From 058f88977e375dcae2745bcfe862a77fb4fcd8a1 Mon Sep 17 00:00:00 2001
From: s1341 <s1341@users.noreply.github.com>
Date: Mon, 15 Mar 2021 23:00:04 +0200
Subject: [PATCH] Make unix sockets abstract and fix ashmem device path (#33)

* Make unix sockets abstract

Also fix ashmem device path. These two changes allow us to run on Android without root

* fmt

* make the dependency on uds cfg(unix)
---
 libafl/Cargo.toml         |  1 +
 libafl/src/bolts/llmp.rs  |  7 +++++--
 libafl/src/bolts/shmem.rs | 13 +++++--------
 libafl/src/events/llmp.rs |  5 +----
 4 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/libafl/Cargo.toml b/libafl/Cargo.toml
index 29b65a59cd..d74a3f1d97 100644
--- a/libafl/Cargo.toml
+++ b/libafl/Cargo.toml
@@ -60,6 +60,7 @@ num_enum = "0.5.1"
 [target.'cfg(unix)'.dependencies]
 libc = "0.2" # For (*nix) libc
 nix = "0.20.0"
+uds = "0.2.3"
 
 [target.'cfg(windows)'.dependencies]
 windows = "0.3.1"
diff --git a/libafl/src/bolts/llmp.rs b/libafl/src/bolts/llmp.rs
index 36e1f16a7a..285907f1b1 100644
--- a/libafl/src/bolts/llmp.rs
+++ b/libafl/src/bolts/llmp.rs
@@ -92,6 +92,9 @@ use std::{
 #[cfg(all(feature = "std", unix))]
 use libc::c_char;
 
+#[cfg(unix)]
+use uds::{UnixListenerExt, UnixSocketAddr, UnixStreamExt};
+
 #[cfg(unix)]
 use crate::bolts::os::unix_signals::{c_void, setup_signal_handler, siginfo_t, Handler, Signal};
 use crate::{
@@ -453,7 +456,7 @@ where
 {
     #[cfg(all(feature = "std", unix))]
     pub fn on_domain_socket(filename: &str) -> Result<Self, Error> {
-        match UnixListener::bind(filename) {
+        match UnixListener::bind_unix_addr(&UnixSocketAddr::new(filename).unwrap()) {
             Ok(listener) => {
                 dbg!("We're the broker");
                 let mut broker = LlmpBroker::new()?;
@@ -1876,7 +1879,7 @@ where
     #[cfg(all(unix, feature = "std"))]
     /// Create a LlmpClient, getting the ID from a given filename
     pub fn create_attach_to_unix(filename: &str) -> Result<Self, Error> {
-        let stream = UnixStream::connect(filename)?;
+        let stream = UnixStream::connect_to_unix_addr(&UnixSocketAddr::new(filename).unwrap())?;
         println!("Connected to socket {}", filename);
 
         let mut buf = [0u8; 5];
diff --git a/libafl/src/bolts/shmem.rs b/libafl/src/bolts/shmem.rs
index 4803654d43..539cab9611 100644
--- a/libafl/src/bolts/shmem.rs
+++ b/libafl/src/bolts/shmem.rs
@@ -169,7 +169,6 @@ pub mod unix_shmem {
 
     #[cfg(target_os = "android")]
     unsafe fn shmctl(__shmid: c_int, __cmd: c_int, _buf: *mut shmid_ds) -> c_int {
-        println!("shmctl(__shmid: {})", __shmid);
         if __cmd == 0 {
             let length = ioctl(__shmid, ASHMEM_GET_SIZE);
 
@@ -188,7 +187,10 @@ pub mod unix_shmem {
 
     #[cfg(target_os = "android")]
     unsafe fn shmget(__key: c_int, __size: c_ulong, __shmflg: c_int) -> c_int {
-        let path = CString::new(ASHMEM_DEVICE).expect("CString::new failed!");
+        let boot_id = std::fs::read_to_string("/proc/sys/kernel/random/boot_id").unwrap();
+
+        let path = CString::new(format!("{}{}", ASHMEM_DEVICE, boot_id).trim())
+            .expect("CString::new failed!");
         let fd = open(path.as_ptr(), O_RDWR);
 
         let mut ourkey: [c_char; 20] = [0; 20];
@@ -196,10 +198,9 @@ pub mod unix_shmem {
             ourkey.as_mut_ptr() as *mut c_char,
             size_of::<[c_char; 20]>() as c_ulong,
             b"%d\x00" as *const u8 as *const c_char,
-            __key,
+            if __key == 0 { fd } else { __key },
         );
 
-        println!("ourkey: {:?}", ourkey);
         if ioctl(fd, ASHMEM_SET_NAME, &ourkey) != 0 {
             close(fd);
             return 0;
@@ -210,14 +211,11 @@ pub mod unix_shmem {
             return 0;
         };
 
-        println!("shmget returns {}", fd);
         fd
     }
 
     #[cfg(target_os = "android")]
     unsafe fn shmat(__shmid: c_int, __shmaddr: *const c_void, __shmflg: c_int) -> *mut c_void {
-        println!("shmat(__shmid: {})", __shmid);
-
         let size = ioctl(__shmid, ASHMEM_GET_SIZE);
         if size < 0 {
             return 0 as *mut c_void;
@@ -235,7 +233,6 @@ pub mod unix_shmem {
             return 0 as *mut c_void;
         }
 
-        println!("shmat() = {:?}", ptr);
         ptr
     }
 
diff --git a/libafl/src/events/llmp.rs b/libafl/src/events/llmp.rs
index 042fcf3719..c8984d0dad 100644
--- a/libafl/src/events/llmp.rs
+++ b/libafl/src/events/llmp.rs
@@ -521,10 +521,7 @@ where
         #[cfg(target_os = "android")]
         {
             let path = std::env::current_dir()?;
-            mgr = LlmpEventManager::<I, S, SH, ST>::new_on_domain_socket(
-                stats,
-                &format!("{}/.llmp_socket", path.display()).to_string(),
-            )?;
+            mgr = LlmpEventManager::<I, S, SH, ST>::new_on_domain_socket(stats, "\x00llmp_socket")?;
         };
         #[cfg(not(target_os = "android"))]
         {