Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / 5c636e3b4543a48cf64427cbf915af17cc7ded30 / . / services / inputflinger / tests / fuzzers / InputReaderFuzzer.cpp
blob: 9223287114ce0ae9e1d29dab19757427ec23d4d4 [file] [log] [blame]
Michael Ensing0f0ca6e2021-01-12 16:13:20 -0800[diff] [blame]1/*
2 * Copyright 2022 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <InputReader.h>
18#include <MapperHelpers.h>
19#include <fuzzer/FuzzedDataProvider.h>
20#include <input/InputDevice.h>
21#include <chrono>
22#include <thread>
23
24namespace android {
25
26constexpr InputDeviceSensorType kInputDeviceSensorType[] = {
27 InputDeviceSensorType::ACCELEROMETER,
28 InputDeviceSensorType::MAGNETIC_FIELD,
29 InputDeviceSensorType::ORIENTATION,
30 InputDeviceSensorType::GYROSCOPE,
31 InputDeviceSensorType::LIGHT,
32 InputDeviceSensorType::PRESSURE,
33 InputDeviceSensorType::TEMPERATURE,
34 InputDeviceSensorType::PROXIMITY,
35 InputDeviceSensorType::GRAVITY,
36 InputDeviceSensorType::LINEAR_ACCELERATION,
37 InputDeviceSensorType::ROTATION_VECTOR,
38 InputDeviceSensorType::RELATIVE_HUMIDITY,
39 InputDeviceSensorType::AMBIENT_TEMPERATURE,
40 InputDeviceSensorType::MAGNETIC_FIELD_UNCALIBRATED,
41 InputDeviceSensorType::GAME_ROTATION_VECTOR,
42 InputDeviceSensorType::GYROSCOPE_UNCALIBRATED,
43 InputDeviceSensorType::SIGNIFICANT_MOTION,
44};
45
46class FuzzInputReader : public InputReaderInterface {
47public:
48 FuzzInputReader(std::shared_ptr<EventHubInterface> fuzzEventHub,
49 const sp<InputReaderPolicyInterface>& fuzzPolicy,
50 InputListenerInterface& fuzzListener) {
51 reader = std::make_unique<InputReader>(fuzzEventHub, fuzzPolicy, fuzzListener);
52 }
53
54 void dump(std::string& dump) { reader->dump(dump); }
55
56 void monitor() { reader->monitor(); }
57
58 bool isInputDeviceEnabled(int32_t deviceId) { return reader->isInputDeviceEnabled(deviceId); }
59
60 status_t start() { return reader->start(); }
61
62 status_t stop() { return reader->stop(); }
63
64 std::vector<InputDeviceInfo> getInputDevices() const { return reader->getInputDevices(); }
65
66 int32_t getScanCodeState(int32_t deviceId, uint32_t sourceMask, int32_t scanCode) {
67 return reader->getScanCodeState(deviceId, sourceMask, scanCode);
68 }
69
70 int32_t getKeyCodeState(int32_t deviceId, uint32_t sourceMask, int32_t keyCode) {
71 return reader->getKeyCodeState(deviceId, sourceMask, keyCode);
72 }
73
74 int32_t getSwitchState(int32_t deviceId, uint32_t sourceMask, int32_t sw) {
75 return reader->getSwitchState(deviceId, sourceMask, sw);
76 }
77
78 void toggleCapsLockState(int32_t deviceId) { reader->toggleCapsLockState(deviceId); }
79
80 bool hasKeys(int32_t deviceId, uint32_t sourceMask, const std::vector<int32_t>& keyCodes,
81 uint8_t* outFlags) {
82 return reader->hasKeys(deviceId, sourceMask, keyCodes, outFlags);
83 }
84
Prabir Pradhan4bf6d452023-04-18 21:26:56 +0000[diff] [blame]85 void requestRefreshConfiguration(ConfigurationChanges changes) {
Michael Ensing0f0ca6e2021-01-12 16:13:20 -0800[diff] [blame]86 reader->requestRefreshConfiguration(changes);
87 }
88
89 void vibrate(int32_t deviceId, const VibrationSequence& sequence, ssize_t repeat,
90 int32_t token) {
91 reader->vibrate(deviceId, sequence, repeat, token);
92 }
93
94 void cancelVibrate(int32_t deviceId, int32_t token) { reader->cancelVibrate(deviceId, token); }
95
96 bool isVibrating(int32_t deviceId) { return reader->isVibrating(deviceId); }
97
98 std::vector<int32_t> getVibratorIds(int32_t deviceId) {
99 return reader->getVibratorIds(deviceId);
100 }
101
102 std::optional<int32_t> getBatteryCapacity(int32_t deviceId) {
103 return reader->getBatteryCapacity(deviceId);
104 }
105
106 std::optional<int32_t> getBatteryStatus(int32_t deviceId) {
107 return reader->getBatteryStatus(deviceId);
108 }
109
Prabir Pradhane287ecd2022-09-07 21:18:05 +0000[diff] [blame]110 std::optional<std::string> getBatteryDevicePath(int32_t deviceId) {
111 return reader->getBatteryDevicePath(deviceId);
112 }
113
Michael Ensing0f0ca6e2021-01-12 16:13:20 -0800[diff] [blame]114 std::vector<InputDeviceLightInfo> getLights(int32_t deviceId) {
115 return reader->getLights(deviceId);
116 }
117
118 std::vector<InputDeviceSensorInfo> getSensors(int32_t deviceId) {
119 return reader->getSensors(deviceId);
120 }
121
122 bool canDispatchToDisplay(int32_t deviceId, int32_t displayId) {
123 return reader->canDispatchToDisplay(deviceId, displayId);
124 }
125
126 bool enableSensor(int32_t deviceId, InputDeviceSensorType sensorType,
127 std::chrono::microseconds samplingPeriod,
128 std::chrono::microseconds maxBatchReportLatency) {
129 return reader->enableSensor(deviceId, sensorType, samplingPeriod, maxBatchReportLatency);
130 }
131
132 void disableSensor(int32_t deviceId, InputDeviceSensorType sensorType) {
133 return reader->disableSensor(deviceId, sensorType);
134 }
135
136 void flushSensor(int32_t deviceId, InputDeviceSensorType sensorType) {
137 return reader->flushSensor(deviceId, sensorType);
138 }
139
140 bool setLightColor(int32_t deviceId, int32_t lightId, int32_t color) {
141 return reader->setLightColor(deviceId, lightId, color);
142 }
143
144 bool setLightPlayerId(int32_t deviceId, int32_t lightId, int32_t playerId) {
145 return reader->setLightPlayerId(deviceId, lightId, playerId);
146 }
147
148 std::optional<int32_t> getLightColor(int32_t deviceId, int32_t lightId) {
149 return reader->getLightColor(deviceId, lightId);
150 }
151
152 std::optional<int32_t> getLightPlayerId(int32_t deviceId, int32_t lightId) {
153 return reader->getLightPlayerId(deviceId, lightId);
154 }
155
Vaibhav Devmuraricbba14c2022-10-10 16:54:49 +0000[diff] [blame]156 void addKeyRemapping(int32_t deviceId, int32_t fromKeyCode, int32_t toKeyCode) const {
157 reader->addKeyRemapping(deviceId, fromKeyCode, toKeyCode);
158 }
159
Michael Ensing0f0ca6e2021-01-12 16:13:20 -0800[diff] [blame]160 int32_t getKeyCodeForKeyLocation(int32_t deviceId, int32_t locationKeyCode) const {
161 return reader->getKeyCodeForKeyLocation(deviceId, locationKeyCode);
162 }
163
Prabir Pradhanb54ffb22022-10-27 18:03:34 +0000[diff] [blame]164 std::optional<std::string> getBluetoothAddress(int32_t deviceId) const {
165 return reader->getBluetoothAddress(deviceId);
166 }
167
Vaibhav Devmurari5fc7d852023-03-17 18:43:33 +0000[diff] [blame]168 void sysfsNodeChanged(const std::string& sysfsNodePath) {
169 reader->sysfsNodeChanged(sysfsNodePath);
170 }
171
Michael Ensing0f0ca6e2021-01-12 16:13:20 -0800[diff] [blame]172private:
173 std::unique_ptr<InputReaderInterface> reader;
174};
175
176extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size) {
Aditya Wazireea5be02022-10-31 12:40:10 +0530[diff] [blame]177 std::shared_ptr<ThreadSafeFuzzedDataProvider> fdp =
178 std::make_shared<ThreadSafeFuzzedDataProvider>(data, size);
Michael Ensing0f0ca6e2021-01-12 16:13:20 -0800[diff] [blame]179
180 FuzzInputListener fuzzListener;
181 sp<FuzzInputReaderPolicy> fuzzPolicy = sp<FuzzInputReaderPolicy>::make(fdp);
182 std::shared_ptr<FuzzEventHub> fuzzEventHub = std::make_shared<FuzzEventHub>(fdp);
183 std::unique_ptr<FuzzInputReader> reader =
184 std::make_unique<FuzzInputReader>(fuzzEventHub, fuzzPolicy, fuzzListener);
Michael Ensing0f0ca6e2021-01-12 16:13:20 -0800[diff] [blame]185 size_t patternCount = fdp->ConsumeIntegralInRange<size_t>(1, 260);
186 VibrationSequence pattern(patternCount);
187 for (size_t i = 0; i < patternCount; ++i) {
188 VibrationElement element(i);
Harry Cutts33476232023-01-30 19:57:29 +0000[diff] [blame]189 element.addChannel(/*vibratorId=*/fdp->ConsumeIntegral<int32_t>(),
190 /*amplitude=*/fdp->ConsumeIntegral<uint8_t>());
Michael Ensing0f0ca6e2021-01-12 16:13:20 -0800[diff] [blame]191 pattern.addElement(element);
192 }
193 reader->vibrate(fdp->ConsumeIntegral<int32_t>(), pattern,
Harry Cutts33476232023-01-30 19:57:29 +0000[diff] [blame]194 /*repeat=*/fdp->ConsumeIntegral<ssize_t>(),
195 /*token=*/fdp->ConsumeIntegral<int32_t>());
Michael Ensing0f0ca6e2021-01-12 16:13:20 -0800[diff] [blame]196 reader->start();
197
198 // Loop through mapper operations until randomness is exhausted.
199 while (fdp->remaining_bytes() > 0) {
200 fdp->PickValueInArray<std::function<void()>>({
201 [&]() -> void {
202 std::string dump;
203 reader->dump(dump);
204 },
205 [&]() -> void { reader->monitor(); },
206 [&]() -> void { reader->getInputDevices(); },
207 [&]() -> void { reader->isInputDeviceEnabled(fdp->ConsumeIntegral<int32_t>()); },
208 [&]() -> void {
209 reader->getScanCodeState(fdp->ConsumeIntegral<int32_t>(),
210 fdp->ConsumeIntegral<uint32_t>(),
211 fdp->ConsumeIntegral<int32_t>());
212 },
213 [&]() -> void {
214 reader->getKeyCodeState(fdp->ConsumeIntegral<int32_t>(),
215 fdp->ConsumeIntegral<uint32_t>(),
216 fdp->ConsumeIntegral<int32_t>());
217 },
218 [&]() -> void {
219 reader->getSwitchState(fdp->ConsumeIntegral<int32_t>(),
220 fdp->ConsumeIntegral<uint32_t>(),
221 fdp->ConsumeIntegral<int32_t>());
222 },
223 [&]() -> void { reader->toggleCapsLockState(fdp->ConsumeIntegral<int32_t>()); },
224 [&]() -> void {
225 size_t count = fdp->ConsumeIntegralInRange<size_t>(1, 1024);
226 std::vector<uint8_t> outFlags(count);
227 std::vector<int32_t> keyCodes;
228 for (size_t i = 0; i < count; ++i) {
229 keyCodes.push_back(fdp->ConsumeIntegral<int32_t>());
230 }
231 reader->hasKeys(fdp->ConsumeIntegral<int32_t>(),
232 fdp->ConsumeIntegral<uint32_t>(), keyCodes, outFlags.data());
233 },
234 [&]() -> void {
Prabir Pradhan4bf6d452023-04-18 21:26:56 +0000[diff] [blame]235 reader->requestRefreshConfiguration(
236 InputReaderConfiguration::Change(fdp->ConsumeIntegral<uint32_t>()));
Michael Ensing0f0ca6e2021-01-12 16:13:20 -0800[diff] [blame]237 },
238 [&]() -> void {
239 reader->cancelVibrate(fdp->ConsumeIntegral<int32_t>(),
240 fdp->ConsumeIntegral<int32_t>());
241 },
242 [&]() -> void {
243 reader->canDispatchToDisplay(fdp->ConsumeIntegral<int32_t>(),
244 fdp->ConsumeIntegral<int32_t>());
245 },
246 [&]() -> void {
247 reader->getKeyCodeForKeyLocation(fdp->ConsumeIntegral<int32_t>(),
248 fdp->ConsumeIntegral<int32_t>());
249 },
250 [&]() -> void { reader->getBatteryCapacity(fdp->ConsumeIntegral<int32_t>()); },
251 [&]() -> void { reader->getBatteryStatus(fdp->ConsumeIntegral<int32_t>()); },
Prabir Pradhane287ecd2022-09-07 21:18:05 +0000[diff] [blame]252 [&]() -> void { reader->getBatteryDevicePath(fdp->ConsumeIntegral<int32_t>()); },
Michael Ensing0f0ca6e2021-01-12 16:13:20 -0800[diff] [blame]253 [&]() -> void { reader->getLights(fdp->ConsumeIntegral<int32_t>()); },
254 [&]() -> void { reader->getSensors(fdp->ConsumeIntegral<int32_t>()); },
255 [&]() -> void {
256 reader->getLightPlayerId(fdp->ConsumeIntegral<int32_t>(),
257 fdp->ConsumeIntegral<int32_t>());
258 },
259 [&]() -> void {
260 reader->getLightColor(fdp->ConsumeIntegral<int32_t>(),
261 fdp->ConsumeIntegral<int32_t>());
262 },
263 [&]() -> void {
264 reader->setLightPlayerId(fdp->ConsumeIntegral<int32_t>(),
265 fdp->ConsumeIntegral<int32_t>(),
266 fdp->ConsumeIntegral<int32_t>());
267 },
268 [&]() -> void {
269 reader->setLightColor(fdp->ConsumeIntegral<int32_t>(),
270 fdp->ConsumeIntegral<int32_t>(),
271 fdp->ConsumeIntegral<int32_t>());
272 },
273 [&]() -> void {
274 reader->flushSensor(fdp->ConsumeIntegral<int32_t>(),
275 fdp->PickValueInArray<InputDeviceSensorType>(
276 kInputDeviceSensorType));
277 },
278 [&]() -> void {
279 reader->disableSensor(fdp->ConsumeIntegral<int32_t>(),
280 fdp->PickValueInArray<InputDeviceSensorType>(
281 kInputDeviceSensorType));
282 },
283 [&]() -> void {
284 reader->enableSensor(fdp->ConsumeIntegral<int32_t>(),
285 fdp->PickValueInArray<InputDeviceSensorType>(
286 kInputDeviceSensorType),
287 std::chrono::microseconds(fdp->ConsumeIntegral<size_t>()),
288 std::chrono::microseconds(fdp->ConsumeIntegral<size_t>()));
289 },
Prabir Pradhanb54ffb22022-10-27 18:03:34 +0000[diff] [blame]290 [&]() -> void { reader->getBluetoothAddress(fdp->ConsumeIntegral<int32_t>()); },
Michael Ensing0f0ca6e2021-01-12 16:13:20 -0800[diff] [blame]291 })();
292 }
293
294 reader->stop();
295 return 0;
296}
297
298} // namespace android