1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "facrconnection_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <fuzzer/FuzzedDataProvider.h>
21 #include "form_constants.h"
22 #include "form_supply_stub.h"
23
24 #define private public
25 #define protected public
26 #include "form_render_service_mgr.h"
27 #include "status_mgr_center/form_render_status_mgr.h"
28 #include "status_mgr_center/form_render_status_task_mgr.h"
29 #include "data_center/form_basic_info_mgr.h"
30 #undef private
31 #undef protected
32 #include "message_parcel.h"
33 #include "securec.h"
34
35 using namespace OHOS::AppExecFwk;
36 using namespace OHOS::AppExecFwk::FormRender;
37
38 namespace OHOS {
39 constexpr size_t U32_AT_SIZE = 4;
40
41 class FormSupplyStubFuzzTest : public FormSupplyStub {
42 public:
43 FormSupplyStubFuzzTest() = default;
44 virtual ~FormSupplyStubFuzzTest() = default;
OnAcquire(const FormProviderInfo & formInfo,const Want & want)45 int OnAcquire(const FormProviderInfo &formInfo, const Want &want) override
46 {
47 return 0;
48 }
OnEventHandle(const Want & want)49 int OnEventHandle(const Want &want) override
50 {
51 return 0;
52 }
OnAcquireStateResult(FormState state,const std::string & provider,const Want & wantArg,const Want & want)53 int OnAcquireStateResult(FormState state, const std::string &provider,
54 const Want &wantArg, const Want &want) override
55 {
56 return 0;
57 }
OnShareAcquire(int64_t formId,const std::string & remoteDeviceId,const AAFwk::WantParams & wantParams,int64_t requestCode,const bool & result)58 void OnShareAcquire(int64_t formId, const std::string &remoteDeviceId,
59 const AAFwk::WantParams &wantParams, int64_t requestCode, const bool &result) override
60 {}
OnRenderTaskDone(int64_t formId,const Want & want)61 int32_t OnRenderTaskDone(int64_t formId, const Want &want) override
62 {
63 return ERR_OK;
64 }
OnStopRenderingTaskDone(int64_t formId,const Want & want)65 int32_t OnStopRenderingTaskDone(int64_t formId, const Want &want) override
66 {
67 return ERR_OK;
68 }
OnAcquireDataResult(const AAFwk::WantParams & wantParams,int64_t requestCode)69 int OnAcquireDataResult(const AAFwk::WantParams &wantParams, int64_t requestCode) override
70 {
71 return ERR_OK;
72 }
73 };
74
FormBasicInfoMgrTest(FuzzedDataProvider * fdp)75 void FormBasicInfoMgrTest(FuzzedDataProvider *fdp)
76 {
77 std::string abilityName = fdp->ConsumeRandomLengthString();
78 std::string bundleName = fdp->ConsumeRandomLengthString();
79 std::string moduleName = fdp->ConsumeRandomLengthString();
80 std::string formName = fdp->ConsumeRandomLengthString();
81 std::string packageName = fdp->ConsumeRandomLengthString();
82 int64_t formId = fdp->ConsumeIntegral<int64_t>();
83 FormBasicInfo basicInfo;
84 basicInfo.formId = formId;
85 FormBasicInfoMgr::GetInstance().AddFormBasicInfo(basicInfo);
86 FormBasicInfoMgr::GetInstance().UpdateAbilityName(formId, abilityName);
87 FormBasicInfoMgr::GetInstance().UpdateBundleName(formId, bundleName);
88 FormBasicInfoMgr::GetInstance().UpdateModuleName(formId, moduleName);
89 FormBasicInfoMgr::GetInstance().UpdateFormName(formId, formName);
90 FormBasicInfoMgr::GetInstance().UpdatePackageName(formId, packageName);
91 FormBasicInfoMgr::GetInstance().GetBasicInfoCount();
92 FormBasicInfoMgr::GetInstance().GetBasicInfoByFormId(formId, basicInfo);
93 FormBasicInfoMgr::GetInstance().GetFormAbilityName(formId);
94 FormBasicInfoMgr::GetInstance().GetFormBundleName(formId);
95 FormBasicInfoMgr::GetInstance().GetFormModuleName(formId);
96 FormBasicInfoMgr::GetInstance().GetFormName(formId);
97 FormBasicInfoMgr::GetInstance().GetFormPackageName(formId);
98 FormBasicInfoMgr::GetInstance().DeleteFormBasicInfo(formId);
99 FormBasicInfoMgr::GetInstance().ClearFormBasicInfo();
100 }
101
FormRenderStatusTaskMgrTest(FuzzedDataProvider * fdp)102 void FormRenderStatusTaskMgrTest(FuzzedDataProvider *fdp)
103 {
104 int64_t formId = fdp->ConsumeIntegral<int64_t>();
105 Want want;
106 std::string statusData = std::to_string(formId);
107 FormRenderStatusTaskMgr::GetInstance().OnRenderFormDone(formId, FormFsmEvent::RENDER_FORM_DONE, nullptr);
108 FormRenderStatusTaskMgr::GetInstance().OnRecoverFormDone(formId, FormFsmEvent::RECOVER_FORM_DONE, nullptr);
109 FormRenderStatusTaskMgr::GetInstance().OnDeleteFormDone(formId, FormFsmEvent::DELETE_FORM_DONE, nullptr);
110 FormRenderStatusTaskMgr::GetInstance().OnRecycleFormDone(formId, FormFsmEvent::RECYCLE_FORM_DONE, nullptr);
111 FormRenderStatusTaskMgr::GetInstance().OnRecycleForm(
112 formId, FormFsmEvent::RECYCLE_DATA_DONE, statusData, want, nullptr);
113 sptr<IRemoteObject> callerToken = new (std::nothrow) FormSupplyStubFuzzTest();
114 sptr<IFormSupply> formSupplyClient = iface_cast<IFormSupply>(callerToken);
115 FormRenderStatusMgr::GetInstance().DeleteFormEventId(formId);
116 FormRenderStatusTaskMgr::GetInstance().OnRenderFormDone(formId, FormFsmEvent::RENDER_FORM_DONE, formSupplyClient);
117 FormRenderStatusTaskMgr::GetInstance().OnRecoverFormDone(
118 formId, FormFsmEvent::RECOVER_FORM_DONE, formSupplyClient);
119 FormRenderStatusTaskMgr::GetInstance().OnDeleteFormDone(formId, FormFsmEvent::DELETE_FORM_DONE, formSupplyClient);
120 FormRenderStatusTaskMgr::GetInstance().OnRecycleFormDone(
121 formId, FormFsmEvent::RECYCLE_FORM_DONE, formSupplyClient);
122 FormRenderStatusTaskMgr::GetInstance().OnRecycleForm(
123 formId, FormFsmEvent::RECYCLE_DATA_DONE, statusData, want, formSupplyClient);
124 std::string eventId = std::to_string(formId);
125 FormRenderStatusMgr::GetInstance().SetFormEventId(formId, eventId);
126 FormRenderStatusTaskMgr::GetInstance().OnRenderFormDone(formId, FormFsmEvent::RENDER_FORM_DONE, formSupplyClient);
127 FormRenderStatusTaskMgr::GetInstance().OnRecoverFormDone(
128 formId, FormFsmEvent::RECOVER_FORM_DONE, formSupplyClient);
129 FormRenderStatusTaskMgr::GetInstance().OnDeleteFormDone(formId, FormFsmEvent::DELETE_FORM_DONE, formSupplyClient);
130 FormRenderStatusTaskMgr::GetInstance().OnRecycleFormDone(
131 formId, FormFsmEvent::RECYCLE_FORM_DONE, formSupplyClient);
132 FormRenderStatusTaskMgr::GetInstance().OnRecycleForm(
133 formId, FormFsmEvent::RECYCLE_DATA_DONE, statusData, want, formSupplyClient);
134 FormRenderStatusTaskMgr::GetInstance().SetSerialQueue(nullptr);
135 FormRenderStatusTaskMgr::GetInstance().ScheduleRecycleTimeout(formId);
136 FormRenderStatusTaskMgr::GetInstance().CancelRecycleTimeout(formId);
137 std::string queueStr = "FormRenderSerialQueue";
138 std::shared_ptr<FormRenderSerialQueue> serialQueue = std::make_unique<FormRenderSerialQueue>(queueStr);
139 FormRenderStatusTaskMgr::GetInstance().SetSerialQueue(serialQueue);
140 FormRenderStatusTaskMgr::GetInstance().CancelRecycleTimeout(formId);
141 FormRenderStatusTaskMgr::GetInstance().ScheduleRecycleTimeout(formId);
142 FormRenderStatusTaskMgr::GetInstance().CancelRecycleTimeout(formId);
143 }
144
FormRenderStatusMgrTest(FuzzedDataProvider * fdp)145 void FormRenderStatusMgrTest(FuzzedDataProvider *fdp)
146 {
147 OHOS::FormBasicInfoMgrTest(fdp);
148 OHOS::FormRenderStatusTaskMgrTest(fdp);
149 std::string str1 = fdp->ConsumeRandomLengthString();
150 FormRenderServiceMgr::GetInstance().FormRenderGCTask(str1);
151 FormRenderServiceMgr::GetInstance().FormRenderGC(str1);
152 FormRenderServiceMgr::GetInstance().IsRenderRecordExist(str1);
153 FormRenderServiceMgr::GetInstance().RunCachedConfigurationUpdated();
154 FormRenderServiceMgr::GetInstance().OnUnlock();
155 FormRenderServiceMgr::GetInstance().GetFormSupplyClient();
156 FormRenderServiceMgr::GetInstance().OnConfigurationUpdatedInner();
157 int64_t formId = fdp->ConsumeIntegral<int64_t>();
158 FormFsmEvent event = FormFsmEvent::RELOAD_FORM;
159 std::function<int32_t()> func = []() { return 1; };
160 FormRenderStatusMgr::GetInstance().PostFormEvent(formId, event, func);
161 FormRenderStatusMgr::GetInstance().GetFormEventId(formId);
162 std::string eventId = fdp->ConsumeRandomLengthString();
163 FormRenderStatusMgr::GetInstance().SetFormEventId(formId, eventId);
164 FormRenderStatusMgr::GetInstance().DeleteFormEventId(formId);
165 FormFsmStatus status = FormFsmStatus::UNPROCESSABLE;
166 FormFsmProcessType processType = fdp->ConsumeBool() ? FormFsmProcessType::PROCESS_TASK_DELETE
167 : FormFsmProcessType::PROCESS_TASK_DIRECT;
168 FormRenderStatusMgr::GetInstance().ExecFormTask(processType, formId, event, status, func);
169 FormRenderStatusMgr::GetInstance().ProcessTaskDirect(func);
170 FormRenderStatusMgr::GetInstance().ProcessTaskDelete(formId);
171 FormRenderStatusMgr::GetInstance().PrintTaskInfo(formId, event, status);
172 }
173
DoSomethingInterestingWithMyAPI(FuzzedDataProvider * fdp)174 bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider *fdp)
175 {
176 if (fdp == nullptr) {
177 return true;
178 }
179 std::string str1 = fdp->ConsumeRandomLengthString();
180 std::string str2 = fdp->ConsumeRandomLengthString();
181 std::string str3 = fdp->ConsumeRandomLengthString();
182 int32_t num1 = fdp->ConsumeIntegral<int32_t>();
183 int64_t num2 = fdp->ConsumeIntegral<int64_t>();
184 float num3 = fdp->ConsumeIntegralInRange(0, 1000);
185 bool isTrue = fdp->ConsumeBool();
186 FormJsInfo formJsInfo;
187 formJsInfo.formId = num2;
188 sptr<IRemoteObject> callerToken;
189 callerToken = new (std::nothrow) FormSupplyStubFuzzTest();
190 Want want;
191 want.SetParam(Constants::FORM_CONNECT_ID, num1);
192 want.SetParam(Constants::FORM_STATUS_EVENT_ID, str1);
193 want.SetParam(Constants::FORM_SUPPLY_UID, str3);
194 want.SetParam(Constants::PARAM_FORM_HOST_TOKEN, callerToken);
195 FormRenderServiceMgr::GetInstance().RenderForm(formJsInfo, want, nullptr);
196 FormRenderServiceMgr::GetInstance().RenderForm(formJsInfo, want, callerToken);
197 FormRenderServiceMgr::GetInstance().StopRenderingForm(formJsInfo, want, nullptr);
198 FormRenderServiceMgr::GetInstance().StopRenderingForm(formJsInfo, want, callerToken);
199 FormRenderServiceMgr::GetInstance().CleanFormHost(callerToken);
200 std::vector<FormJsInfo> formJsInfos;
201 formJsInfos.push_back(formJsInfo);
202 formJsInfos.push_back(formJsInfo);
203 FormRenderServiceMgr::GetInstance().ReloadForm(std::move(formJsInfos), want);
204 std::shared_ptr<OHOS::AppExecFwk::Configuration> configuration = std::make_shared<Configuration>();
205 configuration->AddItem(str1, str2);
206 FormRenderServiceMgr::GetInstance().OnConfigurationUpdated(configuration);
207 FormRenderServiceMgr::GetInstance().SetConfiguration(configuration);
208 FormRenderServiceMgr::GetInstance().ReleaseRenderer(num2, str1, str2, want);
209 FormRenderServiceMgr::GetInstance().SetVisibleChange(num2, isTrue, want);
210 FormRenderServiceMgr::GetInstance().RecycleForm(num2, want);
211 FormRenderServiceMgr::GetInstance().RecoverForm(formJsInfo, want);
212 FormRenderServiceMgr::GetInstance().UpdateFormSize(num2, num3, num3, num3, str1);
213 sptr<IFormSupply> formSupplyClient;
214 FormRenderServiceMgr::GetInstance().SetFormSupplyClient(formSupplyClient);
215 FormRenderServiceMgr::GetInstance().ConfirmUnlockState(want);
216 FormRenderServiceMgr::GetInstance().UpdateRenderRecordByUid(str1, want, formJsInfo, formSupplyClient);
217 std::shared_ptr<FormRenderRecord> search;
218 FormRenderServiceMgr::GetInstance().GetRenderRecordById(search, str1);
219 FormRenderServiceMgr::GetInstance().RecoverFormByUid(formJsInfo, want, str1, str2);
220 FormRenderServiceMgr::GetInstance().RecycleFormByUid(str1, str2, num2);
221 FormRenderServiceMgr::GetInstance().DeleteRenderRecordByUid(str1, search);
222 OHOS::FormRenderStatusMgrTest(fdp);
223 return true;
224 }
225 }
226
227 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)228 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
229 {
230 FuzzedDataProvider fdp(data, size);
231 OHOS::DoSomethingInterestingWithMyAPI(&fdp);
232 return 0;
233 }