1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "geoconvertservice_fuzzer.h"
17 
18 #include "accesstoken_kit.h"
19 #include "if_system_ability_manager.h"
20 #include "iservice_registry.h"
21 #include "message_option.h"
22 #include "message_parcel.h"
23 #include "nativetoken_kit.h"
24 #include "system_ability_definition.h"
25 #include "token_setproc.h"
26 #include "locationhub_ipc_interface_code.h"
27 
28 #include "location.h"
29 #include "locator_ability.h"
30 #ifdef FEATURE_GEOCODE_SUPPORT
31 #include "geo_convert_service.h"
32 #endif
33 #include "permission_manager.h"
34 
35 namespace OHOS {
36 using namespace OHOS::Location;
37 const int32_t MAX_MEM_SIZE = 4 * 1024 * 1024;
38 const int32_t LOCATION_PERM_NUM = 4;
MockNativePermission()39 void MockNativePermission()
40 {
41     const char *perms[] = {
42         ACCESS_LOCATION.c_str(), ACCESS_APPROXIMATELY_LOCATION.c_str(),
43         ACCESS_BACKGROUND_LOCATION.c_str(), MANAGE_SECURE_SETTINGS.c_str(),
44     };
45     NativeTokenInfoParams infoInstance = {
46         .dcapsNum = 0,
47         .permsNum = LOCATION_PERM_NUM,
48         .aclsNum = 0,
49         .dcaps = nullptr,
50         .perms = perms,
51         .acls = nullptr,
52         .processName = "Geocode_FuzzTest",
53         .aplStr = "system_basic",
54     };
55     auto tokenId = GetAccessTokenId(&infoInstance);
56     SetSelfTokenID(tokenId);
57     Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
58     LocatorAbility::GetInstance()->EnableAbility(true);
59 }
60 
ParseData(const uint8_t* data, size_t size)61 char* ParseData(const uint8_t* data, size_t size)
62 {
63     if (data == nullptr) {
64         return nullptr;
65     }
66 
67     if (size > MAX_MEM_SIZE) {
68         return nullptr;
69     }
70 
71     char* ch = (char *)malloc(size + 1);
72     if (ch == nullptr) {
73         return nullptr;
74     }
75 
76     (void)memset_s(ch, size + 1, 0x00, size + 1);
77     if (memcpy_s(ch, size, data, size) != EOK) {
78         free(ch);
79         ch = nullptr;
80         return nullptr;
81     }
82     return ch;
83 }
84 
85 #ifdef FEATURE_GEOCODE_SUPPORT
GeoConvertServiceFuzzTest001(const char* data, size_t size)86 bool GeoConvertServiceFuzzTest001(const char* data, size_t size)
87 {
88     MessageParcel requestParcel;
89     requestParcel.WriteInterfaceToken(u"location.IGeoConvert");
90     requestParcel.WriteBuffer(data, size);
91     requestParcel.RewindRead(0);
92 
93     MessageParcel reply;
94     MessageOption option;
95 
96     auto service1 = sptr<GeoConvertService>(new (std::nothrow) GeoConvertService());
97     service1->OnRemoteRequest(static_cast<uint32_t>(GeoConvertInterfaceCode::IS_AVAILABLE),
98         requestParcel, reply, option);
99 
100     return true;
101 }
102 
GeoConvertServiceFuzzTest002(const char* data, size_t size)103 bool GeoConvertServiceFuzzTest002(const char* data, size_t size)
104 {
105     MessageParcel requestParcel;
106     requestParcel.WriteInterfaceToken(u"location.IGeoConvert");
107     requestParcel.WriteBuffer(data, size);
108     requestParcel.RewindRead(0);
109 
110     MessageParcel reply;
111     MessageOption option;
112 
113     auto service2 = sptr<GeoConvertService>(new (std::nothrow) GeoConvertService());
114     service2->OnRemoteRequest(static_cast<uint32_t>(GeoConvertInterfaceCode::GET_FROM_COORDINATE),
115         requestParcel, reply, option);
116 
117     return true;
118 }
119 
GeoConvertServiceFuzzTest003(const char* data, size_t size)120 bool GeoConvertServiceFuzzTest003(const char* data, size_t size)
121 {
122     MessageParcel requestParcel;
123     requestParcel.WriteInterfaceToken(u"location.IGeoConvert");
124     requestParcel.WriteBuffer(data, size);
125     requestParcel.RewindRead(0);
126 
127     MessageParcel reply;
128     MessageOption option;
129 
130     auto service3 = sptr<GeoConvertService>(new (std::nothrow) GeoConvertService());
131     service3->OnRemoteRequest(static_cast<uint32_t>(GeoConvertInterfaceCode::GET_FROM_LOCATION_NAME_BY_BOUNDARY),
132         requestParcel, reply, option);
133 
134     return true;
135 }
136 
GeoConvertServiceFuzzTest004(const char* data, size_t size)137 bool GeoConvertServiceFuzzTest004(const char* data, size_t size)
138 {
139     MessageParcel requestParcel;
140     requestParcel.WriteInterfaceToken(u"location.IGeoConvert");
141     requestParcel.WriteBuffer(data, size);
142     requestParcel.RewindRead(0);
143 
144     MessageParcel reply;
145     MessageOption option;
146 
147     auto service4 = sptr<GeoConvertService>(new (std::nothrow) GeoConvertService());
148     service4->OnRemoteRequest(static_cast<uint32_t>(GeoConvertInterfaceCode::ENABLE_REVERSE_GEOCODE_MOCK),
149         requestParcel, reply, option);
150 
151     return true;
152 }
153 
GeoConvertServiceFuzzTest005(const char* data, size_t size)154 bool GeoConvertServiceFuzzTest005(const char* data, size_t size)
155 {
156     MessageParcel requestParcel;
157     requestParcel.WriteInterfaceToken(u"location.IGeoConvert");
158     requestParcel.WriteBuffer(data, size);
159     requestParcel.RewindRead(0);
160 
161     MessageParcel reply;
162     MessageOption option;
163 
164     auto service5 = sptr<GeoConvertService>(new (std::nothrow) GeoConvertService());
165     service5->OnRemoteRequest(static_cast<uint32_t>(GeoConvertInterfaceCode::DISABLE_REVERSE_GEOCODE_MOCK),
166         requestParcel, reply, option);
167 
168     return true;
169 }
170 
GeoConvertServiceFuzzTest006(const char* data, size_t size)171 bool GeoConvertServiceFuzzTest006(const char* data, size_t size)
172 {
173     MessageParcel requestParcel;
174     requestParcel.WriteInterfaceToken(u"location.IGeoConvert");
175     requestParcel.WriteBuffer(data, size);
176     requestParcel.RewindRead(0);
177 
178     MessageParcel reply;
179     MessageOption option;
180 
181     auto service6 = sptr<GeoConvertService>(new (std::nothrow) GeoConvertService());
182     service6->OnRemoteRequest(static_cast<uint32_t>(GeoConvertInterfaceCode::SET_REVERSE_GEOCODE_MOCKINFO),
183         requestParcel, reply, option);
184 
185     return true;
186 }
187 #endif
188 } // namespace OHOS
189 
190 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)191 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
192 {
193     OHOS::MockNativePermission();
194     char* ch = OHOS::ParseData(data, size);
195     if (ch != nullptr) {
196 #ifdef FEATURE_GEOCODE_SUPPORT
197         OHOS::GeoConvertServiceFuzzTest001(ch, size);
198         OHOS::GeoConvertServiceFuzzTest002(ch, size);
199         OHOS::GeoConvertServiceFuzzTest003(ch, size);
200         OHOS::GeoConvertServiceFuzzTest004(ch, size);
201         OHOS::GeoConvertServiceFuzzTest005(ch, size);
202         OHOS::GeoConvertServiceFuzzTest006(ch, size);
203 #endif
204         free(ch);
205         ch = nullptr;
206     }
207     return 0;
208 }
209 
210