Merge "Camera Fuzzer: Initialise audio services one time" into main am: e2724e4f

        "mediautils_headers",

    ],

    shared_libs: [

        "framework-permission-aidl-cpp",

        "libbinder",

        "libbase",

        "libutils",

        "libcutils",

        "libcameraservice",

        "libcamera_client",

        "liblog",

        "libui",

        "libgui",

        "android.hardware.camera.common@1.0",

        "android.hardware.camera.provider@2.4",

        "android.hardware.camera.provider@2.5",

        "android.hardware.camera.provider@2.6",

        "android.hardware.camera.provider@2.7",

        "android.hardware.camera.provider-V3-ndk",

        "android.hardware.camera.device@1.0",

        "android.hardware.camera.device@3.2",

        "android.hardware.camera.device@3.3",

        "android.hardware.camera.device@3.5",

        "android.hardware.camera.device@3.6",

        "android.hardware.camera.device@3.7",

        "android.hardware.camera.provider-V3-ndk",

        "android.hardware.camera.provider@2.4",

        "android.hardware.camera.provider@2.5",

        "android.hardware.camera.provider@2.6",

        "android.hardware.camera.provider@2.7",

        "camera_platform_flags_c_lib",

        "framework-permission-aidl-cpp",

        "libactivitymanager_aidl",

        "libaudioclient",

        "libaudioflinger",

        "libaudiohal",

        "libaudioprocessing",

        "libbase",

        "libbinder",

        "libcamera_client",

        "libcameraservice",

        "libcutils",

        "libgui",

        "liblog",

        "libmediaplayerservice",

        "libmediautils",

        "libnbaio",

        "libpermission",

        "libpowermanager",

        "libsensorprivacy",

        "libui",

        "libutils",

        "libvibrator",

        "packagemanager_aidl-cpp",

    ],

    static_libs: ["libbinder_random_parcel"],

    static_libs: [

        "libaudiomockhal",

        "libbinder_random_parcel",

    ],

    fuzz_config: {

        cc: [

            "android-camera-fwk-eng@google.com",

    ],

    defaults: [

        "camera_service_fuzzer_defaults",

        "latest_android_hardware_audio_core_ndk_shared",

        "latest_android_hardware_audio_core_sounddose_ndk_shared",

        "latest_android_hardware_audio_effect_ndk_shared",

        "libaudioflinger_dependencies",

    ],

}

    ],

    defaults: [

        "camera_service_fuzzer_defaults",

        "service_fuzzer_defaults",

        "fuzzer_disable_leaks",

        "service_fuzzer_defaults",

    ],

    fuzz_config: {

        triage_assignee: "waghpawan@google.com",

#include <ISchedulingPolicyService.h>

#include <MediaPlayerService.h>

#include <android-base/logging.h>

#include <android/binder_manager.h>

#include <android/content/AttributionSourceState.h>

#include <android/hardware/BnCameraServiceListener.h>

#include <android/hardware/ICameraServiceListener.h>

#include <camera/CameraUtils.h>

#include <camera/camera2/OutputConfiguration.h>

#include <com_android_graphics_libgui_flags.h>

#include <core-mock/ConfigMock.h>

#include <core-mock/ModuleMock.h>

#include <device3/Camera3StreamInterface.h>

#include <effect-mock/FactoryMock.h>

#include <fakeservicemanager/FakeServiceManager.h>

#include <fuzzbinder/random_binder.h>

#include <gui/BufferItemConsumer.h>

const size_t kNumShellCmd = size(kShellCmd);

static std::once_flag gSmOnce;

sp<CameraService> gCameraService;

sp<FakeServiceManager> gFsm;

void addService(const String16& serviceName, const sp<FakeServiceManager>& fakeServiceManager,

                FuzzedDataProvider* fdp) {

    }

}

extern "C" int LLVMFuzzerInitialize(int* /*argc*/, char*** /*argv*/) {

    /* Create a FakeServiceManager instance and add required services */

    gFsm = sp<FakeServiceManager>::make();

    setDefaultServiceManager(gFsm);

    auto configService = ndk::SharedRefBase::make<ConfigMock>();

    CHECK_EQ(NO_ERROR, AServiceManager_addService(configService.get()->asBinder().get(),

                                                  "android.hardware.audio.core.IConfig/default"));

    auto factoryService = ndk::SharedRefBase::make<FactoryMock>();

    CHECK_EQ(NO_ERROR,

             AServiceManager_addService(factoryService.get()->asBinder().get(),

                                        "android.hardware.audio.effect.IFactory/default"));

    auto moduleService = ndk::SharedRefBase::make<ModuleMock>();

    CHECK_EQ(NO_ERROR, AServiceManager_addService(moduleService.get()->asBinder().get(),

                                                  "android.hardware.audio.core.IModule/default"));

    // Disable creating thread pool for fuzzer instance of audio flinger

    AudioSystem::disableThreadPool();

    return 0;

}

extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {

    if (size < 1) {

        return 0;

    setuid(AID_CAMERASERVER);

    std::shared_ptr<FuzzedDataProvider> fp = std::make_shared<FuzzedDataProvider>(data, size);

    std::call_once(gSmOnce, [&] {

        /* Create a FakeServiceManager instance and add required services */

        sp<FakeServiceManager> fsm = sp<FakeServiceManager>::make();

        setDefaultServiceManager(fsm);

    for (const char* service :

         {"sensor_privacy", "permission", "media.camera.proxy", "batterystats", "media.metrics",

          "media.extractor", "drm.drmManager", "permission_checker"}) {

            addService(String16(service), fsm, fp.get());

        addService(String16(service), gFsm, fp.get());

    }

    std::call_once(gSmOnce, [&] {

        const auto audioFlinger = sp<AudioFlinger>::make();

        const auto afAdapter = sp<AudioFlingerServerAdapter>::make(audioFlinger);

        CHECK_EQ(NO_ERROR,

                 fsm->addService(String16(IAudioFlinger::DEFAULT_SERVICE_NAME),

                 gFsm->addService(String16(IAudioFlinger::DEFAULT_SERVICE_NAME),

                                  IInterface::asBinder(afAdapter), false /* allowIsolated */,

                                  IServiceManager::DUMP_FLAG_PRIORITY_DEFAULT));

        sp<FuzzerActivityManager> am = new FuzzerActivityManager();

        CHECK_EQ(NO_ERROR, fsm->addService(String16("activity"), IInterface::asBinder(am)));

        CHECK_EQ(NO_ERROR, gFsm->addService(String16("activity"), IInterface::asBinder(am)));

        sp<FuzzerSensorPrivacyManager> sensorPrivacyManager = new FuzzerSensorPrivacyManager();

        CHECK_EQ(NO_ERROR, fsm->addService(String16("sensor_privacy"),

        CHECK_EQ(NO_ERROR, gFsm->addService(String16("sensor_privacy"),

                                            IInterface::asBinder(sensorPrivacyManager)));

        sp<FuzzAppOpsService> appops = new FuzzAppOpsService();

        CHECK_EQ(NO_ERROR, fsm->addService(String16("appops"), IInterface::asBinder(appops)));

        CHECK_EQ(NO_ERROR, gFsm->addService(String16("appops"), IInterface::asBinder(appops)));

        MediaPlayerService::instantiate();

        gCameraService = new CameraService();

    });