Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4058ed00 authored by Zach Johnson's avatar Zach Johnson
Browse files

Add bluetooth_gd_hci_fuzz_test 

Right now, relatively simple as it only
sends ACL data, but will be expanded.

Test: run this test (next CL will include a run script)
Change-Id: Idf9e6f2fb3622d720b903339da3a39fba61efbdc
parent 1b495c27

system/gd/Android.bp

+22 −5
Original line number Diff line number Diff line
@@ -290,13 +290,11 @@ cc_test { 
    },

}



cc_fuzz {

  name: "bluetooth_gd_fuzz_test",

cc_defaults {

  name: "gd_fuzz_defaults",

  defaults: ["gd_defaults"],

  srcs: [

    "fuzz_test.cc",

    ":BluetoothHciFuzzTestSources",

    ":BluetoothL2capFuzzTestSources",

    ":BluetoothFuzzingHelperSources",

  ],

  static_libs: [

    "libbluetooth_gd",
@@ -322,6 +320,25 @@ cc_fuzz { 
  },

}



cc_fuzz {

  name: "bluetooth_gd_fuzz_test",

  defaults: ["gd_fuzz_defaults"],

  srcs: [

    "fuzz_test.cc",

    ":BluetoothHciFuzzTestSources",

    ":BluetoothL2capFuzzTestSources",

  ],

}



cc_fuzz {

  name: "bluetooth_gd_hci_fuzz_test",

  defaults: ["gd_fuzz_defaults"],

  srcs: [

    "hci/fuzzing/hci_layer_fuzz_test.cc",

    ":BluetoothHalFuzzingSources",

  ],

}



cc_benchmark {

    name: "bluetooth_benchmark_gd",

    defaults: ["gd_defaults"],

system/gd/hci/fuzzing/hci_layer_fuzz_test.cc

0 → 100644
+41 −0
Original line number Diff line number Diff line 
/*

 * Copyright 2019 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



#include <stddef.h>

#include <stdint.h>

#include "hal/fuzzing/fuzzing_hci_hal.h"

#include "hci/fuzzing/dev_null_hci.h"

#include "hci/hci_layer.h"

#include "module.h"



using bluetooth::TestModuleRegistry;

using bluetooth::hal::HciHal;

using bluetooth::hal::fuzzing::FuzzingHciHal;

using bluetooth::hci::fuzzing::DevNullHci;



extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

  static TestModuleRegistry moduleRegistry = TestModuleRegistry();

  FuzzingHciHal* fuzzingHal = new FuzzingHciHal();



  moduleRegistry.InjectTestModule(&HciHal::Factory, fuzzingHal);

  moduleRegistry.Start<DevNullHci>(&moduleRegistry.GetTestThread());



  fuzzingHal->injectFuzzInput(data, size);



  moduleRegistry.StopAll();



  return 0;

}