1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "samgrdumper_fuzzer.h"
17
18 #define private public
19 #include "system_ability_manager.h"
20 #include "system_ability_manager_dumper.h"
21 #include "schedule/system_ability_state_scheduler.h"
22 #include "sam_mock_permission.h"
23 #include "sa_status_change_mock.h"
24 #include "securec.h"
25
26 namespace OHOS {
27 namespace Samgr {
28 namespace {
29 constexpr size_t THRESHOLD = 10;
30 constexpr const char* HIDUMPER_PROCESS_NAME = "hidumper_service";
31 const uint8_t *g_baseFuzzData = nullptr;
32 size_t g_baseFuzzSize = 0;
33 size_t g_baseFuzzPos;
34 constexpr int32_t SAID = 1493;
35 }
36
GetData()37 template <class T> T GetData()
38 {
39 T object{};
40 size_t objectSize = sizeof(object);
41 if (g_baseFuzzData == nullptr || objectSize > g_baseFuzzSize - g_baseFuzzPos) {
42 return object;
43 }
44 errno_t ret = memcpy_s(&object, objectSize, g_baseFuzzData + g_baseFuzzPos, objectSize);
45 if (ret != EOK) {
46 return {};
47 }
48 g_baseFuzzPos += objectSize;
49 return object;
50 }
51
BuildInt32FromData(const uint8_t * data,size_t size)52 int32_t BuildInt32FromData(const uint8_t* data, size_t size)
53 {
54 if ((data == nullptr) || (size < sizeof(int32_t))) {
55 return 0;
56 }
57 int32_t int32Val = *reinterpret_cast<const int32_t *>(data);
58 return int32Val;
59 }
60
BuildStringFromData(const uint8_t * data,size_t size)61 std::string BuildStringFromData(const uint8_t* data, size_t size)
62 {
63 if ((data == nullptr) || (size == 0)) {
64 return "";
65 }
66 std::string strVal(reinterpret_cast<const char *>(data), size);
67 return strVal;
68 }
69
InitData(const uint8_t * data,size_t size)70 void InitData(const uint8_t* data, size_t size)
71 {
72 g_baseFuzzData = data;
73 g_baseFuzzSize = size;
74 g_baseFuzzPos = 0;
75 }
76
SamgrDumperFuzzTest(const uint8_t * data,size_t size)77 void SamgrDumperFuzzTest(const uint8_t* data, size_t size)
78 {
79 SamMockPermission::MockProcess(HIDUMPER_PROCESS_NAME);
80 std::string strVal = BuildStringFromData(data, size);
81 std::vector<std::string> args;
82 SplitStr(strVal, " ", args);
83 std::vector<std::u16string> argsWithStr16;
84 for (size_t i = 0; i < args.size(); i++) {
85 argsWithStr16.emplace_back(Str8ToStr16(args[i]));
86 }
87 std::string result;
88 std::shared_ptr<SystemAbilityStateScheduler> scheduler = std::make_shared<SystemAbilityStateScheduler>();
89 int32_t fd = -1;
90 SystemAbilityManagerDumper::FfrtDumpProc(scheduler, fd, args);
91 SystemAbilityManagerDumper::Dump(scheduler, args, result);
92 int32_t cmd = -1;
93 SystemAbilityManagerDumper::IpcDumpCmdParser(cmd, args);
94 std::string processName = BuildStringFromData(data, size);
95 SystemAbilityManagerDumper::IpcDumpIsSamgr(processName);
96 SystemAbilityManagerDumper::IpcDumpIsAllProcess(processName);
97 SystemAbilityManagerDumper::GetSamgrIpcStatistics(result);
98 SystemAbilityManagerDumper::StopSamgrIpcStatistics(result);
99 SystemAbilityManagerDumper::StartSamgrIpcStatistics(result);
100 SystemAbilityManagerDumper::GetSAMgrFfrtInfo(result);
101 int32_t pid = BuildInt32FromData(data, size);
102 SystemAbilityManagerDumper::DumpFfrtInfoInProc(scheduler, pid, result);
103
104 std::shared_ptr<SystemAbilityManager> manager = std::make_shared<SystemAbilityManager>();
105 manager->abilityStateScheduler_ = std::make_shared<SystemAbilityStateScheduler>();
106 manager->Dump(fd, argsWithStr16);
107 manager->IpcDumpProc(fd, args);
108 manager->IpcDumpAllProcess(fd, cmd);
109 manager->IpcDumpSamgrProcess(fd, cmd);
110 manager->IpcDumpSingleProcess(fd, cmd, processName);
111 }
112
FuzzListenerDumpProc()113 void FuzzListenerDumpProc()
114 {
115 SamMockPermission::MockProcess(HIDUMPER_PROCESS_NAME);
116 int32_t pid1 = GetData<int32_t>();
117 int32_t pid2 = GetData<int32_t>();
118 std::map<int32_t, std::list<SAListener>> dumpListeners;
119 std::list<SAListener> listeners;
120 sptr<SaStatusChangeMock> listener(new SaStatusChangeMock());
121 listeners.emplace_back(listener, pid1);
122 listeners.emplace_back(listener, pid2);
123 dumpListeners[SAID] = listeners;
124 int32_t fd = -1;
125 std::vector<std::string> args;
126 args.push_back("test");
127 args.push_back("-h");
128 SystemAbilityManagerDumper::ListenerDumpProc(dumpListeners, fd, args);
129 args.clear();
130
131 args.push_back("test");
132 args.push_back("-l");
133 args.push_back("-sa");
134 SystemAbilityManagerDumper::ListenerDumpProc(dumpListeners, fd, args);
135 args.clear();
136
137 args.push_back("test");
138 args.push_back("-l");
139 args.push_back("-p");
140 SystemAbilityManagerDumper::ListenerDumpProc(dumpListeners, fd, args);
141 args.clear();
142
143 args.push_back("test");
144 args.push_back("-sa");
145 args.push_back(ToString(SAID));
146 SystemAbilityManagerDumper::ListenerDumpProc(dumpListeners, fd, args);
147 args.clear();
148
149 args.push_back("test");
150 args.push_back("-p");
151 args.push_back(ToString(pid1));
152 SystemAbilityManagerDumper::ListenerDumpProc(dumpListeners, fd, args);
153 args.clear();
154 }
155
FuzzFfrtLoadMetrics()156 void FuzzFfrtLoadMetrics()
157 {
158 int32_t pid = GetData<int32_t>();
159 std::shared_ptr<SystemAbilityStateScheduler> scheduler = std::make_shared<SystemAbilityStateScheduler>();
160 int32_t fd = -1;
161 std::vector<std::string> args;
162 args.push_back("--ffrt");
163 args.push_back(ToString(pid));
164 args.push_back("--start-stat");
165 std::string result;
166 SystemAbilityManagerDumper::GetFfrtLoadMetrics(scheduler, fd, args, result);
167 SystemAbilityManagerDumper::ClearFfrtStatistics();
168 SystemAbilityManagerDumper::GetFfrtLoadMetrics(scheduler, fd, args, result);
169 args.pop_back();
170 args.push_back("--stop-stat");
171 SystemAbilityManagerDumper::GetFfrtLoadMetrics(scheduler, fd, args, result);
172 args.pop_back();
173 args.push_back("--stat");
174 SystemAbilityManagerDumper::GetFfrtLoadMetrics(scheduler, fd, args, result);
175 }
176 }
177 }
178
179 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)180 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
181 {
182 if (size < OHOS::Samgr::THRESHOLD) {
183 return 0;
184 }
185
186 OHOS::Samgr::InitData(data, size);
187 OHOS::Samgr::SamgrDumperFuzzTest(data, size);
188 OHOS::Samgr::FuzzListenerDumpProc();
189 OHOS::Samgr::FuzzFfrtLoadMetrics();
190
191 return 0;
192 }
193
194