1 /*
2 * Copyright (c) 2024-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "accessibleabilitymanagerservicestub_fuzzer.h"
17
18 #include "accessibility_ipc_interface_code.h"
19 #include "accessible_ability_manager_service_stub.h"
20 #include "securec.h"
21 #include "addaamstoken_fuzzer.h"
22
23 namespace OHOS {
24 namespace Accessibility {
25 namespace {
26 constexpr size_t FOO_MAX_LEN = 1024;
27 constexpr size_t U32_AT_SIZE = 4;
28 constexpr size_t BASE_CODE = 1;
29 constexpr size_t MESSAGE_SIZE = SERVICE_CODE_END - SEND_EVENT;
30 constexpr size_t FUZZ_NUM1 = 1;
31 constexpr size_t FUZZ_NUM2 = 2;
32 constexpr size_t FUZZ_NUM3 = 3;
33 constexpr size_t FUZZ_NUM8 = 8;
34 constexpr size_t FUZZ_NUM16 = 16;
35 constexpr size_t FUZZ_NUM24 = 24;
36 constexpr uint8_t DEVISOR_TWO = 2;
37 } // namespace
38
39 class AccessibleAbilityManagerServiceStubFuzzTest : public AccessibleAbilityManagerServiceStub {
40 public:
41 AccessibleAbilityManagerServiceStubFuzzTest() = default;
42 ~AccessibleAbilityManagerServiceStubFuzzTest() = default;
43
SendEvent(const AccessibilityEventInfoParcel & eventInfoParcel,int32_t flag)44 ErrCode SendEvent(const AccessibilityEventInfoParcel& eventInfoParcel, int32_t flag) override
45 {
46 return RET_OK;
47 }
48
RegisterStateObserver(const sptr<IAccessibleAbilityManagerStateObserver> & callback,uint32_t & state)49 ErrCode RegisterStateObserver(const sptr<IAccessibleAbilityManagerStateObserver> &callback,
50 uint32_t &state) override
51 {
52 return RET_OK;
53 }
54
RegisterCaptionObserver(const sptr<IAccessibleAbilityManagerCaptionObserver> & callback)55 ErrCode RegisterCaptionObserver(const sptr<IAccessibleAbilityManagerCaptionObserver> &callback) override
56 {
57 return RET_OK;
58 }
59
RegisterEnableAbilityListsObserver(const sptr<IAccessibilityEnableAbilityListsObserver> & observer)60 ErrCode RegisterEnableAbilityListsObserver(const sptr<IAccessibilityEnableAbilityListsObserver> &observer) override
61 {
62 return RET_OK;
63 }
64
GetAbilityList(uint32_t abilityTypes,int32_t stateType,std::vector<AccessibilityAbilityInfoParcel> & infos)65 ErrCode GetAbilityList(
66 uint32_t abilityTypes, int32_t stateType, std::vector<AccessibilityAbilityInfoParcel>& infos) override
67 {
68 return RET_OK;
69 }
70
RegisterElementOperatorByWindowId(const int32_t windowId,const sptr<IAccessibilityElementOperator> & elementOperation)71 ErrCode RegisterElementOperatorByWindowId(
72 const int32_t windowId, const sptr<IAccessibilityElementOperator> &elementOperation) override
73 {
74 return RET_OK;
75 }
76
RegisterElementOperatorByParameter(const RegistrationPara & parameter,const sptr<IAccessibilityElementOperator> & elementOperation)77 ErrCode RegisterElementOperatorByParameter(
78 const RegistrationPara& parameter, const sptr<IAccessibilityElementOperator>& elementOperation) override
79 {
80 return RET_OK;
81 }
82
DeregisterElementOperatorByWindowId(const int32_t windowId)83 ErrCode DeregisterElementOperatorByWindowId(const int32_t windowId) override
84 {
85 return RET_OK;
86 }
87
DeregisterElementOperatorByWindowIdAndTreeId(const int32_t windowId,const int32_t treeId)88 ErrCode DeregisterElementOperatorByWindowIdAndTreeId(const int32_t windowId, const int32_t treeId) override
89 {
90 return RET_OK;
91 }
92
GetCaptionProperty(CaptionPropertyParcel & caption)93 ErrCode GetCaptionProperty(CaptionPropertyParcel &caption) override
94 {
95 return RET_OK;
96 }
GetCaptionState(bool & state)97 ErrCode GetCaptionState(bool &state) override
98 {
99 return RET_OK;
100 }
GetScreenReaderState(bool & state)101 ErrCode GetScreenReaderState(bool &state) override
102 {
103 return RET_OK;
104 }
105
SetCaptionProperty(const CaptionPropertyParcel & caption)106 ErrCode SetCaptionProperty(const CaptionPropertyParcel &caption) override
107 {
108 return RET_OK;
109 }
SetCaptionState(bool state)110 ErrCode SetCaptionState(bool state) override
111 {
112 return RET_OK;
113 }
114
EnableAbility(const std::string & name,const uint32_t capabilities)115 ErrCode EnableAbility(const std::string &name, const uint32_t capabilities) override
116 {
117 return RET_OK;
118 }
GetEnabledAbilities(std::vector<std::string> & enabledAbilities)119 ErrCode GetEnabledAbilities(std::vector<std::string> &enabledAbilities) override
120 {
121 return RET_OK;
122 }
DisableAbility(const std::string & name)123 ErrCode DisableAbility(const std::string &name) override
124 {
125 return RET_OK;
126 }
SetMagnificationState(const bool state)127 ErrCode SetMagnificationState(const bool state) override
128 {
129 return RET_OK;
130 }
GetActiveWindow(int32_t & windowId)131 ErrCode GetActiveWindow(int32_t &windowId) override
132 {
133 return RET_OK;
134 }
GetActiveWindow(int32_t & windowId,bool systemApi)135 ErrCode GetActiveWindow(int32_t &windowId, bool systemApi) override
136 {
137 return RET_OK;
138 }
CheckExtensionAbilityPermission(std::string & processName)139 ErrCode CheckExtensionAbilityPermission(std::string& processName) override
140 {
141 return RET_OK;
142 }
EnableUITestAbility(const sptr<IRemoteObject> & obj)143 ErrCode EnableUITestAbility(const sptr<IRemoteObject> &obj) override
144 {
145 return RET_OK;
146 }
DisableUITestAbility()147 ErrCode DisableUITestAbility() override
148 {
149 return RET_OK;
150 }
151
SetScreenMagnificationState(bool state)152 ErrCode SetScreenMagnificationState(bool state) override
153 {
154 return RET_OK;
155 }
SetShortKeyState(bool state)156 ErrCode SetShortKeyState(bool state) override
157 {
158 return RET_OK;
159 }
SetMouseKeyState(bool state)160 ErrCode SetMouseKeyState(bool state) override
161 {
162 return RET_OK;
163 }
SetMouseAutoClick(int32_t time)164 ErrCode SetMouseAutoClick(int32_t time) override
165 {
166 return RET_OK;
167 }
SetShortkeyTarget(const std::string & name)168 ErrCode SetShortkeyTarget(const std::string &name) override
169 {
170 return RET_OK;
171 }
SetShortkeyMultiTarget(const std::vector<std::string> & name)172 ErrCode SetShortkeyMultiTarget(const std::vector<std::string> &name) override
173 {
174 return RET_OK;
175 }
SetHighContrastTextState(bool state)176 ErrCode SetHighContrastTextState(bool state) override
177 {
178 return RET_OK;
179 }
SetInvertColorState(bool state)180 ErrCode SetInvertColorState(bool state) override
181 {
182 return RET_OK;
183 }
SetAnimationOffState(bool state)184 ErrCode SetAnimationOffState(bool state) override
185 {
186 return RET_OK;
187 }
SetAudioMonoState(bool state)188 ErrCode SetAudioMonoState(bool state) override
189 {
190 return RET_OK;
191 }
SetDaltonizationState(bool state)192 ErrCode SetDaltonizationState(bool state) override
193 {
194 return RET_OK;
195 }
SetDaltonizationColorFilter(uint32_t filter)196 ErrCode SetDaltonizationColorFilter(uint32_t filter) override
197 {
198 return RET_OK;
199 }
SetContentTimeout(uint32_t time)200 ErrCode SetContentTimeout(uint32_t time) override
201 {
202 return RET_OK;
203 }
SetBrightnessDiscount(float discount)204 ErrCode SetBrightnessDiscount(float discount) override
205 {
206 return RET_OK;
207 }
SetAudioBalance(float balance)208 ErrCode SetAudioBalance(float balance) override
209 {
210 return RET_OK;
211 }
SetClickResponseTime(uint32_t time)212 ErrCode SetClickResponseTime(uint32_t time) override
213 {
214 return RET_OK;
215 }
SetIgnoreRepeatClickState(bool state)216 ErrCode SetIgnoreRepeatClickState(bool state) override
217 {
218 return RET_OK;
219 }
SetIgnoreRepeatClickTime(uint32_t time)220 ErrCode SetIgnoreRepeatClickTime(uint32_t time) override
221 {
222 return RET_OK;
223 }
224
GetScreenMagnificationState(bool & state)225 ErrCode GetScreenMagnificationState(bool &state) override
226 {
227 return RET_OK;
228 }
GetShortKeyState(bool & state)229 ErrCode GetShortKeyState(bool &state) override
230 {
231 return RET_OK;
232 }
GetMouseKeyState(bool & state)233 ErrCode GetMouseKeyState(bool &state) override
234 {
235 return RET_OK;
236 }
GetMouseAutoClick(int32_t & time)237 ErrCode GetMouseAutoClick(int32_t &time) override
238 {
239 return RET_OK;
240 }
GetShortkeyTarget(std::string & name)241 ErrCode GetShortkeyTarget(std::string &name) override
242 {
243 return RET_OK;
244 }
GetShortkeyMultiTarget(std::vector<std::string> & name)245 ErrCode GetShortkeyMultiTarget(std::vector<std::string> &name) override
246 {
247 return RET_OK;
248 }
GetHighContrastTextState(bool & state)249 ErrCode GetHighContrastTextState(bool &state) override
250 {
251 return RET_OK;
252 }
GetInvertColorState(bool & state)253 ErrCode GetInvertColorState(bool &state) override
254 {
255 return RET_OK;
256 }
GetAnimationOffState(bool & state)257 ErrCode GetAnimationOffState(bool &state) override
258 {
259 return RET_OK;
260 }
GetAudioMonoState(bool & state)261 ErrCode GetAudioMonoState(bool &state) override
262 {
263 return RET_OK;
264 }
GetDaltonizationState(bool & state)265 ErrCode GetDaltonizationState(bool &state) override
266 {
267 return RET_OK;
268 }
GetDaltonizationColorFilter(uint32_t & type)269 ErrCode GetDaltonizationColorFilter(uint32_t &type) override
270 {
271 return RET_OK;
272 }
GetContentTimeout(uint32_t & timer)273 ErrCode GetContentTimeout(uint32_t &timer) override
274 {
275 return RET_OK;
276 }
GetBrightnessDiscount(float & brightness)277 ErrCode GetBrightnessDiscount(float &brightness) override
278 {
279 return RET_OK;
280 }
GetAudioBalance(float & balance)281 ErrCode GetAudioBalance(float &balance) override
282 {
283 return RET_OK;
284 }
GetClickResponseTime(uint32_t & time)285 ErrCode GetClickResponseTime(uint32_t &time) override
286 {
287 return RET_OK;
288 }
GetIgnoreRepeatClickState(bool & state)289 ErrCode GetIgnoreRepeatClickState(bool &state) override
290 {
291 return RET_OK;
292 }
GetIgnoreRepeatClickTime(uint32_t & time)293 ErrCode GetIgnoreRepeatClickTime(uint32_t &time) override
294 {
295 return RET_OK;
296 }
GetAllConfigs(AccessibilityConfigData & configData,CaptionPropertyParcel & caption)297 ErrCode GetAllConfigs(AccessibilityConfigData& configData, CaptionPropertyParcel& caption) override
298 {
299 return RET_OK;
300 }
GetRealWindowAndElementId(int32_t & windowId,int64_t & elementId)301 ErrCode GetRealWindowAndElementId(int32_t &windowId, int64_t &elementId) override
302 {
303 return RET_OK;
304 }
GetSceneBoardInnerWinId(int32_t windowId,int64_t elementId,int32_t & innerWid)305 ErrCode GetSceneBoardInnerWinId(int32_t windowId, int64_t elementId, int32_t &innerWid) override
306 {
307 return RET_OK;
308 }
GetFocusedWindowId(int32_t & focusedWindowId)309 ErrCode GetFocusedWindowId(int32_t &focusedWindowId) override
310 {
311 return RET_OK;
312 }
RegisterConfigObserver(const sptr<IAccessibleAbilityManagerConfigObserver> & callback)313 ErrCode RegisterConfigObserver(const sptr<IAccessibleAbilityManagerConfigObserver> &callback) override
314 {
315 return RET_OK;
316 }
PostDelayUnloadTask()317 void PostDelayUnloadTask()
318 {
319 }
RemoveRequestId(int32_t requestId)320 ErrCode RemoveRequestId(int32_t requestId) override
321 {
322 return RET_OK;
323 }
GetRootParentId(int32_t windowsId,int32_t treeId,int64_t & parentId)324 ErrCode GetRootParentId(int32_t windowsId, int32_t treeId, int64_t &parentId) override
325 {
326 return 0;
327 }
GetRootParentId(int32_t windowsId,int32_t treeId,int64_t & parentId,bool systemApi)328 ErrCode GetRootParentId(int32_t windowsId, int32_t treeId, int64_t &parentId, bool systemApi) override
329 {
330 return 0;
331 }
SetEnhanceConfig(const AccessibilitySecCompRawdata & rawData)332 int32_t SetEnhanceConfig(const AccessibilitySecCompRawdata& rawData) override
333 {
334 return 0;
335 }
SearchNeedEvents(std::vector<uint32_t> & needEvents)336 ErrCode SearchNeedEvents(std::vector<uint32_t> &needEvents) override
337 {
338 return NO_ERROR;
339 }
340
UpdateUITestConfigureEvents(std::vector<uint32_t> needEvents)341 RetError UpdateUITestConfigureEvents(std::vector<uint32_t> needEvents)
342 {
343 return RET_OK;
344 }
345 };
346
GetU32Data(const uint8_t * ptr)347 uint32_t GetU32Data(const uint8_t *ptr)
348 {
349 return (ptr[0] << FUZZ_NUM24) | (ptr[FUZZ_NUM1] << FUZZ_NUM16) | (ptr[FUZZ_NUM2] << FUZZ_NUM8) | (ptr[FUZZ_NUM3]);
350 }
351
OnRemoteRequestSvcFuzzTest(const uint8_t * data,size_t size)352 bool OnRemoteRequestSvcFuzzTest(const uint8_t *data, size_t size)
353 {
354 uint32_t code = (GetU32Data(data) % MESSAGE_SIZE) + BASE_CODE;
355 MessageParcel datas;
356 std::u16string descriptor = AccessibleAbilityManagerServiceStubFuzzTest::GetDescriptor();
357 datas.WriteInterfaceToken(descriptor);
358 datas.WriteBuffer(data, size);
359 datas.RewindRead(0);
360 MessageParcel reply;
361 MessageOption option;
362 AccessibleAbilityManagerServiceStubFuzzTest serviceStub;
363 serviceStub.OnRemoteRequest(code, datas, reply, option);
364 return true;
365 }
366
HandleSetDaltonizationStateTest(const uint8_t * data,size_t size)367 bool HandleSetDaltonizationStateTest(const uint8_t *data, size_t size)
368 {
369 MessageParcel datas;
370 std::u16string descriptor = AccessibleAbilityManagerServiceStubFuzzTest::GetDescriptor();
371 if (!datas.WriteInterfaceToken(descriptor)) {
372 return false;
373 }
374 bool isSetDaltonizationState = data[0] % DEVISOR_TWO;
375 if (!datas.WriteBool(isSetDaltonizationState)) {
376 return false;
377 }
378 MessageParcel reply;
379 MessageOption option;
380 AccessibleAbilityManagerServiceStubFuzzTest serviceStub;
381 uint32_t TRANSACTION_CODE = 0x30;
382
383 serviceStub.OnRemoteRequest(TRANSACTION_CODE, datas, reply, option);
384 return true;
385 }
386
HandleRemoveRequestIdTest(const uint8_t * data,size_t size)387 bool HandleRemoveRequestIdTest(const uint8_t *data, size_t size)
388 {
389 MessageParcel request;
390 std::u16string descriptor = AccessibleAbilityManagerServiceStub::GetDescriptor();
391 if (!request.WriteInterfaceToken(descriptor)) {
392 return false;
393 }
394 int32_t requestId = static_cast<int32_t>(*data);
395 if (!request.WriteInt32(requestId)) {
396 return false;
397 }
398
399 MessageParcel reply;
400 MessageOption option;
401 AccessibleAbilityManagerServiceStubFuzzTest serviceStub;
402 uint32_t TRANSACTION_CODE = 0x61;
403 serviceStub.OnRemoteRequest(TRANSACTION_CODE, request, reply, option);
404 return true;
405 }
406
HandleGetScreenReaderStateTest()407 bool HandleGetScreenReaderStateTest()
408 {
409 MessageParcel datas;
410 std::u16string descriptor = AccessibleAbilityManagerServiceStubFuzzTest::GetDescriptor();
411 if (!datas.WriteInterfaceToken(descriptor)) {
412 return false;
413 }
414 MessageParcel reply;
415 MessageOption option;
416 AccessibleAbilityManagerServiceStubFuzzTest serviceStub;
417 uint32_t TRANSACTION_CODE = 0x63;
418
419 serviceStub.OnRemoteRequest(TRANSACTION_CODE, datas, reply, option);
420 return true;
421 }
422 } // namespace Accessibility
423 } // namespace OHOS
424
425 /* Fuzzer entry point */
LLVMFuzzerInitialize(int * argc,char *** argv)426 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
427 {
428 OHOS::AddAAMSTokenFuzzer token;
429 return 0;
430 }
431
432 // Fuzzer entry point.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)433 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
434 {
435 /* Run your code on data */
436 if (data == nullptr) {
437 return 0;
438 }
439
440 if (size < OHOS::Accessibility::U32_AT_SIZE) {
441 return 0;
442 }
443
444 OHOS::Accessibility::OnRemoteRequestSvcFuzzTest(data, size);
445 OHOS::Accessibility::HandleSetDaltonizationStateTest(data, size);
446 OHOS::Accessibility::HandleGetScreenReaderStateTest();
447 OHOS::Accessibility::HandleRemoveRequestIdTest(data, size);
448 return 0;
449 }