• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2025 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "injectkeyevent_fuzzer.h"
17 
18 #include "multimodal_input_connect_stub.h"
19 #include "mmi_service.h"
20 #include "mmi_log.h"
21 #include "key_event.h"
22 #include <fuzzer/FuzzedDataProvider.h>
23 
24 #undef LOG_TAG
25 #define LOG_TAG "InjectKeyEventFuzzTest"
26 
27 namespace OHOS {
28 namespace MMI {
29 
30 namespace {
31 const std::u16string kInterfaceToken { u"ohos.multimodalinput.IConnectManager" };
32 constexpr int32_t kMinKeyCode = 0;
33 constexpr int32_t kMaxKeyCode = 300;
34 constexpr int32_t kMinAction  = 0;
35 constexpr int32_t kMaxAction  = 2;
36 } // namespace
37 
InjectKeyEventFuzzTest(FuzzedDataProvider & provider)38 bool InjectKeyEventFuzzTest(FuzzedDataProvider &provider)
39 {
40     std::shared_ptr<KeyEvent> ke = KeyEvent::Create();
41     if (!ke) {
42         return false;
43     }
44 
45     const int32_t keyCode = provider.ConsumeIntegralInRange<int32_t>(kMinKeyCode, kMaxKeyCode);
46     const int32_t action  = provider.ConsumeIntegralInRange<int32_t>(kMinAction, kMaxAction);
47     const bool isNativeInject = provider.ConsumeBool();
48     const int64_t downTime = provider.ConsumeIntegral<int64_t>();
49     const int64_t actionTime = provider.ConsumeIntegral<int64_t>();
50 
51     ke->SetKeyCode(keyCode);
52     ke->SetKeyAction(action);
53     ke->SetActionTime(actionTime);
54 
55     KeyEvent::KeyItem item;
56     item.SetKeyCode(keyCode);
57     item.SetDownTime(downTime);
58     item.SetDeviceId(provider.ConsumeIntegral<int32_t>());
59     ke->AddKeyItem(item);
60 
61     MessageParcel datas;
62     if (!datas.WriteInterfaceToken(kInterfaceToken)) {
63         return false;
64     }
65     if (!datas.WriteParcelable(ke.get())) {
66         return false;
67     }
68     if (!datas.WriteBool(isNativeInject)) {
69         return false;
70     }
71     if (!datas.RewindRead(0)) {
72         return false;
73     }
74     (void)provider.ConsumeRemainingBytes<uint8_t>();
75 
76     MessageParcel reply;
77     MessageOption option;
78     MMIService::GetInstance()->state_ = ServiceRunningState::STATE_RUNNING;
79     (void)MMIService::GetInstance()->OnRemoteRequest(
80         static_cast<uint32_t>(IMultimodalInputConnectIpcCode::COMMAND_INJECT_KEY_EVENT),
81         datas, reply, option);
82 
83     return true;
84 }
85 
86 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)87 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
88 {
89     if (!data || size == 0) {
90         return 0;
91     }
92     FuzzedDataProvider provider(data, size);
93     (void)OHOS::MMI::InjectKeyEventFuzzTest(provider);
94     return 0;
95 }
96 
97 } // namespace MMI
98 } // namespace OHOS