1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "medialibrary_common_fuzzer.h"
16
17 #include <cstdint>
18 #include <string>
19 #include <fstream>
20 #include <fuzzer/FuzzedDataProvider.h>
21
22 #include "dfx_database_utils.h"
23 #include "exif_utils.h"
24 #include "media_log.h"
25 #include "media_photo_asset_proxy.h"
26 #include "media_scanner_manager.h"
27 #include "medialibrary_common_utils.h"
28 #include "media_file_uri.h"
29 #include "medialibrary_data_manager_utils.h"
30
31 #define private public
32 #include "permission_utils.h"
33 #include "photo_file_utils.h"
34 #undef private
35
36 namespace OHOS {
37 using namespace std;
38 static const int32_t NUM_BYTES = 1;
39 static const int32_t MIN_PERMISSION_USED_TYPE = -1;
40 static const int32_t MAX_PERMISSION_USED_TYPE = 3;
41 static const int32_t MAX_BYTE_VALUE = 256;
42 static const int32_t SEED_SIZE = 1024;
43 const string TABLE = "PhotoAlbum";
44 const string PHOTOS_TABLE = "Photos";
45 const std::string PERMISSION = "testName";
46 const std::string ROOT_MEDIA_DIR = "/storage/cloud/files/";
47 const std::string PHOTO_PATH = "/Photo/5/IMG_1741264239_005.jpg";
48 FuzzedDataProvider *provider = nullptr;
49
FuzzVectorString()50 static inline vector<string> FuzzVectorString()
51 {
52 return {provider->ConsumeBytesAsString(NUM_BYTES)};
53 }
54
FuzzPermissionUsedType()55 static inline Security::AccessToken::PermissionUsedType FuzzPermissionUsedType()
56 {
57 int32_t value = provider->ConsumeIntegralInRange<int32_t>(MIN_PERMISSION_USED_TYPE, MAX_PERMISSION_USED_TYPE);
58 return static_cast<Security::AccessToken::PermissionUsedType>(value);
59 }
60
ScanTest()61 static void ScanTest()
62 {
63 auto scannerManager = Media::MediaScannerManager::GetInstance();
64 if (scannerManager != nullptr) {
65 scannerManager->ScanDir(provider->ConsumeBytesAsString(NUM_BYTES), nullptr);
66 }
67 }
68
CommonUtilsTest()69 static void CommonUtilsTest()
70 {
71 Media::MediaLibraryCommonUtils::CheckWhereClause(provider->ConsumeBytesAsString(NUM_BYTES));
72 string key;
73 Media::MediaLibraryCommonUtils::GenKeySHA256(provider->ConsumeBytesAsString(NUM_BYTES), key);
74 Media::MediaLibraryCommonUtils::GenKeySHA256(provider->ConsumeBytes<uint8_t>(NUM_BYTES), key);
75 string selection;
76 Media::MediaLibraryCommonUtils::AppendSelections(selection);
77 }
78
DfxTest()79 static void DfxTest()
80 {
81 int32_t mediaType = provider->ConsumeIntegral<int32_t>();
82 int32_t position = provider->ConsumeIntegral<int32_t>();
83 Media::DfxDatabaseUtils::QueryFromPhotos(mediaType, position);
84
85 int32_t albumSubtype = provider->ConsumeIntegral<int32_t>();
86 Media::DfxDatabaseUtils::QueryAlbumInfoBySubtype(albumSubtype);
87 Media::DfxDatabaseUtils::QueryDirtyCloudPhoto();
88 Media::DfxDatabaseUtils::QueryAnalysisVersion(provider->ConsumeBytesAsString(NUM_BYTES),
89 provider->ConsumeBytesAsString(NUM_BYTES));
90
91 int32_t downloadedThumb;
92 int32_t generatedThumb;
93 Media::DfxDatabaseUtils::QueryDownloadedAndGeneratedThumb(downloadedThumb, generatedThumb);
94 int32_t totalDownload;
95 Media::DfxDatabaseUtils::QueryTotalCloudThumb(totalDownload);
96 Media::DfxDatabaseUtils::QueryDbVersion();
97
98 Media::PhotoRecordInfo info = {
99 .imageCount = provider->ConsumeIntegral<int32_t>(),
100 .videoCount = provider->ConsumeIntegral<int32_t>()
101 };
102 Media::DfxDatabaseUtils::QueryPhotoRecordInfo(info);
103 }
104
PermissionUtilsTest()105 static void PermissionUtilsTest()
106 {
107 Media::PermissionUtils::CheckCallerPermission(provider->ConsumeBytesAsString(NUM_BYTES));
108 std::vector<std::string> perms;
109 Media::PermissionUtils::CheckCallerPermission(perms);
110 Media::PermissionUtils::CheckPhotoCallerPermission(perms);
111 Media::PermissionUtils::CheckPhotoCallerPermission(provider->ConsumeBytesAsString(NUM_BYTES));
112 Media::PermissionUtils::CheckHasPermission(perms);
113 perms.push_back(provider->ConsumeBytesAsString(NUM_BYTES));
114 Media::PermissionUtils::CheckHasPermission(perms);
115 string packageName = provider->ConsumeBytesAsString(NUM_BYTES);
116 int uid = provider->ConsumeIntegral<int32_t>();
117 Media::PermissionUtils::GetPackageName(uid, packageName);
118 Media::PermissionUtils::CheckIsSystemAppByUid();
119 Media::PermissionUtils::GetPackageNameByBundleName(provider->ConsumeBytesAsString(NUM_BYTES));
120 Media::PermissionUtils::GetAppIdByBundleName(packageName);
121 Media::PermissionUtils::IsSystemApp();
122 Media::PermissionUtils::IsNativeSAApp();
123 Media::PermissionUtils::IsRootShell();
124 Media::PermissionUtils::IsHdcShell();
125 Media::PermissionUtils::GetTokenId();
126 Media::PermissionUtils::ClearBundleInfoInCache();
127 bool permGranted = provider->ConsumeBool();
128 int32_t permissionUsedType = provider->ConsumeIntegral<int32_t>();
129 Media::PermissionUtils::CollectPermissionInfo(provider->ConsumeBytesAsString(NUM_BYTES), permGranted,
130 static_cast<Security::AccessToken::PermissionUsedType>(permissionUsedType));
131 Media::PermissionUtils::UpdatePackageNameInCache(uid, packageName);
132
133 std::string appId = provider->ConsumeBytesAsString(NUM_BYTES);
134 int64_t tokenId = provider->ConsumeIntegral<int64_t>();
135 Media::PermissionUtils::GetMainTokenId(appId, tokenId);
136
137 std::string permission = provider->ConsumeBytesAsString(NUM_BYTES);
138 Security::AccessToken::PermissionUsedType type = FuzzPermissionUsedType();
139 Media::PermissionUtils::CollectPermissionInfo(permission, permGranted, type);
140
141 Security::AccessToken::AccessTokenID tokenCaller = provider->ConsumeIntegral<int32_t>();
142 Media::PermissionUtils::CheckPhotoCallerPermission(perms, uid, tokenCaller);
143
144 permission = provider->ConsumeBool() ? PERMISSION : provider->ConsumeBytesAsString(NUM_BYTES);
145 Media::PermissionUtils::CheckPhotoCallerPermission(permission, tokenCaller);
146 Media::PermissionUtils::SetEPolicy();
147 }
148
FileUriTest()149 static void FileUriTest()
150 {
151 string uriStr = provider->ConsumeBytesAsString(NUM_BYTES);
152 Media::MediaFileUri fileUri(uriStr);
153 fileUri.GetFilePath();
154 fileUri.GetFileId();
155 fileUri.GetTableName();
156 Media::MediaFileUri::GetPhotoId(provider->ConsumeBytesAsString(NUM_BYTES));
157 Media::MediaFileUri::RemoveAllFragment(uriStr);
158 int32_t mediaType = provider->ConsumeIntegral<int32_t>();
159 int32_t apiVersion = provider->ConsumeIntegral<int32_t>();
160 Media::MediaFileUri::GetMediaTypeUri(static_cast<Media::MediaType>(mediaType), apiVersion);
161 vector<string> timeIdBatch;
162
163 int start = provider->ConsumeIntegral<int32_t>();
164 int count = provider->ConsumeIntegral<int32_t>();
165 Media::MediaFileUri::GetTimeIdFromUri(FuzzVectorString(), timeIdBatch);
166 Media::MediaFileUri::GetTimeIdFromUri(FuzzVectorString(), timeIdBatch, start, count);
167 int32_t fileId = provider->ConsumeIntegral<int32_t>();
168 int32_t isPhoto = provider->ConsumeIntegral<int32_t>();
169 Media::MediaFileUri::CreateAssetBucket(fileId, count);
170 Media::MediaFileUri::GetPathFromUri(provider->ConsumeBytesAsString(NUM_BYTES), isPhoto);
171 }
172
ExifTest()173 static void ExifTest()
174 {
175 double longitude = static_cast<double>(provider->ConsumeFloatingPoint<float>());
176 double latitude = static_cast<double>(provider->ConsumeFloatingPoint<float>());
177 Media::ExifUtils::WriteGpsExifInfo(provider->ConsumeBytesAsString(NUM_BYTES), longitude, latitude);
178 }
179
PhotoProxyTest()180 static void PhotoProxyTest()
181 {
182 int32_t cameraShotType = provider->ConsumeIntegral<int32_t>();
183 uint32_t callingUid = provider->ConsumeIntegral<uint32_t>();
184 int32_t userId = provider->ConsumeIntegral<int32_t>();
185 uint32_t tokenId = provider->ConsumeIntegral<uint32_t>();
186 Media::PhotoAssetProxy proxy(nullptr, static_cast<Media::CameraShotType>(cameraShotType),
187 callingUid, userId, tokenId);
188 proxy.GetFileAsset();
189 proxy.GetPhotoAssetUri();
190 proxy.GetVideoFd();
191 }
192
PhotoFileUtilsTest()193 static void PhotoFileUtilsTest()
194 {
195 std::string photoPath = provider->ConsumeBool() ? ROOT_MEDIA_DIR : provider->ConsumeBytesAsString(NUM_BYTES);
196 int32_t userId = provider->ConsumeIntegral<int32_t>();
197 Media::PhotoFileUtils::GetEditDataPath(photoPath, userId);
198 Media::PhotoFileUtils::GetEditDataCameraPath(photoPath, userId);
199 Media::PhotoFileUtils::GetEditDataSourcePath(photoPath, userId);
200
201 int64_t editTime = provider->ConsumeIntegral<int64_t>();
202 Media::PhotoFileUtils::HasEditData(editTime);
203 bool hasEditDataCamera = provider->ConsumeBool();
204 int32_t effectMode = provider->ConsumeIntegral<int32_t>();
205 Media::PhotoFileUtils::HasSource(hasEditDataCamera, editTime, effectMode);
206
207 photoPath = provider->ConsumeBool() ? "" : provider->ConsumeBytesAsString(NUM_BYTES);
208 Media::PhotoFileUtils::GetMetaDataRealPath(photoPath, userId);
209 photoPath = PHOTO_PATH;
210 Media::PhotoFileUtils::GetMetaDataRealPath(photoPath, userId);
211
212 photoPath = provider->ConsumeBool() ? ROOT_MEDIA_DIR : "";
213 Media::PhotoFileUtils::IsThumbnailExists(photoPath);
214 photoPath = provider->ConsumeBytesAsString(NUM_BYTES);
215 Media::PhotoFileUtils::IsThumbnailExists(photoPath);
216 }
217
AddSeed()218 static int32_t AddSeed()
219 {
220 char *seedData = new char[OHOS::SEED_SIZE];
221 for (int i = 0; i < OHOS::SEED_SIZE; i++) {
222 seedData[i] = static_cast<char>(i % MAX_BYTE_VALUE);
223 }
224
225 const char* filename = "corpus/seed.txt";
226 std::ofstream file(filename, std::ios::binary | std::ios::trunc);
227 if (!file) {
228 MEDIA_ERR_LOG("Cannot open file filename:%{public}s", filename);
229 delete[] seedData;
230 return Media::E_ERR;
231 }
232 file.write(seedData, OHOS::SEED_SIZE);
233 file.close();
234 delete[] seedData;
235 MEDIA_INFO_LOG("seedData has been successfully written to file filename:%{public}s", filename);
236 return Media::E_OK;
237 }
238 } // namespace OHOS
239
LLVMFuzzerInitialize(int * argc,char *** argv)240 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
241 {
242 OHOS::AddSeed();
243 return 0;
244 }
245
246 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)247 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
248 {
249 /* Run your code on data */
250 FuzzedDataProvider fdp(data, size);
251 OHOS::provider = &fdp;
252 if (data == nullptr) {
253 return 0;
254 }
255 OHOS::ScanTest();
256 OHOS::CommonUtilsTest();
257 OHOS::PermissionUtilsTest();
258 OHOS::FileUriTest();
259 OHOS::DfxTest();
260 OHOS::ExifTest();
261 OHOS::PhotoProxyTest();
262 OHOS::PhotoFileUtilsTest();
263 return 0;
264 }