1/* 2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15#define private public 16#define protected public 17#include "input_method_system_ability.h" 18#include "input_method_system_ability_proxy.h" 19#undef private 20 21#include <atomic> 22#include <cstddef> 23#include <cstdint> 24#include <string_ex.h> 25 26#include "accesstoken_kit.h" 27#include "global.h" 28#include "input_method_controller.h" 29#include "iservice_registry.h" 30#include "message_parcel.h" 31#include "nativetoken_kit.h" 32#include "system_ability_definition.h" 33#include "systemabilitystub_fuzzer.h" 34#include "text_listener.h" 35#include "token_setproc.h" 36 37using namespace OHOS::Security::AccessToken; 38using namespace OHOS::MiscServices; 39namespace OHOS { 40std::atomic_bool g_isInitialize = false; 41constexpr uint32_t TARGET_REMOTE_CODE_NUMS = 21; 42void GrantNativePermission() 43{ 44 const char **perms = new const char *[1]; 45 perms[0] = "ohos.permission.CONNECT_IME_ABILITY"; 46 TokenInfoParams infoInstance = { 47 .dcapsNum = 0, 48 .permsNum = 1, 49 .aclsNum = 0, 50 .dcaps = nullptr, 51 .perms = perms, 52 .acls = nullptr, 53 .processName = "inputmethod_imf", 54 .aplStr = "system_core", 55 }; 56 uint64_t tokenId = GetAccessTokenId(&infoInstance); 57 int res = SetSelfTokenID(tokenId); 58 if (res == 0) { 59 IMSA_HILOGI("SetSelfTokenID success!"); 60 } else { 61 IMSA_HILOGE("SetSelfTokenID fail!"); 62 } 63 AccessTokenKit::ReloadNativeTokenInfo(); 64 delete[] perms; 65} 66constexpr size_t THRESHOLD = 10; 67constexpr int32_t OFFSET = 4; 68const std::u16string SYSTEMABILITY_INTERFACE_TOKEN = u"ohos.miscservices.inputmethod.IInputMethodSystemAbility"; 69 70uint32_t ConvertToUint32(const uint8_t *ptr) 71{ 72 if (ptr == nullptr) { 73 return 0; 74 } 75 uint32_t bigVar = (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | (ptr[3]); 76 return bigVar; 77} 78bool FuzzInputMethodSystemAbility(const uint8_t *rawData, size_t size) 79{ 80 GrantNativePermission(); 81 uint32_t code = ConvertToUint32(rawData) % TARGET_REMOTE_CODE_NUMS; 82 rawData = rawData + OFFSET; 83 size = size - OFFSET; 84 85 if (!g_isInitialize.load()) { 86 DelayedSingleton<InputMethodSystemAbility>::GetInstance()->Initialize(); 87 g_isInitialize.store(true); 88 } 89 90 sptr<InputMethodController> imc = InputMethodController::GetInstance(); 91 sptr<OnTextChangedListener> textListener = new TextListener(); 92 imc->Attach(textListener); 93 94 MessageParcel datas; 95 datas.WriteInterfaceToken(SYSTEMABILITY_INTERFACE_TOKEN); 96 datas.WriteBuffer(rawData, size); 97 datas.RewindRead(0); 98 MessageParcel reply; 99 MessageOption option; 100 DelayedSingleton<InputMethodSystemAbility>::GetInstance()->OnRemoteRequest(code, datas, reply, option); 101 return true; 102} 103 104bool TestDump(const uint8_t *rawData, size_t size) 105{ 106 std::vector<std::u16string> args; 107 std::string str(reinterpret_cast<const char *>(rawData), size); 108 args.push_back(Str8ToStr16(str)); 109 DelayedSingleton<InputMethodSystemAbility>::GetInstance()->Dump(static_cast<int32_t>(size), args); 110 DelayedSingleton<InputMethodSystemAbility>::GetInstance()->DumpAllMethod(static_cast<int32_t>(size)); 111 return true; 112} 113 114} // namespace OHOS 115/* Fuzzer entry point */ 116extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 117{ 118 if (size < OHOS::THRESHOLD) { 119 return 0; 120 } 121 /* Run your code on data */ 122 OHOS::FuzzInputMethodSystemAbility(data, size); 123 OHOS::TestDump(data, size); 124 return 0; 125} 126