5e3a3ce011
Adds an Abort() function to the fuzzer utils library that grabs and prints the relevant trusty kernel logs before exiting the fuzzer. Test: /data/fuzz/arm64/trusty_gatekeeper_fuzzer/trusty_gatekeeper_fuzzer Change-Id: I7741c7e5e0ffdc402e3d3dd9a7e5856e2a640dd2
152 lines
3.9 KiB
C++
152 lines
3.9 KiB
C++
/*
|
|
* Copyright (C) 2020 The Android Open Sourete Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#define LOG_TAG "trusty-fuzz-utils"
|
|
|
|
#include <trusty/fuzz/utils.h>
|
|
|
|
#include <android-base/logging.h>
|
|
#include <android-base/unique_fd.h>
|
|
#include <linux/ioctl.h>
|
|
#include <linux/types.h>
|
|
#include <linux/uio.h>
|
|
#include <log/log_read.h>
|
|
#include <time.h>
|
|
#include <iostream>
|
|
|
|
using android::base::ErrnoError;
|
|
using android::base::Error;
|
|
using android::base::Result;
|
|
using android::base::unique_fd;
|
|
|
|
#define TIPC_IOC_MAGIC 'r'
|
|
#define TIPC_IOC_CONNECT _IOW(TIPC_IOC_MAGIC, 0x80, char*)
|
|
|
|
namespace {
|
|
|
|
const size_t kTimeoutSeconds = 5;
|
|
const std::string kTrustyLogTag = "trusty-log";
|
|
|
|
const time_t kInitialTime = time(nullptr);
|
|
|
|
void PrintTrustyLog() {
|
|
auto logger_list = android_logger_list_open(LOG_ID_KERNEL, ANDROID_LOG_NONBLOCK, 1000, 0);
|
|
if (logger_list == nullptr) {
|
|
std::cerr << "Could not open android kernel log\n";
|
|
return;
|
|
}
|
|
|
|
while (true) {
|
|
log_msg log_msg;
|
|
int rc = android_logger_list_read(logger_list, &log_msg);
|
|
if (rc < 0) {
|
|
break;
|
|
}
|
|
if (log_msg.entry.sec < kInitialTime) {
|
|
continue;
|
|
}
|
|
char* msg = log_msg.msg();
|
|
if (msg) {
|
|
std::string line(msg, log_msg.entry.len);
|
|
if (line.find(kTrustyLogTag) != std::string::npos) {
|
|
std::cerr << line.substr(kTrustyLogTag.length() + 2) << std::endl;
|
|
}
|
|
}
|
|
}
|
|
|
|
android_logger_list_free(logger_list);
|
|
}
|
|
|
|
} // namespace
|
|
|
|
namespace android {
|
|
namespace trusty {
|
|
namespace fuzz {
|
|
|
|
TrustyApp::TrustyApp(std::string tipc_dev, std::string ta_port)
|
|
: tipc_dev_(tipc_dev), ta_port_(ta_port), ta_fd_(-1) {}
|
|
|
|
Result<void> TrustyApp::Connect() {
|
|
/*
|
|
* TODO: We can't use libtrusty because (yet)
|
|
* (1) cc_fuzz can't deal with vendor components (b/170753563)
|
|
* (2) We need non-blocking behavior to detect Trusty going down.
|
|
* (we could implement the timeout in the fuzzing code though, as
|
|
* it needs to be around the call to read())
|
|
*/
|
|
alarm(kTimeoutSeconds);
|
|
int fd = open(tipc_dev_.c_str(), O_RDWR);
|
|
alarm(0);
|
|
if (fd < 0) {
|
|
return ErrnoError() << "failed to open TIPC device: ";
|
|
}
|
|
ta_fd_.reset(fd);
|
|
|
|
// This ioctl will time out in the kernel if it can't connect.
|
|
int rc = TEMP_FAILURE_RETRY(ioctl(ta_fd_, TIPC_IOC_CONNECT, ta_port_.c_str()));
|
|
if (rc < 0) {
|
|
return ErrnoError() << "failed to connect to TIPC service: ";
|
|
}
|
|
|
|
return {};
|
|
}
|
|
|
|
Result<void> TrustyApp::Read(void* buf, size_t len) {
|
|
if (ta_fd_ == -1) {
|
|
return Error() << "TA is not connected to yet: ";
|
|
}
|
|
|
|
alarm(kTimeoutSeconds);
|
|
int rc = read(ta_fd_, buf, len);
|
|
alarm(0);
|
|
if (rc < 0) {
|
|
return Error() << "failed to read TIPC message from TA: ";
|
|
}
|
|
|
|
return {};
|
|
}
|
|
|
|
Result<void> TrustyApp::Write(const void* buf, size_t len) {
|
|
if (ta_fd_ == -1) {
|
|
return Error() << "TA is not connected to yet: ";
|
|
}
|
|
|
|
alarm(kTimeoutSeconds);
|
|
int rc = write(ta_fd_, buf, len);
|
|
alarm(0);
|
|
if (rc < 0) {
|
|
return Error() << "failed to read TIPC message from TA: ";
|
|
}
|
|
|
|
return {};
|
|
}
|
|
|
|
Result<int> TrustyApp::GetRawFd() {
|
|
if (ta_fd_ == -1) {
|
|
return Error() << "TA is not connected to yet: ";
|
|
}
|
|
|
|
return ta_fd_;
|
|
}
|
|
|
|
void Abort() {
|
|
PrintTrustyLog();
|
|
exit(-1);
|
|
}
|
|
|
|
} // namespace fuzz
|
|
} // namespace trusty
|
|
} // namespace android
|