libsnapshot_fuzzer: add additional tests for more APIs

Test: run it
Bug: 154633114
Change-Id: I956cb74bfd46750137dfa73e9e040dd9d1782ce7

fs_mgr/libsnapshot/android/snapshot/snapshot_fuzz.proto

@@ -40,16 +40,19 @@ message SnapshotManagerActionProto {
         bool has_before_cancel = 1;
         bool fail_before_cancel = 2;
     }
+    message CreateLogicalAndSnapshotPartitionsArgs {
+        bool use_correct_super = 1;
+        string super = 2;
+        int64 timeout_millis = 3;
+    }
+    message RecoveryCreateSnapshotDevicesArgs {
+        bool has_metadata_device_object = 1;
+        bool metadata_mounted = 2;
+    }
     reserved 7;
     reserved "create_update_snapshots";
     reserved 8;
     reserved "map_update_snapshot";
-    reserved 9;
-    reserved "unmap_update_snapshot";
-    reserved 11;
-    reserved "create_logical_and_snapshot_partitions";
-    reserved 14;
-    reserved "recovery_create_snapshot_devices_with_metadata";
     oneof value {
         NoArgs begin_update = 1;
         NoArgs cancel_update = 2;
@@ -57,9 +60,12 @@ message SnapshotManagerActionProto {
         NoArgs initiate_merge = 4;
         ProcessUpdateStateArgs process_update_state = 5;
         bool get_update_state = 6;
+        string unmap_update_snapshot = 9;
         NoArgs need_snapshots_in_first_stage_mount = 10;
+        CreateLogicalAndSnapshotPartitionsArgs create_logical_and_snapshot_partitions = 11;
         bool handle_imminent_data_wipe = 12;
         NoArgs recovery_create_snapshot_devices = 13;
+        RecoveryCreateSnapshotDevicesArgs recovery_create_snapshot_devices_with_metadata = 14;
         NoArgs dump = 15;
         NoArgs ensure_metadata_mounted = 16;
         NoArgs get_snapshot_merge_stats_instance = 17;

fs_mgr/libsnapshot/fuzz_utils.h

@@ -169,6 +169,18 @@ struct ActionPerfomer<FuzzFunction, void()> {
     }
 };
 
+template <typename FuzzFunction>
+struct ActionPerfomer<FuzzFunction, void(const std::string&)> {
+    static void Invoke(typename FuzzFunction::Class* module,
+                       const google::protobuf::Message& action_proto,
+                       const google::protobuf::FieldDescriptor* field_desc) {
+        std::string scratch;
+        const std::string& arg = action_proto.GetReflection()->GetStringReference(
+                action_proto, field_desc, &scratch);
+        FuzzFunction::ImplBody(module, arg);
+    }
+};
+
 }  // namespace android::fuzz
 
 // Fuzz existing C++ class, ClassType, with a collection of functions under the name Action.

fs_mgr/libsnapshot/snapshot_fuzz.cpp

@@ -51,9 +51,15 @@ std::string GetDsuSlot(const std::string& install_dir) {
 
 namespace android::snapshot {
 
+SnapshotFuzzEnv* GetSnapshotFuzzEnv();
+
 FUZZ_CLASS(ISnapshotManager, SnapshotManagerAction);
 
 using ProcessUpdateStateArgs = SnapshotManagerAction::Proto::ProcessUpdateStateArgs;
+using CreateLogicalAndSnapshotPartitionsArgs =
+        SnapshotManagerAction::Proto::CreateLogicalAndSnapshotPartitionsArgs;
+using RecoveryCreateSnapshotDevicesArgs =
+        SnapshotManagerAction::Proto::RecoveryCreateSnapshotDevicesArgs;
 
 FUZZ_SIMPLE_FUNCTION(SnapshotManagerAction, BeginUpdate);
 FUZZ_SIMPLE_FUNCTION(SnapshotManagerAction, CancelUpdate);
@@ -96,6 +102,31 @@ SNAPSHOT_FUZZ_FUNCTION(Dump) {
     (void)snapshot->Dump(ss);
 }
 
+SNAPSHOT_FUZZ_FUNCTION(UnmapUpdateSnapshot, const std::string& name) {
+    (void)snapshot->UnmapUpdateSnapshot(name);
+}
+
+SNAPSHOT_FUZZ_FUNCTION(CreateLogicalAndSnapshotPartitions,
+                       const CreateLogicalAndSnapshotPartitionsArgs& args) {
+    const std::string* super;
+    if (args.use_correct_super()) {
+        super = &GetSnapshotFuzzEnv()->super();
+    } else {
+        super = &args.super();
+    }
+    (void)snapshot->CreateLogicalAndSnapshotPartitions(
+            *super, std::chrono::milliseconds(args.timeout_millis()));
+}
+
+SNAPSHOT_FUZZ_FUNCTION(RecoveryCreateSnapshotDevicesWithMetadata,
+                       const RecoveryCreateSnapshotDevicesArgs& args) {
+    std::unique_ptr<AutoDevice> device;
+    if (args.has_metadata_device_object()) {
+        device = std::make_unique<DummyAutoDevice>(args.metadata_mounted());
+    }
+    (void)snapshot->RecoveryCreateSnapshotDevices(device);
+}
+
 // During global init, log all messages to stdio. This is only done once.
 int AllowLoggingDuringGlobalInit() {
     SetLogger(&StdioLogger);
@@ -116,18 +147,22 @@ int StopLoggingAfterGlobalInit() {
     return 0;
 }
 
+SnapshotFuzzEnv* GetSnapshotFuzzEnv() {
+    [[maybe_unused]] static auto allow_logging = AllowLoggingDuringGlobalInit();
+    static SnapshotFuzzEnv env;
+    [[maybe_unused]] static auto stop_logging = StopLoggingAfterGlobalInit();
+    return &env;
+}
+
 }  // namespace android::snapshot
 
 DEFINE_PROTO_FUZZER(const SnapshotFuzzData& snapshot_fuzz_data) {
     using namespace android::snapshot;
 
-    [[maybe_unused]] static auto allow_logging = AllowLoggingDuringGlobalInit();
-    static SnapshotFuzzEnv env;
-    [[maybe_unused]] static auto stop_logging = StopLoggingAfterGlobalInit();
+    auto env = GetSnapshotFuzzEnv();
+    env->CheckSoftReset();
 
-    env.CheckSoftReset();
-
-    auto snapshot_manager = env.CheckCreateSnapshotManager(snapshot_fuzz_data);
+    auto snapshot_manager = env->CheckCreateSnapshotManager(snapshot_fuzz_data);
     CHECK(snapshot_manager);
 
     SnapshotManagerAction::ExecuteAll(snapshot_manager.get(), snapshot_fuzz_data.actions());

fs_mgr/libsnapshot/snapshot_fuzz_utils.h

@@ -30,6 +30,11 @@ namespace android::snapshot {
 
 class AutoMemBasedDir;
 
+class DummyAutoDevice : public AutoDevice {
+  public:
+    DummyAutoDevice(bool mounted) : AutoDevice(mounted ? "dummy" : "") {}
+};
+
 // Prepare test environment. This has a heavy overhead and should be done once.
 class SnapshotFuzzEnv {
   public: