1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "abilityschedulerstub_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20
21 #include "ability_scheduler_stub.h"
22 #include "message_parcel.h"
23 #include "securec.h"
24
25 using namespace OHOS::AAFwk;
26
27 namespace OHOS {
28 namespace {
29 constexpr size_t FOO_MAX_LEN = 1024;
30 constexpr size_t U32_AT_SIZE = 4;
31 const std::u16string ABILITYMGR_INTERFACE_TOKEN = u"ohos.aafwk.AbilityScheduler";
32 }
33 class AbilitySchedulerStubFuzzTest : public AbilitySchedulerStub {
34 public:
35 AbilitySchedulerStubFuzzTest() = default;
~AbilitySchedulerStubFuzzTest()36 virtual ~AbilitySchedulerStubFuzzTest()
37 {};
ScheduleAbilityTransaction(const Want & want,const LifeCycleStateInfo & targetState,sptr<SessionInfo> sessionInfo=nullptr)38 void ScheduleAbilityTransaction(const Want& want, const LifeCycleStateInfo& targetState,
39 sptr<SessionInfo> sessionInfo = nullptr) override
40 {}
ScheduleShareData(const int32_t & uniqueId)41 void ScheduleShareData(const int32_t &uniqueId) override
42 {}
SendResult(int requestCode,int resultCode,const Want & resultWant)43 void SendResult(int requestCode, int resultCode, const Want& resultWant) override
44 {}
ScheduleConnectAbility(const Want & want)45 void ScheduleConnectAbility(const Want& want) override
46 {}
ScheduleDisconnectAbility(const Want & want)47 void ScheduleDisconnectAbility(const Want& want) override
48 {}
ScheduleCommandAbility(const Want & want,bool restart,int startId)49 void ScheduleCommandAbility(const Want& want, bool restart, int startId) override
50 {}
ScheduleCommandAbilityWindow(const Want & want,const sptr<SessionInfo> & sessionInfo,WindowCommand winCmd)51 void ScheduleCommandAbilityWindow(const Want &want, const sptr<SessionInfo> &sessionInfo,
52 WindowCommand winCmd) override
53 {}
SchedulePrepareTerminateAbility()54 bool SchedulePrepareTerminateAbility() override
55 {
56 return true;
57 }
ScheduleSaveAbilityState()58 void ScheduleSaveAbilityState() override
59 {}
ScheduleRestoreAbilityState(const PacMap & inState)60 void ScheduleRestoreAbilityState(const PacMap& inState) override
61 {}
GetFileTypes(const Uri & uri,const std::string & mimeTypeFilter)62 std::vector<std::string> GetFileTypes(const Uri& uri, const std::string& mimeTypeFilter) override
63 {
64 return {};
65 }
OpenFile(const Uri & uri,const std::string & mode)66 int OpenFile(const Uri& uri, const std::string& mode) override
67 {
68 return 0;
69 }
OpenRawFile(const Uri & uri,const std::string & mode)70 int OpenRawFile(const Uri& uri, const std::string& mode) override
71 {
72 return 0;
73 }
Insert(const Uri & uri,const NativeRdb::ValuesBucket & value)74 int Insert(const Uri& uri, const NativeRdb::ValuesBucket& value) override
75 {
76 return 0;
77 }
Update(const Uri & uri,const NativeRdb::ValuesBucket & value,const NativeRdb::DataAbilityPredicates & predicates)78 int Update(const Uri& uri, const NativeRdb::ValuesBucket& value,
79 const NativeRdb::DataAbilityPredicates& predicates) override
80 {
81 return 0;
82 }
Delete(const Uri & uri,const NativeRdb::DataAbilityPredicates & predicates)83 int Delete(const Uri& uri, const NativeRdb::DataAbilityPredicates& predicates) override
84 {
85 return 0;
86 }
Call(const Uri & uri,const std::string & method,const std::string & arg,const AppExecFwk::PacMap & pacMap)87 std::shared_ptr<AppExecFwk::PacMap> Call(
88 const Uri& uri, const std::string& method, const std::string& arg, const AppExecFwk::PacMap& pacMap) override
89 {
90 return {};
91 }
Query(const Uri & uri,std::vector<std::string> & columns,const NativeRdb::DataAbilityPredicates & predicates)92 std::shared_ptr<NativeRdb::AbsSharedResultSet> Query(const Uri& uri,
93 std::vector<std::string>& columns, const NativeRdb::DataAbilityPredicates& predicates) override
94 {
95 return {};
96 }
GetType(const Uri & uri)97 std::string GetType(const Uri& uri) override
98 {
99 return {};
100 }
Reload(const Uri & uri,const PacMap & extras)101 bool Reload(const Uri& uri, const PacMap& extras) override
102 {
103 return true;
104 }
BatchInsert(const Uri & uri,const std::vector<NativeRdb::ValuesBucket> & values)105 int BatchInsert(const Uri& uri, const std::vector<NativeRdb::ValuesBucket>& values) override
106 {
107 return 0;
108 }
ScheduleRegisterObserver(const Uri & uri,const sptr<IDataAbilityObserver> & dataObserver)109 bool ScheduleRegisterObserver(const Uri& uri, const sptr<IDataAbilityObserver>& dataObserver) override
110 {
111 return true;
112 }
ScheduleUnregisterObserver(const Uri & uri,const sptr<IDataAbilityObserver> & dataObserver)113 bool ScheduleUnregisterObserver(const Uri& uri, const sptr<IDataAbilityObserver>& dataObserver) override
114 {
115 return true;
116 }
ScheduleNotifyChange(const Uri & uri)117 bool ScheduleNotifyChange(const Uri& uri) override
118 {
119 return true;
120 }
NormalizeUri(const Uri & uri)121 Uri NormalizeUri(const Uri& uri) override
122 {
123 return Uri{ "abilityschedulerstub" };
124 }
125
DenormalizeUri(const Uri & uri)126 Uri DenormalizeUri(const Uri& uri) override
127 {
128 return Uri{ "abilityschedulerstub" };
129 }
ExecuteBatch(const std::vector<std::shared_ptr<AppExecFwk::DataAbilityOperation>> & operations)130 std::vector<std::shared_ptr<AppExecFwk::DataAbilityResult>> ExecuteBatch(
131 const std::vector<std::shared_ptr<AppExecFwk::DataAbilityOperation>>& operations) override
132 {
133 return {};
134 }
ContinueAbility(const std::string & deviceId,uint32_t versionCode)135 void ContinueAbility(const std::string& deviceId, uint32_t versionCode) override
136 {}
NotifyContinuationResult(int32_t result)137 void NotifyContinuationResult(int32_t result) override
138 {}
DumpAbilityInfo(const std::vector<std::string> & params,std::vector<std::string> & info)139 void DumpAbilityInfo(const std::vector<std::string>& params, std::vector<std::string>& info) override
140 {}
BlockAbility()141 int BlockAbility() override
142 {
143 return 0;
144 }
CallRequest()145 void CallRequest() override
146 {
147 return;
148 }
149 };
150
GetU32Data(const char * ptr)151 uint32_t GetU32Data(const char* ptr)
152 {
153 // convert fuzz input data to an integer
154 return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3];
155 }
156
DoSomethingInterestingWithMyAPI(const char * data,size_t size)157 bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
158 {
159 uint32_t code = GetU32Data(data);
160
161 MessageParcel parcel;
162 parcel.WriteInterfaceToken(ABILITYMGR_INTERFACE_TOKEN);
163 parcel.WriteBuffer(data, size);
164 parcel.RewindRead(0);
165 MessageParcel reply;
166 MessageOption option;
167
168 std::shared_ptr<AbilitySchedulerStub> abilityschedulerstub = std::make_shared<AbilitySchedulerStubFuzzTest>();
169
170 if (abilityschedulerstub->OnRemoteRequest(code, parcel, reply, option) != 0) {
171 return false;
172 }
173
174 return true;
175 }
176 }
177
178 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)179 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
180 {
181 /* Run your code on data */
182 if (data == nullptr) {
183 std::cout << "invalid data" << std::endl;
184 return 0;
185 }
186
187 /* Validate the length of size */
188 if (size > OHOS::FOO_MAX_LEN || size < OHOS::U32_AT_SIZE) {
189 return 0;
190 }
191
192 char* ch = (char*)malloc(size + 1);
193 if (ch == nullptr) {
194 std::cout << "malloc failed." << std::endl;
195 return 0;
196 }
197
198 (void)memset_s(ch, size + 1, 0x00, size + 1);
199 if (memcpy_s(ch, size, data, size) != EOK) {
200 std::cout << "copy failed." << std::endl;
201 free(ch);
202 ch = nullptr;
203 return 0;
204 }
205
206 OHOS::DoSomethingInterestingWithMyAPI(ch, size);
207 free(ch);
208 ch = nullptr;
209 return 0;
210 }
211
212