From c40503e1fa86f3027e003118aaf91646a82f2b5d Mon Sep 17 00:00:00 2001
From: Aleksandr Nogikh <nogikh@google.com>
Date: Tue, 26 Oct 2021 15:15:11 +0000
Subject: all: add binderfs fuzzing support

Create one instance of binderfs per process and add descriptions to
enable syzkaller to create binderfs mounts and binder devices itself.

Keep descriptions compatible with the legacy mode (when devices are
created at boot time).
---
 pkg/csource/generated.go | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

(limited to 'pkg/csource')

diff --git a/pkg/csource/generated.go b/pkg/csource/generated.go
index 44b6a1297..8b8fadc5c 100644
--- a/pkg/csource/generated.go
+++ b/pkg/csource/generated.go
@@ -8251,6 +8251,8 @@ static void initialize_cgroups()
 #if SYZ_EXECUTOR || SYZ_SANDBOX_NONE || SYZ_SANDBOX_SETUID || SYZ_SANDBOX_NAMESPACE || SYZ_SANDBOX_ANDROID
 #include <errno.h>
 #include <sys/mount.h>
+#include <sys/stat.h>
+#include <unistd.h>
 
 static void setup_common()
 {
@@ -8259,6 +8261,22 @@ static void setup_common()
 	}
 }
 
+static void setup_binderfs()
+{
+	if (mkdir("/dev/binderfs", 0777)) {
+		debug("mkdir(/dev/binderfs) failed: %d\n", errno);
+	}
+
+	if (mount("binder", "/dev/binderfs", "binder", 0, NULL)) {
+		debug("mount of binder at /dev/binderfs failed: %d\n", errno);
+	}
+#if !SYZ_EXECUTOR && !SYZ_USE_TMP_DIR
+	if (symlink("/dev/binderfs", "./binderfs")) {
+		debug("symlink(/dev/binderfs, ./binderfs) failed: %d\n", errno);
+	}
+#endif
+}
+
 #include <sched.h>
 #include <sys/prctl.h>
 #include <sys/resource.h>
@@ -8406,6 +8424,7 @@ static int do_sandbox_none(void)
 #if SYZ_EXECUTOR || SYZ_WIFI
 	initialize_wifi_devices();
 #endif
+	setup_binderfs();
 	loop();
 	doexit(1);
 }
@@ -8449,6 +8468,7 @@ static int do_sandbox_setuid(void)
 #if SYZ_EXECUTOR || SYZ_WIFI
 	initialize_wifi_devices();
 #endif
+	setup_binderfs();
 
 	const int nobody = 65534;
 	if (setgroups(0, NULL))
@@ -8549,6 +8569,7 @@ static int namespace_sandbox_proc(void* arg)
 		fail("chroot failed");
 	if (chdir("/"))
 		fail("chdir failed");
+	setup_binderfs();
 	drop_caps();
 
 	loop();
@@ -9217,6 +9238,7 @@ static int do_sandbox_android(void)
 	setfilecon(".", SELINUX_LABEL_APP_DATA_FILE);
 	setcon(SELINUX_CONTEXT_UNTRUSTED_APP);
 
+	setup_binderfs();
 	loop();
 	doexit(1);
 }
@@ -9477,6 +9499,7 @@ static void reset_loop()
 
 #if SYZ_EXECUTOR || SYZ_REPEAT
 #include <sys/prctl.h>
+#include <unistd.h>
 
 #define SYZ_HAVE_SETUP_TEST 1
 static void setup_test()
@@ -9490,6 +9513,11 @@ static void setup_test()
 #if SYZ_EXECUTOR || SYZ_NET_INJECTION
 	flush_tun();
 #endif
+#if SYZ_EXECUTOR || SYZ_USE_TMP_DIR
+	if (symlink("/dev/binderfs", "./binderfs")) {
+		debug("symlink(/dev/binderfs, ./binderfs) failed: %d", errno);
+	}
+#endif
 }
 #endif
 
-- 
cgit mrf-deployment