1/*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#include "abilitycachemanagera_fuzzer.h"
17
18#include <cstddef>
19#include <cstdint>
20
21#define private public
22#define protected public
23#include "ability_cache_manager.h"
24#undef protected
25#undef private
26
27#include "ability_record.h"
28
29using namespace OHOS::AAFwk;
30using namespace OHOS::AppExecFwk;
31using namespace OHOS::AbilityRuntime;
32
33namespace OHOS {
34namespace {
35constexpr int INPUT_ZERO = 0;
36constexpr int INPUT_ONE = 1;
37constexpr int INPUT_THREE = 3;
38constexpr size_t FOO_MAX_LEN = 1024;
39constexpr size_t U32_AT_SIZE = 4;
40constexpr uint8_t ENABLE = 2;
41constexpr size_t OFFSET_ZERO = 24;
42constexpr size_t OFFSET_ONE = 16;
43constexpr size_t OFFSET_TWO = 8;
44}
45
46uint32_t GetU32Data(const char* ptr)
47{
48    // convert fuzz input data to an integer
49    return (ptr[INPUT_ZERO] << OFFSET_ZERO) | (ptr[INPUT_ONE] << OFFSET_ONE) | (ptr[ENABLE] << OFFSET_TWO) |
50        ptr[INPUT_THREE];
51}
52
53sptr<Token> GetFuzzAbilityToken()
54{
55    sptr<Token> token = nullptr;
56    AbilityRequest abilityRequest;
57    abilityRequest.appInfo.bundleName = "com.example.fuzzTest";
58    abilityRequest.abilityInfo.name = "MainAbility";
59    abilityRequest.abilityInfo.type = AbilityType::DATA;
60    std::shared_ptr<AbilityRecord> abilityRecord = AbilityRecord::CreateAbilityRecord(abilityRequest);
61    if (abilityRecord) {
62        token = abilityRecord->GetToken();
63    }
64    return token;
65}
66
67Want& SetElement(Want &want)
68{
69    return want.SetElementName("deviceId", "bundleName", "ability", "moduleName");
70}
71
72void AbilityCacheManagerFuzztest1(bool boolParam, std::string &stringParam, int32_t int32Param)
73{
74    AbilityCacheManager& mgr = AbilityCacheManager::GetInstance();
75    mgr.Init(int32Param, int32Param);
76    std::shared_ptr<AbilityRecord> abilityRecord1;
77    Want want;
78    AppExecFwk::AbilityInfo abilityInfo;
79    AppExecFwk::ApplicationInfo applicationInfo;
80    std::shared_ptr<AbilityRecord> abilityRecord2 = std::make_shared<AbilityRecord>(want, abilityInfo, applicationInfo);
81    abilityRecord2->recordId_ = 2; // 2 means recordId
82    std::shared_ptr<AbilityRecord> abilityRecord3 = std::make_shared<AbilityRecord>(want, abilityInfo, applicationInfo);
83    abilityRecord3->recordId_ = 3; // 3 means recordId
84    mgr.AddToProcLru(abilityRecord2);
85    mgr.AddToDevLru(abilityRecord2, abilityRecord2);
86    mgr.AddToProcLru(abilityRecord3);
87    mgr.AddToDevLru(abilityRecord3, abilityRecord3);
88    mgr.Put(abilityRecord1);
89    mgr.Remove(abilityRecord1);
90    mgr.Put(abilityRecord2);
91    mgr.Remove(abilityRecord2);
92    AbilityRequest abilityRequest;
93    SetElement(abilityRequest.want);
94    bool ret = mgr.IsRecInfoSame(abilityRequest, abilityRecord2);
95    abilityInfo.moduleName = "moduleName";
96    abilityRequest.abilityInfo.moduleName = abilityInfo.moduleName;
97    SetElement(want);
98    std::shared_ptr<AbilityRecord> abilityRecord4 = std::make_shared<AbilityRecord>(want, abilityInfo, applicationInfo);
99    ret = mgr.IsRecInfoSame(abilityRequest, abilityRecord4);
100    abilityInfo.moduleName = "moduleName1";
101    mgr.IsRecInfoSame(abilityRequest, abilityRecord4);
102    mgr.AddToProcLru(abilityRecord4);
103    mgr.GetAbilityRecInProcList(abilityRequest);
104    abilityRequest.appInfo.accessTokenId = applicationInfo.accessTokenId;
105    mgr.GetAbilityRecInProcList(abilityRequest);
106    mgr.Get(abilityRequest);
107    mgr.FindRecordByToken(nullptr);
108    sptr<Token> token = GetFuzzAbilityToken();
109    mgr.FindRecordByToken(token);
110    mgr.GetAbilityList();
111    mgr.FindRecordBySessionId(stringParam);
112    mgr.FindRecordByServiceKey(stringParam);
113    mgr.RemoveLauncherDeathRecipient();
114    mgr.SignRestartAppFlag(int32Param);
115    mgr.DeleteInvalidServiceRecord(stringParam);
116}
117
118bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
119{
120    bool boolParam = *data % ENABLE;
121    std::string stringParam(data, size);
122    int32_t int32Param = static_cast<int32_t>(GetU32Data(data));
123    AbilityCacheManagerFuzztest1(boolParam, stringParam, int32Param);
124    return true;
125}
126}
127
128/* Fuzzer entry point */
129extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
130{
131    /* Run your code on data */
132    if (data == nullptr) {
133        return 0;
134    }
135
136    /* Validate the length of size */
137    if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) {
138        return 0;
139    }
140
141    char* ch = (char*)malloc(size + 1);
142    if (ch == nullptr) {
143        std::cout << "malloc failed." << std::endl;
144        return 0;
145    }
146
147    (void)memset_s(ch, size + 1, 0x00, size + 1);
148    if (memcpy_s(ch, size, data, size) != EOK) {
149        std::cout << "copy failed." << std::endl;
150        free(ch);
151        ch = nullptr;
152        return 0;
153    }
154
155    OHOS::DoSomethingInterestingWithMyAPI(ch, size);
156    free(ch);
157    ch = nullptr;
158    return 0;
159}
160
161