tag(fd, 0xbadc0de, 0xdeadbeef),
76 "failed to exchange ownership");
77 #endif
78 }
79
TEST_F(FdsanTest,owned_untagged_close)80 TEST_F(FdsanTest, owned_untagged_close) {
81 #if defined(__BIONIC__)
82 int fd = open("/dev/null", O_RDONLY);
83 android_fdsan_exchange_owner_tag(fd, 0, 0xdeadbeef);
84 EXPECT_FDSAN_DEATH(close(fd), "expected to be unowned, actually owned");
85 #endif
86 }
87
TEST_F(FdsanTest,owned_tagged_close)88 TEST_F(FdsanTest, owned_tagged_close) {
89 #if defined(__BIONIC__)
90 int fd = open("/dev/null", O_RDONLY);
91 android_fdsan_exchange_owner_tag(fd, 0, 0xdeadbeef);
92 ASSERT_EQ(0, android_fdsan_close_with_tag(fd, 0xdeadbeef));
93 #endif
94 }
95
TEST_F(FdsanTest,owned_improperly_tagged_close)96 TEST_F(FdsanTest, owned_improperly_tagged_close) {
97 #if defined(__BIONIC__)
98 int fd = open("/dev/null", O_RDONLY);
99 android_fdsan_exchange_owner_tag(fd, 0, 0xdeadbeef);
100 EXPECT_FDSAN_DEATH(android_fdsan_close_with_tag(fd, 0xdeadc0de), "expected to be owned");
101 #endif
102 }
103
TEST_F(FdsanTest,owned_incorrect_exchange)104 TEST_F(FdsanTest, owned_incorrect_exchange) {
105 #if defined(__BIONIC__)
106 int fd = open("/dev/null", O_RDONLY);
107 android_fdsan_exchange_owner_tag(fd, 0, 0xdeadbeef);
108 EXPECT_FDSAN_DEATH(android_fdsan_exchange_owner_tag(fd, 0xbadc0de, 0xdeadbeef),
109 "failed to exchange");
110 #endif
111 }
112
TEST_F(FdsanTest,fopen)113 TEST_F(FdsanTest, fopen) {
114 #if defined(__BIONIC__)
115 FILE* f = fopen("/dev/null", "r");
116 ASSERT_TRUE(f);
117 EXPECT_FDSAN_DEATH(close(fileno(f)), "actually owned by FILE");
118 #endif
119 }
120
TEST_F(FdsanTest,closedir)121 TEST_F(FdsanTest, closedir) {
122 #if defined(__BIONIC__)
123 DIR* dir = opendir("/dev/");
124 ASSERT_TRUE(dir);
125 EXPECT_FDSAN_DEATH(close(dirfd(dir)), "actually owned by DIR");
126 #endif
127 }
128
TEST_F(FdsanTest,overflow)129 TEST_F(FdsanTest, overflow) {
130 #if defined(__BIONIC__)
131 std::unordered_map<int, uint64_t> fds;
132 for (int i = 0; i < 4096; ++i) {
133 int fd = open("/dev/null", O_RDONLY);
134 auto tag = 0xdead00000000ULL | i;
135 android_fdsan_exchange_owner_tag(fd, 0, tag);
136 fds[fd] = tag;
137 }
138
139 for (auto [fd, tag] : fds) {
140 android_fdsan_close_with_tag(fd, tag);
141 }
142 #endif
143 }
144
TEST_F(FdsanTest,owner_value_high)145 TEST_F(FdsanTest, owner_value_high) {
146 #if defined(__BIONIC__)
147 int fd = open("/dev/null", O_RDONLY);
148 uint64_t tag = android_fdsan_create_owner_tag(ANDROID_FDSAN_OWNER_TYPE_UNIQUE_FD, ~0ULL);
149 android_fdsan_exchange_owner_tag(fd, 0, tag);
150 EXPECT_FDSAN_DEATH(android_fdsan_exchange_owner_tag(fd, 0xbadc0de, 0xdeadbeef),
151 "0xffffffffffffffff");
152 #endif
153 }
154
TEST_F(FdsanTest,owner_value_low)155 TEST_F(FdsanTest, owner_value_low) {
156 #if defined(__BIONIC__)
157 int fd = open("/dev/null", O_RDONLY);
158 uint64_t tag = android_fdsan_create_owner_tag(ANDROID_FDSAN_OWNER_TYPE_UNIQUE_FD, 1);
159 android_fdsan_exchange_owner_tag(fd, 0, tag);
160 EXPECT_FDSAN_DEATH(android_fdsan_exchange_owner_tag(fd, 0xbadc0de, 0xdeadbeef),
161 "0x1");
162 #endif
163 }
164
TEST_F(FdsanTest,unique_fd_unowned_close)165 TEST_F(FdsanTest, unique_fd_unowned_close) {
166 #if defined(__BIONIC__)
167 android::base::unique_fd fd(open("/dev/null", O_RDONLY));
168 android_fdsan_set_error_level(ANDROID_FDSAN_ERROR_LEVEL_FATAL);
169 EXPECT_FDSAN_DEATH(close(fd.get()), "expected to be unowned, actually owned by unique_fd");
170 #endif
171 }
172
TEST_F(FdsanTest,unique_fd_untag_on_release)173 TEST_F(FdsanTest, unique_fd_untag_on_release) {
174 android::base::unique_fd fd(open("/dev/null", O_RDONLY));
175 close(fd.release());
176 }
177
TEST_F(FdsanTest,unique_fd_move)178 TEST_F(FdsanTest, unique_fd_move) {
179 android::base::unique_fd fd(open("/dev/null", O_RDONLY));
180 android::base::unique_fd fd_moved = std::move(fd);
181 ASSERT_EQ(-1, fd.get());
182 ASSERT_GT(fd_moved.get(), -1);
183 }
184
TEST_F(FdsanTest,unique_fd_unowned_close_after_move)185 TEST_F(FdsanTest, unique_fd_unowned_close_after_move) {
186 #if defined(__BIONIC__)
187 android::base::unique_fd fd(open("/dev/null", O_RDONLY));
188 android::base::unique_fd fd_moved = std::move(fd);
189 ASSERT_EQ(-1, fd.get());
190 ASSERT_GT(fd_moved.get(), -1);
191
192 android_fdsan_set_error_level(ANDROID_FDSAN_ERROR_LEVEL_FATAL);
193 EXPECT_FDSAN_DEATH(close(fd_moved.get()), "expected to be unowned, actually owned by unique_fd");
194 #endif
195 }
196
TEST_F(FdsanTest,vfork)197 TEST_F(FdsanTest, vfork) {
198 android::base::unique_fd fd(open("/dev/null", O_RDONLY));
199
200 pid_t rc = vfork();
201 ASSERT_NE(-1, rc);
202
203 if (rc == 0) {
204 close(fd.get());
205 _exit(0);
206 }
207
208 int status;
209 pid_t wait_result = waitpid(rc, &status, 0);
210 ASSERT_EQ(wait_result, rc);
211 ASSERT_TRUE(WIFEXITED(status));
212 ASSERT_EQ(0, WEXITSTATUS(status));
213 }
214