Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2b106685 authored by Devendra Singhi's avatar Devendra Singhi Committed by Vasudev Prasad S
Browse files

Updated the fuzzer to use native service 

Launched a native service, which runs in-process to bypass IPC

Test: ./mediarecorder_fuzzer
Bug: 230737204

Change-Id: I3201ce2aa794e8a7b775c6be52fb1b6e53ffb278
(cherry picked from commit 271c499ab488db75ebf44f1c7a57b88d6a71976a)
parent a6f1c275

media/libmediaplayerservice/fuzzer/Android.bp

+36 −0
Original line number Diff line number Diff line
@@ -60,15 +60,51 @@ cc_fuzz { 
    static_libs: [

        "libstagefright_rtsp",

        "libbase",

        "libstagefright_nuplayer",

        "libplayerservice_datasource",

        "libstagefright_timedtext",

        "libaudioprocessing_base",

    ],

    shared_libs: [

        "android.hardware.media.omx@1.0",

        "av-types-aidl-cpp",

        "media_permission-aidl-cpp",

        "libaudioclient_aidl_conversion",

        "libactivitymanager_aidl",

        "libandroid_net",

        "libaudioclient",

        "libcamera_client",

        "libcodec2_client",

        "libcrypto",

        "libdatasource",

        "libdrmframework",

        "libgui",

        "libhidlbase",

        "liblog",

        "libmedia_codeclist",

        "libmedia_omx",

        "libmediadrm",

        "libmediametrics",

        "libmediautils",

        "libmemunreachable",

        "libnetd_client",

        "libpowermanager",

        "libstagefright_httplive",

        "packagemanager_aidl-cpp",

        "libfakeservicemanager",

        "libvibrator",

        "libnbaio",

        "libnblog",

        "libpowermanager",

        "libaudioprocessing",

        "libaudioflinger",

        "libresourcemanagerservice",

        "libmediametricsservice",

        "mediametricsservice-aidl-cpp",

    ],

    header_libs: [

        "libaudiohal_headers",

        "libaudioflinger_headers",

    ],

}

media/libmediaplayerservice/fuzzer/mediarecorder_fuzzer.cpp

+20 −0
Original line number Diff line number Diff line
@@ -18,6 +18,10 @@ 
#include <media/stagefright/foundation/AString.h>

#include "fuzzer/FuzzedDataProvider.h"



#include <AudioFlinger.h>

#include <MediaPlayerService.h>

#include <ResourceManagerService.h>

#include <ServiceManager.h>

#include <StagefrightRecorder.h>

#include <camera/Camera.h>

#include <camera/android/hardware/ICamera.h>
@@ -25,6 +29,7 @@ 
#include <gui/Surface.h>

#include <gui/SurfaceComposerClient.h>

#include <media/stagefright/PersistentSurface.h>

#include <mediametricsservice/MediaMetricsService.h>

#include <thread>



using namespace std;
@@ -305,6 +310,21 @@ void MediaRecorderClientFuzzer::process() { 
    mStfRecorder->reset();

}



extern "C" int LLVMFuzzerInitialize(int /* *argc */, char /* ***argv */) {

    /**

     * Initializing a FakeServiceManager and adding the instances

     * of all the required services

     */

    sp<IServiceManager> fakeServiceManager = new ServiceManager();

    setDefaultServiceManager(fakeServiceManager);

    MediaPlayerService::instantiate();

    AudioFlinger::instantiate();

    ResourceManagerService::instantiate();

    fakeServiceManager->addService(String16(MediaMetricsService::kServiceName),

                                    new MediaMetricsService());

    return 0;

}



extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {

    MediaRecorderClientFuzzer mrcFuzzer(data, size);

    mrcFuzzer.process();