• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "gnssability_fuzzer.h"
17 
18 #include "accesstoken_kit.h"
19 #include "if_system_ability_manager.h"
20 #include "iservice_registry.h"
21 #include "message_option.h"
22 #include "message_parcel.h"
23 #include "nativetoken_kit.h"
24 #include "system_ability_definition.h"
25 #include "token_setproc.h"
26 #include "locator_ability.h"
27 #include "locationhub_ipc_interface_code.h"
28 
29 #ifdef FEATURE_GNSS_SUPPORT
30 #include "gnss_ability.h"
31 #endif
32 
33 namespace OHOS {
34 using namespace OHOS::Location;
35 const int32_t MAX_MEM_SIZE = 4 * 1024 * 1024;
36 const int32_t SLEEP_TIMES = 1000;
37 
ParseData(const uint8_t * data,size_t size)38 char* ParseData(const uint8_t* data, size_t size)
39 {
40     if (data == nullptr) {
41         return nullptr;
42     }
43 
44     if (size > MAX_MEM_SIZE) {
45         return nullptr;
46     }
47 
48     char* ch = (char *)malloc(size + 1);
49     if (ch == nullptr) {
50         return nullptr;
51     }
52 
53     (void)memset_s(ch, size + 1, 0x00, size + 1);
54     if (memcpy_s(ch, size, data, size) != EOK) {
55         free(ch);
56         ch = nullptr;
57         return nullptr;
58     }
59     return ch;
60 }
61 
62 #ifdef FEATURE_GNSS_SUPPORT
GnssAbility001FuzzTest(const char * data,size_t size)63 bool GnssAbility001FuzzTest(const char* data, size_t size)
64 {
65     MessageParcel requestParcel;
66     requestParcel.WriteInterfaceToken(u"location.IGnssAbility");
67     requestParcel.WriteBuffer(data, size);
68     requestParcel.RewindRead(0);
69     MessageParcel reply;
70     MessageOption option;
71 
72     auto ability1 = sptr<GnssAbility>(new (std::nothrow) GnssAbility());
73     ability1->OnRemoteRequest(static_cast<uint32_t>(GnssInterfaceCode::SEND_LOCATION_REQUEST),
74         requestParcel, reply, option);
75     auto ability2 = sptr<GnssAbility>(new (std::nothrow) GnssAbility());
76     ability2->OnRemoteRequest(static_cast<uint32_t>(GnssInterfaceCode::SET_MOCKED_LOCATIONS),
77         requestParcel, reply, option);
78     auto ability3 = sptr<GnssAbility>(new (std::nothrow) GnssAbility());
79     ability3->OnRemoteRequest(static_cast<uint32_t>(GnssInterfaceCode::SET_ENABLE),
80         requestParcel, reply, option);
81     auto ability4 = sptr<GnssAbility>(new (std::nothrow) GnssAbility());
82     ability4->OnRemoteRequest(static_cast<uint32_t>(GnssInterfaceCode::REFRESH_REQUESTS),
83         requestParcel, reply, option);
84     auto ability5 = sptr<GnssAbility>(new (std::nothrow) GnssAbility());
85     ability5->OnRemoteRequest(static_cast<uint32_t>(GnssInterfaceCode::REG_GNSS_STATUS),
86         requestParcel, reply, option);
87     auto ability6 = sptr<GnssAbility>(new (std::nothrow) GnssAbility());
88     ability6->OnRemoteRequest(static_cast<uint32_t>(GnssInterfaceCode::UNREG_GNSS_STATUS),
89         requestParcel, reply, option);
90     auto ability7 = sptr<GnssAbility>(new (std::nothrow) GnssAbility());
91     ability7->OnRemoteRequest(static_cast<uint32_t>(GnssInterfaceCode::REG_NMEA),
92         requestParcel, reply, option);
93     auto ability8 = sptr<GnssAbility>(new (std::nothrow) GnssAbility());
94     ability8->OnRemoteRequest(static_cast<uint32_t>(GnssInterfaceCode::UNREG_NMEA),
95         requestParcel, reply, option);
96     auto ability9 = sptr<GnssAbility>(new (std::nothrow) GnssAbility());
97     ability9->OnRemoteRequest(static_cast<uint32_t>(GnssInterfaceCode::REG_CACHED),
98         requestParcel, reply, option);
99 
100     std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
101 
102     return true;
103 }
104 
GnssAbility002FuzzTest(const char * data,size_t size)105 bool GnssAbility002FuzzTest(const char* data, size_t size)
106 {
107     MessageParcel requestParcel;
108     requestParcel.WriteInterfaceToken(u"location.IGnssAbility");
109     requestParcel.WriteBuffer(data, size);
110     requestParcel.RewindRead(0);
111     MessageParcel reply;
112     MessageOption option;
113 
114     auto ability10 = sptr<GnssAbility>(new (std::nothrow) GnssAbility());
115     ability10->OnRemoteRequest(static_cast<uint32_t>(GnssInterfaceCode::UNREG_CACHED),
116         requestParcel, reply, option);
117     auto ability11 = sptr<GnssAbility>(new (std::nothrow) GnssAbility());
118     ability11->OnRemoteRequest(static_cast<uint32_t>(GnssInterfaceCode::GET_CACHED_SIZE),
119         requestParcel, reply, option);
120     auto ability12 = sptr<GnssAbility>(new (std::nothrow) GnssAbility());
121     ability12->OnRemoteRequest(static_cast<uint32_t>(GnssInterfaceCode::FLUSH_CACHED),
122         requestParcel, reply, option);
123     auto ability13 = sptr<GnssAbility>(new (std::nothrow) GnssAbility());
124     ability13->OnRemoteRequest(static_cast<uint32_t>(GnssInterfaceCode::SEND_COMMANDS),
125         requestParcel, reply, option);
126     auto ability14 = sptr<GnssAbility>(new (std::nothrow) GnssAbility());
127     ability14->OnRemoteRequest(static_cast<uint32_t>(GnssInterfaceCode::ENABLE_LOCATION_MOCK),
128         requestParcel, reply, option);
129     auto ability15 = sptr<GnssAbility>(new (std::nothrow) GnssAbility());
130     ability15->OnRemoteRequest(static_cast<uint32_t>(GnssInterfaceCode::DISABLE_LOCATION_MOCK),
131         requestParcel, reply, option);
132     auto ability16 = sptr<GnssAbility>(new (std::nothrow) GnssAbility());
133     ability16->OnRemoteRequest(static_cast<uint32_t>(GnssInterfaceCode::ADD_FENCE_INFO),
134         requestParcel, reply, option);
135     auto ability17 = sptr<GnssAbility>(new (std::nothrow) GnssAbility());
136     ability17->OnRemoteRequest(static_cast<uint32_t>(GnssInterfaceCode::REMOVE_FENCE_INFO),
137         requestParcel, reply, option);
138 
139     std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
140 
141     return true;
142 }
143 #endif
144 } // namespace OHOS
145 
146 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)147 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
148 {
149     char* ch = OHOS::ParseData(data, size);
150     if (ch != nullptr) {
151 #ifdef FEATURE_GNSS_SUPPORT
152         OHOS::GnssAbility001FuzzTest(ch, size);
153         OHOS::GnssAbility002FuzzTest(ch, size);
154 #endif
155         free(ch);
156         ch = nullptr;
157     }
158     return 0;
159 }
160 
161