1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "cgroupsched_fuzzer.h"
17 #include "background_task_observer.h"
18
19 #include <cstddef>
20 #include <cstdint>
21 #include <cstdlib>
22 #include <securec.h>
23 #include <string>
24 #include <vector>
25
26 #ifndef errno_t
27 typedef int errno_t;
28 #endif
29
30 #ifndef EOK
31 #define EOK 0
32 #endif
33
34 namespace OHOS {
35 namespace ResourceSchedule {
36 const uint8_t* g_data = nullptr;
37 size_t g_size = 0;
38 size_t g_pos;
39
40 /*
41 * describe: get data from outside untrusted data(g_data) which size is according to sizeof(T)
42 * tips: only support basic type
43 */
44 template<class T>
GetData()45 T GetData()
46 {
47 T object {};
48 size_t objectSize = sizeof(object);
49 if (g_data == nullptr || objectSize > g_size - g_pos) {
50 return object;
51 }
52 errno_t ret = memcpy_s(&object, objectSize, g_data + g_pos, objectSize);
53 if (ret != EOK) {
54 return {};
55 }
56 g_pos += objectSize;
57 return object;
58 }
59
60 /*
61 * get a string from g_data
62 */
GetStringFromData(int strlen)63 std::string GetStringFromData(int strlen)
64 {
65 if (strlen <= 0) {
66 return "";
67 }
68 char cstr[strlen];
69 cstr[strlen - 1] = '\0';
70 for (int i = 0; i < strlen - 1; i++) {
71 char tmp = GetData<char>();
72 if (tmp == '\0') {
73 tmp = '1';
74 }
75 cstr[i] = tmp;
76 }
77 std::string str(cstr);
78 return str;
79 }
80
TransientTaskStartFuzzTest(const uint8_t * data,size_t size)81 bool TransientTaskStartFuzzTest(const uint8_t* data, size_t size)
82 {
83 if (data == nullptr) {
84 return false;
85 }
86
87 if (size <= sizeof(int32_t) + sizeof(int32_t)) {
88 return false;
89 }
90
91 // initialize
92 g_data = data;
93 g_size = size;
94 g_pos = 0;
95
96 // getdata
97 int32_t uid = GetData<int32_t>();
98 int32_t pid = GetData<int32_t>();
99 std::string packageName = GetStringFromData(int(size) - sizeof(int32_t) - sizeof(int32_t));
100 auto transientTaskAppInfo =
101 std::make_shared<TransientTaskAppInfo>(packageName, uid, pid);
102 auto backgroundTaskObserver = std::make_unique<BackgroundTaskObserver>();
103 backgroundTaskObserver->OnTransientTaskStart(transientTaskAppInfo);
104
105 return true;
106 }
107
TransientTaskEndFuzzTest(const uint8_t * data,size_t size)108 bool TransientTaskEndFuzzTest(const uint8_t* data, size_t size)
109 {
110 if (data == nullptr) {
111 return false;
112 }
113
114 if (size <= sizeof(int32_t) + sizeof(int32_t)) {
115 return false;
116 }
117
118 // initialize
119 g_data = data;
120 g_size = size;
121 g_pos = 0;
122
123 // getdata
124 int32_t uid = GetData<int32_t>();
125 int32_t pid = GetData<int32_t>();
126 std::string packageName = GetStringFromData(int(size) - sizeof(int32_t) - sizeof(int32_t));
127 auto transientTaskAppInfo =
128 std::make_shared<TransientTaskAppInfo>(packageName, uid, pid);
129 auto backgroundTaskObserver = std::make_unique<BackgroundTaskObserver>();
130 backgroundTaskObserver->OnTransientTaskEnd(transientTaskAppInfo);
131
132 return true;
133 }
134
ContinuousTaskStartFuzzTest(const uint8_t * data,size_t size)135 bool ContinuousTaskStartFuzzTest(const uint8_t* data, size_t size)
136 {
137 if (data == nullptr) {
138 return false;
139 }
140
141 if (size <= sizeof(int32_t) + sizeof(int32_t) + sizeof(pid_t)) {
142 return false;
143 }
144
145 // initialize
146 g_data = data;
147 g_size = size;
148 g_pos = 0;
149
150 // getdata
151 int32_t typeId = GetData<int32_t>();
152 int32_t creatorUid = GetData<int32_t>();
153 pid_t creatorPid = GetData<pid_t>();
154 std::string abilityName = GetStringFromData(int(size) - sizeof(int32_t) - sizeof(int32_t) - sizeof(pid_t));
155 auto continuousTaskCallbackInfo =
156 std::make_shared<ContinuousTaskCallbackInfo>(typeId, creatorUid, creatorPid, abilityName);
157 auto backgroundTaskObserver = std::make_unique<BackgroundTaskObserver>();
158 backgroundTaskObserver->OnContinuousTaskStart(continuousTaskCallbackInfo);
159
160 return true;
161 }
162
ContinuousTaskStopFuzzTest(const uint8_t * data,size_t size)163 bool ContinuousTaskStopFuzzTest(const uint8_t* data, size_t size)
164 {
165 if (data == nullptr) {
166 return false;
167 }
168
169 if (size <= sizeof(int32_t) + sizeof(int32_t) + sizeof(pid_t)) {
170 return false;
171 }
172
173 // initialize
174 g_data = data;
175 g_size = size;
176 g_pos = 0;
177
178 // getdata
179 int32_t typeId = GetData<int32_t>();
180 int32_t creatorUid = GetData<int32_t>();
181 pid_t creatorPid = GetData<pid_t>();
182 std::string abilityName = GetStringFromData(int(size) - sizeof(int32_t) - sizeof(int32_t) - sizeof(pid_t));
183 auto continuousTaskCallbackInfo =
184 std::make_shared<ContinuousTaskCallbackInfo>(typeId, creatorUid, creatorPid, abilityName);
185 auto backgroundTaskObserver = std::make_unique<BackgroundTaskObserver>();
186 backgroundTaskObserver->OnContinuousTaskStop(continuousTaskCallbackInfo);
187
188 return true;
189 }
190
DisconnectedFuzzTest(const uint8_t * data,size_t size)191 bool DisconnectedFuzzTest(const uint8_t* data, size_t size)
192 {
193 if (data == nullptr) {
194 return false;
195 }
196
197 // initialize
198 g_data = data;
199 g_size = size;
200 g_pos = 0;
201
202 // getdata
203 auto backgroundTaskObserver = std::make_unique<BackgroundTaskObserver>();
204 backgroundTaskObserver->OnDisconnected();
205
206 return true;
207 }
208
RemoteDiedFuzzTest(const uint8_t * data,size_t size)209 bool RemoteDiedFuzzTest(const uint8_t* data, size_t size)
210 {
211 if (data == nullptr) {
212 return false;
213 }
214
215 // initialize
216 g_data = data;
217 g_size = size;
218 g_pos = 0;
219
220 // getdata
221 wptr<IRemoteObject> iRemoteObject = nullptr;
222 auto backgroundTaskObserver = std::make_unique<BackgroundTaskObserver>();
223 backgroundTaskObserver->OnRemoteDied(iRemoteObject);
224
225 return true;
226 }
227 } // namespace ResourceSchedule
228 } // namespace OHOS
229
230 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)231 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
232 {
233 /* Run your code on data */
234 OHOS::ResourceSchedule::TransientTaskStartFuzzTest(data, size);
235 OHOS::ResourceSchedule::TransientTaskEndFuzzTest(data, size);
236 OHOS::ResourceSchedule::ContinuousTaskStartFuzzTest(data, size);
237 OHOS::ResourceSchedule::ContinuousTaskStopFuzzTest(data, size);
238 OHOS::ResourceSchedule::DisconnectedFuzzTest(data, size);
239 OHOS::ResourceSchedule::RemoteDiedFuzzTest(data, size);
240 return 0;
241 }