1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <fuzzer/FuzzedDataProvider.h>
17
18 #include "datashareserviceimpl_fuzzer.h"
19
20 #include <cstddef>
21 #include <cstdint>
22
23 #include "data_share_service_impl.h"
24 #include "ipc_skeleton.h"
25 #include "message_parcel.h"
26 #include "securec.h"
27
28 using namespace OHOS::DataShare;
29 namespace OHOS {
30
NotifyChangeFuzz(FuzzedDataProvider & provider)31 void NotifyChangeFuzz(FuzzedDataProvider &provider)
32 {
33 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
34 std::string uri = provider.ConsumeRandomLengthString();
35 int32_t userId = provider.ConsumeIntegral<int32_t>();
36 dataShareServiceImpl->NotifyChange(uri, userId);
37 }
38
GetCallerInfoFuzz(FuzzedDataProvider & provider)39 void GetCallerInfoFuzz(FuzzedDataProvider &provider)
40 {
41 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
42 std::string bundleName = "bundlename";
43 int32_t appIndex = provider.ConsumeIntegral<int32_t>();
44 dataShareServiceImpl->GetCallerInfo(bundleName, appIndex);
45 }
46
MakeMetaDataFuzz(FuzzedDataProvider & provider)47 void MakeMetaDataFuzz(FuzzedDataProvider &provider)
48 {
49 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
50 std::string bundleName = provider.ConsumeRandomLengthString();
51 std::string userId = provider.ConsumeRandomLengthString();
52 std::string deviceId = provider.ConsumeRandomLengthString();
53 std::string storeId = provider.ConsumeRandomLengthString();
54 dataShareServiceImpl->MakeMetaData(bundleName, userId, deviceId, storeId);
55 }
56
OnAppUninstallFuzz(FuzzedDataProvider & provider)57 void OnAppUninstallFuzz(FuzzedDataProvider &provider)
58 {
59 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
60 std::string bundleName = provider.ConsumeRandomLengthString();
61 int32_t userId = provider.ConsumeIntegral<int32_t>();
62 int32_t index = provider.ConsumeIntegral<int32_t>();
63 dataShareServiceImpl->OnAppUninstall(bundleName, userId, index);
64 }
65
OnAppUpdateFuzz(FuzzedDataProvider & provider)66 void OnAppUpdateFuzz(FuzzedDataProvider &provider)
67 {
68 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
69 std::string bundleName = provider.ConsumeRandomLengthString();
70 int32_t userId = provider.ConsumeIntegral<int32_t>();
71 int32_t index = provider.ConsumeIntegral<int32_t>();
72 dataShareServiceImpl->OnAppUpdate(bundleName, userId, index);
73 }
74
RegisterObserverFuzz(FuzzedDataProvider & provider)75 void RegisterObserverFuzz(FuzzedDataProvider &provider)
76 {
77 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
78 std::string uri = provider.ConsumeRandomLengthString();
79 sptr<OHOS::IRemoteObject> remoteObj = nullptr;
80 dataShareServiceImpl->RegisterObserver(uri, remoteObj);
81 }
82
UnregisterObserverFuzz(FuzzedDataProvider & provider)83 void UnregisterObserverFuzz(FuzzedDataProvider &provider)
84 {
85 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
86 std::string uri = provider.ConsumeRandomLengthString();
87 sptr<OHOS::IRemoteObject> remoteObj = nullptr;
88 dataShareServiceImpl->UnregisterObserver(uri, remoteObj);
89 }
90
VerifyAcrossAccountsPermissionFuzz(FuzzedDataProvider & provider)91 void VerifyAcrossAccountsPermissionFuzz(FuzzedDataProvider &provider)
92 {
93 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
94 int32_t curId = provider.ConsumeIntegral<int32_t>();
95 int32_t visId = provider.ConsumeIntegral<int32_t>();
96 std::string permission = provider.ConsumeRandomLengthString();
97 uint32_t tokenId = provider.ConsumeIntegral<uint32_t>();
98 dataShareServiceImpl->VerifyAcrossAccountsPermission(curId, visId, permission, tokenId);
99 }
100
CheckAllowListFuzz(FuzzedDataProvider & provider)101 void CheckAllowListFuzz(FuzzedDataProvider &provider)
102 {
103 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
104 uint32_t currentUserId = provider.ConsumeIntegral<uint32_t>();
105 uint32_t callerTokenId = provider.ConsumeIntegral<uint32_t>();
106 std::vector<AllowList> allowLists;
107 AllowList list1;
108 list1.appIdentifier = provider.ConsumeRandomLengthString();
109 list1.onlyMain = provider.ConsumeBool();
110 AllowList list2;
111 list2.appIdentifier = provider.ConsumeRandomLengthString();
112 list2.onlyMain = provider.ConsumeBool();
113 allowLists.push_back(list1);
114 allowLists.push_back(list2);
115 dataShareServiceImpl->CheckAllowList(currentUserId, callerTokenId, allowLists);
116 }
117
ReportExcuteFaultFuzz(FuzzedDataProvider & provider)118 void ReportExcuteFaultFuzz(FuzzedDataProvider &provider)
119 {
120 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
121 uint32_t callingTokenId = provider.ConsumeIntegral<uint32_t>();
122 int32_t errCode = provider.ConsumeIntegral<int32_t>();
123 std::string func = provider.ConsumeRandomLengthString();
124 DataProviderConfig::ProviderInfo providerInfo;
125 providerInfo.moduleName = provider.ConsumeRandomLengthString();
126 providerInfo.bundleName = provider.ConsumeRandomLengthString();
127 providerInfo.storeName = provider.ConsumeRandomLengthString();
128 dataShareServiceImpl->ReportExcuteFault(callingTokenId, providerInfo, errCode, func);
129 }
130
VerifyPermissionFuzz(FuzzedDataProvider & provider)131 void VerifyPermissionFuzz(FuzzedDataProvider &provider)
132 {
133 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
134 std::string bundleName = provider.ConsumeRandomLengthString();
135 std::string permission = provider.ConsumeRandomLengthString();
136 bool isFromExtension = provider.ConsumeBool();
137 int32_t tokenId = provider.ConsumeIntegral<int32_t>();
138 dataShareServiceImpl->VerifyPermission(bundleName, permission, isFromExtension, tokenId);
139 }
140
OnAppExitFuzz(FuzzedDataProvider & provider)141 void OnAppExitFuzz(FuzzedDataProvider &provider)
142 {
143 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
144 pid_t uid = provider.ConsumeIntegral<int32_t>();
145 pid_t pid = provider.ConsumeIntegral<int32_t>();
146 uint32_t tokenId = provider.ConsumeIntegral<uint32_t>();
147 std::string bundleName = provider.ConsumeRandomLengthString();
148 dataShareServiceImpl->OnAppExit(uid, pid, tokenId, bundleName);
149 }
150
DumpDataShareServiceInfoFuzz(FuzzedDataProvider & provider)151 void DumpDataShareServiceInfoFuzz(FuzzedDataProvider &provider)
152 {
153 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
154 int fd = provider.ConsumeIntegral<int>();
155 std::map<std::string, std::vector<std::string>> params;
156 params["key1"] = {"value1", "value2"};
157 params["key2"] = {"val_b1", "val_b2", "val_b3"};
158 dataShareServiceImpl->DumpDataShareServiceInfo(fd, params);
159 }
160
DataShareStaticOnClearAppStorageFuzz(FuzzedDataProvider & provider)161 void DataShareStaticOnClearAppStorageFuzz(FuzzedDataProvider &provider)
162 {
163 DataShareServiceImpl::DataShareStatic dataShareStatic;
164 std::string bundleName = provider.ConsumeRandomLengthString();
165 int32_t userId = provider.ConsumeIntegral<int32_t>();
166 int32_t index = provider.ConsumeIntegral<int32_t>();
167 int32_t tokenId = provider.ConsumeIntegral<int32_t>();
168 dataShareStatic.OnClearAppStorage(bundleName, userId, index, tokenId);
169 }
170
TimerReceiverOnReceiveEventFuzz(FuzzedDataProvider & provider)171 void TimerReceiverOnReceiveEventFuzz(FuzzedDataProvider &provider)
172 {
173 DataShareServiceImpl::TimerReceiver tmerReceiver;
174 EventFwk::Want want;
175 EventFwk::CommonEventData commonEventData(want);
176 commonEventData.SetWant(want);
177 tmerReceiver.OnReceiveEvent(commonEventData);
178 }
179
OnUserChangeFuzz(FuzzedDataProvider & provider)180 void OnUserChangeFuzz(FuzzedDataProvider &provider)
181 {
182 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
183 uint32_t code = provider.ConsumeIntegralInRange<uint32_t>(0, 10);
184 std::string user = provider.ConsumeRandomLengthString();
185 std::string account = provider.ConsumeRandomLengthString();
186 dataShareServiceImpl->OnUserChange(code, user, account);
187 }
188
DataShareStaticOnAppUninstall(FuzzedDataProvider & provider)189 void DataShareStaticOnAppUninstall(FuzzedDataProvider &provider)
190 {
191 DataShareServiceImpl::DataShareStatic dataShareStatic;
192 std::string bundleName = provider.ConsumeRandomLengthString();
193 int32_t user = provider.ConsumeIntegral<int32_t>();
194 int32_t index = provider.ConsumeIntegral<int32_t>();
195 dataShareStatic.OnAppUninstall(bundleName, user, index);
196 }
197
AllowCleanDataLaunchAppFuzz(FuzzedDataProvider & provider)198 void AllowCleanDataLaunchAppFuzz(FuzzedDataProvider &provider)
199 {
200 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
201 int32_t evtId = provider.ConsumeIntegral<int32_t>();
202 DistributedData::RemoteChangeEvent::DataInfo dataInfo;
203 dataInfo.userId = provider.ConsumeRandomLengthString();
204 dataInfo.storeId = provider.ConsumeRandomLengthString();
205 dataInfo.deviceId = provider.ConsumeRandomLengthString();
206 dataInfo.bundleName = provider.ConsumeRandomLengthString();
207 DistributedData::RemoteChangeEvent event(evtId, std::move(dataInfo));
208 bool launchForCleanData = provider.ConsumeBool();
209 dataShareServiceImpl->AllowCleanDataLaunchApp(event, launchForCleanData);
210 }
211
AutoLaunchFuzz(FuzzedDataProvider & provider)212 void AutoLaunchFuzz(FuzzedDataProvider &provider)
213 {
214 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
215 int32_t evtId = provider.ConsumeIntegral<int32_t>();
216 DistributedData::RemoteChangeEvent::DataInfo dataInfo;
217 dataInfo.userId = provider.ConsumeRandomLengthString();
218 dataInfo.storeId = provider.ConsumeRandomLengthString();
219 dataInfo.deviceId = provider.ConsumeRandomLengthString();
220 dataInfo.bundleName = provider.ConsumeRandomLengthString();
221 DistributedData::RemoteChangeEvent event(evtId, std::move(dataInfo));
222 dataShareServiceImpl->AutoLaunch(event);
223 }
224
UpdateExFuzz(FuzzedDataProvider & provider)225 void UpdateExFuzz(FuzzedDataProvider &provider)
226 {
227 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
228 std::string uri = provider.ConsumeRandomLengthString();
229 std::string extUri = provider.ConsumeRandomLengthString();
230 DataSharePredicates predicates;
231 DataShareValuesBucket valuesBucket;
232 std::string key1 = provider.ConsumeRandomLengthString();
233 std::string key2 = provider.ConsumeRandomLengthString();
234 std::string key3 = provider.ConsumeRandomLengthString();
235 std::string key4 = provider.ConsumeRandomLengthString();
236 int valueInt = provider.ConsumeIntegral<int>();
237 float valueFloat = provider.ConsumeFloatingPoint<float>();
238 std::string valueStr = provider.ConsumeRandomLengthString();
239 bool valueBool = provider.ConsumeBool();
240 valuesBucket.valuesMap[key1] = valueInt;
241 valuesBucket.valuesMap[key2] = valueFloat;
242 valuesBucket.valuesMap[key3] = valueStr;
243 valuesBucket.valuesMap[key4] = valueBool;
244 dataShareServiceImpl->UpdateEx(uri, extUri, predicates, valuesBucket);
245 }
246
DeleteExFuzz(FuzzedDataProvider & provider)247 void DeleteExFuzz(FuzzedDataProvider &provider)
248 {
249 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
250 std::string uri = provider.ConsumeRandomLengthString();
251 std::string extUri = provider.ConsumeRandomLengthString();
252 DataSharePredicates predicates;
253 dataShareServiceImpl->DeleteEx(uri, extUri, predicates);
254 }
255
DelTemplateFuzz(FuzzedDataProvider & provider)256 void DelTemplateFuzz(FuzzedDataProvider &provider)
257 {
258 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
259 std::string uri = provider.ConsumeRandomLengthString();
260 int64_t subscriberId = provider.ConsumeIntegral<int64_t>();
261 dataShareServiceImpl->DelTemplate(uri, subscriberId);
262 }
263
PublishFuzz(FuzzedDataProvider & provider)264 void PublishFuzz(FuzzedDataProvider &provider)
265 {
266 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
267 Data data;
268 std::string bundleNameOfProvider = provider.ConsumeRandomLengthString();
269 dataShareServiceImpl->Publish(data, bundleNameOfProvider);
270 }
271
SubscribeRdbDataFuzz(FuzzedDataProvider & provider)272 void SubscribeRdbDataFuzz(FuzzedDataProvider &provider)
273 {
274 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
275 uint8_t len = provider.ConsumeIntegral<uint8_t>();
276 std::vector<std::string> uris(len);
277 for (int i = 0; i < len; i++) {
278 std::string uri = provider.ConsumeRandomLengthString();
279 uris[i] = uri;
280 }
281 TemplateId id;
282 id.subscriberId_ = provider.ConsumeIntegral<int64_t>();
283 id.bundleName_ = provider.ConsumeRandomLengthString();
284 sptr<IDataProxyRdbObserver> observer;
285 dataShareServiceImpl->SubscribeRdbData(uris, id, observer);
286 }
287
EnableRdbSubsFuzz(FuzzedDataProvider & provider)288 void EnableRdbSubsFuzz(FuzzedDataProvider &provider)
289 {
290 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
291 uint8_t len = provider.ConsumeIntegral<uint8_t>();
292 std::vector<std::string> uris(len);
293 for (int i = 0; i < len; i++) {
294 std::string uri = provider.ConsumeRandomLengthString();
295 uris[i] = uri;
296 }
297 TemplateId id;
298 id.subscriberId_ = provider.ConsumeIntegral<int64_t>();
299 id.bundleName_ = provider.ConsumeRandomLengthString();
300 dataShareServiceImpl->EnableRdbSubs(uris, id);
301 }
302
SubscribePublishedDataFuzz(FuzzedDataProvider & provider)303 void SubscribePublishedDataFuzz(FuzzedDataProvider &provider)
304 {
305 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
306 uint8_t len = provider.ConsumeIntegral<uint8_t>();
307 std::vector<std::string> uris(len);
308 for (int i = 0; i < len; i++) {
309 std::string uri = provider.ConsumeRandomLengthString();
310 uris[i] = uri;
311 }
312 int64_t subscriberId = provider.ConsumeIntegral<int64_t>();
313 sptr<IDataProxyPublishedDataObserver> observer;
314 dataShareServiceImpl->SubscribePublishedData(uris, subscriberId, observer);
315 }
316
DisablePubSubsFuzz(FuzzedDataProvider & provider)317 void DisablePubSubsFuzz(FuzzedDataProvider &provider)
318 {
319 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
320 uint8_t len = provider.ConsumeIntegral<uint8_t>();
321 std::vector<std::string> uris(len);
322 for (int i = 0; i < len; i++) {
323 std::string uri = provider.ConsumeRandomLengthString();
324 uris[i] = uri;
325 }
326 int64_t subscriberId = provider.ConsumeIntegral<int64_t>();
327 dataShareServiceImpl->DisablePubSubs(uris, subscriberId);
328 }
329
SaveLaunchInfoFuzz(FuzzedDataProvider & provider)330 void SaveLaunchInfoFuzz(FuzzedDataProvider &provider)
331 {
332 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
333 std::string userId = provider.ConsumeRandomLengthString();
334 std::string deviceId = provider.ConsumeRandomLengthString();
335 std::string bundleName = provider.ConsumeRandomLengthString();
336 dataShareServiceImpl->SaveLaunchInfo(bundleName, userId, deviceId);
337 }
338
OnConnectDoneFuzz(FuzzedDataProvider & provider)339 void OnConnectDoneFuzz(FuzzedDataProvider &provider)
340 {
341 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
342 dataShareServiceImpl->OnConnectDone();
343 }
344
DataShareStaticOnAppUpdate(FuzzedDataProvider & provider)345 void DataShareStaticOnAppUpdate(FuzzedDataProvider &provider)
346 {
347 DataShareServiceImpl::DataShareStatic dataShareStatic;
348 std::string bundleName = provider.ConsumeRandomLengthString();
349 int32_t user = provider.ConsumeIntegral<int32_t>();
350 int32_t index = provider.ConsumeIntegral<int32_t>();
351 dataShareStatic.OnAppUpdate(bundleName, user, index);
352 }
353
EnableSilentProxyFuzz(FuzzedDataProvider & provider)354 void EnableSilentProxyFuzz(FuzzedDataProvider &provider)
355 {
356 std::shared_ptr<DataShareServiceImpl> dataShareServiceImpl = std::make_shared<DataShareServiceImpl>();
357 std::string uri = provider.ConsumeRandomLengthString();
358 bool enable = provider.ConsumeBool();
359 dataShareServiceImpl->EnableSilentProxy(uri, enable);
360 }
361 } // namespace OHOS
362
363 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)364 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
365 {
366 FuzzedDataProvider provider(data, size);
367 OHOS::NotifyChangeFuzz(provider);
368 OHOS::GetCallerInfoFuzz(provider);
369 OHOS::MakeMetaDataFuzz(provider);
370 OHOS::OnAppUninstallFuzz(provider);
371 OHOS::OnAppUpdateFuzz(provider);
372 OHOS::RegisterObserverFuzz(provider);
373 OHOS::UnregisterObserverFuzz(provider);
374 OHOS::VerifyAcrossAccountsPermissionFuzz(provider);
375 OHOS::CheckAllowListFuzz(provider);
376 OHOS::ReportExcuteFaultFuzz(provider);
377 OHOS::VerifyPermissionFuzz(provider);
378 OHOS::OnAppExitFuzz(provider);
379 OHOS::DumpDataShareServiceInfoFuzz(provider);
380 OHOS::DataShareStaticOnClearAppStorageFuzz(provider);
381 OHOS::TimerReceiverOnReceiveEventFuzz(provider);
382 OHOS::OnUserChangeFuzz(provider);
383 OHOS::DataShareStaticOnAppUninstall(provider);
384 OHOS::AllowCleanDataLaunchAppFuzz(provider);
385 OHOS::AutoLaunchFuzz(provider);
386 OHOS::UpdateExFuzz(provider);
387 OHOS::DeleteExFuzz(provider);
388 OHOS::DelTemplateFuzz(provider);
389 OHOS::PublishFuzz(provider);
390 OHOS::SubscribeRdbDataFuzz(provider);
391 OHOS::EnableRdbSubsFuzz(provider);
392 OHOS::SubscribePublishedDataFuzz(provider);
393 OHOS::DisablePubSubsFuzz(provider);
394 OHOS::SaveLaunchInfoFuzz(provider);
395 OHOS::OnConnectDoneFuzz(provider);
396 OHOS::DataShareStaticOnAppUpdate(provider);
397 OHOS::EnableSilentProxyFuzz(provider);
398 return 0;
399 }