1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "dbinderdatabusinvoker_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <cstring>
21 #include "dbinder_databus_invoker.h"
22 #include "sys_binder.h"
23
24 namespace OHOS {
AcquireHandleTest(const uint8_t * data,size_t size)25 bool AcquireHandleTest(const uint8_t* data, size_t size)
26 {
27 if (data == nullptr || size < sizeof(int32_t)) {
28 return false;
29 }
30
31 DBinderDatabusInvoker invoker;
32 int32_t testHandle = *(reinterpret_cast<const int32_t*>(data));
33 int ret = invoker.AcquireHandle(testHandle);
34 if (ret == 0) {
35 return false;
36 }
37 return true;
38 }
39
ReleaseHandleTest(const uint8_t * data,size_t size)40 bool ReleaseHandleTest(const uint8_t* data, size_t size)
41 {
42 if (data == nullptr || size < sizeof(int32_t)) {
43 return false;
44 }
45
46 DBinderDatabusInvoker invoker;
47 int32_t testHandle = *(reinterpret_cast<const int32_t*>(data));
48 int ret = invoker.ReleaseHandle(testHandle);
49 if (ret == 0) {
50 return false;
51 }
52 return true;
53 }
54
QueryClientSessionObjectTest(const uint8_t * data,size_t size)55 bool QueryClientSessionObjectTest(const uint8_t* data, size_t size)
56 {
57 if (data == nullptr || size < sizeof(int32_t)) {
58 return false;
59 }
60
61 DBinderDatabusInvoker invoker;
62 int32_t testHandle = *(reinterpret_cast<const int32_t*>(data));
63 std::shared_ptr<DBinderSessionObject> testPeer = nullptr;
64 testPeer = invoker.QueryClientSessionObject(testHandle);
65 if (testPeer == nullptr) {
66 return false;
67 }
68 return true;
69 }
70
QueryServerSessionObjectTest(const uint8_t * data,size_t size)71 bool QueryServerSessionObjectTest(const uint8_t* data, size_t size)
72 {
73 if (data == nullptr || size < sizeof(int32_t)) {
74 return false;
75 }
76
77 DBinderDatabusInvoker invoker;
78 int32_t testHandle = *(reinterpret_cast<const int32_t*>(data));
79 std::shared_ptr<DBinderSessionObject> testPeer = nullptr;
80 testPeer = invoker.QueryServerSessionObject(testHandle);
81 if (testPeer == nullptr) {
82 return false;
83 }
84 return true;
85 }
86
OnMessageAvailableTest(const uint8_t * data,size_t size)87 bool OnMessageAvailableTest(const uint8_t* data, size_t size)
88 {
89 if (data == nullptr || size < sizeof(ssize_t)) {
90 return false;
91 }
92
93 DBinderDatabusInvoker invoker;
94 std::shared_ptr<Session> session = nullptr;
95 char *testData = nullptr;
96 ssize_t testLen = *(reinterpret_cast<const ssize_t*>(data));
97 invoker.OnMessageAvailable(session, testData, testLen);
98 return true;
99 }
100
JoinThreadTest(const uint8_t * data,size_t size)101 bool JoinThreadTest(const uint8_t* data, size_t size)
102 {
103 if (data == nullptr || size < sizeof(bool)) {
104 return false;
105 }
106
107 DBinderDatabusInvoker invoker;
108 bool initiative = *(reinterpret_cast<const bool*>(data));
109 invoker.JoinThread(initiative);
110 return true;
111 }
112
StopWorkThreadTest(const uint8_t * data,size_t size)113 bool StopWorkThreadTest(const uint8_t* data, size_t size)
114 {
115 if (data == nullptr || size == 0) {
116 return false;
117 }
118
119 DBinderDatabusInvoker invoker;
120 invoker.StopWorkThread();
121 return true;
122 }
123
OnDatabusSessionClosedTest(const uint8_t * data,size_t size)124 bool OnDatabusSessionClosedTest(const uint8_t* data, size_t size)
125 {
126 if (data == nullptr || size == 0) {
127 return false;
128 }
129
130 DBinderDatabusInvoker invoker;
131 std::shared_ptr<Session> session = nullptr;
132 if (invoker.OnDatabusSessionClosed(session) == false) {
133 return false;
134 }
135 return true;
136 }
137
GetCallerPidTest(const uint8_t * data,size_t size)138 bool GetCallerPidTest(const uint8_t* data, size_t size)
139 {
140 if (data == nullptr || size == 0) {
141 return false;
142 }
143
144 DBinderDatabusInvoker invoker;
145 invoker.GetCallerPid();
146 return true;
147 }
148
GetStatusTest(const uint8_t * data,size_t size)149 bool GetStatusTest(const uint8_t* data, size_t size)
150 {
151 if (data == nullptr || size == 0) {
152 return false;
153 }
154
155 DBinderDatabusInvoker invoker;
156 invoker.GetStatus();
157 return true;
158 }
159
GetCallerUidTest(const uint8_t * data,size_t size)160 bool GetCallerUidTest(const uint8_t* data, size_t size)
161 {
162 if (data == nullptr || size == 0) {
163 return false;
164 }
165
166 DBinderDatabusInvoker invoker;
167 invoker.GetCallerUid();
168 return true;
169 }
170
GetCallerTokenIDTest(const uint8_t * data,size_t size)171 bool GetCallerTokenIDTest(const uint8_t* data, size_t size)
172 {
173 if (data == nullptr || size == 0) {
174 return false;
175 }
176
177 DBinderDatabusInvoker invoker;
178 invoker.GetCallerTokenID();
179 return true;
180 }
181
GetFirstTokenIDTest(const uint8_t * data,size_t size)182 bool GetFirstTokenIDTest(const uint8_t* data, size_t size)
183 {
184 if (data == nullptr || size == 0) {
185 return false;
186 }
187
188 DBinderDatabusInvoker invoker;
189 invoker.GetFirstTokenID();
190 return true;
191 }
192
IsLocalCallingTest(const uint8_t * data,size_t size)193 bool IsLocalCallingTest(const uint8_t* data, size_t size)
194 {
195 if (data == nullptr || size == 0) {
196 return false;
197 }
198
199 DBinderDatabusInvoker invoker;
200 if (invoker.IsLocalCalling() != false) {
201 return false;
202 }
203 return true;
204 }
205
FlushCommandsTest(const uint8_t * data,size_t size)206 bool FlushCommandsTest(const uint8_t* data, size_t size)
207 {
208 if (data == nullptr || size == 0) {
209 return false;
210 }
211
212 DBinderDatabusInvoker invoker;
213 IRemoteObject *object = nullptr;
214 if (invoker.FlushCommands(object) == 0) {
215 return false;
216 }
217 return true;
218 }
219
ResetCallingIdentityTest(const uint8_t * data,size_t size)220 bool ResetCallingIdentityTest(const uint8_t* data, size_t size)
221 {
222 if (data == nullptr || size == 0) {
223 return false;
224 }
225
226 DBinderDatabusInvoker invoker;
227 std::string identity = invoker.ResetCallingIdentity();
228 if (identity.empty()) {
229 return false;
230 }
231 return true;
232 }
233
TranslateProxyTest(const uint8_t * data,size_t size)234 bool TranslateProxyTest(const uint8_t* data, size_t size)
235 {
236 if (data == nullptr || size < sizeof(int32_t)) {
237 return false;
238 }
239
240 DBinderDatabusInvoker invoker;
241 int32_t testHandle = *(reinterpret_cast<const int32_t*>(data));
242 uint32_t flag = 0;
243 if (invoker.TranslateProxy(testHandle, flag) == 0) {
244 return false;
245 }
246 return true;
247 }
248 }
249
250 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)251 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
252 {
253 /* Run your code on data */
254 OHOS::AcquireHandleTest(data, size);
255 OHOS::ReleaseHandleTest(data, size);
256 OHOS::QueryClientSessionObjectTest(data, size);
257 OHOS::QueryServerSessionObjectTest(data, size);
258 OHOS::OnMessageAvailableTest(data, size);
259 OHOS::JoinThreadTest(data, size);
260 OHOS::StopWorkThreadTest(data, size);
261 OHOS::OnDatabusSessionClosedTest(data, size);
262 OHOS::GetCallerPidTest(data, size);
263 OHOS::GetStatusTest(data, size);
264 OHOS::GetCallerUidTest(data, size);
265 OHOS::GetCallerTokenIDTest(data, size);
266 OHOS::GetFirstTokenIDTest(data, size);
267 OHOS::IsLocalCallingTest(data, size);
268 OHOS::FlushCommandsTest(data, size);
269 OHOS::ResetCallingIdentityTest(data, size);
270 OHOS::TranslateProxyTest(data, size);
271 return 0;
272 }
273