1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "abilityappmgrapprunningmanager_fuzzer.h"
17 #include "ability_record.h"
18
19 #include <cstddef>
20 #include <cstdint>
21
22 #define private public
23 #include "app_running_manager.h"
24 #ifdef SUPPORT_CHILD_PROCESS
25 #include "child_process_record.h"
26 #endif // SUPPORT_CHILD_PROCESS
27 #include "app_running_record.h"
28 #undef private
29 #include "securec.h"
30 #include "ability_record.h"
31 #include "kill_process_config.h"
32
33
34 using namespace OHOS::AAFwk;
35 using namespace OHOS::AppExecFwk;
36
37 namespace OHOS {
38 namespace {
39 constexpr int INPUT_ZERO = 0;
40 constexpr int INPUT_ONE = 1;
41 constexpr int INPUT_TWO = 2;
42 constexpr int INPUT_THREE = 3;
43 constexpr size_t U32_AT_SIZE = 4;
44 constexpr size_t OFFSET_ZERO = 24;
45 constexpr size_t OFFSET_ONE = 16;
46 constexpr size_t OFFSET_TWO = 8;
47 constexpr uint8_t ENABLE = 2;
48 }
GetU32Data(const char * ptr)49 uint32_t GetU32Data(const char* ptr)
50 {
51 // convert fuzz input data to an integer
52 return (ptr[INPUT_ZERO] << OFFSET_ZERO) | (ptr[INPUT_ONE] << OFFSET_ONE) | (ptr[INPUT_TWO] << OFFSET_TWO) |
53 ptr[INPUT_THREE];
54 }
55
GetFuzzAbilityToken()56 sptr<Token> GetFuzzAbilityToken()
57 {
58 sptr<Token> token = nullptr;
59 AbilityRequest abilityRequest;
60 abilityRequest.appInfo.bundleName = "com.example.fuzzTest";
61 abilityRequest.abilityInfo.name = "MainAbility";
62 abilityRequest.abilityInfo.type = AbilityType::DATA;
63 std::shared_ptr<AbilityRecord> abilityRecord = AbilityRecord::CreateAbilityRecord(abilityRequest);
64 if (abilityRecord) {
65 token = abilityRecord->GetToken();
66 }
67 return token;
68 }
69
DoSomethingInterestingWithMyAPIadda(const char * data,size_t size)70 void DoSomethingInterestingWithMyAPIadda(const char* data, size_t size)
71 {
72 std::shared_ptr<AppRunningManager> manager = std::make_shared<AppRunningManager>();
73 pid_t pidApps = static_cast<pid_t>(GetU32Data(data));
74 std::string jsonStr(data, size);
75 int uid = static_cast<int>(GetU32Data(data));
76 manager->SetAbilityForegroundingFlagToAppRecord(pidApps);
77 int64_t eventId = static_cast<int64_t>(GetU32Data(data));
78 manager->HandleTerminateTimeOut(eventId);
79 sptr<IRemoteObject> token = GetFuzzAbilityToken();
80 std::shared_ptr<AppMgrServiceInner> appMgrServiceInner;
81 manager->HandleAbilityAttachTimeOut(token, appMgrServiceInner);
82 bool clearMissionFlag = *data % ENABLE;
83 manager->TerminateAbility(token, clearMissionFlag, appMgrServiceInner);
84 ApplicationInfo appInfos;
85 std::string moduleName;
86 manager->ProcessUpdateApplicationInfoInstalled(appInfos, moduleName);
87 std::list<pid_t> pids;
88 KillProcessConfig config;
89 config.clearPageStack = *data % ENABLE;
90 manager->ProcessExitByBundleNameAndUid(jsonStr, uid, pids, config);
91 int32_t userId = static_cast<int32_t>(GetU32Data(data));
92 manager->GetPidsByUserId(userId, pids);
93 manager->PrepareTerminate(token, clearMissionFlag);
94 sptr<IRemoteObject> abilityToken = GetFuzzAbilityToken();
95 manager->GetTerminatingAppRunningRecord(abilityToken);
96 AppExecFwk::RunningProcessInfo processInfo;
97 manager->GetRunningProcessInfoByToken(token, processInfo);
98 OHOS::AppExecFwk::RunningProcessInfo infoByPid;
99 manager->GetRunningProcessInfoByPid(pidApps, infoByPid);
100 std::regex re;
101 manager->ClipStringContent(re, jsonStr, jsonStr);
102 manager->GetAppRunningRecordByRenderPid(pidApps);
103 wptr<IRemoteObject> remote;
104 manager->OnRemoteRenderDied(remote);
105 manager->GetAppRunningStateByBundleName(jsonStr);
106 sptr<IQuickFixCallback> callback;
107 manager->NotifyLoadRepairPatch(jsonStr, callback);
108 manager->NotifyHotReloadPage(jsonStr, callback);
109 manager->NotifyUnLoadRepairPatch(jsonStr, callback);
110 std::shared_ptr<ApplicationInfo> infoAPP;
111 int32_t recordId = static_cast<int32_t>(GetU32Data(data));
112 OHOS::AppExecFwk::AppRunningRecord foregroundingRecord(infoAPP, recordId, jsonStr);
113 }
114
DoSomethingInterestingWithMyAPIaddb(const char * data,size_t size)115 void DoSomethingInterestingWithMyAPIaddb(const char* data, size_t size)
116 {
117 std::shared_ptr<AppRunningManager> manager = std::make_shared<AppRunningManager>();
118 std::string jsonStr(data, size);
119 int32_t recordId = static_cast<int32_t>(GetU32Data(data));
120 std::shared_ptr<ApplicationInfo> infoAPP;
121 OHOS::AppExecFwk::AppRunningRecord foregroundingRecord(infoAPP, recordId, jsonStr);
122 manager->IsApplicationFirstForeground(foregroundingRecord);
123 manager->IsApplicationBackground(foregroundingRecord);
124 manager->IsApplicationFirstFocused(foregroundingRecord);
125 manager->IsApplicationUnfocused(jsonStr);
126 bool isAttachDebug = *data % ENABLE;
127 manager->SetAttachAppDebug(jsonStr, isAttachDebug, false);
128 bool isDetachDebug = *data % ENABLE;
129 manager->GetAppDebugInfosByBundleName(jsonStr, isDetachDebug);
130 std::vector<sptr<IRemoteObject>> abilityTokens;
131 manager->GetAbilityTokensByBundleName(jsonStr, abilityTokens);
132 pid_t pidApps = static_cast<pid_t>(GetU32Data(data));
133 #ifdef SUPPORT_CHILD_PROCESS
134 manager->GetAppRunningRecordByChildProcessPid(pidApps);
135 #endif // SUPPORT_CHILD_PROCESS
136 wptr<IRemoteObject> remote;
137 #ifdef SUPPORT_CHILD_PROCESS
138 manager->OnChildProcessRemoteDied(remote);
139 #endif // SUPPORT_CHILD_PROCESS
140 manager->GetAllAppRunningRecordCountByBundleName(jsonStr);
141 auto uid = static_cast<int32_t>(GetU32Data(data));
142 manager->SignRestartAppFlag(uid, jsonStr);
143 manager->GetAppRunningUniqueIdByPid(pidApps, jsonStr);
144 std::vector<pid_t> hostPids;
145 manager->GetAllUIExtensionRootHostPid(pidApps, hostPids);
146 std::vector<pid_t> providerPids;
147 pid_t hostPid = static_cast<pid_t>(GetU32Data(data));
148 manager->GetAllUIExtensionProviderPid(hostPid, providerPids);
149 int32_t uiExtensionAbilityId = static_cast<int32_t>(GetU32Data(data));
150 pid_t providerPid = static_cast<pid_t>(GetU32Data(data));
151 manager->AddUIExtensionLauncherItem(uiExtensionAbilityId, hostPid, providerPid);
152 manager->RemoveUIExtensionLauncherItem(pidApps);
153 manager->RemoveUIExtensionLauncherItemById(uiExtensionAbilityId);
154 manager->DumpIpcAllStart(jsonStr);
155 manager->DumpIpcAllStop(jsonStr);
156 manager->DumpIpcAllStat(jsonStr);
157 }
158
DoSomethingInterestingWithMyAPIaddc(const char * data,size_t size)159 void DoSomethingInterestingWithMyAPIaddc(const char* data, size_t size)
160 {
161 std::shared_ptr<AppRunningManager> manager = std::make_shared<AppRunningManager>();
162 std::string jsonStr(data, size);
163 int32_t pidDump = static_cast<int32_t>(GetU32Data(data));
164 manager->DumpIpcStart(pidDump, jsonStr);
165 manager->DumpIpcStop(pidDump, jsonStr);
166 manager->DumpIpcStat(pidDump, jsonStr);
167 std::vector<int32_t> pidFrt;
168 manager->DumpFfrt(pidFrt, jsonStr);
169 int32_t uids = static_cast<int32_t>(GetU32Data(data));
170 std::shared_ptr<ApplicationInfo> appInfosd = std::make_shared<ApplicationInfo>();
171 std::set<std::shared_ptr<AppRunningRecord>> cachedSet;
172 manager->IsAppProcessesAllCached(jsonStr, uids, cachedSet);
173 int64_t eventId = static_cast<int64_t>(GetU32Data(data));
174 manager->GetAbilityRunningRecord(eventId);
175 std::shared_ptr<AppRunningRecord> appRecord;
176 AppExecFwk::RunningProcessInfo infoRecord;
177 manager->AssignRunningProcessInfoByAppRecord(appRecord, infoRecord);
178 }
179
DoSomethingInterestingWithMyAPI(const char * data,size_t size)180 bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
181 {
182 std::shared_ptr<AppRunningManager> manager = std::make_shared<AppRunningManager>();
183 std::shared_ptr<ApplicationInfo> appInfo = std::make_shared<ApplicationInfo>();
184 std::string jsonStr(data, size);
185 BundleInfo bundleInfo;
186 manager->CreateAppRunningRecord(appInfo, jsonStr, bundleInfo, "");
187 int uid = static_cast<int>(GetU32Data(data));
188 manager->CheckAppRunningRecordIsExist(jsonStr, jsonStr, uid, bundleInfo, jsonStr);
189 auto accessTokenId = static_cast<uint32_t>(GetU32Data(data));
190 manager->IsAppExist(accessTokenId);
191 int32_t appCloneIndex = static_cast<int32_t>(GetU32Data(data));
192 bool isRunning = *data % ENABLE;
193 manager->CheckAppCloneRunningRecordIsExistByBundleName(jsonStr, appCloneIndex, isRunning);
194 pid_t pidApps = static_cast<pid_t>(GetU32Data(data));
195 manager->GetAppRunningRecordByPid(pidApps);
196 sptr<IRemoteObject> abilityToken = GetFuzzAbilityToken();
197 manager->GetAppRunningRecordByAbilityToken(abilityToken);
198 wptr<IRemoteObject> remote;
199 std::shared_ptr<AppMgrServiceInner> appMgrServiceInner;
200 manager->OnRemoteDied(remote, appMgrServiceInner);
201 manager->GetAppRunningRecordMap();
202 int32_t recordId = static_cast<int32_t>(GetU32Data(data));
203 manager->RemoveAppRunningRecordById(recordId);
204 manager->ClearAppRunningRecordMap();
205 std::list<pid_t> pids;
206 bool clearPageStack = *data % ENABLE;
207 manager->ProcessExitByBundleName(jsonStr, pids, clearPageStack);
208 std::vector<AppStateData> list;
209 manager->GetForegroundApplications(list);
210 Configuration config;
211 manager->UpdateConfiguration(config);
212 manager->UpdateConfigurationByBundleName(config, jsonStr, appCloneIndex);
213 int32_t level = static_cast<int32_t>(GetU32Data(data));
214 manager->NotifyMemoryLevel(level);
215 std::map<pid_t, MemoryLevel> procLevelMap;
216 manager->NotifyProcMemoryLevel(procLevelMap);
217 int32_t pidDump = static_cast<int32_t>(GetU32Data(data));
218 OHOS::AppExecFwk::MallocInfo mallocInfo;
219 manager->DumpHeapMemory(pidDump, mallocInfo);
220 OHOS::AppExecFwk::JsHeapDumpInfo info;
221 manager->DumpJsHeapMemory(info);
222 DoSomethingInterestingWithMyAPIadda(data, size);
223 DoSomethingInterestingWithMyAPIaddb(data, size);
224 DoSomethingInterestingWithMyAPIaddc(data, size);
225 return true;
226 }
227 }
228
229 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)230 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
231 {
232 /* Run your code on data */
233 if (data == nullptr) {
234 std::cout << "invalid data" << std::endl;
235 return 0;
236 }
237
238 /* Validate the length of size */
239 if (size < OHOS::U32_AT_SIZE) {
240 return 0;
241 }
242
243 char* ch = static_cast<char*>(malloc(size + 1));
244 if (ch == nullptr) {
245 std::cout << "malloc failed." << std::endl;
246 return 0;
247 }
248
249 (void)memset_s(ch, size + 1, 0x00, size + 1);
250 if (memcpy_s(ch, size + 1, data, size) != EOK) {
251 std::cout << "copy failed." << std::endl;
252 free(ch);
253 ch = nullptr;
254 return 0;
255 }
256
257 OHOS::DoSomethingInterestingWithMyAPI(ch, size);
258 free(ch);
259 ch = nullptr;
260 return 0;
261 }
262
263