1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "formmgrstub_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20
21 #define private public
22 #define protected public
23 #include "form_mgr_stub.h"
24 #undef private
25 #undef protected
26 #include "message_parcel.h"
27 #include "securec.h"
28
29 using namespace OHOS::AppExecFwk;
30
31 namespace OHOS {
32 constexpr size_t U32_AT_SIZE = 4;
33 constexpr size_t MESSAGE_BASE = 3001;
34 constexpr size_t MESSAGE_MAX = 3077;
35 constexpr size_t MESSAGE_RANGE = 77;
36 const std::u16string FORMMGR_INTERFACE_TOKEN = u"ohos.appexecfwk.FormMgr";
37
38 class FormMgrStubFuzzTest : public FormMgrStub {
39 public:
40 FormMgrStubFuzzTest() = default;
41 virtual ~FormMgrStubFuzzTest() = default;
AddForm(const int64_t formId,const Want & want,const sptr<IRemoteObject> & callerToken,FormJsInfo & formInfo)42 int AddForm(const int64_t formId, const Want &want,
43 const sptr<IRemoteObject> &callerToken, FormJsInfo &formInfo) override
44 {
45 return 0;
46 }
DeleteForm(const int64_t formId,const sptr<IRemoteObject> & callerToken)47 int DeleteForm(const int64_t formId, const sptr<IRemoteObject> &callerToken) override
48 {
49 return 0;
50 }
ReleaseForm(const int64_t formId,const sptr<IRemoteObject> & callerToken,const bool delCache)51 int ReleaseForm(const int64_t formId, const sptr<IRemoteObject> &callerToken, const bool delCache) override
52 {
53 return 0;
54 }
UpdateForm(const int64_t formId,const FormProviderData & formProviderData)55 int UpdateForm(const int64_t formId, const FormProviderData &formProviderData) override
56 {
57 return 0;
58 }
SetNextRefreshTime(const int64_t formId,const int64_t nextTime)59 int SetNextRefreshTime(const int64_t formId, const int64_t nextTime) override
60 {
61 return 0;
62 }
RequestPublishForm(Want & want,bool withFormBindingData,std::unique_ptr<FormProviderData> & formBindingData,int64_t & formId)63 ErrCode RequestPublishForm(Want &want, bool withFormBindingData,
64 std::unique_ptr<FormProviderData> &formBindingData, int64_t &formId) override
65 {
66 return 0;
67 }
LifecycleUpdate(const std::vector<int64_t> & formIds,const sptr<IRemoteObject> & callerToken,bool updateType)68 int LifecycleUpdate(const std::vector<int64_t> &formIds,
69 const sptr<IRemoteObject> &callerToken, bool updateType) override
70 {
71 return 0;
72 }
RequestForm(const int64_t formId,const sptr<IRemoteObject> & callerToken,const Want & want)73 int RequestForm(const int64_t formId, const sptr<IRemoteObject> &callerToken, const Want &want) override
74 {
75 return 0;
76 }
NotifyWhetherVisibleForms(const std::vector<int64_t> & formIds,const sptr<IRemoteObject> & callerToken,const int32_t formVisibleType)77 int NotifyWhetherVisibleForms(const std::vector<int64_t> &formIds,
78 const sptr<IRemoteObject> &callerToken, const int32_t formVisibleType) override
79 {
80 return 0;
81 }
HasFormVisible(const uint32_t tokenId)82 bool HasFormVisible(const uint32_t tokenId) override
83 {
84 return false;
85 }
CastTempForm(const int64_t formId,const sptr<IRemoteObject> & callerToken)86 int CastTempForm(const int64_t formId, const sptr<IRemoteObject> &callerToken) override
87 {
88 return 0;
89 }
DumpStorageFormInfos(std::string & formInfos)90 int DumpStorageFormInfos(std::string &formInfos) override
91 {
92 return 0;
93 }
DumpFormInfoByBundleName(const std::string & bundleName,std::string & formInfos)94 int DumpFormInfoByBundleName(const std::string &bundleName, std::string &formInfos) override
95 {
96 return 0;
97 }
DumpFormInfoByFormId(const std::int64_t formId,std::string & formInfo)98 int DumpFormInfoByFormId(const std::int64_t formId, std::string &formInfo) override
99 {
100 return 0;
101 }
DumpFormTimerByFormId(const std::int64_t formId,std::string & isTimingService)102 int DumpFormTimerByFormId(const std::int64_t formId, std::string &isTimingService) override
103 {
104 return 0;
105 }
MessageEvent(const int64_t formId,const Want & want,const sptr<IRemoteObject> & callerToken)106 int MessageEvent(const int64_t formId, const Want &want, const sptr<IRemoteObject> &callerToken) override
107 {
108 return 0;
109 }
RouterEvent(const int64_t formId,Want & want,const sptr<IRemoteObject> & callerToken)110 int RouterEvent(const int64_t formId, Want &want, const sptr<IRemoteObject> &callerToken) override
111 {
112 return 0;
113 }
BackgroundEvent(const int64_t formId,Want & want,const sptr<IRemoteObject> & callerToken)114 int BackgroundEvent(const int64_t formId, Want &want, const sptr<IRemoteObject> &callerToken) override
115 {
116 return 0;
117 }
DeleteInvalidForms(const std::vector<int64_t> & formIds,const sptr<IRemoteObject> & callerToken,int32_t & numFormsDeleted)118 int DeleteInvalidForms(const std::vector<int64_t> &formIds,
119 const sptr<IRemoteObject> &callerToken, int32_t &numFormsDeleted) override
120 {
121 return 0;
122 }
AcquireFormState(const Want & want,const sptr<IRemoteObject> & callerToken,FormStateInfo & stateInfo)123 int AcquireFormState(const Want &want,
124 const sptr<IRemoteObject> &callerToken, FormStateInfo &stateInfo) override
125 {
126 return 0;
127 }
NotifyFormsVisible(const std::vector<int64_t> & formIds,bool isVisible,const sptr<IRemoteObject> & callerToken)128 int NotifyFormsVisible(const std::vector<int64_t> &formIds, bool isVisible,
129 const sptr<IRemoteObject> &callerToken) override
130 {
131 return 0;
132 }
NotifyFormsPrivacyProtected(const std::vector<int64_t> & formIds,bool isProtected,const sptr<IRemoteObject> & callerToken)133 int NotifyFormsPrivacyProtected(const std::vector<int64_t> &formIds,
134 bool isProtected, const sptr<IRemoteObject> &callerToken) override
135 {
136 return 0;
137 }
NotifyFormsEnableUpdate(const std::vector<int64_t> & formIds,bool isEnableUpdate,const sptr<IRemoteObject> & callerToken)138 int NotifyFormsEnableUpdate(const std::vector<int64_t> &formIds, bool isEnableUpdate,
139 const sptr<IRemoteObject> &callerToken) override
140 {
141 return 0;
142 }
GetAllFormsInfo(std::vector<FormInfo> & formInfos)143 int GetAllFormsInfo(std::vector<FormInfo> &formInfos) override
144 {
145 return 0;
146 }
GetFormsInfoByApp(std::string & bundleName,std::vector<FormInfo> & formInfos)147 int GetFormsInfoByApp(std::string &bundleName, std::vector<FormInfo> &formInfos) override
148 {
149 return 0;
150 }
GetFormsInfoByModule(std::string & bundleName,std::string & moduleName,std::vector<FormInfo> & formInfos)151 int GetFormsInfoByModule(std::string &bundleName,
152 std::string &moduleName, std::vector<FormInfo> &formInfos) override
153 {
154 return 0;
155 }
GetFormsInfo(const FormInfoFilter & filter,std::vector<FormInfo> & formInfos)156 int32_t GetFormsInfo(const FormInfoFilter &filter, std::vector<FormInfo> &formInfos) override
157 {
158 return 0;
159 }
IsRequestPublishFormSupported()160 bool IsRequestPublishFormSupported() override
161 {
162 return 0;
163 }
StartAbility(const Want & want,const sptr<IRemoteObject> & callerToken)164 int32_t StartAbility(const Want &want, const sptr<IRemoteObject> &callerToken) override
165 {
166 return 0;
167 }
ShareForm(int64_t formId,const std::string & deviceId,const sptr<IRemoteObject> & callerToken,int64_t requestCode)168 int32_t ShareForm(int64_t formId, const std::string &deviceId,
169 const sptr<IRemoteObject> &callerToken, int64_t requestCode) override
170 {
171 return 0;
172 }
AcquireFormData(int64_t formId,int64_t requestCode,const sptr<IRemoteObject> & callerToken,AAFwk::WantParams & formData)173 int32_t AcquireFormData(int64_t formId, int64_t requestCode, const sptr<IRemoteObject> &callerToken,
174 AAFwk::WantParams &formData) override
175 {
176 return 0;
177 }
RecvFormShareInfoFromRemote(const FormShareInfo & info)178 int32_t RecvFormShareInfoFromRemote(const FormShareInfo &info) override
179 {
180 return 0;
181 }
CheckFMSReady()182 bool CheckFMSReady() override
183 {
184 return false;
185 }
SetBackgroundFunction(const std::string funcName,const std::string params)186 int32_t SetBackgroundFunction(const std::string funcName, const std::string params) override
187 {
188 return 0;
189 }
GetFormsCount(bool isTempFormFlag,int32_t & formCount)190 int32_t GetFormsCount(bool isTempFormFlag, int32_t &formCount) override
191 {
192 return 0;
193 }
GetHostFormsCount(std::string & bundleName,int32_t & formCount)194 int32_t GetHostFormsCount(std::string &bundleName, int32_t &formCount) override
195 {
196 return 0;
197 }
GetRunningFormInfos(bool isUnusedIncluded,std::vector<RunningFormInfo> & runningFormInfos)198 ErrCode GetRunningFormInfos(bool isUnusedIncluded, std::vector<RunningFormInfo> &runningFormInfos) override
199 {
200 return 0;
201 }
GetRunningFormInfosByBundleName(const std::string & bundleName,bool isUnusedIncluded,std::vector<RunningFormInfo> & runningFormInfos)202 ErrCode GetRunningFormInfosByBundleName(
203 const std::string &bundleName, bool isUnusedIncluded, std::vector<RunningFormInfo> &runningFormInfos) override
204 {
205 return 0;
206 }
207
GetFormInstancesByFilter(const FormInstancesFilter & formInstancesFilter,std::vector<FormInstance> & formInstances)208 int32_t GetFormInstancesByFilter(const FormInstancesFilter &formInstancesFilter,
209 std::vector<FormInstance> &formInstances) override
210 {
211 return 0;
212 }
GetFormInstanceById(const int64_t formId,FormInstance & formInstances)213 int32_t GetFormInstanceById(const int64_t formId, FormInstance &formInstances) override
214 {
215 return 0;
216 }
RegisterFormAddObserverByBundle(const std::string bundleName,const sptr<IRemoteObject> & callerToken)217 ErrCode RegisterFormAddObserverByBundle(const std::string bundleName,
218 const sptr<IRemoteObject> &callerToken) override
219 {
220 return ERR_OK;
221 }
222
RegisterFormRemoveObserverByBundle(const std::string bundleName,const sptr<IRemoteObject> & callerToken)223 ErrCode RegisterFormRemoveObserverByBundle(const std::string bundleName,
224 const sptr<IRemoteObject> &callerToken) override
225 {
226 return ERR_OK;
227 }
228
RegisterAddObserver(const std::string & bundleName,const sptr<IRemoteObject> & callerToken)229 ErrCode RegisterAddObserver(const std::string &bundleName, const sptr<IRemoteObject> &callerToken) override
230 {
231 return ERR_OK;
232 }
233
RegisterRemoveObserver(const std::string & bundleName,const sptr<IRemoteObject> & callerToken)234 ErrCode RegisterRemoveObserver(const std::string &bundleName, const sptr<IRemoteObject> &callerToken) override
235 {
236 return ERR_OK;
237 }
238
RegisterClickEventObserver(const std::string & bundleName,const std::string & formEventType,const sptr<IRemoteObject> & observer)239 ErrCode RegisterClickEventObserver(
240 const std::string &bundleName, const std::string &formEventType, const sptr<IRemoteObject> &observer) override
241 {
242 return ERR_OK;
243 }
244
RegisterFormRouterProxy(const std::vector<int64_t> & formIds,const sptr<IRemoteObject> & callerToken)245 ErrCode RegisterFormRouterProxy(const std::vector<int64_t> &formIds,
246 const sptr<IRemoteObject> &callerToken) override
247 {
248 return ERR_OK;
249 }
250
UnregisterClickEventObserver(const std::string & bundleName,const std::string & formEventType,const sptr<IRemoteObject> & observer)251 ErrCode UnregisterClickEventObserver(
252 const std::string &bundleName, const std::string &formEventType, const sptr<IRemoteObject> &observer) override
253 {
254 return ERR_OK;
255 }
256
UnregisterFormRouterProxy(const std::vector<int64_t> & formIds)257 ErrCode UnregisterFormRouterProxy(const std::vector<int64_t> &formIds) override
258 {
259 return ERR_OK;
260 }
261
RequestPublishFormWithSnapshot(Want & want,bool withFormBindingData,std::unique_ptr<FormProviderData> & formBindingData,int64_t & formId)262 ErrCode RequestPublishFormWithSnapshot(Want &want, bool withFormBindingData,
263 std::unique_ptr<FormProviderData> &formBindingData, int64_t &formId) override
264 {
265 return 0;
266 }
267 };
268
HandleFormMessage(std::shared_ptr<FormMgrStub> formMgrStub,MessageParcel & data,MessageParcel & reply)269 void HandleFormMessage(std::shared_ptr<FormMgrStub> formMgrStub, MessageParcel &data, MessageParcel &reply)
270 {
271 if (formMgrStub == nullptr) {
272 return;
273 }
274 formMgrStub->HandleRegisterFormRemoveObserverByBundle(data, reply);
275 formMgrStub->HandleGetFormsCount(data, reply);
276 formMgrStub->HandleGetHostFormsCount(data, reply);
277 formMgrStub->HandleGetRunningFormInfos(data, reply);
278 formMgrStub->HandleGetRunningFormInfosByBundleName(data, reply);
279 formMgrStub->HandleGetFormInstanceById(data, reply);
280 formMgrStub->HandleGetAllFormsInfo(data, reply);
281 formMgrStub->HandleGetFormsInfoByApp(data, reply);
282 formMgrStub->HandleGetFormsInfoByModule(data, reply);
283 formMgrStub->HandleIsRequestPublishFormSupported(data, reply);
284 formMgrStub->HandleShareForm(data, reply);
285 formMgrStub->HandleCheckFMSReady(data, reply);
286 formMgrStub->HandleDeleteForm(data, reply);
287 formMgrStub->HandleStopRenderingForm(data, reply);
288 formMgrStub->HandleReleaseForm(data, reply);
289 formMgrStub->HandleSetNextRefreshTime(data, reply);
290 formMgrStub->HandleLifecycleUpdate(data, reply);
291 formMgrStub->HandleRequestForm(data, reply);
292 formMgrStub->HandleNotifyWhetherVisibleForms(data, reply);
293 formMgrStub->HandleCastTempForm(data, reply);
294 formMgrStub->HandleDumpFormInfoByBundleName(data, reply);
295 formMgrStub->HandleDumpFormInfoByFormId(data, reply);
296 formMgrStub->HandleDumpFormTimerByFormId(data, reply);
297 formMgrStub->HandleDeleteInvalidForms(data, reply);
298 formMgrStub->HandleNotifyFormsVisible(data, reply);
299 formMgrStub->HandleNotifyFormsPrivacyProtected(data, reply);
300 formMgrStub->HandleNotifyFormsEnableUpdate(data, reply);
301 formMgrStub->HandleRegisterFormAddObserverByBundle(data, reply);
302 formMgrStub->HandleAddForm(data, reply);
303 formMgrStub->HandleUpdateForm(data, reply);
304 formMgrStub->HandleRequestPublishForm(data, reply);
305 formMgrStub->HandleMessageEvent(data, reply);
306 formMgrStub->HandleBackgroundEvent(data, reply);
307 formMgrStub->HandleRouterEvent(data, reply);
308 formMgrStub->HandleAcquireFormState(data, reply);
309 formMgrStub->HandleGetFormsInfo(data, reply);
310 formMgrStub->HandleStartAbility(data, reply);
311 formMgrStub->HandleRecvFormShareInfoFromRemote(data, reply);
312 formMgrStub->HandleAcquireFormData(data, reply);
313 formMgrStub->HandleGetFormInstancesByFilter(data, reply);
314 }
315
HandleFormRequest(std::shared_ptr<FormMgrStub> formMgrStub,MessageParcel & data,MessageParcel & reply)316 void HandleFormRequest(std::shared_ptr<FormMgrStub> formMgrStub, MessageParcel &data, MessageParcel &reply)
317 {
318 if (formMgrStub == nullptr) {
319 return;
320 }
321 formMgrStub->HandleCreateForm(data, reply);
322 formMgrStub->HandleReleaseRenderer(data, reply);
323 formMgrStub->HandleSetPublishFormResult(data, reply);
324 formMgrStub->HandleAcquireAddFormResult(data, reply);
325 formMgrStub->HandleHasFormVisible(data, reply);
326 formMgrStub->HandleDumpStorageFormInfos(data, reply);
327 formMgrStub->HandleGetFormsInfoByFilter(data, reply);
328 formMgrStub->HandleIsSystemAppForm(data, reply);
329 formMgrStub->HandleRegisterAddObserver(data, reply);
330 formMgrStub->HandleRegisterRemoveObserver(data, reply);
331 formMgrStub->HandleRegisterFormRouterProxy(data, reply);
332 formMgrStub->HandleUnregisterFormRouterProxy(data, reply);
333 formMgrStub->HandleUpdateProxyForm(data, reply);
334 formMgrStub->HandleRequestPublishProxyForm(data, reply);
335 formMgrStub->HandleUnregisterPublishFormInterceptor(data, reply);
336 formMgrStub->HandleRegisterClickCallbackEventObserver(data, reply);
337 formMgrStub->HandleUnregisterClickCallbackEventObserver(data, reply);
338 std::vector<FormDataProxy> formDataProxies;
339 formMgrStub->ReadFormDataProxies(data, formDataProxies);
340 formMgrStub->HandleSetFormsRecyclable(data, reply);
341 formMgrStub->HandleRecoverForms(data, reply);
342 formMgrStub->HandleUpdateFormLocation(data, reply);
343 formMgrStub->HandleRequestPublishFormWithSnapshot(data, reply);
344 formMgrStub->HandleBatchRefreshForms(data, reply);
345 formMgrStub->HandleEnableForms(data, reply);
346 formMgrStub->HandleIsFormBundleForbidden(data, reply);
347 }
348
GetU32Data(const char * ptr)349 uint32_t GetU32Data(const char* ptr)
350 {
351 // 将第0个数字左移24位,将第1个数字左移16位,将第2个数字左移8位,第3个数字不左移
352 return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | (ptr[3]);
353 }
354
DoSomethingInterestingWithMyAPI(const char * data,size_t size)355 bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
356 {
357 uint32_t code = GetU32Data(data);
358 MessageParcel datas;
359 datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN);
360 datas.WriteBuffer(data, size);
361 datas.RewindRead(0);
362 MessageParcel reply;
363 MessageOption option;
364 std::shared_ptr<FormMgrStub> formmgrstub = std::make_shared<FormMgrStubFuzzTest>();
365 formmgrstub->OnRemoteRequest(code, datas, reply, option);
366 code = MESSAGE_BASE + code % MESSAGE_RANGE;
367 formmgrstub->OnRemoteRequest(code, datas, reply, option);
368 for (uint32_t code = MESSAGE_BASE; code < MESSAGE_MAX; code++) {
369 MessageParcel parcel;
370 parcel.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN);
371 parcel.WriteBuffer(data, size);
372 parcel.RewindRead(0);
373 MessageParcel reply;
374 MessageOption option;
375 std::shared_ptr<FormMgrStub> formMgrStub = std::make_shared<FormMgrStubFuzzTest>();
376 formMgrStub->OnRemoteRequest(code, parcel, reply, option);
377 }
378 HandleFormMessage(formmgrstub, datas, reply);
379 HandleFormRequest(formmgrstub, datas, reply);
380 return true;
381 }
382 }
383
384 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)385 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
386 {
387 /* Run your code on data */
388 if (data == nullptr) {
389 return 0;
390 }
391
392 if (size < OHOS::U32_AT_SIZE) {
393 return 0;
394 }
395
396 char* ch = static_cast<char*>(malloc(size + 1));
397 if (ch == nullptr) {
398 return 0;
399 }
400
401 (void)memset_s(ch, size + 1, 0x00, size + 1);
402 if (memcpy_s(ch, size + 1, data, size) != EOK) {
403 free(ch);
404 ch = nullptr;
405 return 0;
406 }
407
408 OHOS::DoSomethingInterestingWithMyAPI(ch, size);
409 free(ch);
410 ch = nullptr;
411 return 0;
412 }
413
414