• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #define private public
16 #define protected public
17 #include "input_method_system_ability.h"
18 #include "input_method_system_ability_proxy.h"
19 #undef private
20 
21 #include <atomic>
22 #include <cstddef>
23 #include <cstdint>
24 #include <string_ex.h>
25 
26 #include "accesstoken_kit.h"
27 #include "fuzzer/FuzzedDataProvider.h"
28 #include "global.h"
29 #include "ime_cfg_manager.h"
30 #include "input_method_controller.h"
31 #include "inputmethodsystemability_fuzzer.h"
32 #include "input_method_core_service_impl.h"
33 #include "system_cmd_channel_service_impl.h"
34 #include "iservice_registry.h"
35 #include "message_parcel.h"
36 #include "nativetoken_kit.h"
37 #include "system_ability_definition.h"
38 #include "text_listener.h"
39 #include "token_setproc.h"
40 
41 using namespace OHOS::MiscServices;
42 namespace OHOS {
43 constexpr const int32_t MSG_ID_USER_ONE = 50;
44 constexpr const int32_t MSG_ID_USER_TWO = 60;
FuzzOnUser(int32_t userId,const std::string & packageName)45 void FuzzOnUser(int32_t userId, const std::string &packageName)
46 {
47     // onUserStarted
48     MessageParcel *parcel = new MessageParcel();
49     DelayedSingleton<InputMethodSystemAbility>::GetInstance()->isScbEnable_ = false;
50     DelayedSingleton<InputMethodSystemAbility>::GetInstance()->userId_ = MSG_ID_USER_ONE;
51     parcel->WriteInt32(MSG_ID_USER_ONE);
52     auto msg = std::make_shared<Message>(MessageID::MSG_ID_USER_START, parcel);
53     DelayedSingleton<InputMethodSystemAbility>::GetInstance()->OnUserStarted(msg.get());
54 
55     // onUserRemoved
56     MessageParcel *parcel1 = new MessageParcel();
57     parcel1->WriteInt32(MSG_ID_USER_TWO);
58     auto msg1 = std::make_shared<Message>(MessageID::MSG_ID_USER_REMOVED, parcel1);
59     DelayedSingleton<InputMethodSystemAbility>::GetInstance()->OnUserRemoved(msg1.get());
60 
61     // HandlePackageEvent
62     MessageParcel *parcel2 = new (std::nothrow) MessageParcel();
63     auto bundleName = "testBundleName1";
64     DelayedSingleton<InputMethodSystemAbility>::GetInstance()->userId_ = MSG_ID_USER_TWO;
65     parcel2->WriteInt32(MSG_ID_USER_ONE);
66     parcel2->WriteString(bundleName);
67     auto msg2 = std::make_shared<Message>(MessageID::MSG_ID_PACKAGE_REMOVED, parcel2);
68     DelayedSingleton<InputMethodSystemAbility>::GetInstance()->HandlePackageEvent(msg2.get());
69 
70     // OnPackageRemoved
71     DelayedSingleton<InputMethodSystemAbility>::GetInstance()->userId_ = userId;
72     DelayedSingleton<InputMethodSystemAbility>::GetInstance()->OnPackageRemoved(userId, bundleName);
73 }
74 
FuzzOnScreenUnlock()75 void FuzzOnScreenUnlock()
76 {
77     DelayedSingleton<InputMethodSystemAbility>::GetInstance()->OnScreenUnlock(nullptr);
78 
79     MessageParcel *parcel = nullptr;
80     auto msg = std::make_shared<Message>(MessageID::MSG_ID_SCREEN_UNLOCK, parcel);
81     DelayedSingleton<InputMethodSystemAbility>::GetInstance()->OnScreenUnlock(msg.get());
82 
83     MessageParcel *parcel1 = new (std::nothrow) MessageParcel();
84     msg = std::make_shared<Message>(MessageID::MSG_ID_SCREEN_UNLOCK, parcel1);
85     DelayedSingleton<InputMethodSystemAbility>::GetInstance()->OnScreenUnlock(msg.get());
86 
87     MessageParcel *parcel2 = new (std::nothrow) MessageParcel();
88     msg = std::make_shared<Message>(MessageID::MSG_ID_SCREEN_UNLOCK, parcel2);
89     DelayedSingleton<InputMethodSystemAbility>::GetInstance()->OnScreenUnlock(msg.get());
90 }
91 
SystemAbility(const uint8_t * data,size_t size)92 void SystemAbility(const uint8_t *data, size_t size)
93 {
94     FuzzedDataProvider provider(data, size);
95     auto fuzzedUint32 = provider.ConsumeIntegral<uint32_t>();
96     DelayedSingleton<InputMethodSystemAbility>::GetInstance()->ReleaseInput(nullptr, fuzzedUint32);
97 }
98 } // namespace OHOS
99 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)100 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
101 {
102     /* Run your code on data */
103     FuzzedDataProvider provider(data, size);
104     const int32_t userId = provider.ConsumeIntegral<int32_t>();
105     std::string fuzzedString(reinterpret_cast<const char *>(data), size);
106 
107     OHOS::FuzzOnUser(userId, fuzzedString);
108     OHOS::FuzzOnScreenUnlock();
109     OHOS::SystemAbility(data, size);
110     return 0;
111 }
112