1 /*
2  * Copyright 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 // Authors: corbin.souffrant@leviathansecurity.com
17 //          dylan.katz@leviathansecurity.com
18 
19 #pragma once
20 
21 #include <fuzzer/FuzzedDataProvider.h>
22 #include <gd/l2cap/classic/internal/dynamic_channel_service_manager_impl.h>
23 #include <gd/l2cap/classic/internal/fixed_channel_service_manager_impl.h>
24 #include <gd/l2cap/classic/internal/link_manager.h>
25 #include <gd/l2cap/internal/parameter_provider.h>
26 #include <future>
27 #include <memory>
28 
29 #include "hci/fuzz/fuzz_hci_layer.h"
30 #include "l2cap/classic/l2cap_classic_module.h"
31 #include "os/handler.h"
32 
33 #include "fuzz_l2cap_classic_module.h"
34 
35 namespace bluetooth {
36 
37 namespace shim {
38 namespace {
39 class ShimL2capFuzz {
40  public:
CreateConnection(uint16_t psm,hci::Address device_address)41   uint16_t CreateConnection(uint16_t psm, hci::Address device_address) {
42     std::promise<uint16_t> promise;
43     auto future = promise.get_future();
44 
45     fuzz_l2cap_classic_module_->GetDynamicChannelManager()->ConnectChannel(
46         device_address,
47         {},
48         psm,
49         handler_->BindOn(this, &ShimL2capFuzz::OnConnectionComplete),
50         handler_->BindOnceOn(this, &ShimL2capFuzz::OnConnectionFail));
51 
52     return future.get();
53   }
54 
OnConnectionComplete(std::unique_ptr<l2cap::classic::DynamicChannel> channel)55   void OnConnectionComplete(std::unique_ptr<l2cap::classic::DynamicChannel> channel) {}
56 
OnConnectionFail(l2cap::classic::DynamicChannelManager::ConnectionResult result)57   void OnConnectionFail(l2cap::classic::DynamicChannelManager::ConnectionResult result) {}
58 
ShimL2capFuzz(FuzzedDataProvider * fdp)59   ShimL2capFuzz(FuzzedDataProvider* fdp) {
60     hci::fuzz::FuzzHciLayer* fuzzHci = fake_registry_.Inject<hci::fuzz::FuzzHciLayer>(&hci::HciLayer::Factory);
61     fuzz_l2cap_classic_module_ = new FuzzL2capClassicModule();
62     fake_registry_.InjectTestModule(&l2cap::classic::L2capClassicModule::Factory, fuzz_l2cap_classic_module_);
63     fake_registry_.Start<l2cap::classic::L2capClassicModule>();
64 
65     // The autoreply is needed to prevent it from hanging.
66     fuzzHci->TurnOnAutoReply(fdp);
67     acl_manager_ = fake_registry_.Start<hci::AclManager>();
68     fuzzHci->TurnOffAutoReply();
69 
70     // Create the LinkManager
71     handler_ = std::unique_ptr<os::Handler>(new os::Handler(&thread_));
72     dynamic_channel_impl = std::unique_ptr<l2cap::classic::internal::DynamicChannelServiceManagerImpl>(
73         new l2cap::classic::internal::DynamicChannelServiceManagerImpl(handler_.get()));
74     fixed_channel_impl = std::unique_ptr<l2cap::classic::internal::FixedChannelServiceManagerImpl>(
75         new l2cap::classic::internal::FixedChannelServiceManagerImpl(handler_.get()));
76     parameter_provider = std::unique_ptr<l2cap::internal::ParameterProvider>(new l2cap::internal::ParameterProvider());
77     link_manager = std::unique_ptr<l2cap::classic::internal::LinkManager>(new l2cap::classic::internal::LinkManager(
78         handler_.get(), acl_manager_, fixed_channel_impl.get(), dynamic_channel_impl.get(), parameter_provider.get()));
79   }
80 
~ShimL2capFuzz()81   ~ShimL2capFuzz() {
82     handler_->Clear();
83   }
84 
stopRegistry()85   void stopRegistry() {
86     fake_registry_.WaitForIdleAndStopAll();
87   }
88 
89   std::promise<void> connection_complete_promise_;
90 
91   FuzzL2capClassicModule* fuzz_l2cap_classic_module_{nullptr};
92   hci::AclManager* acl_manager_{nullptr};
93 
94   std::unique_ptr<os::Handler> handler_;
95   std::unique_ptr<l2cap::classic::internal::FixedChannelServiceManagerImpl> fixed_channel_impl;
96   std::unique_ptr<l2cap::classic::internal::DynamicChannelServiceManagerImpl> dynamic_channel_impl;
97   std::unique_ptr<l2cap::classic::internal::LinkManager> link_manager;
98   std::unique_ptr<l2cap::internal::ParameterProvider> parameter_provider;
99 
100  private:
101   FuzzTestModuleRegistry fake_registry_;
102   os::Thread& thread_ = fake_registry_.GetTestThread();
103 };
104 }  // namespace
105 }  // namespace shim
106 }  // namespace bluetooth
107