• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "usbmgrex_fuzzer.h"
17 #include <cstddef>
18 #include <cstdint>
19 #include "usb_service.h"
20 
21 using namespace OHOS::HDI::Usb::V1_0;
22 using namespace OHOS::USB;
23 
24 namespace OHOS {
25 constexpr size_t THRESHOLD = 10;
26 constexpr int32_t OFFSET = 4;
27 enum class UsbInterfaceCode {
28     USB_FUN_HAS_RIGHT = 0,
29     USB_FUN_REQUEST_RIGHT,
30     USB_FUN_REMOVE_RIGHT,
31     USB_FUN_OPEN_DEVICE,
32     USB_FUN_RESET_DEVICE,
33     USB_FUN_GET_DEVICE,
34     USB_FUN_GET_DEVICES,
35     USB_FUN_GET_CURRENT_FUNCTIONS,
36     USB_FUN_SET_CURRENT_FUNCTIONS,
37     USB_FUN_USB_FUNCTIONS_FROM_STRING,
38     USB_FUN_USB_FUNCTIONS_TO_STRING,
39     USB_FUN_CLAIM_INTERFACE,
40     USB_FUN_RELEASE_INTERFACE,
41     USB_FUN_BULK_TRANSFER_READ,
42     USB_FUN_BULK_TRANSFER_WRITE,
43     USB_FUN_CONTROL_TRANSFER,
44     USB_FUN_USB_CONTROL_TRANSFER,
45     USB_FUN_SET_ACTIVE_CONFIG,
46     USB_FUN_GET_ACTIVE_CONFIG,
47     USB_FUN_SET_INTERFACE,
48     USB_FUN_GET_PORTS,
49     USB_FUN_GET_SUPPORTED_MODES,
50     USB_FUN_SET_PORT_ROLE,
51     USB_FUN_REQUEST_QUEUE,
52     USB_FUN_REQUEST_WAIT,
53     USB_FUN_REQUEST_CANCEL,
54     USB_FUN_GET_DESCRIPTOR,
55     USB_FUN_GET_FILEDESCRIPTOR,
56     USB_FUN_CLOSE_DEVICE,
57     USB_FUN_BULK_AYSNC_READ,
58     USB_FUN_BULK_AYSNC_WRITE,
59     USB_FUN_BULK_AYSNC_CANCEL,
60     USB_FUN_REG_BULK_CALLBACK,
61     USB_FUN_UNREG_BULK_CALLBACK,
62     USB_FUN_ADD_RIGHT,
63     USB_FUN_DISABLE_GLOBAL_INTERFACE,
64     USB_FUN_DISABLE_DEVICE,
65     USB_FUN_DISABLE_INTERFACE_TYPE,
66     USB_FUN_CLEAR_HALT,
67     USB_FUN_GET_DEVICE_SPEED,
68     USB_FUN_GET_DRIVER_ACTIVE_STATUS,
69 	USB_FUN_ADD_ACCESS_RIGHT,
70     USB_FUN_BULK_TRANSFER_READ_WITH_LENGTH,
71     USB_FUN_ATTACH_KERNEL_DRIVER,
72     USB_FUN_DETACH_KERNEL_DRIVER,
73 };
74 const std::u16string USB_INTERFACE_TOKEN = u"ohos.usb.IUsbServer";
75 static uint32_t g_usbInterfaceCode = 0;
76 static constexpr uint32_t USB_INTERFACE_CODE_COUNT = 43;
SetTestCaseNative(TokenInfoParams * infoInstance)77 void SetTestCaseNative(TokenInfoParams *infoInstance)
78 {
79     uint64_t tokenId = GetAccessTokenId(infoInstance);
80     int ret = SetSelfTokenID(tokenId);
81     if (ret == 0) {
82         USB_HILOGI(MODULE_USB_SERVICE, "SetSelfTokenID success %{public}d", __LINE__);
83     } else {
84         USB_HILOGE(MODULE_USB_SERVICE, "SetSelfTokenID fail %{public}d", ret);
85     }
86     ret = Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
87     if (ret == 0) {
88         USB_HILOGI(MODULE_USB_SERVICE, "ReloadNativeTokenInfo success %{public}d", __LINE__);
89     } else {
90         USB_HILOGE(MODULE_USB_SERVICE, "ReloadNativeTokenInfo fail %{public}d", ret);
91     }
92 }
93 
GrantPermissionSysNative()94 void GrantPermissionSysNative()
95 {
96     const char **permsInfo = new(std::nothrow)const char* [1];
97     permsInfo[0] = "ohos.permission.MANAGE_USB_CONFIG";
98     TokenInfoParams g_sysInfoInstance = {
99     .dcapsNum = 0,
100     .permsNum = 1,
101     .aclsNum = 0,
102     .dcaps = nullptr,
103     .perms = permsInfo,
104     .acls = nullptr,
105     .processName = "usb_manager_test_sys_with_perms",
106     .aplStr = "system_basic",
107     };
108     SetTestCaseNative(&g_sysInfoInstance);
109 }
110 
GrantPermissionNormalNative()111 void GrantPermissionNormalNative()
112 {
113     TokenInfoParams g_normalInfoInstance = {
114     .dcapsNum = 0,
115     .permsNum = 0,
116     .aclsNum = 0,
117     .dcaps = nullptr,
118     .perms = nullptr,
119     .acls = nullptr,
120     .processName = "usb_manager_test_normal",
121     .aplStr = "normal",
122     };
123     SetTestCaseNative(&g_normalInfoInstance);
124 }
125 
DoSomethingInterestingWithMyAPI(const uint8_t * rawData,size_t size)126 bool DoSomethingInterestingWithMyAPI(const uint8_t *rawData, size_t size)
127 {
128     if (rawData == nullptr) {
129         return false;
130     }
131     if (g_usbInterfaceCode > USB_INTERFACE_CODE_COUNT) {
132         return true;
133     }
134     uint32_t code = g_usbInterfaceCode;
135     if (code <= USB_INTERFACE_CODE_COUNT) {
136         g_usbInterfaceCode += 1;
137     }
138     rawData = rawData + OFFSET;
139     size = size - OFFSET;
140 
141     MessageParcel data;
142     data.WriteInterfaceToken(USB_INTERFACE_TOKEN);
143     data.WriteBuffer(rawData, size);
144     data.RewindRead(0);
145     MessageParcel reply;
146     MessageOption option;
147     DelayedSpSingleton<UsbService>::GetInstance()->OnRemoteRequest(code, data, reply, option);
148     return true;
149 }
150 } // namespace OHOS
151 
152 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)153 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
154 {
155     if (size < OHOS::THRESHOLD) {
156         return 0;
157     }
158 
159     /* Run your code on data */
160     OHOS::DoSomethingInterestingWithMyAPI(data, size);
161     return 0;
162 }
163