Gitiles
Code Review Sign In
gerrit.omnirom.org / android_frameworks_native / fd1bb0ccd71f94dc55354e80cecee968b69a9414 / . / services / inputflinger / tests / fuzzers / InputReaderDeviceFuzzer.cpp
blob: 919489139aed45ec9e3219c7ffc619822f3fbd15 [file] [log] [blame]
Michael Ensing80c8aff2021-01-12 16:13:20 -0800[diff] [blame]1/*
2 * Copyright 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <InputReader.h>
18#include <MapperHelpers.h>
19#include <fuzzer/FuzzedDataProvider.h>
20#include <chrono>
21#include <thread>
22
23namespace android {
24
25extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size) {
26 std::shared_ptr<FuzzedDataProvider> fdp = std::make_shared<FuzzedDataProvider>(data, size);
27
28 sp<FuzzInputListener> fuzzListener = new FuzzInputListener();
29 sp<FuzzInputReaderPolicy> fuzzPolicy = new FuzzInputReaderPolicy(fdp);
30 std::shared_ptr<FuzzEventHub> fuzzEventHub = std::make_shared<FuzzEventHub>(fdp);
31 std::unique_ptr<InputReader> reader =
32 std::make_unique<InputReader>(fuzzEventHub, fuzzPolicy, fuzzListener);
33
34 fuzzEventHub->addEvents(fdp);
35 reader->start();
36
37 // Loop through mapper operations until randomness is exhausted.
38 while (fdp->remaining_bytes() > 0) {
39 fdp->PickValueInArray<std::function<void()>>({
40 [&]() -> void {
41 std::string dump;
42 reader->dump(dump);
43 },
44 [&]() -> void { reader->monitor(); },
45 [&]() -> void { fuzzEventHub->addEvents(fdp); },
46 [&]() -> void {
47 std::vector<InputDeviceInfo> inputDevices;
48 reader->getInputDevices(inputDevices);
49 },
50 [&]() -> void { reader->isInputDeviceEnabled(fdp->ConsumeIntegral<int32_t>()); },
51 [&]() -> void {
52 reader->getScanCodeState(fdp->ConsumeIntegral<int32_t>(),
53 fdp->ConsumeIntegral<uint32_t>(),
54 fdp->ConsumeIntegral<int32_t>());
55 },
56 [&]() -> void {
57 reader->getKeyCodeState(fdp->ConsumeIntegral<int32_t>(),
58 fdp->ConsumeIntegral<uint32_t>(),
59 fdp->ConsumeIntegral<int32_t>());
60 },
61 [&]() -> void {
62 reader->getSwitchState(fdp->ConsumeIntegral<int32_t>(),
63 fdp->ConsumeIntegral<uint32_t>(),
64 fdp->ConsumeIntegral<int32_t>());
65 },
66 [&]() -> void { reader->toggleCapsLockState(fdp->ConsumeIntegral<int32_t>()); },
67 [&]() -> void {
68 size_t count = fdp->ConsumeIntegralInRange<size_t>(1, 1024);
69 uint8_t* outFlags = new uint8_t[count];
70 reader->hasKeys(fdp->ConsumeIntegral<int32_t>(),
71 fdp->ConsumeIntegral<uint32_t>(), count, nullptr, outFlags);
72 delete[] outFlags;
73 },
74 [&]() -> void {
75 reader->requestRefreshConfiguration(fdp->ConsumeIntegral<uint32_t>());
76 },
77 [&]() -> void {
78 // 260 is slightly higher than the maximum intended size of 256.
79 size_t count = fdp->ConsumeIntegralInRange<size_t>(0, 260);
80 nsecs_t pattern[count];
81
82 for (size_t i = 0; i < count; i++) pattern[i] = fdp->ConsumeIntegral<nsecs_t>();
83
84 reader->vibrate(fdp->ConsumeIntegral<int32_t>(), pattern, count,
85 fdp->ConsumeIntegral<ssize_t>(),
86 fdp->ConsumeIntegral<int32_t>());
87 },
88 [&]() -> void {
89 reader->cancelVibrate(fdp->ConsumeIntegral<int32_t>(),
90 fdp->ConsumeIntegral<int32_t>());
91 },
92 [&]() -> void {
93 reader->canDispatchToDisplay(fdp->ConsumeIntegral<int32_t>(),
94 fdp->ConsumeIntegral<int32_t>());
95 },
96 })();
97 }
98
99 reader->stop();
100 return 0;
101}
102
103} // namespace android