1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "abilityautostartupservicefirst_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <fuzzer/FuzzedDataProvider.h>
21
22 #define private public
23 #define protected public
24 #include "ability_auto_startup_service.h"
25 #undef protected
26 #undef private
27
28 #include "ability_auto_startup_data_manager.h"
29 #include "ability_record.h"
30
31 using namespace OHOS::AAFwk;
32 using namespace OHOS::AppExecFwk;
33 using namespace OHOS::AbilityRuntime;
34
35 namespace OHOS {
36 namespace {
37 constexpr size_t STRING_MAX_LENGTH = 128;
38 }
GetFuzzAbilityToken()39 sptr<Token> GetFuzzAbilityToken()
40 {
41 sptr<Token> token = nullptr;
42 AbilityRequest abilityRequest;
43 abilityRequest.appInfo.bundleName = "com.example.fuzzTest";
44 abilityRequest.abilityInfo.name = "MainAbility";
45 abilityRequest.abilityInfo.type = AbilityType::DATA;
46 std::shared_ptr<AbilityRecord> abilityRecord = AbilityRecord::CreateAbilityRecord(abilityRequest);
47 if (abilityRecord) {
48 token = abilityRecord->GetToken();
49 }
50 return token;
51 }
52
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)53 bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size)
54 {
55 std::string abilityTypeName;
56 std::string accessTokenId;
57 int32_t int32Param;
58 int32_t userId;
59 bool isSet;
60 bool flag;
61 bool isVisible;
62 FuzzedDataProvider fdp(data, size);
63 abilityTypeName = fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH);
64 accessTokenId = fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH);
65 int32Param = fdp.ConsumeIntegral<int32_t>();
66 userId = fdp.ConsumeIntegral<int32_t>();
67 isSet = fdp.ConsumeBool();
68 flag = fdp.ConsumeBool();
69 isVisible = fdp.ConsumeBool();
70 std::shared_ptr<AbilityAutoStartupService> service = std::make_shared<AbilityAutoStartupService>();
71 sptr<IRemoteObject> token1 = GetFuzzAbilityToken();
72 service->RegisterAutoStartupSystemCallback(token1); // branch
73 service->RegisterAutoStartupSystemCallback(token1); // branch duplicate regist
74 service->UnregisterAutoStartupSystemCallback(token1); // branch
75 sptr<IRemoteObject> token2 = GetFuzzAbilityToken();
76 service->UnregisterAutoStartupSystemCallback(token2); // branch unregister not exist.
77
78 AutoStartupInfo info;
79 info.bundleName = "com.example.fuzztest";
80 info.moduleName = "stringParam";
81 info.abilityName = "MainAbility";
82 info.appCloneIndex = int32Param;
83 info.accessTokenId = "accessTokenId";
84 info.setterUserId = int32Param;
85 info.userId = int32Param;
86
87 AutoStartupAbilityData abilityData;
88 abilityData.isVisible = isVisible;
89 abilityData.abilityTypeName = abilityTypeName;
90 abilityData.accessTokenId = accessTokenId;
91 abilityData.setterUserId = int32Param;
92 bool isFlag = service->GetAbilityData(info, abilityData);
93 service->SetApplicationAutoStartup(info);
94 if (isFlag) {
95 AutoStartupInfo fullInfo(info);
96 fullInfo.abilityTypeName = abilityData.abilityTypeName;
97 fullInfo.setterUserId = abilityData.setterUserId;
98 fullInfo.accessTokenId = abilityData.accessTokenId;
99 fullInfo.userId = abilityData.userId;
100 fullInfo.canUserModify = true;
101 fullInfo.setterType = AutoStartupSetterType::USER;
102 }
103 service->SetApplicationAutoStartup(info);
104 service->CancelApplicationAutoStartup(info);
105 service->InnerCancelApplicationAutoStartup(info);
106 service->SetApplicationAutoStartupByEDM(info, flag);
107 service->CancelApplicationAutoStartupByEDM(info, flag);
108
109 AutoStartupStatus status =
110 DelayedSingleton<AbilityAutoStartupDataManager>::GetInstance()->QueryAutoStartupData(info);
111 status.code = int32Param;
112 service->InnerApplicationAutoStartupByEDM(info, isSet, flag);
113 status.code = ERR_NAME_NOT_FOUND;
114 service->InnerApplicationAutoStartupByEDM(info, isSet, flag);
115 isSet = true;
116 service->InnerApplicationAutoStartupByEDM(info, isSet, flag);
117 isSet = false;
118 service->InnerApplicationAutoStartupByEDM(info, isSet, flag);
119 return true;
120 }
121 }
122
123 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)124 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
125 {
126 // Run your code on data.
127 OHOS::DoSomethingInterestingWithMyAPI(data, size);
128 return 0;
129 }