1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "dsoftbusadapter_fuzzer.h"
17
18 #include "accesstoken_kit.h"
19 #include "nativetoken_kit.h"
20 #include "singleton.h"
21 #include "token_setproc.h"
22
23 #include "ddm_adapter.h"
24 #include "devicestatus_define.h"
25 #include "dsoftbus_adapter_impl.h"
26 #include "socket_session_manager.h"
27
28 #include "message_parcel.h"
29
30 #undef LOG_TAG
31 #define LOG_TAG "DsoftbusAdapterFuzzTest"
32 namespace OHOS {
33 namespace Msdp {
34 namespace DeviceStatus {
35 #define SERVER_SESSION_NAME "ohos.msdp.device_status.intention.serversession"
36 uint64_t g_tokenID { 0 };
37 const std::string SYSTEM_CORE { "system_core" };
38 const char* g_cores[] = { "ohos.permission.INPUT_MONITORING" };
39 const uint8_t *g_baseFuzzData = nullptr;
40 size_t g_baseFuzzSize = 0;
41 size_t g_baseFuzzPos = 0;
42 constexpr size_t STR_LEN = 255;
43 constexpr size_t PKG_NAME_SIZE_MAX { 65 };
44 constexpr size_t DEVICE_NAME_SIZE_MAX { 256 };
45
GetData()46 template <class T> T GetData()
47 {
48 T objetct{};
49 size_t objetctSize = sizeof(objetct);
50 if (g_baseFuzzData == nullptr || objetctSize > g_baseFuzzSize - g_baseFuzzPos) {
51 return objetct;
52 }
53 errno_t ret = memcpy_s(&objetct, objetctSize, g_baseFuzzData + g_baseFuzzPos, objetctSize);
54 if (ret != EOK) {
55 return {};
56 }
57 g_baseFuzzPos += objetctSize;
58 return objetct;
59 }
60
SetGlobalFuzzData(const uint8_t * data,size_t size)61 void SetGlobalFuzzData(const uint8_t *data, size_t size)
62 {
63 g_baseFuzzData = data;
64 g_baseFuzzSize = size;
65 g_baseFuzzPos = 0;
66 }
67
GetStringFromData(int strlen)68 std::string GetStringFromData(int strlen)
69 {
70 if (strlen < 1) {
71 return "";
72 }
73
74 char cstr[strlen];
75 cstr[strlen - 1] = '\0';
76 for (int i = 0; i < strlen - 1; i++) {
77 cstr[i] = GetData<char>();
78 }
79 std::string str(cstr);
80 return str;
81 }
82
83 class DSoftbusObserver final : public IDSoftbusObserver {
84 public:
85 DSoftbusObserver() = default;
86 ~DSoftbusObserver() = default;
87
OnBind(const std::string & networkId)88 void OnBind(const std::string &networkId) {}
OnShutdown(const std::string & networkId)89 void OnShutdown(const std::string &networkId) {}
OnConnected(const std::string & networkId)90 void OnConnected(const std::string &networkId) {}
OnPacket(const std::string & networkId,NetPacket & packet)91 bool OnPacket(const std::string &networkId, NetPacket &packet)
92 {
93 return true;
94 }
OnRawData(const std::string & networkId,const void * data,uint32_t dataLen)95 bool OnRawData(const std::string &networkId, const void *data, uint32_t dataLen)
96 {
97 return true;
98 }
99 };
100
SetPermission(const std::string & level,const char ** perms,size_t permAmount)101 void SetPermission(const std::string &level, const char** perms, size_t permAmount)
102 {
103 CALL_DEBUG_ENTER;
104 if (perms == nullptr || permAmount == 0) {
105 FI_HILOGE("The perms is empty");
106 return;
107 }
108
109 NativeTokenInfoParams infoInstance = {
110 .dcapsNum = 0,
111 .permsNum = permAmount,
112 .aclsNum = 0,
113 .dcaps = nullptr,
114 .perms = perms,
115 .acls = nullptr,
116 .processName = "DDMAdapterTest",
117 .aplStr = level.c_str(),
118 };
119 g_tokenID = GetAccessTokenId(&infoInstance);
120 SetSelfTokenID(g_tokenID);
121 OHOS::Security::AccessToken::AccessTokenKit::AccessTokenKit::ReloadNativeTokenInfo();
122 }
123
RemovePermission()124 void RemovePermission()
125 {
126 CALL_DEBUG_ENTER;
127 int32_t ret = OHOS::Security::AccessToken::AccessTokenKit::DeleteToken(g_tokenID);
128 if (ret != RET_OK) {
129 FI_HILOGE("Failed to remove permission");
130 return;
131 }
132 }
133
EnableFuzzTest(const uint8_t * data,size_t size)134 bool EnableFuzzTest(const uint8_t* data, size_t size)
135 {
136 if ((data == nullptr) || (size < 1)) {
137 return false;
138 }
139
140 DSoftbusAdapterImpl::GetInstance()->Enable();
141 DSoftbusAdapterImpl::GetInstance()->SetupServer();
142 DSoftbusAdapterImpl::GetInstance()->ShutdownServer();
143 DSoftbusAdapterImpl::GetInstance()->CloseAllSessions();
144 DSoftbusAdapterImpl::GetInstance()->CloseAllSessionsLocked();
145 DSoftbusAdapterImpl::GetInstance()->Disable();
146 return true;
147 }
148
AddObserverFuzzTest(const uint8_t * data,size_t size)149 bool AddObserverFuzzTest(const uint8_t* data, size_t size)
150 {
151 if ((data == nullptr) || (size < 1)) {
152 return false;
153 }
154
155 std::shared_ptr<IDSoftbusObserver> observer = std::make_shared<DSoftbusObserver>();
156 DSoftbusAdapterImpl::GetInstance()->AddObserver(observer);
157 DSoftbusAdapterImpl::GetInstance()->RemoveObserver(observer);
158 return true;
159 }
160
CheckDeviceOnlineFuzzTest(const uint8_t * data,size_t size)161 bool CheckDeviceOnlineFuzzTest(const uint8_t* data, size_t size)
162 {
163 if ((data == nullptr) || (size < 1)) {
164 return false;
165 }
166
167 std::string networkId = GetStringFromData(STR_LEN);
168 CircleStreamBuffer circleBuffer;
169
170 DSoftbusAdapterImpl::GetInstance()->CheckDeviceOnline(networkId);
171 DSoftbusAdapterImpl::GetInstance()->CloseSession(networkId);
172 DSoftbusAdapterImpl::GetInstance()->HandleSessionData(networkId, circleBuffer);
173 DSoftbusAdapterImpl::GetInstance()->OpenSessionLocked(networkId);
174 DSoftbusAdapterImpl::GetInstance()->OnConnectedLocked(networkId);
175 return true;
176 }
177
OpenSessionFuzzTest(const uint8_t * data,size_t size)178 bool OpenSessionFuzzTest(const uint8_t* data, size_t size)
179 {
180 if ((data == nullptr) || (size < 1)) {
181 return false;
182 }
183
184 std::string networkId = GetStringFromData(STR_LEN);
185 DSoftbusAdapterImpl::GetInstance()->OpenSession(networkId);
186 DSoftbusAdapterImpl::GetInstance()->FindConnection(networkId);
187 DSoftbusAdapterImpl::GetInstance()->CloseSession(networkId);
188 DSoftbusAdapterImpl::GetInstance()->CloseAllSessions();
189 return true;
190 }
191
192
SendPacketFuzzTest(const uint8_t * data,size_t size)193 bool SendPacketFuzzTest(const uint8_t* data, size_t size)
194 {
195 if ((data == nullptr) || (size < 1)) {
196 return false;
197 }
198
199 Parcel parcel;
200 NetPacket packet(MessageId::DSOFTBUS_START_COOPERATE);
201 std::string networkId = GetStringFromData(STR_LEN);
202 DSoftbusAdapterImpl::GetInstance()->SendPacket(networkId, packet);
203 DSoftbusAdapterImpl::GetInstance()->SendParcel(networkId, parcel);
204 DSoftbusAdapterImpl::GetInstance()->BroadcastPacket(packet);
205 DSoftbusAdapterImpl::GetInstance()->HandlePacket(networkId, packet);
206 return true;
207 }
208
InitSocketFuzzTest(const uint8_t * data,size_t size)209 bool InitSocketFuzzTest(const uint8_t* data, size_t size)
210 {
211 if ((data == nullptr) || (size < 1)) {
212 return false;
213 }
214
215 int32_t socket = GetData<int32_t>();
216 uint32_t dataLen = GetData<uint32_t>();
217 std::string networkId = GetStringFromData(STR_LEN);
218 int32_t *g_data = new int32_t(socket);
219
220 char name[DEVICE_NAME_SIZE_MAX] { SERVER_SESSION_NAME };
221 char pkgName[PKG_NAME_SIZE_MAX] { FI_PKG_NAME };
222 SocketInfo info {
223 .name = name,
224 .pkgName = pkgName,
225 .dataType = DATA_TYPE_BYTES
226 };
227
228 DSoftbusAdapterImpl::GetInstance()->InitSocket(info, socket, socket);
229 DSoftbusAdapterImpl::GetInstance()->ConfigTcpAlive(socket);
230 DSoftbusAdapterImpl::GetInstance()->OnShutdown(socket, SHUTDOWN_REASON_UNKNOWN);
231 DSoftbusAdapterImpl::GetInstance()->OnBytes(socket, g_data, dataLen);
232 DSoftbusAdapterImpl::GetInstance()->HandleRawData(networkId, g_data, dataLen);
233 return true;
234 }
235
DDMAdapterFuzzTest(const uint8_t * data,size_t size)236 bool DDMAdapterFuzzTest(const uint8_t* data, size_t size)
237 {
238 if ((data == nullptr) || (size < 1)) {
239 return false;
240 }
241
242 SetPermission(SYSTEM_CORE, g_cores, sizeof(g_cores) / sizeof(g_cores[0]));
243 DDMAdapter ddmAdapter;
244 ddmAdapter.Enable();
245 std::string networkId = GetStringFromData(STR_LEN);
246 ddmAdapter.CheckSameAccountToLocal(networkId);
247 ddmAdapter.Disable();
248 RemovePermission();
249 return true;
250 }
251
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)252 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
253 {
254 /* Run your code on data */
255 if (data == nullptr) {
256 return 0;
257 }
258 SetGlobalFuzzData(data, size);
259
260 OHOS::Msdp::DeviceStatus::EnableFuzzTest(data, size);
261 OHOS::Msdp::DeviceStatus::AddObserverFuzzTest(data, size);
262 OHOS::Msdp::DeviceStatus::CheckDeviceOnlineFuzzTest(data, size);
263 OHOS::Msdp::DeviceStatus::OpenSessionFuzzTest(data, size);
264 OHOS::Msdp::DeviceStatus::SendPacketFuzzTest(data, size);
265 OHOS::Msdp::DeviceStatus::InitSocketFuzzTest(data, size);
266 OHOS::Msdp::DeviceStatus::DDMAdapterFuzzTest(data, size);
267 return 0;
268 }
269 } // namespace DeviceStatus
270 } // namespace Msdp
271 } // namespace OHOS