1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "sensoragentenhanced_fuzzer.h"
17
18 #include <unistd.h>
19 #include <thread>
20
21 #include "accesstoken_kit.h"
22 #include "token_setproc.h"
23 #include "nativetoken_kit.h"
24 #include "securec.h"
25
26 #include "sensor_agent.h"
27 #include "sensor_agent_type.h"
28 #include "sensor_errors.h"
29
30 namespace OHOS {
31 namespace Sensors {
32 using namespace OHOS::HiviewDFX;
33 using namespace OHOS::Security::AccessToken;
34 using OHOS::Security::AccessToken::AccessTokenID;
35 namespace {
36 constexpr int64_t SAMPLING_INTERVAL = 200000000;
37 constexpr int64_t REPORT_INTERVAL = 200000000;
38 constexpr size_t DATA_MIN_SIZE = sizeof(int32_t) + sizeof(SensorIdentifier) + sizeof(SensorUser);
39 constexpr int32_t SLEEP_TIME = 1000;
40 } // namespace
41
42 template<class T>
GetObject(T & object,const uint8_t * data,size_t size)43 size_t GetObject(T &object, const uint8_t *data, size_t size)
44 {
45 size_t objectSize = sizeof(object);
46 if (objectSize > size) {
47 return 0;
48 }
49 errno_t ret = memcpy_s(&object, objectSize, data, objectSize);
50 if (ret != EOK) {
51 return 0;
52 }
53 return objectSize;
54 }
55
SetUpTestCase()56 void SetUpTestCase()
57 {
58 const char **perms = new (std::nothrow) const char *[2];
59 CHKPV(perms);
60 perms[0] = "ohos.permission.ACCELEROMETER";
61 perms[1] = "ohos.permission.MANAGE_SENSOR";
62 TokenInfoParams infoInstance = {
63 .dcapsNum = 0,
64 .permsNum = 2,
65 .aclsNum = 0,
66 .dcaps = nullptr,
67 .perms = perms,
68 .acls = nullptr,
69 .processName = "SensorAgentEnhancedFuzzTest",
70 .aplStr = "system_core",
71 };
72 uint64_t tokenId = GetAccessTokenId(&infoInstance);
73 SetSelfTokenID(tokenId);
74 AccessTokenKit::ReloadNativeTokenInfo();
75 delete[] perms;
76 }
77
SensorDataCallbackImpl(SensorEvent * event)78 void SensorDataCallbackImpl(SensorEvent *event)
79 {
80 if (event == nullptr) {
81 return;
82 }
83 }
84
SensorAgentEnhancedFuzzTest(const uint8_t * data,size_t size)85 void SensorAgentEnhancedFuzzTest(const uint8_t *data, size_t size)
86 {
87 if (data == nullptr || size < DATA_MIN_SIZE) {
88 return;
89 }
90 SetUpTestCase();
91 size_t startPos = 0;
92 int32_t deviceId = 0;
93 int32_t mode = 0;
94 GetObject<int32_t>(deviceId, data + startPos, size - startPos);
95 GetObject<int32_t>(mode, data, size);
96
97 SensorIdentifier sensorIdentifier;
98 GetObject<SensorIdentifier>(sensorIdentifier, data + startPos, size - startPos);
99
100 SensorUser user;
101 user.callback = SensorDataCallbackImpl;
102
103 SensorInfo *sensorInfo = nullptr;
104 int32_t count = 0;
105 GetDeviceSensors(deviceId, &sensorInfo, &count);
106
107 SubscribeSensorEnhanced(sensorIdentifier, &user);
108 SetBatchEnhanced(sensorIdentifier, &user, SAMPLING_INTERVAL, REPORT_INTERVAL);
109 ActivateSensorEnhanced(sensorIdentifier, &user);
110 SetModeEnhanced(sensorIdentifier, &user, mode);
111
112 std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIME));
113
114 DeactivateSensorEnhanced(sensorIdentifier, &user);
115 UnsubscribeSensorEnhanced(sensorIdentifier, &user);
116
117 SubscribeSensorPlug(&user);
118 UnsubscribeSensorPlug(&user);
119 }
120 } // namespace Sensors
121 } // namespace OHOS
122
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)123 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
124 {
125 OHOS::Sensors::SensorAgentEnhancedFuzzTest(data, size);
126 return 0;
127 }