• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2025 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "bmsbundleinstallerhost_fuzzer.h"
17 
18 #define private public
19 
20 #include <cstddef>
21 #include <cstdint>
22 #include <fuzzer/FuzzedDataProvider.h>
23 
24 #include "bundle_installer_host.h"
25 #include "bundle_mgr_service.h"
26 #include "message_parcel.h"
27 #include "securec.h"
28 #include "bms_fuzztest_util.h"
29 
30 using namespace OHOS::AppExecFwk;
31 using namespace OHOS::AppExecFwk::BMSFuzzTestUtil;
32 namespace OHOS {
33 constexpr size_t U32_AT_SIZE = 4;
34 constexpr size_t MESSAGE_SIZE = 10;
35 constexpr size_t CODE_MAX = 13;
36 
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)37 bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)
38 {
39     auto bundleInstallerHost = std::make_unique<BundleInstallerHost>();
40     FuzzedDataProvider fdp(data, size);
41 #ifdef ON_64BIT_SYSTEM
42     for (uint32_t code = 0; code <= CODE_MAX; code++) {
43         MessageParcel datas;
44         std::u16string descriptor = BundleInstallerHost::GetDescriptor();
45         datas.WriteInterfaceToken(descriptor);
46         datas.WriteBuffer(data, size);
47         datas.RewindRead(0);
48         MessageParcel reply;
49         MessageOption option;
50         DelayedSingleton<BundleMgrService>::GetInstance()->OnStop();
51         bundleInstallerHost->OnRemoteRequest(code, datas, reply, option);
52     }
53 #endif
54     int32_t userId = BMSFuzzTestUtil::GenerateRandomUser(fdp);
55     int32_t appIndex = fdp.ConsumeIntegral<int32_t>();
56     int32_t dplType = fdp.ConsumeIntegral<int32_t>();
57     int32_t streamInstallerId = fdp.ConsumeIntegral<int32_t>();
58     std::string bundleFilePath = fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH);
59     std::string bundleName = fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH);
60     std::string modulePackage = fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH);
61     std::vector<std::string> bundleFilePaths = GenerateStringArray(fdp);
62     InstallParam installParam;
63     GenerateInstallParam(fdp, installParam);
64 
65     UninstallParam uninstallParam;
66     sptr<IStatusReceiver> statusReceiver;
67     std::vector<std::string> originHapPaths = GenerateStringArray(fdp);
68     bundleInstallerHost->Init();
69     bundleInstallerHost->Install(bundleFilePath, installParam, statusReceiver);
70     bundleInstallerHost->Recover(bundleName, installParam, statusReceiver);
71     bundleInstallerHost->Install(bundleFilePaths, installParam, statusReceiver);
72     bundleInstallerHost->Uninstall(bundleName, installParam, statusReceiver);
73     bundleInstallerHost->Uninstall(bundleName, modulePackage, installParam, statusReceiver);
74     bundleInstallerHost->Uninstall(uninstallParam, statusReceiver);
75     bundleInstallerHost->InstallByBundleName(bundleName, installParam, statusReceiver);
76     bundleInstallerHost->InstallSandboxApp(bundleName, dplType, userId, appIndex);
77     bundleInstallerHost->UninstallSandboxApp(bundleName, appIndex, userId);
78     bundleInstallerHost->CreateStreamInstaller(installParam, statusReceiver, originHapPaths);
79     bundleInstallerHost->DestoryBundleStreamInstaller(streamInstallerId);
80     bundleInstallerHost->StreamInstall(bundleFilePaths, installParam, statusReceiver);
81     bundleInstallerHost->UpdateBundleForSelf(bundleFilePaths, installParam, statusReceiver);
82     bundleInstallerHost->UninstallAndRecover(bundleName, installParam, statusReceiver);
83     bundleInstallerHost->GetCurTaskNum();
84     bundleInstallerHost->GetThreadsNum();
85     bundleInstallerHost->InstallCloneApp(bundleName, userId, appIndex);
86     bundleInstallerHost->UninstallCloneApp(bundleName, userId, appIndex, DestroyAppCloneParam());
87     bundleInstallerHost->InstallExisted(bundleName, userId);
88     bundleInstallerHost->CheckInstallParam(installParam);
89     InstallParam installParam2;
90     GenerateInstallParam(fdp, installParam2);
91     bundleInstallerHost->IsPermissionVaild(installParam, installParam2);
92     DestroyAppCloneParam destroyAppCloneParam;
93     Parcel parcel;
94     destroyAppCloneParam.Marshalling(parcel);
95     return true;
96 }
97 }
98 
99 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)100 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
101 {
102     OHOS::DoSomethingInterestingWithMyAPI(data, size);
103     return 0;
104 }