1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "sys_installer_fuzzer.h"
17
18 #include <array>
19 #include <cstddef>
20 #include <cstdint>
21 #include <iostream>
22 #include <string>
23 #include <vector>
24 #include "isys_installer.h"
25 #include "isys_installer_callback_func.h"
26 #include "sys_installer_kits_impl.h"
27
28 namespace OHOS {
29 using namespace SysInstaller;
30
31 constexpr int DATA_IDX_NEED_REBOOT = 0;
32 constexpr int DATA_IDX_INSTALL_MODE = 1;
33 constexpr int DATA_IDX_REBOOT = 2;
34 constexpr int DATA_FEATURE_MIN_LEN = 3;
35 constexpr int DATA_FEATURE_CLEAR_LEN = 2;
36
ParseFeatureInfo(const uint8_t * data,size_t size)37 FeatureInfo ParseFeatureInfo(const uint8_t* data, size_t size)
38 {
39 FeatureInfo featureInfo {};
40
41 size_t len = size / DATA_FEATURE_MIN_LEN;
42 size_t offset = 0;
43 std::string featureName = std::string(reinterpret_cast<const char*>(data + offset), len);
44 offset += len;
45 std::string version = std::string(reinterpret_cast<const char*>(data + offset), len);
46 offset += len;
47 std::string path = std::string(reinterpret_cast<const char*>(data + offset), size - offset);
48 return {(data[DATA_IDX_NEED_REBOOT] & 1) == 0, featureName, version, path};
49 }
50
InstallCloudRomFuzzTest(const std::string & taskId,const uint8_t * data,size_t size)51 void InstallCloudRomFuzzTest(const std::string &taskId, const uint8_t* data, size_t size)
52 {
53 if (size < DATA_FEATURE_MIN_LEN) {
54 return;
55 }
56 FeatureInfo featureInfo = ParseFeatureInfo(data, size);
57 std::vector<FeatureInfo> featureInfos = {featureInfo};
58 InstallMode installMode = (data[DATA_IDX_INSTALL_MODE] & 1) == 0 ?
59 InstallMode::FEATURE_INSTALL : InstallMode::REGULAR_OTA;
60 RebootStatus rebootStatus = (data[DATA_IDX_REBOOT] & 1) == 0 ? RebootStatus::NOT_REBOOT : RebootStatus::REBOOTED;
61 SysInstallerKitsImpl::GetInstance().InstallCloudRom(taskId, installMode, featureInfos, rebootStatus);
62 }
63
UninstallCloudRomFuzzTest(const std::string & taskId,const uint8_t * data,size_t size)64 void UninstallCloudRomFuzzTest(const std::string &taskId, const uint8_t* data, size_t size)
65 {
66 if (size < DATA_FEATURE_MIN_LEN) {
67 return;
68 }
69 FeatureInfo featureInfo = ParseFeatureInfo(data, size);
70 std::vector<FeatureInfo> featureInfos = {featureInfo};
71 RebootStatus rebootStatus = (data[DATA_IDX_REBOOT] & 1) == 0 ? RebootStatus::NOT_REBOOT : RebootStatus::REBOOTED;
72 SysInstallerKitsImpl::GetInstance().UninstallCloudRom(taskId, featureInfos, rebootStatus);
73 }
74
GetFeatureStatusFuzzTest(const uint8_t * data,size_t size)75 void GetFeatureStatusFuzzTest(const uint8_t* data, size_t size)
76 {
77 if (size < DATA_FEATURE_MIN_LEN) {
78 return;
79 }
80 FeatureInfo featureInfo = ParseFeatureInfo(data, size);
81 std::vector<FeatureInfo> featureInfos = {featureInfo};
82 std::vector<FeatureStatus> statusInfos = {};
83 SysInstallerKitsImpl::GetInstance().GetFeatureStatus(featureInfos, statusInfos);
84 }
85
GetAllFeatureStatusFuzzTest(const uint8_t * data,size_t size)86 void GetAllFeatureStatusFuzzTest(const uint8_t* data, size_t size)
87 {
88 std::vector<FeatureStatus> statusInfos = {};
89 SysInstallerKitsImpl::GetInstance().GetAllFeatureStatus(
90 std::string(reinterpret_cast<const char*>(data), size), statusInfos);
91 }
92
ClearCloudRomFuzzTest(const uint8_t * data,size_t size)93 void ClearCloudRomFuzzTest(const uint8_t* data, size_t size)
94 {
95 if (size < 0) {
96 return;
97 }
98 std::string baseVersion = "";
99 std::string featureName = "";
100 if ((data[0] & 1) == 0) {
101 baseVersion = std::string(reinterpret_cast<const char*>(data), size);
102 } else {
103 size_t len = size / DATA_FEATURE_CLEAR_LEN;
104 baseVersion = std::string(reinterpret_cast<const char*>(data), len);
105 featureName = std::string(reinterpret_cast<const char*>(data + len), size - len);
106 }
107 SysInstallerKitsImpl::GetInstance().ClearCloudRom(baseVersion, featureName);
108 }
109
FuzzSysInstaller(const uint8_t * data,size_t size)110 void FuzzSysInstaller(const uint8_t* data, size_t size)
111 {
112 std::string taskId = "fuzz_test";
113 SysInstallerKitsImpl::GetInstance().SysInstallerInit(taskId);
114 SysInstallerKitsImpl::GetInstance().SetUpdateCallback(taskId, nullptr);
115 SysInstallerKitsImpl::GetInstance().StartUpdatePackageZip(taskId,
116 std::string(reinterpret_cast<const char*>(data), size));
117 const std::string pkgPath = "/data/updater/fuzz/updater.zip";
118 const std::string location = "location";
119 SysInstallerKitsImpl::GetInstance().GetUpdateStatus(taskId);
120 SysInstallerKitsImpl::GetInstance().StartUpdateParaZip(taskId, pkgPath,
121 location, std::string(reinterpret_cast<const char*>(data), size));
122 SysInstallerKitsImpl::GetInstance().AccDecompressAndVerifyPkg(taskId,
123 pkgPath, std::string(reinterpret_cast<const char*>(data), size), 1);
124 SysInstallerKitsImpl::GetInstance().AccDeleteDir(taskId, std::string(reinterpret_cast<const char*>(data), size));
125 SysInstallerKitsImpl::GetInstance().ClearVabMetadataAndCow();
126 SysInstallerKitsImpl::GetInstance().VabUpdateActive();
127 SysInstallerKitsImpl::GetInstance().StartVabMerge(taskId);
128 const std::string action = "needMerge";
129 bool result = false;
130 SysInstallerKitsImpl::GetInstance().GetMetadataResult(action, result);
131 uint32_t reservedCores;
132 std::copy(data, data + std::min(sizeof(uint32_t), size), reinterpret_cast<uint8_t*>(&reservedCores));
133 SysInstallerKitsImpl::GetInstance().SetCpuAffinity(taskId, reservedCores);
134 }
135
FuzzSysInstallerCloudRom(const uint8_t * data,size_t size)136 void FuzzSysInstallerCloudRom(const uint8_t* data, size_t size)
137 {
138 std::string taskId = "fuzz_test";
139 InstallCloudRomFuzzTest(taskId, data, size);
140 UninstallCloudRomFuzzTest(taskId, data, size);
141 GetFeatureStatusFuzzTest(data, size);
142 GetAllFeatureStatusFuzzTest(data, size);
143 ClearCloudRomFuzzTest(data, size);
144 }
145 }
146
147 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)148 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
149 {
150 /* Run your code on data */
151 OHOS::FuzzSysInstaller(data, size);
152 OHOS::FuzzSysInstallerCloudRom(data, size);
153 return 0;
154 }
155
156