From c75c2e092218a7d77be39c89bfba7dd2b4823ac1 Mon Sep 17 00:00:00 2001
From: Ryan Mitchell <rtmitchell@google.com>
Date: Mon, 17 Aug 2020 08:42:48 -0700
Subject: libandroidfw hardening for IncFs

Migrate libandroifw to using incfs::util::map_ptr to prevent processes
from crashing when parsing the resources.arsc, parsing compiled xml,
files, and retrieving resource values.

This change propagates incremental failures to the JNI level where they
are raised as ResourcesNotFoundException.

Performance of ResourcesPerfWorkloads without change (time in
nanoseconds):
[1/3] com.android.resources.perf.PerfTest#youtube: PASSED (11.883s)
    youtube_ns_median: 93812805
    youtube_ns_standardDeviation: 4387062
    youtube_ns_mean: 94455597
[2/3] com.android.resources.perf.PerfTest#maps: PASSED (11.265s)
    maps_ns_standardDeviation: 2997543
    maps_ns_mean: 83480371
    maps_ns_median: 82210941
[3/3] com.android.resources.perf.PerfTest#gmail: PASSED (24.963s)
    gmail_ns_median: 266141091
    gmail_ns_standardDeviation: 3492043
    gmail_ns_mean: 267472765

With change and verification forcibly enabled for all apks
(including the framework-res.apk):
[1/3] com.android.resources.perf.PerfTest#youtube: PASSED (11.646s)
    youtube_ns_median: 101999396
    youtube_ns_standardDeviation: 4625782
    youtube_ns_mean: 102631770
[2/3] com.android.resources.perf.PerfTest#maps: PASSED (11.286s)
    maps_ns_standardDeviation: 2692088
    maps_ns_mean: 91326538
    maps_ns_median: 90519884
[3/3] com.android.resources.perf.PerfTest#gmail: PASSED (24.694s)
    gmail_ns_median: 290284442
    gmail_ns_standardDeviation: 5764632
    gmail_ns_mean: 291660464

With change and verification disabled:
[1/3] com.android.resources.perf.PerfTest#youtube: PASSED (11.748s)
    youtube_ns_median: 95490747
    youtube_ns_standardDeviation: 7282249
    youtube_ns_mean: 98442515
[2/3] com.android.resources.perf.PerfTest#maps: PASSED (10.862s)
    maps_ns_standardDeviation: 4484213
    maps_ns_mean: 87912988
    maps_ns_median: 86325549
[3/3] com.android.resources.perf.PerfTest#gmail: PASSED (24.034s)
    gmail_ns_median: 282175838
    gmail_ns_standardDeviation: 6560876
    gmail_ns_mean: 282869146

These tests were done on a Pixel 3 and with cpu settings configured by
libs/hwui/tests/scripts/prep_generic.sh:

 Locked CPUs 4,5,6,7 to 1459200 / 2803200 KHz
 Disabled CPUs 0,1,2,3

Bug: 160635104
Bug: 169423204
Test: boot device && atest ResourcesPerfWorkloads

Change-Id: I5cd1bc8a2257bffaba6ca4a1c96f4e6640106866
---
 tools/aapt2/StringPool_test.cpp | 40 +++++++++++++++++++++-------------------
 1 file changed, 21 insertions(+), 19 deletions(-)

(limited to 'tools/aapt2/StringPool_test.cpp')

diff --git a/tools/aapt2/StringPool_test.cpp b/tools/aapt2/StringPool_test.cpp
index 9a7238b584ba..6e5200bca44c 100644
--- a/tools/aapt2/StringPool_test.cpp
+++ b/tools/aapt2/StringPool_test.cpp
@@ -223,11 +223,11 @@ TEST(StringPoolTest, FlattenOddCharactersUtf16) {
   std::unique_ptr<uint8_t[]> data = util::Copy(buffer);
   ResStringPool test;
   ASSERT_EQ(test.setTo(data.get(), buffer.size()), NO_ERROR);
-  size_t len = 0;
-  const char16_t* str = test.stringAt(0, &len);
-  EXPECT_THAT(len, Eq(1u));
-  EXPECT_THAT(str, Pointee(Eq(u'\u093f')));
-  EXPECT_THAT(str[1], Eq(0u));
+  auto str = test.stringAt(0);
+  ASSERT_TRUE(str.has_value());
+  EXPECT_THAT(str->size(), Eq(1u));
+  EXPECT_THAT(str->data(), Pointee(Eq(u'\u093f')));
+  EXPECT_THAT(str->data()[1], Eq(0u));
 }
 
 constexpr const char* sLongString =
@@ -278,14 +278,15 @@ TEST(StringPoolTest, Flatten) {
     EXPECT_THAT(util::GetString(test, 3), Eq(sLongString));
     EXPECT_THAT(util::GetString16(test, 3), Eq(util::Utf8ToUtf16(sLongString)));
 
-    size_t len;
-    EXPECT_TRUE(test.stringAt(4, &len) != nullptr || test.string8At(4, &len) != nullptr);
+    EXPECT_TRUE(test.stringAt(4).has_value() || test.string8At(4).has_value());
 
     EXPECT_THAT(util::GetString(test, 0), Eq("style"));
     EXPECT_THAT(util::GetString16(test, 0), Eq(u"style"));
 
-    const ResStringPool_span* span = test.styleAt(0);
-    ASSERT_THAT(span, NotNull());
+    auto span_result = test.styleAt(0);
+    ASSERT_TRUE(span_result.has_value());
+
+    const ResStringPool_span* span = span_result->unsafe_ptr();
     EXPECT_THAT(util::GetString(test, span->name.index), Eq("b"));
     EXPECT_THAT(util::GetString16(test, span->name.index), Eq(u"b"));
     EXPECT_THAT(span->firstChar, Eq(0u));
@@ -318,16 +319,17 @@ TEST(StringPoolTest, ModifiedUTF8) {
   // Check that the codepoints are encoded using two three-byte surrogate pairs
   ResStringPool test;
   ASSERT_EQ(test.setTo(data.get(), buffer.size()), NO_ERROR);
-  size_t len;
-  const char* str = test.string8At(0, &len);
-  ASSERT_THAT(str, NotNull());
-  EXPECT_THAT(std::string(str, len), Eq("\xED\xA0\x81\xED\xB0\x80"));
-  str = test.string8At(1, &len);
-  ASSERT_THAT(str, NotNull());
-  EXPECT_THAT(std::string(str, len), Eq("foo \xED\xA0\x81\xED\xB0\xB7 bar"));
-  str = test.string8At(2, &len);
-  ASSERT_THAT(str, NotNull());
-  EXPECT_THAT(std::string(str, len), Eq("\xED\xA0\x81\xED\xB0\x80\xED\xA0\x81\xED\xB0\xB7"));
+  auto str = test.string8At(0);
+  ASSERT_TRUE(str.has_value());
+  EXPECT_THAT(str->to_string(), Eq("\xED\xA0\x81\xED\xB0\x80"));
+
+  str = test.string8At(1);
+  ASSERT_TRUE(str.has_value());
+  EXPECT_THAT(str->to_string(), Eq("foo \xED\xA0\x81\xED\xB0\xB7 bar"));
+
+  str = test.string8At(2);
+  ASSERT_TRUE(str.has_value());
+  EXPECT_THAT(str->to_string(), Eq("\xED\xA0\x81\xED\xB0\x80\xED\xA0\x81\xED\xB0\xB7"));
 
   // Check that retrieving the strings returns the original UTF-8 character bytes
   EXPECT_THAT(util::GetString(test, 0), Eq("\xF0\x90\x90\x80"));
-- 
cgit v1.2.3