142103316Sopenharmony_ci/* 242103316Sopenharmony_ci * Copyright (c) 2024 Huawei Device Co., Ltd. 342103316Sopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 442103316Sopenharmony_ci * you may not use this file except in compliance with the License. 542103316Sopenharmony_ci * You may obtain a copy of the License at 642103316Sopenharmony_ci * 742103316Sopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 842103316Sopenharmony_ci * 942103316Sopenharmony_ci * Unless required by applicable law or agreed to in writing, software 1042103316Sopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 1142103316Sopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1242103316Sopenharmony_ci * See the License for the specific language governing permissions and 1342103316Sopenharmony_ci * limitations under the License. 1442103316Sopenharmony_ci */ 1542103316Sopenharmony_ci 1642103316Sopenharmony_ci#include "usbmgrex_fuzzer.h" 1742103316Sopenharmony_ci#include <cstddef> 1842103316Sopenharmony_ci#include <cstdint> 1942103316Sopenharmony_ci#include "usb_service.h" 2042103316Sopenharmony_ci 2142103316Sopenharmony_ciusing namespace OHOS::HDI::Usb::V1_0; 2242103316Sopenharmony_ciusing namespace OHOS::USB; 2342103316Sopenharmony_ci 2442103316Sopenharmony_cinamespace OHOS { 2542103316Sopenharmony_ciconstexpr size_t THRESHOLD = 10; 2642103316Sopenharmony_ciconstexpr int32_t OFFSET = 4; 2742103316Sopenharmony_cienum class UsbInterfaceCode { 2842103316Sopenharmony_ci USB_FUN_HAS_RIGHT = 0, 2942103316Sopenharmony_ci USB_FUN_REQUEST_RIGHT, 3042103316Sopenharmony_ci USB_FUN_REMOVE_RIGHT, 3142103316Sopenharmony_ci USB_FUN_OPEN_DEVICE, 3242103316Sopenharmony_ci USB_FUN_RESET_DEVICE, 3342103316Sopenharmony_ci USB_FUN_GET_DEVICE, 3442103316Sopenharmony_ci USB_FUN_GET_DEVICES, 3542103316Sopenharmony_ci USB_FUN_GET_CURRENT_FUNCTIONS, 3642103316Sopenharmony_ci USB_FUN_SET_CURRENT_FUNCTIONS, 3742103316Sopenharmony_ci USB_FUN_USB_FUNCTIONS_FROM_STRING, 3842103316Sopenharmony_ci USB_FUN_USB_FUNCTIONS_TO_STRING, 3942103316Sopenharmony_ci USB_FUN_CLAIM_INTERFACE, 4042103316Sopenharmony_ci USB_FUN_RELEASE_INTERFACE, 4142103316Sopenharmony_ci USB_FUN_BULK_TRANSFER_READ, 4242103316Sopenharmony_ci USB_FUN_BULK_TRANSFER_WRITE, 4342103316Sopenharmony_ci USB_FUN_CONTROL_TRANSFER, 4442103316Sopenharmony_ci USB_FUN_USB_CONTROL_TRANSFER, 4542103316Sopenharmony_ci USB_FUN_SET_ACTIVE_CONFIG, 4642103316Sopenharmony_ci USB_FUN_GET_ACTIVE_CONFIG, 4742103316Sopenharmony_ci USB_FUN_SET_INTERFACE, 4842103316Sopenharmony_ci USB_FUN_GET_PORTS, 4942103316Sopenharmony_ci USB_FUN_GET_SUPPORTED_MODES, 5042103316Sopenharmony_ci USB_FUN_SET_PORT_ROLE, 5142103316Sopenharmony_ci USB_FUN_REQUEST_QUEUE, 5242103316Sopenharmony_ci USB_FUN_REQUEST_WAIT, 5342103316Sopenharmony_ci USB_FUN_REQUEST_CANCEL, 5442103316Sopenharmony_ci USB_FUN_GET_DESCRIPTOR, 5542103316Sopenharmony_ci USB_FUN_GET_FILEDESCRIPTOR, 5642103316Sopenharmony_ci USB_FUN_CLOSE_DEVICE, 5742103316Sopenharmony_ci USB_FUN_BULK_AYSNC_READ, 5842103316Sopenharmony_ci USB_FUN_BULK_AYSNC_WRITE, 5942103316Sopenharmony_ci USB_FUN_BULK_AYSNC_CANCEL, 6042103316Sopenharmony_ci USB_FUN_REG_BULK_CALLBACK, 6142103316Sopenharmony_ci USB_FUN_UNREG_BULK_CALLBACK, 6242103316Sopenharmony_ci USB_FUN_ADD_RIGHT, 6342103316Sopenharmony_ci USB_FUN_DISABLE_GLOBAL_INTERFACE, 6442103316Sopenharmony_ci USB_FUN_DISABLE_DEVICE, 6542103316Sopenharmony_ci USB_FUN_DISABLE_INTERFACE_TYPE, 6642103316Sopenharmony_ci USB_FUN_CLEAR_HALT, 6742103316Sopenharmony_ci USB_FUN_GET_DEVICE_SPEED, 6842103316Sopenharmony_ci USB_FUN_GET_DRIVER_ACTIVE_STATUS, 6942103316Sopenharmony_ci USB_FUN_ADD_ACCESS_RIGHT, 7042103316Sopenharmony_ci USB_FUN_BULK_TRANSFER_READ_WITH_LENGTH, 7142103316Sopenharmony_ci USB_FUN_ATTACH_KERNEL_DRIVER, 7242103316Sopenharmony_ci USB_FUN_DETACH_KERNEL_DRIVER, 7342103316Sopenharmony_ci}; 7442103316Sopenharmony_ciconst std::u16string USB_INTERFACE_TOKEN = u"ohos.usb.IUsbSrv"; 7542103316Sopenharmony_cistatic uint32_t g_usbInterfaceCode = 0; 7642103316Sopenharmony_cistatic constexpr uint32_t g_usbInterfaceCodeCount = 43; // UsbInterfaceCode Count - 1 7742103316Sopenharmony_ci 7842103316Sopenharmony_civoid SetTestCaseNative(TokenInfoParams *infoInstance) 7942103316Sopenharmony_ci{ 8042103316Sopenharmony_ci uint64_t tokenId = GetAccessTokenId(infoInstance); 8142103316Sopenharmony_ci int ret = SetSelfTokenID(tokenId); 8242103316Sopenharmony_ci if (ret == 0) { 8342103316Sopenharmony_ci USB_HILOGI(MODULE_USB_SERVICE, "SetSelfTokenID success %{public}d", __LINE__); 8442103316Sopenharmony_ci } else { 8542103316Sopenharmony_ci USB_HILOGE(MODULE_USB_SERVICE, "SetSelfTokenID fail %{public}d", ret); 8642103316Sopenharmony_ci } 8742103316Sopenharmony_ci ret = Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); 8842103316Sopenharmony_ci if (ret == 0) { 8942103316Sopenharmony_ci USB_HILOGI(MODULE_USB_SERVICE, "ReloadNativeTokenInfo success %{public}d", __LINE__); 9042103316Sopenharmony_ci } else { 9142103316Sopenharmony_ci USB_HILOGE(MODULE_USB_SERVICE, "ReloadNativeTokenInfo fail %{public}d", ret); 9242103316Sopenharmony_ci } 9342103316Sopenharmony_ci} 9442103316Sopenharmony_ci 9542103316Sopenharmony_civoid GrantPermissionSysNative() 9642103316Sopenharmony_ci{ 9742103316Sopenharmony_ci const char **permsInfo = new(std::nothrow)const char* [1]; 9842103316Sopenharmony_ci permsInfo[0] = "ohos.permission.MANAGE_USB_CONFIG"; 9942103316Sopenharmony_ci TokenInfoParams g_sysInfoInstance = { 10042103316Sopenharmony_ci .dcapsNum = 0, 10142103316Sopenharmony_ci .permsNum = 1, 10242103316Sopenharmony_ci .aclsNum = 0, 10342103316Sopenharmony_ci .dcaps = nullptr, 10442103316Sopenharmony_ci .perms = permsInfo, 10542103316Sopenharmony_ci .acls = nullptr, 10642103316Sopenharmony_ci .processName = "usb_manager_test_sys_with_perms", 10742103316Sopenharmony_ci .aplStr = "system_basic", 10842103316Sopenharmony_ci }; 10942103316Sopenharmony_ci SetTestCaseNative(&g_sysInfoInstance); 11042103316Sopenharmony_ci} 11142103316Sopenharmony_ci 11242103316Sopenharmony_civoid GrantPermissionNormalNative() 11342103316Sopenharmony_ci{ 11442103316Sopenharmony_ci TokenInfoParams g_normalInfoInstance = { 11542103316Sopenharmony_ci .dcapsNum = 0, 11642103316Sopenharmony_ci .permsNum = 0, 11742103316Sopenharmony_ci .aclsNum = 0, 11842103316Sopenharmony_ci .dcaps = nullptr, 11942103316Sopenharmony_ci .perms = nullptr, 12042103316Sopenharmony_ci .acls = nullptr, 12142103316Sopenharmony_ci .processName = "usb_manager_test_normal", 12242103316Sopenharmony_ci .aplStr = "normal", 12342103316Sopenharmony_ci }; 12442103316Sopenharmony_ci SetTestCaseNative(&g_normalInfoInstance); 12542103316Sopenharmony_ci} 12642103316Sopenharmony_ci 12742103316Sopenharmony_cibool DoSomethingInterestingWithMyAPI(const uint8_t *rawData, size_t size) 12842103316Sopenharmony_ci{ 12942103316Sopenharmony_ci if (rawData == nullptr) { 13042103316Sopenharmony_ci return false; 13142103316Sopenharmony_ci } 13242103316Sopenharmony_ci if (g_usbInterfaceCode > g_usbInterfaceCodeCount) { 13342103316Sopenharmony_ci return true; 13442103316Sopenharmony_ci } 13542103316Sopenharmony_ci uint32_t code = g_usbInterfaceCode; 13642103316Sopenharmony_ci if (code <= g_usbInterfaceCodeCount) { 13742103316Sopenharmony_ci g_usbInterfaceCode += 1; 13842103316Sopenharmony_ci } 13942103316Sopenharmony_ci rawData = rawData + OFFSET; 14042103316Sopenharmony_ci size = size - OFFSET; 14142103316Sopenharmony_ci 14242103316Sopenharmony_ci MessageParcel data; 14342103316Sopenharmony_ci data.WriteInterfaceToken(USB_INTERFACE_TOKEN); 14442103316Sopenharmony_ci data.WriteBuffer(rawData, size); 14542103316Sopenharmony_ci data.RewindRead(0); 14642103316Sopenharmony_ci MessageParcel reply; 14742103316Sopenharmony_ci MessageOption option; 14842103316Sopenharmony_ci DelayedSpSingleton<UsbService>::GetInstance()->OnRemoteRequest(code, data, reply, option); 14942103316Sopenharmony_ci return true; 15042103316Sopenharmony_ci} 15142103316Sopenharmony_ci} // namespace OHOS 15242103316Sopenharmony_ci 15342103316Sopenharmony_ci/* Fuzzer entry point */ 15442103316Sopenharmony_ciextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 15542103316Sopenharmony_ci{ 15642103316Sopenharmony_ci if (size < OHOS::THRESHOLD) { 15742103316Sopenharmony_ci return 0; 15842103316Sopenharmony_ci } 15942103316Sopenharmony_ci 16042103316Sopenharmony_ci /* Run your code on data */ 16142103316Sopenharmony_ci OHOS::DoSomethingInterestingWithMyAPI(data, size); 16242103316Sopenharmony_ci return 0; 16342103316Sopenharmony_ci} 164