• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "gnss_fuzzer.h"
17 
18 #include <vector>
19 #include <thread>
20 
21 #include "ipc_skeleton.h"
22 #include "iremote_object.h"
23 
24 #include "cached_locations_callback_napi.h"
25 #include "common_utils.h"
26 #include "constant_definition.h"
27 #include "country_code_callback_napi.h"
28 #include "gnss_ability.h"
29 #include "gnss_ability_proxy.h"
30 #include "gnss_status_callback_napi.h"
31 #include "location.h"
32 #include "location_switch_callback_napi.h"
33 #include "nmea_message_callback_napi.h"
34 #include "subability_common.h"
35 #include "work_record.h"
36 #include "geofence_request.h"
37 #include "if_system_ability_manager.h"
38 #include "system_ability_definition.h"
39 #include "iservice_registry.h"
40 #include "event_handler.h"
41 #define private public
42 #include "agnss_ni_manager.h"
43 #undef private
44 
45 namespace OHOS {
46 namespace Location {
47 #ifdef FEATURE_GNSS_SUPPORT
48     const int32_t MIN_DATA_LEN = 4;
49     const int32_t SLEEP_TIMES = 1000;
GnssProxyFuzzTest001(const uint8_t * data,size_t size)50     bool GnssProxyFuzzTest001(const uint8_t* data, size_t size)
51     {
52         if (size < MIN_DATA_LEN) {
53             return true;
54         }
55         int index = 0;
56         sptr<ISystemAbilityManager> sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
57         if (sam == nullptr) {
58             LBSLOGE(LOCATOR_STANDARD, "%{public}s: get samgr failed.", __func__);
59             return true;
60         }
61         sptr<IRemoteObject> obj = sam->CheckSystemAbility(LOCATION_GNSS_SA_ID);
62         if (obj == nullptr) {
63             LBSLOGE(LOCATOR_STANDARD, "%{public}s: get remote service failed.", __func__);
64             return true;
65         }
66         auto proxy = sptr<GnssAbilityProxy>(new (std::nothrow) GnssAbilityProxy(obj));
67         proxy->SetEnable(true);
68         std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
69         proxy->SetEnable(false);
70         std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
71         proxy->RefrashRequirements();
72         std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
73         auto gnssCallbackHost =
74             sptr<GnssStatusCallbackNapi>(new (std::nothrow) GnssStatusCallbackNapi());
75         AppIdentity identity;
76         identity.SetPid(data[index++]);
77         proxy->RegisterGnssStatusCallback(gnssCallbackHost, identity);
78         std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
79         proxy->UnregisterGnssStatusCallback(gnssCallbackHost);
80         std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
81         auto nmeaCallbackHost =
82             sptr<NmeaMessageCallbackNapi>(new (std::nothrow) NmeaMessageCallbackNapi());
83         proxy->RegisterNmeaMessageCallback(nmeaCallbackHost, identity);
84         std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
85         proxy->UnregisterNmeaMessageCallback(nmeaCallbackHost);
86         std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
87         return true;
88     }
89 
GnssProxyFuzzTest002(const uint8_t * data,size_t size)90     bool GnssProxyFuzzTest002(const uint8_t* data, size_t size)
91     {
92         if (size < MIN_DATA_LEN) {
93             return true;
94         }
95         int index = 0;
96         sptr<ISystemAbilityManager> sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
97         if (sam == nullptr) {
98             LBSLOGE(LOCATOR_STANDARD, "%{public}s: get samgr failed.", __func__);
99             return true;
100         }
101         sptr<IRemoteObject> obj = sam->CheckSystemAbility(LOCATION_GNSS_SA_ID);
102         if (obj == nullptr) {
103             LBSLOGE(LOCATOR_STANDARD, "%{public}s: get remote service failed.", __func__);
104             return true;
105         }
106         auto proxy = sptr<GnssAbilityProxy>(new (std::nothrow) GnssAbilityProxy(obj));
107         auto cachedRequest = std::make_unique<CachedGnssLocationsRequest>();
108         auto cachedLocationsCallbackHost =
109             sptr<CachedLocationsCallbackNapi>(new (std::nothrow) CachedLocationsCallbackNapi());
110         proxy->RegisterCachedCallback(cachedRequest, cachedLocationsCallbackHost);
111         std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
112         proxy->UnregisterCachedCallback(cachedLocationsCallbackHost);
113         std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
114         int locSize;
115         proxy->GetCachedGnssLocationsSize(locSize);
116         std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
117         proxy->FlushCachedGnssLocations();
118         std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
119         std::unique_ptr<LocationCommand> command = std::make_unique<LocationCommand>();
120         proxy->SendCommand(command);
121         std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
122         std::shared_ptr<GeofenceRequest> fence = std::make_shared<GeofenceRequest>();
123         proxy->AddFence(fence);
124         std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
125         proxy->RemoveFence(fence);
126         std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
127         std::vector<std::shared_ptr<OHOS::Location::Location>> locations;
128         std::unique_ptr<Location> location = std::make_unique<Location>();
129         proxy->EnableMock();
130         std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
131         proxy->DisableMock();
132         std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
133         proxy->SetMocked(data[index++], locations);
134         proxy->SendNetworkLocation(location);
135         std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
136         return true;
137     }
138 
GnssProxyFuzzTest003(const uint8_t * data,size_t size)139     bool GnssProxyFuzzTest003(const uint8_t* data, size_t size)
140     {
141         if (size < MIN_DATA_LEN) {
142             return true;
143         }
144         sptr<ISystemAbilityManager> sam = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
145         if (sam == nullptr) {
146             LBSLOGE(LOCATOR_STANDARD, "%{public}s: get samgr failed.", __func__);
147             return true;
148         }
149         sptr<IRemoteObject> obj = sam->CheckSystemAbility(LOCATION_GNSS_SA_ID);
150         if (obj == nullptr) {
151             LBSLOGE(LOCATOR_STANDARD, "%{public}s: get remote service failed.", __func__);
152             return true;
153         }
154         auto proxy = sptr<GnssAbilityProxy>(new (std::nothrow) GnssAbilityProxy(obj));
155         std::shared_ptr<GeofenceRequest> fence = std::make_shared<GeofenceRequest>();
156         int index = 0;
157         fence->SetUid(data[index++]);
158         proxy->AddGnssGeofence(fence);
159         std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
160         proxy->RemoveGnssGeofence(fence);
161         std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
162         std::vector<CoordinateSystemType> coordinateSystemTypes;
163         proxy->QuerySupportCoordinateSystemType(coordinateSystemTypes);
164         std::this_thread::sleep_for(std::chrono::milliseconds(SLEEP_TIMES));
165         return true;
166     }
167 
GnssProxyFuzzTest004(const uint8_t * data,size_t size)168     bool GnssProxyFuzzTest004(const uint8_t* data, size_t size)
169     {
170         if (size < MIN_DATA_LEN) {
171             return true;
172         }
173         auto aGnssNiManager = AGnssNiManager::GetInstance();
174         EventFwk::Want want;
175         aGnssNiManager->Run();
176         aGnssNiManager->SubscribeSaStatusChangeListerner();
177         aGnssNiManager->RegisterAgnssNiEvent();
178         aGnssNiManager->UnRegisterAgnssNiEvent();
179         aGnssNiManager->RegisterNiResponseEvent();
180         aGnssNiManager->UnRegisterNiResponseEvent();
181         aGnssNiManager->CheckWapSuplInit(want);
182         aGnssNiManager->CheckSmsSuplInit(want);
183         aGnssNiManager->OnCallStateChanged(want);
184         HDI::Location::Gnss::V2_0::GnssNiNotificationRequest notification;
185         int index = 0;
186         notification.gnssNiNotificationId = data[index++];
187         aGnssNiManager->HandleNiNotification(notification);
188         aGnssNiManager->SendUserResponse(HDI::Location::Gnss::V2_0::GNSS_NI_RESPONSE_CMD_ACCEPT);
189         return true;
190     }
191 #endif // FEATURE_GNSS_SUPPORT
192 }
193 }
194 
195 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)196 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
197 {
198 #ifdef FEATURE_GNSS_SUPPORT
199     /* Run your code on data */
200     OHOS::Location::GnssProxyFuzzTest001(data, size);
201     OHOS::Location::GnssProxyFuzzTest002(data, size);
202     OHOS::Location::GnssProxyFuzzTest003(data, size);
203     OHOS::Location::GnssProxyFuzzTest004(data, size);
204 #endif // FEATURE_GNSS_SUPPORT
205     return 0;
206 }
207