1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "dbinderservicenew_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <fuzzer/FuzzedDataProvider.h>
21 #include "dbinder_service.h"
22 #include "dbinder_service_stub.h"
23 #include "string_ex.h"
24
25 namespace OHOS {
26 const static size_t MAX_STRING_PARAM_LEN = 100;
27 class TestRpcSystemAbilityCallback : public RpcSystemAbilityCallback {
28 public:
GetSystemAbilityFromRemote(int32_t systemAbilityId)29 sptr<IRemoteObject> GetSystemAbilityFromRemote(int32_t systemAbilityId) override
30 {
31 return nullptr;
32 }
33
LoadSystemAbilityFromRemote(const std::string & srcNetworkId,int32_t systemAbilityId)34 bool LoadSystemAbilityFromRemote(const std::string& srcNetworkId, int32_t systemAbilityId) override
35 {
36 return isLoad_;
37 }
IsDistributedSystemAbility(int32_t systemAbilityId)38 bool IsDistributedSystemAbility(int32_t systemAbilityId) override
39 {
40 return isSystemAbility_;
41 }
42 bool isSystemAbility_ = true;
43 bool isLoad_ = true;
44 };
45
46 class TestDeathRecipient : public IRemoteObject::DeathRecipient {
47 public:
TestDeathRecipient()48 TestDeathRecipient() {}
~TestDeathRecipient()49 virtual ~TestDeathRecipient() {}
OnRemoteDied(const wptr<IRemoteObject> & object)50 void OnRemoteDied(const wptr<IRemoteObject>& object) override {}
51 };
52
OnRemoteMessageTaskTest(FuzzedDataProvider & provider)53 void OnRemoteMessageTaskTest(FuzzedDataProvider &provider)
54 {
55 std::shared_ptr<struct DHandleEntryTxRx> handleEntry = std::make_shared<struct DHandleEntryTxRx>();
56 if (handleEntry == nullptr) {
57 return;
58 }
59 handleEntry->head.len = sizeof(DHandleEntryTxRx);
60 handleEntry->head.version = provider.ConsumeIntegral<uint32_t>();
61 handleEntry->dBinderCode = provider.ConsumeIntegral<uint32_t>();
62 OHOS::DBinderService dBinderService;
63 dBinderService.OnRemoteMessageTask(handleEntry);
64 handleEntry->dBinderCode = DBinderCode::MESSAGE_AS_INVOKER;
65 dBinderService.OnRemoteMessageTask(handleEntry);
66 handleEntry->dBinderCode = DBinderCode::MESSAGE_AS_OBITUARY;
67 dBinderService.OnRemoteMessageTask(handleEntry);
68 }
69
StartDBinderServiceTest(FuzzedDataProvider & provider)70 void StartDBinderServiceTest(FuzzedDataProvider &provider)
71 {
72 OHOS::DBinderService dBinderService;
73 std::shared_ptr<RpcSystemAbilityCallback> callbackImpl = nullptr;
74 dBinderService.StartDBinderService(callbackImpl);
75 callbackImpl = std::make_shared<TestRpcSystemAbilityCallback>();
76 if (callbackImpl == nullptr) {
77 return;
78 }
79 int32_t systemAbilityId = provider.ConsumeIntegral<int32_t>();
80 callbackImpl->IsDistributedSystemAbility(systemAbilityId);
81
82 dBinderService.StartDBinderService(callbackImpl);
83 }
84
AddStubByTagTest(FuzzedDataProvider & provider)85 void AddStubByTagTest(FuzzedDataProvider &provider)
86 {
87 const std::u16string serviceName = Str8ToStr16(provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN));
88 const std::string deviceID = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
89 binder_uintptr_t binderObject = static_cast<binder_uintptr_t>(provider.ConsumeIntegral<uint64_t>());
90 sptr<DBinderServiceStub> stub = new (std::nothrow) DBinderServiceStub(serviceName, deviceID, binderObject);
91 if (stub == nullptr) {
92 return;
93 }
94 binder_uintptr_t binderObjectPtr = reinterpret_cast<binder_uintptr_t>(stub.GetRefPtr());
95 OHOS::DBinderService dBinderService;
96 dBinderService.AddStubByTag(binderObjectPtr);
97 }
98
CheckBinderObject1Test(FuzzedDataProvider & provider)99 void CheckBinderObject1Test(FuzzedDataProvider &provider)
100 {
101 const std::u16string serviceName = Str8ToStr16(provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN));
102 const std::string deviceID = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
103 binder_uintptr_t binderObject = static_cast<binder_uintptr_t>(provider.ConsumeIntegral<uint64_t>());
104 sptr<DBinderServiceStub> stub = new (std::nothrow) DBinderServiceStub(serviceName, deviceID, binderObject);
105 if (stub == nullptr) {
106 return;
107 }
108 binder_uintptr_t binderObjectPtr = reinterpret_cast<binder_uintptr_t>(stub.GetRefPtr());
109 OHOS::DBinderService dBinderService;
110 dBinderService.CheckBinderObject(stub, binderObjectPtr);
111 }
112
CheckBinderObject2Test(FuzzedDataProvider & provider)113 void CheckBinderObject2Test(FuzzedDataProvider &provider)
114 {
115 const std::u16string serviceName = Str8ToStr16(provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN));
116 const std::string deviceID = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
117 binder_uintptr_t binderObject = static_cast<binder_uintptr_t>(provider.ConsumeIntegral<uint64_t>());
118 sptr<DBinderServiceStub> stub = new (std::nothrow) DBinderServiceStub(serviceName, deviceID, binderObject);
119 if (stub == nullptr) {
120 return;
121 }
122 OHOS::DBinderService dBinderService;
123 dBinderService.CheckBinderObject(stub, binderObject);
124 }
125
HasDBinderStubTest(FuzzedDataProvider & provider)126 void HasDBinderStubTest(FuzzedDataProvider &provider)
127 {
128 const std::u16string serviceName = Str8ToStr16(provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN));
129 const std::string deviceID = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
130 binder_uintptr_t binderObject = static_cast<binder_uintptr_t>(provider.ConsumeIntegral<uint64_t>());
131 sptr<DBinderServiceStub> stub = new (std::nothrow) DBinderServiceStub(serviceName, deviceID, binderObject);
132 if (stub == nullptr) {
133 return;
134 }
135 binder_uintptr_t binderObjectPtr = reinterpret_cast<binder_uintptr_t>(stub.GetRefPtr());
136 OHOS::DBinderService dBinderService;
137 dBinderService.HasDBinderStub(binderObjectPtr);
138 }
139
IsSameStubObject1Test(FuzzedDataProvider & provider)140 void IsSameStubObject1Test(FuzzedDataProvider &provider)
141 {
142 const std::u16string serviceName = Str8ToStr16(provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN));
143 const std::string deviceID = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
144 binder_uintptr_t binderObject = static_cast<binder_uintptr_t>(provider.ConsumeIntegral<uint64_t>());
145 sptr<DBinderServiceStub> stub = new (std::nothrow) DBinderServiceStub(serviceName, deviceID, binderObject);
146 if (stub == nullptr) {
147 return;
148 }
149 OHOS::DBinderService dBinderService;
150 dBinderService.IsSameStubObject(stub, serviceName, deviceID);
151 }
152
IsSameStubObject2Test(FuzzedDataProvider & provider)153 void IsSameStubObject2Test(FuzzedDataProvider &provider)
154 {
155 std::u16string serviceName = Str8ToStr16(provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN));
156 std::string deviceID = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
157 sptr<DBinderServiceStub> stub = nullptr;
158 OHOS::DBinderService dBinderService;
159 dBinderService.IsSameStubObject(stub, serviceName, deviceID);
160 }
161
FindDBinderStubTest(FuzzedDataProvider & provider)162 void FindDBinderStubTest(FuzzedDataProvider &provider)
163 {
164 std::u16string serviceName = Str8ToStr16(provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN));
165 std::string device = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
166 OHOS::DBinderService dBinderService;
167 dBinderService.FindDBinderStub(serviceName, device);
168 }
169
DeleteDBinderStubTest(FuzzedDataProvider & provider)170 void DeleteDBinderStubTest(FuzzedDataProvider &provider)
171 {
172 std::u16string serviceName = Str8ToStr16(provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN));
173 std::string device = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
174 OHOS::DBinderService dBinderService;
175 dBinderService.DeleteDBinderStub(serviceName, device);
176 }
177
FindOrNewDBinderStubTest(FuzzedDataProvider & provider)178 void FindOrNewDBinderStubTest(FuzzedDataProvider &provider)
179 {
180 std::u16string serviceName = Str8ToStr16(provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN));
181 std::string device = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
182 binder_uintptr_t binderObject = static_cast<binder_uintptr_t>(provider.ConsumeIntegral<uint64_t>());
183 uint32_t pid = provider.ConsumeIntegral<uint32_t>();
184 uint32_t uid = provider.ConsumeIntegral<uint32_t>();
185 bool isNew = false;
186 OHOS::DBinderService dBinderService;
187 dBinderService.FindOrNewDBinderStub(serviceName, device, binderObject, pid, uid, isNew);
188 }
189
MakeRemoteBinderTest(FuzzedDataProvider & provider)190 void MakeRemoteBinderTest(FuzzedDataProvider &provider)
191 {
192 std::u16string serviceName = Str8ToStr16(provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN));
193 std::string deviceID = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
194 binder_uintptr_t binderObject = static_cast<binder_uintptr_t>(provider.ConsumeIntegral<uint64_t>());
195 uint32_t pid = provider.ConsumeIntegral<uint32_t>();
196 uint32_t uid = provider.ConsumeIntegral<uint32_t>();
197 OHOS::DBinderService dBinderService;
198 dBinderService.MakeRemoteBinder(serviceName, deviceID, binderObject, pid, uid);
199 }
200
CheckDeviceIDsInvalidTest(FuzzedDataProvider & provider)201 void CheckDeviceIDsInvalidTest(FuzzedDataProvider &provider)
202 {
203 std::string deviceID = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
204 std::string localDevID = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
205 OHOS::DBinderService dBinderService;
206 dBinderService.CheckDeviceIDsInvalid(deviceID, localDevID);
207 }
208
CopyDeviceIDsToMessageTest(FuzzedDataProvider & provider)209 void CopyDeviceIDsToMessageTest(FuzzedDataProvider &provider)
210 {
211 std::string deviceID = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
212 std::string localDevID = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
213 auto message = std::make_shared<struct DHandleEntryTxRx>();
214 if (message == nullptr) {
215 return;
216 }
217 OHOS::DBinderService dBinderService;
218 dBinderService.CopyDeviceIDsToMessage(message, localDevID, deviceID);
219 }
220
CreateMessageTest(FuzzedDataProvider & provider)221 void CreateMessageTest(FuzzedDataProvider &provider)
222 {
223 const std::u16string serviceName = Str8ToStr16(provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN));
224 const std::string deviceID = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
225 binder_uintptr_t binderObject = static_cast<binder_uintptr_t>(provider.ConsumeIntegral<uint64_t>());
226 sptr<DBinderServiceStub> stub = new (std::nothrow) DBinderServiceStub(serviceName, deviceID, binderObject);
227 if (stub == nullptr) {
228 return;
229 }
230 uint32_t seqNumber = provider.ConsumeIntegral<uint32_t>();
231 uint32_t pid = provider.ConsumeIntegral<uint32_t>();
232 uint32_t uid = provider.ConsumeIntegral<uint32_t>();
233 OHOS::DBinderService dBinderService;
234 dBinderService.CreateMessage(stub, seqNumber, pid, uid);
235 }
236
SendEntryToRemoteTest(FuzzedDataProvider & provider)237 void SendEntryToRemoteTest(FuzzedDataProvider &provider)
238 {
239 OHOS::DBinderService dBinderService;
240 const std::u16string serviceName = Str8ToStr16(provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN));
241 const std::string deviceID = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
242 binder_uintptr_t binderObject = static_cast<binder_uintptr_t>(provider.ConsumeIntegral<uint64_t>());
243 sptr<DBinderServiceStub> stub = new (std::nothrow) DBinderServiceStub(serviceName, deviceID, binderObject);
244 if (stub == nullptr) {
245 return;
246 }
247 uint32_t seqNumber = provider.ConsumeIntegral<uint32_t>();
248 uint32_t pid = provider.ConsumeIntegral<uint32_t>();
249 uint32_t uid = provider.ConsumeIntegral<uint32_t>();
250 dBinderService.SendEntryToRemote(stub, seqNumber, pid, uid);
251 }
252
InvokerRemoteDBinderTest(FuzzedDataProvider & provider)253 void InvokerRemoteDBinderTest(FuzzedDataProvider &provider)
254 {
255 const std::u16string serviceName = Str8ToStr16(provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN));
256 const std::string deviceID = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
257 binder_uintptr_t binderObject = static_cast<binder_uintptr_t>(provider.ConsumeIntegral<uint64_t>());
258 sptr<DBinderServiceStub> stub = new (std::nothrow) DBinderServiceStub(serviceName, deviceID, binderObject);
259 if (stub == nullptr) {
260 return;
261 }
262 uint32_t seqNumber = provider.ConsumeIntegral<uint32_t>();
263 uint32_t pid = provider.ConsumeIntegral<uint32_t>();
264 uint32_t uid = provider.ConsumeIntegral<uint32_t>();
265 OHOS::DBinderService dBinderService;
266 dBinderService.InvokerRemoteDBinder(stub, seqNumber, pid, uid);
267 }
268
CheckSystemAbilityIdTest(FuzzedDataProvider & provider)269 void CheckSystemAbilityIdTest(FuzzedDataProvider &provider)
270 {
271 int32_t systemAbilityId = provider.ConsumeIntegral<int32_t>();
272 OHOS::DBinderService dBinderService;
273 dBinderService.CheckSystemAbilityId(systemAbilityId);
274 }
275
IsSameLoadSaItemTest(FuzzedDataProvider & provider)276 void IsSameLoadSaItemTest(FuzzedDataProvider &provider)
277 {
278 std::string srcNetworkId = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
279 int32_t systemAbilityId = provider.ConsumeIntegral<int32_t>();
280 std::shared_ptr<DHandleEntryTxRx> loadSaItem = std::make_shared<DHandleEntryTxRx>();
281 if (loadSaItem == nullptr) {
282 return;
283 }
284 OHOS::DBinderService dBinderService;
285 dBinderService.IsSameLoadSaItem(srcNetworkId, systemAbilityId, loadSaItem);
286 }
287
PopLoadSaItemTest(FuzzedDataProvider & provider)288 void PopLoadSaItemTest(FuzzedDataProvider &provider)
289 {
290 std::string srcNetworkId = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
291 int32_t systemAbilityId = provider.ConsumeIntegral<int32_t>();
292 OHOS::DBinderService dBinderService;
293 dBinderService.PopLoadSaItem(srcNetworkId, systemAbilityId);
294 }
295
LoadSystemAbilityComplete1Test(FuzzedDataProvider & provider)296 void LoadSystemAbilityComplete1Test(FuzzedDataProvider &provider)
297 {
298 std::string srcNetworkId = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
299 int handle = provider.ConsumeIntegral<int>();
300 sptr<IRemoteObject> remoteObject = new (std::nothrow) IPCObjectProxy(handle);
301 if (remoteObject == nullptr) {
302 return;
303 }
304 int32_t systemAbilityId = provider.ConsumeIntegral<int32_t>();
305 OHOS::DBinderService dBinderService;
306 dBinderService.LoadSystemAbilityComplete(srcNetworkId, systemAbilityId, remoteObject);
307 }
308
LoadSystemAbilityComplete2Test(FuzzedDataProvider & provider)309 void LoadSystemAbilityComplete2Test(FuzzedDataProvider &provider)
310 {
311 std::string srcNetworkId = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
312 sptr<IRemoteObject> remoteObject = nullptr;
313 int32_t systemAbilityId = provider.ConsumeIntegral<int32_t>();
314 OHOS::DBinderService dBinderService;
315 dBinderService.LoadSystemAbilityComplete(srcNetworkId, systemAbilityId, remoteObject);
316 }
317
CheckAndAmendSaIdTest(FuzzedDataProvider & provider)318 void CheckAndAmendSaIdTest(FuzzedDataProvider &provider)
319 {
320 auto message = std::make_shared<DHandleEntryTxRx>();
321 if (message == nullptr) {
322 return;
323 }
324 message->transType = provider.ConsumeIntegral<int32_t>();
325 OHOS::DBinderService dBinderService;
326 dBinderService.CheckAndAmendSaId(message);
327 }
328
OnRemoteInvokerMessageTest(FuzzedDataProvider & provider)329 void OnRemoteInvokerMessageTest(FuzzedDataProvider &provider)
330 {
331 auto message = std::make_shared<DHandleEntryTxRx>();
332 if (message == nullptr) {
333 return;
334 }
335 message->transType = provider.ConsumeIntegral<int32_t>();
336 OHOS::DBinderService dBinderService;
337 dBinderService.OnRemoteInvokerMessage(message);
338 }
339
CreateDatabusNameTest(FuzzedDataProvider & provider)340 void CreateDatabusNameTest(FuzzedDataProvider &provider)
341 {
342 int uid = provider.ConsumeIntegral<int>();
343 int pid = provider.ConsumeIntegral<int>();
344 OHOS::DBinderService dBinderService;
345 dBinderService.CreateDatabusName(uid, pid);
346 }
347
CheckDeviceIdIllegalTest(FuzzedDataProvider & provider)348 void CheckDeviceIdIllegalTest(FuzzedDataProvider &provider)
349 {
350 std::string remoteDeviceId = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
351 OHOS::DBinderService dBinderService;
352 dBinderService.CheckDeviceIdIllegal(remoteDeviceId);
353 }
354
CheckSessionNameIsEmptyTest(FuzzedDataProvider & provider)355 void CheckSessionNameIsEmptyTest(FuzzedDataProvider &provider)
356 {
357 std::string sessionName = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
358 OHOS::DBinderService dBinderService;
359 dBinderService.CheckSessionNameIsEmpty(sessionName);
360 }
361
CheckInvokeListenThreadIllegalTest(FuzzedDataProvider & provider)362 void CheckInvokeListenThreadIllegalTest(FuzzedDataProvider &provider)
363 {
364 std::string sessionName = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
365 int handle = provider.ConsumeIntegral<int>();
366 sptr<IPCObjectProxy> proxy = new (std::nothrow) IPCObjectProxy(handle);
367 if (proxy == nullptr) {
368 return;
369 }
370 MessageParcel parcel;
371 MessageParcel reply;
372 OHOS::DBinderService dBinderService;
373 dBinderService.CheckInvokeListenThreadIllegal(proxy, parcel, reply);
374 }
375
CheckStubIndexAndSessionNameIllegalTest(FuzzedDataProvider & provider)376 void CheckStubIndexAndSessionNameIllegalTest(FuzzedDataProvider &provider)
377 {
378 uint64_t stubIndex = provider.ConsumeIntegral<uint64_t>();
379 std::string serverSessionName = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
380 std::string deviceId = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
381 int handle = provider.ConsumeIntegral<int>();
382 sptr<IPCObjectProxy> proxy = new (std::nothrow) IPCObjectProxy(handle);
383 if (proxy == nullptr) {
384 return;
385 }
386 OHOS::DBinderService dBinderService;
387 dBinderService.CheckStubIndexAndSessionNameIllegal(stubIndex, serverSessionName, deviceId, proxy);
388 }
389
SetReplyMessageTest(FuzzedDataProvider & provider)390 void SetReplyMessageTest(FuzzedDataProvider &provider)
391 {
392 std::shared_ptr<struct DHandleEntryTxRx> replyMessage = std::make_shared<struct DHandleEntryTxRx>();
393 if (replyMessage == nullptr) {
394 return;
395 }
396 replyMessage->transType = provider.ConsumeIntegral<uint32_t>();
397 uint64_t stubIndex = provider.ConsumeIntegral<uint64_t>();
398 std::string serverSessionName = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
399 uint32_t selfTokenId = provider.ConsumeIntegral<uint32_t>();
400 int handle = provider.ConsumeIntegral<int>();
401 sptr<IPCObjectProxy> proxy = new (std::nothrow) IPCObjectProxy(handle);
402 if (proxy == nullptr) {
403 return;
404 }
405 OHOS::DBinderService dBinderService;
406 dBinderService.SetReplyMessage(replyMessage, stubIndex, serverSessionName, selfTokenId, proxy);
407 }
408
OnRemoteInvokerDataBusMessageTest(FuzzedDataProvider & provider)409 void OnRemoteInvokerDataBusMessageTest(FuzzedDataProvider &provider)
410 {
411 int handle = provider.ConsumeIntegral<int>();
412 sptr<IPCObjectProxy> proxy = new (std::nothrow) IPCObjectProxy(handle);
413 if (proxy == nullptr) {
414 return;
415 }
416 std::shared_ptr<struct DHandleEntryTxRx> replyMessage = std::make_shared<struct DHandleEntryTxRx>();
417 if (replyMessage == nullptr) {
418 return;
419 }
420 replyMessage->transType = provider.ConsumeIntegral<uint32_t>();
421 std::string remoteDeviceId = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
422 int pid = provider.ConsumeIntegral<int>();
423 int uid = provider.ConsumeIntegral<int>();
424 uint32_t tokenId = provider.ConsumeIntegral<uint32_t>();
425
426 OHOS::DBinderService dBinderService;
427 dBinderService.OnRemoteInvokerDataBusMessage(proxy, replyMessage, remoteDeviceId, pid, uid, tokenId);
428 }
429
GetRegisterServiceTest(FuzzedDataProvider & provider)430 void GetRegisterServiceTest(FuzzedDataProvider &provider)
431 {
432 binder_uintptr_t binderObject = static_cast<binder_uintptr_t>(provider.ConsumeIntegral<uint64_t>());
433 OHOS::DBinderService dBinderService;
434 dBinderService.GetRegisterService(binderObject);
435 }
436
RegisterRemoteProxyTest(FuzzedDataProvider & provider)437 void RegisterRemoteProxyTest(FuzzedDataProvider &provider)
438 {
439 std::string service = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
440 std::u16string serviceName = Str8ToStr16(service);
441 int handle = provider.ConsumeIntegral<int>();
442 sptr<IRemoteObject> binderObject = new (std::nothrow) IPCObjectProxy(handle);
443 if (binderObject == nullptr) {
444 return;
445 }
446 OHOS::DBinderService dBinderService;
447 dBinderService.RegisterRemoteProxy(serviceName, binderObject);
448 }
449
ProcessOnSessionClosedTest(FuzzedDataProvider & provider)450 void ProcessOnSessionClosedTest(FuzzedDataProvider &provider)
451 {
452 std::string networkId = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
453 OHOS::DBinderService dBinderService;
454 dBinderService.ProcessOnSessionClosed(networkId);
455 }
456
OnRemoteErrorMessageTest(FuzzedDataProvider & provider)457 void OnRemoteErrorMessageTest(FuzzedDataProvider &provider)
458 {
459 std::shared_ptr<struct DHandleEntryTxRx> replyMessage = std::make_shared<struct DHandleEntryTxRx>();
460 if (replyMessage == nullptr) {
461 return;
462 }
463 replyMessage->transType = provider.ConsumeIntegral<uint32_t>();
464 OHOS::DBinderService dBinderService;
465 dBinderService.OnRemoteErrorMessage(replyMessage);
466 }
467
OnRemoteReplyMessageTest(FuzzedDataProvider & provider)468 void OnRemoteReplyMessageTest(FuzzedDataProvider &provider)
469 {
470 std::shared_ptr<struct DHandleEntryTxRx> replyMessage = std::make_shared<struct DHandleEntryTxRx>();
471 if (replyMessage == nullptr) {
472 return;
473 }
474 replyMessage->transType = provider.ConsumeIntegral<uint32_t>();
475 OHOS::DBinderService dBinderService;
476 dBinderService.OnRemoteReplyMessage(replyMessage);
477 }
478
IsSameSessionTest(FuzzedDataProvider & provider)479 void IsSameSessionTest(FuzzedDataProvider &provider)
480 {
481 std::shared_ptr<struct SessionInfo> oldSession = std::make_shared<struct SessionInfo>();
482 std::shared_ptr<struct SessionInfo> newSession = std::make_shared<struct SessionInfo>();
483 if (oldSession == nullptr && newSession == nullptr) {
484 return;
485 }
486 oldSession->type = provider.ConsumeIntegral<uint32_t>();
487 newSession->type = provider.ConsumeIntegral<uint32_t>();
488 OHOS::DBinderService dBinderService;
489 dBinderService.IsSameSession(oldSession, newSession);
490 }
491
IsInvalidStubTest(FuzzedDataProvider & provider)492 void IsInvalidStubTest(FuzzedDataProvider &provider)
493 {
494 std::shared_ptr<struct DHandleEntryTxRx> replyMessage = std::make_shared<struct DHandleEntryTxRx>();
495 if (replyMessage == nullptr) {
496 return;
497 }
498 replyMessage->transType = provider.ConsumeIntegral<uint32_t>();
499 OHOS::DBinderService dBinderService;
500 dBinderService.IsInvalidStub(replyMessage);
501 }
502
IsValidSessionNameTest(FuzzedDataProvider & provider)503 void IsValidSessionNameTest(FuzzedDataProvider &provider)
504 {
505 std::shared_ptr<struct DHandleEntryTxRx> replyMessage = std::make_shared<struct DHandleEntryTxRx>();
506 if (replyMessage == nullptr) {
507 return;
508 }
509 replyMessage->transType = provider.ConsumeIntegral<uint32_t>();
510 OHOS::DBinderService dBinderService;
511 dBinderService.IsValidSessionName(replyMessage);
512 }
513
CopyDeviceIdInfoTest(FuzzedDataProvider & provider)514 void CopyDeviceIdInfoTest(FuzzedDataProvider &provider)
515 {
516 std::shared_ptr<struct SessionInfo> session = std::make_shared<struct SessionInfo>();
517 std::shared_ptr<struct DHandleEntryTxRx> replyMessage = std::make_shared<struct DHandleEntryTxRx>();
518 if (session == nullptr && replyMessage == nullptr) {
519 return;
520 }
521 session->type = provider.ConsumeIntegral<uint32_t>();
522 replyMessage->transType = provider.ConsumeIntegral<uint32_t>();
523 OHOS::DBinderService dBinderService;
524 dBinderService.CopyDeviceIdInfo(session, replyMessage);
525 }
526
InitializeSessionTest(FuzzedDataProvider & provider)527 void InitializeSessionTest(FuzzedDataProvider &provider)
528 {
529 std::shared_ptr<struct SessionInfo> session = std::make_shared<struct SessionInfo>();
530 std::shared_ptr<struct DHandleEntryTxRx> replyMessage = std::make_shared<struct DHandleEntryTxRx>();
531 if (session == nullptr && replyMessage == nullptr) {
532 return;
533 }
534 session->type = provider.ConsumeIntegral<uint32_t>();
535 replyMessage->transType = provider.ConsumeIntegral<uint32_t>();
536 OHOS::DBinderService dBinderService;
537 dBinderService.InitializeSession(session, replyMessage);
538 }
539
MakeSessionByReplyMessageTest(FuzzedDataProvider & provider)540 void MakeSessionByReplyMessageTest(FuzzedDataProvider &provider)
541 {
542 std::shared_ptr<struct DHandleEntryTxRx> replyMessage = std::make_shared<struct DHandleEntryTxRx>();
543 if (replyMessage == nullptr) {
544 return;
545 }
546 replyMessage->transType = provider.ConsumeIntegral<uint32_t>();
547 OHOS::DBinderService dBinderService;
548 dBinderService.MakeSessionByReplyMessage(replyMessage);
549 }
550
WakeupThreadByStubTest(FuzzedDataProvider & provider)551 void WakeupThreadByStubTest(FuzzedDataProvider &provider)
552 {
553 uint32_t seqNumber = provider.ConsumeIntegral<uint32_t>();
554 OHOS::DBinderService dBinderService;
555 dBinderService.WakeupThreadByStub(seqNumber);
556 }
557
DetachThreadLockInfoTest(FuzzedDataProvider & provider)558 void DetachThreadLockInfoTest(FuzzedDataProvider &provider)
559 {
560 uint32_t seqNumber = provider.ConsumeIntegral<uint32_t>();
561 OHOS::DBinderService dBinderService;
562 dBinderService.DetachThreadLockInfo(seqNumber);
563 }
564
DetachProxyObjectTest(FuzzedDataProvider & provider)565 void DetachProxyObjectTest(FuzzedDataProvider &provider)
566 {
567 binder_uintptr_t binderObject = static_cast<binder_uintptr_t>(provider.ConsumeIntegral<uint64_t>());
568 OHOS::DBinderService dBinderService;
569 dBinderService.DetachProxyObject(binderObject);
570 }
571
AttachThreadLockInfoTest(FuzzedDataProvider & provider)572 void AttachThreadLockInfoTest(FuzzedDataProvider &provider)
573 {
574 uint32_t seqNumber = provider.ConsumeIntegral<uint32_t>();
575 std::string networkId = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
576 OHOS::DBinderService dBinderService;
577 auto threadLockInfo = std::make_shared<struct ThreadLockInfo>();
578 dBinderService.AttachThreadLockInfo(seqNumber, networkId, threadLockInfo);
579 }
580
AttachProxyObjectTest(FuzzedDataProvider & provider)581 void AttachProxyObjectTest(FuzzedDataProvider &provider)
582 {
583 int handle = provider.ConsumeIntegral<int>();
584 sptr<IRemoteObject> object = new (std::nothrow) IPCObjectProxy(handle);
585 if (object == nullptr) {
586 return;
587 }
588 binder_uintptr_t binderObject = static_cast<binder_uintptr_t>(provider.ConsumeIntegral<uint64_t>());
589 OHOS::DBinderService dBinderService;
590 dBinderService.AttachProxyObject(object, binderObject);
591 }
592
QueryProxyObjectTest(FuzzedDataProvider & provider)593 void QueryProxyObjectTest(FuzzedDataProvider &provider)
594 {
595 binder_uintptr_t binderObject = static_cast<binder_uintptr_t>(provider.ConsumeIntegral<uint64_t>());
596 OHOS::DBinderService dBinderService;
597 dBinderService.QueryProxyObject(binderObject);
598 }
599
DetachSessionObjectTest(FuzzedDataProvider & provider)600 void DetachSessionObjectTest(FuzzedDataProvider &provider)
601 {
602 binder_uintptr_t stub = static_cast<binder_uintptr_t>(provider.ConsumeIntegral<uint64_t>());
603 OHOS::DBinderService dBinderService;
604 dBinderService.DetachSessionObject(stub);
605 }
606
QuerySessionObjectTest(FuzzedDataProvider & provider)607 void QuerySessionObjectTest(FuzzedDataProvider &provider)
608 {
609 binder_uintptr_t stub = static_cast<binder_uintptr_t>(provider.ConsumeIntegral<uint64_t>());
610 OHOS::DBinderService dBinderService;
611 dBinderService.QuerySessionObject(stub);
612 }
613
DetachDeathRecipientTest(FuzzedDataProvider & provider)614 void DetachDeathRecipientTest(FuzzedDataProvider &provider)
615 {
616 int handle = provider.ConsumeIntegral<int>();
617 sptr<IRemoteObject> object = new (std::nothrow) IPCObjectProxy(handle);
618 if (object == nullptr) {
619 return;
620 }
621 OHOS::DBinderService dBinderService;
622 dBinderService.DetachDeathRecipient(object);
623 }
624
AttachDeathRecipientTest(FuzzedDataProvider & provider)625 void AttachDeathRecipientTest(FuzzedDataProvider &provider)
626 {
627 int handle = provider.ConsumeIntegral<int>();
628 sptr<IRemoteObject> object = new (std::nothrow) IPCObjectProxy(handle);
629 if (object == nullptr) {
630 return;
631 }
632 sptr<IRemoteObject::DeathRecipient> deathRecipient = new (std::nothrow) TestDeathRecipient();
633 if (deathRecipient == nullptr) {
634 return;
635 }
636 OHOS::DBinderService dBinderService;
637 dBinderService.AttachDeathRecipient(object, deathRecipient);
638 }
639
QueryDeathRecipientTest(FuzzedDataProvider & provider)640 void QueryDeathRecipientTest(FuzzedDataProvider &provider)
641 {
642 int handle = provider.ConsumeIntegral<int>();
643 sptr<IRemoteObject> object = new (std::nothrow) IPCObjectProxy(handle);
644 if (object == nullptr) {
645 return;
646 }
647 OHOS::DBinderService dBinderService;
648 dBinderService.QueryDeathRecipient(object);
649 }
650
DetachCallbackProxyTest(FuzzedDataProvider & provider)651 void DetachCallbackProxyTest(FuzzedDataProvider &provider)
652 {
653 int handle = provider.ConsumeIntegral<int>();
654 sptr<IRemoteObject> object = new (std::nothrow) IPCObjectProxy(handle);
655 if (object == nullptr) {
656 return;
657 }
658 OHOS::DBinderService dBinderService;
659 dBinderService.DetachCallbackProxy(object);
660 }
661
AttachCallbackProxyTest(FuzzedDataProvider & provider)662 void AttachCallbackProxyTest(FuzzedDataProvider &provider)
663 {
664 int handle = provider.ConsumeIntegral<int>();
665 sptr<IRemoteObject> object = new (std::nothrow) IPCObjectProxy(handle);
666 if (object == nullptr) {
667 return;
668 }
669 std::u16string serviceName = Str8ToStr16(provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN));
670 std::string deviceID = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
671 binder_uintptr_t stub = static_cast<binder_uintptr_t>(provider.ConsumeIntegral<uint64_t>());
672 sptr<DBinderServiceStub> dBinderServiceStub
673 = new (std::nothrow) DBinderServiceStub(serviceName, deviceID, stub);
674 if (dBinderServiceStub == nullptr) {
675 return;
676 }
677 OHOS::DBinderService dBinderService;
678 dBinderService.AttachCallbackProxy(object, dBinderServiceStub.GetRefPtr());
679 }
680
NoticeCallbackProxyTest(FuzzedDataProvider & provider)681 void NoticeCallbackProxyTest(FuzzedDataProvider &provider)
682 {
683 std::u16string serviceName = Str8ToStr16(provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN));
684 std::string deviceID = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
685 OHOS::DBinderService dBinderService;
686 dBinderService.NoticeCallbackProxy(serviceName, deviceID);
687 }
688
ProcessCallbackProxyTest(FuzzedDataProvider & provider)689 void ProcessCallbackProxyTest(FuzzedDataProvider &provider)
690 {
691 std::u16string serviceName = Str8ToStr16(provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN));
692 std::string deviceID = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
693 binder_uintptr_t stub = static_cast<binder_uintptr_t>(provider.ConsumeIntegral<uint64_t>());
694 sptr<DBinderServiceStub> dbStub = new (std::nothrow) DBinderServiceStub(serviceName, deviceID, stub);
695 if (dbStub == nullptr) {
696 return;
697 }
698 std::vector<sptr<DBinderServiceStub>> dbStubs;
699 dbStubs.emplace_back(dbStub);
700 OHOS::DBinderService dBinderService;
701 dBinderService.ProcessCallbackProxy(dbStubs);
702 }
703
NoticeServiceDieInnerTest(FuzzedDataProvider & provider)704 void NoticeServiceDieInnerTest(FuzzedDataProvider &provider)
705 {
706 std::u16string serviceName = Str8ToStr16(provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN));
707 std::string deviceID = provider.ConsumeRandomLengthString(MAX_STRING_PARAM_LEN);
708 OHOS::DBinderService dBinderService;
709 dBinderService.NoticeServiceDieInner(serviceName, deviceID);
710 }
711
FuzzTest(FuzzedDataProvider & provider)712 void FuzzTest(FuzzedDataProvider &provider)
713 {
714 OHOS::DetachThreadLockInfoTest(provider);
715 OHOS::DetachProxyObjectTest(provider);
716 OHOS::AttachProxyObjectTest(provider);
717 OHOS::QueryProxyObjectTest(provider);
718 OHOS::DetachSessionObjectTest(provider);
719 OHOS::QuerySessionObjectTest(provider);
720 OHOS::DetachDeathRecipientTest(provider);
721 OHOS::AttachDeathRecipientTest(provider);
722 OHOS::QueryDeathRecipientTest(provider);
723 OHOS::DetachCallbackProxyTest(provider);
724 OHOS::AttachCallbackProxyTest(provider);
725 OHOS::NoticeCallbackProxyTest(provider);
726 OHOS::ProcessCallbackProxyTest(provider);
727 OHOS::NoticeServiceDieInnerTest(provider);
728 }
729 }
730
731 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)732 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
733 {
734 /* Run your code on data */
735 FuzzedDataProvider provider(data, size);
736 OHOS::OnRemoteMessageTaskTest(provider);
737 OHOS::StartDBinderServiceTest(provider);
738 OHOS::AddStubByTagTest(provider);
739 OHOS::CheckBinderObject1Test(provider);
740 OHOS::CheckBinderObject2Test(provider);
741 OHOS::HasDBinderStubTest(provider);
742 OHOS::IsSameStubObject1Test(provider);
743 OHOS::IsSameStubObject2Test(provider);
744 OHOS::FindDBinderStubTest(provider);
745 OHOS::DeleteDBinderStubTest(provider);
746 OHOS::FindOrNewDBinderStubTest(provider);
747 OHOS::MakeRemoteBinderTest(provider);
748 OHOS::CheckDeviceIDsInvalidTest(provider);
749 OHOS::CopyDeviceIDsToMessageTest(provider);
750 OHOS::CreateMessageTest(provider);
751 OHOS::SendEntryToRemoteTest(provider);
752 OHOS::InvokerRemoteDBinderTest(provider);
753 OHOS::CheckSystemAbilityIdTest(provider);
754 OHOS::IsSameLoadSaItemTest(provider);
755 OHOS::PopLoadSaItemTest(provider);
756 OHOS::LoadSystemAbilityComplete1Test(provider);
757 OHOS::LoadSystemAbilityComplete2Test(provider);
758 OHOS::CheckAndAmendSaIdTest(provider);
759 OHOS::OnRemoteInvokerMessageTest(provider);
760 OHOS::CreateDatabusNameTest(provider);
761 OHOS::CheckDeviceIdIllegalTest(provider);
762 OHOS::CheckSessionNameIsEmptyTest(provider);
763 OHOS::CheckInvokeListenThreadIllegalTest(provider);
764 OHOS::CheckStubIndexAndSessionNameIllegalTest(provider);
765 OHOS::SetReplyMessageTest(provider);
766 OHOS::OnRemoteInvokerDataBusMessageTest(provider);
767 OHOS::GetRegisterServiceTest(provider);
768 OHOS::RegisterRemoteProxyTest(provider);
769 OHOS::ProcessOnSessionClosedTest(provider);
770 OHOS::OnRemoteErrorMessageTest(provider);
771 OHOS::OnRemoteReplyMessageTest(provider);
772 OHOS::IsSameSessionTest(provider);
773 OHOS::IsInvalidStubTest(provider);
774 OHOS::IsValidSessionNameTest(provider);
775 OHOS::CopyDeviceIdInfoTest(provider);
776 OHOS::InitializeSessionTest(provider);
777 OHOS::MakeSessionByReplyMessageTest(provider);
778 OHOS::WakeupThreadByStubTest(provider);
779 OHOS::FuzzTest(provider);
780 return 0;
781 }
782