1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "medialibrary_common_fuzzer.h"
16
17 #include <cstdint>
18 #include <string>
19
20 #include "dfx_database_utils.h"
21 #include "exif_utils.h"
22 #include "media_log.h"
23 #include "media_photo_asset_proxy.h"
24 #include "media_scanner_manager.h"
25 #include "medialibrary_common_utils.h"
26 #include "media_file_uri.h"
27 #include "permission_utils.h"
28 #include "medialibrary_data_manager_utils.h"
29
30 namespace OHOS {
31 using namespace std;
32
FuzzString(const uint8_t * data,size_t size)33 static inline string FuzzString(const uint8_t *data, size_t size)
34 {
35 return {reinterpret_cast<const char*>(data), size};
36 }
37
FuzzInt32(const uint8_t * data,size_t size)38 static inline int32_t FuzzInt32(const uint8_t *data, size_t size)
39 {
40 if (data == nullptr || size < sizeof(int32_t)) {
41 return 0;
42 }
43 return static_cast<int32_t>(*data);
44 }
45
FuzzDouble(const uint8_t * data,size_t size)46 static inline double FuzzDouble(const uint8_t *data, size_t size)
47 {
48 if (data == nullptr || size < sizeof(double)) {
49 return 0.0;
50 }
51 return static_cast<double>(*data);
52 }
53
FuzzVectorString(const uint8_t * data,size_t size)54 static inline vector<string> FuzzVectorString(const uint8_t *data, size_t size)
55 {
56 return {FuzzString(data, size)};
57 }
58
FuzzVectorUint8(const uint8_t * data,size_t size)59 static inline vector<uint8_t> FuzzVectorUint8(const uint8_t *data, size_t size)
60 {
61 return {*data};
62 }
63
ScanTest(const uint8_t * data,size_t size)64 static void ScanTest(const uint8_t *data, size_t size)
65 {
66 auto scannerManager = Media::MediaScannerManager::GetInstance();
67 if (scannerManager != nullptr) {
68 scannerManager->ScanDir(FuzzString(data, size), nullptr);
69 }
70 }
71
CommonUtilsTest(const uint8_t * data,size_t size)72 static void CommonUtilsTest(const uint8_t *data, size_t size)
73 {
74 Media::MediaLibraryCommonUtils::CheckWhereClause(FuzzString(data, size));
75 string key;
76 Media::MediaLibraryCommonUtils::GenKeySHA256(FuzzString(data, size), key);
77 Media::MediaLibraryCommonUtils::GenKeySHA256(FuzzVectorUint8(data, size), key);
78 string selection;
79 Media::MediaLibraryCommonUtils::AppendSelections(selection);
80 }
81
DfxTest(const uint8_t * data,size_t size)82 static void DfxTest(const uint8_t *data, size_t size)
83 {
84 const int32_t int32Count = 5;
85 if (data == nullptr || size < sizeof(int32_t) * int32Count) {
86 return;
87 }
88 int32_t offset = 0;
89 int32_t mediaType = FuzzInt32(data + offset, size);
90 offset += sizeof(int32_t);
91 int32_t position = FuzzInt32(data + offset, size);
92 Media::DfxDatabaseUtils::QueryFromPhotos(mediaType, position);
93 offset += sizeof(int32_t);
94 int32_t albumSubtype = FuzzInt32(data + offset, size);
95 Media::DfxDatabaseUtils::QueryAlbumInfoBySubtype(albumSubtype);
96 Media::DfxDatabaseUtils::QueryDirtyCloudPhoto();
97 Media::DfxDatabaseUtils::QueryAnalysisVersion(FuzzString(data, size), FuzzString(data, size));
98 int32_t downloadedThumb;
99 int32_t generatedThumb;
100 Media::DfxDatabaseUtils::QueryDownloadedAndGeneratedThumb(downloadedThumb, generatedThumb);
101 int32_t totalDownload;
102 Media::DfxDatabaseUtils::QueryTotalCloudThumb(totalDownload);
103 Media::DfxDatabaseUtils::QueryDbVersion();
104 offset += sizeof(int32_t);
105 int32_t imageCount = FuzzInt32(data + offset, size);
106 offset += sizeof(int32_t);
107 int32_t videoCount = FuzzInt32(data + offset, size);
108 Media::PhotoRecordInfo info = {
109 .imageCount = imageCount,
110 .videoCount = videoCount
111 };
112 Media::DfxDatabaseUtils::QueryPhotoRecordInfo(info);
113 }
114
PermissionUtilsTest(const uint8_t * data,size_t size)115 static void PermissionUtilsTest(const uint8_t *data, size_t size)
116 {
117 Media::PermissionUtils::CheckCallerPermission(FuzzString(data, size));
118 std::vector<std::string> perms;
119 Media::PermissionUtils::CheckCallerPermission(perms);
120 Media::PermissionUtils::CheckPhotoCallerPermission(perms);
121 Media::PermissionUtils::CheckPhotoCallerPermission(FuzzString(data, size));
122 Media::PermissionUtils::CheckHasPermission(perms);
123 perms.push_back(FuzzString(data, size));
124 Media::PermissionUtils::CheckHasPermission(perms);
125 string packageName;
126 const int32_t int32Count = 3;
127 if (data == nullptr || size < sizeof(int32_t) * int32Count) {
128 return;
129 }
130 int32_t offset = 0;
131 int uid = FuzzInt32(data + offset, size);
132 Media::PermissionUtils::GetPackageName(uid, packageName);
133 Media::PermissionUtils::CheckIsSystemAppByUid();
134 Media::PermissionUtils::GetPackageNameByBundleName(FuzzString(data, size));
135 Media::PermissionUtils::GetAppIdByBundleName(packageName);
136 Media::PermissionUtils::IsSystemApp();
137 Media::PermissionUtils::IsNativeSAApp();
138 Media::PermissionUtils::IsRootShell();
139 Media::PermissionUtils::IsHdcShell();
140 Media::PermissionUtils::GetTokenId();
141 Media::PermissionUtils::ClearBundleInfoInCache();
142 offset += sizeof(int32_t);
143 int32_t permGranted = FuzzInt32(data + offset, size);
144 offset += sizeof(int32_t);
145 int32_t permissionUsedType = FuzzInt32(data + offset, size);
146 Media::PermissionUtils::CollectPermissionInfo(FuzzString(data, size), permGranted,
147 static_cast<Security::AccessToken::PermissionUsedType>(permissionUsedType));
148 }
149
FileUriTest(const uint8_t * data,size_t size)150 static void FileUriTest(const uint8_t *data, size_t size)
151 {
152 string uriStr = FuzzString(data, size);
153 Media::MediaFileUri fileUri(uriStr);
154 fileUri.GetFilePath();
155 fileUri.GetFileId();
156 fileUri.GetTableName();
157 Media::MediaFileUri::GetPhotoId(FuzzString(data, size));
158 Media::MediaFileUri::RemoveAllFragment(uriStr);
159 const int32_t int32Count = 6;
160 if (data == nullptr || size < sizeof(int32_t) * int32Count) {
161 return;
162 }
163 int32_t offset = 0;
164 int32_t mediaType = FuzzInt32(data + offset, size);
165 offset += sizeof(int32_t);
166 int32_t apiVersion = FuzzInt32(data + offset, size);
167 Media::MediaFileUri::GetMediaTypeUri(static_cast<Media::MediaType>(mediaType), apiVersion);
168 vector<string> timeIdBatch;
169
170 offset += sizeof(int32_t);
171 int start = FuzzInt32(data + offset, size);
172 offset += sizeof(int32_t);
173 int count = FuzzInt32(data + offset, size);
174 offset += sizeof(int32_t);
175 Media::MediaFileUri::GetTimeIdFromUri(FuzzVectorString(data, size), timeIdBatch);
176 Media::MediaFileUri::GetTimeIdFromUri(FuzzVectorString(data, size), timeIdBatch, start, count);
177 int32_t fileId = FuzzInt32(data + offset, size);
178 offset += sizeof(int32_t);
179 int32_t isPhoto = FuzzInt32(data + offset, size);
180 Media::MediaFileUri::CreateAssetBucket(fileId, count);
181 Media::MediaFileUri::GetPathFromUri(FuzzString(data, size), isPhoto);
182 }
183
ExifTest(const uint8_t * data,size_t size)184 static void ExifTest(const uint8_t *data, size_t size)
185 {
186 const double doubleCount = 2;
187 if (data == nullptr || size < sizeof(double) * doubleCount) {
188 return;
189 }
190 size_t offset = 0;
191 double longitude = FuzzDouble(data + offset, size);
192 offset += sizeof(double);
193 double latitude = FuzzDouble(data + offset, size);
194 Media::ExifUtils::WriteGpsExifInfo(FuzzString(data, size), longitude, latitude);
195 }
196
PhotoProxyTest(const uint8_t * data,size_t size)197 static void PhotoProxyTest(const uint8_t *data, size_t size)
198 {
199 const int32_t int32Count = 3;
200 if (data == nullptr || size < sizeof(int32_t) * int32Count) {
201 return;
202 }
203 int32_t offset = 0;
204 int32_t cameraShotType = FuzzInt32(data + offset, size);
205 offset += sizeof(int32_t);
206 uint32_t callingUid = FuzzInt32(data + offset, size);
207 offset += sizeof(int32_t);
208 int32_t userId = FuzzInt32(data + offset, size);
209 Media::PhotoAssetProxy proxy(nullptr, static_cast<Media::CameraShotType>(cameraShotType),
210 callingUid, userId);
211 proxy.GetFileAsset();
212 proxy.GetPhotoAssetUri();
213 proxy.GetVideoFd();
214 }
215 } // namespace OHOS
216
217 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)218 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
219 {
220 /* Run your code on data */
221 OHOS::ScanTest(data, size);
222 OHOS::CommonUtilsTest(data, size);
223 OHOS::PermissionUtilsTest(data, size);
224 OHOS::FileUriTest(data, size);
225 OHOS::DfxTest(data, size);
226 OHOS::ExifTest(data, size);
227 OHOS::PhotoProxyTest(data, size);
228 return 0;
229 }
230