1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "missionlistmanagerfirst_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20
21 #define private public
22 #define protected public
23 #include "ability_record.h"
24 #include "mission_info_mgr.h"
25 #include "mission_list_manager.h"
26 #undef protected
27 #undef private
28
29 using namespace OHOS::AAFwk;
30 using namespace OHOS::AppExecFwk;
31
32 namespace OHOS {
33 namespace {
34 constexpr uint8_t ENABLE = 2;
35 constexpr int INPUT_ZERO = 0;
36 constexpr int INPUT_ONE = 1;
37 constexpr int INPUT_TWO = 2;
38 constexpr int INPUT_THREE = 3;
39 constexpr size_t U32_AT_SIZE = 4;
40 constexpr uint8_t OFFSET_32_VAL = 32;
41 constexpr size_t OFFSET_ZERO = 24;
42 constexpr size_t OFFSET_ONE = 16;
43 constexpr size_t OFFSET_TWO = 8;
44 constexpr uint8_t ABILITY_STATE_MOD = 20;
45 const std::string PARAM_APP_CLONE_INDEX_KEY("ohos.extra.param.key.appCloneIndex");
46 class MyAbilityConnection : public IAbilityConnection {
47 public:
48 MyAbilityConnection() = default;
49 virtual ~MyAbilityConnection() = default;
OnAbilityConnectDone(const AppExecFwk::ElementName & element,const sptr<IRemoteObject> & remoteObject,int resultCode)50 void OnAbilityConnectDone(
51 const AppExecFwk::ElementName& element, const sptr<IRemoteObject>& remoteObject, int resultCode) override
52 {}
OnAbilityDisconnectDone(const AppExecFwk::ElementName & element,int resultCode)53 void OnAbilityDisconnectDone(const AppExecFwk::ElementName& element, int resultCode) override
54 {}
AsObject()55 sptr<IRemoteObject> AsObject() override
56 {
57 return {};
58 }
59 };
60 }
61
GetU32Data(const char * ptr)62 uint32_t GetU32Data(const char* ptr)
63 {
64 // convert fuzz input data to an integer
65 return (ptr[INPUT_ZERO] << OFFSET_ZERO) | (ptr[INPUT_ONE] << OFFSET_ONE) | (ptr[INPUT_TWO] << OFFSET_TWO) |
66 ptr[INPUT_THREE];
67 }
68
GetFuzzAbilityRecord()69 std::shared_ptr<AbilityRecord> GetFuzzAbilityRecord()
70 {
71 sptr<Token> token = nullptr;
72 AbilityRequest abilityRequest;
73 abilityRequest.appInfo.bundleName = "com.example.fuzzTest";
74 abilityRequest.abilityInfo.name = "MainAbility";
75 abilityRequest.abilityInfo.type = AbilityType::DATA;
76 std::shared_ptr<AbilityRecord> abilityRecord = AbilityRecord::CreateAbilityRecord(abilityRequest);
77 if (!abilityRecord) {
78 return nullptr;
79 }
80 return abilityRecord;
81 }
82
GetFuzzAbilityToken()83 sptr<Token> GetFuzzAbilityToken()
84 {
85 sptr<Token> token = nullptr;
86 std::shared_ptr<AbilityRecord> abilityRecord = GetFuzzAbilityRecord();
87 if (abilityRecord) {
88 token = abilityRecord->GetToken();
89 }
90 return token;
91 }
92
InitAbilityRequest(const char * data)93 AbilityRequest InitAbilityRequest(const char* data)
94 {
95 AbilityRequest abilityRequest;
96 uint32_t mod = static_cast<uint32_t>(LaunchMode::SPECIFIED) + 1;
97 abilityRequest.abilityInfo.launchMode = static_cast<LaunchMode>(GetU32Data(data) % mod);
98 mod = static_cast<uint32_t>(AbilityCallType::START_EXTENSION_TYPE) + 1;
99 abilityRequest.callType = static_cast<AbilityCallType>(GetU32Data(data) % mod);
100 return abilityRequest;
101 }
102
InitMissionListManager(int32_t intParam)103 std::shared_ptr<MissionListManager> InitMissionListManager(int32_t intParam)
104 {
105 static std::once_flag flag;
106 auto missionListMgr = std::make_shared<MissionListManager>(intParam);
107 missionListMgr->Init();
108 return missionListMgr;
109 }
110
DoSomethingTestWithMyAPI0(std::shared_ptr<MissionListManager> missionListMgr,const char * data)111 void DoSomethingTestWithMyAPI0(std::shared_ptr<MissionListManager> missionListMgr, const char* data)
112 {
113 int32_t int32Param = static_cast<int32_t>(GetU32Data(data));
114 missionListMgr->RegisterMissionListener(nullptr);
115 missionListMgr->GetMissionCount();
116 missionListMgr->FindEarliestMission();
117 AbilityRequest abilityRequest;
118 missionListMgr->EnqueueWaitingAbility(abilityRequest);
119 missionListMgr->EnqueueWaitingAbilityToFront(abilityRequest);
120 missionListMgr->StartWaitingAbility();
121 missionListMgr->UnRegisterMissionListener(nullptr);
122 std::shared_ptr<AbilityRecord> targetAbilityRecord = GetFuzzAbilityRecord();
123 missionListMgr->AddRecord(abilityRequest, targetAbilityRecord);
124 std::shared_ptr<Mission> targetMission = std::make_shared<Mission>(int32Param, targetAbilityRecord);
125 missionListMgr->GetTargetMission(abilityRequest, targetMission, targetAbilityRecord);
126 missionListMgr->StartAbilityLocked(nullptr, nullptr, abilityRequest);
127 abilityRequest.want.SetParam(PARAM_APP_CLONE_INDEX_KEY, int32Param);
128 missionListMgr->GetMissionName(abilityRequest);
129 bool boolParam = *data % ENABLE;
130 missionListMgr->GetTargetMissionAndAbility(abilityRequest, targetMission, targetAbilityRecord, boolParam);
131 missionListMgr->EnableRecoverAbility(int32Param);
132 missionListMgr->GetTargetMissionList(nullptr, abilityRequest);
133 targetAbilityRecord->isLauncherAbility_ = boolParam;
134 std::shared_ptr<Mission> mission = std::make_shared<Mission>(int32Param, targetAbilityRecord);
135 missionListMgr->launcherList_->AddMissionToTop(mission);
136 missionListMgr->GetTargetMissionList(targetAbilityRecord, abilityRequest);
137 uint32_t uint32Param = static_cast<uint32_t>(GetU32Data(data));
138 abilityRequest.abilityInfo.launchMode = static_cast<LaunchMode>(uint32Param % 3); // 3 means luanch mode max enum
139 missionListMgr->GetReusedMission(abilityRequest);
140 missionListMgr->MoveNoneTopMissionToDefaultList(targetMission);
141 missionListMgr->MoveMissionListToTop(nullptr);
142 missionListMgr->MoveMissionListToTop(missionListMgr->launcherList_);
143 auto token = targetAbilityRecord->GetToken();
144 missionListMgr->GetAbilityRecordByToken(nullptr);
145 missionListMgr->GetAbilityRecordByToken(token);
146 targetAbilityRecord->currentState_ = static_cast<AAFwk::AbilityState>(uint32Param % ABILITY_STATE_MOD);
147 missionListMgr->DispatchState(targetAbilityRecord, uint32Param % ABILITY_STATE_MOD);
148 missionListMgr->CompleteForegroundSuccess(targetAbilityRecord);
149 std::shared_ptr<AbilityRecord> prevAbilityRecord = GetFuzzAbilityRecord();
150 prevAbilityRecord->isTerminating_ = boolParam;
151 prevAbilityRecord->currentState_ = static_cast<AAFwk::AbilityState>(uint32Param % ABILITY_STATE_MOD);
152 targetAbilityRecord->SetPreAbilityRecord(prevAbilityRecord);
153 missionListMgr->TerminatePreviousAbility(targetAbilityRecord);
154 missionListMgr->CompleteBackground(targetAbilityRecord);
155 }
156
DoSomethingTestWithMyAPI1(std::shared_ptr<MissionListManager> missionListMgr,const char * data,size_t size)157 void DoSomethingTestWithMyAPI1(std::shared_ptr<MissionListManager> missionListMgr, const char* data, size_t size)
158 {
159 bool boolParam = *data % ENABLE;
160 int32_t int32Param = static_cast<int32_t>(GetU32Data(data));
161 uint32_t uint32Param = static_cast<uint32_t>(GetU32Data(data));
162 MissionInfo missionInfo;
163 missionListMgr->GetMissionInfo(int32Param, missionInfo);
164 std::shared_ptr<StartOptions> startOptions = nullptr;
165 missionListMgr->MoveMissionToFront(int32Param, startOptions);
166 std::shared_ptr<AbilityRecord> callerAbility = GetFuzzAbilityRecord();
167 auto abilityRecord = GetFuzzAbilityRecord();
168 std::shared_ptr<Mission> mission = std::make_shared<Mission>(int32Param, abilityRecord);
169 missionListMgr->defaultStandardList_->AddMissionToTop(mission);
170 missionListMgr->MoveMissionToFront(int32Param, boolParam, boolParam, callerAbility, startOptions);
171 }
172
DoSomethingTestWithMyAPI2(std::shared_ptr<MissionListManager> missionListMgr,const char * data,size_t size)173 void DoSomethingTestWithMyAPI2(std::shared_ptr<MissionListManager> missionListMgr, const char* data, size_t size)
174 {
175 bool boolParam = *data % ENABLE;
176 int32_t int32Param = static_cast<int32_t>(GetU32Data(data));
177 uint32_t uint32Param = static_cast<uint32_t>(GetU32Data(data));
178 InnerMissionInfo info;
179 AbilityRequest abilityRequest = InitAbilityRequest(data);
180 missionListMgr->CreateOrReusedMissionInfo(abilityRequest, info);
181 auto abilityRecord = GetFuzzAbilityRecord();
182 abilityRecord->SetPendingState(static_cast<AAFwk::AbilityState>(GetU32Data(data) % ABILITY_STATE_MOD));
183 abilityRecord->currentState_ = static_cast<AAFwk::AbilityState>(GetU32Data(data) % ABILITY_STATE_MOD);
184 auto token = abilityRecord->GetToken();
185 std::shared_ptr<Mission> mission = std::make_shared<Mission>(int32Param, abilityRecord);
186 missionListMgr->defaultStandardList_->AddMissionToTop(mission);
187 missionListMgr->MinimizeAbility(token, boolParam);
188 missionListMgr->MoveAbilityToBackground(abilityRecord);
189 Want *resultWant = new Want();
190 int64_t int64Param = (static_cast<int64_t>(GetU32Data(data)) << OFFSET_32_VAL) + GetU32Data(data);
191 missionListMgr->BackToCallerAbilityWithResult(abilityRecord, int32Param, resultWant, int64Param);
192 }
193
DoSomethingTestWithMyAPI3(std::shared_ptr<MissionListManager> missionListMgr,const char * data,size_t size)194 void DoSomethingTestWithMyAPI3(std::shared_ptr<MissionListManager> missionListMgr, const char* data, size_t size)
195 {
196 bool boolParam = *data % ENABLE;
197 int32_t int32Param = static_cast<int32_t>(GetU32Data(data));
198 uint32_t uint32Param = static_cast<uint32_t>(GetU32Data(data));
199 auto abilityRecord = GetFuzzAbilityRecord();
200 std::shared_ptr<Mission> mission = std::make_shared<Mission>(int32Param, abilityRecord);
201 abilityRecord->SetMissionId(int32Param);
202 missionListMgr->defaultStandardList_->AddMissionToTop(mission);
203 missionListMgr->SetMissionLockedState(int32Param, boolParam);
204 const AppExecFwk::ElementName element;
205 missionListMgr->GetAbilityNumber(element);
206 missionListMgr->MoveToBackgroundTask(abilityRecord, boolParam);
207 missionListMgr->PrintTimeOutLog(abilityRecord, uint32Param, boolParam);
208 uint32_t msgId = uint32Param % ABILITY_STATE_MOD;
209 std::string stringParam(data, size);
210 missionListMgr->GetContentAndTypeId(msgId, stringParam, int32Param);
211 abilityRecord->recordId_ = int32Param;
212 missionListMgr->OnTimeOut(msgId, int32Param, boolParam);
213 missionListMgr->HandleLoadTimeout(abilityRecord);
214 auto state = static_cast<AAFwk::AbilityState>(GetU32Data(data) % ABILITY_STATE_MOD);
215 abilityRecord->currentState_ = static_cast<AAFwk::AbilityState>(GetU32Data(data) % ABILITY_STATE_MOD);
216 missionListMgr->HandleForegroundTimeout(abilityRecord, state);
217 missionListMgr->CompleteForegroundFailed(abilityRecord, state);
218 missionListMgr->HandleTimeoutAndResumeAbility(abilityRecord, state);
219 missionListMgr->DelayedResumeTimeout(abilityRecord);
220 missionListMgr->MoveToTerminateList(abilityRecord);
221 }
222
DoSomethingTestWithMyAPI4(std::shared_ptr<MissionListManager> missionListMgr,const char * data,size_t size)223 void DoSomethingTestWithMyAPI4(std::shared_ptr<MissionListManager> missionListMgr, const char* data, size_t size)
224 {
225 bool boolParam = *data % ENABLE;
226 int32_t int32Param = static_cast<int32_t>(GetU32Data(data));
227 uint32_t uint32Param = static_cast<uint32_t>(GetU32Data(data));
228 auto abilityRecord = GetFuzzAbilityRecord();
229 std::shared_ptr<Mission> mission = std::make_shared<Mission>(int32Param, abilityRecord);
230 abilityRecord->SetMissionId(int32Param);
231 abilityRecord->recordId_ = int32Param;
232 missionListMgr->defaultStandardList_->AddMissionToTop(mission);
233 missionListMgr->launcherList_->AddMissionToTop(mission);
234 missionListMgr->GetAbilityRecordByCaller(abilityRecord, int32Param);
235 missionListMgr->OnAbilityDied(abilityRecord, int32Param);
236 int64_t abilityRecordId = static_cast<int64_t>(int32Param);
237 missionListMgr->GetAbilityRecordById(abilityRecordId);
238 missionListMgr->PostStartWaitingAbility();
239 auto type = static_cast<AbilityType>(GetU32Data(data) % ABILITY_STATE_MOD);
240 const_cast<AppExecFwk::AbilityInfo&>(abilityRecord->GetAbilityInfo()).type = type;
241 auto state = static_cast<AAFwk::AbilityState>(GetU32Data(data) % ABILITY_STATE_MOD);
242 abilityRecord->currentState_ = state;
243 abilityRecord->isTerminating_ = boolParam;
244 missionListMgr->HandleAbilityDied(abilityRecord);
245 missionListMgr->DelayedStartLauncher();
246 missionListMgr->BackToLauncher();
247 auto continueState = static_cast<ContinueState>(GetU32Data(data) % ABILITY_STATE_MOD);
248 missionListMgr->SetMissionContinueState(nullptr, int32Param, continueState);
249 missionListMgr->SetMissionContinueState(abilityRecord->GetToken(), int32Param, continueState);
250 std::vector<std::string> info;
251 std::vector<std::string> params;
252 std::string stringParam(data, size);
253 missionListMgr->Dump(info);
254 missionListMgr->DumpMissionListByRecordId(info, boolParam, int32Param, params);
255 missionListMgr->DumpMissionList(info, boolParam, stringParam);
256 missionListMgr->DumpMissionInfos(info);
257 missionListMgr->DumpMission(int32Param, info);
258 auto abilityRequest = InitAbilityRequest(data);
259 abilityRequest.callType = static_cast<AbilityCallType>(GetU32Data(data) % ABILITY_STATE_MOD);
260 missionListMgr->CallAbilityLocked(abilityRequest);
261 ElementName element;
262 missionListMgr->GetAbilityRecordByName(element);
263 missionListMgr->GetAbilityRecordsByName(element);
264 auto callRecord = std::make_shared<CallRecord>(int32Param, abilityRecord, nullptr, abilityRecord->GetToken());
265 missionListMgr->OnCallConnectDied(callRecord);
266 Want want;
267 missionListMgr->OnAcceptWantResponse(want, stringParam);
268 missionListMgr->EnqueueWaitingAbility(abilityRequest);
269 missionListMgr->EnqueueWaitingAbility(abilityRequest); // add twice
270 missionListMgr->OnStartSpecifiedAbilityTimeoutResponse(want);
271 missionListMgr->GetMissionBySpecifiedFlag(want, stringParam);
272 }
273
DoSomethingInterestingWithMyAPI(const char * data,size_t size)274 bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
275 {
276 // fuzz for MissionListManager
277 int32_t int32Param = static_cast<int32_t>(GetU32Data(data));
278 auto missionListMgr = InitMissionListManager(int32Param);
279 DoSomethingTestWithMyAPI0(missionListMgr, data);
280 DoSomethingTestWithMyAPI1(missionListMgr, data, size);
281 DoSomethingTestWithMyAPI2(missionListMgr, data, size);
282 DoSomethingTestWithMyAPI3(missionListMgr, data, size);
283 DoSomethingTestWithMyAPI4(missionListMgr, data, size);
284 return true;
285 }
286 }
287
288 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)289 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
290 {
291 /* Run your code on data */
292 if (data == nullptr) {
293 return 0;
294 }
295
296 /* Validate the length of size */
297 if (size < OHOS::U32_AT_SIZE) {
298 return 0;
299 }
300
301 char* ch = static_cast<char*>(malloc(size + 1));
302 if (ch == nullptr) {
303 std::cout << "malloc failed." << std::endl;
304 return 0;
305 }
306
307 (void)memset_s(ch, size + 1, 0x00, size + 1);
308 if (memcpy_s(ch, size, data, size) != EOK) {
309 std::cout << "copy failed." << std::endl;
310 free(ch);
311 ch = nullptr;
312 return 0;
313 }
314
315 OHOS::DoSomethingInterestingWithMyAPI(ch, size);
316 free(ch);
317 ch = nullptr;
318 return 0;
319 }