Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9741e65e authored by Harry Cutts's avatar Harry Cutts Committed by Android (Google) Code Review
Browse files

Merge changes If933e1ce,Ic22ac0f2 into main 

* changes:
  inputflinger fuzzers: remove FuzzContainer.getPolicyConfig
  inputflinger: Add touchpad stack fuzzer
parents c37d8cff e36d8359

services/inputflinger/Android.bp

+1 −0
Original line number Diff line number Diff line
@@ -243,6 +243,7 @@ phony { 
        "inputflinger_keyboard_input_fuzzer",

        "inputflinger_multitouch_input_fuzzer",

        "inputflinger_switch_input_fuzzer",

        "inputflinger_touchpad_input_fuzzer",

        "inputflinger_input_reader_fuzzer",

        "inputflinger_blocking_queue_fuzzer",

        "inputflinger_input_classifier_fuzzer",

services/inputflinger/tests/fuzzers/Android.bp

+16 −0
Original line number Diff line number Diff line
@@ -99,6 +99,22 @@ cc_fuzz { 
    ],

}



cc_fuzz {

    name: "inputflinger_touchpad_input_fuzzer",

    defaults: [

        "inputflinger_fuzz_defaults",

    ],

    srcs: [

        "TouchpadInputFuzzer.cpp",

    ],

    static_libs: [

        "libchrome-gestures",

    ],

    header_libs: [

        "libchrome-gestures_headers",

    ],

}



cc_fuzz {

    name: "inputflinger_input_reader_fuzzer",

    defaults: [

services/inputflinger/tests/fuzzers/CursorInputFuzzer.cpp

+2 −1
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ 


#include <CursorInputMapper.h>

#include <FuzzContainer.h>

#include <InputReaderBase.h>

#include <MapperHelpers.h>



namespace android {
@@ -39,7 +40,7 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size) { 
            std::make_shared<ThreadSafeFuzzedDataProvider>(data, size);

    FuzzContainer fuzzer(fdp);



    auto policyConfig = fuzzer.getPolicyConfig();

    InputReaderConfiguration policyConfig;

    CursorInputMapper& mapper = fuzzer.getMapper<CursorInputMapper>(policyConfig);



    // Loop through mapper operations until randomness is exhausted.

services/inputflinger/tests/fuzzers/FuzzContainer.h

+6 −7
Original line number Diff line number Diff line
@@ -25,11 +25,9 @@ namespace android { 


class FuzzContainer {

    std::shared_ptr<FuzzEventHub> mFuzzEventHub;

    sp<FuzzInputReaderPolicy> mFuzzPolicy;

    FuzzInputListener mFuzzListener;

    std::unique_ptr<FuzzInputReaderContext> mFuzzContext;

    std::unique_ptr<InputDevice> mFuzzDevice;

    InputReaderConfiguration mPolicyConfig;

    std::shared_ptr<ThreadSafeFuzzedDataProvider> mFdp;



public:
@@ -42,8 +40,8 @@ public: 


        // Create mocked objects.

        mFuzzEventHub = std::make_shared<FuzzEventHub>(mFdp);

        mFuzzPolicy = sp<FuzzInputReaderPolicy>::make(mFdp);

        mFuzzContext = std::make_unique<FuzzInputReaderContext>(mFuzzEventHub, mFuzzPolicy,

        sp<FuzzInputReaderPolicy> policy = sp<FuzzInputReaderPolicy>::make(mFdp);

        mFuzzContext = std::make_unique<FuzzInputReaderContext>(mFuzzEventHub, policy,

                                                                mFuzzListener, mFdp);



        InputDeviceIdentifier identifier;
@@ -51,7 +49,6 @@ public: 
        identifier.location = deviceLocation;

        mFuzzDevice = std::make_unique<InputDevice>(mFuzzContext.get(), deviceID, deviceGeneration,

                                                    identifier);

        mFuzzPolicy->getReaderConfiguration(&mPolicyConfig);

    }



    ~FuzzContainer() {}
@@ -59,7 +56,7 @@ public: 
    void configureDevice() {

        nsecs_t arbitraryTime = mFdp->ConsumeIntegral<nsecs_t>();

        std::list<NotifyArgs> out;

        out += mFuzzDevice->configure(arbitraryTime, mPolicyConfig, /*changes=*/{});

        out += mFuzzDevice->configure(arbitraryTime, /*readerConfig=*/{}, /*changes=*/{});

        out += mFuzzDevice->reset(arbitraryTime);

        for (const NotifyArgs& args : out) {

            mFuzzListener.notify(args);
@@ -71,7 +68,9 @@ public: 
        configureDevice();

    }



    InputReaderConfiguration& getPolicyConfig() { return mPolicyConfig; }

    void setAbsoluteAxisInfo(int axis, const RawAbsoluteAxisInfo& axisInfo) {

        mFuzzEventHub->setAbsoluteAxisInfo(mFuzzDevice->getId(), axis, axisInfo);

    }



    template <class T, typename... Args>

    T& getMapper(Args... args) {

services/inputflinger/tests/fuzzers/KeyboardInputFuzzer.cpp

+4 −3
Original line number Diff line number Diff line
@@ -15,6 +15,7 @@ 
 */



#include <FuzzContainer.h>

#include <InputReaderBase.h>

#include <KeyboardInputMapper.h>

#include <MapperHelpers.h>
@@ -45,9 +46,9 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size) { 
            std::make_shared<ThreadSafeFuzzedDataProvider>(data, size);

    FuzzContainer fuzzer(fdp);



    auto policyConfig = fuzzer.getPolicyConfig();

    KeyboardInputMapper& mapper =

            fuzzer.getMapper<KeyboardInputMapper>(policyConfig, fdp->ConsumeIntegral<uint32_t>(),

            fuzzer.getMapper<KeyboardInputMapper>(InputReaderConfiguration{},

                                                  fdp->ConsumeIntegral<uint32_t>(),

                                                  fdp->ConsumeIntegral<int32_t>());



    // Loop through mapper operations until randomness is exhausted.
@@ -65,7 +66,7 @@ extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size) { 
                [&]() -> void { mapper.getSources(); },

                [&]() -> void {

                    std::list<NotifyArgs> unused =

                            mapper.reconfigure(fdp->ConsumeIntegral<nsecs_t>(), policyConfig,

                            mapper.reconfigure(fdp->ConsumeIntegral<nsecs_t>(), /*readerConfig=*/{},

                                               InputReaderConfiguration::Change(

                                                       fdp->ConsumeIntegral<uint32_t>()));

                },