Updated the fuzzer to use native service
Launched a native service, which runs in-process to bypass IPC
Test: ./mediarecorder_fuzzer
Bug: 230737204
Change-Id: I3201ce2aa794e8a7b775c6be52fb1b6e53ffb278
(cherry picked from commit 271c499ab488db75ebf44f1c7a57b88d6a71976a)
diff --git a/media/libmediaplayerservice/fuzzer/Android.bp b/media/libmediaplayerservice/fuzzer/Android.bp
index a36f1d6..5abac81 100644
--- a/media/libmediaplayerservice/fuzzer/Android.bp
+++ b/media/libmediaplayerservice/fuzzer/Android.bp
@@ -60,15 +60,51 @@
static_libs: [
"libstagefright_rtsp",
"libbase",
+ "libstagefright_nuplayer",
+ "libplayerservice_datasource",
+ "libstagefright_timedtext",
+ "libaudioprocessing_base",
],
shared_libs: [
+ "android.hardware.media.omx@1.0",
"av-types-aidl-cpp",
"media_permission-aidl-cpp",
"libaudioclient_aidl_conversion",
+ "libactivitymanager_aidl",
"libandroid_net",
+ "libaudioclient",
"libcamera_client",
+ "libcodec2_client",
+ "libcrypto",
+ "libdatasource",
+ "libdrmframework",
"libgui",
+ "libhidlbase",
+ "liblog",
+ "libmedia_codeclist",
+ "libmedia_omx",
+ "libmediadrm",
"libmediametrics",
+ "libmediautils",
+ "libmemunreachable",
+ "libnetd_client",
+ "libpowermanager",
+ "libstagefright_httplive",
+ "packagemanager_aidl-cpp",
+ "libfakeservicemanager",
+ "libvibrator",
+ "libnbaio",
+ "libnblog",
+ "libpowermanager",
+ "libaudioprocessing",
+ "libaudioflinger",
+ "libresourcemanagerservice",
+ "libmediametricsservice",
+ "mediametricsservice-aidl-cpp",
+ ],
+ header_libs: [
+ "libaudiohal_headers",
+ "libaudioflinger_headers",
],
}
diff --git a/media/libmediaplayerservice/fuzzer/mediarecorder_fuzzer.cpp b/media/libmediaplayerservice/fuzzer/mediarecorder_fuzzer.cpp
index b0040fe..4f2da67 100644
--- a/media/libmediaplayerservice/fuzzer/mediarecorder_fuzzer.cpp
+++ b/media/libmediaplayerservice/fuzzer/mediarecorder_fuzzer.cpp
@@ -18,6 +18,10 @@
#include <media/stagefright/foundation/AString.h>
#include "fuzzer/FuzzedDataProvider.h"
+#include <AudioFlinger.h>
+#include <MediaPlayerService.h>
+#include <ResourceManagerService.h>
+#include <ServiceManager.h>
#include <StagefrightRecorder.h>
#include <camera/Camera.h>
#include <camera/android/hardware/ICamera.h>
@@ -25,6 +29,7 @@
#include <gui/Surface.h>
#include <gui/SurfaceComposerClient.h>
#include <media/stagefright/PersistentSurface.h>
+#include <mediametricsservice/MediaMetricsService.h>
#include <thread>
using namespace std;
@@ -305,6 +310,21 @@
mStfRecorder->reset();
}
+extern "C" int LLVMFuzzerInitialize(int /* *argc */, char /* ***argv */) {
+ /**
+ * Initializing a FakeServiceManager and adding the instances
+ * of all the required services
+ */
+ sp<IServiceManager> fakeServiceManager = new ServiceManager();
+ setDefaultServiceManager(fakeServiceManager);
+ MediaPlayerService::instantiate();
+ AudioFlinger::instantiate();
+ ResourceManagerService::instantiate();
+ fakeServiceManager->addService(String16(MediaMetricsService::kServiceName),
+ new MediaMetricsService());
+ return 0;
+}
+
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
MediaRecorderClientFuzzer mrcFuzzer(data, size);
mrcFuzzer.process();