• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2025 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #define private public
17 #include <cstddef>
18 #include <cstdint>
19 #include <fuzzer/FuzzedDataProvider.h>
20 
21 #include "parcel.h"
22 
23 #include "bmsquickfixdeployer_fuzzer.h"
24 #include "bms_fuzztest_util.h"
25 #include "quick_fix_deployer.h"
26 #include "securec.h"
27 #include "inner_bundle_info.h"
28 
29 using namespace OHOS::AppExecFwk;
30 using namespace OHOS::AppExecFwk::BMSFuzzTestUtil;
31 namespace OHOS {
32 constexpr size_t U32_AT_SIZE = 4;
33 const std::string BUNDLE_NAME_MMS = "com.ohos.mms";
34 const std::string MODULE_NAME = "entry";
35 const uint32_t QUICK_FIX_VERSION_CODE = 1;
36 const uint32_t BUNDLE_VERSION_CODE = 1;
37 const std::string QUICK_FIX_VERSION_NAME = "1.0";
38 const std::string BUNDLE_VERSION_NAME = "1.0";
CreateAppQuickFix()39 AppQuickFix CreateAppQuickFix()
40 {
41     AppqfInfo appInfo;
42     appInfo.versionCode = QUICK_FIX_VERSION_CODE;
43     appInfo.versionName = QUICK_FIX_VERSION_NAME;
44     appInfo.type = QuickFixType::PATCH;
45     appInfo.nativeLibraryPath = "data/";
46     HqfInfo hqfInfo;
47     hqfInfo.moduleName = "entry";
48     hqfInfo.type = QuickFixType::PATCH;
49     hqfInfo.nativeLibraryPath = "data/";
50     appInfo.hqfInfos.push_back(hqfInfo);
51     AppQuickFix appQuickFix;
52     appQuickFix.bundleName = BUNDLE_NAME_MMS;
53     appQuickFix.versionCode = BUNDLE_VERSION_CODE;
54     appQuickFix.versionName = BUNDLE_VERSION_NAME;
55     appQuickFix.deployingAppqfInfo = appInfo;
56     return appQuickFix;
57 }
58 
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)59 bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)
60 {
61     FuzzedDataProvider fdp(data, size);
62     std::string targetPath = fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH);
63     nlohmann::json jsonObject;
64     std::vector<std::string> bundlePaths;
65     QuickFixDeployer quickFixDeployer(bundlePaths, false, targetPath);
66     quickFixDeployer.GetDeployQuickFixResult();
67     quickFixDeployer.DeployQuickFix();
68 
69     InnerAppQuickFix oldInnerAppQuickFix;
70     InnerAppQuickFix newInnerAppQuickFix;
71     std::vector<std::string> bundleFilePaths;
72     bundleFilePaths.push_back(targetPath);
73 
74     quickFixDeployer.ToDeployStartStatus(bundleFilePaths, newInnerAppQuickFix, oldInnerAppQuickFix);
75 
76     const AppQuickFix appQuickFix = CreateAppQuickFix();
77     quickFixDeployer.ToDeployQuickFixResult(appQuickFix);
78 
79     BundleInfo bundleInfo;
80     std::unordered_map<std::string, AppQuickFix> infos;
81     quickFixDeployer.ProcessPatchDeployStart(bundleFilePaths, bundleInfo, infos);
82     infos.emplace(BUNDLE_NAME_MMS, appQuickFix);
83     quickFixDeployer.ProcessPatchDeployStart(bundleFilePaths, bundleInfo, infos);
84 
85     quickFixDeployer.ProcessHotReloadDeployStart(bundleInfo, appQuickFix);
86 
87     quickFixDeployer.ToDeployEndStatus(newInnerAppQuickFix, oldInnerAppQuickFix);
88 
89     QuickFixMark mark;
90     mark.bundleName = appQuickFix.bundleName;
91     mark.status = QuickFixStatus::DEPLOY_START;
92     InnerAppQuickFix innerAppQuickFix(appQuickFix, mark);
93     quickFixDeployer.ProcessNativeLibraryPath(targetPath, innerAppQuickFix);
94 
95     quickFixDeployer.isReplace_ = true;
96     std::string nativeLibraryPath;
97     quickFixDeployer.ProcessNativeLibraryPath(targetPath, innerAppQuickFix, nativeLibraryPath);
98 
99     quickFixDeployer.ProcessPatchDeployEnd(appQuickFix, targetPath);
100     quickFixDeployer.ProcessHotReloadDeployEnd(appQuickFix, targetPath);
101     quickFixDeployer.ParseAndCheckAppQuickFixInfos(bundleFilePaths, infos);
102     quickFixDeployer.ResetNativeSoAttrs(infos);
103 
104     quickFixDeployer.IsLibIsolated(BUNDLE_NAME_MMS, MODULE_NAME);
105 
106     InnerBundleInfo innerBundleInfo;
107     quickFixDeployer.FetchInnerBundleInfo(BUNDLE_NAME_MMS, innerBundleInfo);
108     AppqfInfo appqfInfo;
109     HqfInfo hqfInfo;
110     std::string cpuAbi;
111     quickFixDeployer.FetchPatchNativeSoAttrs(appqfInfo, hqfInfo, true, nativeLibraryPath, cpuAbi);
112     quickFixDeployer.FetchPatchNativeSoAttrs(appqfInfo, hqfInfo, false, nativeLibraryPath, cpuAbi);
113 
114     quickFixDeployer.HasNativeSoInBundle(appQuickFix);
115     quickFixDeployer.GetBundleInfo(BUNDLE_NAME_MMS, bundleInfo);
116     quickFixDeployer.ToInnerAppQuickFix(infos, oldInnerAppQuickFix, newInnerAppQuickFix);
117 
118     AppQuickFix newAppQuickFix = CreateAppQuickFix();
119     AppQuickFix oldAppQuickFix = CreateAppQuickFix();
120     quickFixDeployer.CheckPatchVersionCode(newAppQuickFix, oldAppQuickFix);
121 
122     quickFixDeployer.SaveAppQuickFix(innerAppQuickFix);
123     quickFixDeployer.MoveHqfFiles(innerAppQuickFix, targetPath);
124     quickFixDeployer.GetDeployQuickFixResult();
125     quickFixDeployer.GetQuickFixDataMgr();
126     quickFixDeployer.SaveToInnerBundleInfo(newInnerAppQuickFix);
127 
128     std::vector<std::string> realPaths;
129     quickFixDeployer.ProcessBundleFilePaths(bundleFilePaths, realPaths);
130     quickFixDeployer.SendQuickFixSystemEvent(innerBundleInfo);
131     quickFixDeployer.ExtractQuickFixSoFile(appQuickFix, "", bundleInfo);
132     quickFixDeployer.ExtractSoAndApplyDiff(appQuickFix, bundleInfo, "");
133     std::string tmpSoPath;
134     quickFixDeployer.ExtractSoFiles(bundleInfo, "", tmpSoPath);
135 
136     quickFixDeployer.ProcessApplyDiffPatch(appQuickFix, hqfInfo, "", "", 0);
137 
138     quickFixDeployer.ExtractEncryptedSoFiles(bundleInfo, MODULE_NAME, 0, tmpSoPath);
139     CodeSignatureParam codeSignatureParam;
140     quickFixDeployer.PrepareCodeSignatureParam(appQuickFix, hqfInfo, bundleInfo, "", codeSignatureParam);
141 
142     quickFixDeployer.VerifyCodeSignatureForHqf(innerAppQuickFix, "");
143     quickFixDeployer.CheckHqfResourceIsValid(bundleFilePaths, bundleInfo);
144     quickFixDeployer.CheckReplaceMode(appQuickFix, bundleInfo);
145     quickFixDeployer.ExtractQuickFixResFile(appQuickFix, bundleInfo);
146     return true;
147 }
148 }
149 
150 // Fuzzer entry point.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)151 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
152 {
153     /* Run your code on data */
154     OHOS::DoSomethingInterestingWithMyAPI(data, size);
155     return 0;
156 }
157