rk3588-game
/
android13
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
android13/packages/modules/Bluetooth/system/gd/l2cap/fuzz/shim_l2cap.h

107 lines
4.1 KiB
C++
Executable File
Raw Blame History

/*
* Copyright 2020 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// Authors: corbin.souffrant@leviathansecurity.com
// dylan.katz@leviathansecurity.com
#pragma once
#include <fuzzer/FuzzedDataProvider.h>
#include <gd/l2cap/classic/internal/dynamic_channel_service_manager_impl.h>
#include <gd/l2cap/classic/internal/fixed_channel_service_manager_impl.h>
#include <gd/l2cap/classic/internal/link_manager.h>
#include <gd/l2cap/internal/parameter_provider.h>
#include <future>
#include <memory>
#include "hci/fuzz/fuzz_hci_layer.h"
#include "l2cap/classic/l2cap_classic_module.h"
#include "os/handler.h"
#include "fuzz_l2cap_classic_module.h"
namespace bluetooth {
namespace shim {
namespace {
class ShimL2capFuzz {
public:
uint16_t CreateConnection(uint16_t psm, hci::Address device_address) {
std::promise<uint16_t> promise;
auto future = promise.get_future();
fuzz_l2cap_classic_module_->GetDynamicChannelManager()->ConnectChannel(
device_address,
{},
psm,
handler_->BindOn(this, &ShimL2capFuzz::OnConnectionComplete),
handler_->BindOnceOn(this, &ShimL2capFuzz::OnConnectionFail));
return future.get();
}
void OnConnectionComplete(std::unique_ptr<l2cap::classic::DynamicChannel> channel) {}
void OnConnectionFail(l2cap::classic::DynamicChannelManager::ConnectionResult result) {}
ShimL2capFuzz(FuzzedDataProvider* fdp) {
hci::fuzz::FuzzHciLayer* fuzzHci = fake_registry_.Inject<hci::fuzz::FuzzHciLayer>(&hci::HciLayer::Factory);
fuzz_l2cap_classic_module_ = new FuzzL2capClassicModule();
fake_registry_.InjectTestModule(&l2cap::classic::L2capClassicModule::Factory, fuzz_l2cap_classic_module_);
fake_registry_.Start<l2cap::classic::L2capClassicModule>();
// The autoreply is needed to prevent it from hanging.
fuzzHci->TurnOnAutoReply(fdp);
acl_manager_ = fake_registry_.Start<hci::AclManager>();
fuzzHci->TurnOffAutoReply();
// Create the LinkManager
handler_ = std::unique_ptr<os::Handler>(new os::Handler(&thread_));
dynamic_channel_impl = std::unique_ptr<l2cap::classic::internal::DynamicChannelServiceManagerImpl>(
new l2cap::classic::internal::DynamicChannelServiceManagerImpl(handler_.get()));
fixed_channel_impl = std::unique_ptr<l2cap::classic::internal::FixedChannelServiceManagerImpl>(
new l2cap::classic::internal::FixedChannelServiceManagerImpl(handler_.get()));
parameter_provider = std::unique_ptr<l2cap::internal::ParameterProvider>(new l2cap::internal::ParameterProvider());
link_manager = std::unique_ptr<l2cap::classic::internal::LinkManager>(new l2cap::classic::internal::LinkManager(
handler_.get(), acl_manager_, fixed_channel_impl.get(), dynamic_channel_impl.get(), parameter_provider.get()));
}
~ShimL2capFuzz() {
handler_->Clear();
}
void stopRegistry() {
fake_registry_.WaitForIdleAndStopAll();
}
std::promise<void> connection_complete_promise_;
FuzzL2capClassicModule* fuzz_l2cap_classic_module_{nullptr};
hci::AclManager* acl_manager_{nullptr};
std::unique_ptr<os::Handler> handler_;
std::unique_ptr<l2cap::classic::internal::FixedChannelServiceManagerImpl> fixed_channel_impl;
std::unique_ptr<l2cap::classic::internal::DynamicChannelServiceManagerImpl> dynamic_channel_impl;
std::unique_ptr<l2cap::classic::internal::LinkManager> link_manager;
std::unique_ptr<l2cap::internal::ParameterProvider> parameter_provider;
private:
FuzzTestModuleRegistry fake_registry_;
os::Thread& thread_ = fake_registry_.GetTestThread();
};
} // namespace
} // namespace shim
} // namespace bluetooth
Reference in New Issue View Git Blame Copy Permalink