1 /*
2  * Copyright (C) 2021 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at:
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  *
16  */
17 
18 #include <binder/IServiceManager.h>
19 #include <fuzzbinder/random_binder.h>
20 #include <fuzzer/FuzzedDataProvider.h>
21 
22 #include "audio_hal_interface/hearing_aid_software_encoding.h"
23 #include "osi/include/properties.h"
24 
25 using namespace android;
26 [[clang::no_destroy]] static std::once_flag gSmOnce;
27 
28 constexpr int32_t kRandomStringLength = 256;
29 constexpr int32_t kPropertyValueMax = 92;
30 constexpr int32_t kMaxBytes = 1000;
31 
32 extern "C" {
android_get_exported_namespace(const char *)33 struct android_namespace_t* android_get_exported_namespace(const char*) {
34   return nullptr;
35 }
36 }
37 
source_init_delayed(void)38 static void source_init_delayed(void) {}
39 
hearingAidOnResumeReq(bool)40 bool hearingAidOnResumeReq(bool /*start_media_task*/) { return true; }
41 
hearingAidOnSuspendReq()42 bool hearingAidOnSuspendReq() { return true; }
43 
44 auto streamCb = bluetooth::audio::hearing_aid::StreamCallbacks{
45     .on_resume_ = hearingAidOnResumeReq,
46     .on_suspend_ = hearingAidOnSuspendReq,
47 };
48 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)49 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
50   FuzzedDataProvider fdp(data, size);
51 
52   const std::string property = "persist.bluetooth.a2dp_offload.disabled";
53   char received[kPropertyValueMax];
54   osi_property_get(property.c_str(), received, NULL);
55   osi_property_set(property.c_str(), fdp.PickValueInArray({"true", "false"}));
56 
57   std::call_once(gSmOnce, [&] {
58     auto sm = defaultServiceManager();
59     auto binder = getRandomBinder(&fdp);
60     sm->addService(String16("android.hardware.bluetooth.audio."
61                             "IBluetoothAudioProviderFactory.ProviderInfo"),
62                    binder);
63 
64     if (fdp.ConsumeBool()) {
65       uint16_t delay = fdp.ConsumeIntegral<uint16_t>();
66       bluetooth::audio::hearing_aid::set_remote_delay(delay);
67     }
68     std::string name = fdp.ConsumeRandomLengthString(kRandomStringLength);
69     bluetooth::common::MessageLoopThread messageLoopThread(name);
70     messageLoopThread.StartUp();
71     bluetooth::audio::hearing_aid::init(streamCb, &messageLoopThread);
72   });
73 
74   bluetooth::audio::hearing_aid::start_session();
75 
76   std::vector<uint8_t> buffer = fdp.ConsumeBytes<uint8_t>(kMaxBytes);
77   bluetooth::audio::hearing_aid::read(buffer.data(), buffer.size());
78 
79   bluetooth::audio::hearing_aid::end_session();
80   osi_property_set(property.c_str(), received);
81 
82   return 0;
83 }
84