• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "rstransactionipc_fuzzer.h"
17 
18 #include <cstddef>
19 #include <cstdint>
20 #include <securec.h>
21 
22 #include "platform/ohos/rs_irender_service_connection_ipc_interface_code_access_verifier.h"
23 #include "transaction/rs_render_service_connection_stub.h"
24 
25 namespace OHOS {
26 namespace Rosen {
27 namespace {
28 const uint8_t* DATA = nullptr;
29 size_t g_size = 0;
30 size_t g_pos;
31 } // namespace
32 
33 template<class T>
GetData()34 T GetData()
35 {
36     T object {};
37     size_t objectSize = sizeof(object);
38     if (DATA == nullptr || objectSize > g_size - g_pos) {
39         return object;
40     }
41     errno_t ret = memcpy_s(&object, objectSize, DATA + g_pos, objectSize);
42     if (ret != EOK) {
43         return {};
44     }
45     g_pos += objectSize;
46     return object;
47 }
48 
RSITransactionIpcInterFaceCodeAccessVerifierFuzztest001(const uint8_t * data,size_t size)49 bool RSITransactionIpcInterFaceCodeAccessVerifierFuzztest001(const uint8_t* data, size_t size)
50 {
51     if (data == nullptr) {
52         return false;
53     }
54     // initialize
55     DATA = data;
56     g_size = size;
57     g_pos = 0;
58 
59     // get data
60     uint32_t code = GetData<uint32_t>();
61 
62     RSIRenderServiceConnectionInterfaceCodeAccessVerifier verifier;
63     verifier.IsExclusiveVerificationPassed(code);
64 #ifdef ENABLE_IPC_SECURITY
65     uint32_t times = GetData<uint32_t>();
66     verifier.AddRSIRenderServiceConnectionInterfaceCodePermission();
67     verifier.IsAccessTimesVerificationPassed(code, times);
68 #endif
69     return true;
70 }
71 
RSITransactionIpcInterFaceCodeAccessVerifierFuzztest002(const uint8_t * data,size_t size)72 bool RSITransactionIpcInterFaceCodeAccessVerifierFuzztest002(const uint8_t* data, size_t size)
73 {
74     if (data == nullptr) {
75         return false;
76     }
77     // initialize
78     DATA = data;
79     g_size = size;
80     g_pos = 0;
81 
82     // get data
83     RSIRenderServiceConnectionInterfaceCodeAccessVerifier verifier;
84     uint32_t code = static_cast<CodeUnderlyingType>(
85         RSIRenderServiceConnectionInterfaceCodeAccessVerifier::CodeEnumType::SET_REFRESH_RATE_MODE);
86     verifier.IsExclusiveVerificationPassed(code);
87     code = static_cast<CodeUnderlyingType>(
88         RSIRenderServiceConnectionInterfaceCodeAccessVerifier::CodeEnumType::GET_SHOW_REFRESH_RATE_ENABLED);
89     verifier.IsExclusiveVerificationPassed(code);
90     code = static_cast<CodeUnderlyingType>(
91         RSIRenderServiceConnectionInterfaceCodeAccessVerifier::CodeEnumType::SET_SHOW_REFRESH_RATE_ENABLED);
92     verifier.IsExclusiveVerificationPassed(code);
93     code = static_cast<CodeUnderlyingType>(
94         RSIRenderServiceConnectionInterfaceCodeAccessVerifier::CodeEnumType::TAKE_SURFACE_CAPTURE);
95     verifier.IsExclusiveVerificationPassed(code);
96     code = static_cast<CodeUnderlyingType>(
97         RSIRenderServiceConnectionInterfaceCodeAccessVerifier::CodeEnumType::GET_MEMORY_GRAPHICS);
98     verifier.IsExclusiveVerificationPassed(code);
99     code = static_cast<CodeUnderlyingType>(
100         RSIRenderServiceConnectionInterfaceCodeAccessVerifier::CodeEnumType::SET_SCREEN_POWER_STATUS);
101     verifier.IsExclusiveVerificationPassed(code);
102 #ifdef ENABLE_IPC_SECURITY
103     uint32_t times = GetData<uint32_t>();
104     PermissionType permission = PermissionType::CAPTURE_SCREEN;
105     verifier.permissionRSIRenderServiceInterfaceMappings_.emplace(code, permission);
106     verifier.permissionRSIRenderServiceInterfaceMappings_.emplace(code + 1, "unknown");
107     verifier.AddRSIRenderServiceConnectionInterfaceCodePermission();
108     verifier.accessRSIRenderServiceInterfaceTimesRestrictions_.emplace(code, code);
109     verifier.IsAccessTimesVerificationPassed(code, times);
110 #endif
111     return true;
112 }
113 
114 } // namespace Rosen
115 } // namespace OHOS
116 
117 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)118 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
119 {
120     /* Run your code on data */
121     OHOS::Rosen::RSITransactionIpcInterFaceCodeAccessVerifierFuzztest001(data, size);
122     OHOS::Rosen::RSITransactionIpcInterFaceCodeAccessVerifierFuzztest002(data, size);
123     return 0;
124 }
125