1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #define private public
17 #include <cstddef>
18 #include <cstdint>
19 #include <fuzzer/FuzzedDataProvider.h>
20
21 #include "parcel.h"
22
23 #include "bmsquickfixchecker_fuzzer.h"
24 #include "bms_fuzztest_util.h"
25 #include "quick_fix_checker.h"
26
27 using namespace OHOS::AppExecFwk;
28 using namespace OHOS::AppExecFwk::BMSFuzzTestUtil;
29 namespace OHOS {
30 const std::string BUNDLE_NAME_MMS = "com.ohos.mms";
31 const std::string BUNDLE_NAME_DEMO = "com.ohos.demo";
32 const std::string MODULE_NAME = "entry";
33 const uint32_t QUICK_FIX_VERSION_CODE = 1;
34 const uint32_t BUNDLE_VERSION_CODE = 2;
35 const std::string QUICK_FIX_VERSION_NAME = "1.0";
36 const std::string BUNDLE_VERSION_NAME = "1.0";
CreateAppQuickFix()37 AppQuickFix CreateAppQuickFix()
38 {
39 AppqfInfo appInfo;
40 appInfo.versionCode = QUICK_FIX_VERSION_CODE;
41 appInfo.versionName = QUICK_FIX_VERSION_NAME;
42 appInfo.type = QuickFixType::PATCH;
43 appInfo.nativeLibraryPath = "data/";
44 HqfInfo hqfInfo;
45 hqfInfo.moduleName = "entry";
46 hqfInfo.type = QuickFixType::PATCH;
47 hqfInfo.nativeLibraryPath = "data/";
48 appInfo.hqfInfos.push_back(hqfInfo);
49 AppQuickFix appQuickFix;
50 appQuickFix.bundleName = BUNDLE_NAME_MMS;
51 appQuickFix.versionCode = BUNDLE_VERSION_CODE;
52 appQuickFix.versionName = BUNDLE_VERSION_NAME;
53 appQuickFix.deployingAppqfInfo = appInfo;
54 return appQuickFix;
55 }
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)56 bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)
57 {
58 FuzzedDataProvider fdp(data, size);
59 QuickFixChecker quickFixChecker;
60 std::vector<std::string> bundlePaths = { fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH) };
61 std::vector<Security::Verify::HapVerifyResult> hapVerifyRes;
62 quickFixChecker.CheckMultipleHqfsSignInfo(bundlePaths, hapVerifyRes);
63 std::unordered_map<std::string, AppQuickFix> infos;
64 AppQuickFix appQuickFix = CreateAppQuickFix();
65 infos.emplace(BUNDLE_NAME_MMS, appQuickFix);
66 quickFixChecker.CheckAppQuickFixInfos(infos);
67 infos.emplace(BUNDLE_NAME_DEMO, appQuickFix);
68 quickFixChecker.CheckAppQuickFixInfos(infos);
69
70 ApplicationInfo applicationInfo;
71 GenerateApplicationInfo(fdp, applicationInfo);
72 BundleInfo bundleInfo;
73 GenerateBundleInfo(fdp, bundleInfo);
74 bundleInfo.applicationInfo = applicationInfo;
75 AppqfInfo appqfInfo;
76 appqfInfo.versionCode = QUICK_FIX_VERSION_CODE;
77 appqfInfo.versionName = QUICK_FIX_VERSION_NAME;
78 appqfInfo.type = QuickFixType::PATCH;
79 appqfInfo.nativeLibraryPath = "data/";
80 quickFixChecker.CheckPatchNativeSoWithInstalledBundle(bundleInfo, appqfInfo);
81 appqfInfo.cpuAbi = "arm";
82 bundleInfo.applicationInfo.cpuAbi = "arm";
83 quickFixChecker.CheckPatchNativeSoWithInstalledBundle(bundleInfo, appqfInfo);
84
85 quickFixChecker.CheckCommonWithInstalledBundle(appQuickFix, bundleInfo);
86 BundleInfo installedBundleInfo;
87 installedBundleInfo.name = BUNDLE_NAME_MMS;
88 installedBundleInfo.versionCode = BUNDLE_VERSION_CODE;
89 installedBundleInfo.applicationInfo.appQuickFix = appQuickFix;
90 quickFixChecker.CheckCommonWithInstalledBundle(appQuickFix, bundleInfo);
91 installedBundleInfo.applicationInfo.appQuickFix.versionCode = 1;
92 quickFixChecker.CheckCommonWithInstalledBundle(appQuickFix, bundleInfo);
93
94 Security::Verify::ProvisionInfo provisionInfo;
95 quickFixChecker.CheckPatchWithInstalledBundle(appQuickFix, bundleInfo, provisionInfo);
96
97 quickFixChecker.CheckHotReloadWithInstalledBundle(appQuickFix, bundleInfo);
98
99 quickFixChecker.CheckModuleNameExist(bundleInfo, infos);
100
101 provisionInfo.bundleInfo.apl = bundleInfo.applicationInfo.appPrivilegeLevel;
102 quickFixChecker.CheckSignatureInfo(bundleInfo, provisionInfo);
103 quickFixChecker.CheckSignatureInfo(bundleInfo, provisionInfo);
104
105 quickFixChecker.CheckMultiNativeSo(infos);
106
107 Security::Verify::AppDistType appDistType = Security::Verify::AppDistType::ENTERPRISE;
108 quickFixChecker.GetAppDistributionType(appDistType);
109 Security::Verify::ProvisionType provisionType = Security::Verify::ProvisionType::DEBUG;
110 quickFixChecker.GetAppProvisionType(provisionType);
111 provisionType = Security::Verify::ProvisionType::RELEASE;
112 quickFixChecker.GetAppProvisionType(provisionType);
113 return true;
114 }
115 }
116
117 // Fuzzer entry point.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)118 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
119 {
120 /* Run your code on data */
121 OHOS::DoSomethingInterestingWithMyAPI(data, size);
122 return 0;
123 }
124