1/* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15#include <cstddef> 16#include <cstdint> 17#define private public 18#include "concurrent_task_client.h" 19#include "concurrent_task_service_ability.h" 20#include "concurrent_task_controller.h" 21#undef private 22#include "concurrent_task_service_proxy.h" 23#include "concurrent_task_service.h" 24#include "concurrent_task_service_stub.h" 25#include "iservice_registry.h" 26#include "securec.h" 27#include "qos.h" 28#include "qos_interface.h" 29#include "qos_policy.h" 30#include "concurrent_task_client.h" 31#include "system_ability_definition.h" 32#include "concurrent_fuzzer.h" 33 34using namespace OHOS::ConcurrentTask; 35using namespace OHOS::QOS; 36 37namespace OHOS { 38const uint8_t *g_baseFuzzData = nullptr; 39size_t g_baseFuzzSize = 0; 40size_t g_baseFuzzPos; 41#define QUADRUPLE 4 42#define LEN 4 43 44class ConcurrentTaskServiceStubFuzer : public ConcurrentTaskServiceStub { 45public: 46 ConcurrentTaskServiceStubFuzer() = default; 47 virtual ~ConcurrentTaskServiceStubFuzer() = default; 48 void ReportData(uint32_t resType, int64_t value, const Json::Value& payload) override 49 {} 50 void QueryInterval(int queryItem, IntervalReply& queryRs) override 51 {} 52 void QueryDeadline(int queryItem, DeadlineReply& ddlReply, const Json::Value& payload) override 53 {} 54 void RequestAuth(const Json::Value& payload) override 55 {} 56}; 57 58namespace { 59 constexpr int TEST_DATA_FIRST = 1; 60 constexpr int TEST_DATA_SECOND = 2; 61 constexpr int TEST_DATA_THIRD = 3; 62 constexpr int TEST_DATA_FOURTH = 4; 63 constexpr int TEST_DATA_FIFTH = 5; 64 constexpr int TEST_DATA_SIXTH = 6; 65 constexpr int TEST_DATA_SEVENTH = 7; 66 constexpr int TEST_DATA_EIGHTH = 8; 67 constexpr int TEST_DATA_TENTH = 10; 68} 69template <class T> T GetData() 70{ 71 T object{}; 72 size_t objectSize = sizeof(object); 73 if (g_baseFuzzData == nullptr || objectSize > g_baseFuzzSize - g_baseFuzzPos) { 74 return object; 75 } 76 ErrCode ret = memcpy_s(&object, objectSize, g_baseFuzzData + g_baseFuzzPos, objectSize); 77 if (ret != ERR_OK) { 78 return {}; 79 } 80 g_baseFuzzPos += objectSize; 81 return object; 82} 83 84bool FuzzConcurrentTaskTryConnect(const uint8_t* data, size_t size) 85{ 86 if (data == nullptr) { 87 return false; 88 } 89 if (size < sizeof(int32_t)) { 90 return false; 91 } 92 return ConcurrentTaskClient::GetInstance().TryConnect() == ERR_OK; 93} 94 95bool FuzzConcurrentTaskServiceReportData(const uint8_t* data, size_t size) 96{ 97 g_baseFuzzData = data; 98 g_baseFuzzSize = size; 99 g_baseFuzzPos = 0; 100 if (size > sizeof(int) + sizeof(int)) { 101 MessageParcel data1; 102 Parcel parcel; 103 sptr<IRemoteObject> iremoteobject = IRemoteObject::Unmarshalling(parcel); 104 int intdata = GetData<int>(); 105 void *voiddata = &intdata; 106 size_t size1 = sizeof(int); 107 data1.WriteRemoteObject(iremoteobject); 108 data1.WriteRawData(voiddata, size1); 109 data1.ReadRawData(size1); 110 MessageParcel reply; 111 MessageOption option; 112 uint32_t code = static_cast<uint32_t>(ConcurrentTaskInterfaceCode::REPORT_DATA); 113 ConcurrentTaskService s = ConcurrentTaskService(); 114 s.OnRemoteRequest(code, data1, reply, option); 115 } 116 return true; 117} 118 119bool FuzzConcurrentTaskServiceQueryInterval(const uint8_t* data, size_t size) 120{ 121 g_baseFuzzData = data; 122 g_baseFuzzSize = size; 123 g_baseFuzzPos = 0; 124 if (size > sizeof(int) + sizeof(int)) { 125 MessageParcel data1; 126 Parcel parcel; 127 sptr<IRemoteObject> iremoteobject = IRemoteObject::Unmarshalling(parcel); 128 int intdata = GetData<int>(); 129 void *voiddata = &intdata; 130 size_t size1 = sizeof(int); 131 data1.WriteRemoteObject(iremoteobject); 132 data1.WriteRawData(voiddata, size1); 133 data1.ReadRawData(size1); 134 MessageParcel reply; 135 MessageOption option; 136 uint32_t code = static_cast<uint32_t>(ConcurrentTaskInterfaceCode::QUERY_INTERVAL); 137 ConcurrentTaskService s = ConcurrentTaskService(); 138 s.OnRemoteRequest(code, data1, reply, option); 139 } 140 return true; 141} 142 143bool FuzzConcurrentTaskServiceQueryDeadline(const uint8_t* data, size_t size) 144{ 145 g_baseFuzzData = data; 146 g_baseFuzzSize = size; 147 g_baseFuzzPos = 0; 148 if (size > sizeof(int) + sizeof(int)) { 149 MessageParcel data1; 150 Parcel parcel; 151 sptr<IRemoteObject> iremoteobject = IRemoteObject::Unmarshalling(parcel); 152 int intdata = GetData<int>(); 153 void *voiddata = &intdata; 154 size_t size1 = sizeof(int); 155 data1.WriteRemoteObject(iremoteobject); 156 data1.WriteRawData(voiddata, size1); 157 data1.ReadRawData(size1); 158 MessageParcel reply; 159 MessageOption option; 160 uint32_t code = static_cast<uint32_t>(ConcurrentTaskInterfaceCode::QUERY_DEADLINE); 161 ConcurrentTaskService s = ConcurrentTaskService(); 162 s.OnRemoteRequest(code, data1, reply, option); 163 } 164 return true; 165} 166 167bool FuzzConcurrentTaskServiceRequestAuth(const uint8_t* data, size_t size) 168{ 169 g_baseFuzzData = data; 170 g_baseFuzzSize = size; 171 g_baseFuzzPos = 0; 172 if (size > sizeof(int) + sizeof(int)) { 173 MessageParcel data1; 174 Parcel parcel; 175 sptr<IRemoteObject> iremoteobject = IRemoteObject::Unmarshalling(parcel); 176 int intdata = GetData<int>(); 177 void *voiddata = &intdata; 178 size_t size1 = sizeof(int); 179 data1.WriteRemoteObject(iremoteobject); 180 data1.WriteRawData(voiddata, size1); 181 data1.ReadRawData(size1); 182 MessageParcel reply; 183 MessageOption option; 184 uint32_t code = static_cast<uint32_t>(ConcurrentTaskInterfaceCode::REQUEST_AUTH); 185 ConcurrentTaskService s = ConcurrentTaskService(); 186 s.OnRemoteRequest(code, data1, reply, option); 187 } 188 return true; 189} 190 191bool FuzzConcurrentTaskServiceStopRemoteObject(const uint8_t* data, size_t size) 192{ 193 g_baseFuzzData = data; 194 g_baseFuzzSize = size; 195 g_baseFuzzPos = 0; 196 ConcurrentTaskClient::GetInstance().StopRemoteObject(); 197 return true; 198} 199 200bool FuzzConcurrentTaskServiceSetThreadQos(const uint8_t* data, size_t size) 201{ 202 g_baseFuzzData = data; 203 g_baseFuzzSize = size; 204 g_baseFuzzPos = 0; 205 if (size > sizeof(int) + sizeof(int)) { 206 int level = GetData<int>(); 207 level = level % TEST_DATA_TENTH; 208 if (level == TEST_DATA_FIFTH || level == TEST_DATA_SECOND) { 209 QOS::SetThreadQos(QOS::QosLevel::QOS_BACKGROUND); 210 } else if (level == TEST_DATA_THIRD || level == TEST_DATA_FOURTH) { 211 QOS::SetThreadQos(QOS::QosLevel::QOS_UTILITY); 212 } else if (level == TEST_DATA_FIFTH || level == TEST_DATA_SIXTH) { 213 QOS::SetThreadQos(QOS::QosLevel::QOS_DEFAULT); 214 } else if (level == TEST_DATA_SEVENTH || level == TEST_DATA_EIGHTH) { 215 QOS::SetThreadQos(QOS::QosLevel::QOS_USER_INITIATED); 216 } 217 } 218 return true; 219} 220 221bool FuzzConcurrentTaskServiceSetQosForOtherThread(const uint8_t* data, size_t size) 222{ 223 g_baseFuzzData = data; 224 g_baseFuzzSize = size; 225 g_baseFuzzPos = 0; 226 if (size > sizeof(int) + sizeof(int)) { 227 int level = GetData<int>(); 228 int tid = GetData<int>(); 229 level = level % TEST_DATA_TENTH; 230 if (level == TEST_DATA_FIRST || level == TEST_DATA_SECOND) { 231 QOS::SetQosForOtherThread(QOS::QosLevel::QOS_BACKGROUND, tid); 232 } else if (level == TEST_DATA_THIRD || level == TEST_DATA_FOURTH) { 233 QOS::SetQosForOtherThread(QOS::QosLevel::QOS_UTILITY, tid); 234 } else if (level == TEST_DATA_FIFTH || level == TEST_DATA_SIXTH) { 235 QOS::SetQosForOtherThread(QOS::QosLevel::QOS_DEFAULT, tid); 236 } else if (level == TEST_DATA_SEVENTH || level == TEST_DATA_EIGHTH) { 237 QOS::SetQosForOtherThread(QOS::QosLevel::QOS_USER_INITIATED, tid); 238 } 239 } 240 return true; 241} 242 243bool FuzzConcurrentTaskServiceResetThreadQos(const uint8_t* data, size_t size) 244{ 245 g_baseFuzzData = data; 246 g_baseFuzzSize = size; 247 g_baseFuzzPos = 0; 248 QOS::ResetThreadQos(); 249 return true; 250} 251 252bool FuzzConcurrentTaskServiceResetQosForOtherThread(const uint8_t* data, size_t size) 253{ 254 g_baseFuzzData = data; 255 g_baseFuzzSize = size; 256 g_baseFuzzPos = 0; 257 if (size > sizeof(int) + sizeof(int)) { 258 int tid = GetData<int>(); 259 QOS::ResetQosForOtherThread(tid); 260 } 261 return true; 262} 263 264void FuzzQosPolicyInit(const uint8_t* data, size_t size) 265{ 266 g_baseFuzzData = data; 267 g_baseFuzzSize = size; 268 g_baseFuzzPos = 0; 269 QosPolicy qosPolicy; 270 qosPolicy.Init(); 271 return; 272} 273 274bool FuzzQosInterfaceEnableRtg(const uint8_t* data, size_t size) 275{ 276 g_baseFuzzData = data; 277 g_baseFuzzSize = size; 278 g_baseFuzzPos = 0; 279 if (size > sizeof(int) + sizeof(int)) { 280 bool flag = GetData<bool>(); 281 EnableRtg(flag); 282 } 283 return true; 284} 285 286bool FuzzQosInterfaceAuthEnable(const uint8_t* data, size_t size) 287{ 288 g_baseFuzzData = data; 289 g_baseFuzzSize = size; 290 g_baseFuzzPos = 0; 291 if (size > sizeof(unsigned int) + sizeof(unsigned int) + sizeof(unsigned int)) { 292 unsigned int pid = GetData<unsigned int>(); 293 unsigned int uaFlag = GetData<unsigned int>(); 294 unsigned int status = GetData<unsigned int>(); 295 AuthEnable(pid, uaFlag, status); 296 } 297 return true; 298} 299 300bool FuzzQosInterfaceAuthSwitch(const uint8_t* data, size_t size) 301{ 302 g_baseFuzzData = data; 303 g_baseFuzzSize = size; 304 g_baseFuzzPos = 0; 305 if (size > QUADRUPLE * sizeof(unsigned int)) { 306 unsigned int pid = GetData<unsigned int>(); 307 unsigned int rtgFlag = GetData<unsigned int>(); 308 unsigned int qosFlag = GetData<unsigned int>(); 309 unsigned int status = GetData<unsigned int>(); 310 AuthSwitch(pid, rtgFlag, qosFlag, status); 311 } 312 return true; 313} 314 315bool FuzzQosInterfaceAuthPause(const uint8_t* data, size_t size) 316{ 317 g_baseFuzzData = data; 318 g_baseFuzzSize = size; 319 g_baseFuzzPos = 0; 320 if (size > sizeof(unsigned int) + sizeof(unsigned int)) { 321 unsigned int pid = GetData<unsigned int>(); 322 AuthPause(pid); 323 } 324 return true; 325} 326 327bool FuzzQosInterfaceAuthGet(const uint8_t* data, size_t size) 328{ 329 g_baseFuzzData = data; 330 g_baseFuzzSize = size; 331 g_baseFuzzPos = 0; 332 if (size > sizeof(unsigned int) + sizeof(unsigned int)) { 333 unsigned int pid = GetData<unsigned int>(); 334 AuthGet(pid); 335 } 336 return true; 337} 338 339bool FuzzQosInterfaceAuthEnhance(const uint8_t* data, size_t size) 340{ 341 g_baseFuzzData = data; 342 g_baseFuzzSize = size; 343 g_baseFuzzPos = 0; 344 if (size > sizeof(unsigned int) + sizeof(unsigned int)) { 345 unsigned int pid = GetData<unsigned int>(); 346 bool enhanceStatus = GetData<bool>(); 347 AuthEnhance(pid, enhanceStatus); 348 } 349 return true; 350} 351 352bool FuzzQosInterfaceQosLeave(const uint8_t* data, size_t size) 353{ 354 g_baseFuzzData = data; 355 g_baseFuzzSize = size; 356 g_baseFuzzPos = 0; 357 QosLeave(); 358 return true; 359} 360 361bool FuzzConcurrentTaskServiceAbilityOnStart(const uint8_t* data, size_t size) 362{ 363 g_baseFuzzData = data; 364 g_baseFuzzSize = size; 365 g_baseFuzzPos = 0; 366 bool runOnCreate = true; 367 if (size > sizeof(int32_t) + sizeof(int32_t)) { 368 int32_t sysAbilityId = GetData<int32_t>(); 369 if ((sysAbilityId > ASSET_SERVICE_ID) && (sysAbilityId < VENDOR_SYS_ABILITY_ID_BEGIN)) { 370 ConcurrentTaskServiceAbility concurrenttaskserviceability = 371 ConcurrentTaskServiceAbility(sysAbilityId, runOnCreate); 372 concurrenttaskserviceability.OnStart(); 373 } 374 } 375 return true; 376} 377 378bool FuzzConcurrentTaskServiceAbilityOnStop(const uint8_t* data, size_t size) 379{ 380 g_baseFuzzData = data; 381 g_baseFuzzSize = size; 382 g_baseFuzzPos = 0; 383 bool runOnCreate = true; 384 if (size > sizeof(int32_t) + sizeof(int32_t)) { 385 int32_t sysAbilityId = GetData<int32_t>(); 386 if ((sysAbilityId > ASSET_SERVICE_ID) && (sysAbilityId < VENDOR_SYS_ABILITY_ID_BEGIN)) { 387 ConcurrentTaskServiceAbility concurrenttaskserviceability = 388 ConcurrentTaskServiceAbility(sysAbilityId, runOnCreate); 389 concurrenttaskserviceability.OnStop(); 390 } 391 } 392 return true; 393} 394 395bool FuzzConcurrentTaskServiceAbilityOnAddSystemAbility(const uint8_t* data, size_t size) 396{ 397 g_baseFuzzData = data; 398 g_baseFuzzSize = size; 399 g_baseFuzzPos = 0; 400 if (size > sizeof(int32_t) + sizeof(int32_t) + sizeof(int32_t)) { 401 bool runOnCreate = true; 402 int32_t sysAbilityId = GetData<int32_t>(); 403 int32_t taskServiceId = GetData<int32_t>(); 404 std::string deviceId = std::to_string(GetData<int32_t>()); 405 if ((sysAbilityId > ASSET_SERVICE_ID && sysAbilityId < VENDOR_SYS_ABILITY_ID_BEGIN) && 406 (taskServiceId > ASSET_SERVICE_ID && taskServiceId < VENDOR_SYS_ABILITY_ID_BEGIN)) { 407 ConcurrentTaskServiceAbility concurrenttaskserviceability = 408 ConcurrentTaskServiceAbility(taskServiceId, runOnCreate); 409 concurrenttaskserviceability.OnAddSystemAbility(sysAbilityId, deviceId); 410 } 411 } 412 return true; 413} 414 415bool FuzzConcurrentTaskServiceAbilityOnRemoveSystemAbility(const uint8_t* data, size_t size) 416{ 417 g_baseFuzzData = data; 418 g_baseFuzzSize = size; 419 g_baseFuzzPos = 0; 420 if (size > sizeof(int32_t) + sizeof(int32_t) + sizeof(int32_t)) { 421 bool runOnCreate = true; 422 int32_t sysAbilityId = GetData<int32_t>(); 423 int32_t taskServiceId = GetData<int32_t>(); 424 std::string deviceId = std::to_string(GetData<int32_t>()); 425 if ((sysAbilityId > ASSET_SERVICE_ID && sysAbilityId < VENDOR_SYS_ABILITY_ID_BEGIN) && 426 (taskServiceId > ASSET_SERVICE_ID && taskServiceId < VENDOR_SYS_ABILITY_ID_BEGIN)) { 427 ConcurrentTaskServiceAbility concurrenttaskserviceability = 428 ConcurrentTaskServiceAbility(taskServiceId, runOnCreate); 429 concurrenttaskserviceability.OnRemoveSystemAbility(sysAbilityId, deviceId); 430 } 431 } 432 return true; 433} 434 435bool FuzzConcurrentTaskServiceStubReportData(const uint8_t* data, size_t size) 436{ 437 g_baseFuzzData = data; 438 g_baseFuzzSize = size; 439 g_baseFuzzPos = 0; 440 if (size > sizeof(uint32_t) + sizeof(int64_t) + sizeof(uint32_t) + sizeof(uint32_t)) { 441 ConcurrentTaskService s = ConcurrentTaskService(); 442 uint32_t resType = GetData<uint32_t>(); 443 int64_t value = GetData<int64_t>(); 444 Json::Value jsValue; 445 jsValue["1111"] = std::to_string(GetData<uint32_t>()); 446 jsValue["2222"] = std::to_string(GetData<uint32_t>()); 447 s.ReportData(resType, value, jsValue); 448 } 449 return true; 450} 451 452bool FuzzConcurrentTaskServiceStubQueryInterval(const uint8_t* data, size_t size) 453{ 454 g_baseFuzzData = data; 455 g_baseFuzzSize = size; 456 g_baseFuzzPos = 0; 457 if (size > sizeof(int) + sizeof(int)) { 458 ConcurrentTaskService s = ConcurrentTaskService(); 459 int queryItem = GetData<int>(); 460 queryItem = queryItem % (QURRY_TYPE_MAX + 1); 461 IntervalReply queryRs; 462 s.QueryInterval(queryItem, queryRs); 463 } 464 return true; 465} 466 467bool FuzzConcurrentTaskServiceStubQueryDeadline(const uint8_t* data, size_t size) 468{ 469 g_baseFuzzData = data; 470 g_baseFuzzSize = size; 471 g_baseFuzzPos = 0; 472 if (size > sizeof(int) + sizeof(int) + sizeof(int)) { 473 int deadlineType = GetData<int>(); 474 deadlineType = deadlineType % (MSG_GAME + 1); 475 DeadlineReply queryRs; 476 Json::Value jsValue; 477 jsValue["2123"] = std::to_string(GetData<int>()); 478 jsValue["2333"] = std::to_string(GetData<int>()); 479 ConcurrentTaskService s = ConcurrentTaskService(); 480 s.QueryDeadline(deadlineType, queryRs, jsValue); 481 } 482 return true; 483} 484 485bool FuzzConcurrentTaskServiceStubRequestAuth(const uint8_t* data, size_t size) 486{ 487 g_baseFuzzData = data; 488 g_baseFuzzSize = size; 489 g_baseFuzzPos = 0; 490 if (size > sizeof(int) + sizeof(int)) { 491 Json::Value payload; 492 payload["2187"] = std::to_string(GetData<int>()); 493 payload["2376"] = std::to_string(GetData<int>()); 494 ConcurrentTaskService s = ConcurrentTaskService(); 495 s.RequestAuth(payload); 496 } 497 return true; 498} 499 500bool FuzzConcurrentTaskServiceStubQueryDeadlineInner(const uint8_t* data, size_t size) 501{ 502 g_baseFuzzData = data; 503 g_baseFuzzSize = size; 504 g_baseFuzzPos = 0; 505 MessageParcel data4; 506 int32_t intData; 507 data4.WriteInterfaceToken(ConcurrentTaskServiceStub::GetDescriptor()); 508 if (size >= sizeof(int32_t)) { 509 const char *str2; 510 intData = GetData<int32_t>(); 511 str2 = reinterpret_cast<const char*>(data + g_baseFuzzPos); 512 size_t size1 = (size - g_baseFuzzPos) > LEN ? LEN : (size - g_baseFuzzPos); 513 std::string str(str2, size1); 514 data4.WriteInt32(intData); 515 data4.WriteString(str); 516 } else if (size > 0) { 517 intData = GetData<int32_t>(); 518 data4.WriteInt32(intData); 519 } 520 521 MessageParcel reply; 522 ConcurrentTaskServiceStubFuzer s = ConcurrentTaskServiceStubFuzer(); 523 s.QueryDeadlineInner(data4, reply); 524 return true; 525} 526 527bool FuzzConcurrentTaskServiceStubRequestAuthInner(const uint8_t* data, size_t size) 528{ 529 if (data == nullptr) { 530 return false; 531 } 532 533 MessageParcel data3; 534 data3.WriteInterfaceToken(ConcurrentTaskServiceStub::GetDescriptor()); 535 if (size >= sizeof(int)) { 536 const char *data1 = reinterpret_cast<const char*>(data); 537 size_t size1 = size > LEN ? LEN : size; 538 std::string str1(data1, size1); 539 data3.WriteString(str1); 540 } else if (size == 0) { 541 std::string str1 = ""; 542 data3.WriteString(str1); 543 } 544 545 MessageParcel reply; 546 ConcurrentTaskServiceStubFuzer s = ConcurrentTaskServiceStubFuzer(); 547 s.RequestAuthInner(data3, reply); 548 return true; 549} 550 551bool FuzzConcurrentTaskServiceStringToJson(const uint8_t* data, size_t size) 552{ 553 const char *data1 = reinterpret_cast<const char*>(data); 554 size_t size1 = size > LEN ? LEN : size; 555 std::string str(data1, size1); 556 ConcurrentTaskServiceStubFuzer s = ConcurrentTaskServiceStubFuzer(); 557 s.StringToJson(str); 558 return true; 559} 560 561bool FuzzConcurrentTaskClientQueryInterval(const uint8_t* data, size_t size) 562{ 563 g_baseFuzzData = data; 564 g_baseFuzzSize = size; 565 g_baseFuzzPos = 0; 566 if (size > sizeof(int) + sizeof(int)) { 567 int queryItem = GetData<int>(); 568 queryItem = queryItem % (QURRY_TYPE_MAX + 1); 569 IntervalReply queryRs; 570 ConcurrentTaskClient::GetInstance().QueryInterval(queryItem, queryRs); 571 } 572 return true; 573} 574 575bool FuzzConcurrentTaskClientQueryDeadline(const uint8_t* data, size_t size) 576{ 577 g_baseFuzzData = data; 578 g_baseFuzzSize = size; 579 g_baseFuzzPos = 0; 580 if (size > sizeof(int) + sizeof(pid_t) + sizeof(uint32_t)) { 581 int queryItem = GetData<int>(); 582 queryItem = queryItem % (QURRY_TYPE_MAX + 1); 583 DeadlineReply ddlReply; 584 pid_t pid = GetData<pid_t>(); 585 uint32_t qos = GetData<uint32_t>(); 586 std::unordered_map<pid_t, uint32_t> mapPayload; 587 mapPayload.insert(std::pair<pid_t, uint32_t>(pid, qos)); 588 ConcurrentTaskClient::GetInstance().QueryDeadline(queryItem, ddlReply, mapPayload); 589 } 590 return true; 591} 592 593bool FuzzConcurrentTaskClinetRequestAuth(const uint8_t* data, size_t size) 594{ 595 g_baseFuzzData = data; 596 g_baseFuzzSize = size; 597 g_baseFuzzPos = 0; 598 if (size > sizeof(int32_t)) { 599 MessageParcel data1; 600 std::unordered_map<std::string, std::string> mapPayload; 601 mapPayload["2182"] = std::to_string(GetData<int32_t>()); 602 ConcurrentTaskClient::GetInstance().RequestAuth(mapPayload); 603 } 604 return true; 605} 606 607bool FuzzConcurrentTaskClientTryConnect(const uint8_t* data, size_t size) 608{ 609 g_baseFuzzData = data; 610 g_baseFuzzSize = size; 611 g_baseFuzzPos = 0; 612 ConcurrentTaskClient::GetInstance().TryConnect(); 613 return true; 614} 615 616bool FuzzConcurrentTaskClientStopRemoteObject(const uint8_t* data, size_t size) 617{ 618 g_baseFuzzData = data; 619 g_baseFuzzSize = size; 620 g_baseFuzzPos = 0; 621 ConcurrentTaskClient::GetInstance().StopRemoteObject(); 622 return true; 623} 624 625bool FuzzConcurrentTaskServiceProxyReportData(const uint8_t* data, size_t size) 626{ 627 g_baseFuzzData = data; 628 g_baseFuzzSize = size; 629 g_baseFuzzPos = 0; 630 if (size >= sizeof(uint32_t) + sizeof(int64_t) + sizeof(int32_t)) { 631 uint32_t intdata1 = GetData<int32_t>(); 632 int64_t intdata2 = GetData<int64_t>(); 633 Json::Value payload; 634 payload["2123"] = std::to_string(GetData<int32_t>()); 635 sptr<ISystemAbilityManager> systemAbilityManager = 636 SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); 637 sptr<IRemoteObject> remoteObject = systemAbilityManager->GetSystemAbility(CONCURRENT_TASK_SERVICE_ID); 638 ConcurrentTaskServiceProxy s = ConcurrentTaskServiceProxy(remoteObject); 639 s.ReportData(intdata1, intdata2, payload); 640 } 641 return true; 642} 643 644bool FuzzConcurrentTaskServiceProxyQueryInterval(const uint8_t* data, size_t size) 645{ 646 g_baseFuzzData = data; 647 g_baseFuzzSize = size; 648 g_baseFuzzPos = 0; 649 IntervalReply queryRs; 650 queryRs.rtgId = -1; 651 queryRs.paramA = -1; 652 queryRs.paramB = -1; 653 sptr<ISystemAbilityManager> systemAbilityManager = 654 SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); 655 sptr<IRemoteObject> remoteObject = systemAbilityManager->GetSystemAbility(CONCURRENT_TASK_SERVICE_ID); 656 if (size >= sizeof(int) + sizeof(int)) { 657 int intdata1 = GetData<int>(); 658 queryRs.tid = GetData<int>(); 659 ConcurrentTaskServiceProxy s = ConcurrentTaskServiceProxy(remoteObject); 660 s.QueryInterval(intdata1, queryRs); 661 } else if (size >= sizeof(int)) { 662 int queryItem = 12345; 663 queryRs.tid = GetData<int>(); 664 ConcurrentTaskServiceProxy s = ConcurrentTaskServiceProxy(remoteObject); 665 s.QueryInterval(queryItem, queryRs); 666 } 667 return true; 668} 669 670bool FuzzConcurrentTaskServiceProxyQueryDeadline(const uint8_t* data, size_t size) 671{ 672 g_baseFuzzData = data; 673 g_baseFuzzSize = size; 674 g_baseFuzzPos = 0; 675 if (size >= sizeof(int) + sizeof(int)) { 676 int queryItem = GetData<int>(); 677 queryItem = queryItem % (QURRY_TYPE_MAX + 1); 678 DeadlineReply ddlReply; 679 Json::Value payload; 680 payload["2147"] = std::to_string(GetData<int>()); 681 sptr<ISystemAbilityManager> systemAbilityManager = 682 SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); 683 sptr<IRemoteObject> remoteObject = systemAbilityManager->GetSystemAbility(CONCURRENT_TASK_SERVICE_ID); 684 ConcurrentTaskServiceProxy s = ConcurrentTaskServiceProxy(remoteObject); 685 s.QueryDeadline(queryItem, ddlReply, payload); 686 } 687 return true; 688} 689 690bool FuzzConcurrentTaskServiceProxyRequestAuth(const uint8_t* data, size_t size) 691{ 692 g_baseFuzzData = data; 693 g_baseFuzzSize = size; 694 g_baseFuzzPos = 0; 695 if (size >= sizeof(int)) { 696 Json::Value payload; 697 payload["2147"] = std::to_string(GetData<int>()); 698 sptr<ISystemAbilityManager> systemAbilityManager = 699 SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); 700 sptr<IRemoteObject> remoteObject = systemAbilityManager->GetSystemAbility(CONCURRENT_TASK_SERVICE_ID); 701 ConcurrentTaskServiceProxy s = ConcurrentTaskServiceProxy(remoteObject); 702 s.RequestAuth(payload); 703 } 704 return true; 705} 706 707bool FuzzTaskControllerQueryRenderService(const uint8_t* data, size_t size) 708{ 709 g_baseFuzzData = data; 710 g_baseFuzzSize = size; 711 g_baseFuzzPos = 0; 712 if (size > sizeof(int) + sizeof(int) + sizeof(int) + sizeof(int)) { 713 int uid = GetData<int>(); 714 IntervalReply queryRs; 715 queryRs.tid = GetData<int>(); 716 queryRs.rtgId = GetData<int>(); 717 queryRs.paramA = 1; 718 queryRs.paramB = 1; 719 TaskController::GetInstance().renderServiceMainGrpId_ = GetData<int>(); 720 TaskController::GetInstance().QueryRenderService(uid, queryRs); 721 } 722 return true; 723} 724 725bool FuzzTaskControllerQueryExecutorStart(const uint8_t* data, size_t size) 726{ 727 g_baseFuzzData = data; 728 g_baseFuzzSize = size; 729 g_baseFuzzPos = 0; 730 if (size > sizeof(int) + sizeof(int) + sizeof(int) + sizeof(int)) { 731 int uid = GetData<int>(); 732 IntervalReply queryRs; 733 queryRs.tid = GetData<int>(); 734 queryRs.rtgId = GetData<int>(); 735 queryRs.paramA = 1; 736 queryRs.paramB = 1; 737 TaskController::GetInstance().renderServiceMainGrpId_ = GetData<int>(); 738 TaskController::GetInstance().QueryRenderService(uid, queryRs); 739 } 740 return true; 741} 742 743bool FuzzTaskControllerGetRequestType(const uint8_t* data, size_t size) 744{ 745 g_baseFuzzData = data; 746 g_baseFuzzSize = size; 747 g_baseFuzzPos = 0; 748 if (size > sizeof(int)) { 749 std::string msgType = std::to_string(GetData<int>()); 750 TaskController::GetInstance().GetRequestType(msgType); 751 } 752 return true; 753} 754 755bool FuzzTaskControllerDealSystemRequest(const uint8_t* data, size_t size) 756{ 757 g_baseFuzzData = data; 758 g_baseFuzzSize = size; 759 g_baseFuzzPos = 0; 760 if (size > sizeof(int) + sizeof(int) + sizeof(int)) { 761 Json::Value payload; 762 payload["pid"] = GetData<int>(); 763 payload["uid"] = GetData<int>(); 764 int requestType = GetData<int>(); 765 TaskController::GetInstance().DealSystemRequest(requestType, payload); 766 } 767 return true; 768} 769 770bool FuzzTaskControllerNewForeground(const uint8_t* data, size_t size) 771{ 772 g_baseFuzzData = data; 773 g_baseFuzzSize = size; 774 g_baseFuzzPos = 0; 775 if (size > sizeof(int) + sizeof(int)) { 776 int uid = GetData<int>(); 777 int pid = GetData<int>(); 778 TaskController::GetInstance().NewForeground(uid, pid); 779 } 780 return true; 781} 782 783bool FuzzTaskControllerNewForegroundAppRecord(const uint8_t* data, size_t size) 784{ 785 g_baseFuzzData = data; 786 g_baseFuzzSize = size; 787 g_baseFuzzPos = 0; 788 if (size > sizeof(int) + sizeof(int) + sizeof(int)) { 789 int pid = GetData<int>(); 790 int uiPid = GetData<int>(); 791 bool ddlEnable = GetData<bool>(); 792 TaskController::GetInstance().NewForegroundAppRecord(pid, uiPid, ddlEnable); 793 } 794 return true; 795} 796 797bool FuzzTaskControllerNewBackground(const uint8_t* data, size_t size) 798{ 799 g_baseFuzzData = data; 800 g_baseFuzzSize = size; 801 g_baseFuzzPos = 0; 802 if (size > sizeof(int) + sizeof(int)) { 803 int pid = GetData<int>(); 804 int uid = GetData<int>(); 805 TaskController::GetInstance().NewBackground(uid, pid); 806 } 807 return true; 808} 809 810bool FuzzTaskControllerNewAppStart(const uint8_t* data, size_t size) 811{ 812 g_baseFuzzData = data; 813 g_baseFuzzSize = size; 814 g_baseFuzzPos = 0; 815 if (size > sizeof(int) + sizeof(int) + sizeof(int)) { 816 int pid = GetData<int>(); 817 int uid = GetData<int>(); 818 std::string bundleName = std::to_string(GetData<int>()); 819 TaskController::GetInstance().NewAppStart(uid, pid, bundleName); 820 } 821 return true; 822} 823 824bool FuzzTaskControllerAppKilled(const uint8_t* data, size_t size) 825{ 826 g_baseFuzzData = data; 827 g_baseFuzzSize = size; 828 g_baseFuzzPos = 0; 829 if (size > sizeof(int) + sizeof(int)) { 830 int pid = GetData<int>(); 831 int uid = GetData<int>(); 832 TaskController::GetInstance().AppKilled(uid, pid); 833 } 834 return true; 835} 836 837bool FuzzTaskControllerAuthSystemProcess(const uint8_t* data, size_t size) 838{ 839 g_baseFuzzData = data; 840 g_baseFuzzSize = size; 841 g_baseFuzzPos = 0; 842 if (size > sizeof(int)) { 843 int pid = GetData<int>(); 844 TaskController::GetInstance().AuthSystemProcess(pid); 845 } 846 return true; 847} 848 849bool FuzzTaskControllerContinuousTaskProcess(const uint8_t* data, size_t size) 850{ 851 g_baseFuzzData = data; 852 g_baseFuzzSize = size; 853 g_baseFuzzPos = 0; 854 if (size > sizeof(int) + sizeof(int) + sizeof(int)) { 855 int pid = GetData<int>(); 856 int uid = GetData<int>(); 857 int status = GetData<int>(); 858 TaskController::GetInstance().ContinuousTaskProcess(uid, pid, status); 859 } 860 return true; 861} 862 863bool FuzzTaskControllerFocusStatusProcess(const uint8_t* data, size_t size) 864{ 865 g_baseFuzzData = data; 866 g_baseFuzzSize = size; 867 g_baseFuzzPos = 0; 868 if (size > sizeof(int) + sizeof(int) + sizeof(int)) { 869 int pid = GetData<int>(); 870 int uid = GetData<int>(); 871 int status = GetData<int>(); 872 TaskController::GetInstance().FocusStatusProcess(uid, pid, status); 873 } 874 return true; 875} 876 877bool FuzzTaskControllerModifyGameState(const uint8_t* data, size_t size) 878{ 879 g_baseFuzzData = data; 880 g_baseFuzzSize = size; 881 g_baseFuzzPos = 0; 882 if (size > sizeof(int) + sizeof(int)) { 883 const char* str1 = reinterpret_cast<const char*>(data + g_baseFuzzPos); 884 size_t size1 = (size - g_baseFuzzPos) > LEN ? LEN : (size - g_baseFuzzPos); 885 std::string gameMsg(str1, size1); 886 Json::Value payload; 887 payload["gameMsg"] = gameMsg.c_str(); 888 TaskController::GetInstance().ModifyGameState(payload); 889 } else { 890 Json::Value payload; 891 payload["gameMsg"] = "gameScene\":\"1"; 892 TaskController::GetInstance().ModifyGameState(payload); 893 } 894 return true; 895} 896 897bool FuzzTaskControllerModifySystemRate(const uint8_t* data, size_t size) 898{ 899 g_baseFuzzData = data; 900 g_baseFuzzSize = size; 901 g_baseFuzzPos = 0; 902 if (size > sizeof(int) + sizeof(int)) { 903 const char* str1 = reinterpret_cast<const char*>(data + g_baseFuzzPos); 904 size_t size1 = (size - g_baseFuzzPos) > LEN ? LEN : (size - g_baseFuzzPos); 905 std::string gameMsg(str1, size1); 906 Json::Value payload; 907 payload["gameMsg"] = gameMsg.c_str(); 908 TaskController::GetInstance().ModifyGameState(payload); 909 } else { 910 Json::Value payload; 911 payload["gameMsg"] = "gameScene\":\"1"; 912 TaskController::GetInstance().ModifyGameState(payload); 913 } 914 return true; 915} 916 917bool FuzzTaskControllerSetAppRate(const uint8_t* data, size_t size) 918{ 919 g_baseFuzzData = data; 920 g_baseFuzzSize = size; 921 g_baseFuzzPos = 0; 922 if (size > sizeof(int) + sizeof(int) + sizeof(int)) { 923 Json::Value payload; 924 payload[std::to_string(GetData<int>()).c_str()] = std::to_string(GetData<int>()).c_str(); 925 TaskController::GetInstance().SetAppRate(payload); 926 } else { 927 Json::Value payload; 928 payload["-1"] = std::to_string(GetData<int>()).c_str(); 929 TaskController::GetInstance().SetAppRate(payload); 930 } 931 return true; 932} 933 934bool FuzzTaskControllerSetRenderServiceRate(const uint8_t* data, size_t size) 935{ 936 g_baseFuzzData = data; 937 g_baseFuzzSize = size; 938 g_baseFuzzPos = 0; 939 if (size > sizeof(int) + sizeof(int) + sizeof(int)) { 940 Json::Value payload; 941 payload[std::to_string(GetData<int>()).c_str()] = std::to_string(GetData<int>()).c_str(); 942 TaskController::GetInstance().SetRenderServiceRate(payload); 943 } 944 return true; 945} 946 947bool FuzzTaskControllerCheckJsonValid(const uint8_t* data, size_t size) 948{ 949 g_baseFuzzData = data; 950 g_baseFuzzSize = size; 951 g_baseFuzzPos = 0; 952 if (size > sizeof(int) + sizeof(int)) { 953 Json::Value payload; 954 payload[std::to_string(GetData<int>()).c_str()] = std::to_string(GetData<int>()).c_str(); 955 TaskController::GetInstance().CheckJsonValid(payload); 956 } 957 return true; 958} 959 960bool FuzzQosControllerGetThreadQosForOtherThread(const uint8_t* data, size_t size) 961{ 962 g_baseFuzzData = data; 963 g_baseFuzzSize = size; 964 g_baseFuzzPos = 0; 965 if (size > sizeof(int)) { 966 enum QosLevel level; 967 int32_t tid = GetData<int>(); 968 QosController::GetInstance().GetThreadQosForOtherThread(level, tid); 969 } 970 return true; 971} 972} // namespace OHOS 973 974static void TaskControllerFuzzTestSuit(const uint8_t *data, size_t size) 975{ 976 OHOS::FuzzTaskControllerQueryRenderService(data, size); 977 OHOS::FuzzTaskControllerQueryExecutorStart(data, size); 978 OHOS::FuzzTaskControllerGetRequestType(data, size); 979 OHOS::FuzzTaskControllerDealSystemRequest(data, size); 980 OHOS::FuzzTaskControllerNewForeground(data, size); 981 OHOS::FuzzTaskControllerNewForegroundAppRecord(data, size); 982 OHOS::FuzzTaskControllerNewBackground(data, size); 983 OHOS::FuzzTaskControllerNewAppStart(data, size); 984 OHOS::FuzzTaskControllerAppKilled(data, size); 985 OHOS::FuzzTaskControllerAuthSystemProcess(data, size); 986 OHOS::FuzzTaskControllerContinuousTaskProcess(data, size); 987 OHOS::FuzzTaskControllerFocusStatusProcess(data, size); 988 OHOS::FuzzTaskControllerModifyGameState(data, size); 989 OHOS::FuzzTaskControllerSetAppRate(data, size); 990 OHOS::FuzzTaskControllerModifySystemRate(data, size); 991 OHOS::FuzzTaskControllerSetRenderServiceRate(data, size); 992 OHOS::FuzzTaskControllerCheckJsonValid(data, size); 993 OHOS::FuzzQosControllerGetThreadQosForOtherThread(data, size); 994} 995 996/* Fuzzer entry point */ 997extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 998{ 999 /* Run your code on data */ 1000 OHOS::FuzzConcurrentTaskTryConnect(data, size); 1001 OHOS::FuzzConcurrentTaskServiceReportData(data, size); 1002 OHOS::FuzzConcurrentTaskServiceRequestAuth(data, size); 1003 OHOS::FuzzConcurrentTaskServiceQueryInterval(data, size); 1004 OHOS::FuzzConcurrentTaskServiceStopRemoteObject(data, size); 1005 OHOS::FuzzConcurrentTaskServiceSetThreadQos(data, size); 1006 OHOS::FuzzConcurrentTaskServiceSetQosForOtherThread(data, size); 1007 OHOS::FuzzConcurrentTaskServiceResetThreadQos(data, size); 1008 OHOS::FuzzConcurrentTaskServiceResetQosForOtherThread(data, size); 1009 OHOS::FuzzConcurrentTaskServiceQueryDeadline(data, size); 1010 OHOS::FuzzQosPolicyInit(data, size); 1011 OHOS::FuzzQosInterfaceEnableRtg(data, size); 1012 OHOS::FuzzQosInterfaceAuthEnable(data, size); 1013 OHOS::FuzzQosInterfaceAuthSwitch(data, size); 1014 OHOS::FuzzQosInterfaceAuthGet(data, size); 1015 OHOS::FuzzQosInterfaceAuthEnhance(data, size); 1016 OHOS::FuzzQosInterfaceAuthPause(data, size); 1017 OHOS::FuzzQosInterfaceQosLeave(data, size); 1018 OHOS::FuzzConcurrentTaskServiceStubReportData(data, size); 1019 OHOS::FuzzConcurrentTaskServiceStubQueryInterval(data, size); 1020 OHOS::FuzzConcurrentTaskServiceStubQueryDeadline(data, size); 1021 OHOS::FuzzConcurrentTaskServiceStubRequestAuth(data, size); 1022 OHOS::FuzzConcurrentTaskServiceAbilityOnStart(data, size); 1023 OHOS::FuzzConcurrentTaskServiceAbilityOnStop(data, size); 1024 OHOS::FuzzConcurrentTaskServiceAbilityOnAddSystemAbility(data, size); 1025 OHOS::FuzzConcurrentTaskServiceAbilityOnRemoveSystemAbility(data, size); 1026 OHOS::FuzzConcurrentTaskServiceStubQueryDeadlineInner(data, size); 1027 OHOS::FuzzConcurrentTaskServiceStubRequestAuthInner(data, size); 1028 OHOS::FuzzConcurrentTaskServiceStringToJson(data, size); 1029 OHOS::FuzzConcurrentTaskClientQueryInterval(data, size); 1030 OHOS::FuzzConcurrentTaskServiceStubQueryDeadline(data, size); 1031 OHOS::FuzzConcurrentTaskClinetRequestAuth(data, size); 1032 OHOS::FuzzConcurrentTaskClientTryConnect(data, size); 1033 OHOS::FuzzConcurrentTaskClientStopRemoteObject(data, size); 1034 OHOS::FuzzConcurrentTaskServiceProxyReportData(data, size); 1035 OHOS::FuzzConcurrentTaskServiceProxyQueryInterval(data, size); 1036 OHOS::FuzzConcurrentTaskServiceProxyQueryDeadline(data, size); 1037 OHOS::FuzzConcurrentTaskServiceProxyRequestAuth(data, size); 1038 TaskControllerFuzzTestSuit(data, size); 1039 return 0; 1040} 1041