1/*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#include "appspawnclient_fuzzer.h"
17#include <string>
18#include "appspawn.h"
19
20namespace OHOS {
21    int FuzzAppSpawnClientInit(const uint8_t *data, size_t size)
22    {
23        const char *name = APPSPAWN_SERVER_NAME;
24        AppSpawnClientHandle handle = nullptr;
25        return AppSpawnClientInit(name, &handle);
26    }
27
28    int FuzzAppSpawnClientDestroy(const uint8_t *data, size_t size)
29    {
30        const char *name = APPSPAWN_SERVER_NAME;
31        AppSpawnClientHandle handle = nullptr;
32        if (AppSpawnClientInit(name, &handle) != 0) {
33            return -1;
34        }
35        return AppSpawnClientDestroy(handle);
36    }
37
38    int FuzzAppSpawnReqMsgCreate(const uint8_t *data, size_t size)
39    {
40        const char *name = APPSPAWN_SERVER_NAME;
41        AppSpawnClientHandle handle = nullptr;
42        if (AppSpawnClientInit(name, &handle) != 0) {
43            return -1;
44        }
45        AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
46        std::string processName(reinterpret_cast<const char*>(data), size);
47        AppSpawnReqMsgHandle reqHandle = nullptr;
48        (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
49        AppSpawnReqMsgFree(reqHandle);
50        return AppSpawnClientDestroy(handle);
51    }
52
53    int FuzzAppSpawnReqMsgAddStringInfo(const uint8_t *data, size_t size)
54    {
55        const char *name = APPSPAWN_SERVER_NAME;
56        AppSpawnClientHandle handle = nullptr;
57        if (AppSpawnClientInit(name, &handle) != 0) {
58            return -1;
59        }
60        AppSpawnReqMsgHandle reqHandle = nullptr;
61        std::string processName(reinterpret_cast<const char*>(data), size);
62        AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
63        (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
64        (void)AppSpawnReqMsgAddStringInfo(reqHandle, processName.c_str(), processName.c_str());
65        AppSpawnReqMsgFree(reqHandle);
66        return AppSpawnClientDestroy(handle);
67    }
68
69    int FuzzAppSpawnTerminateMsgCreate(const uint8_t *data, size_t size)
70    {
71        const char *name = APPSPAWN_SERVER_NAME;
72        AppSpawnClientHandle handle = nullptr;
73        if (AppSpawnClientInit(name, &handle) != 0) {
74            return -1;
75        }
76        pid_t pid = static_cast<pid_t>(size);
77        AppSpawnReqMsgHandle reqHandle = nullptr;
78        AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
79        std::string processName(reinterpret_cast<const char*>(data), size);
80        (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
81        (void)AppSpawnTerminateMsgCreate(pid, &reqHandle);
82        AppSpawnReqMsgFree(reqHandle);
83        return AppSpawnClientDestroy(handle);
84    }
85
86    int FuzzAppSpawnClientSendMsg(const uint8_t *data, size_t size)
87    {
88        const char *name = APPSPAWN_SERVER_NAME;
89        AppSpawnClientHandle handle = nullptr;
90        if (AppSpawnClientInit(name, &handle) != 0) {
91            return -1;
92        }
93        AppSpawnReqMsgHandle reqHandle = nullptr;
94        AppSpawnResult appResult = {static_cast<int>(size), 0};
95        AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
96        std::string processName(reinterpret_cast<const char*>(data), size);
97        (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
98        (void)AppSpawnClientSendMsg(handle, reqHandle, &appResult);
99        return AppSpawnClientDestroy(handle);
100    }
101
102    int FuzzAppSpawnReqMsgFree(const uint8_t *data, size_t size)
103    {
104        const char *name = APPSPAWN_SERVER_NAME;
105        AppSpawnClientHandle handle = nullptr;
106        if (AppSpawnClientInit(name, &handle) != 0) {
107            return -1;
108        }
109        AppSpawnReqMsgHandle reqHandle = nullptr;
110        AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
111        std::string processName(reinterpret_cast<const char*>(data), size);
112        (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
113        AppSpawnReqMsgFree(reqHandle);
114        return AppSpawnClientDestroy(handle);
115    }
116
117    int FuzzAppSpawnReqMsgSetBundleInfo(const uint8_t *data, size_t size)
118    {
119        const char *name = APPSPAWN_SERVER_NAME;
120        AppSpawnClientHandle handle = nullptr;
121        if (AppSpawnClientInit(name, &handle) != 0) {
122            return -1;
123        }
124        AppSpawnReqMsgHandle reqHandle = nullptr;
125        AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
126        std::string processName(reinterpret_cast<const char*>(data), size);
127        (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
128        uint32_t bundleIndex = static_cast<uint32_t>(size);
129        std::string bundleName(reinterpret_cast<const char*>(data), size);
130        (void)AppSpawnReqMsgSetBundleInfo(reqHandle, bundleIndex, bundleName.c_str());
131        AppSpawnReqMsgFree(reqHandle);
132        return AppSpawnClientDestroy(handle);
133    }
134
135    int FuzzAppSpawnReqMsgSetAppFlag(const uint8_t *data, size_t size)
136    {
137        const char *name = APPSPAWN_SERVER_NAME;
138        AppSpawnClientHandle handle = nullptr;
139        if (AppSpawnClientInit(name, &handle) != 0) {
140            return -1;
141        }
142        AppSpawnReqMsgHandle reqHandle = nullptr;
143        AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
144        std::string processName(reinterpret_cast<const char*>(data), size);
145        (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
146        AppFlagsIndex flagIndex = static_cast<AppFlagsIndex>(size);
147        (void)AppSpawnReqMsgSetAppFlag(reqHandle, flagIndex);
148        AppSpawnReqMsgFree(reqHandle);
149        return AppSpawnClientDestroy(handle);
150    }
151
152    int FuzzAppSpawnReqMsgSetAppDacInfo(const uint8_t *data, size_t size)
153    {
154        const char *name = APPSPAWN_SERVER_NAME;
155        AppSpawnClientHandle handle = nullptr;
156        if (AppSpawnClientInit(name, &handle) != 0) {
157            return -1;
158        }
159        AppSpawnReqMsgHandle reqHandle = nullptr;
160        AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
161        std::string processName(reinterpret_cast<const char*>(data), size);
162        (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
163        AppDacInfo dacInfo = {};
164        (void)AppSpawnReqMsgSetAppDacInfo(reqHandle, &dacInfo);
165        AppSpawnReqMsgFree(reqHandle);
166        return AppSpawnClientDestroy(handle);
167    }
168
169    int FuzzAppSpawnReqMsgSetAppDomainInfo(const uint8_t *data, size_t size)
170    {
171        const char *name = APPSPAWN_SERVER_NAME;
172        AppSpawnClientHandle handle = nullptr;
173        if (AppSpawnClientInit(name, &handle) != 0) {
174            return -1;
175        }
176        AppSpawnReqMsgHandle reqHandle = nullptr;
177        AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
178        std::string processName(reinterpret_cast<const char*>(data), size);
179        (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
180        std::string apl(reinterpret_cast<const char*>(data), size);
181        uint32_t hapFlags = static_cast<uint32_t>(size);
182        (void)AppSpawnReqMsgSetAppDomainInfo(reqHandle, hapFlags, apl.c_str());
183        AppSpawnReqMsgFree(reqHandle);
184        return AppSpawnClientDestroy(handle);
185    }
186
187    int FuzzAppSpawnReqMsgSetAppInternetPermissionInfo(const uint8_t *data, size_t size)
188    {
189        const char *name = APPSPAWN_SERVER_NAME;
190        AppSpawnClientHandle handle = nullptr;
191        if (AppSpawnClientInit(name, &handle) != 0) {
192            return -1;
193        }
194        AppSpawnReqMsgHandle reqHandle = nullptr;
195        AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
196        std::string processName(reinterpret_cast<const char*>(data), size);
197        (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
198        uint8_t allow = static_cast<uint8_t>(size);
199        uint8_t setAllow = static_cast<uint8_t>(size);
200        (void)AppSpawnReqMsgSetAppInternetPermissionInfo(reqHandle, allow, setAllow);
201        AppSpawnReqMsgFree(reqHandle);
202        return AppSpawnClientDestroy(handle);
203    }
204
205    int FuzzAppSpawnReqMsgSetAppAccessToken(const uint8_t *data, size_t size)
206    {
207        const char *name = APPSPAWN_SERVER_NAME;
208        AppSpawnClientHandle handle = nullptr;
209        if (AppSpawnClientInit(name, &handle) != 0) {
210            return -1;
211        }
212        AppSpawnReqMsgHandle reqHandle = nullptr;
213        AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
214        std::string processName(reinterpret_cast<const char*>(data), size);
215        (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
216        uint64_t accessTokenIdEx = static_cast<uint64_t>(size);
217        (void)AppSpawnReqMsgSetAppAccessToken(reqHandle, accessTokenIdEx);
218        AppSpawnReqMsgFree(reqHandle);
219        return AppSpawnClientDestroy(handle);
220    }
221
222    int FuzzAppSpawnReqMsgSetAppOwnerId(const uint8_t *data, size_t size)
223    {
224        const char *name = APPSPAWN_SERVER_NAME;
225        AppSpawnClientHandle handle = nullptr;
226        if (AppSpawnClientInit(name, &handle) != 0) {
227            return -1;
228        }
229        AppSpawnReqMsgHandle reqHandle = nullptr;
230        AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
231        std::string processName(reinterpret_cast<const char*>(data), size);
232        (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
233        std::string ownerId(reinterpret_cast<const char*>(data), size);
234        (void)AppSpawnReqMsgSetAppOwnerId(reqHandle, ownerId.c_str());
235        AppSpawnReqMsgFree(reqHandle);
236        return AppSpawnClientDestroy(handle);
237    }
238
239    int FuzzAppSpawnReqMsgAddPermission(const uint8_t *data, size_t size)
240    {
241        const char *name = APPSPAWN_SERVER_NAME;
242        AppSpawnClientHandle handle = nullptr;
243        if (AppSpawnClientInit(name, &handle) != 0) {
244            return -1;
245        }
246        AppSpawnReqMsgHandle reqHandle = nullptr;
247        AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
248        std::string processName(reinterpret_cast<const char*>(data), size);
249        (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
250        std::string permission(reinterpret_cast<const char*>(data), size);
251        (void)AppSpawnReqMsgAddPermission(reqHandle, permission.c_str());
252        AppSpawnReqMsgFree(reqHandle);
253        return AppSpawnClientDestroy(handle);
254    }
255
256    int FuzzAppSpawnReqMsgAddExtInfo(const uint8_t *data, size_t size)
257    {
258        const char *name = APPSPAWN_SERVER_NAME;
259        AppSpawnClientHandle handle = nullptr;
260        if (AppSpawnClientInit(name, &handle) != 0) {
261            return -1;
262        }
263        AppSpawnReqMsgHandle reqHandle = nullptr;
264        AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
265        std::string processName(reinterpret_cast<const char*>(data), size);
266        (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
267        (void)AppSpawnReqMsgAddExtInfo(reqHandle, processName.c_str(), data, static_cast<uint32_t>(size));
268        AppSpawnReqMsgFree(reqHandle);
269        return AppSpawnClientDestroy(handle);
270    }
271
272    int FuzzGetPermissionIndex(const uint8_t *data, size_t size)
273    {
274        std::string permission(reinterpret_cast<const char*>(data), size);
275        return GetPermissionIndex(nullptr, permission.c_str());
276    }
277
278    int FuzzGetMaxPermissionIndex(const uint8_t *data, size_t size)
279    {
280        return GetMaxPermissionIndex(nullptr);
281    }
282
283    int FuzzGetPermissionByIndex(const uint8_t *data, size_t size)
284    {
285        int32_t index = static_cast<int32_t>(size);
286        if (GetPermissionByIndex(nullptr, index) == nullptr) {
287            return -1;
288        }
289        return 0;
290    }
291}
292
293/* Fuzzer entry point */
294extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
295{
296    /* Run your code on data */
297    OHOS::FuzzAppSpawnClientInit(data, size);
298    OHOS::FuzzAppSpawnClientDestroy(data, size);
299    OHOS::FuzzAppSpawnReqMsgCreate(data, size);
300    OHOS::FuzzAppSpawnTerminateMsgCreate(data, size);
301    OHOS::FuzzAppSpawnReqMsgFree(data, size);
302    OHOS::FuzzAppSpawnClientSendMsg(data, size);
303    OHOS::FuzzAppSpawnReqMsgSetBundleInfo(data, size);
304    OHOS::FuzzAppSpawnReqMsgSetAppFlag(data, size);
305    OHOS::FuzzAppSpawnReqMsgSetAppDacInfo(data, size);
306    OHOS::FuzzAppSpawnReqMsgSetAppDomainInfo(data, size);
307    OHOS::FuzzAppSpawnReqMsgSetAppInternetPermissionInfo(data, size);
308    OHOS::FuzzAppSpawnReqMsgSetAppAccessToken(data, size);
309    OHOS::FuzzAppSpawnReqMsgSetAppOwnerId(data, size);
310    OHOS::FuzzAppSpawnReqMsgAddPermission(data, size);
311    OHOS::FuzzAppSpawnReqMsgAddExtInfo(data, size);
312    OHOS::FuzzAppSpawnReqMsgAddStringInfo(data, size);
313    OHOS::FuzzGetPermissionIndex(data, size);
314    OHOS::FuzzGetMaxPermissionIndex(data, size);
315    OHOS::FuzzGetPermissionByIndex(data, size);
316    return 0;
317}
318