/* * Copyright 2022 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include #include #include #include #include #include namespace android { constexpr InputDeviceSensorType kInputDeviceSensorType[] = { InputDeviceSensorType::ACCELEROMETER, InputDeviceSensorType::MAGNETIC_FIELD, InputDeviceSensorType::ORIENTATION, InputDeviceSensorType::GYROSCOPE, InputDeviceSensorType::LIGHT, InputDeviceSensorType::PRESSURE, InputDeviceSensorType::TEMPERATURE, InputDeviceSensorType::PROXIMITY, InputDeviceSensorType::GRAVITY, InputDeviceSensorType::LINEAR_ACCELERATION, InputDeviceSensorType::ROTATION_VECTOR, InputDeviceSensorType::RELATIVE_HUMIDITY, InputDeviceSensorType::AMBIENT_TEMPERATURE, InputDeviceSensorType::MAGNETIC_FIELD_UNCALIBRATED, InputDeviceSensorType::GAME_ROTATION_VECTOR, InputDeviceSensorType::GYROSCOPE_UNCALIBRATED, InputDeviceSensorType::SIGNIFICANT_MOTION, }; class FuzzInputReader : public InputReaderInterface { public: FuzzInputReader(std::shared_ptr fuzzEventHub, const sp& fuzzPolicy, InputListenerInterface& fuzzListener) { reader = std::make_unique(fuzzEventHub, fuzzPolicy, fuzzListener); } void dump(std::string& dump) { reader->dump(dump); } void monitor() { reader->monitor(); } status_t start() { return reader->start(); } status_t stop() { return reader->stop(); } std::vector getInputDevices() const { return reader->getInputDevices(); } int32_t getScanCodeState(int32_t deviceId, uint32_t sourceMask, int32_t scanCode) { return reader->getScanCodeState(deviceId, sourceMask, scanCode); } int32_t getKeyCodeState(int32_t deviceId, uint32_t sourceMask, int32_t keyCode) { return reader->getKeyCodeState(deviceId, sourceMask, keyCode); } int32_t getSwitchState(int32_t deviceId, uint32_t sourceMask, int32_t sw) { return reader->getSwitchState(deviceId, sourceMask, sw); } void toggleCapsLockState(int32_t deviceId) { reader->toggleCapsLockState(deviceId); } bool hasKeys(int32_t deviceId, uint32_t sourceMask, const std::vector& keyCodes, uint8_t* outFlags) { return reader->hasKeys(deviceId, sourceMask, keyCodes, outFlags); } void requestRefreshConfiguration(ConfigurationChanges changes) { reader->requestRefreshConfiguration(changes); } void vibrate(int32_t deviceId, const VibrationSequence& sequence, ssize_t repeat, int32_t token) { reader->vibrate(deviceId, sequence, repeat, token); } void cancelVibrate(int32_t deviceId, int32_t token) { reader->cancelVibrate(deviceId, token); } bool isVibrating(int32_t deviceId) { return reader->isVibrating(deviceId); } std::vector getVibratorIds(int32_t deviceId) { return reader->getVibratorIds(deviceId); } std::optional getBatteryCapacity(int32_t deviceId) { return reader->getBatteryCapacity(deviceId); } std::optional getBatteryStatus(int32_t deviceId) { return reader->getBatteryStatus(deviceId); } std::optional getBatteryDevicePath(int32_t deviceId) { return reader->getBatteryDevicePath(deviceId); } std::vector getLights(int32_t deviceId) { return reader->getLights(deviceId); } std::vector getSensors(int32_t deviceId) { return reader->getSensors(deviceId); } bool canDispatchToDisplay(int32_t deviceId, ui::LogicalDisplayId displayId) { return reader->canDispatchToDisplay(deviceId, displayId); } bool enableSensor(int32_t deviceId, InputDeviceSensorType sensorType, std::chrono::microseconds samplingPeriod, std::chrono::microseconds maxBatchReportLatency) { return reader->enableSensor(deviceId, sensorType, samplingPeriod, maxBatchReportLatency); } void disableSensor(int32_t deviceId, InputDeviceSensorType sensorType) { return reader->disableSensor(deviceId, sensorType); } void flushSensor(int32_t deviceId, InputDeviceSensorType sensorType) { return reader->flushSensor(deviceId, sensorType); } bool setLightColor(int32_t deviceId, int32_t lightId, int32_t color) { return reader->setLightColor(deviceId, lightId, color); } bool setLightPlayerId(int32_t deviceId, int32_t lightId, int32_t playerId) { return reader->setLightPlayerId(deviceId, lightId, playerId); } std::optional getLightColor(int32_t deviceId, int32_t lightId) { return reader->getLightColor(deviceId, lightId); } std::optional getLightPlayerId(int32_t deviceId, int32_t lightId) { return reader->getLightPlayerId(deviceId, lightId); } void addKeyRemapping(int32_t deviceId, int32_t fromKeyCode, int32_t toKeyCode) const { reader->addKeyRemapping(deviceId, fromKeyCode, toKeyCode); } int32_t getKeyCodeForKeyLocation(int32_t deviceId, int32_t locationKeyCode) const { return reader->getKeyCodeForKeyLocation(deviceId, locationKeyCode); } std::optional getBluetoothAddress(int32_t deviceId) const { return reader->getBluetoothAddress(deviceId); } void sysfsNodeChanged(const std::string& sysfsNodePath) { reader->sysfsNodeChanged(sysfsNodePath); } DeviceId getLastUsedInputDeviceId() override { return reader->getLastUsedInputDeviceId(); } private: std::unique_ptr reader; }; extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size) { std::shared_ptr fdp = std::make_shared(data, size); FuzzInputListener fuzzListener; sp fuzzPolicy = sp::make(fdp); std::shared_ptr fuzzEventHub = std::make_shared(fdp); std::unique_ptr reader = std::make_unique(fuzzEventHub, fuzzPolicy, fuzzListener); size_t patternCount = fdp->ConsumeIntegralInRange(1, 260); VibrationSequence pattern(patternCount); for (size_t i = 0; i < patternCount; ++i) { VibrationElement element(i); element.addChannel(/*vibratorId=*/fdp->ConsumeIntegral(), /*amplitude=*/fdp->ConsumeIntegral()); pattern.addElement(element); } reader->vibrate(fdp->ConsumeIntegral(), pattern, /*repeat=*/fdp->ConsumeIntegral(), /*token=*/fdp->ConsumeIntegral()); reader->start(); // Loop through mapper operations until randomness is exhausted. while (fdp->remaining_bytes() > 0) { fdp->PickValueInArray>({ [&]() -> void { std::string dump; reader->dump(dump); }, [&]() -> void { reader->monitor(); }, [&]() -> void { reader->getInputDevices(); }, [&]() -> void { reader->getScanCodeState(fdp->ConsumeIntegral(), fdp->ConsumeIntegral(), fdp->ConsumeIntegral()); }, [&]() -> void { reader->getKeyCodeState(fdp->ConsumeIntegral(), fdp->ConsumeIntegral(), fdp->ConsumeIntegral()); }, [&]() -> void { reader->getSwitchState(fdp->ConsumeIntegral(), fdp->ConsumeIntegral(), fdp->ConsumeIntegral()); }, [&]() -> void { reader->toggleCapsLockState(fdp->ConsumeIntegral()); }, [&]() -> void { size_t count = fdp->ConsumeIntegralInRange(1, 1024); std::vector outFlags(count); std::vector keyCodes; for (size_t i = 0; i < count; ++i) { keyCodes.push_back(fdp->ConsumeIntegral()); } reader->hasKeys(fdp->ConsumeIntegral(), fdp->ConsumeIntegral(), keyCodes, outFlags.data()); }, [&]() -> void { reader->requestRefreshConfiguration( InputReaderConfiguration::Change(fdp->ConsumeIntegral())); }, [&]() -> void { reader->cancelVibrate(fdp->ConsumeIntegral(), fdp->ConsumeIntegral()); }, [&]() -> void { reader->canDispatchToDisplay(fdp->ConsumeIntegral(), ui::LogicalDisplayId{ fdp->ConsumeIntegral()}); }, [&]() -> void { reader->getKeyCodeForKeyLocation(fdp->ConsumeIntegral(), fdp->ConsumeIntegral()); }, [&]() -> void { reader->getBatteryCapacity(fdp->ConsumeIntegral()); }, [&]() -> void { reader->getBatteryStatus(fdp->ConsumeIntegral()); }, [&]() -> void { reader->getBatteryDevicePath(fdp->ConsumeIntegral()); }, [&]() -> void { reader->getLights(fdp->ConsumeIntegral()); }, [&]() -> void { reader->getSensors(fdp->ConsumeIntegral()); }, [&]() -> void { reader->getLightPlayerId(fdp->ConsumeIntegral(), fdp->ConsumeIntegral()); }, [&]() -> void { reader->getLightColor(fdp->ConsumeIntegral(), fdp->ConsumeIntegral()); }, [&]() -> void { reader->setLightPlayerId(fdp->ConsumeIntegral(), fdp->ConsumeIntegral(), fdp->ConsumeIntegral()); }, [&]() -> void { reader->setLightColor(fdp->ConsumeIntegral(), fdp->ConsumeIntegral(), fdp->ConsumeIntegral()); }, [&]() -> void { reader->flushSensor(fdp->ConsumeIntegral(), fdp->PickValueInArray( kInputDeviceSensorType)); }, [&]() -> void { reader->disableSensor(fdp->ConsumeIntegral(), fdp->PickValueInArray( kInputDeviceSensorType)); }, [&]() -> void { reader->enableSensor(fdp->ConsumeIntegral(), fdp->PickValueInArray( kInputDeviceSensorType), std::chrono::microseconds(fdp->ConsumeIntegral()), std::chrono::microseconds(fdp->ConsumeIntegral())); }, [&]() -> void { reader->getBluetoothAddress(fdp->ConsumeIntegral()); }, })(); } reader->stop(); return 0; } } // namespace android