Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / e287ecd5ff7aa2212e9ab28e3176bea5f4aab5b9 / . / services / inputflinger / tests / fuzzers / InputReaderFuzzer.cpp
blob: f5bd29763e1a394331621f7d5003323b8bb4b6ee [file] [log] [blame]
Michael Ensing0f0ca6e2021-01-12 16:13:20 -0800[diff] [blame]1/*
2 * Copyright 2022 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <InputReader.h>
18#include <MapperHelpers.h>
19#include <fuzzer/FuzzedDataProvider.h>
20#include <input/InputDevice.h>
21#include <chrono>
22#include <thread>
23
24namespace android {
25
26constexpr InputDeviceSensorType kInputDeviceSensorType[] = {
27 InputDeviceSensorType::ACCELEROMETER,
28 InputDeviceSensorType::MAGNETIC_FIELD,
29 InputDeviceSensorType::ORIENTATION,
30 InputDeviceSensorType::GYROSCOPE,
31 InputDeviceSensorType::LIGHT,
32 InputDeviceSensorType::PRESSURE,
33 InputDeviceSensorType::TEMPERATURE,
34 InputDeviceSensorType::PROXIMITY,
35 InputDeviceSensorType::GRAVITY,
36 InputDeviceSensorType::LINEAR_ACCELERATION,
37 InputDeviceSensorType::ROTATION_VECTOR,
38 InputDeviceSensorType::RELATIVE_HUMIDITY,
39 InputDeviceSensorType::AMBIENT_TEMPERATURE,
40 InputDeviceSensorType::MAGNETIC_FIELD_UNCALIBRATED,
41 InputDeviceSensorType::GAME_ROTATION_VECTOR,
42 InputDeviceSensorType::GYROSCOPE_UNCALIBRATED,
43 InputDeviceSensorType::SIGNIFICANT_MOTION,
44};
45
46class FuzzInputReader : public InputReaderInterface {
47public:
48 FuzzInputReader(std::shared_ptr<EventHubInterface> fuzzEventHub,
49 const sp<InputReaderPolicyInterface>& fuzzPolicy,
50 InputListenerInterface& fuzzListener) {
51 reader = std::make_unique<InputReader>(fuzzEventHub, fuzzPolicy, fuzzListener);
52 }
53
54 void dump(std::string& dump) { reader->dump(dump); }
55
56 void monitor() { reader->monitor(); }
57
58 bool isInputDeviceEnabled(int32_t deviceId) { return reader->isInputDeviceEnabled(deviceId); }
59
60 status_t start() { return reader->start(); }
61
62 status_t stop() { return reader->stop(); }
63
64 std::vector<InputDeviceInfo> getInputDevices() const { return reader->getInputDevices(); }
65
66 int32_t getScanCodeState(int32_t deviceId, uint32_t sourceMask, int32_t scanCode) {
67 return reader->getScanCodeState(deviceId, sourceMask, scanCode);
68 }
69
70 int32_t getKeyCodeState(int32_t deviceId, uint32_t sourceMask, int32_t keyCode) {
71 return reader->getKeyCodeState(deviceId, sourceMask, keyCode);
72 }
73
74 int32_t getSwitchState(int32_t deviceId, uint32_t sourceMask, int32_t sw) {
75 return reader->getSwitchState(deviceId, sourceMask, sw);
76 }
77
78 void toggleCapsLockState(int32_t deviceId) { reader->toggleCapsLockState(deviceId); }
79
80 bool hasKeys(int32_t deviceId, uint32_t sourceMask, const std::vector<int32_t>& keyCodes,
81 uint8_t* outFlags) {
82 return reader->hasKeys(deviceId, sourceMask, keyCodes, outFlags);
83 }
84
85 void requestRefreshConfiguration(uint32_t changes) {
86 reader->requestRefreshConfiguration(changes);
87 }
88
89 void vibrate(int32_t deviceId, const VibrationSequence& sequence, ssize_t repeat,
90 int32_t token) {
91 reader->vibrate(deviceId, sequence, repeat, token);
92 }
93
94 void cancelVibrate(int32_t deviceId, int32_t token) { reader->cancelVibrate(deviceId, token); }
95
96 bool isVibrating(int32_t deviceId) { return reader->isVibrating(deviceId); }
97
98 std::vector<int32_t> getVibratorIds(int32_t deviceId) {
99 return reader->getVibratorIds(deviceId);
100 }
101
102 std::optional<int32_t> getBatteryCapacity(int32_t deviceId) {
103 return reader->getBatteryCapacity(deviceId);
104 }
105
106 std::optional<int32_t> getBatteryStatus(int32_t deviceId) {
107 return reader->getBatteryStatus(deviceId);
108 }
109
Prabir Pradhane287ecd2022-09-07 21:18:05 +0000[diff] [blame^]110 std::optional<std::string> getBatteryDevicePath(int32_t deviceId) {
111 return reader->getBatteryDevicePath(deviceId);
112 }
113
Michael Ensing0f0ca6e2021-01-12 16:13:20 -0800[diff] [blame]114 std::vector<InputDeviceLightInfo> getLights(int32_t deviceId) {
115 return reader->getLights(deviceId);
116 }
117
118 std::vector<InputDeviceSensorInfo> getSensors(int32_t deviceId) {
119 return reader->getSensors(deviceId);
120 }
121
122 bool canDispatchToDisplay(int32_t deviceId, int32_t displayId) {
123 return reader->canDispatchToDisplay(deviceId, displayId);
124 }
125
126 bool enableSensor(int32_t deviceId, InputDeviceSensorType sensorType,
127 std::chrono::microseconds samplingPeriod,
128 std::chrono::microseconds maxBatchReportLatency) {
129 return reader->enableSensor(deviceId, sensorType, samplingPeriod, maxBatchReportLatency);
130 }
131
132 void disableSensor(int32_t deviceId, InputDeviceSensorType sensorType) {
133 return reader->disableSensor(deviceId, sensorType);
134 }
135
136 void flushSensor(int32_t deviceId, InputDeviceSensorType sensorType) {
137 return reader->flushSensor(deviceId, sensorType);
138 }
139
140 bool setLightColor(int32_t deviceId, int32_t lightId, int32_t color) {
141 return reader->setLightColor(deviceId, lightId, color);
142 }
143
144 bool setLightPlayerId(int32_t deviceId, int32_t lightId, int32_t playerId) {
145 return reader->setLightPlayerId(deviceId, lightId, playerId);
146 }
147
148 std::optional<int32_t> getLightColor(int32_t deviceId, int32_t lightId) {
149 return reader->getLightColor(deviceId, lightId);
150 }
151
152 std::optional<int32_t> getLightPlayerId(int32_t deviceId, int32_t lightId) {
153 return reader->getLightPlayerId(deviceId, lightId);
154 }
155
156 int32_t getKeyCodeForKeyLocation(int32_t deviceId, int32_t locationKeyCode) const {
157 return reader->getKeyCodeForKeyLocation(deviceId, locationKeyCode);
158 }
159
160private:
161 std::unique_ptr<InputReaderInterface> reader;
162};
163
164extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size) {
165 std::shared_ptr<FuzzedDataProvider> fdp = std::make_shared<FuzzedDataProvider>(data, size);
166
167 FuzzInputListener fuzzListener;
168 sp<FuzzInputReaderPolicy> fuzzPolicy = sp<FuzzInputReaderPolicy>::make(fdp);
169 std::shared_ptr<FuzzEventHub> fuzzEventHub = std::make_shared<FuzzEventHub>(fdp);
170 std::unique_ptr<FuzzInputReader> reader =
171 std::make_unique<FuzzInputReader>(fuzzEventHub, fuzzPolicy, fuzzListener);
172 fuzzEventHub->addEvents(fdp);
173 size_t patternCount = fdp->ConsumeIntegralInRange<size_t>(1, 260);
174 VibrationSequence pattern(patternCount);
175 for (size_t i = 0; i < patternCount; ++i) {
176 VibrationElement element(i);
177 element.addChannel(fdp->ConsumeIntegral<int32_t>() /* vibratorId */,
178 fdp->ConsumeIntegral<uint8_t>() /* amplitude */);
179 pattern.addElement(element);
180 }
181 reader->vibrate(fdp->ConsumeIntegral<int32_t>(), pattern,
182 fdp->ConsumeIntegral<ssize_t>() /*repeat*/,
183 fdp->ConsumeIntegral<int32_t>() /*token*/);
184 reader->start();
185
186 // Loop through mapper operations until randomness is exhausted.
187 while (fdp->remaining_bytes() > 0) {
188 fdp->PickValueInArray<std::function<void()>>({
189 [&]() -> void {
190 std::string dump;
191 reader->dump(dump);
192 },
193 [&]() -> void { reader->monitor(); },
194 [&]() -> void { reader->getInputDevices(); },
195 [&]() -> void { reader->isInputDeviceEnabled(fdp->ConsumeIntegral<int32_t>()); },
196 [&]() -> void {
197 reader->getScanCodeState(fdp->ConsumeIntegral<int32_t>(),
198 fdp->ConsumeIntegral<uint32_t>(),
199 fdp->ConsumeIntegral<int32_t>());
200 },
201 [&]() -> void {
202 reader->getKeyCodeState(fdp->ConsumeIntegral<int32_t>(),
203 fdp->ConsumeIntegral<uint32_t>(),
204 fdp->ConsumeIntegral<int32_t>());
205 },
206 [&]() -> void {
207 reader->getSwitchState(fdp->ConsumeIntegral<int32_t>(),
208 fdp->ConsumeIntegral<uint32_t>(),
209 fdp->ConsumeIntegral<int32_t>());
210 },
211 [&]() -> void { reader->toggleCapsLockState(fdp->ConsumeIntegral<int32_t>()); },
212 [&]() -> void {
213 size_t count = fdp->ConsumeIntegralInRange<size_t>(1, 1024);
214 std::vector<uint8_t> outFlags(count);
215 std::vector<int32_t> keyCodes;
216 for (size_t i = 0; i < count; ++i) {
217 keyCodes.push_back(fdp->ConsumeIntegral<int32_t>());
218 }
219 reader->hasKeys(fdp->ConsumeIntegral<int32_t>(),
220 fdp->ConsumeIntegral<uint32_t>(), keyCodes, outFlags.data());
221 },
222 [&]() -> void {
223 reader->requestRefreshConfiguration(fdp->ConsumeIntegral<uint32_t>());
224 },
225 [&]() -> void {
226 reader->cancelVibrate(fdp->ConsumeIntegral<int32_t>(),
227 fdp->ConsumeIntegral<int32_t>());
228 },
229 [&]() -> void {
230 reader->canDispatchToDisplay(fdp->ConsumeIntegral<int32_t>(),
231 fdp->ConsumeIntegral<int32_t>());
232 },
233 [&]() -> void {
234 reader->getKeyCodeForKeyLocation(fdp->ConsumeIntegral<int32_t>(),
235 fdp->ConsumeIntegral<int32_t>());
236 },
237 [&]() -> void { reader->getBatteryCapacity(fdp->ConsumeIntegral<int32_t>()); },
238 [&]() -> void { reader->getBatteryStatus(fdp->ConsumeIntegral<int32_t>()); },
Prabir Pradhane287ecd2022-09-07 21:18:05 +0000[diff] [blame^]239 [&]() -> void { reader->getBatteryDevicePath(fdp->ConsumeIntegral<int32_t>()); },
Michael Ensing0f0ca6e2021-01-12 16:13:20 -0800[diff] [blame]240 [&]() -> void { reader->getLights(fdp->ConsumeIntegral<int32_t>()); },
241 [&]() -> void { reader->getSensors(fdp->ConsumeIntegral<int32_t>()); },
242 [&]() -> void {
243 reader->getLightPlayerId(fdp->ConsumeIntegral<int32_t>(),
244 fdp->ConsumeIntegral<int32_t>());
245 },
246 [&]() -> void {
247 reader->getLightColor(fdp->ConsumeIntegral<int32_t>(),
248 fdp->ConsumeIntegral<int32_t>());
249 },
250 [&]() -> void {
251 reader->setLightPlayerId(fdp->ConsumeIntegral<int32_t>(),
252 fdp->ConsumeIntegral<int32_t>(),
253 fdp->ConsumeIntegral<int32_t>());
254 },
255 [&]() -> void {
256 reader->setLightColor(fdp->ConsumeIntegral<int32_t>(),
257 fdp->ConsumeIntegral<int32_t>(),
258 fdp->ConsumeIntegral<int32_t>());
259 },
260 [&]() -> void {
261 reader->flushSensor(fdp->ConsumeIntegral<int32_t>(),
262 fdp->PickValueInArray<InputDeviceSensorType>(
263 kInputDeviceSensorType));
264 },
265 [&]() -> void {
266 reader->disableSensor(fdp->ConsumeIntegral<int32_t>(),
267 fdp->PickValueInArray<InputDeviceSensorType>(
268 kInputDeviceSensorType));
269 },
270 [&]() -> void {
271 reader->enableSensor(fdp->ConsumeIntegral<int32_t>(),
272 fdp->PickValueInArray<InputDeviceSensorType>(
273 kInputDeviceSensorType),
274 std::chrono::microseconds(fdp->ConsumeIntegral<size_t>()),
275 std::chrono::microseconds(fdp->ConsumeIntegral<size_t>()));
276 },
277 })();
278 }
279
280 reader->stop();
281 return 0;
282}
283
284} // namespace android