Added audiopolicy_aidl_fuzzer am: 80b150b2

/******************************************************************************

 *

 * Copyright (C) 2023 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at:

 *

 * http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 *

 ******************************************************************************/

cc_defaults {

    name: "audiopolicy_aidl_fuzzer_defaults",

    shared_libs: [

        "audiopolicy-aidl-cpp",

        "audiopolicy-types-aidl-cpp",

        "framework-permission-aidl-cpp",

        "libaudiopolicy",

        "libaudiopolicymanagerdefault",

        "libactivitymanager_aidl",

        "libaudiohal",

        "libaudiopolicyservice",

        "libaudioflinger",

        "libaudioclient",

        "libaudioprocessing",

        "libhidlbase",

        "liblog",

        "libmediautils",

        "libnblog",

        "libnbaio",

        "libpowermanager",

        "libvibrator",

        "packagemanager_aidl-cpp",

    ],

    static_libs: [

        "libfakeservicemanager",

        "libmediaplayerservice",

    ],

    header_libs: [

        "libaudiohal_headers",

        "libaudioflinger_headers",

        "libaudiopolicymanager_interface_headers",

        "libbinder_headers",

        "libmedia_headers",

    ],

    fuzz_config: {

        cc: [

            "android-media-fuzzing-reports@google.com",

        ],

        componentid: 155276,

        hotlists: ["4593311"],

        description: "The fuzzer targets the APIs of libaudiopolicy",

        vector: "local_no_privileges_required",

        service_privilege: "privileged",

        users: "multi_user",

        fuzzed_code_usage: "shipped",

    },

}

cc_fuzz {

    name: "audiopolicy_aidl_fuzzer",

    srcs: ["audiopolicy_aidl_fuzzer.cpp"],

    defaults: [

        "audiopolicy_aidl_fuzzer_defaults",

        "service_fuzzer_defaults",

    ],

}

/*

 * Copyright (C) 2023 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at:

 *

 * http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 *

 */

#include <AudioFlinger.h>

#include <android-base/logging.h>

#include <android/binder_interface_utils.h>

#include <android/binder_process.h>

#include <android/media/IAudioPolicyService.h>

#include <fakeservicemanager/FakeServiceManager.h>

#include <fuzzbinder/libbinder_driver.h>

#include <fuzzbinder/random_binder.h>

#include <fuzzer/FuzzedDataProvider.h>

#include <media/IAudioFlinger.h>

#include <service/AudioPolicyService.h>

using namespace android;

using namespace android::binder;

using namespace android::hardware;

using android::fuzzService;

[[clang::no_destroy]] static std::once_flag gSmOnce;

sp<FakeServiceManager> gFakeServiceManager;

bool addService(const String16& serviceName, const sp<FakeServiceManager>& fakeServiceManager,

                FuzzedDataProvider& fdp) {

    sp<IBinder> binder = getRandomBinder(&fdp);

    if (binder == nullptr) {

        return false;

    }

    CHECK_EQ(NO_ERROR, fakeServiceManager->addService(serviceName, binder));

    return true;

}

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

    FuzzedDataProvider fdp(data, size);

    std::call_once(gSmOnce, [&] {

        /* Create a FakeServiceManager instance and add required services */

        gFakeServiceManager = sp<FakeServiceManager>::make();

        setDefaultServiceManager(gFakeServiceManager);

    });

    gFakeServiceManager->clear();

    for (const char* service :

         {"activity", "sensor_privacy", "permission", "scheduling_policy",

          "android.hardware.audio.core.IConfig", "batterystats", "media.metrics"}) {

        if (!addService(String16(service), gFakeServiceManager, fdp)) {

            return 0;

        }

    }

    const auto audioFlinger = sp<AudioFlinger>::make();

    const auto afAdapter = sp<AudioFlingerServerAdapter>::make(audioFlinger);

    CHECK_EQ(NO_ERROR,

             gFakeServiceManager->addService(

                     String16(IAudioFlinger::DEFAULT_SERVICE_NAME), IInterface::asBinder(afAdapter),

                     false /* allowIsolated */, IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT));

    AudioSystem::get_audio_flinger_for_fuzzer();

    const auto audioPolicyService = sp<AudioPolicyService>::make();

    CHECK_EQ(NO_ERROR,

             gFakeServiceManager->addService(String16("media.audio_policy"), audioPolicyService,

                                             false /* allowIsolated */,

                                             IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT));

    fuzzService(media::IAudioPolicyService::asBinder(audioPolicyService),

                FuzzedDataProvider(data, size));

    return 0;

}