1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "abilityschedulerstub_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20
21 #include "ability_scheduler_stub.h"
22 #include "message_parcel.h"
23 #include "securec.h"
24
25 using namespace OHOS::AAFwk;
26
27 namespace OHOS {
28 namespace {
29 constexpr size_t FOO_MAX_LEN = 1024;
30 constexpr size_t U32_AT_SIZE = 4;
31 const std::u16string ABILITYMGR_INTERFACE_TOKEN = u"ohos.aafwk.AbilityScheduler";
32 }
33 class AbilitySchedulerStubFuzzTest : public AbilitySchedulerStub {
34 public:
35 AbilitySchedulerStubFuzzTest() = default;
~AbilitySchedulerStubFuzzTest()36 virtual ~AbilitySchedulerStubFuzzTest()
37 {};
ScheduleAbilityTransaction(const Want & want,const LifeCycleStateInfo & targetState)38 void ScheduleAbilityTransaction(const Want &want, const LifeCycleStateInfo &targetState) override
39 {}
SendResult(int requestCode,int resultCode,const Want & resultWant)40 void SendResult(int requestCode, int resultCode, const Want &resultWant) override
41 {}
ScheduleConnectAbility(const Want & want)42 void ScheduleConnectAbility(const Want &want) override
43 {}
ScheduleDisconnectAbility(const Want & want)44 void ScheduleDisconnectAbility(const Want &want) override
45 {}
ScheduleCommandAbility(const Want & want,bool restart,int startId)46 void ScheduleCommandAbility(const Want &want, bool restart, int startId) override
47 {}
ScheduleSaveAbilityState()48 void ScheduleSaveAbilityState() override
49 {}
ScheduleRestoreAbilityState(const PacMap & inState)50 void ScheduleRestoreAbilityState(const PacMap &inState) override
51 {}
GetFileTypes(const Uri & uri,const std::string & mimeTypeFilter)52 std::vector<std::string> GetFileTypes(const Uri &uri, const std::string &mimeTypeFilter) override
53 {
54 return {};
55 }
OpenFile(const Uri & uri,const std::string & mode)56 int OpenFile(const Uri &uri, const std::string &mode) override
57 {
58 return 0;
59 }
OpenRawFile(const Uri & uri,const std::string & mode)60 int OpenRawFile(const Uri &uri, const std::string &mode) override
61 {
62 return 0;
63 }
Insert(const Uri & uri,const NativeRdb::ValuesBucket & value)64 int Insert(const Uri &uri, const NativeRdb::ValuesBucket &value) override
65 {
66 return 0;
67 }
Update(const Uri & uri,const NativeRdb::ValuesBucket & value,const NativeRdb::DataAbilityPredicates & predicates)68 int Update(const Uri &uri, const NativeRdb::ValuesBucket &value,
69 const NativeRdb::DataAbilityPredicates &predicates) override
70 {
71 return 0;
72 }
Delete(const Uri & uri,const NativeRdb::DataAbilityPredicates & predicates)73 int Delete(const Uri &uri, const NativeRdb::DataAbilityPredicates &predicates) override
74 {
75 return 0;
76 }
Call(const Uri & uri,const std::string & method,const std::string & arg,const AppExecFwk::PacMap & pacMap)77 std::shared_ptr<AppExecFwk::PacMap> Call(
78 const Uri &uri, const std::string &method, const std::string &arg, const AppExecFwk::PacMap &pacMap) override
79 {
80 return {};
81 }
Query(const Uri & uri,std::vector<std::string> & columns,const NativeRdb::DataAbilityPredicates & predicates)82 std::shared_ptr<NativeRdb::AbsSharedResultSet> Query(const Uri &uri,
83 std::vector<std::string> &columns, const NativeRdb::DataAbilityPredicates &predicates) override
84 {
85 return {};
86 }
GetType(const Uri & uri)87 std::string GetType(const Uri &uri) override
88 {
89 return {};
90 }
Reload(const Uri & uri,const PacMap & extras)91 bool Reload(const Uri &uri, const PacMap &extras) override
92 {
93 return true;
94 }
BatchInsert(const Uri & uri,const std::vector<NativeRdb::ValuesBucket> & values)95 int BatchInsert(const Uri &uri, const std::vector<NativeRdb::ValuesBucket> &values) override
96 {
97 return 0;
98 }
ScheduleRegisterObserver(const Uri & uri,const sptr<IDataAbilityObserver> & dataObserver)99 bool ScheduleRegisterObserver(const Uri &uri, const sptr<IDataAbilityObserver> &dataObserver) override
100 {
101 return true;
102 }
ScheduleUnregisterObserver(const Uri & uri,const sptr<IDataAbilityObserver> & dataObserver)103 bool ScheduleUnregisterObserver(const Uri &uri, const sptr<IDataAbilityObserver> &dataObserver) override
104 {
105 return true;
106 }
ScheduleNotifyChange(const Uri & uri)107 bool ScheduleNotifyChange(const Uri &uri) override
108 {
109 return true;
110 }
NormalizeUri(const Uri & uri)111 Uri NormalizeUri(const Uri &uri) override
112 {
113 return Uri{"abilityschedulerstub"};
114 }
115
DenormalizeUri(const Uri & uri)116 Uri DenormalizeUri(const Uri &uri) override
117 {
118 return Uri{"abilityschedulerstub"};
119 }
ExecuteBatch(const std::vector<std::shared_ptr<AppExecFwk::DataAbilityOperation>> & operations)120 std::vector<std::shared_ptr<AppExecFwk::DataAbilityResult>> ExecuteBatch(
121 const std::vector<std::shared_ptr<AppExecFwk::DataAbilityOperation>> &operations) override
122 {
123 return {};
124 }
ContinueAbility(const std::string & deviceId,uint32_t versionCode)125 void ContinueAbility(const std::string& deviceId, uint32_t versionCode) override
126 {}
NotifyContinuationResult(int32_t result)127 void NotifyContinuationResult(int32_t result) override
128 {}
DumpAbilityInfo(const std::vector<std::string> & params,std::vector<std::string> & info)129 void DumpAbilityInfo(const std::vector<std::string> ¶ms, std::vector<std::string> &info) override
130 {}
BlockAbility()131 int BlockAbility() override
132 {
133 return 0;
134 }
CallRequest()135 void CallRequest() override
136 {
137 return;
138 }
139 };
140
GetU32Data(const char * ptr)141 uint32_t GetU32Data(const char* ptr)
142 {
143 // convert fuzz input data to an integer
144 return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3];
145 }
146
DoSomethingInterestingWithMyAPI(const char * data,size_t size)147 bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
148 {
149 uint32_t code = GetU32Data(data);
150
151 MessageParcel parcel;
152 parcel.WriteInterfaceToken(ABILITYMGR_INTERFACE_TOKEN);
153 parcel.WriteBuffer(data, size);
154 parcel.RewindRead(0);
155 MessageParcel reply;
156 MessageOption option;
157
158 std::shared_ptr<AbilitySchedulerStub> abilityschedulerstub = std::make_shared<AbilitySchedulerStubFuzzTest>();
159
160 if (abilityschedulerstub->OnRemoteRequest(code, parcel, reply, option) != 0) {
161 return false;
162 }
163
164 return true;
165 }
166 }
167
168 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)169 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
170 {
171 /* Run your code on data */
172 if (data == nullptr) {
173 std::cout << "invalid data" << std::endl;
174 return 0;
175 }
176
177 /* Validate the length of size */
178 if (size > OHOS::FOO_MAX_LEN || size < OHOS::U32_AT_SIZE) {
179 return 0;
180 }
181
182 char* ch = (char *)malloc(size + 1);
183 if (ch == nullptr) {
184 std::cout << "malloc failed." << std::endl;
185 return 0;
186 }
187
188 (void)memset_s(ch, size + 1, 0x00, size + 1);
189 if (memcpy_s(ch, size, data, size) != EOK) {
190 std::cout << "copy failed." << std::endl;
191 free(ch);
192 ch = nullptr;
193 return 0;
194 }
195
196 OHOS::DoSomethingInterestingWithMyAPI(ch, size);
197 free(ch);
198 ch = nullptr;
199 return 0;
200 }
201
202