Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / b8d9326f7586f47d7771c7d1e7bafd35d1b6c82e / . / services / inputflinger / tests / fuzzers / KeyboardInputFuzzer.cpp
blob: c48a099bcabfc019c37a1b7f3b021b68627fa8f9 [file] [log] [blame]
Michael Ensingb8d93262020-05-12 00:41:30 -0700[diff] [blame^]1/*
2 * Copyright 2022 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <FuzzContainer.h>
18#include <KeyboardInputMapper.h>
19#include <fuzzer/FuzzedDataProvider.h>
20
21namespace android {
22
23const int32_t kMaxKeycodes = 100;
24
25static void addProperty(FuzzContainer& fuzzer, std::shared_ptr<FuzzedDataProvider> fdp) {
26 // Pick a random property to set for the mapper to have set.
27 fdp->PickValueInArray<std::function<void()>>(
28 {[&]() -> void { fuzzer.addProperty("keyboard.orientationAware", "1"); },
29 [&]() -> void {
30 fuzzer.addProperty("keyboard.orientationAware",
31 fdp->ConsumeRandomLengthString(100).data());
32 },
33 [&]() -> void {
34 fuzzer.addProperty("keyboard.doNotWakeByDefault",
35 fdp->ConsumeRandomLengthString(100).data());
36 },
37 [&]() -> void {
38 fuzzer.addProperty("keyboard.handlesKeyRepeat",
39 fdp->ConsumeRandomLengthString(100).data());
40 }})();
41}
42
43extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size) {
44 std::shared_ptr<FuzzedDataProvider> fdp = std::make_shared<FuzzedDataProvider>(data, size);
45 FuzzContainer fuzzer(fdp);
46
47 KeyboardInputMapper& mapper =
48 fuzzer.getMapper<KeyboardInputMapper>(fdp->ConsumeIntegral<uint32_t>(),
49 fdp->ConsumeIntegral<int32_t>());
50 auto policyConfig = fuzzer.getPolicyConfig();
51
52 // Loop through mapper operations until randomness is exhausted.
53 while (fdp->remaining_bytes() > 0) {
54 fdp->PickValueInArray<std::function<void()>>({
55 [&]() -> void { addProperty(fuzzer, fdp); },
56 [&]() -> void {
57 std::string dump;
58 mapper.dump(dump);
59 },
60 [&]() -> void {
61 InputDeviceInfo info;
62 mapper.populateDeviceInfo(&info);
63 },
64 [&]() -> void { mapper.getSources(); },
65 [&]() -> void {
66 mapper.configure(fdp->ConsumeIntegral<nsecs_t>(), &policyConfig,
67 fdp->ConsumeIntegral<uint32_t>());
68 },
69 [&]() -> void { mapper.reset(fdp->ConsumeIntegral<nsecs_t>()); },
70 [&]() -> void {
71 int32_t type, code;
72 type = fdp->ConsumeBool() ? fdp->PickValueInArray(kValidTypes)
73 : fdp->ConsumeIntegral<int32_t>();
74 code = fdp->ConsumeBool() ? fdp->PickValueInArray(kValidCodes)
75 : fdp->ConsumeIntegral<int32_t>();
76 RawEvent rawEvent{fdp->ConsumeIntegral<nsecs_t>(),
77 fdp->ConsumeIntegral<nsecs_t>(),
78 fdp->ConsumeIntegral<int32_t>(),
79 type,
80 code,
81 fdp->ConsumeIntegral<int32_t>()};
82 mapper.process(&rawEvent);
83 },
84 [&]() -> void {
85 mapper.getKeyCodeState(fdp->ConsumeIntegral<uint32_t>(),
86 fdp->ConsumeIntegral<int32_t>());
87 },
88 [&]() -> void {
89 mapper.getScanCodeState(fdp->ConsumeIntegral<uint32_t>(),
90 fdp->ConsumeIntegral<int32_t>());
91 },
92 [&]() -> void {
93 std::vector<int32_t> keyCodes;
94 int32_t numBytes = fdp->ConsumeIntegralInRange<int32_t>(0, kMaxKeycodes);
95 for (int32_t i = 0; i < numBytes; ++i) {
96 keyCodes.push_back(fdp->ConsumeIntegral<int32_t>());
97 }
98 mapper.markSupportedKeyCodes(fdp->ConsumeIntegral<uint32_t>(), keyCodes,
99 nullptr);
100 },
101 [&]() -> void { mapper.getMetaState(); },
102 [&]() -> void { mapper.updateMetaState(fdp->ConsumeIntegral<int32_t>()); },
103 [&]() -> void { mapper.getAssociatedDisplayId(); },
104 })();
105 }
106
107 return 0;
108}
109
110} // namespace android