1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "medialibrary_util_fuzzer.h"
16
17 #include <cstdint>
18 #include <string>
19 #include <thread>
20
21 #include "ability_context_impl.h"
22 #include "app_mgr_interface.h"
23 #include "medialibrary_album_operations.h"
24 #include "medialibrary_analysis_album_operations.h"
25 #include "medialibrary_app_uri_permission_operations.h"
26 #include "medialibrary_appstate_observer.h"
27 #include "media_log.h"
28 #include "medialibrary_command.h"
29 #include "medialibrary_dir_operations.h"
30 #include "medialibrary_uripermission_operations.h"
31 #include "medialibrary_data_manager.h"
32 #include "medialibrary_data_manager_utils.h"
33 #include "multistages_capture_dfx_first_visit.h"
34 #include "rdb_predicates.h"
35 #include "datashare_values_bucket.h"
36 #include "media_analysis_proxy.h"
37 #include "media_analysis_helper.h"
38 #include "background_cloud_file_processor.h"
39 #include "medialibrary_db_const.h"
40 #include "medialibrary_album_refresh.h"
41
42 namespace OHOS {
43 using namespace std;
44
FuzzString(const uint8_t * data,size_t size)45 static inline string FuzzString(const uint8_t *data, size_t size)
46 {
47 return {reinterpret_cast<const char*>(data), size};
48 }
49
FuzzInt32(const uint8_t * data,size_t size)50 static inline int32_t FuzzInt32(const uint8_t *data, size_t size)
51 {
52 if (data == nullptr || size < sizeof(int32_t)) {
53 return 0;
54 }
55 return static_cast<int32_t>(*data);
56 }
57
FuzzUri(const uint8_t * data,size_t size)58 static inline Uri FuzzUri(const uint8_t *data, size_t size)
59 {
60 return Uri(FuzzString(data, size));
61 }
62
Init()63 static int Init()
64 {
65 auto stageContext = std::make_shared<AbilityRuntime::ContextImpl>();
66 auto abilityContextImpl = std::make_shared<OHOS::AbilityRuntime::AbilityContextImpl>();
67 abilityContextImpl->SetStageContext(stageContext);
68 int32_t sceneCode = 0;
69 return Media::MediaLibraryDataManager::GetInstance()->InitMediaLibraryMgr(abilityContextImpl, abilityContextImpl,
70 sceneCode);
71 }
72
CommandTest(const uint8_t * data,size_t size)73 static void CommandTest(const uint8_t *data, size_t size)
74 {
75 const int32_t int32Count = 10;
76 if (data == nullptr || size < sizeof(int32_t) * int32Count) {
77 return;
78 }
79 NativeRdb::ValuesBucket value;
80 int32_t offset = 0;
81 int32_t operationObject1 = FuzzInt32(data + offset, size);
82 offset += sizeof(int32_t);
83 int32_t operationType1 = FuzzInt32(data + offset, size);
84 offset += sizeof(int32_t);
85 int32_t mediaLibraryApi1 = FuzzInt32(data + offset, size);
86 Media::MediaLibraryCommand cmd(static_cast<Media::OperationObject>(operationObject1),
87 static_cast<Media::OperationType>(operationType1), static_cast<Media::MediaLibraryApi>(mediaLibraryApi1));
88 cmd.SetTableName(FuzzString(data, size));
89 cmd.SetBundleName(FuzzString(data, size));
90 cmd.SetDeviceName(FuzzString(data, size));
91 cmd.SetResult(FuzzString(data, size));
92 offset += sizeof(int32_t);
93 int32_t operationObject2 = FuzzInt32(data + offset, size);
94 cmd.SetOprnObject(static_cast<Media::OperationObject>(operationObject2));
95 cmd.GetOprnFileId();
96 cmd.SetOprnAssetId(FuzzString(data, size));
97 DataShare::DataSharePredicates pred;
98 cmd.SetDataSharePred(pred);
99 cmd.SetValueBucket(value);
100 Media::MediaLibraryCommand cmdValueBucket(FuzzUri(data, size), value);
101 offset += sizeof(int32_t);
102 int32_t operationObject3 = FuzzInt32(data + offset, size);
103 offset += sizeof(int32_t);
104 int32_t operationType2 = FuzzInt32(data + offset, size);
105 offset += sizeof(int32_t);
106 int32_t mediaLibraryApi2 = FuzzInt32(data + offset, size);
107 Media::MediaLibraryCommand cmdValueBucket2(static_cast<Media::OperationObject>(operationObject3),
108 static_cast<Media::OperationType>(operationType2), value,
109 static_cast<Media::MediaLibraryApi>(mediaLibraryApi2));
110 offset += sizeof(int32_t);
111 int32_t operationObject4 = FuzzInt32(data + offset, size);
112 offset += sizeof(int32_t);
113 int32_t operationType3 = FuzzInt32(data + offset, size);
114 offset += sizeof(int32_t);
115 int32_t mediaLibraryApi3 = FuzzInt32(data + offset, size);
116 Media::MediaLibraryCommand cmdDevice(static_cast<Media::OperationObject>(operationObject4),
117 static_cast<Media::OperationType>(operationType3), FuzzString(data, size),
118 static_cast<Media::MediaLibraryApi>(mediaLibraryApi3));
119 }
120
DirOperationTest(const uint8_t * data,size_t size)121 static void DirOperationTest(const uint8_t *data, size_t size)
122 {
123 const int32_t int32Count = 3;
124 if (data == nullptr || size < sizeof(int32_t) * int32Count) {
125 return;
126 }
127 int32_t offset = 0;
128 int32_t operationObject = FuzzInt32(data + offset, size);
129 offset += sizeof(int32_t);
130 int32_t operationType = FuzzInt32(data + offset, size);
131 offset += sizeof(int32_t);
132 int32_t mediaLibraryApi = FuzzInt32(data + offset, size);
133 Media::MediaLibraryCommand cmd(static_cast<Media::OperationObject>(operationObject),
134 static_cast<Media::OperationType>(operationType), static_cast<Media::MediaLibraryApi>(mediaLibraryApi));
135 Media::MediaLibraryDirOperations::HandleDirOperation(cmd);
136 Media::MediaLibraryDirOperations::CreateDirOperation(cmd);
137 Media::MediaLibraryDirOperations::TrashDirOperation(cmd);
138 }
139
UriPermissionTest(const uint8_t * data,size_t size)140 static void UriPermissionTest(const uint8_t *data, size_t size)
141 {
142 const int32_t int32Count = 6;
143 if (data == nullptr || size < sizeof(int32_t) * int32Count) {
144 return;
145 }
146 int32_t offset = 0;
147 int32_t operationObject = FuzzInt32(data + offset, size);
148 offset += sizeof(int32_t);
149 int32_t operationType = FuzzInt32(data + offset, size);
150 offset += sizeof(int32_t);
151 int32_t mediaLibraryApi = FuzzInt32(data + offset, size);
152 Media::MediaLibraryCommand cmd(static_cast<Media::OperationObject>(operationObject),
153 static_cast<Media::OperationType>(operationType), static_cast<Media::MediaLibraryApi>(mediaLibraryApi));
154 NativeRdb::ValuesBucket rdbValueBucket;
155 offset += sizeof(int32_t);
156 rdbValueBucket.Put(Media::PERMISSION_FILE_ID, FuzzInt32(data + offset, size));
157 rdbValueBucket.Put(Media::PERMISSION_BUNDLE_NAME, FuzzString(data, size));
158 rdbValueBucket.Put(Media::PERMISSION_MODE, "r");
159 rdbValueBucket.Put(Media::PERMISSION_TABLE_TYPE, FuzzString(data, size));
160 cmd.SetValueBucket(rdbValueBucket);
161 Media::UriPermissionOperations::HandleUriPermOperations(cmd);
162 Media::UriPermissionOperations::HandleUriPermInsert(cmd);
163 offset += sizeof(int32_t);
164 Media::UriPermissionOperations::InsertBundlePermission(FuzzInt32(data + offset, size), FuzzString(data, size),
165 FuzzString(data, size), FuzzString(data, size));
166 Media::UriPermissionOperations::DeleteBundlePermission(FuzzString(data, size),
167 FuzzString(data, size), FuzzString(data, size));
168 string mode = "r";
169 Media::UriPermissionOperations::CheckUriPermission(FuzzString(data, size), mode);
170
171 offset += sizeof(int32_t);
172 Media::UriPermissionOperations::GetUriPermissionMode(FuzzString(data, size), FuzzString(data, size),
173 FuzzInt32(data + offset, size), mode);
174 Media::UriPermissionOperations::UpdateOperation(cmd);
175 Media::UriPermissionOperations::InsertOperation(cmd);
176 std::vector<NativeRdb::ValuesBucket> rdbValues;
177 Media::UriPermissionOperations::BatchInsertOperation(cmd, rdbValues);
178 Media::UriPermissionOperations::DeleteOperation(cmd);
179 std::vector<DataShare::DataShareValuesBucket> sharedValues;
180 DataShare::DataShareValuesBucket valueTest1;
181 valueTest1.Put(Media::AppUriPermissionColumn::FILE_ID, "file_id");
182 valueTest1.Put(Media::AppUriPermissionColumn::APP_ID, "appid");
183 DataShare::DataShareValuesBucket valueTest2;
184 valueTest2.Put(Media::AppUriPermissionColumn::FILE_ID, "file_id");
185 valueTest2.Put(Media::AppUriPermissionColumn::APP_ID, "appid");
186 sharedValues.push_back(valueTest1);
187 sharedValues.push_back(valueTest2);
188 Media::UriPermissionOperations::GrantUriPermission(cmd, sharedValues);
189 Media::UriPermissionOperations::DeleteAllTemporaryAsync();
190 }
191
AnalysisTest(const uint8_t * data,size_t size)192 static void AnalysisTest(const uint8_t *data, size_t size)
193 {
194 const int32_t int32Count = 7;
195 if (data == nullptr || size < sizeof(int32_t) * int32Count) {
196 return;
197 }
198 std::vector<std::string> columns;
199 NativeRdb::ValuesBucket values;
200 DataShare::DataSharePredicates pred;
201 int32_t offset = 0;
202 int32_t operationObject = FuzzInt32(data + offset, size);
203 offset += sizeof(int32_t);
204 int32_t operationType = FuzzInt32(data + offset, size);
205 offset += sizeof(int32_t);
206 int32_t mediaLibraryApi = FuzzInt32(data + offset, size);
207 Media::MediaLibraryCommand cmd(static_cast<Media::OperationObject>(operationObject),
208 static_cast<Media::OperationType>(operationType), static_cast<Media::MediaLibraryApi>(mediaLibraryApi));
209 cmd.SetTableName("Photos");
210 Media::MergeAlbumInfo info1;
211 offset += sizeof(int32_t);
212 info1.albumId = FuzzInt32(data + offset, size);
213 Media::MergeAlbumInfo info2;
214 offset += sizeof(int32_t);
215 info2.albumId = FuzzInt32(data + offset, size);
216 std::vector<Media::MergeAlbumInfo> infos;
217 infos.push_back(info1);
218 infos.push_back(info2);
219 Media::MediaLibraryAnalysisAlbumOperations::UpdateMergeGroupAlbumsInfo(infos);
220 offset += sizeof(int32_t);
221 Media::MediaLibraryAnalysisAlbumOperations::HandleGroupPhotoAlbum(
222 static_cast<Media::OperationType>(FuzzInt32(data + offset, size)), values, pred);
223 Media::MediaLibraryAnalysisAlbumOperations::QueryGroupPhotoAlbum(cmd, columns);
224 offset += sizeof(int32_t);
225 Media::MediaLibraryAnalysisAlbumOperations::UpdateGroupPhotoAlbumById(FuzzInt32(data + offset, size));
226 }
227
AppPermissionTest(const uint8_t * data,size_t size)228 static void AppPermissionTest(const uint8_t *data, size_t size)
229 {
230 const int32_t int32Count = 3;
231 if (data == nullptr || size < sizeof(int32_t) * int32Count) {
232 return;
233 }
234 std::vector<std::string> columns;
235 NativeRdb::RdbPredicates rdbPred("Photos");
236 DataShare::DataSharePredicates sharedPred;
237 int32_t offset = 0;
238 int32_t operationObject = FuzzInt32(data + offset, size);
239 offset += sizeof(int32_t);
240 int32_t operationType = FuzzInt32(data + offset, size);
241 offset += sizeof(int32_t);
242 int32_t mediaLibraryApi = FuzzInt32(data + offset, size);
243 Media::MediaLibraryCommand cmd(static_cast<Media::OperationObject>(operationObject),
244 static_cast<Media::OperationType>(operationType), static_cast<Media::MediaLibraryApi>(mediaLibraryApi));
245 Media::MediaLibraryAppUriPermissionOperations::HandleInsertOperation(cmd);
246 std::vector<DataShare::DataShareValuesBucket> sharedValues;
247 DataShare::DataShareValuesBucket values;
248 values.Put(Media::AppUriPermissionColumn::FILE_ID, "file_id");
249 values.Put(Media::AppUriPermissionColumn::APP_ID, "appid");
250 sharedValues.push_back(values);
251 Media::MediaLibraryAppUriPermissionOperations::BatchInsert(cmd, sharedValues);
252 Media::MediaLibraryAppUriPermissionOperations::DeleteOperation(rdbPred);
253 Media::MediaLibraryAppUriPermissionOperations::QueryOperation(sharedPred, columns);
254 }
255
AppStateTest()256 static void AppStateTest()
257 {
258 Media::MedialibraryAppStateObserverManager::GetInstance().SubscribeAppState();
259 Media::MedialibraryAppStateObserverManager::GetInstance().UnSubscribeAppState();
260 }
261
MediaLibraryManagerTest(const uint8_t * data,size_t size)262 static void MediaLibraryManagerTest(const uint8_t *data, size_t size)
263 {
264 Media::MediaLibraryDataManagerUtils::IsNumber(FuzzString(data, size));
265 Media::MediaLibraryDataManagerUtils::GetOperationType(FuzzString(data, size));
266 Media::MediaLibraryDataManagerUtils::GetDisPlayNameFromPath(FuzzString(data, size));
267 std::vector<std::string> whereArgs;
268 std::string str = FuzzString(data, size);
269 Media::MediaLibraryDataManagerUtils::ObtionCondition(str, whereArgs);
270 Media::MediaLibraryDataManagerUtils::GetTypeUriByUri(str);
271 }
272
MultistageTest(const uint8_t * data,size_t size)273 static void MultistageTest(const uint8_t *data, size_t size)
274 {
275 Media::MultiStagesCaptureDfxFirstVisit::GetInstance().Report(FuzzString(data, size));
276 }
277
RefreshAlbumTest()278 static void RefreshAlbumTest()
279 {
280 Media::RefreshAlbums(true);
281 }
282
ActiveAnalysisTest()283 static void ActiveAnalysisTest()
284 {
285 std::vector<std::string> fileIds;
286 fileIds.push_back("1");
287 Media::MediaAnalysisHelper::StartMediaAnalysisServiceSync(
288 static_cast<int32_t>(Media::MediaAnalysisProxy::ActivateServiceType::START_SERVICE_OCR), fileIds);
289 Media::MediaAnalysisHelper::StartMediaAnalysisServiceAsync(
290 static_cast<int32_t>(Media::MediaAnalysisProxy::ActivateServiceType::START_SERVICE_OCR), fileIds);
291 Media::MediaAnalysisHelper::AsyncStartMediaAnalysisService(
292 static_cast<int32_t>(Media::MediaAnalysisProxy::ActivateServiceType::START_SERVICE_OCR), fileIds);
293 Media::MediaAnalysisHelper::StartPortraitCoverSelectionAsync(fileIds.at(0));
294 (void)Media::MediaAnalysisHelper::ParseGeoInfo(fileIds, true);
295 }
296
CloudDownloadTest()297 static void CloudDownloadTest()
298 {
299 Media::BackgroundCloudFileProcessor::StartTimer();
300 int sleepTime = 200;
301 std::this_thread::sleep_for(std::chrono::microseconds(sleepTime));
302 Media::BackgroundCloudFileProcessor::StopTimer();
303 }
304 } // namespace OHOS
305
306
LLVMFuzzerInitialize(int * argc,char *** argv)307 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
308 {
309 OHOS::Init();
310 return 0;
311 }
312
313 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)314 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
315 {
316 /* Run your code on data */
317 int sleepTime = 100;
318 std::this_thread::sleep_for(std::chrono::microseconds(sleepTime));
319 OHOS::CommandTest(data, size);
320 OHOS::DirOperationTest(data, size);
321 OHOS::UriPermissionTest(data, size);
322 OHOS::AnalysisTest(data, size);
323 OHOS::AppPermissionTest(data, size);
324 OHOS::AppStateTest();
325 OHOS::MediaLibraryManagerTest(data, size);
326 OHOS::MultistageTest(data, size);
327 OHOS::RefreshAlbumTest();
328 OHOS::ActiveAnalysisTest();
329 OHOS::CloudDownloadTest();
330 return 0;
331 }
332