1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "bms_adapter_fuzzer.h"
17 #include "foundation/multimedia/camera_framework/common/utils/camera_log.h"
18 #include "message_parcel.h"
19 #include "system_ability_definition.h"
20 #include "securec.h"
21 #include "iservice_registry.h"
22 #include "token_setproc.h"
23 #include <cstddef>
24 #include <cstdint>
25 #include <memory>
26 #include <mutex>
27
28 namespace OHOS {
29 namespace CameraStandard {
30 using RemoveCallback = std::function<void()>;
31 const size_t MAX_LENGTH_STRING = 64;
32 static const int32_t MIN_SIZE_NUM = 68;
33
34 std::shared_ptr<BmsAdapter> BmsAdapterFuzzer::fuzz_ {nullptr};
35 std::shared_ptr<BmsSaListener> BmsSaListenerFuzzer::bmsfuzz_ {nullptr};
36
37 /*
38 * describe: get data from outside untrusted data(g_data) which size is according to sizeof(T)
39 * tips: only support basic type
40 */
41
Initialize()42 void BmsAdapterFuzzer::Initialize()
43 {
44 fuzz_ = std::make_shared<BmsAdapter>();
45 CHECK_RETURN_ELOG(!fuzz_, "Create fuzz_ Error");
46
47 fuzz_->RegisterListener();
48 auto samgr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
49 if (samgr == nullptr) {
50 return;
51 }
52 sptr<IRemoteObject> object = samgr->GetSystemAbility(BUNDLE_MGR_SERVICE_SYS_ABILITY_ID);
53 if (object == nullptr) {
54 return;
55 }
56 sptr<OHOS::AppExecFwk::IBundleMgr> bms = iface_cast<OHOS::AppExecFwk::IBundleMgr>(object);
57 fuzz_->SetBms(bms);
58 }
59
BmsSaListenerFuzzTest(FuzzedDataProvider & fdp)60 void BmsSaListenerFuzzer::BmsSaListenerFuzzTest(FuzzedDataProvider& fdp)
61 {
62 if (bmsfuzz_ == nullptr) {
63 auto bmsAdapterWptr = wptr<BmsAdapter>();
64 auto removeCallback = [bmsAdapterWptr]() {
65 auto adapter = bmsAdapterWptr.promote();
66 if (adapter) {
67 adapter->SetBms(nullptr);
68 }
69 };
70 bmsfuzz_ = std::make_shared<BmsSaListener>(removeCallback);
71 }
72 int32_t systemAbilityId = fdp.ConsumeIntegral<int32_t>();
73 std::string deviceId(fdp.ConsumeRandomLengthString(MAX_LENGTH_STRING));
74 bmsfuzz_->OnAddSystemAbility(systemAbilityId, deviceId);
75 bmsfuzz_->OnRemoveSystemAbility(systemAbilityId, deviceId);
76 }
77
Test(uint8_t * data,size_t size)78 void Test(uint8_t* data, size_t size)
79 {
80 auto bmsSaListener = std::make_unique<BmsSaListenerFuzzer>();
81 auto bmsAdapterFuzzer = std::make_unique<BmsAdapterFuzzer>();
82 if (bmsSaListener == nullptr) {
83 MEDIA_INFO_LOG("bmsSaListener is null");
84 return;
85 }
86 if (bmsAdapterFuzzer == nullptr) {
87 MEDIA_INFO_LOG("bmsAdapterFuzzer is null");
88 return;
89 }
90
91 FuzzedDataProvider fdp(data, size);
92 if (fdp.remaining_bytes() < MIN_SIZE_NUM) {
93 return;
94 }
95 bmsSaListener->BmsSaListenerFuzzTest(fdp);
96 bmsAdapterFuzzer->Initialize();
97 }
98 } // namespace CameraStandard
99 } // namespace OHOS
100
101 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(uint8_t * data,size_t size)102 extern "C" int LLVMFuzzerTestOneInput(uint8_t* data, size_t size)
103 {
104 OHOS::CameraStandard::Test(data, size);
105 return 0;
106 }