Merge "Refactored automotiveCanV1.0_fuzzer" into main

namespace android::hardware::automotive::can::V1_0::implementation::fuzzer {

namespace android::hardware::automotive::can::V1_0::implementation::fuzzer {

constexpr CanController::InterfaceType kInterfaceType[] = {CanController::InterfaceType::VIRTUAL,

constexpr CanController::InterfaceType kInterfaceType[] = {

                                                           CanController::InterfaceType::SOCKETCAN,

        CanController::InterfaceType::VIRTUAL, CanController::InterfaceType::SOCKETCAN,

                                                           CanController::InterfaceType::SLCAN};

        CanController::InterfaceType::SLCAN, CanController::InterfaceType::INDEXED};

constexpr FilterFlag kFilterFlag[] = {FilterFlag::DONT_CARE, FilterFlag::SET, FilterFlag::NOT_SET};

constexpr FilterFlag kFilterFlag[] = {FilterFlag::DONT_CARE, FilterFlag::SET, FilterFlag::NOT_SET};

constexpr size_t kInterfaceTypeLength = std::size(kInterfaceType);

constexpr size_t kInterfaceTypeLength = std::size(kInterfaceType);

constexpr size_t kFilterFlagLength = std::size(kFilterFlag);

constexpr size_t kFilterFlagLength = std::size(kFilterFlag);

constexpr size_t kMaxPayloadBytes = 64;

constexpr size_t kMaxPayloadBytes = 64;

constexpr size_t kMaxFilters = 20;

constexpr size_t kMaxFilters = 20;

constexpr size_t kMaxSerialNumber = 1000;

constexpr size_t kMaxSerialNumber = 1000;

constexpr size_t kMaxBuses = 10;

constexpr size_t kMaxBuses = 100;

constexpr size_t kMaxRepeat = 5;

constexpr size_t kMaxRepeat = 100;

Bus CanFuzzer::makeBus() {

Bus CanFuzzer::makeBus() {

    ICanController::BusConfig config = {};

    ICanController::BusConfig config = {};

}

}

void CanFuzzer::invokeUpInterface() {

void CanFuzzer::invokeUpInterface() {

    const CanController::InterfaceType iftype =

    CanController::InterfaceType controller;

            kInterfaceType[mFuzzedDataProvider->ConsumeIntegralInRange<size_t>(

    if (mFuzzedDataProvider->ConsumeBool()) {

        controller = (CanController::InterfaceType)mFuzzedDataProvider->ConsumeIntegral<uint8_t>();

    } else {

        controller = kInterfaceType[mFuzzedDataProvider->ConsumeIntegralInRange<size_t>(

                0, kInterfaceTypeLength - 1)];

                0, kInterfaceTypeLength - 1)];

    }

    std::string configName;

    std::string configName;

    if (const bool shouldInvokeValidBus = mFuzzedDataProvider->ConsumeBool();

    if (const bool shouldInvokeValidBus = mFuzzedDataProvider->ConsumeBool();

    ICanController::BusConfig config = {.name = configName};

    ICanController::BusConfig config = {.name = configName};

    if (iftype == CanController::InterfaceType::SOCKETCAN) {

    if (controller == CanController::InterfaceType::SOCKETCAN) {

        CanController::BusConfig::InterfaceId::Socketcan socketcan = {};

        CanController::BusConfig::InterfaceId::Socketcan socketcan = {};

        if (const bool shouldPassSerialSocket = mFuzzedDataProvider->ConsumeBool();

        if (const bool shouldPassSerialSocket = mFuzzedDataProvider->ConsumeBool();

            shouldPassSerialSocket) {

            shouldPassSerialSocket) {

            socketcan.ifname(ifname);

            socketcan.ifname(ifname);

        }

        }

        config.interfaceId.socketcan(socketcan);

        config.interfaceId.socketcan(socketcan);

    } else if (iftype == CanController::InterfaceType::SLCAN) {

    } else if (controller == CanController::InterfaceType::SLCAN) {

        CanController::BusConfig::InterfaceId::Slcan slcan = {};

        CanController::BusConfig::InterfaceId::Slcan slcan = {};

        if (const bool shouldPassSerialSlcan = mFuzzedDataProvider->ConsumeBool();

        if (const bool shouldPassSerialSlcan = mFuzzedDataProvider->ConsumeBool();

            shouldPassSerialSlcan) {

            shouldPassSerialSlcan) {

            slcan.ttyname(ifname);

            slcan.ttyname(ifname);

        }

        }

        config.interfaceId.slcan(slcan);

        config.interfaceId.slcan(slcan);

    } else if (iftype == CanController::InterfaceType::VIRTUAL) {

    } else if (controller == CanController::InterfaceType::VIRTUAL) {

        config.interfaceId.virtualif({ifname});

        config.interfaceId.virtualif({ifname});

    } else if (controller == CanController::InterfaceType::INDEXED) {

        CanController::BusConfig::InterfaceId::Indexed indexed;

        indexed.index = mFuzzedDataProvider->ConsumeIntegral<uint8_t>();

        config.interfaceId.indexed(indexed);

    }

    }

    const size_t numInvocations =

    const size_t numInvocations =

    hidl_string configName;

    hidl_string configName;

    if (const bool shouldInvokeValidBus = mFuzzedDataProvider->ConsumeBool();

    if (const bool shouldInvokeValidBus = mFuzzedDataProvider->ConsumeBool();

        (shouldInvokeValidBus) && (mBusNames.size() > 0)) {

        (shouldInvokeValidBus) && (mBusNames.size() > 0)) {

        const size_t busNameIndex =

        size_t busNameIndex;

        if (mBusNames.size() == 1) {

            busNameIndex = 0;

        } else {

            busNameIndex =

                    mFuzzedDataProvider->ConsumeIntegralInRange<size_t>(0, mBusNames.size() - 1);

                    mFuzzedDataProvider->ConsumeIntegralInRange<size_t>(0, mBusNames.size() - 1);

        }

        configName = mBusNames[busNameIndex];

        configName = mBusNames[busNameIndex];

    } else {

    } else {

        configName = mFuzzedDataProvider->ConsumeRandomLengthString(kMaxCharacters);

        configName = mFuzzedDataProvider->ConsumeRandomLengthString(kMaxCharacters);

    }

    }

}

}

void CanFuzzer::invokeController() {

    getSupportedInterfaceTypes();

    invokeUpInterface();

    invokeDownInterface();

}

void CanFuzzer::invokeBus() {

void CanFuzzer::invokeBus() {

    const size_t numBuses = mFuzzedDataProvider->ConsumeIntegralInRange<size_t>(1, kMaxBuses);

    const size_t numBuses = mFuzzedDataProvider->ConsumeIntegralInRange<size_t>(1, kMaxBuses);

    for (size_t i = 0; i < numBuses; ++i) {

    for (size_t i = 0; i < numBuses; ++i) {

            for (uint32_t k = 0; k < numFilters; ++k) {

            for (uint32_t k = 0; k < numFilters; ++k) {

                filterVector[k].id = mFuzzedDataProvider->ConsumeIntegral<uint32_t>();

                filterVector[k].id = mFuzzedDataProvider->ConsumeIntegral<uint32_t>();

                filterVector[k].mask = mFuzzedDataProvider->ConsumeIntegral<uint32_t>();

                filterVector[k].mask = mFuzzedDataProvider->ConsumeIntegral<uint32_t>();

                if (mFuzzedDataProvider->ConsumeBool()) {

                    filterVector[k].rtr =

                            (FilterFlag)mFuzzedDataProvider->ConsumeIntegral<uint8_t>();

                } else {

                    filterVector[k].rtr =

                    filterVector[k].rtr =

                            kFilterFlag[mFuzzedDataProvider->ConsumeIntegralInRange<size_t>(

                            kFilterFlag[mFuzzedDataProvider->ConsumeIntegralInRange<size_t>(

                                    0, kFilterFlagLength - 1)];

                                    0, kFilterFlagLength - 1)];

                }

                if (mFuzzedDataProvider->ConsumeBool()) {

                    filterVector[k].extendedFormat =

                            (FilterFlag)mFuzzedDataProvider->ConsumeIntegral<uint8_t>();

                } else {

                    filterVector[k].extendedFormat =

                    filterVector[k].extendedFormat =

                            kFilterFlag[mFuzzedDataProvider->ConsumeIntegralInRange<size_t>(

                            kFilterFlag[mFuzzedDataProvider->ConsumeIntegralInRange<size_t>(

                                    0, kFilterFlagLength - 1)];

                                    0, kFilterFlagLength - 1)];

                }

                filterVector[k].exclude = mFuzzedDataProvider->ConsumeBool();

                filterVector[k].exclude = mFuzzedDataProvider->ConsumeBool();

            }

            }

            auto listener = listeningBus.listen(filterVector);

            auto listener = listeningBus.listen(filterVector);

void CanFuzzer::process(const uint8_t* data, size_t size) {

void CanFuzzer::process(const uint8_t* data, size_t size) {

    mFuzzedDataProvider = new FuzzedDataProvider(data, size);

    mFuzzedDataProvider = new FuzzedDataProvider(data, size);

    invokeController();

    while (mFuzzedDataProvider->remaining_bytes()) {

    invokeBus();

        auto CanFuzzerFunction =

                mFuzzedDataProvider->PickValueInArray<const std::function<void()>>({

                        [&]() { getSupportedInterfaceTypes(); },

                        [&]() { invokeUpInterface(); },

                        [&]() { invokeDownInterface(); },

                        [&]() { invokeBus(); },

                });

        CanFuzzerFunction();

    }

}

}

bool CanFuzzer::init() {

bool CanFuzzer::init() {

    hidl_vec<hidl_string> getBusNames();

    hidl_vec<hidl_string> getBusNames();

    void getSupportedInterfaceTypes();

    void getSupportedInterfaceTypes();

    void invokeBus();

    void invokeBus();

    void invokeController();

    void invokeUpInterface();

    void invokeUpInterface();

    void invokeDownInterface();

    void invokeDownInterface();

    FuzzedDataProvider* mFuzzedDataProvider = nullptr;

    FuzzedDataProvider* mFuzzedDataProvider = nullptr;