1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include <cstddef>
16 #include <cstdint>
17 #define private public
18 #include "concurrent_task_client.h"
19 #undef private
20 #include "concurrent_task_service_proxy.h"
21 #include "concurrent_task_service.h"
22 #include "securec.h"
23 #include "qos.h"
24 #include "concurrent_task_client.h"
25 #include "concurrent_fuzzer.h"
26 using namespace OHOS::ConcurrentTask;
27 using namespace OHOS::QOS;
28
29 namespace OHOS {
30 const uint8_t *g_baseFuzzData = nullptr;
31 size_t g_baseFuzzSize = 0;
32 size_t g_baseFuzzPos;
33
34 namespace {
35 constexpr int TEST_DATA_FIRST = 1;
36 constexpr int TEST_DATA_SECOND = 2;
37 constexpr int TEST_DATA_THIRD = 3;
38 constexpr int TEST_DATA_FOURTH = 4;
39 constexpr int TEST_DATA_FIFTH = 5;
40 constexpr int TEST_DATA_SIXTH = 6;
41 constexpr int TEST_DATA_SEVENTH = 7;
42 constexpr int TEST_DATA_EIGHTH = 8;
43 constexpr int TEST_DATA_TENTH = 10;
44 }
GetData()45 template <class T> T GetData()
46 {
47 T object{};
48 size_t objectSize = sizeof(object);
49 if (g_baseFuzzData == nullptr || objectSize > g_baseFuzzSize - g_baseFuzzPos) {
50 return object;
51 }
52 ErrCode ret = memcpy_s(&object, objectSize, g_baseFuzzData + g_baseFuzzPos, objectSize);
53 if (ret != ERR_OK) {
54 return {};
55 }
56 g_baseFuzzPos += objectSize;
57 return object;
58 }
59
FuzzConcurrentTaskTryConnect(const uint8_t * data,size_t size)60 bool FuzzConcurrentTaskTryConnect(const uint8_t* data, size_t size)
61 {
62 if (data == nullptr) {
63 return false;
64 }
65 if (size < sizeof(int32_t)) {
66 return false;
67 }
68 return ConcurrentTaskClient::GetInstance().TryConnect() == ERR_OK;
69 }
70
FuzzConcurrentTaskServiceReportData(const uint8_t * data,size_t size)71 bool FuzzConcurrentTaskServiceReportData(const uint8_t* data, size_t size)
72 {
73 g_baseFuzzData = data;
74 g_baseFuzzSize = size;
75 g_baseFuzzPos = 0;
76 if (size > sizeof(int) + sizeof(int)) {
77 MessageParcel data1;
78 Parcel parcel;
79 sptr<IRemoteObject> iremoteobject = IRemoteObject::Unmarshalling(parcel);
80 int intdata = GetData<int>();
81 void *voiddata = &intdata;
82 size_t size1 = sizeof(int);
83 data1.WriteRemoteObject(iremoteobject);
84 data1.WriteRawData(voiddata, size1);
85 data1.ReadRawData(size1);
86 MessageParcel reply;
87 MessageOption option;
88 uint32_t code = static_cast<uint32_t>(ConcurrentTaskInterfaceCode::REPORT_DATA);
89 ConcurrentTaskService s = ConcurrentTaskService();
90 s.OnRemoteRequest(code, data1, reply, option);
91 }
92 return true;
93 }
94
FuzzConcurrentTaskServiceQueryInterval(const uint8_t * data,size_t size)95 bool FuzzConcurrentTaskServiceQueryInterval(const uint8_t* data, size_t size)
96 {
97 g_baseFuzzData = data;
98 g_baseFuzzSize = size;
99 g_baseFuzzPos = 0;
100 if (size > sizeof(int) + sizeof(int)) {
101 MessageParcel data1;
102 Parcel parcel;
103 sptr<IRemoteObject> iremoteobject = IRemoteObject::Unmarshalling(parcel);
104 int intdata = GetData<int>();
105 void *voiddata = &intdata;
106 size_t size1 = sizeof(int);
107 data1.WriteRemoteObject(iremoteobject);
108 data1.WriteRawData(voiddata, size1);
109 data1.ReadRawData(size1);
110 MessageParcel reply;
111 MessageOption option;
112 uint32_t code = static_cast<uint32_t>(ConcurrentTaskInterfaceCode::QUERY_INTERVAL);
113 ConcurrentTaskService s = ConcurrentTaskService();
114 s.OnRemoteRequest(code, data1, reply, option);
115 }
116 return true;
117 }
118
FuzzConcurrentTaskServiceQueryDeadline(const uint8_t * data,size_t size)119 bool FuzzConcurrentTaskServiceQueryDeadline(const uint8_t* data, size_t size)
120 {
121 g_baseFuzzData = data;
122 g_baseFuzzSize = size;
123 g_baseFuzzPos = 0;
124 if (size > sizeof(int) + sizeof(int)) {
125 MessageParcel data1;
126 Parcel parcel;
127 sptr<IRemoteObject> iremoteobject = IRemoteObject::Unmarshalling(parcel);
128 int intdata = GetData<int>();
129 void *voiddata = &intdata;
130 size_t size1 = sizeof(int);
131 data1.WriteRemoteObject(iremoteobject);
132 data1.WriteRawData(voiddata, size1);
133 data1.ReadRawData(size1);
134 MessageParcel reply;
135 MessageOption option;
136 uint32_t code = static_cast<uint32_t>(ConcurrentTaskInterfaceCode::QUERY_DEADLINE);
137 ConcurrentTaskService s = ConcurrentTaskService();
138 s.OnRemoteRequest(code, data1, reply, option);
139 }
140 return true;
141 }
142
FuzzConcurrentTaskServiceRequestAuth(const uint8_t * data,size_t size)143 bool FuzzConcurrentTaskServiceRequestAuth(const uint8_t* data, size_t size)
144 {
145 g_baseFuzzData = data;
146 g_baseFuzzSize = size;
147 g_baseFuzzPos = 0;
148 if (size > sizeof(int) + sizeof(int)) {
149 MessageParcel data1;
150 Parcel parcel;
151 sptr<IRemoteObject> iremoteobject = IRemoteObject::Unmarshalling(parcel);
152 int intdata = GetData<int>();
153 void *voiddata = &intdata;
154 size_t size1 = sizeof(int);
155 data1.WriteRemoteObject(iremoteobject);
156 data1.WriteRawData(voiddata, size1);
157 data1.ReadRawData(size1);
158 MessageParcel reply;
159 MessageOption option;
160 uint32_t code = static_cast<uint32_t>(ConcurrentTaskInterfaceCode::REQUEST_AUTH);
161 ConcurrentTaskService s = ConcurrentTaskService();
162 s.OnRemoteRequest(code, data1, reply, option);
163 }
164 return true;
165 }
166
FuzzConcurrentTaskServiceStopRemoteObject(const uint8_t * data,size_t size)167 bool FuzzConcurrentTaskServiceStopRemoteObject(const uint8_t* data, size_t size)
168 {
169 g_baseFuzzData = data;
170 g_baseFuzzSize = size;
171 g_baseFuzzPos = 0;
172 ConcurrentTaskClient::GetInstance().StopRemoteObject();
173 return true;
174 }
175
FuzzConcurrentTaskServiceSetThreadQos(const uint8_t * data,size_t size)176 bool FuzzConcurrentTaskServiceSetThreadQos(const uint8_t* data, size_t size)
177 {
178 g_baseFuzzData = data;
179 g_baseFuzzSize = size;
180 g_baseFuzzPos = 0;
181 if (size > sizeof(int) + sizeof(int)) {
182 int level = GetData<int>();
183 level = level % TEST_DATA_TENTH;
184 if (level == TEST_DATA_FIFTH || level == TEST_DATA_SECOND) {
185 QOS::SetThreadQos(QOS::QosLevel::QOS_BACKGROUND);
186 } else if (level == TEST_DATA_THIRD || level == TEST_DATA_FOURTH) {
187 QOS::SetThreadQos(QOS::QosLevel::QOS_UTILITY);
188 } else if (level == TEST_DATA_FIFTH || level == TEST_DATA_SIXTH) {
189 QOS::SetThreadQos(QOS::QosLevel::QOS_DEFAULT);
190 } else if (level == TEST_DATA_SEVENTH || level == TEST_DATA_EIGHTH) {
191 QOS::SetThreadQos(QOS::QosLevel::QOS_USER_INITIATED);
192 }
193 }
194 return true;
195 }
196
FuzzConcurrentTaskServiceSetQosForOtherThread(const uint8_t * data,size_t size)197 bool FuzzConcurrentTaskServiceSetQosForOtherThread(const uint8_t* data, size_t size)
198 {
199 g_baseFuzzData = data;
200 g_baseFuzzSize = size;
201 g_baseFuzzPos = 0;
202 if (size > sizeof(int) + sizeof(int)) {
203 int level = GetData<int>();
204 int tid = GetData<int>();
205 level = level % TEST_DATA_TENTH;
206 if (level == TEST_DATA_FIRST || level == TEST_DATA_SECOND) {
207 QOS::SetQosForOtherThread(QOS::QosLevel::QOS_BACKGROUND, tid);
208 } else if (level == TEST_DATA_THIRD || level == TEST_DATA_FOURTH) {
209 QOS::SetQosForOtherThread(QOS::QosLevel::QOS_UTILITY, tid);
210 } else if (level == TEST_DATA_FIFTH || level == TEST_DATA_SIXTH) {
211 QOS::SetQosForOtherThread(QOS::QosLevel::QOS_DEFAULT, tid);
212 } else if (level == TEST_DATA_SEVENTH || level == TEST_DATA_EIGHTH) {
213 QOS::SetQosForOtherThread(QOS::QosLevel::QOS_USER_INITIATED, tid);
214 }
215 }
216 return true;
217 }
218
FuzzConcurrentTaskServiceResetThreadQos(const uint8_t * data,size_t size)219 bool FuzzConcurrentTaskServiceResetThreadQos(const uint8_t* data, size_t size)
220 {
221 g_baseFuzzData = data;
222 g_baseFuzzSize = size;
223 g_baseFuzzPos = 0;
224 QOS::ResetThreadQos();
225 return true;
226 }
227
FuzzConcurrentTaskServiceResetQosForOtherThread(const uint8_t * data,size_t size)228 bool FuzzConcurrentTaskServiceResetQosForOtherThread(const uint8_t* data, size_t size)
229 {
230 g_baseFuzzData = data;
231 g_baseFuzzSize = size;
232 g_baseFuzzPos = 0;
233 if (size > sizeof(int) + sizeof(int)) {
234 int tid = GetData<int>();
235 QOS::ResetQosForOtherThread(tid);
236 }
237 return true;
238 }
239 } // namespace OHOS
240
241 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)242 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
243 {
244 /* Run your code on data */
245 OHOS::FuzzConcurrentTaskTryConnect(data, size);
246 OHOS::FuzzConcurrentTaskServiceReportData(data, size);
247 OHOS::FuzzConcurrentTaskServiceRequestAuth(data, size);
248 OHOS::FuzzConcurrentTaskServiceQueryInterval(data, size);
249 OHOS::FuzzConcurrentTaskServiceStopRemoteObject(data, size);
250 OHOS::FuzzConcurrentTaskServiceSetThreadQos(data, size);
251 OHOS::FuzzConcurrentTaskServiceSetQosForOtherThread(data, size);
252 OHOS::FuzzConcurrentTaskServiceResetThreadQos(data, size);
253 OHOS::FuzzConcurrentTaskServiceResetQosForOtherThread(data, size);
254 OHOS::FuzzConcurrentTaskServiceQueryDeadline(data, size);
255 return 0;
256 }
257