• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2025 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "dataabilityrecordsecond_fuzzer.h"
17 
18 #include <cstddef>
19 #include <cstdint>
20 #include <fuzzer/FuzzedDataProvider.h>
21 
22 #define private public
23 #include "data_ability_record.h"
24 #undef private
25 
26 #include "ability_fuzz_util.h"
27 
28 using namespace std::chrono;
29 using namespace OHOS::AAFwk;
30 using namespace OHOS::AppExecFwk;
31 
32 namespace OHOS {
33 namespace {
34 constexpr size_t STRING_MAX_LENGTH = 128;
35 }
36 class IRemoteObjectFuzz : public IRemoteObject {
37 public:
IRemoteObjectFuzz()38     IRemoteObjectFuzz() : IRemoteObject {u"IRemoteObjectFuzz"}
39     {
40     }
41 
~IRemoteObjectFuzz()42     ~IRemoteObjectFuzz()
43     {
44     }
45 
GetObjectRefCount()46     int32_t GetObjectRefCount()
47     {
48         return 0;
49     }
50 
SendRequest(uint32_t code,MessageParcel & data,MessageParcel & reply,MessageOption & option)51     int SendRequest(uint32_t code, MessageParcel& data, MessageParcel& reply, MessageOption& option)
52     {
53         return 0;
54     }
55 
IsProxyObject() const56     bool IsProxyObject() const
57     {
58         return true;
59     }
60 
CheckObjectLegality() const61     bool CheckObjectLegality() const
62     {
63         return true;
64     }
65 
AddDeathRecipient(const sptr<DeathRecipient> & recipient)66     bool AddDeathRecipient(const sptr<DeathRecipient>& recipient)
67     {
68         return true;
69     }
70 
RemoveDeathRecipient(const sptr<DeathRecipient> & recipient)71     bool RemoveDeathRecipient(const sptr<DeathRecipient>& recipient)
72     {
73         return true;
74     }
75 
AsInterface()76     sptr<IRemoteBroker> AsInterface()
77     {
78         return nullptr;
79     }
80 
Dump(int fd,const std::vector<std::u16string> & args)81     int Dump(int fd, const std::vector<std::u16string>& args)
82     {
83         return 0;
84     }
85 };
86 
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)87 bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)
88 {
89     AbilityRequest abilityRequest;
90     abilityRequest.appInfo.bundleName = "com.example.fuzzTest";
91     abilityRequest.abilityInfo.name = "MainAbility";
92     abilityRequest.abilityInfo.type = AbilityType::DATA;
93     auto dataAbilityRecord = std::make_shared<DataAbilityRecord>(abilityRequest);
94     ffrt::mutex mutex;
95     system_clock::duration timeout = 800ms;
96     sptr<IAbilityScheduler> scheduler;
97     int state;
98     sptr<IRemoteObject> client;
99     bool tryBind;
100     bool isNotHap;
101     std::shared_ptr<AbilityRecord> abilityRecordClient;
102     std::vector<std::string> info;
103     wptr<IRemoteObject> remote;
104     sptr<IRemoteObject> callerRemote;
105     FuzzedDataProvider fdp(data, size);
106     state = fdp.ConsumeIntegral<int>();
107     tryBind = fdp.ConsumeBool();
108     isNotHap = fdp.ConsumeBool();
109     info = AbilityFuzzUtil::GenerateStringArray(fdp);
110 
111     dataAbilityRecord->AddClient(client, tryBind, isNotHap);
112     dataAbilityRecord->StartLoading();
113     dataAbilityRecord->GetScheduler();
114     dataAbilityRecord->AddClient(client, tryBind, isNotHap);
115     dataAbilityRecord->GetClientCount(client);
116     dataAbilityRecord->Dump();
117     dataAbilityRecord->Dump(info);
118     dataAbilityRecord->RemoveClient(client, isNotHap);
119     dataAbilityRecord->RemoveClients(abilityRecordClient);
120     dataAbilityRecord->KillBoundClientProcesses();
121     client = new IRemoteObjectFuzz();
122     dataAbilityRecord->AddClient(client, tryBind, isNotHap);
123     dataAbilityRecord->GetClientCount(client);
124     dataAbilityRecord->Dump();
125     dataAbilityRecord->Dump(info);
126     dataAbilityRecord->RemoveClient(client, isNotHap);
127     dataAbilityRecord->RemoveClients(abilityRecordClient);
128     dataAbilityRecord->KillBoundClientProcesses();
129     DelayedSingleton<AppScheduler>::GetInstance();
130     dataAbilityRecord->AddClient(client, tryBind, isNotHap);
131     dataAbilityRecord->GetClientCount(client);
132     dataAbilityRecord->Dump();
133     dataAbilityRecord->Dump(info);
134     dataAbilityRecord->KillBoundClientProcesses();
135     dataAbilityRecord->GetRequest();
136     dataAbilityRecord->GetAbilityRecord();
137     dataAbilityRecord->GetToken();
138     dataAbilityRecord->GetDiedCallerPid(callerRemote);
139     return true;
140 }
141 }
142 
143 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)144 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
145 {
146     // Run your code on data.
147     OHOS::DoSomethingInterestingWithMyAPI(data, size);
148     return 0;
149 }