1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <cstddef>
17 #include <cstdint>
18 #include <iostream>
19 #include <memory>
20
21 #include "avsession_item.h"
22 #include "iav_session.h"
23 #include "iremote_stub.h"
24 #include "avsession_stub.h"
25 #include "avsession_callback_proxy.h"
26 #include "avsession_controller_stub.h"
27 #include "avsession_service.h"
28 #include "avsession_errors.h"
29 #include "system_ability_definition.h"
30 #include "avcontrol_command.h"
31 #include "avcall_meta_data.h"
32 #include "avcall_state.h"
33 #include "avsessionitem_fuzzer.h"
34
35 using namespace std;
36 namespace OHOS {
37 namespace AVSession {
38 static const int32_t MAX_CODE_TEST = 24;
39 static const int32_t MAX_CODE_LEN = 512;
40 static const int32_t MIN_SIZE_NUM = 4;
41
AvSessionItemFuzzerTest(uint8_t * data,size_t size)42 void AvSessionItemFuzzer::AvSessionItemFuzzerTest(uint8_t* data, size_t size)
43 {
44 if ((data == nullptr) || (size > MAX_CODE_LEN) || (size < MIN_SIZE_NUM)) {
45 return;
46 }
47 uint32_t code = *(reinterpret_cast<const uint32_t*>(data));
48 if (code >= MAX_CODE_TEST) {
49 return;
50 }
51 std::string tag(reinterpret_cast<const char*>(data), size);
52 int32_t type = *reinterpret_cast<const int32_t*>(data);
53 std::string bundleName(reinterpret_cast<const char*>(data), size);
54 std::string abilityName(reinterpret_cast<const char*>(data), size);
55
56 AppExecFwk::ElementName elementName;
57 elementName.SetBundleName(bundleName);
58 elementName.SetAbilityName(abilityName);
59
60 sptr<AVSessionService> service = new AVSessionService(AVSESSION_SERVICE_ID);
61 if (!service) {
62 SLOGI("service is null");
63 return;
64 }
65 sptr<IRemoteObject> avSessionItemObj = service->CreateSessionInner(tag, type, elementName);
66 sptr<AVSessionItem> avSessionItem = (sptr<AVSessionItem>&)avSessionItemObj;
67 if (!avSessionItem) {
68 SLOGI("avSessionItem is null");
69 return;
70 }
71 MessageParcel dataMessageParcel;
72 MessageParcel reply;
73 MessageOption option;
74 if (!dataMessageParcel.WriteInterfaceToken(IAVSession::GetDescriptor())) {
75 return;
76 }
77 size -= sizeof(uint32_t);
78 dataMessageParcel.WriteBuffer(data + sizeof(uint32_t), size);
79 dataMessageParcel.RewindRead(0);
80 avSessionItem->OnRemoteRequest(code, dataMessageParcel, reply, option);
81 }
82
AvSessionItemTest(uint8_t * data,size_t size)83 void AvSessionItemTest(uint8_t *data, size_t size)
84 {
85 if ((data == nullptr) || (size > MAX_CODE_LEN) || (size < MIN_SIZE_NUM)) {
86 return;
87 }
88 sptr<AVSessionService> service = new AVSessionService(AVSESSION_SERVICE_ID);
89 if (!service) {
90 SLOGI("service is null");
91 return;
92 }
93 std::string tag("audio");
94 int32_t type = 0;
95 AppExecFwk::ElementName elementName;
96 elementName.SetBundleName("bundleName");
97 elementName.SetAbilityName("abilityName");
98 sptr<IRemoteObject> avSessionItemObj = service->CreateSessionInner(tag, type, elementName);
99 sptr<AVSessionItem> avSessionItem = (sptr<AVSessionItem>&)avSessionItemObj;
100 if (!avSessionItem) {
101 SLOGI("avSessionItem is null");
102 return;
103 }
104 AvSessionItemTestImpl(avSessionItem, data, size);
105 AvSessionCallItemTest(avSessionItem, data, size);
106 AvSessionItemTestImplExtension(avSessionItem, data, size);
107 AvSessionCallItemTestExtension(avSessionItem, data, size);
108 }
109
AvSessionItemTestImpl(sptr<AVSessionItem> avSessionItem,const uint8_t * data,size_t size)110 void AvSessionItemTestImpl(sptr<AVSessionItem> avSessionItem, const uint8_t* data, size_t size)
111 {
112 AVPlaybackState avState;
113 int32_t state = *(reinterpret_cast<const int32_t *>(data));
114 avState.SetState(state);
115
116 AVMetaData metaData;
117 std::string assetId(reinterpret_cast<const char *>(data), size);
118 metaData.SetAssetId(assetId);
119
120 std::vector<int32_t> cmds;
121 int32_t fuzzCmds = *(reinterpret_cast<const int32_t *>(data));
122 cmds.push_back(fuzzCmds);
123
124 bool top = *(reinterpret_cast<const bool *>(data));
125
126 AVControlCommand controlCommand;
127 int32_t cmd = *(reinterpret_cast<const int32_t *>(data));
128 controlCommand.SetCommand(cmd);
129
130 OutputDeviceInfo info;
131 DeviceInfo deviceInfo;
132 deviceInfo.castCategory_ = 0;
133 std::string deviceId(reinterpret_cast<const char *>(data), size);
134 deviceInfo.deviceId_= deviceId;
135 std::string deviceName(reinterpret_cast<const char *>(data), size);
136 deviceInfo.deviceName_ = deviceName;
137 info.deviceInfos_.push_back(deviceInfo);
138
139 avSessionItem->ExecuteControllerCommand(controlCommand);
140 avSessionItem->SetTop(top);
141 avSessionItem->SetOutputDevice(info);
142 avSessionItem->GetOutputDevice(info);
143 avSessionItem->AddSupportCommand(controlCommand.GetCommand());
144 avSessionItem->DeleteSupportCommand(controlCommand.GetCommand());
145 avSessionItem->GetSessionId();
146 avSessionItem->GetAVMetaData(metaData);
147 avSessionItem->SetAVMetaData(metaData);
148 avSessionItem->GetAVPlaybackState(avState);
149 avSessionItem->Activate();
150 avSessionItem->Deactivate();
151 avSessionItem->IsActive();
152 avSessionItem->Destroy();
153 avSessionItem->SetAVPlaybackState(avState);
154 avSessionItem->GetPlaybackState();
155 avSessionItem->GetMetaData();
156 avSessionItem->GetSupportCommand();
157 avSessionItem->GetPid();
158 avSessionItem->GetUid();
159 avSessionItem->GetAbilityName();
160 avSessionItem->GetRemoteSource();
161 }
162
AvSessionItemTestImplExtension(sptr<AVSessionItem> avSessionItem,const uint8_t * data,size_t size)163 void AvSessionItemTestImplExtension(sptr<AVSessionItem> avSessionItem, const uint8_t* data, size_t size)
164 {
165 int32_t state = *(reinterpret_cast<const int32_t *>(data));
166 int32_t itemId = *(reinterpret_cast<const int32_t *>(data));
167 int32_t pid = *(reinterpret_cast<const int32_t *>(data));
168 int32_t uid = *(reinterpret_cast<const int32_t *>(data));
169
170 OutputDeviceInfo info;
171 DeviceInfo deviceInfo;
172 deviceInfo.castCategory_ = 0;
173 std::string deviceId(reinterpret_cast<const char *>(data), size);
174 deviceInfo.deviceId_= deviceId;
175 std::string deviceName(reinterpret_cast<const char *>(data), size);
176 deviceInfo.deviceName_ = deviceName;
177 info.deviceInfos_.push_back(deviceInfo);
178
179 std::vector<AVQueueItem> avQueueItems;
180 AVQueueItem avQueueItem;
181 avQueueItem.SetItemId(*(reinterpret_cast<const int32_t *>(data)));
182 avQueueItems.push_back(avQueueItem);
183
184 std::string title(reinterpret_cast<const char *>(data), size);
185 std::string commonCommand(reinterpret_cast<const char *>(data), size);
186
187 auto wantAgentPtr = std::make_shared<AbilityRuntime::WantAgent::WantAgent>();
188
189 AAFwk::WantParams wantParams;
190
191 auto keyEvent = MMI::KeyEvent::Create();
192 keyEvent->SetKeyCode(*(reinterpret_cast<const int32_t*>(data)));
193 MMI::KeyEvent::KeyItem keyItem;
194 keyItem.SetKeyCode(*(reinterpret_cast<const int32_t*>(data)));
195 keyEvent->AddKeyItem(keyItem);
196
197 sptr<AVControllerItem> avControllerItem = new(std::nothrow) AVControllerItem(pid, avSessionItem);
198 if (avControllerItem == nullptr) {
199 return;
200 }
201
202 avSessionItem->SetAVQueueItems(avQueueItems);
203 avSessionItem->GetAVQueueItems(avQueueItems);
204 avSessionItem->SetAVQueueTitle(title);
205 avSessionItem->GetAVQueueTitle(title);
206 avSessionItem->SetLaunchAbility(*wantAgentPtr);
207 avSessionItem->SetExtras(wantParams);
208 avSessionItem->GetExtras(wantParams);
209 avSessionItem->HandleMediaKeyEvent(*keyEvent);
210 avSessionItem->HandleOutputDeviceChange(state, info);
211 avSessionItem->HandleSkipToQueueItem(itemId);
212 avSessionItem->ExecueCommonCommand(commonCommand, wantParams);
213 avSessionItem->AddController(pid, avControllerItem);
214 avSessionItem->SetPid(pid);
215 avSessionItem->SetUid(uid);
216 avSessionItem->HandleControllerRelease(pid);
217 }
218
AvSessionCallItemTest(sptr<AVSessionItem> avSessionItem,const uint8_t * data,size_t size)219 void AvSessionCallItemTest(sptr<AVSessionItem> avSessionItem, const uint8_t* data, size_t size)
220 {
221 AVCallMetaData callMetaData;
222 int32_t numberDate = *(reinterpret_cast<const int32_t*>(data));
223 std::string dataToS(std::to_string(numberDate));
224 std::string strCallMetaData(dataToS);
225 callMetaData.SetName(strCallMetaData);
226 callMetaData.SetPhoneNumber(strCallMetaData);
227
228 AVCallState avCallState;
229 int32_t callState = std::stoi(dataToS);
230 avCallState.SetAVCallState(callState);
231 bool mute = std::stoi(dataToS);
232 avCallState.SetAVCallMuted(mute);
233
234 avSessionItem->SetAVCallMetaData(callMetaData);
235 avSessionItem->SetAVCallState(avCallState);
236 }
237
AvSessionCallItemTestExtension(sptr<AVSessionItem> avSessionItem,const uint8_t * data,size_t size)238 void AvSessionCallItemTestExtension(sptr<AVSessionItem> avSessionItem, const uint8_t* data, size_t size)
239 {
240 string sinkDevice(reinterpret_cast<const char *>(data), size);
241 string event(reinterpret_cast<const char *>(data), size);
242
243 auto releaseAndStartCallback = [](AVSessionItem& item) {};
244 auto updateSessionCallback = [](string str, bool flag) {};
245
246 AAFwk::WantParams wantParams;
247
248 avSessionItem->GetSessionType();
249 avSessionItem->DestroyTask();
250 avSessionItem->GetDescriptor();
251 avSessionItem->GetAVCallState();
252 avSessionItem->GetAVCallMetaData();
253 avSessionItem->GetQueueItems();
254 avSessionItem->GetQueueTitle();
255 avSessionItem->GetExtras();
256 avSessionItem->GetLaunchAbility();
257 avSessionItem->GetBundleName();
258 avSessionItem->SetServiceCallbackForRelease(releaseAndStartCallback);
259 avSessionItem->SetServiceCallbackForCallStart(releaseAndStartCallback);
260 avSessionItem->SourceCancelCastAudio(sinkDevice);
261 avSessionItem->SinkCancelCastAudio();
262 avSessionItem->SetSessionEvent(event, wantParams);
263 avSessionItem->SetServiceCallbackForAVQueueInfo(releaseAndStartCallback);
264 avSessionItem->SetServiceCallbackForUpdateSession(updateSessionCallback);
265 }
266
AvSessionItemOnRemoteRequest(uint8_t * data,size_t size)267 void AvSessionItemOnRemoteRequest(uint8_t *data, size_t size)
268 {
269 auto avSessionItem = std::make_unique<AvSessionItemFuzzer>();
270 if (avSessionItem == nullptr) {
271 SLOGI("avSessionItem is null");
272 return;
273 }
274 avSessionItem->AvSessionItemFuzzerTest(data, size);
275 }
276
277 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)278 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
279 {
280 /* Run your code on data */
281 AvSessionItemOnRemoteRequest(const_cast<uint8_t*>(data), size);
282 AvSessionItemTest(const_cast<uint8_t*>(data), size);
283 return 0;
284 }
285 } // namespace AVSession
286 } // namespace OHOS
287