1 /* 2 * Copyright 2020 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 // Authors: corbin.souffrant@leviathansecurity.com 17 // dylan.katz@leviathansecurity.com 18 19 #pragma once 20 21 #include <fuzzer/FuzzedDataProvider.h> 22 23 #include <future> 24 #include <memory> 25 26 #include "fuzz_l2cap_classic_module.h" 27 #include "hci/fuzz/fuzz_hci_layer.h" 28 #include "l2cap/classic/internal/dynamic_channel_service_manager_impl.h" 29 #include "l2cap/classic/internal/fixed_channel_service_manager_impl.h" 30 #include "l2cap/classic/internal/link_manager.h" 31 #include "l2cap/classic/l2cap_classic_module.h" 32 #include "l2cap/internal/parameter_provider.h" 33 #include "os/handler.h" 34 35 namespace bluetooth { 36 37 namespace shim { 38 namespace { 39 class ShimL2capFuzz { 40 public: CreateConnection(uint16_t psm,hci::Address device_address)41 uint16_t CreateConnection(uint16_t psm, hci::Address device_address) { 42 std::promise<uint16_t> promise; 43 auto future = promise.get_future(); 44 45 fuzz_l2cap_classic_module_->GetDynamicChannelManager()->ConnectChannel( 46 device_address, 47 {}, 48 psm, 49 handler_->BindOn(this, &ShimL2capFuzz::OnConnectionComplete), 50 handler_->BindOnceOn(this, &ShimL2capFuzz::OnConnectionFail)); 51 52 return future.get(); 53 } 54 OnConnectionComplete(std::unique_ptr<l2cap::classic::DynamicChannel> channel)55 void OnConnectionComplete(std::unique_ptr<l2cap::classic::DynamicChannel> channel) {} 56 OnConnectionFail(l2cap::classic::DynamicChannelManager::ConnectionResult result)57 void OnConnectionFail(l2cap::classic::DynamicChannelManager::ConnectionResult result) {} 58 ShimL2capFuzz(FuzzedDataProvider * fdp)59 ShimL2capFuzz(FuzzedDataProvider* fdp) { 60 hci::fuzz::FuzzHciLayer* fuzzHci = fake_registry_.Inject<hci::fuzz::FuzzHciLayer>(&hci::HciLayer::Factory); 61 fuzz_l2cap_classic_module_ = new FuzzL2capClassicModule(); 62 fake_registry_.InjectTestModule(&l2cap::classic::L2capClassicModule::Factory, fuzz_l2cap_classic_module_); 63 fake_registry_.Start<l2cap::classic::L2capClassicModule>(); 64 65 // The autoreply is needed to prevent it from hanging. 66 fuzzHci->TurnOnAutoReply(fdp); 67 acl_manager_ = fake_registry_.Start<hci::AclManager>(); 68 fuzzHci->TurnOffAutoReply(); 69 70 // Create the LinkManager 71 handler_ = std::unique_ptr<os::Handler>(new os::Handler(&thread_)); 72 dynamic_channel_impl = std::unique_ptr<l2cap::classic::internal::DynamicChannelServiceManagerImpl>( 73 new l2cap::classic::internal::DynamicChannelServiceManagerImpl(handler_.get())); 74 fixed_channel_impl = std::unique_ptr<l2cap::classic::internal::FixedChannelServiceManagerImpl>( 75 new l2cap::classic::internal::FixedChannelServiceManagerImpl(handler_.get())); 76 parameter_provider = std::unique_ptr<l2cap::internal::ParameterProvider>(new l2cap::internal::ParameterProvider()); 77 link_manager = std::unique_ptr<l2cap::classic::internal::LinkManager>(new l2cap::classic::internal::LinkManager( 78 handler_.get(), acl_manager_, fixed_channel_impl.get(), dynamic_channel_impl.get(), parameter_provider.get())); 79 } 80 ~ShimL2capFuzz()81 ~ShimL2capFuzz() { 82 handler_->Clear(); 83 } 84 stopRegistry()85 void stopRegistry() { 86 fake_registry_.WaitForIdleAndStopAll(); 87 } 88 89 std::promise<void> connection_complete_promise_; 90 91 FuzzL2capClassicModule* fuzz_l2cap_classic_module_{nullptr}; 92 hci::AclManager* acl_manager_{nullptr}; 93 94 std::unique_ptr<os::Handler> handler_; 95 std::unique_ptr<l2cap::classic::internal::FixedChannelServiceManagerImpl> fixed_channel_impl; 96 std::unique_ptr<l2cap::classic::internal::DynamicChannelServiceManagerImpl> dynamic_channel_impl; 97 std::unique_ptr<l2cap::classic::internal::LinkManager> link_manager; 98 std::unique_ptr<l2cap::internal::ParameterProvider> parameter_provider; 99 100 private: 101 FuzzTestModuleRegistry fake_registry_; 102 os::Thread& thread_ = fake_registry_.GetTestThread(); 103 }; 104 } // namespace 105 } // namespace shim 106 } // namespace bluetooth 107