1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include <cstddef>
16 #include <cstdint>
17 #define private public
18 #include "concurrent_task_client.h"
19 #include "concurrent_task_service_ability.h"
20 #include "concurrent_task_controller_interface.h"
21 #undef private
22 #include "concurrent_task_service_proxy.h"
23 #include "concurrent_task_service.h"
24 #include "concurrent_task_service_stub.h"
25 #include "iservice_registry.h"
26 #include "securec.h"
27 #include "qos.h"
28 #include "qos_interface.h"
29 #include "qos_policy.h"
30 #include "concurrent_task_client.h"
31 #include "system_ability_definition.h"
32 #include "concurrent_fuzzer.h"
33
34 using namespace OHOS::ConcurrentTask;
35 using namespace OHOS::QOS;
36
37 namespace OHOS {
38 const uint8_t *g_baseFuzzData = nullptr;
39 size_t g_baseFuzzSize = 0;
40 size_t g_baseFuzzPos;
41 #define QUADRUPLE 4
42 #define LEN 4
43
44 class ConcurrentTaskServiceStubFuzer : public ConcurrentTaskServiceStub {
45 public:
46 ConcurrentTaskServiceStubFuzer() = default;
47 virtual ~ConcurrentTaskServiceStubFuzer() = default;
ReportData(uint32_t resType,int64_t value,const Json::Value & payload)48 void ReportData(uint32_t resType, int64_t value, const Json::Value& payload) override
49 {}
ReportSceneInfo(uint32_t type,const Json::Value & payload)50 void ReportSceneInfo(uint32_t type, const Json::Value& payload) override
51 {}
QueryInterval(int queryItem,IntervalReply & queryRs)52 void QueryInterval(int queryItem, IntervalReply& queryRs) override
53 {}
QueryDeadline(int queryItem,DeadlineReply & ddlReply,const Json::Value & payload)54 void QueryDeadline(int queryItem, DeadlineReply& ddlReply, const Json::Value& payload) override
55 {}
RequestAuth(const Json::Value & payload)56 void RequestAuth(const Json::Value& payload) override
57 {}
58 };
59
60 namespace {
61 constexpr int TEST_DATA_FIRST = 1;
62 constexpr int TEST_DATA_SECOND = 2;
63 constexpr int TEST_DATA_THIRD = 3;
64 constexpr int TEST_DATA_FOURTH = 4;
65 constexpr int TEST_DATA_FIFTH = 5;
66 constexpr int TEST_DATA_SIXTH = 6;
67 constexpr int TEST_DATA_SEVENTH = 7;
68 constexpr int TEST_DATA_EIGHTH = 8;
69 constexpr int TEST_DATA_TENTH = 10;
70 }
GetData()71 template <class T> T GetData()
72 {
73 T object{};
74 size_t objectSize = sizeof(object);
75 if (g_baseFuzzData == nullptr || objectSize > g_baseFuzzSize - g_baseFuzzPos) {
76 return object;
77 }
78 ErrCode ret = memcpy_s(&object, objectSize, g_baseFuzzData + g_baseFuzzPos, objectSize);
79 if (ret != ERR_OK) {
80 return {};
81 }
82 g_baseFuzzPos += objectSize;
83 return object;
84 }
85
FuzzConcurrentTaskTryConnect(const uint8_t * data,size_t size)86 bool FuzzConcurrentTaskTryConnect(const uint8_t* data, size_t size)
87 {
88 if (data == nullptr) {
89 return false;
90 }
91 if (size < sizeof(int32_t)) {
92 return false;
93 }
94 return ConcurrentTaskClient::GetInstance().TryConnect() == ERR_OK;
95 }
96
FuzzConcurrentTaskServiceReportData(const uint8_t * data,size_t size)97 bool FuzzConcurrentTaskServiceReportData(const uint8_t* data, size_t size)
98 {
99 g_baseFuzzData = data;
100 g_baseFuzzSize = size;
101 g_baseFuzzPos = 0;
102 if (size > sizeof(int) + sizeof(int)) {
103 MessageParcel data1;
104 Parcel parcel;
105 sptr<IRemoteObject> iremoteobject = IRemoteObject::Unmarshalling(parcel);
106 int intdata = GetData<int>();
107 void *voiddata = &intdata;
108 size_t size1 = sizeof(int);
109 data1.WriteRemoteObject(iremoteobject);
110 data1.WriteRawData(voiddata, size1);
111 data1.ReadRawData(size1);
112 MessageParcel reply;
113 MessageOption option;
114 uint32_t code = static_cast<uint32_t>(ConcurrentTaskInterfaceCode::REPORT_DATA);
115 ConcurrentTaskService s = ConcurrentTaskService();
116 s.OnRemoteRequest(code, data1, reply, option);
117 }
118 return true;
119 }
120
FuzzConcurrentTaskServiceReportSceneInfo(const uint8_t * data,size_t size)121 bool FuzzConcurrentTaskServiceReportSceneInfo(const uint8_t* data, size_t size)
122 {
123 g_baseFuzzData = data;
124 g_baseFuzzSize = size;
125 g_baseFuzzPos = 0;
126 if (size > sizeof(int) + sizeof(int)) {
127 MessageParcel data1;
128 Parcel parcel;
129 sptr<IRemoteObject> iremoteobject = IRemoteObject::Unmarshalling(parcel);
130 int intdata = GetData<int>();
131 void *voiddata = &intdata;
132 size_t size1 = sizeof(int);
133 data1.WriteRemoteObject(iremoteobject);
134 data1.WriteRawData(voiddata, size1);
135 data1.ReadRawData(size1);
136 MessageParcel reply;
137 MessageOption option;
138 uint32_t code = static_cast<uint32_t>(ConcurrentTaskInterfaceCode::REPORT_SCENE_INFO);
139 ConcurrentTaskService s = ConcurrentTaskService();
140 s.OnRemoteRequest(code, data1, reply, option);
141 }
142 return true;
143 }
144
FuzzConcurrentTaskServiceQueryInterval(const uint8_t * data,size_t size)145 bool FuzzConcurrentTaskServiceQueryInterval(const uint8_t* data, size_t size)
146 {
147 g_baseFuzzData = data;
148 g_baseFuzzSize = size;
149 g_baseFuzzPos = 0;
150 if (size > sizeof(int) + sizeof(int)) {
151 MessageParcel data1;
152 Parcel parcel;
153 sptr<IRemoteObject> iremoteobject = IRemoteObject::Unmarshalling(parcel);
154 int intdata = GetData<int>();
155 void *voiddata = &intdata;
156 size_t size1 = sizeof(int);
157 data1.WriteRemoteObject(iremoteobject);
158 data1.WriteRawData(voiddata, size1);
159 data1.ReadRawData(size1);
160 MessageParcel reply;
161 MessageOption option;
162 uint32_t code = static_cast<uint32_t>(ConcurrentTaskInterfaceCode::QUERY_INTERVAL);
163 ConcurrentTaskService s = ConcurrentTaskService();
164 s.OnRemoteRequest(code, data1, reply, option);
165 }
166 return true;
167 }
168
FuzzConcurrentTaskServiceQueryDeadline(const uint8_t * data,size_t size)169 bool FuzzConcurrentTaskServiceQueryDeadline(const uint8_t* data, size_t size)
170 {
171 g_baseFuzzData = data;
172 g_baseFuzzSize = size;
173 g_baseFuzzPos = 0;
174 if (size > sizeof(int) + sizeof(int)) {
175 MessageParcel data1;
176 Parcel parcel;
177 sptr<IRemoteObject> iremoteobject = IRemoteObject::Unmarshalling(parcel);
178 int intdata = GetData<int>();
179 void *voiddata = &intdata;
180 size_t size1 = sizeof(int);
181 data1.WriteRemoteObject(iremoteobject);
182 data1.WriteRawData(voiddata, size1);
183 data1.ReadRawData(size1);
184 MessageParcel reply;
185 MessageOption option;
186 uint32_t code = static_cast<uint32_t>(ConcurrentTaskInterfaceCode::QUERY_DEADLINE);
187 ConcurrentTaskService s = ConcurrentTaskService();
188 s.OnRemoteRequest(code, data1, reply, option);
189 }
190 return true;
191 }
192
FuzzConcurrentTaskServiceRequestAuth(const uint8_t * data,size_t size)193 bool FuzzConcurrentTaskServiceRequestAuth(const uint8_t* data, size_t size)
194 {
195 g_baseFuzzData = data;
196 g_baseFuzzSize = size;
197 g_baseFuzzPos = 0;
198 if (size > sizeof(int) + sizeof(int)) {
199 MessageParcel data1;
200 Parcel parcel;
201 sptr<IRemoteObject> iremoteobject = IRemoteObject::Unmarshalling(parcel);
202 int intdata = GetData<int>();
203 void *voiddata = &intdata;
204 size_t size1 = sizeof(int);
205 data1.WriteRemoteObject(iremoteobject);
206 data1.WriteRawData(voiddata, size1);
207 data1.ReadRawData(size1);
208 MessageParcel reply;
209 MessageOption option;
210 uint32_t code = static_cast<uint32_t>(ConcurrentTaskInterfaceCode::REQUEST_AUTH);
211 ConcurrentTaskService s = ConcurrentTaskService();
212 s.OnRemoteRequest(code, data1, reply, option);
213 }
214 return true;
215 }
216
FuzzConcurrentTaskServiceStopRemoteObject(const uint8_t * data,size_t size)217 bool FuzzConcurrentTaskServiceStopRemoteObject(const uint8_t* data, size_t size)
218 {
219 g_baseFuzzData = data;
220 g_baseFuzzSize = size;
221 g_baseFuzzPos = 0;
222 ConcurrentTaskClient::GetInstance().StopRemoteObject();
223 return true;
224 }
225
FuzzConcurrentTaskServiceSetThreadQos(const uint8_t * data,size_t size)226 bool FuzzConcurrentTaskServiceSetThreadQos(const uint8_t* data, size_t size)
227 {
228 g_baseFuzzData = data;
229 g_baseFuzzSize = size;
230 g_baseFuzzPos = 0;
231 if (size > sizeof(int) + sizeof(int)) {
232 int level = GetData<int>();
233 level = level % TEST_DATA_TENTH;
234 if (level == TEST_DATA_FIFTH || level == TEST_DATA_SECOND) {
235 QOS::SetThreadQos(QOS::QosLevel::QOS_BACKGROUND);
236 } else if (level == TEST_DATA_THIRD || level == TEST_DATA_FOURTH) {
237 QOS::SetThreadQos(QOS::QosLevel::QOS_UTILITY);
238 } else if (level == TEST_DATA_FIFTH || level == TEST_DATA_SIXTH) {
239 QOS::SetThreadQos(QOS::QosLevel::QOS_DEFAULT);
240 } else if (level == TEST_DATA_SEVENTH || level == TEST_DATA_EIGHTH) {
241 QOS::SetThreadQos(QOS::QosLevel::QOS_USER_INITIATED);
242 }
243 }
244 return true;
245 }
246
FuzzConcurrentTaskServiceSetQosForOtherThread(const uint8_t * data,size_t size)247 bool FuzzConcurrentTaskServiceSetQosForOtherThread(const uint8_t* data, size_t size)
248 {
249 g_baseFuzzData = data;
250 g_baseFuzzSize = size;
251 g_baseFuzzPos = 0;
252 if (size > sizeof(int) + sizeof(int)) {
253 int level = GetData<int>();
254 int tid = GetData<int>();
255 level = level % TEST_DATA_TENTH;
256 if (level == TEST_DATA_FIRST || level == TEST_DATA_SECOND) {
257 QOS::SetQosForOtherThread(QOS::QosLevel::QOS_BACKGROUND, tid);
258 } else if (level == TEST_DATA_THIRD || level == TEST_DATA_FOURTH) {
259 QOS::SetQosForOtherThread(QOS::QosLevel::QOS_UTILITY, tid);
260 } else if (level == TEST_DATA_FIFTH || level == TEST_DATA_SIXTH) {
261 QOS::SetQosForOtherThread(QOS::QosLevel::QOS_DEFAULT, tid);
262 } else if (level == TEST_DATA_SEVENTH || level == TEST_DATA_EIGHTH) {
263 QOS::SetQosForOtherThread(QOS::QosLevel::QOS_USER_INITIATED, tid);
264 }
265 }
266 return true;
267 }
268
FuzzConcurrentTaskServiceResetThreadQos(const uint8_t * data,size_t size)269 bool FuzzConcurrentTaskServiceResetThreadQos(const uint8_t* data, size_t size)
270 {
271 g_baseFuzzData = data;
272 g_baseFuzzSize = size;
273 g_baseFuzzPos = 0;
274 QOS::ResetThreadQos();
275 return true;
276 }
277
FuzzConcurrentTaskServiceResetQosForOtherThread(const uint8_t * data,size_t size)278 bool FuzzConcurrentTaskServiceResetQosForOtherThread(const uint8_t* data, size_t size)
279 {
280 g_baseFuzzData = data;
281 g_baseFuzzSize = size;
282 g_baseFuzzPos = 0;
283 if (size > sizeof(int) + sizeof(int)) {
284 int tid = GetData<int>();
285 QOS::ResetQosForOtherThread(tid);
286 }
287 return true;
288 }
289
FuzzQosPolicyInit(const uint8_t * data,size_t size)290 void FuzzQosPolicyInit(const uint8_t* data, size_t size)
291 {
292 g_baseFuzzData = data;
293 g_baseFuzzSize = size;
294 g_baseFuzzPos = 0;
295 QosPolicy qosPolicy;
296 qosPolicy.Init();
297 return;
298 }
299
FuzzQosInterfaceEnableRtg(const uint8_t * data,size_t size)300 bool FuzzQosInterfaceEnableRtg(const uint8_t* data, size_t size)
301 {
302 g_baseFuzzData = data;
303 g_baseFuzzSize = size;
304 g_baseFuzzPos = 0;
305 if (size > sizeof(int) + sizeof(int)) {
306 bool flag = GetData<bool>();
307 EnableRtg(flag);
308 }
309 return true;
310 }
311
FuzzQosInterfaceQosLeave(const uint8_t * data,size_t size)312 bool FuzzQosInterfaceQosLeave(const uint8_t* data, size_t size)
313 {
314 g_baseFuzzData = data;
315 g_baseFuzzSize = size;
316 g_baseFuzzPos = 0;
317 QosLeave();
318 return true;
319 }
320
FuzzConcurrentTaskServiceAbilityOnStart(const uint8_t * data,size_t size)321 bool FuzzConcurrentTaskServiceAbilityOnStart(const uint8_t* data, size_t size)
322 {
323 g_baseFuzzData = data;
324 g_baseFuzzSize = size;
325 g_baseFuzzPos = 0;
326 bool runOnCreate = true;
327 if (size > sizeof(int32_t) + sizeof(int32_t)) {
328 int32_t sysAbilityId = GetData<int32_t>();
329 if ((sysAbilityId > ASSET_SERVICE_ID) && (sysAbilityId < VENDOR_SYS_ABILITY_ID_BEGIN)) {
330 ConcurrentTaskServiceAbility concurrenttaskserviceability =
331 ConcurrentTaskServiceAbility(sysAbilityId, runOnCreate);
332 concurrenttaskserviceability.OnStart();
333 }
334 }
335 return true;
336 }
337
FuzzConcurrentTaskServiceAbilityOnStop(const uint8_t * data,size_t size)338 bool FuzzConcurrentTaskServiceAbilityOnStop(const uint8_t* data, size_t size)
339 {
340 g_baseFuzzData = data;
341 g_baseFuzzSize = size;
342 g_baseFuzzPos = 0;
343 bool runOnCreate = true;
344 if (size > sizeof(int32_t) + sizeof(int32_t)) {
345 int32_t sysAbilityId = GetData<int32_t>();
346 if ((sysAbilityId > ASSET_SERVICE_ID) && (sysAbilityId < VENDOR_SYS_ABILITY_ID_BEGIN)) {
347 ConcurrentTaskServiceAbility concurrenttaskserviceability =
348 ConcurrentTaskServiceAbility(sysAbilityId, runOnCreate);
349 concurrenttaskserviceability.OnStop();
350 }
351 }
352 return true;
353 }
354
FuzzConcurrentTaskServiceAbilityOnAddSystemAbility(const uint8_t * data,size_t size)355 bool FuzzConcurrentTaskServiceAbilityOnAddSystemAbility(const uint8_t* data, size_t size)
356 {
357 g_baseFuzzData = data;
358 g_baseFuzzSize = size;
359 g_baseFuzzPos = 0;
360 if (size > sizeof(int32_t) + sizeof(int32_t) + sizeof(int32_t)) {
361 bool runOnCreate = true;
362 int32_t sysAbilityId = GetData<int32_t>();
363 int32_t taskServiceId = GetData<int32_t>();
364 std::string deviceId = std::to_string(GetData<int32_t>());
365 if ((sysAbilityId > ASSET_SERVICE_ID && sysAbilityId < VENDOR_SYS_ABILITY_ID_BEGIN) &&
366 (taskServiceId > ASSET_SERVICE_ID && taskServiceId < VENDOR_SYS_ABILITY_ID_BEGIN)) {
367 ConcurrentTaskServiceAbility concurrenttaskserviceability =
368 ConcurrentTaskServiceAbility(taskServiceId, runOnCreate);
369 concurrenttaskserviceability.OnAddSystemAbility(sysAbilityId, deviceId);
370 }
371 }
372 return true;
373 }
374
FuzzConcurrentTaskServiceAbilityOnRemoveSystemAbility(const uint8_t * data,size_t size)375 bool FuzzConcurrentTaskServiceAbilityOnRemoveSystemAbility(const uint8_t* data, size_t size)
376 {
377 g_baseFuzzData = data;
378 g_baseFuzzSize = size;
379 g_baseFuzzPos = 0;
380 if (size > sizeof(int32_t) + sizeof(int32_t) + sizeof(int32_t)) {
381 bool runOnCreate = true;
382 int32_t sysAbilityId = GetData<int32_t>();
383 int32_t taskServiceId = GetData<int32_t>();
384 std::string deviceId = std::to_string(GetData<int32_t>());
385 if ((sysAbilityId > ASSET_SERVICE_ID && sysAbilityId < VENDOR_SYS_ABILITY_ID_BEGIN) &&
386 (taskServiceId > ASSET_SERVICE_ID && taskServiceId < VENDOR_SYS_ABILITY_ID_BEGIN)) {
387 ConcurrentTaskServiceAbility concurrenttaskserviceability =
388 ConcurrentTaskServiceAbility(taskServiceId, runOnCreate);
389 concurrenttaskserviceability.OnRemoveSystemAbility(sysAbilityId, deviceId);
390 }
391 }
392 return true;
393 }
394
FuzzConcurrentTaskServiceStubReportData(const uint8_t * data,size_t size)395 bool FuzzConcurrentTaskServiceStubReportData(const uint8_t* data, size_t size)
396 {
397 g_baseFuzzData = data;
398 g_baseFuzzSize = size;
399 g_baseFuzzPos = 0;
400 if (size > sizeof(uint32_t) + sizeof(int64_t) + sizeof(uint32_t) + sizeof(uint32_t)) {
401 ConcurrentTaskService s = ConcurrentTaskService();
402 uint32_t resType = GetData<uint32_t>();
403 int64_t value = GetData<int64_t>();
404 Json::Value jsValue;
405 jsValue["1111"] = std::to_string(GetData<uint32_t>());
406 jsValue["2222"] = std::to_string(GetData<uint32_t>());
407 s.ReportData(resType, value, jsValue);
408 }
409 return true;
410 }
411
FuzzConcurrentTaskServiceStubReportSceneInfo(const uint8_t * data,size_t size)412 bool FuzzConcurrentTaskServiceStubReportSceneInfo(const uint8_t* data, size_t size)
413 {
414 g_baseFuzzData = data;
415 g_baseFuzzSize = size;
416 g_baseFuzzPos = 0;
417 if (size > sizeof(uint32_t) + sizeof(uint32_t) + sizeof(uint32_t)) {
418 ConcurrentTaskService s = ConcurrentTaskService();
419 uint32_t type = GetData<uint32_t>();
420 Json::Value jsValue;
421 jsValue["1111"] = std::to_string(GetData<uint32_t>());
422 jsValue["2222"] = std::to_string(GetData<uint32_t>());
423 s.ReportSceneInfo(type, jsValue);
424 }
425 return true;
426 }
427
FuzzConcurrentTaskServiceStubQueryInterval(const uint8_t * data,size_t size)428 bool FuzzConcurrentTaskServiceStubQueryInterval(const uint8_t* data, size_t size)
429 {
430 g_baseFuzzData = data;
431 g_baseFuzzSize = size;
432 g_baseFuzzPos = 0;
433 if (size > sizeof(int) + sizeof(int)) {
434 ConcurrentTaskService s = ConcurrentTaskService();
435 int queryItem = GetData<int>();
436 queryItem = queryItem % (QURRY_TYPE_MAX + 1);
437 IntervalReply queryRs;
438 s.QueryInterval(queryItem, queryRs);
439 }
440 return true;
441 }
442
FuzzConcurrentTaskServiceStubQueryDeadline(const uint8_t * data,size_t size)443 bool FuzzConcurrentTaskServiceStubQueryDeadline(const uint8_t* data, size_t size)
444 {
445 g_baseFuzzData = data;
446 g_baseFuzzSize = size;
447 g_baseFuzzPos = 0;
448 if (size > sizeof(int) + sizeof(int) + sizeof(int)) {
449 int deadlineType = GetData<int>();
450 deadlineType = deadlineType % (MSG_GAME + 1);
451 DeadlineReply queryRs;
452 Json::Value jsValue;
453 jsValue["2123"] = std::to_string(GetData<int>());
454 jsValue["2333"] = std::to_string(GetData<int>());
455 ConcurrentTaskService s = ConcurrentTaskService();
456 s.QueryDeadline(deadlineType, queryRs, jsValue);
457 }
458 return true;
459 }
460
FuzzConcurrentTaskServiceStubRequestAuth(const uint8_t * data,size_t size)461 bool FuzzConcurrentTaskServiceStubRequestAuth(const uint8_t* data, size_t size)
462 {
463 g_baseFuzzData = data;
464 g_baseFuzzSize = size;
465 g_baseFuzzPos = 0;
466 if (size > sizeof(int) + sizeof(int)) {
467 Json::Value payload;
468 payload["2187"] = std::to_string(GetData<int>());
469 payload["2376"] = std::to_string(GetData<int>());
470 ConcurrentTaskService s = ConcurrentTaskService();
471 s.RequestAuth(payload);
472 }
473 return true;
474 }
475
FuzzConcurrentTaskServiceStubQueryDeadlineInner(const uint8_t * data,size_t size)476 bool FuzzConcurrentTaskServiceStubQueryDeadlineInner(const uint8_t* data, size_t size)
477 {
478 g_baseFuzzData = data;
479 g_baseFuzzSize = size;
480 g_baseFuzzPos = 0;
481 MessageParcel data4;
482 int32_t intData;
483 data4.WriteInterfaceToken(ConcurrentTaskServiceStub::GetDescriptor());
484 if (size >= sizeof(int32_t)) {
485 const char *str2;
486 intData = GetData<int32_t>();
487 str2 = reinterpret_cast<const char*>(data + g_baseFuzzPos);
488 size_t size1 = (size - g_baseFuzzPos) > LEN ? LEN : (size - g_baseFuzzPos);
489 std::string str(str2, size1);
490 data4.WriteInt32(intData);
491 data4.WriteString(str);
492 } else if (size > 0) {
493 intData = GetData<int32_t>();
494 data4.WriteInt32(intData);
495 }
496
497 MessageParcel reply;
498 ConcurrentTaskServiceStubFuzer s = ConcurrentTaskServiceStubFuzer();
499 s.QueryDeadlineInner(data4, reply);
500 return true;
501 }
502
FuzzConcurrentTaskServiceStubRequestAuthInner(const uint8_t * data,size_t size)503 bool FuzzConcurrentTaskServiceStubRequestAuthInner(const uint8_t* data, size_t size)
504 {
505 if (data == nullptr) {
506 return false;
507 }
508
509 MessageParcel data3;
510 data3.WriteInterfaceToken(ConcurrentTaskServiceStub::GetDescriptor());
511 if (size >= sizeof(int)) {
512 const char *data1 = reinterpret_cast<const char*>(data);
513 size_t size1 = size > LEN ? LEN : size;
514 std::string str1(data1, size1);
515 data3.WriteString(str1);
516 } else if (size == 0) {
517 std::string str1 = "";
518 data3.WriteString(str1);
519 }
520
521 MessageParcel reply;
522 ConcurrentTaskServiceStubFuzer s = ConcurrentTaskServiceStubFuzer();
523 s.RequestAuthInner(data3, reply);
524 return true;
525 }
526
FuzzConcurrentTaskServiceStringToJson(const uint8_t * data,size_t size)527 bool FuzzConcurrentTaskServiceStringToJson(const uint8_t* data, size_t size)
528 {
529 const char *data1 = reinterpret_cast<const char*>(data);
530 size_t size1 = size > LEN ? LEN : size;
531 std::string str(data1, size1);
532 ConcurrentTaskServiceStubFuzer s = ConcurrentTaskServiceStubFuzer();
533 s.StringToJson(str);
534 return true;
535 }
536
FuzzConcurrentTaskClientQueryInterval(const uint8_t * data,size_t size)537 bool FuzzConcurrentTaskClientQueryInterval(const uint8_t* data, size_t size)
538 {
539 g_baseFuzzData = data;
540 g_baseFuzzSize = size;
541 g_baseFuzzPos = 0;
542 if (size > sizeof(int) + sizeof(int)) {
543 int queryItem = GetData<int>();
544 queryItem = queryItem % (QURRY_TYPE_MAX + 1);
545 IntervalReply queryRs;
546 ConcurrentTaskClient::GetInstance().QueryInterval(queryItem, queryRs);
547 }
548 return true;
549 }
550
FuzzConcurrentTaskClientQueryDeadline(const uint8_t * data,size_t size)551 bool FuzzConcurrentTaskClientQueryDeadline(const uint8_t* data, size_t size)
552 {
553 g_baseFuzzData = data;
554 g_baseFuzzSize = size;
555 g_baseFuzzPos = 0;
556 if (size > sizeof(int) + sizeof(pid_t) + sizeof(uint32_t)) {
557 int queryItem = GetData<int>();
558 queryItem = queryItem % (QURRY_TYPE_MAX + 1);
559 DeadlineReply ddlReply;
560 pid_t pid = GetData<pid_t>();
561 uint32_t qos = GetData<uint32_t>();
562 std::unordered_map<pid_t, uint32_t> mapPayload;
563 mapPayload.insert(std::pair<pid_t, uint32_t>(pid, qos));
564 ConcurrentTaskClient::GetInstance().QueryDeadline(queryItem, ddlReply, mapPayload);
565 }
566 return true;
567 }
568
FuzzConcurrentTaskClinetRequestAuth(const uint8_t * data,size_t size)569 bool FuzzConcurrentTaskClinetRequestAuth(const uint8_t* data, size_t size)
570 {
571 g_baseFuzzData = data;
572 g_baseFuzzSize = size;
573 g_baseFuzzPos = 0;
574 if (size > sizeof(int32_t)) {
575 MessageParcel data1;
576 std::unordered_map<std::string, std::string> mapPayload;
577 mapPayload["2182"] = std::to_string(GetData<int32_t>());
578 ConcurrentTaskClient::GetInstance().RequestAuth(mapPayload);
579 }
580 return true;
581 }
582
FuzzConcurrentTaskClientTryConnect(const uint8_t * data,size_t size)583 bool FuzzConcurrentTaskClientTryConnect(const uint8_t* data, size_t size)
584 {
585 g_baseFuzzData = data;
586 g_baseFuzzSize = size;
587 g_baseFuzzPos = 0;
588 ConcurrentTaskClient::GetInstance().TryConnect();
589 return true;
590 }
591
FuzzConcurrentTaskClientStopRemoteObject(const uint8_t * data,size_t size)592 bool FuzzConcurrentTaskClientStopRemoteObject(const uint8_t* data, size_t size)
593 {
594 g_baseFuzzData = data;
595 g_baseFuzzSize = size;
596 g_baseFuzzPos = 0;
597 ConcurrentTaskClient::GetInstance().StopRemoteObject();
598 return true;
599 }
600
FuzzConcurrentTaskServiceProxyReportData(const uint8_t * data,size_t size)601 bool FuzzConcurrentTaskServiceProxyReportData(const uint8_t* data, size_t size)
602 {
603 g_baseFuzzData = data;
604 g_baseFuzzSize = size;
605 g_baseFuzzPos = 0;
606 if (size >= sizeof(uint32_t) + sizeof(int64_t) + sizeof(int32_t)) {
607 uint32_t intdata1 = GetData<int32_t>();
608 int64_t intdata2 = GetData<int64_t>();
609 Json::Value payload;
610 payload["2123"] = std::to_string(GetData<int32_t>());
611 sptr<ISystemAbilityManager> systemAbilityManager =
612 SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
613 sptr<IRemoteObject> remoteObject = systemAbilityManager->GetSystemAbility(CONCURRENT_TASK_SERVICE_ID);
614 ConcurrentTaskServiceProxy s = ConcurrentTaskServiceProxy(remoteObject);
615 s.ReportData(intdata1, intdata2, payload);
616 }
617 return true;
618 }
619
FuzzConcurrentTaskServiceProxyReportSceneInfo(const uint8_t * data,size_t size)620 bool FuzzConcurrentTaskServiceProxyReportSceneInfo(const uint8_t* data, size_t size)
621 {
622 g_baseFuzzData = data;
623 g_baseFuzzSize = size;
624 g_baseFuzzPos = 0;
625 if (size >= sizeof(uint32_t) + sizeof(int32_t)) {
626 uint32_t intdata1 = GetData<int32_t>();
627 Json::Value payload;
628 payload["2123"] = std::to_string(GetData<int32_t>());
629 sptr<ISystemAbilityManager> systemAbilityManager =
630 SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
631 sptr<IRemoteObject> remoteObject = systemAbilityManager->GetSystemAbility(CONCURRENT_TASK_SERVICE_ID);
632 ConcurrentTaskServiceProxy s = ConcurrentTaskServiceProxy(remoteObject);
633 s.ReportSceneInfo(intdata1, payload);
634 }
635 return true;
636 }
637
FuzzConcurrentTaskServiceProxyQueryInterval(const uint8_t * data,size_t size)638 bool FuzzConcurrentTaskServiceProxyQueryInterval(const uint8_t* data, size_t size)
639 {
640 g_baseFuzzData = data;
641 g_baseFuzzSize = size;
642 g_baseFuzzPos = 0;
643 IntervalReply queryRs;
644 queryRs.rtgId = -1;
645 queryRs.paramA = -1;
646 queryRs.paramB = -1;
647 sptr<ISystemAbilityManager> systemAbilityManager =
648 SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
649 sptr<IRemoteObject> remoteObject = systemAbilityManager->GetSystemAbility(CONCURRENT_TASK_SERVICE_ID);
650 if (size >= sizeof(int) + sizeof(int)) {
651 int intdata1 = GetData<int>();
652 queryRs.tid = GetData<int>();
653 ConcurrentTaskServiceProxy s = ConcurrentTaskServiceProxy(remoteObject);
654 s.QueryInterval(intdata1, queryRs);
655 } else if (size >= sizeof(int)) {
656 int queryItem = 12345;
657 queryRs.tid = GetData<int>();
658 ConcurrentTaskServiceProxy s = ConcurrentTaskServiceProxy(remoteObject);
659 s.QueryInterval(queryItem, queryRs);
660 }
661 return true;
662 }
663
FuzzConcurrentTaskServiceProxyQueryDeadline(const uint8_t * data,size_t size)664 bool FuzzConcurrentTaskServiceProxyQueryDeadline(const uint8_t* data, size_t size)
665 {
666 g_baseFuzzData = data;
667 g_baseFuzzSize = size;
668 g_baseFuzzPos = 0;
669 if (size >= sizeof(int) + sizeof(int)) {
670 int queryItem = GetData<int>();
671 queryItem = queryItem % (QURRY_TYPE_MAX + 1);
672 DeadlineReply ddlReply;
673 Json::Value payload;
674 payload["2147"] = std::to_string(GetData<int>());
675 sptr<ISystemAbilityManager> systemAbilityManager =
676 SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
677 sptr<IRemoteObject> remoteObject = systemAbilityManager->GetSystemAbility(CONCURRENT_TASK_SERVICE_ID);
678 ConcurrentTaskServiceProxy s = ConcurrentTaskServiceProxy(remoteObject);
679 s.QueryDeadline(queryItem, ddlReply, payload);
680 }
681 return true;
682 }
683
FuzzConcurrentTaskServiceProxyRequestAuth(const uint8_t * data,size_t size)684 bool FuzzConcurrentTaskServiceProxyRequestAuth(const uint8_t* data, size_t size)
685 {
686 g_baseFuzzData = data;
687 g_baseFuzzSize = size;
688 g_baseFuzzPos = 0;
689 if (size >= sizeof(int)) {
690 Json::Value payload;
691 payload["2147"] = std::to_string(GetData<int>());
692 sptr<ISystemAbilityManager> systemAbilityManager =
693 SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
694 sptr<IRemoteObject> remoteObject = systemAbilityManager->GetSystemAbility(CONCURRENT_TASK_SERVICE_ID);
695 ConcurrentTaskServiceProxy s = ConcurrentTaskServiceProxy(remoteObject);
696 s.RequestAuth(payload);
697 }
698 return true;
699 }
700
701
FuzzConcurrentTaskControllerInterfaceReportData(const uint8_t * data,size_t size)702 bool FuzzConcurrentTaskControllerInterfaceReportData(const uint8_t* data, size_t size)
703 {
704 g_baseFuzzData = data;
705 g_baseFuzzSize = size;
706 g_baseFuzzPos = 0;
707 if (size > sizeof(uint32_t) + sizeof(int64_t) + sizeof(uint32_t) + sizeof(uint32_t)) {
708 uint32_t resType = GetData<uint32_t>();
709 int64_t value = GetData<int64_t>();
710 Json::Value jsValue;
711 jsValue["1111"] = std::to_string(GetData<uint32_t>());
712 jsValue["2222"] = std::to_string(GetData<uint32_t>());
713 TaskControllerInterface::GetInstance().ReportData(resType, value, jsValue);
714 }
715 return true;
716 }
717
FuzzConcurrentTaskControllerInterfaceReportSceneInfo(const uint8_t * data,size_t size)718 bool FuzzConcurrentTaskControllerInterfaceReportSceneInfo(const uint8_t* data, size_t size)
719 {
720 g_baseFuzzData = data;
721 g_baseFuzzSize = size;
722 g_baseFuzzPos = 0;
723 if (size > sizeof(uint32_t) + sizeof(uint32_t) + sizeof(uint32_t)) {
724 uint32_t resType = GetData<uint32_t>();
725 Json::Value jsValue;
726 jsValue["1111"] = std::to_string(GetData<uint32_t>());
727 jsValue["2222"] = std::to_string(GetData<uint32_t>());
728 TaskControllerInterface::GetInstance().ReportSceneInfo(resType, jsValue);
729 }
730 return true;
731 }
732
FuzzConcurrentTaskControllerInterfaceQueryInterval(const uint8_t * data,size_t size)733 bool FuzzConcurrentTaskControllerInterfaceQueryInterval(const uint8_t* data, size_t size)
734 {
735 g_baseFuzzData = data;
736 g_baseFuzzSize = size;
737 g_baseFuzzPos = 0;
738 if (size > sizeof(int) + sizeof(int)) {
739 ConcurrentTaskService s = ConcurrentTaskService();
740 int queryItem = GetData<int>();
741 queryItem = queryItem % (QURRY_TYPE_MAX + 1);
742 IntervalReply queryRs;
743 TaskControllerInterface::GetInstance().QueryInterval(queryItem, queryRs);
744 }
745 return true;
746 }
747
FuzzConcurrentTaskControllerInterfaceQueryDeadline(const uint8_t * data,size_t size)748 bool FuzzConcurrentTaskControllerInterfaceQueryDeadline(const uint8_t* data, size_t size)
749 {
750 g_baseFuzzData = data;
751 g_baseFuzzSize = size;
752 g_baseFuzzPos = 0;
753 if (size > sizeof(int) + sizeof(int) + sizeof(int)) {
754 int deadlineType = GetData<int>();
755 deadlineType = deadlineType % (MSG_GAME + 1);
756 DeadlineReply queryRs;
757 Json::Value jsValue;
758 jsValue["2123"] = std::to_string(GetData<int>());
759 jsValue["2333"] = std::to_string(GetData<int>());
760 ConcurrentTaskService s = ConcurrentTaskService();
761 TaskControllerInterface::GetInstance().QueryDeadline(deadlineType, queryRs, jsValue);
762 }
763 return true;
764 }
765
FuzzConcurrentTaskControllerInterfaceRequestAuth(const uint8_t * data,size_t size)766 bool FuzzConcurrentTaskControllerInterfaceRequestAuth(const uint8_t* data, size_t size)
767 {
768 g_baseFuzzData = data;
769 g_baseFuzzSize = size;
770 g_baseFuzzPos = 0;
771 if (size > sizeof(int) + sizeof(int)) {
772 Json::Value payload;
773 payload["2187"] = std::to_string(GetData<int>());
774 payload["2376"] = std::to_string(GetData<int>());
775 ConcurrentTaskService s = ConcurrentTaskService();
776 TaskControllerInterface::GetInstance().RequestAuth(payload);
777 }
778 return true;
779 }
780
FuzzConcurrentTaskControllerInterfaceInit(const uint8_t * data,size_t size)781 bool FuzzConcurrentTaskControllerInterfaceInit(const uint8_t* data, size_t size)
782 {
783 TaskControllerInterface::GetInstance().Init();
784 return true;
785 }
786
FuzzConcurrentTaskControllerInterfaceRelease(const uint8_t * data,size_t size)787 bool FuzzConcurrentTaskControllerInterfaceRelease(const uint8_t* data, size_t size)
788 {
789 TaskControllerInterface::GetInstance().Release();
790 return true;
791 }
792
FuzzQosControllerGetThreadQosForOtherThread(const uint8_t * data,size_t size)793 bool FuzzQosControllerGetThreadQosForOtherThread(const uint8_t* data, size_t size)
794 {
795 g_baseFuzzData = data;
796 g_baseFuzzSize = size;
797 g_baseFuzzPos = 0;
798 if (size > sizeof(int)) {
799 enum QosLevel level;
800 int32_t tid = GetData<int>();
801 QosController::GetInstance().GetThreadQosForOtherThread(level, tid);
802 }
803 return true;
804 }
805 } // namespace OHOS
806
TaskControllerFuzzTestSuit(const uint8_t * data,size_t size)807 static void TaskControllerFuzzTestSuit(const uint8_t *data, size_t size)
808 {
809 OHOS::FuzzQosControllerGetThreadQosForOtherThread(data, size);
810 }
811
812 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)813 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
814 {
815 /* Run your code on data */
816 OHOS::FuzzConcurrentTaskTryConnect(data, size);
817 OHOS::FuzzConcurrentTaskServiceReportData(data, size);
818 OHOS::FuzzConcurrentTaskServiceReportSceneInfo(data, size);
819 OHOS::FuzzConcurrentTaskServiceRequestAuth(data, size);
820 OHOS::FuzzConcurrentTaskServiceQueryInterval(data, size);
821 OHOS::FuzzConcurrentTaskServiceStopRemoteObject(data, size);
822 OHOS::FuzzConcurrentTaskServiceSetThreadQos(data, size);
823 OHOS::FuzzConcurrentTaskServiceSetQosForOtherThread(data, size);
824 OHOS::FuzzConcurrentTaskServiceResetThreadQos(data, size);
825 OHOS::FuzzConcurrentTaskServiceResetQosForOtherThread(data, size);
826 OHOS::FuzzConcurrentTaskServiceQueryDeadline(data, size);
827 OHOS::FuzzQosPolicyInit(data, size);
828 OHOS::FuzzQosInterfaceEnableRtg(data, size);
829 OHOS::FuzzQosInterfaceQosLeave(data, size);
830 OHOS::FuzzConcurrentTaskServiceStubReportData(data, size);
831 OHOS::FuzzConcurrentTaskServiceStubReportSceneInfo(data, size);
832 OHOS::FuzzConcurrentTaskServiceStubQueryInterval(data, size);
833 OHOS::FuzzConcurrentTaskServiceStubQueryDeadline(data, size);
834 OHOS::FuzzConcurrentTaskServiceStubRequestAuth(data, size);
835 OHOS::FuzzConcurrentTaskServiceAbilityOnStart(data, size);
836 OHOS::FuzzConcurrentTaskServiceAbilityOnStop(data, size);
837 OHOS::FuzzConcurrentTaskServiceAbilityOnAddSystemAbility(data, size);
838 OHOS::FuzzConcurrentTaskServiceAbilityOnRemoveSystemAbility(data, size);
839 OHOS::FuzzConcurrentTaskServiceStubQueryDeadlineInner(data, size);
840 OHOS::FuzzConcurrentTaskServiceStubRequestAuthInner(data, size);
841 OHOS::FuzzConcurrentTaskServiceStringToJson(data, size);
842 OHOS::FuzzConcurrentTaskClientQueryInterval(data, size);
843 OHOS::FuzzConcurrentTaskServiceStubQueryDeadline(data, size);
844 OHOS::FuzzConcurrentTaskClinetRequestAuth(data, size);
845 OHOS::FuzzConcurrentTaskClientTryConnect(data, size);
846 OHOS::FuzzConcurrentTaskClientStopRemoteObject(data, size);
847 OHOS::FuzzConcurrentTaskServiceProxyReportData(data, size);
848 OHOS::FuzzConcurrentTaskServiceProxyReportSceneInfo(data, size);
849 OHOS::FuzzConcurrentTaskServiceProxyQueryInterval(data, size);
850 OHOS::FuzzConcurrentTaskServiceProxyQueryDeadline(data, size);
851 OHOS::FuzzConcurrentTaskServiceProxyRequestAuth(data, size);
852 TaskControllerFuzzTestSuit(data, size);
853 return 0;
854 }
855