1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "missionlistmanagerfirst_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20
21 #define private public
22 #define protected public
23 #include "ability_record.h"
24 #include "mission_info_mgr.h"
25 #include "mission_list_manager.h"
26 #undef protected
27 #undef private
28
29 using namespace OHOS::AAFwk;
30 using namespace OHOS::AppExecFwk;
31
32 namespace OHOS {
33 namespace {
34 constexpr uint8_t ENABLE = 2;
35 constexpr int INPUT_ZERO = 0;
36 constexpr int INPUT_ONE = 1;
37 constexpr int INPUT_TWO = 2;
38 constexpr int INPUT_THREE = 3;
39 constexpr size_t FOO_MAX_LEN = 1024;
40 constexpr size_t U32_AT_SIZE = 4;
41 constexpr uint8_t OFFSET_32_VAL = 32;
42 constexpr size_t OFFSET_ZERO = 24;
43 constexpr size_t OFFSET_ONE = 16;
44 constexpr size_t OFFSET_TWO = 8;
45 constexpr uint8_t ABILITY_STATE_MOD = 20;
46 const std::string PARAM_APP_CLONE_INDEX_KEY("ohos.extra.param.key.appCloneIndex");
47 class MyAbilityConnection : public IAbilityConnection {
48 public:
49 MyAbilityConnection() = default;
50 virtual ~MyAbilityConnection() = default;
51 void OnAbilityConnectDone(
52 const AppExecFwk::ElementName& element, const sptr<IRemoteObject>& remoteObject, int resultCode) override
53 {}
54 void OnAbilityDisconnectDone(const AppExecFwk::ElementName& element, int resultCode) override
55 {}
56 sptr<IRemoteObject> AsObject() override
57 {
58 return {};
59 }
60 };
61 }
62
GetU32Data(const char* ptr)63 uint32_t GetU32Data(const char* ptr)
64 {
65 // convert fuzz input data to an integer
66 return (ptr[INPUT_ZERO] << OFFSET_ZERO) | (ptr[INPUT_ONE] << OFFSET_ONE) | (ptr[INPUT_TWO] << OFFSET_TWO) |
67 ptr[INPUT_THREE];
68 }
69
GetFuzzAbilityRecord()70 std::shared_ptr<AbilityRecord> GetFuzzAbilityRecord()
71 {
72 sptr<Token> token = nullptr;
73 AbilityRequest abilityRequest;
74 abilityRequest.appInfo.bundleName = "com.example.fuzzTest";
75 abilityRequest.abilityInfo.name = "MainAbility";
76 abilityRequest.abilityInfo.type = AbilityType::DATA;
77 std::shared_ptr<AbilityRecord> abilityRecord = AbilityRecord::CreateAbilityRecord(abilityRequest);
78 if (!abilityRecord) {
79 return nullptr;
80 }
81 return abilityRecord;
82 }
83
GetFuzzAbilityToken()84 sptr<Token> GetFuzzAbilityToken()
85 {
86 sptr<Token> token = nullptr;
87 std::shared_ptr<AbilityRecord> abilityRecord = GetFuzzAbilityRecord();
88 if (abilityRecord) {
89 token = abilityRecord->GetToken();
90 }
91 return token;
92 }
93
InitAbilityRequest(const char* data)94 AbilityRequest InitAbilityRequest(const char* data)
95 {
96 AbilityRequest abilityRequest;
97 uint32_t mod = static_cast<uint32_t>(LaunchMode::SPECIFIED) + 1;
98 abilityRequest.abilityInfo.launchMode = static_cast<LaunchMode>(GetU32Data(data) % mod);
99 mod = static_cast<uint32_t>(AbilityCallType::START_EXTENSION_TYPE) + 1;
100 abilityRequest.callType = static_cast<AbilityCallType>(GetU32Data(data) % mod);
101 return abilityRequest;
102 }
103
InitMissionListManager(int32_t intParam)104 std::shared_ptr<MissionListManager> InitMissionListManager(int32_t intParam)
105 {
106 static std::once_flag flag;
107 auto missionListMgr = std::make_shared<MissionListManager>(intParam);
108 missionListMgr->Init();
109 return missionListMgr;
110 }
111
DoSomethingTestWithMyAPI0(std::shared_ptr<MissionListManager> missionListMgr, const char* data)112 void DoSomethingTestWithMyAPI0(std::shared_ptr<MissionListManager> missionListMgr, const char* data)
113 {
114 int32_t int32Param = static_cast<int32_t>(GetU32Data(data));
115 missionListMgr->RegisterMissionListener(nullptr);
116 missionListMgr->GetMissionCount();
117 missionListMgr->FindEarliestMission();
118 AbilityRequest abilityRequest;
119 missionListMgr->EnqueueWaitingAbility(abilityRequest);
120 missionListMgr->EnqueueWaitingAbilityToFront(abilityRequest);
121 missionListMgr->StartWaitingAbility();
122 missionListMgr->UnRegisterMissionListener(nullptr);
123 std::shared_ptr<AbilityRecord> targetAbilityRecord = GetFuzzAbilityRecord();
124 missionListMgr->AddRecord(abilityRequest, targetAbilityRecord);
125 std::shared_ptr<Mission> targetMission = std::make_shared<Mission>(int32Param, targetAbilityRecord);
126 missionListMgr->GetTargetMission(abilityRequest, targetMission, targetAbilityRecord);
127 missionListMgr->StartAbilityLocked(nullptr, nullptr, abilityRequest);
128 abilityRequest.want.SetParam(PARAM_APP_CLONE_INDEX_KEY, int32Param);
129 missionListMgr->GetMissionName(abilityRequest);
130 bool boolParam = *data % ENABLE;
131 missionListMgr->GetTargetMissionAndAbility(abilityRequest, targetMission, targetAbilityRecord, boolParam);
132 missionListMgr->EnableRecoverAbility(int32Param);
133 missionListMgr->GetTargetMissionList(nullptr, abilityRequest);
134 targetAbilityRecord->isLauncherAbility_ = boolParam;
135 std::shared_ptr<Mission> mission = std::make_shared<Mission>(int32Param, targetAbilityRecord);
136 missionListMgr->launcherList_->AddMissionToTop(mission);
137 missionListMgr->GetTargetMissionList(targetAbilityRecord, abilityRequest);
138 uint32_t uint32Param = static_cast<uint32_t>(GetU32Data(data));
139 abilityRequest.abilityInfo.launchMode = static_cast<LaunchMode>(uint32Param % 3); // 3 means luanch mode max enum
140 missionListMgr->GetReusedMission(abilityRequest);
141 missionListMgr->MoveNoneTopMissionToDefaultList(targetMission);
142 missionListMgr->MoveMissionListToTop(nullptr);
143 missionListMgr->MoveMissionListToTop(missionListMgr->launcherList_);
144 auto token = targetAbilityRecord->GetToken();
145 missionListMgr->GetAbilityRecordByToken(nullptr);
146 missionListMgr->GetAbilityRecordByToken(token);
147 targetAbilityRecord->currentState_ = static_cast<AAFwk::AbilityState>(uint32Param % ABILITY_STATE_MOD);
148 missionListMgr->DispatchState(targetAbilityRecord, uint32Param % ABILITY_STATE_MOD);
149 missionListMgr->CompleteForegroundSuccess(targetAbilityRecord);
150 std::shared_ptr<AbilityRecord> prevAbilityRecord = GetFuzzAbilityRecord();
151 prevAbilityRecord->isTerminating_ = boolParam;
152 prevAbilityRecord->currentState_ = static_cast<AAFwk::AbilityState>(uint32Param % ABILITY_STATE_MOD);
153 targetAbilityRecord->SetPreAbilityRecord(prevAbilityRecord);
154 missionListMgr->TerminatePreviousAbility(targetAbilityRecord);
155 missionListMgr->CompleteBackground(targetAbilityRecord);
156 }
157
DoSomethingTestWithMyAPI1(std::shared_ptr<MissionListManager> missionListMgr, const char* data, size_t size)158 void DoSomethingTestWithMyAPI1(std::shared_ptr<MissionListManager> missionListMgr, const char* data, size_t size)
159 {
160 bool boolParam = *data % ENABLE;
161 int32_t int32Param = static_cast<int32_t>(GetU32Data(data));
162 uint32_t uint32Param = static_cast<uint32_t>(GetU32Data(data));
163 MissionInfo missionInfo;
164 missionListMgr->GetMissionInfo(int32Param, missionInfo);
165 std::shared_ptr<StartOptions> startOptions = nullptr;
166 missionListMgr->MoveMissionToFront(int32Param, startOptions);
167 std::shared_ptr<AbilityRecord> callerAbility = GetFuzzAbilityRecord();
168 auto abilityRecord = GetFuzzAbilityRecord();
169 std::shared_ptr<Mission> mission = std::make_shared<Mission>(int32Param, abilityRecord);
170 missionListMgr->defaultStandardList_->AddMissionToTop(mission);
171 missionListMgr->MoveMissionToFront(int32Param, boolParam, boolParam, callerAbility, startOptions);
172 }
173
DoSomethingTestWithMyAPI2(std::shared_ptr<MissionListManager> missionListMgr, const char* data, size_t size)174 void DoSomethingTestWithMyAPI2(std::shared_ptr<MissionListManager> missionListMgr, const char* data, size_t size)
175 {
176 bool boolParam = *data % ENABLE;
177 int32_t int32Param = static_cast<int32_t>(GetU32Data(data));
178 uint32_t uint32Param = static_cast<uint32_t>(GetU32Data(data));
179 InnerMissionInfo info;
180 AbilityRequest abilityRequest = InitAbilityRequest(data);
181 missionListMgr->CreateOrReusedMissionInfo(abilityRequest, info);
182 auto abilityRecord = GetFuzzAbilityRecord();
183 abilityRecord->SetPendingState(static_cast<AAFwk::AbilityState>(GetU32Data(data) % ABILITY_STATE_MOD));
184 abilityRecord->currentState_ = static_cast<AAFwk::AbilityState>(GetU32Data(data) % ABILITY_STATE_MOD);
185 auto token = abilityRecord->GetToken();
186 std::shared_ptr<Mission> mission = std::make_shared<Mission>(int32Param, abilityRecord);
187 missionListMgr->defaultStandardList_->AddMissionToTop(mission);
188 missionListMgr->MinimizeAbility(token, boolParam);
189 missionListMgr->MoveAbilityToBackground(abilityRecord);
190 Want *resultWant = new Want();
191 int64_t int64Param = (static_cast<int64_t>(GetU32Data(data)) << OFFSET_32_VAL) + GetU32Data(data);
192 missionListMgr->BackToCallerAbilityWithResult(abilityRecord, int32Param, resultWant, int64Param);
193 }
194
DoSomethingTestWithMyAPI3(std::shared_ptr<MissionListManager> missionListMgr, const char* data, size_t size)195 void DoSomethingTestWithMyAPI3(std::shared_ptr<MissionListManager> missionListMgr, const char* data, size_t size)
196 {
197 bool boolParam = *data % ENABLE;
198 int32_t int32Param = static_cast<int32_t>(GetU32Data(data));
199 uint32_t uint32Param = static_cast<uint32_t>(GetU32Data(data));
200 auto abilityRecord = GetFuzzAbilityRecord();
201 std::shared_ptr<Mission> mission = std::make_shared<Mission>(int32Param, abilityRecord);
202 abilityRecord->SetMissionId(int32Param);
203 missionListMgr->defaultStandardList_->AddMissionToTop(mission);
204 missionListMgr->SetMissionLockedState(int32Param, boolParam);
205 const AppExecFwk::ElementName element;
206 missionListMgr->GetAbilityNumber(element);
207 missionListMgr->MoveToBackgroundTask(abilityRecord, boolParam);
208 missionListMgr->PrintTimeOutLog(abilityRecord, uint32Param, boolParam);
209 uint32_t msgId = uint32Param % ABILITY_STATE_MOD;
210 std::string stringParam(data, size);
211 missionListMgr->GetContentAndTypeId(msgId, stringParam, int32Param);
212 abilityRecord->recordId_ = int32Param;
213 missionListMgr->OnTimeOut(msgId, int32Param, boolParam);
214 missionListMgr->HandleLoadTimeout(abilityRecord);
215 auto state = static_cast<AAFwk::AbilityState>(GetU32Data(data) % ABILITY_STATE_MOD);
216 abilityRecord->currentState_ = static_cast<AAFwk::AbilityState>(GetU32Data(data) % ABILITY_STATE_MOD);
217 missionListMgr->HandleForegroundTimeout(abilityRecord, state);
218 missionListMgr->CompleteForegroundFailed(abilityRecord, state);
219 missionListMgr->HandleTimeoutAndResumeAbility(abilityRecord, state);
220 missionListMgr->DelayedResumeTimeout(abilityRecord);
221 missionListMgr->MoveToTerminateList(abilityRecord);
222 }
223
DoSomethingTestWithMyAPI4(std::shared_ptr<MissionListManager> missionListMgr, const char* data, size_t size)224 void DoSomethingTestWithMyAPI4(std::shared_ptr<MissionListManager> missionListMgr, const char* data, size_t size)
225 {
226 bool boolParam = *data % ENABLE;
227 int32_t int32Param = static_cast<int32_t>(GetU32Data(data));
228 uint32_t uint32Param = static_cast<uint32_t>(GetU32Data(data));
229 auto abilityRecord = GetFuzzAbilityRecord();
230 std::shared_ptr<Mission> mission = std::make_shared<Mission>(int32Param, abilityRecord);
231 abilityRecord->SetMissionId(int32Param);
232 abilityRecord->recordId_ = int32Param;
233 missionListMgr->defaultStandardList_->AddMissionToTop(mission);
234 missionListMgr->launcherList_->AddMissionToTop(mission);
235 missionListMgr->GetAbilityRecordByCaller(abilityRecord, int32Param);
236 missionListMgr->OnAbilityDied(abilityRecord, int32Param);
237 int64_t abilityRecordId = static_cast<int64_t>(int32Param);
238 missionListMgr->GetAbilityRecordById(abilityRecordId);
239 missionListMgr->PostStartWaitingAbility();
240 auto type = static_cast<AbilityType>(GetU32Data(data) % ABILITY_STATE_MOD);
241 const_cast<AppExecFwk::AbilityInfo&>(abilityRecord->GetAbilityInfo()).type = type;
242 auto state = static_cast<AAFwk::AbilityState>(GetU32Data(data) % ABILITY_STATE_MOD);
243 abilityRecord->currentState_ = state;
244 abilityRecord->isTerminating_ = boolParam;
245 missionListMgr->HandleAbilityDied(abilityRecord);
246 missionListMgr->DelayedStartLauncher();
247 missionListMgr->BackToLauncher();
248 auto continueState = static_cast<ContinueState>(GetU32Data(data) % ABILITY_STATE_MOD);
249 missionListMgr->SetMissionContinueState(nullptr, int32Param, continueState);
250 missionListMgr->SetMissionContinueState(abilityRecord->GetToken(), int32Param, continueState);
251 std::vector<std::string> info;
252 std::vector<std::string> params;
253 std::string stringParam(data, size);
254 missionListMgr->Dump(info);
255 missionListMgr->DumpMissionListByRecordId(info, boolParam, int32Param, params);
256 missionListMgr->DumpMissionList(info, boolParam, stringParam);
257 missionListMgr->DumpMissionInfos(info);
258 missionListMgr->DumpMission(int32Param, info);
259 auto abilityRequest = InitAbilityRequest(data);
260 abilityRequest.callType = static_cast<AbilityCallType>(GetU32Data(data) % ABILITY_STATE_MOD);
261 missionListMgr->CallAbilityLocked(abilityRequest);
262 ElementName element;
263 missionListMgr->GetAbilityRecordByName(element);
264 missionListMgr->GetAbilityRecordsByName(element);
265 auto callRecord = std::make_shared<CallRecord>(int32Param, abilityRecord, nullptr, abilityRecord->GetToken());
266 missionListMgr->OnCallConnectDied(callRecord);
267 Want want;
268 missionListMgr->OnAcceptWantResponse(want, stringParam);
269 missionListMgr->EnqueueWaitingAbility(abilityRequest);
270 missionListMgr->EnqueueWaitingAbility(abilityRequest); // add twice
271 missionListMgr->OnStartSpecifiedAbilityTimeoutResponse(want);
272 missionListMgr->GetMissionBySpecifiedFlag(want, stringParam);
273 }
274
DoSomethingInterestingWithMyAPI(const char* data, size_t size)275 bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
276 {
277 // fuzz for MissionListManager
278 int32_t int32Param = static_cast<int32_t>(GetU32Data(data));
279 auto missionListMgr = InitMissionListManager(int32Param);
280 DoSomethingTestWithMyAPI0(missionListMgr, data);
281 DoSomethingTestWithMyAPI1(missionListMgr, data, size);
282 DoSomethingTestWithMyAPI2(missionListMgr, data, size);
283 DoSomethingTestWithMyAPI3(missionListMgr, data, size);
284 DoSomethingTestWithMyAPI4(missionListMgr, data, size);
285 return true;
286 }
287 }
288
289 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)290 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
291 {
292 /* Run your code on data */
293 if (data == nullptr) {
294 return 0;
295 }
296
297 /* Validate the length of size */
298 if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) {
299 return 0;
300 }
301
302 char* ch = (char*)malloc(size + 1);
303 if (ch == nullptr) {
304 std::cout << "malloc failed." << std::endl;
305 return 0;
306 }
307
308 (void)memset_s(ch, size + 1, 0x00, size + 1);
309 if (memcpy_s(ch, size, data, size) != EOK) {
310 std::cout << "copy failed." << std::endl;
311 free(ch);
312 ch = nullptr;
313 return 0;
314 }
315
316 OHOS::DoSomethingInterestingWithMyAPI(ch, size);
317 free(ch);
318 ch = nullptr;
319 return 0;
320 }