From 243888ecb09aff6234a86c2ade25d9c5abec411d Mon Sep 17 00:00:00 2001
From: Pawan Wagh <waghpawan@google.com>
Date: Tue, 20 Sep 2022 19:37:35 +0000
Subject: servicemanager : Adding clear API to ServiceManager

Adding an API to clear members of ServiceManager. Using it in
ServiceManagerFuzzer to avoid indirect leaks.

BUG: 240481296
Test: m servicemanager_fuzzer && $ANDROID_HOST_OUT/fuzz/x86_64/servicemanager_fuzzer/servicemanager_fuzzer
Change-Id: Ifda8d81981a1143e08c80436ac80d74fcbe14318
---
 cmds/servicemanager/ServiceManager.cpp       | 6 ++++++
 cmds/servicemanager/ServiceManager.h         | 6 ++++++
 cmds/servicemanager/ServiceManagerFuzzer.cpp | 1 +
 3 files changed, 13 insertions(+)

diff --git a/cmds/servicemanager/ServiceManager.cpp b/cmds/servicemanager/ServiceManager.cpp
index 3cfe5297ca..07273835f9 100644
--- a/cmds/servicemanager/ServiceManager.cpp
+++ b/cmds/servicemanager/ServiceManager.cpp
@@ -762,4 +762,10 @@ Status ServiceManager::getServiceDebugInfo(std::vector<ServiceDebugInfo>* outRet
     return Status::ok();
 }
 
+void ServiceManager::clear() {
+    mNameToService.clear();
+    mNameToRegistrationCallback.clear();
+    mNameToClientCallback.clear();
+}
+
 }  // namespace android
diff --git a/cmds/servicemanager/ServiceManager.h b/cmds/servicemanager/ServiceManager.h
index 5e403194d7..c6db697a89 100644
--- a/cmds/servicemanager/ServiceManager.h
+++ b/cmds/servicemanager/ServiceManager.h
@@ -58,6 +58,12 @@ public:
     void binderDied(const wp<IBinder>& who) override;
     void handleClientCallbacks();
 
+    /**
+     *  This API is added for debug purposes. It clears members which hold service and callback
+     * information.
+     */
+    void clear();
+
 protected:
     virtual void tryStartService(const std::string& name);
 
diff --git a/cmds/servicemanager/ServiceManagerFuzzer.cpp b/cmds/servicemanager/ServiceManagerFuzzer.cpp
index 39f8522f84..b76a6bd3cd 100644
--- a/cmds/servicemanager/ServiceManagerFuzzer.cpp
+++ b/cmds/servicemanager/ServiceManagerFuzzer.cpp
@@ -29,6 +29,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
     auto accessPtr = std::make_unique<Access>();
     auto serviceManager = sp<ServiceManager>::make(std::move(accessPtr));
     fuzzService(serviceManager, FuzzedDataProvider(data, size));
+    serviceManager->clear();
 
     return 0;
 }
-- 
cgit v1.2.3-59-g8ed1b