platform_bionic/tests/fdsan_test.cpp
Josh Gao f6e5b58260 Introduce api to track fd ownership in libc.
Add two functions to allow objects that own a file descriptor to
enforce that only they can close their file descriptor.

Use them in FILE* and DIR*.

Bug: http://b/110100358
Test: bionic_unit_tests
Test: aosp/master boots without errors
Test: treehugger
Change-Id: Iecd6e8b26c62217271e0822dc3d2d7888b091a45
2018-07-19 14:28:54 -07:00

140 lines
3.9 KiB
C++

/*
* Copyright (C) 2018 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <gtest/gtest.h>
#include "BionicDeathTest.h"
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <stdlib.h>
#include <sys/types.h>
#include <unordered_map>
#if defined(__BIONIC__)
#include <android/fdsan.h>
#endif
#define FDSAN_TEST(test_name) TEST_F(FdsanTest, test_name)
#define EXPECT_FDSAN_DEATH(expression, regex) \
EXPECT_DEATH((android_fdsan_set_error_level(ANDROID_FDSAN_ERROR_LEVEL_FATAL), expression), \
(regex))
struct FdsanTest : public ::testing::Test {
void SetUp() override {
#if defined(__BIONIC__)
// The bionic unit test running forks for each test by default, which turns
// fdsan off as a side-effect, so we need to turn it back on.
android_fdsan_set_error_level(ANDROID_FDSAN_ERROR_LEVEL_FATAL);
#endif
}
};
TEST_F(FdsanTest, unowned_untagged_close) {
#if defined(__BIONIC__)
int fd = open("/dev/null", O_RDONLY);
ASSERT_EQ(0, close(fd));
#endif
}
TEST_F(FdsanTest, unowned_tagged_close) {
#if defined(__BIONIC__)
int fd = open("/dev/null", O_RDONLY);
ASSERT_EQ(0, android_fdsan_close_with_tag(fd, 0));
#endif
}
TEST_F(FdsanTest, unowned_improperly_tagged_close) {
#if defined(__BIONIC__)
int fd = open("/dev/null", O_RDONLY);
EXPECT_FDSAN_DEATH(android_fdsan_close_with_tag(fd, 0xdeadbeef), "actually unowned");
#endif
}
TEST_F(FdsanTest, unowned_incorrect_exchange) {
#if defined(__BIONIC__)
int fd = open("/dev/null", O_RDONLY);
EXPECT_FDSAN_DEATH(android_fdsan_exchange_owner_tag(fd, 0xbadc0de, 0xdeadbeef),
"failed to exchange");
#endif
}
TEST_F(FdsanTest, owned_untagged_close) {
#if defined(__BIONIC__)
int fd = open("/dev/null", O_RDONLY);
android_fdsan_exchange_owner_tag(fd, 0, 0xdeadbeef);
EXPECT_FDSAN_DEATH(close(fd), "expected to be unowned, actually owned");
#endif
}
TEST_F(FdsanTest, owned_tagged_close) {
#if defined(__BIONIC__)
int fd = open("/dev/null", O_RDONLY);
android_fdsan_exchange_owner_tag(fd, 0, 0xdeadbeef);
ASSERT_EQ(0, android_fdsan_close_with_tag(fd, 0xdeadbeef));
#endif
}
TEST_F(FdsanTest, owned_improperly_tagged_close) {
#if defined(__BIONIC__)
int fd = open("/dev/null", O_RDONLY);
android_fdsan_exchange_owner_tag(fd, 0, 0xdeadbeef);
EXPECT_FDSAN_DEATH(android_fdsan_close_with_tag(fd, 0xdeadc0de), "expected to be owned");
#endif
}
TEST_F(FdsanTest, owned_incorrect_exchange) {
#if defined(__BIONIC__)
int fd = open("/dev/null", O_RDONLY);
android_fdsan_exchange_owner_tag(fd, 0, 0xdeadbeef);
EXPECT_FDSAN_DEATH(android_fdsan_exchange_owner_tag(fd, 0xbadc0de, 0xdeadbeef),
"failed to exchange");
#endif
}
TEST_F(FdsanTest, fopen) {
#if defined(__BIONIC__)
FILE* f = fopen("/dev/null", "r");
ASSERT_TRUE(f);
EXPECT_FDSAN_DEATH(close(fileno(f)), "actually owned by FILE");
#endif
}
TEST_F(FdsanTest, closedir) {
#if defined(__BIONIC__)
DIR* dir = opendir("/dev/");
ASSERT_TRUE(dir);
EXPECT_FDSAN_DEATH(close(dirfd(dir)), "actually owned by DIR");
#endif
}
TEST_F(FdsanTest, overflow) {
#if defined(__BIONIC__)
std::unordered_map<int, uint64_t> fds;
for (int i = 0; i < 4096; ++i) {
int fd = open("/dev/null", O_RDONLY);
auto tag = 0xdead00000000ULL | i;
android_fdsan_exchange_owner_tag(fd, 0, tag);
fds[fd] = tag;
}
for (auto [fd, tag] : fds) {
android_fdsan_close_with_tag(fd, tag);
}
#endif
}