1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "missionlistmanagerfirst_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20
21 #define private public
22 #include "mission_list_manager.h"
23 #undef private
24
25 #include "ability_record.h"
26 #include "mission_info_mgr.h"
27
28 using namespace OHOS::AAFwk;
29 using namespace OHOS::AppExecFwk;
30
31 namespace OHOS {
32 namespace {
33 constexpr size_t FOO_MAX_LEN = 1024;
34 constexpr size_t U32_AT_SIZE = 4;
35 constexpr uint8_t ENABLE = 2;
36 }
37
GetU32Data(const char * ptr)38 uint32_t GetU32Data(const char* ptr)
39 {
40 // convert fuzz input data to an integer
41 return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3];
42 }
43
GetFuzzAbilityRecord()44 std::shared_ptr<AbilityRecord> GetFuzzAbilityRecord()
45 {
46 sptr<Token> token = nullptr;
47 AbilityRequest abilityRequest;
48 abilityRequest.appInfo.bundleName = "com.example.fuzzTest";
49 abilityRequest.abilityInfo.name = "MainAbility";
50 abilityRequest.abilityInfo.type = AbilityType::DATA;
51 std::shared_ptr<AbilityRecord> abilityRecord = AbilityRecord::CreateAbilityRecord(abilityRequest);
52 if (!abilityRecord) {
53 return nullptr;
54 }
55 return abilityRecord;
56 }
57
GetFuzzAbilityToken()58 sptr<Token> GetFuzzAbilityToken()
59 {
60 sptr<Token> token = nullptr;
61 std::shared_ptr<AbilityRecord> abilityRecord = GetFuzzAbilityRecord();
62 if (abilityRecord) {
63 token = abilityRecord->GetToken();
64 }
65 return token;
66 }
67
DoSomethingInterestingWithMyAPI(const char * data,size_t size)68 bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
69 {
70 bool boolParam = *data % ENABLE;
71 int intParam = static_cast<int>(GetU32Data(data));
72 int32_t int32Param = static_cast<int32_t>(GetU32Data(data));
73 std::string stringParam(data, size);
74 Parcel wantParcel;
75 Want *want = nullptr;
76 if (wantParcel.WriteBuffer(data, size)) {
77 want = Want::Unmarshalling(wantParcel);
78 if (!want) {
79 return false;
80 }
81 }
82 std::shared_ptr<AbilityRecord> abilityRecord = GetFuzzAbilityRecord();
83 sptr<IRemoteObject> token = GetFuzzAbilityToken();
84 std::vector<std::string> info;
85
86 // fuzz for MissionListManager
87 auto missionListManager = std::make_shared<MissionListManager>(intParam);
88 auto launcherList = std::make_shared<MissionList>(MissionListType::LAUNCHER);
89 missionListManager->launcherList_ = launcherList;
90 missionListManager->defaultStandardList_ = std::make_shared<MissionList>(MissionListType::DEFAULT_STANDARD);
91 missionListManager->defaultSingleList_ = std::make_shared<MissionList>(MissionListType::DEFAULT_SINGLE);
92 missionListManager->currentMissionLists_.push_front(launcherList);
93 if (!missionListManager->listenerController_) {
94 missionListManager->listenerController_ = std::make_shared<MissionListenerController>();
95 }
96 DelayedSingleton<MissionInfoMgr>::GetInstance()->Init(intParam);
97 AbilityRequest abilityRequest;
98 missionListManager->StartAbility(abilityRequest);
99 missionListManager->StartAbility(abilityRecord, abilityRecord, abilityRequest);
100 missionListManager->MinimizeAbility(token, boolParam);
101 sptr<IMissionListener> listener;
102 missionListManager->RegisterMissionListener(listener);
103 missionListManager->UnRegisterMissionListener(listener);
104 std::vector<MissionInfo> missionInfos;
105 missionListManager->GetMissionInfos(int32Param, missionInfos);
106 MissionInfo missionInfo;
107 missionListManager->GetMissionInfo(int32Param, missionInfo);
108 std::shared_ptr<StartOptions> startOptions = std::make_shared<StartOptions>();
109 missionListManager->MoveMissionToFront(int32Param, startOptions);
110 missionListManager->MoveMissionToFront(int32Param, boolParam, startOptions);
111 missionListManager->EnqueueWaitingAbility(abilityRequest);
112 missionListManager->EnqueueWaitingAbilityToFront(abilityRequest);
113 missionListManager->StartWaitingAbility();
114 missionListManager->StartAbilityLocked(abilityRecord, abilityRecord, abilityRequest);
115 std::shared_ptr<Mission> mission = std::make_shared<Mission>(int32Param, abilityRecord);
116 missionListManager->HandleReusedMissionAndAbility(abilityRequest, mission, abilityRecord);
117 missionListManager->GetMissionName(abilityRequest);
118 InnerMissionInfo innerMissionInfo;
119 missionListManager->CreateOrReusedMissionInfo(abilityRequest, innerMissionInfo);
120 missionListManager->GetTargetMissionAndAbility(abilityRequest, mission, abilityRecord);
121 missionListManager->BuildInnerMissionInfo(innerMissionInfo, stringParam, abilityRequest);
122 missionListManager->GetTargetMissionList(abilityRecord, abilityRequest);
123 missionListManager->GetTargetMissionListByLauncher(abilityRequest);
124 missionListManager->GetTargetMissionListByDefault(abilityRecord, abilityRequest);
125 missionListManager->GetReusedMission(abilityRequest);
126 missionListManager->GetReusedSpecifiedMission(abilityRequest);
127 std::shared_ptr<MissionList> missionList = std::make_shared<MissionList>();
128 missionListManager->MoveMissionToTargetList(boolParam, missionList, mission);
129 missionListManager->MoveNoneTopMissionToDefaultList(mission);
130 missionListManager->MoveMissionListToTop(missionList);
131 missionListManager->MinimizeAbilityLocked(abilityRecord, boolParam);
132 missionListManager->GetCurrentTopAbilityLocked();
133 sptr<IAbilityScheduler> scheduler;
134 missionListManager->AttachAbilityThread(scheduler, token);
135 missionListManager->OnAbilityRequestDone(token, int32Param);
136 AppInfo appInfo;
137 missionListManager->OnAppStateChanged(appInfo);
138 missionListManager->GetAbilityRecordByToken(token);
139 missionListManager->GetMissionById(intParam);
140
141 return true;
142 }
143 }
144
145 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)146 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
147 {
148 /* Run your code on data */
149 if (data == nullptr) {
150 return 0;
151 }
152
153 /* Validate the length of size */
154 if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) {
155 return 0;
156 }
157
158 char* ch = (char *)malloc(size + 1);
159 if (ch == nullptr) {
160 std::cout << "malloc failed." << std::endl;
161 return 0;
162 }
163
164 (void)memset_s(ch, size + 1, 0x00, size + 1);
165 if (memcpy_s(ch, size, data, size) != EOK) {
166 std::cout << "copy failed." << std::endl;
167 free(ch);
168 ch = nullptr;
169 return 0;
170 }
171
172 OHOS::DoSomethingInterestingWithMyAPI(ch, size);
173 free(ch);
174 ch = nullptr;
175 return 0;
176 }
177