You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
107 lines
4.1 KiB
107 lines
4.1 KiB
/*
|
|
* Copyright 2020 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
// Authors: corbin.souffrant@leviathansecurity.com
|
|
// dylan.katz@leviathansecurity.com
|
|
|
|
#pragma once
|
|
|
|
#include <fuzzer/FuzzedDataProvider.h>
|
|
#include <gd/l2cap/classic/internal/dynamic_channel_service_manager_impl.h>
|
|
#include <gd/l2cap/classic/internal/fixed_channel_service_manager_impl.h>
|
|
#include <gd/l2cap/classic/internal/link_manager.h>
|
|
#include <gd/l2cap/internal/parameter_provider.h>
|
|
#include <future>
|
|
#include <memory>
|
|
|
|
#include "hci/fuzz/fuzz_hci_layer.h"
|
|
#include "l2cap/classic/l2cap_classic_module.h"
|
|
#include "os/handler.h"
|
|
|
|
#include "fuzz_l2cap_classic_module.h"
|
|
|
|
namespace bluetooth {
|
|
|
|
namespace shim {
|
|
namespace {
|
|
class ShimL2capFuzz {
|
|
public:
|
|
uint16_t CreateConnection(uint16_t psm, hci::Address device_address) {
|
|
std::promise<uint16_t> promise;
|
|
auto future = promise.get_future();
|
|
|
|
fuzz_l2cap_classic_module_->GetDynamicChannelManager()->ConnectChannel(
|
|
device_address,
|
|
{},
|
|
psm,
|
|
handler_->BindOn(this, &ShimL2capFuzz::OnConnectionComplete),
|
|
handler_->BindOnceOn(this, &ShimL2capFuzz::OnConnectionFail));
|
|
|
|
return future.get();
|
|
}
|
|
|
|
void OnConnectionComplete(std::unique_ptr<l2cap::classic::DynamicChannel> channel) {}
|
|
|
|
void OnConnectionFail(l2cap::classic::DynamicChannelManager::ConnectionResult result) {}
|
|
|
|
ShimL2capFuzz(FuzzedDataProvider* fdp) {
|
|
hci::fuzz::FuzzHciLayer* fuzzHci = fake_registry_.Inject<hci::fuzz::FuzzHciLayer>(&hci::HciLayer::Factory);
|
|
fuzz_l2cap_classic_module_ = new FuzzL2capClassicModule();
|
|
fake_registry_.InjectTestModule(&l2cap::classic::L2capClassicModule::Factory, fuzz_l2cap_classic_module_);
|
|
fake_registry_.Start<l2cap::classic::L2capClassicModule>();
|
|
|
|
// The autoreply is needed to prevent it from hanging.
|
|
fuzzHci->TurnOnAutoReply(fdp);
|
|
acl_manager_ = fake_registry_.Start<hci::AclManager>();
|
|
fuzzHci->TurnOffAutoReply();
|
|
|
|
// Create the LinkManager
|
|
handler_ = std::unique_ptr<os::Handler>(new os::Handler(&thread_));
|
|
dynamic_channel_impl = std::unique_ptr<l2cap::classic::internal::DynamicChannelServiceManagerImpl>(
|
|
new l2cap::classic::internal::DynamicChannelServiceManagerImpl(handler_.get()));
|
|
fixed_channel_impl = std::unique_ptr<l2cap::classic::internal::FixedChannelServiceManagerImpl>(
|
|
new l2cap::classic::internal::FixedChannelServiceManagerImpl(handler_.get()));
|
|
parameter_provider = std::unique_ptr<l2cap::internal::ParameterProvider>(new l2cap::internal::ParameterProvider());
|
|
link_manager = std::unique_ptr<l2cap::classic::internal::LinkManager>(new l2cap::classic::internal::LinkManager(
|
|
handler_.get(), acl_manager_, fixed_channel_impl.get(), dynamic_channel_impl.get(), parameter_provider.get()));
|
|
}
|
|
|
|
~ShimL2capFuzz() {
|
|
handler_->Clear();
|
|
}
|
|
|
|
void stopRegistry() {
|
|
fake_registry_.WaitForIdleAndStopAll();
|
|
}
|
|
|
|
std::promise<void> connection_complete_promise_;
|
|
|
|
FuzzL2capClassicModule* fuzz_l2cap_classic_module_{nullptr};
|
|
hci::AclManager* acl_manager_{nullptr};
|
|
|
|
std::unique_ptr<os::Handler> handler_;
|
|
std::unique_ptr<l2cap::classic::internal::FixedChannelServiceManagerImpl> fixed_channel_impl;
|
|
std::unique_ptr<l2cap::classic::internal::DynamicChannelServiceManagerImpl> dynamic_channel_impl;
|
|
std::unique_ptr<l2cap::classic::internal::LinkManager> link_manager;
|
|
std::unique_ptr<l2cap::internal::ParameterProvider> parameter_provider;
|
|
|
|
private:
|
|
FuzzTestModuleRegistry fake_registry_;
|
|
os::Thread& thread_ = fake_registry_.GetTestThread();
|
|
};
|
|
} // namespace
|
|
} // namespace shim
|
|
} // namespace bluetooth
|