• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "systemabilityfwk_fuzzer.h"
17 
18 #include <cstddef>
19 #include <cstdint>
20 #include <cstdlib>
21 #include <fcntl.h>
22 #include <unistd.h>
23 
24 #include "local_ability_manager.h"
25 #include "sa_mock_permission.h"
26 
27 namespace OHOS {
28 namespace Samgr {
29 namespace {
30 constexpr size_t THRESHOLD = 10;
31 constexpr uint8_t MAX_CALL_TRANSACTION = 16;
32 constexpr int32_t OFFSET = 4;
33 constexpr int32_t USLEEP_NUM = 200000;
34 constexpr int32_t SHIFT_FIRST = 24;
35 constexpr int32_t SHIFT_SECOND = 16;
36 constexpr int32_t SHIFT_THIRD = 8;
37 constexpr int32_t ZERO_NUM = 0;
38 constexpr int32_t FIRST_NUM = 1;
39 constexpr int32_t SECOND_NUM = 2;
40 constexpr int32_t THIRD_NUM = 2;
41 const std::u16string LOCAL_ABILITY_MANAGER_INTERFACE_TOKEN = u"ohos.localabilitymanager.accessToken";
42 }
43 
ConvertToUint32(const uint8_t * ptr)44 uint32_t ConvertToUint32(const uint8_t* ptr)
45 {
46     if (ptr == nullptr) {
47         return 0;
48     }
49     return (ptr[ZERO_NUM] << SHIFT_FIRST) | (ptr[FIRST_NUM] << SHIFT_SECOND) |
50         (ptr[SECOND_NUM] << SHIFT_THIRD) | (ptr[THIRD_NUM]);
51 }
52 
FuzzSystemAbilityFwk(const uint8_t * rawData,size_t size)53 void FuzzSystemAbilityFwk(const uint8_t* rawData, size_t size)
54 {
55     SaMockPermission::MockPermission();
56     uint32_t code = ConvertToUint32(rawData);
57     rawData = rawData + OFFSET;
58     size = size - OFFSET;
59     MessageParcel data;
60     data.WriteInterfaceToken(LOCAL_ABILITY_MANAGER_INTERFACE_TOKEN);
61     data.WriteBuffer(rawData, size);
62     data.RewindRead(0);
63     MessageParcel reply;
64     MessageOption option;
65     LocalAbilityManager::GetInstance().OnRemoteRequest(code % MAX_CALL_TRANSACTION, data, reply, option);
66     usleep(USLEEP_NUM);
67 }
68 }
69 }
70 
71 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)72 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
73 {
74     if (size < OHOS::Samgr::THRESHOLD) {
75         return 0;
76     }
77 
78     OHOS::Samgr::FuzzSystemAbilityFwk(data, size);
79     return 0;
80 }
81 
82