1 /* 2 * Copyright 2019 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <fuzzer/FuzzedDataProvider.h> 20 #include <stddef.h> 21 #include <stdint.h> 22 23 #include <vector> 24 25 #include "hci/fuzz/status_vs_complete_commands.h" 26 #include "hci/hci_layer.h" 27 #include "hci/hci_packets.h" 28 #include "module.h" 29 #include "os/fuzz/dev_null_queue.h" 30 #include "os/fuzz/fuzz_inject_queue.h" 31 32 namespace bluetooth { 33 namespace hci { 34 namespace fuzz { 35 36 class HciLayerFuzzClient : public Module { 37 public: HciLayerFuzzClient()38 HciLayerFuzzClient() : Module() {} 39 40 void Start() override; 41 void Stop() override; 42 43 void injectArbitrary(FuzzedDataProvider& fdp); 44 ListDependencies(ModuleList * list)45 void ListDependencies(ModuleList* list) const override { list->add<hci::HciLayer>(); } 46 47 static const ModuleFactory Factory; 48 ToString()49 std::string ToString() const override { return "DevNullHci"; } 50 51 private: 52 void injectAclData(std::vector<uint8_t> data); 53 void injectHciCommand(std::vector<uint8_t> data); 54 void injectSecurityCommand(std::vector<uint8_t> data); 55 void injectLeSecurityCommand(std::vector<uint8_t> data); 56 void injectAclConnectionCommand(std::vector<uint8_t> data); 57 void injectLeAclConnectionCommand(std::vector<uint8_t> data); 58 void injectLeAdvertisingCommand(std::vector<uint8_t> data); 59 void injectLeScanningCommand(std::vector<uint8_t> data); 60 61 template <typename TVIEW, typename TBUILDER> inject_command(std::vector<uint8_t> data,CommandInterface<TBUILDER> * interface)62 void inject_command(std::vector<uint8_t> data, CommandInterface<TBUILDER>* interface) { 63 TVIEW commandPacket = TVIEW::FromBytes(data); 64 if (!commandPacket.IsValid()) { 65 return; 66 } 67 68 if (uses_command_status_or_complete(commandPacket.GetOpCode())) { 69 interface->EnqueueCommand( 70 TBUILDER::FromView(commandPacket), 71 GetHandler()->BindOnce([](CommandStatusOrCompleteView /* status */) {})); 72 } else if (uses_command_status(commandPacket.GetOpCode())) { 73 interface->EnqueueCommand(TBUILDER::FromView(commandPacket), 74 GetHandler()->BindOnce([](CommandStatusView /* status */) {})); 75 } else { 76 interface->EnqueueCommand(TBUILDER::FromView(commandPacket), 77 GetHandler()->BindOnce([](CommandCompleteView /* status */) {})); 78 } 79 } 80 81 hci::HciLayer* hci_ = nullptr; 82 os::fuzz::DevNullQueue<AclView>* aclDevNull_; 83 os::fuzz::FuzzInjectQueue<AclBuilder>* aclInject_; 84 85 SecurityInterface* security_interface_; 86 LeSecurityInterface* le_security_interface_; 87 AclConnectionInterface* acl_connection_interface_; 88 LeAclConnectionInterface* le_acl_connection_interface_; 89 LeAdvertisingInterface* le_advertising_interface_; 90 LeScanningInterface* le_scanning_interface_; 91 DistanceMeasurementInterface* distance_measurement_interface_; 92 }; 93 94 } // namespace fuzz 95 } // namespace hci 96 } // namespace bluetooth 97