widevine-partner/android
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fuzz Widevine AIDL drmFactory binder interface.

Browse Source 
[Merged from http://go/wvgerrit/152150 ]

Test: build and run test

Bug: 226948319
Change-Id: I717d119cbf455fe76e4bb1f818d00141f4e7fa7c
This commit is contained in:
Edwin Wong
2022-05-19 17:51:19 +00:00
parent 1c96d290bd
commit a285b363d9
6 changed files with 272 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
libwvdrmengine/Android.bp
View File

@@ -557,3 +557,120 @@ phony {
"android.hardware.drm-service-lazy.widevine",
],
}
cc_library_shared {
name: "libwvaidl_fuzz",
srcs: [
"src/WVCDMSingleton.cpp",
"src/WVUUID.cpp",
"aidl_src/wv_metrics.cpp",
"aidl_src/WVCreatePluginFactories.cpp",
"aidl_src/WVDrmFactory.cpp",
],
include_dirs: [
"frameworks/av/include",
"frameworks/native/include",
"vendor/widevine/libwvdrmengine/cdm/core/include",
"vendor/widevine/libwvdrmengine/cdm/metrics/include",
"vendor/widevine/libwvdrmengine/cdm/util/include",
"vendor/widevine/libwvdrmengine/cdm/include",
"vendor/widevine/libwvdrmengine/aidl_include",
"vendor/widevine/libwvdrmengine/include",
"vendor/widevine/libwvdrmengine/mediacrypto/aidl_include",
"vendor/widevine/libwvdrmengine/mediadrm/aidl_include",
"vendor/widevine/libwvdrmengine/oemcrypto/include",
],
static_libs: [
"android.hardware.common-V2-ndk",
"libaidlcommonsupport",
"libcdm",
"libcdm_protos",
"libcdm_utils",
"libjsmn",
"libwvdrmcryptoplugin_aidl_fuzz",
"libwvdrmdrmplugin_aidl_fuzz",
"libwvlevel3",
"libwv_odk",
],
shared_libs: [
"android.hardware.drm-V1-ndk",
"libbase",
"libbinder_ndk",
"libcrypto",
"libcutils",
"libdl",
"liblog",
"libprotobuf-cpp-lite",
"libutils",
],
header_libs: ["libstagefright_foundation_headers"],
owner: "widevine",
proprietary: true,
}
cc_defaults {
name: "common_widevine_service-multilib-defaults-aidl_fuzz",
owner: "widevine",
proprietary: true,
relative_install_path: "hw",
include_dirs: [
"vendor/widevine/libwvdrmengine/aidl_include",
"vendor/widevine/libwvdrmengine/mediadrm/aidl_include",
"vendor/widevine/libwvdrmengine/oemcrypto/include",
],
header_libs: ["libstagefright_foundation_headers"],
shared_libs: [
"android.hardware.drm-V1-ndk",
"libbase",
"libbinder_ndk",
"liblog",
"libutils",
"libwvaidl_fuzz",
],
}
cc_fuzz {
name: "android.hardware.drm-service.widevine.aidl_fuzzer",
defaults: [
"common_widevine_service-multilib-first",
"common_widevine_service-multilib-defaults-aidl_fuzz",
],
static_libs: [
"libbase",
"libbinder_random_parcel",
"libcutils",
"libutils",
],
target: {
android: {
shared_libs: [
"libbinder_ndk",
"libbinder",
],
},
host: {
static_libs: [
"libbinder_ndk",
"libbinder",
],
},
darwin: {
enabled: false,
},
},
srcs: ["aidl_src/fuzzer/fuzzer.cpp"],
fuzz_config: {
cc: [
"edwinwong@google.com",
"widevine-android@google.com",
],
},
}

31
libwvdrmengine/aidl_src/fuzzer/README.md Normal file
View File

@@ -0,0 +1,31 @@
# About Widevine aidl binder fuzzer
## Build the binaries
See [go/build-fast][1] to setup the RBE environment.
From Android root:
1. source build/make/rbesetup.sh
2. `SANITIZE_TARGET`=hwaddress m `android.hardware.drm-service.widevine.aidl_fuzzer` -j128
## Push to target for testing
adb push $(OUT)/data/fuzz/arm64/lib/ /data/fuzz/arm64/lib/
## Run test
adb shell<br>
cd /data/fuzz/arm64<br>
`LD_LIBRARY_PATH=/data/fuzz/arm65/lib /data/fuzz/arm64/android.hardware.drm-service.widevine.aidl_fuzzer/vendor/hw/android.hardware.drm-service.widevine.aidl_fuzzer`
## Monitoring
By using `cc_fuzz` in Android.bp, the fuzz binary and its dependency sanitized shared libraries will be installed on the device.<br>
Libraries are installed in `/data/fuzz/<arch>/lib`, and the binary is installed in /data/fuzz/&ltarch&gt/&lt`binary_name`&gt/vendor/hw.<br>
Within 24-48 hours of merge, you can monitor the coverage data [here][2].<br>
Bugs will be filed automatically, and the owner of the fuzzer(the cc in the config section) will be notified.<br>
[1]: https://g3doc.corp.google.com/company/teams/android/developing/update/build-fast.md?cl=head
[2]: https://android-coverage.googleplex.com/

34
libwvdrmengine/aidl_src/fuzzer/fuzzer.cpp Normal file
View File

@@ -0,0 +1,34 @@
/*
* Copyright (C) 2022 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <android/binder_manager.h>
#include <android/binder_process.h>
#include <fuzzbinder/libbinder_ndk_driver.h>
#include <fuzzer/FuzzedDataProvider.h>
#include "WVCreatePluginFactories.h"
using ::wvdrm::hardware::drm::widevine::createDrmFactory;
using ::wvdrm::hardware::drm::widevine::WVDrmFactory;
using android::fuzzService;
using ndk::SharedRefBase;
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
std::shared_ptr<WVDrmFactory> drmFactory = createDrmFactory();
fuzzService(drmFactory->asBinder().get(), FuzzedDataProvider(data, size));
return 0;
}

4
libwvdrmengine/cdm/core/src/Android.bp
View File

@@ -17,8 +17,8 @@ cc_library {
vendor: true,
srcs: [
"license_protocol.proto",
"device_files.proto",
"license_protocol.proto",
"device_files.proto",
],
cflags: [

46
libwvdrmengine/mediacrypto/Android.bp
View File

@@ -36,7 +36,7 @@ cc_library_static {
"vendor/widevine/libwvdrmengine/cdm/include",
"vendor/widevine/libwvdrmengine/cdm/metrics/include",
"vendor/widevine/libwvdrmengine/cdm/util/include",
"vendor/widevine/libwvdrmengine/include",
"vendor/widevine/libwvdrmengine/include",
"vendor/widevine/libwvdrmengine/include_hidl",
"vendor/widevine/libwvdrmengine/mediacrypto/include_hidl",
"vendor/widevine/libwvdrmengine/oemcrypto/include",
@@ -109,3 +109,47 @@ cc_library_static {
proprietary: true,
}
// Builds libwvdrmcryptoplugin_aidl_fuzz
//
cc_library_static {
name: "libwvdrmcryptoplugin_aidl_fuzz",
srcs: ["aidl_src/WVCryptoPlugin.cpp"],
include_dirs: [
"frameworks/av/include",
"frameworks/native/include",
"vendor/widevine/libwvdrmengine/cdm/core/include",
"vendor/widevine/libwvdrmengine/cdm/include",
"vendor/widevine/libwvdrmengine/cdm/metrics/include",
"vendor/widevine/libwvdrmengine/cdm/util/include",
"vendor/widevine/libwvdrmengine/aidl_include",
"vendor/widevine/libwvdrmengine/include",
"vendor/widevine/libwvdrmengine/mediacrypto/aidl_include",
"vendor/widevine/libwvdrmengine/oemcrypto/include",
],
header_libs: [
"libstagefright_headers",
"libutils_headers",
],
static_libs: [
"android.hardware.common-V2-ndk",
"libaidlcommonsupport",
"libcdm_protos",
],
shared_libs: [
"android.hardware.drm-V1-ndk",
"libbase",
"libcrypto",
"libhwbinder",
"liblog",
],
cflags: ["-Wthread-safety"],
proprietary: true,
}

43
libwvdrmengine/mediadrm/Android.bp
View File

@@ -110,3 +110,46 @@ cc_library_static {
proprietary: true,
}
// Builds libwvdrmdrmplugin_aidl_fuzz
//
cc_library_static {
name: "libwvdrmdrmplugin_aidl_fuzz",
srcs: [
"aidl_src/WVDrmPlugin.cpp",
"aidl_src/WVGenericCryptoInterface.cpp",
"aidl_src/wv_metrics_adapter.cpp",
],
include_dirs: [
"frameworks/av/include",
"frameworks/native/include",
"vendor/widevine/libwvdrmengine/cdm/core/include",
"vendor/widevine/libwvdrmengine/cdm/include",
"vendor/widevine/libwvdrmengine/cdm/metrics/include",
"vendor/widevine/libwvdrmengine/cdm/util/include",
"vendor/widevine/libwvdrmengine/aidl_include",
"vendor/widevine/libwvdrmengine/include",
"vendor/widevine/libwvdrmengine/mediadrm/aidl_include",
"vendor/widevine/libwvdrmengine/oemcrypto/include",
],
header_libs: [
"libstagefright_headers",
"libstagefright_foundation_headers",
"libutils_headers",
],
static_libs: ["libcdm_protos"],
shared_libs: [
"libbase",
"libbinder_ndk",
"libcrypto",
"liblog",
"android.hardware.drm-V1-ndk",
],
proprietary: true,
}