Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / b8d9326f7586f47d7771c7d1e7bafd35d1b6c82e^! / . / services / inputflinger / tests / fuzzers / Android.bp
commitb8d9326f7586f47d7771c7d1e7bafd35d1b6c82e[log] [tgz]
authorMichael Ensing <michael.ensing@leviathansecurity.com>Tue May 12 00:41:30 2020 -0700
committerAyushi Khopkar <akhopkar@google.com>Tue Aug 30 10:29:18 2022 +0000
tree889a812656fab6bff7217fcc1484a65f9f19b815
parent26d49f7f39a05fe1773354ae1d49cad6454c82cb [diff] [blame]
Add initial batch of inputFlinger fuzzers

This batch of fuzzers is focused on the input Mappers. These fuzzers are
not host_supported, and must be run on-device. Followup CLs containing
additional inputflinger fuzzers will rely on the FuzzContainer.h and
MapperHelpers.h header files.

Fuzzers included:
 - CursorInputFuzzer
 - KeyboardInputFuzzer
 - MultiTouchInputFuzzer
 - SwitchInputFuzzer

Test: Tested on a pixel 3a with HWASAN. Accurate % coverage information is
      not available due to the large number of shared libraries included
      in runs built with hwasan interfering with PC Count information
      (increasing the total PC count to ~682,000).

Summary of updates:

Coverage improvements: 75% to 82%

Design changes:
[1] Refactored
 - CursorInputFuzzer
 - KeyboardInputFuzzer
 - MultiTouchInputFuzzer
 - SwitchInputFuzzer
in order to generate event as a combination of valid and invalid input.

[2] Used FuzzedDataProvider to generate values for events.

Signed-off-by: Michael Ensing <michael.ensing@leviathansecurity.com>
Change-Id: Id39205c691f54c516f8a452293cb098382019335

diff --git a/services/inputflinger/tests/fuzzers/Android.bp b/services/inputflinger/tests/fuzzers/Android.bp
index 455a1e2..a53db00 100644
--- a/services/inputflinger/tests/fuzzers/Android.bp
+++ b/services/inputflinger/tests/fuzzers/Android.bp

@@ -46,3 +46,74 @@
        cc: ["android-framework-input@google.com"],
     },
 }
+
+cc_defaults {
+    name: "inputflinger_fuzz_defaults",
+    defaults: [
+        "inputflinger_defaults",
+    ],
+    include_dirs: [
+        "frameworks/native/services/inputflinger",
+    ],
+    shared_libs: [
+        "android.hardware.input.classifier@1.0",
+        "libbase",
+        "libbinder",
+        "libcutils",
+        "liblog",
+        "libutils",
+        "libui",
+        "libinput",
+        "libinputflinger",
+        "libinputreader",
+        "libinputflinger_base",
+        "libstatslog",
+    ],
+    header_libs: [
+        "libbatteryservice_headers",
+        "libinputreader_headers",
+    ],
+    fuzz_config: {
+       cc: ["android-framework-input@google.com"],
+    },
+}
+
+cc_fuzz {
+    name: "inputflinger_cursor_input_fuzzer",
+    defaults: [
+        "inputflinger_fuzz_defaults",
+    ],
+    srcs: [
+        "CursorInputFuzzer.cpp",
+    ],
+}
+
+cc_fuzz {
+    name: "inputflinger_keyboard_input_fuzzer",
+    defaults: [
+        "inputflinger_fuzz_defaults",
+    ],
+    srcs: [
+        "KeyboardInputFuzzer.cpp",
+    ],
+}
+
+cc_fuzz {
+    name: "inputflinger_multitouch_input_fuzzer",
+    defaults: [
+        "inputflinger_fuzz_defaults",
+    ],
+    srcs: [
+        "MultiTouchInputFuzzer.cpp",
+    ],
+}
+
+cc_fuzz {
+    name: "inputflinger_switch_input_fuzzer",
+    defaults: [
+        "inputflinger_fuzz_defaults",
+    ],
+    srcs: [
+        "SwitchInputFuzzer.cpp",
+    ],
+}