1 /* 2 * Copyright 2019 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <stddef.h> 20 #include <stdint.h> 21 #include "hci/fuzz/status_vs_complete_commands.h" 22 #include "hci/hci_layer.h" 23 #include "hci/hci_packets.h" 24 #include "module.h" 25 #include "os/fuzz/dev_null_queue.h" 26 #include "os/fuzz/fuzz_inject_queue.h" 27 28 #include <fuzzer/FuzzedDataProvider.h> 29 30 namespace bluetooth { 31 namespace hci { 32 namespace fuzz { 33 34 class HciLayerFuzzClient : public Module { 35 public: HciLayerFuzzClient()36 HciLayerFuzzClient() : Module() {} 37 38 void Start() override; 39 void Stop() override; 40 41 void injectArbitrary(FuzzedDataProvider& fdp); 42 ListDependencies(ModuleList * list)43 void ListDependencies(ModuleList* list) override { 44 list->add<hci::HciLayer>(); 45 } 46 47 static const ModuleFactory Factory; 48 ToString()49 std::string ToString() const override { 50 return "DevNullHci"; 51 } 52 53 private: 54 void injectAclData(std::vector<uint8_t> data); 55 void injectHciCommand(std::vector<uint8_t> data); 56 void injectSecurityCommand(std::vector<uint8_t> data); 57 void injectLeSecurityCommand(std::vector<uint8_t> data); 58 void injectAclConnectionCommand(std::vector<uint8_t> data); 59 void injectLeAclConnectionCommand(std::vector<uint8_t> data); 60 void injectLeAdvertisingCommand(std::vector<uint8_t> data); 61 void injectLeScanningCommand(std::vector<uint8_t> data); 62 63 template <typename TVIEW, typename TBUILDER> inject_command(std::vector<uint8_t> data,CommandInterface<TBUILDER> * interface)64 void inject_command(std::vector<uint8_t> data, CommandInterface<TBUILDER>* interface) { 65 TVIEW commandPacket = TVIEW::FromBytes(data); 66 if (!commandPacket.IsValid()) { 67 return; 68 } 69 70 if (uses_command_status(commandPacket.GetOpCode())) { 71 interface->EnqueueCommand(TBUILDER::FromView(commandPacket), 72 GetHandler()->BindOnce([](CommandStatusView status) {})); 73 } else { 74 interface->EnqueueCommand(TBUILDER::FromView(commandPacket), 75 GetHandler()->BindOnce([](CommandCompleteView status) {})); 76 } 77 } 78 79 hci::HciLayer* hci_ = nullptr; 80 os::fuzz::DevNullQueue<AclView>* aclDevNull_; 81 os::fuzz::FuzzInjectQueue<AclBuilder>* aclInject_; 82 83 SecurityInterface* security_interface_; 84 LeSecurityInterface* le_security_interface_; 85 AclConnectionInterface* acl_connection_interface_; 86 LeAclConnectionInterface* le_acl_connection_interface_; 87 LeAdvertisingInterface* le_advertising_interface_; 88 LeScanningInterface* le_scanning_interface_; 89 }; 90 91 } // namespace fuzz 92 } // namespace hci 93 } // namespace bluetooth 94