• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "co_auth_service_fuzzer.h"
17 
18 #include "parcel.h"
19 
20 #include "co_auth_service.h"
21 #include "executor_messenger_service.h"
22 #include "executor_callback_interface.h"
23 #include "iam_fuzz_test.h"
24 #include "iam_logger.h"
25 #include "iam_ptr.h"
26 
27 #define LOG_LABEL OHOS::UserIam::Common::LABEL_USER_AUTH_SA
28 
29 #undef private
30 
31 using namespace std;
32 using namespace OHOS::UserIam::Common;
33 using namespace OHOS::UserIam::UserAuth;
34 using ExecutorRegisterInfo = CoAuthInterface::ExecutorRegisterInfo;
35 
36 namespace OHOS {
37 namespace UserIam {
38 namespace CoAuth {
39 namespace {
40 class CoAuthServiceFuzzer : public ExecutorCallbackInterface {
41 public:
CoAuthServiceFuzzer(int32_t onBeginExecuteResult,int32_t onEndExecuteResult,int32_t onSetPropertyResult,int32_t onGetPropertyResult)42     CoAuthServiceFuzzer(int32_t onBeginExecuteResult, int32_t onEndExecuteResult, int32_t onSetPropertyResult,
43         int32_t onGetPropertyResult)
44         : onBeginExecuteResult_(onBeginExecuteResult),
45           onEndExecuteResult_(onEndExecuteResult),
46           onSetPropertyResult_(onSetPropertyResult),
47           onGetPropertyResult_(onGetPropertyResult)
48     {
49     }
50 
51     virtual ~CoAuthServiceFuzzer() = default;
52 
OnMessengerReady(sptr<ExecutorMessengerInterface> & messenger,const std::vector<uint8_t> & publicKey,const std::vector<uint64_t> & templateIdList)53     void OnMessengerReady(sptr<ExecutorMessengerInterface> &messenger, const std::vector<uint8_t> &publicKey,
54         const std::vector<uint64_t> &templateIdList) override
55     {
56         IAM_LOGI("start");
57         return;
58     }
59 
OnBeginExecute(uint64_t scheduleId,const std::vector<uint8_t> & publicKey,const Attributes & command)60     int32_t OnBeginExecute(uint64_t scheduleId, const std::vector<uint8_t> &publicKey,
61         const Attributes &command) override
62     {
63         IAM_LOGI("start");
64         return onBeginExecuteResult_;
65     }
66 
OnEndExecute(uint64_t scheduleId,const Attributes & command)67     int32_t OnEndExecute(uint64_t scheduleId, const Attributes &command) override
68     {
69         IAM_LOGI("start");
70         return onEndExecuteResult_;
71     }
72 
OnSetProperty(const Attributes & properties)73     int32_t OnSetProperty(const Attributes &properties) override
74     {
75         IAM_LOGI("start");
76         return onSetPropertyResult_;
77     }
78 
OnGetProperty(const Attributes & condition,Attributes & values)79     int32_t OnGetProperty(const Attributes &condition, Attributes &values) override
80     {
81         IAM_LOGI("start");
82         return onGetPropertyResult_;
83     }
84 
AsObject()85     sptr<IRemoteObject> AsObject() override
86     {
87         return nullptr;
88     }
89 
90 private:
91     int32_t onBeginExecuteResult_;
92     int32_t onEndExecuteResult_;
93     int32_t onSetPropertyResult_;
94     int32_t onGetPropertyResult_;
95 };
96 
FillFuzzExecutorRegisterInfo(Parcel & parcel,ExecutorRegisterInfo & executorInfo)97 void FillFuzzExecutorRegisterInfo(Parcel &parcel, ExecutorRegisterInfo &executorInfo)
98 {
99     executorInfo.authType = static_cast<UserIam::UserAuth::AuthType>(parcel.ReadInt32());
100     executorInfo.executorRole = static_cast<UserIam::UserAuth::ExecutorRole>(parcel.ReadInt32());
101     executorInfo.executorSensorHint = parcel.ReadUint32();
102     executorInfo.executorMatcher = parcel.ReadUint32();
103     executorInfo.esl = static_cast<UserIam::UserAuth::ExecutorSecureLevel>(parcel.ReadInt32());
104     FillFuzzUint8Vector(parcel, executorInfo.publicKey);
105     IAM_LOGI("FillFuzzExecutorRegisterInfo success");
106 }
107 
108 CoAuthService g_coAuthService(SUBSYS_USERIAM_SYS_ABILITY_AUTHEXECUTORMGR, true);
109 sptr<ExecutorMessengerService> executorMessengerService = ExecutorMessengerService::GetInstance();
110 
FuzzOnStop(Parcel & parcel)111 void FuzzOnStop(Parcel &parcel)
112 {
113     IAM_LOGI("FuzzOnStop begin");
114     static_cast<void>(parcel);
115     static int32_t skipCount = 500;
116     // OnStop affects test of other function, skip it in the first phase
117     if (skipCount > 0) {
118         --skipCount;
119         return;
120     }
121     g_coAuthService.OnStop();
122     IAM_LOGI("FuzzOnStop end");
123 }
124 
FuzzRegister(Parcel & parcel)125 void FuzzRegister(Parcel &parcel)
126 {
127     IAM_LOGI("FuzzRegister begin");
128     ExecutorRegisterInfo executorInfo;
129     FillFuzzExecutorRegisterInfo(parcel, executorInfo);
130     sptr<ExecutorCallbackInterface> callback = nullptr;
131     if (parcel.ReadBool()) {
132         callback = new (std::nothrow)
133             CoAuthServiceFuzzer(parcel.ReadInt32(), parcel.ReadInt32(), parcel.ReadInt32(), parcel.ReadInt32());
134     }
135     g_coAuthService.ExecutorRegister(executorInfo, callback);
136     IAM_LOGI("FuzzRegister end");
137 }
138 
FuzzSendData(Parcel & parcel)139 void FuzzSendData(Parcel &parcel)
140 {
141     IAM_LOGI("FuzzSendData begin");
142     uint64_t scheduleId = parcel.ReadUint64();
143     uint64_t transNum = parcel.ReadUint64();
144     ExecutorRole srcRole = static_cast<ExecutorRole>(parcel.ReadInt32());
145     ExecutorRole dstRole = static_cast<ExecutorRole>(parcel.ReadInt32());
146     std::vector<uint8_t> msg;
147     Common::FillFuzzUint8Vector(parcel, msg);
148 
149     if (executorMessengerService != nullptr) {
150         executorMessengerService->SendData(scheduleId, transNum, srcRole, dstRole, msg);
151     }
152     IAM_LOGI("FuzzSendData end");
153 }
154 
FuzzFinish(Parcel & parcel)155 void FuzzFinish(Parcel &parcel)
156 {
157     IAM_LOGI("FuzzFinish begin");
158     uint64_t scheduleId = parcel.ReadUint64();
159     ExecutorRole srcRole = static_cast<ExecutorRole>(parcel.ReadInt32());
160     ResultCode resultCode = static_cast<ResultCode>(parcel.ReadInt32());
161     auto finalResult = Common::MakeShared<Attributes>();
162 
163     if (executorMessengerService != nullptr) {
164         executorMessengerService->Finish(scheduleId, srcRole, resultCode, finalResult);
165     }
166     IAM_LOGI("FuzzFinish end");
167 }
168 
169 using FuzzFunc = decltype(FuzzOnStop);
170 FuzzFunc *g_fuzzFuncs[] = {
171     FuzzOnStop,
172     FuzzRegister,
173     FuzzSendData,
174     FuzzFinish,
175 };
176 
CoAuthFuzzTest(const uint8_t * data,size_t size)177 void CoAuthFuzzTest(const uint8_t *data, size_t size)
178 {
179     Parcel parcel;
180     parcel.WriteBuffer(data, size);
181     parcel.RewindRead(0);
182     uint32_t index = parcel.ReadUint32() % (sizeof(g_fuzzFuncs) / sizeof(FuzzFunc *));
183     auto fuzzFunc = g_fuzzFuncs[index];
184     fuzzFunc(parcel);
185     return;
186 }
187 } // namespace
188 } // namespace CoAuth
189 } // namespace UserIam
190 } // namespace OHOS
191 
192 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)193 extern "C" int32_t LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
194 {
195     OHOS::UserIam::CoAuth::CoAuthFuzzTest(data, size);
196     return 0;
197 }
198