1/*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#include "pendingwantmanager_fuzzer.h"
17
18#include <cstddef>
19#include <cstdint>
20
21#define private public
22#include "pending_want_key.h"
23#include "pending_want_manager.h"
24#include "resident_process_manager.h"
25#include "sa_mgr_client.h"
26#include "task_data_persistence_mgr.h"
27#undef private
28
29#include "ability_record.h"
30
31using namespace OHOS::AAFwk;
32using namespace OHOS::AppExecFwk;
33
34namespace OHOS {
35namespace {
36constexpr size_t FOO_MAX_LEN = 1024;
37constexpr size_t U32_AT_SIZE = 4;
38constexpr uint8_t ENABLE = 2;
39}
40
41uint32_t GetU32Data(const char* ptr)
42{
43    // convert fuzz input data to an integer
44    return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3];
45}
46
47sptr<Token> GetFuzzAbilityToken()
48{
49    AbilityRequest abilityRequest;
50    abilityRequest.appInfo.bundleName = "com.example.fuzzTest";
51    abilityRequest.abilityInfo.name = "MainAbility";
52    abilityRequest.abilityInfo.type = AbilityType::DATA;
53    std::shared_ptr<AbilityRecord> abilityRecord = AbilityRecord::CreateAbilityRecord(abilityRequest);
54    if (!abilityRecord) {
55        return nullptr;
56    }
57    return abilityRecord->GetToken();
58}
59
60bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
61{
62    bool boolParam = *data % ENABLE;
63    int intParam = static_cast<int>(GetU32Data(data));
64    int32_t int32Param = static_cast<int32_t>(GetU32Data(data));
65    size_t sizeParam = static_cast<size_t>(GetU32Data(data));
66    std::string stringParam(data, size);
67    Parcel wantParcel;
68    Want* want = nullptr;
69    if (wantParcel.WriteBuffer(data, size)) {
70        want = Want::Unmarshalling(wantParcel);
71        if (!want) {
72            return false;
73        }
74    }
75    sptr<IRemoteObject> token = GetFuzzAbilityToken();
76
77    // fuzz for PendingWantKey
78    auto pendingWantKey = std::make_shared<PendingWantKey>();
79    pendingWantKey->SetType(int32Param);
80    pendingWantKey->SetBundleName(stringParam);
81    pendingWantKey->SetRequestWho(stringParam);
82    pendingWantKey->SetRequestCode(int32Param);
83    pendingWantKey->SetRequestWant(*want);
84    pendingWantKey->SetRequestResolvedType(stringParam);
85    std::vector<WantsInfo> allWantsInfos;
86    pendingWantKey->SetAllWantsInfos(allWantsInfos);
87    pendingWantKey->SetFlags(int32Param);
88    pendingWantKey->SetCode(int32Param);
89    pendingWantKey->SetUserId(int32Param);
90    pendingWantKey->GetType();
91    pendingWantKey->GetBundleName();
92    pendingWantKey->GetRequestWho();
93    pendingWantKey->GetRequestCode();
94    pendingWantKey->GetRequestWant();
95    pendingWantKey->GetRequestResolvedType();
96    pendingWantKey->GetAllWantsInfos();
97    pendingWantKey->GetFlags();
98    pendingWantKey->GetCode();
99    pendingWantKey->GetUserId();
100
101    // fuzz for PendingWantManager
102    auto pendingWantManager = std::make_shared<PendingWantManager>();
103    WantSenderInfo wantSenderInfo;
104    pendingWantManager->GetWantSender(int32Param, int32Param, boolParam, wantSenderInfo, token);
105    pendingWantManager->GetWantSenderLocked(int32Param, int32Param, int32Param, wantSenderInfo, token);
106    PendingWantRecord pendingWantRecord;
107    pendingWantManager->MakeWantSenderCanceledLocked(pendingWantRecord);
108    pendingWantManager->GetPendingWantRecordByKey(pendingWantKey);
109    pendingWantManager->CheckPendingWantRecordByKey(pendingWantKey, pendingWantKey);
110    sptr<IWantSender> wantSenderPtr;
111    SenderInfo senderInfo;
112    pendingWantManager->SendWantSender(wantSenderPtr, senderInfo);
113    pendingWantManager->CancelWantSender(boolParam, wantSenderPtr);
114    pendingWantManager->CancelWantSenderLocked(pendingWantRecord, boolParam);
115    sptr<StartOptions> startoptions;
116    pendingWantManager->PendingWantStartAbilitys(allWantsInfos, startoptions,
117                                                 token, int32Param, int32Param, int32Param);
118    pendingWantManager->PendingWantPublishCommonEvent(*want, senderInfo, int32Param, int32Param);
119    pendingWantManager->PendingRecordIdCreate();
120    pendingWantManager->GetPendingWantRecordByCode(int32Param);
121    pendingWantManager->GetPendingWantUid(wantSenderPtr);
122    pendingWantManager->GetPendingWantUserId(wantSenderPtr);
123    pendingWantManager->GetPendingWantBundleName(wantSenderPtr);
124    pendingWantManager->GetPendingWantCode(wantSenderPtr);
125    pendingWantManager->GetPendingWantType(wantSenderPtr);
126    sptr<IWantReceiver> wantReceiverPtr;
127    pendingWantManager->RegisterCancelListener(wantSenderPtr, wantReceiverPtr);
128    pendingWantManager->UnregisterCancelListener(wantSenderPtr, wantReceiverPtr);
129    std::shared_ptr<Want> wantPtr;
130    pendingWantManager->GetPendingRequestWant(wantSenderPtr, wantPtr);
131    std::shared_ptr<WantSenderInfo> wantSenderInfoPtr;
132    pendingWantManager->GetWantSenderInfo(wantSenderPtr, wantSenderInfoPtr);
133    pendingWantManager->ClearPendingWantRecord(stringParam, int32Param);
134    pendingWantManager->ClearPendingWantRecordTask(stringParam, int32Param);
135
136    // fuzz for ResidentProcessManager
137    auto residentProcessManager = std::make_shared<ResidentProcessManager>();
138    std::vector<AppExecFwk::BundleInfo> bundleInfos;
139    residentProcessManager->StartResidentProcess(bundleInfos);
140    residentProcessManager->StartResidentProcessWithMainElement(bundleInfos, 0);
141    AppExecFwk::HapModuleInfo hapModuleInfo;
142    std::set<uint32_t> needEraseIndexSet;
143
144    // fuzz for SaMgrClient
145    auto saMgrClient = std::make_shared<SaMgrClient>();
146    saMgrClient->GetSystemAbility(int32Param);
147    saMgrClient->RegisterSystemAbility(int32Param, token);
148
149    // fuzz for TaskDataPersistenceMgr
150    auto taskDataPersistenceMgr = std::make_shared<TaskDataPersistenceMgr>();
151    std::list<InnerMissionInfo> missionInfoList;
152    taskDataPersistenceMgr->LoadAllMissionInfo(missionInfoList);
153    InnerMissionInfo innerMissionInfo;
154    taskDataPersistenceMgr->SaveMissionInfo(innerMissionInfo);
155    taskDataPersistenceMgr->DeleteMissionInfo(intParam);
156    taskDataPersistenceMgr->RemoveUserDir(int32Param);
157    MissionSnapshot missionSnapshot;
158    taskDataPersistenceMgr->SaveMissionSnapshot(intParam, missionSnapshot);
159    taskDataPersistenceMgr->GetSnapshot(intParam);
160    taskDataPersistenceMgr->GetMissionSnapshot(intParam, missionSnapshot, boolParam);
161    if (want) {
162        delete want;
163        want = nullptr;
164    }
165
166    return true;
167}
168}
169
170/* Fuzzer entry point */
171extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
172{
173    /* Run your code on data */
174    if (data == nullptr) {
175        return 0;
176    }
177
178    /* Validate the length of size */
179    if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) {
180        return 0;
181    }
182
183    char* ch = (char*)malloc(size + 1);
184    if (ch == nullptr) {
185        std::cout << "malloc failed." << std::endl;
186        return 0;
187    }
188
189    (void)memset_s(ch, size + 1, 0x00, size + 1);
190    if (memcpy_s(ch, size, data, size) != EOK) {
191        std::cout << "copy failed." << std::endl;
192        free(ch);
193        ch = nullptr;
194        return 0;
195    }
196
197    OHOS::DoSomethingInterestingWithMyAPI(ch, size);
198    free(ch);
199    ch = nullptr;
200    return 0;
201}