1 /*
2 * Copyright (c) 2024-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "missionlistmanagersecond_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20
21 #define private public
22 #include "mission_info_mgr.h"
23 #include "mission_list_manager.h"
24 #undef private
25
26 #include "ability_record.h"
27 #ifdef SUPPORT_SCREEN
28 #include "pixel_map.h"
29 #endif //SUPPORT_SCREEN
30
31 using namespace OHOS::AAFwk;
32 using namespace OHOS::AppExecFwk;
33
34 namespace OHOS {
35 namespace {
36 constexpr size_t U32_AT_SIZE = 4;
37 constexpr uint8_t ENABLE = 2;
38 class MyAbilityConnection : public IAbilityConnection {
39 public:
40 MyAbilityConnection() = default;
41 virtual ~MyAbilityConnection() = default;
OnAbilityConnectDone(const AppExecFwk::ElementName & element,const sptr<IRemoteObject> & remoteObject,int resultCode)42 void OnAbilityConnectDone(
43 const AppExecFwk::ElementName& element, const sptr<IRemoteObject>& remoteObject, int resultCode) override
44 {}
OnAbilityDisconnectDone(const AppExecFwk::ElementName & element,int resultCode)45 void OnAbilityDisconnectDone(const AppExecFwk::ElementName& element, int resultCode) override
46 {}
AsObject()47 sptr<IRemoteObject> AsObject() override
48 {
49 return {};
50 }
51 };
52 }
53
GetU32Data(const char * ptr)54 uint32_t GetU32Data(const char* ptr)
55 {
56 // convert fuzz input data to an integer
57 return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3];
58 }
59
GetFuzzAbilityRecord()60 std::shared_ptr<AbilityRecord> GetFuzzAbilityRecord()
61 {
62 sptr<Token> token = nullptr;
63 AbilityRequest abilityRequest;
64 abilityRequest.appInfo.bundleName = "com.example.fuzzTest";
65 abilityRequest.abilityInfo.name = "MainAbility";
66 abilityRequest.abilityInfo.type = AbilityType::DATA;
67 std::shared_ptr<AbilityRecord> abilityRecord = AbilityRecord::CreateAbilityRecord(abilityRequest);
68 if (!abilityRecord) {
69 return nullptr;
70 }
71 return abilityRecord;
72 }
73
GetFuzzAbilityToken()74 sptr<Token> GetFuzzAbilityToken()
75 {
76 sptr<Token> token = nullptr;
77 std::shared_ptr<AbilityRecord> abilityRecord = GetFuzzAbilityRecord();
78 if (abilityRecord) {
79 token = abilityRecord->GetToken();
80 }
81 return token;
82 }
83
DoSomethingInterestingWithMyAPI(const char * data,size_t size)84 bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
85 {
86 bool boolParam = *data % ENABLE;
87 int intParam = static_cast<int>(GetU32Data(data));
88 int32_t int32Param = static_cast<int32_t>(GetU32Data(data));
89 int64_t int64Param = static_cast<int64_t>(GetU32Data(data));
90 uint32_t uint32Param = static_cast<uint32_t>(GetU32Data(data));
91 std::string stringParam(data, size);
92 Parcel wantParcel;
93 Want* want = nullptr;
94 if (wantParcel.WriteBuffer(data, size)) {
95 want = Want::Unmarshalling(wantParcel);
96 if (!want) {
97 return false;
98 }
99 }
100 std::shared_ptr<AbilityRecord> abilityRecord = GetFuzzAbilityRecord();
101 sptr<IRemoteObject> token = GetFuzzAbilityToken();
102 sptr<IAbilityConnection> connect = new MyAbilityConnection();
103 std::vector<std::string> info;
104 std::shared_ptr<Mission> mission = std::make_shared<Mission>(int32Param, abilityRecord);
105 std::shared_ptr<MissionList> missionList = std::make_shared<MissionList>();
106
107 // fuzz for MissionListManager
108 auto missionListManager = std::make_shared<MissionListManager>(intParam);
109 auto launcherList = std::make_shared<MissionList>(MissionListType::LAUNCHER);
110 missionListManager->launcherList_ = launcherList;
111 missionListManager->defaultStandardList_ = std::make_shared<MissionList>(MissionListType::DEFAULT_STANDARD);
112 missionListManager->defaultSingleList_ = std::make_shared<MissionList>(MissionListType::DEFAULT_SINGLE);
113 missionListManager->currentMissionLists_.push_front(launcherList);
114 if (!missionListManager->listenerController_) {
115 missionListManager->listenerController_ = std::make_shared<MissionListenerController>();
116 }
117 DelayedSingleton<MissionInfoMgr>::GetInstance()->taskDataPersistenceMgr_ =
118 DelayedSingleton<TaskDataPersistenceMgr>::GetInstance();
119 AbilityRequest abilityRequest;
120 missionListManager->OnTimeOut(uint32Param, int64Param);
121 missionListManager->HandleLoadTimeout(abilityRecord);
122 missionListManager->HandleForegroundTimeout(abilityRecord);
123 missionListManager->CompleteForegroundFailed(abilityRecord, OHOS::AAFwk::AbilityState::INITIAL);
124 missionListManager->HandleTimeoutAndResumeAbility(abilityRecord);
125 missionListManager->DelayedResumeTimeout(abilityRecord);
126 missionListManager->BackToCaller(abilityRecord);
127 missionListManager->MoveToTerminateList(abilityRecord);
128 missionListManager->GetAbilityRecordByCaller(abilityRecord, intParam);
129 missionListManager->GetAbilityRecordById(int64Param);
130 missionListManager->OnAbilityDied(abilityRecord, int32Param);
131 missionListManager->GetTargetMissionList(intParam, mission, boolParam);
132 missionListManager->GetMissionIdByAbilityToken(token);
133 missionListManager->GetAbilityTokenByMissionId(int32Param);
134 missionListManager->PostStartWaitingAbility();
135 missionListManager->HandleAbilityDied(abilityRecord);
136 missionListManager->HandleLauncherDied(abilityRecord);
137 missionListManager->HandleAbilityDiedByDefault(abilityRecord);
138 missionListManager->DelayedStartLauncher();
139 missionListManager->BackToLauncher();
140 missionListManager->SetMissionLabel(token, stringParam);
141 std::shared_ptr<OHOS::Media::PixelMap> icon = std::make_shared<OHOS::Media::PixelMap>();
142 missionListManager->SetMissionIcon(token, icon);
143 missionListManager->CompleteFirstFrameDrawing(token);
144 missionListManager->GetCancelStartingWindowTask(abilityRecord);
145 missionListManager->PostCancelStartingWindowTask(abilityRecord);
146 missionListManager->Dump(info);
147 missionListManager->DumpMissionListByRecordId(info, boolParam, int32Param, info);
148 missionListManager->DumpMissionList(info, boolParam, stringParam);
149 missionListManager->DumpMissionInfos(info);
150 missionListManager->DumpMission(intParam, info);
151 missionListManager->ResolveLocked(abilityRequest);
152 missionListManager->CallAbilityLocked(abilityRequest);
153 AppExecFwk::ElementName element;
154 missionListManager->ReleaseCallLocked(connect, element);
155 missionListManager->ResolveAbility(abilityRecord, abilityRequest);
156 missionListManager->GetAbilityRecordByName(element);
157 std::shared_ptr<CallRecord> callRecord;
158 missionListManager->OnCallConnectDied(callRecord);
159 missionListManager->OnAcceptWantResponse(*want, stringParam);
160 missionListManager->OnStartSpecifiedAbilityTimeoutResponse();
161 missionListManager->GetMissionBySpecifiedFlag(*want, stringParam);
162 missionListManager->IsReachToLimitLocked();
163 sptr<ISnapshotHandler> snapshotHandler;
164 missionListManager->RegisterSnapshotHandler(snapshotHandler);
165 MissionSnapshot missionSnapshot;
166 missionListManager->GetMissionSnapshot(int32Param, token, missionSnapshot, boolParam);
167 std::vector<AbilityRunningInfo> abilityRunningInfo;
168 missionListManager->GetAbilityRunningInfos(abilityRunningInfo, boolParam);
169 missionListManager->UninstallApp(stringParam, int32Param);
170 missionListManager->AddUninstallTags(stringParam, int32Param);
171 missionListManager->EraseWaitingAbility(stringParam, int32Param);
172 missionListManager->IsStarted();
173 missionListManager->PauseManager();
174 missionListManager->ResumeManager();
175 std::list<std::shared_ptr<AbilityRecord>> foregroundList;
176 missionListManager->GetAllForegroundAbilities(foregroundList);
177 missionListManager->GetForegroundAbilities(missionList, foregroundList);
178 missionListManager->IsExcludeFromMissions(mission);
179 std::vector<sptr<IRemoteObject>> tokens;
180 missionListManager->SetMissionANRStateByTokens(tokens);
181 missionListManager->listenerController_ = nullptr;
182 missionListManager->RemoveMissionLocked(int32Param, boolParam);
183 if (want) {
184 delete want;
185 want = nullptr;
186 }
187 return true;
188 }
189 }
190
191 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)192 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
193 {
194 /* Run your code on data */
195 if (data == nullptr) {
196 return 0;
197 }
198
199 /* Validate the length of size */
200 if (size < OHOS::U32_AT_SIZE) {
201 return 0;
202 }
203
204 char* ch = static_cast<char*>(malloc(size + 1));
205 if (ch == nullptr) {
206 std::cout << "malloc failed." << std::endl;
207 return 0;
208 }
209
210 (void)memset_s(ch, size + 1, 0x00, size + 1);
211 if (memcpy_s(ch, size, data, size) != EOK) {
212 std::cout << "copy failed." << std::endl;
213 free(ch);
214 ch = nullptr;
215 return 0;
216 }
217
218 OHOS::DoSomethingInterestingWithMyAPI(ch, size);
219 free(ch);
220 ch = nullptr;
221 return 0;
222 }