1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "dsoftbusadapter_fuzzer.h"
17
18 #include "accesstoken_kit.h"
19 #include "nativetoken_kit.h"
20 #include "singleton.h"
21 #include "token_setproc.h"
22
23 #include "ddm_adapter.h"
24 #include "devicestatus_define.h"
25 #include "dsoftbus_adapter_impl.h"
26 #include "socket_session_manager.h"
27
28 #include "message_parcel.h"
29
30 #undef LOG_TAG
31 #define LOG_TAG "DsoftbusAdapterFuzzTest"
32 namespace OHOS {
33 namespace Msdp {
34 namespace DeviceStatus {
35 #define SERVER_SESSION_NAME "ohos.msdp.device_status.intention.serversession"
36 uint64_t g_tokenID { 0 };
37 const std::string SYSTEM_CORE { "system_core" };
38 const char* g_cores[] = { "ohos.permission.INPUT_MONITORING" };
39 const uint8_t *g_baseFuzzData = nullptr;
40 size_t g_baseFuzzSize = 0;
41 size_t g_baseFuzzPos = 0;
42 constexpr size_t STR_LEN = 255;
43 constexpr size_t PKG_NAME_SIZE_MAX { 65 };
44 constexpr size_t DEVICE_NAME_SIZE_MAX { 256 };
45
GetData()46 template <class T> T GetData()
47 {
48 T objetct{};
49 size_t objetctSize = sizeof(objetct);
50 if (g_baseFuzzData == nullptr || objetctSize > g_baseFuzzSize - g_baseFuzzPos) {
51 return objetct;
52 }
53 errno_t ret = memcpy_s(&objetct, objetctSize, g_baseFuzzData + g_baseFuzzPos, objetctSize);
54 if (ret != EOK) {
55 return {};
56 }
57 g_baseFuzzPos += objetctSize;
58 return objetct;
59 }
60
SetGlobalFuzzData(const uint8_t * data,size_t size)61 void SetGlobalFuzzData(const uint8_t *data, size_t size)
62 {
63 g_baseFuzzData = data;
64 g_baseFuzzSize = size;
65 g_baseFuzzPos = 0;
66 }
67
GetStringFromData(int strlen)68 std::string GetStringFromData(int strlen)
69 {
70 if (strlen < 1) {
71 return "";
72 }
73
74 char cstr[strlen];
75 cstr[strlen - 1] = '\0';
76 for (int i = 0; i < strlen - 1; i++) {
77 cstr[i] = GetData<char>();
78 }
79 std::string str(cstr);
80 return str;
81 }
82
83 class DSoftbusObserver final : public IDSoftbusObserver {
84 public:
85 DSoftbusObserver() = default;
86 ~DSoftbusObserver() = default;
87
OnBind(const std::string & networkId)88 void OnBind(const std::string &networkId) {}
OnShutdown(const std::string & networkId)89 void OnShutdown(const std::string &networkId) {}
OnConnected(const std::string & networkId)90 void OnConnected(const std::string &networkId) {}
OnPacket(const std::string & networkId,NetPacket & packet)91 bool OnPacket(const std::string &networkId, NetPacket &packet)
92 {
93 return true;
94 }
OnRawData(const std::string & networkId,const void * data,uint32_t dataLen)95 bool OnRawData(const std::string &networkId, const void *data, uint32_t dataLen)
96 {
97 return true;
98 }
99 };
100
101 class BoardObserverTest final : public IBoardObserver {
102 public:
BoardObserverTest()103 explicit BoardObserverTest() {}
104 ~BoardObserverTest() = default;
105 DISALLOW_COPY_AND_MOVE(BoardObserverTest);
106
OnBoardOnline(const std::string & networkId)107 void OnBoardOnline(const std::string &networkId) override
108 {
109 FI_HILOGD("\'%{public}s\' is online", networkId.c_str());
110 }
111
OnBoardOffline(const std::string & networkId)112 void OnBoardOffline(const std::string &networkId) override
113 {
114 FI_HILOGD("\'%{public}s\' is offline", networkId.c_str());
115 }
116 };
117
SetPermission(const std::string & level,const char ** perms,size_t permAmount)118 void SetPermission(const std::string &level, const char** perms, size_t permAmount)
119 {
120 CALL_DEBUG_ENTER;
121 if (perms == nullptr || permAmount == 0) {
122 FI_HILOGE("The perms is empty");
123 return;
124 }
125
126 NativeTokenInfoParams infoInstance = {
127 .dcapsNum = 0,
128 .permsNum = permAmount,
129 .aclsNum = 0,
130 .dcaps = nullptr,
131 .perms = perms,
132 .acls = nullptr,
133 .processName = "DDMAdapterTest",
134 .aplStr = level.c_str(),
135 };
136 g_tokenID = GetAccessTokenId(&infoInstance);
137 SetSelfTokenID(g_tokenID);
138 OHOS::Security::AccessToken::AccessTokenKit::AccessTokenKit::ReloadNativeTokenInfo();
139 }
140
RemovePermission()141 void RemovePermission()
142 {
143 CALL_DEBUG_ENTER;
144 int32_t ret = OHOS::Security::AccessToken::AccessTokenKit::DeleteToken(g_tokenID);
145 if (ret != RET_OK) {
146 FI_HILOGE("Failed to remove permission");
147 return;
148 }
149 }
150
EnableFuzzTest(const uint8_t * data,size_t size)151 bool EnableFuzzTest(const uint8_t* data, size_t size)
152 {
153 if ((data == nullptr) || (size < 1)) {
154 return false;
155 }
156
157 DSoftbusAdapterImpl::GetInstance()->Enable();
158 DSoftbusAdapterImpl::GetInstance()->SetupServer();
159 DSoftbusAdapterImpl::GetInstance()->ShutdownServer();
160 DSoftbusAdapterImpl::GetInstance()->CloseAllSessions();
161 DSoftbusAdapterImpl::GetInstance()->CloseAllSessionsLocked();
162 DSoftbusAdapterImpl::GetInstance()->Disable();
163 return true;
164 }
165
AddObserverFuzzTest(const uint8_t * data,size_t size)166 bool AddObserverFuzzTest(const uint8_t* data, size_t size)
167 {
168 if ((data == nullptr) || (size < 1)) {
169 return false;
170 }
171
172 std::shared_ptr<IDSoftbusObserver> observer = std::make_shared<DSoftbusObserver>();
173 DSoftbusAdapterImpl::GetInstance()->AddObserver(observer);
174 DSoftbusAdapterImpl::GetInstance()->RemoveObserver(observer);
175 return true;
176 }
177
CheckDeviceOnlineFuzzTest(const uint8_t * data,size_t size)178 bool CheckDeviceOnlineFuzzTest(const uint8_t* data, size_t size)
179 {
180 if ((data == nullptr) || (size < 1)) {
181 return false;
182 }
183
184 std::string networkId = GetStringFromData(STR_LEN);
185 CircleStreamBuffer circleBuffer;
186
187 DSoftbusAdapterImpl::GetInstance()->CheckDeviceOnline(networkId);
188 DSoftbusAdapterImpl::GetInstance()->CloseSession(networkId);
189 DSoftbusAdapterImpl::GetInstance()->HandleSessionData(networkId, circleBuffer);
190 DSoftbusAdapterImpl::GetInstance()->OpenSessionLocked(networkId);
191 DSoftbusAdapterImpl::GetInstance()->OnConnectedLocked(networkId);
192 return true;
193 }
194
OpenSessionFuzzTest(const uint8_t * data,size_t size)195 bool OpenSessionFuzzTest(const uint8_t* data, size_t size)
196 {
197 if ((data == nullptr) || (size < 1)) {
198 return false;
199 }
200
201 std::string networkId = GetStringFromData(STR_LEN);
202 DSoftbusAdapterImpl::GetInstance()->OpenSession(networkId);
203 DSoftbusAdapterImpl::GetInstance()->FindConnection(networkId);
204 DSoftbusAdapterImpl::GetInstance()->CloseSession(networkId);
205 DSoftbusAdapterImpl::GetInstance()->CloseAllSessions();
206 return true;
207 }
208
209
SendPacketFuzzTest(const uint8_t * data,size_t size)210 bool SendPacketFuzzTest(const uint8_t* data, size_t size)
211 {
212 if ((data == nullptr) || (size < 1)) {
213 return false;
214 }
215
216 Parcel parcel;
217 NetPacket packet(MessageId::DSOFTBUS_START_COOPERATE);
218 std::string networkId = GetStringFromData(STR_LEN);
219 DSoftbusAdapterImpl::GetInstance()->SendPacket(networkId, packet);
220 DSoftbusAdapterImpl::GetInstance()->SendParcel(networkId, parcel);
221 DSoftbusAdapterImpl::GetInstance()->BroadcastPacket(packet);
222 DSoftbusAdapterImpl::GetInstance()->HandlePacket(networkId, packet);
223 return true;
224 }
225
InitSocketFuzzTest(const uint8_t * data,size_t size)226 bool InitSocketFuzzTest(const uint8_t* data, size_t size)
227 {
228 if ((data == nullptr) || (size < 1)) {
229 return false;
230 }
231
232 int32_t socket = GetData<int32_t>();
233 uint32_t dataLen = GetData<uint32_t>();
234 std::string networkId = GetStringFromData(STR_LEN);
235 int32_t *g_data = new int32_t(socket);
236
237 char name[DEVICE_NAME_SIZE_MAX] { SERVER_SESSION_NAME };
238 char pkgName[PKG_NAME_SIZE_MAX] { FI_PKG_NAME };
239 SocketInfo info {
240 .name = name,
241 .pkgName = pkgName,
242 .dataType = DATA_TYPE_BYTES
243 };
244
245 DSoftbusAdapterImpl::GetInstance()->InitSocket(info, socket, socket);
246 DSoftbusAdapterImpl::GetInstance()->ConfigTcpAlive(socket);
247 DSoftbusAdapterImpl::GetInstance()->OnShutdown(socket, SHUTDOWN_REASON_UNKNOWN);
248 DSoftbusAdapterImpl::GetInstance()->OnBytes(socket, g_data, dataLen);
249 DSoftbusAdapterImpl::GetInstance()->HandleRawData(networkId, g_data, dataLen);
250 return true;
251 }
252
SendHeartBeatFuzzTest(const uint8_t * data,size_t size)253 bool SendHeartBeatFuzzTest(const uint8_t* data, size_t size)
254 {
255 if ((data == nullptr) || (size < 1)) {
256 return false;
257 }
258
259 std::string networkId = GetStringFromData(STR_LEN);
260
261 DSoftbusAdapterImpl::GetInstance()->InitHeartBeat();
262 DSoftbusAdapterImpl::GetInstance()->StartHeartBeat(networkId);
263 DSoftbusAdapterImpl::GetInstance()->GetHeartBeatState(networkId);
264 DSoftbusAdapterImpl::GetInstance()->KeepHeartBeating(networkId);
265 DSoftbusAdapterImpl::GetInstance()->UpdateHeartBeatState(networkId, false);
266 DSoftbusAdapterImpl::GetInstance()->StopHeartBeat(networkId);
267 return true;
268 }
269
DDMAdapterFuzzTest(const uint8_t * data,size_t size)270 bool DDMAdapterFuzzTest(const uint8_t* data, size_t size)
271 {
272 if ((data == nullptr) || (size < 1)) {
273 return false;
274 }
275
276 SetPermission(SYSTEM_CORE, g_cores, sizeof(g_cores) / sizeof(g_cores[0]));
277 DDMAdapter ddmAdapter;
278 ddmAdapter.Enable();
279 std::string networkId = GetStringFromData(STR_LEN);
280 int32_t uid = 0;
281 auto boardObserver = std::make_shared<BoardObserverTest>();
282 ddmAdapter.AddBoardObserver(boardObserver);
283 ddmAdapter.CheckSameAccountToLocal(networkId);
284 ddmAdapter.CheckSameAccountToLocalWithUid(networkId, uid);
285 ddmAdapter.RemoveBoardObserver(boardObserver);
286 ddmAdapter.Disable();
287 RemovePermission();
288 return true;
289 }
290
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)291 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
292 {
293 /* Run your code on data */
294 if (data == nullptr) {
295 return 0;
296 }
297 SetGlobalFuzzData(data, size);
298
299 OHOS::Msdp::DeviceStatus::EnableFuzzTest(data, size);
300 OHOS::Msdp::DeviceStatus::AddObserverFuzzTest(data, size);
301 OHOS::Msdp::DeviceStatus::CheckDeviceOnlineFuzzTest(data, size);
302 OHOS::Msdp::DeviceStatus::OpenSessionFuzzTest(data, size);
303 OHOS::Msdp::DeviceStatus::SendPacketFuzzTest(data, size);
304 OHOS::Msdp::DeviceStatus::InitSocketFuzzTest(data, size);
305 OHOS::Msdp::DeviceStatus::DDMAdapterFuzzTest(data, size);
306 OHOS::Msdp::DeviceStatus::SendHeartBeatFuzzTest(data, size);
307 return 0;
308 }
309 } // namespace DeviceStatus
310 } // namespace Msdp
311 } // namespace OHOS