1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "appspawnclient_fuzzer.h"
17 #include <string>
18 #include "appspawn.h"
19
20 namespace OHOS {
FuzzAppSpawnClientInit(const uint8_t * data,size_t size)21 int FuzzAppSpawnClientInit(const uint8_t *data, size_t size)
22 {
23 const char *name = APPSPAWN_SERVER_NAME;
24 AppSpawnClientHandle handle = nullptr;
25 return AppSpawnClientInit(name, &handle);
26 }
27
FuzzAppSpawnClientDestroy(const uint8_t * data,size_t size)28 int FuzzAppSpawnClientDestroy(const uint8_t *data, size_t size)
29 {
30 const char *name = APPSPAWN_SERVER_NAME;
31 AppSpawnClientHandle handle = nullptr;
32 if (AppSpawnClientInit(name, &handle) != 0) {
33 return -1;
34 }
35 return AppSpawnClientDestroy(handle);
36 }
37
FuzzAppSpawnReqMsgCreate(const uint8_t * data,size_t size)38 int FuzzAppSpawnReqMsgCreate(const uint8_t *data, size_t size)
39 {
40 const char *name = APPSPAWN_SERVER_NAME;
41 AppSpawnClientHandle handle = nullptr;
42 if (AppSpawnClientInit(name, &handle) != 0) {
43 return -1;
44 }
45 AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
46 std::string processName(reinterpret_cast<const char*>(data), size);
47 AppSpawnReqMsgHandle reqHandle = nullptr;
48 (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
49 AppSpawnReqMsgFree(reqHandle);
50 return AppSpawnClientDestroy(handle);
51 }
52
FuzzAppSpawnReqMsgAddStringInfo(const uint8_t * data,size_t size)53 int FuzzAppSpawnReqMsgAddStringInfo(const uint8_t *data, size_t size)
54 {
55 const char *name = APPSPAWN_SERVER_NAME;
56 AppSpawnClientHandle handle = nullptr;
57 if (AppSpawnClientInit(name, &handle) != 0) {
58 return -1;
59 }
60 AppSpawnReqMsgHandle reqHandle = nullptr;
61 std::string processName(reinterpret_cast<const char*>(data), size);
62 AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
63 (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
64 (void)AppSpawnReqMsgAddStringInfo(reqHandle, processName.c_str(), processName.c_str());
65 AppSpawnReqMsgFree(reqHandle);
66 return AppSpawnClientDestroy(handle);
67 }
68
FuzzAppSpawnTerminateMsgCreate(const uint8_t * data,size_t size)69 int FuzzAppSpawnTerminateMsgCreate(const uint8_t *data, size_t size)
70 {
71 const char *name = APPSPAWN_SERVER_NAME;
72 AppSpawnClientHandle handle = nullptr;
73 if (AppSpawnClientInit(name, &handle) != 0) {
74 return -1;
75 }
76 pid_t pid = static_cast<pid_t>(size);
77 AppSpawnReqMsgHandle reqHandle = nullptr;
78 AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
79 std::string processName(reinterpret_cast<const char*>(data), size);
80 (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
81 (void)AppSpawnTerminateMsgCreate(pid, &reqHandle);
82 AppSpawnReqMsgFree(reqHandle);
83 return AppSpawnClientDestroy(handle);
84 }
85
FuzzAppSpawnClientSendMsg(const uint8_t * data,size_t size)86 int FuzzAppSpawnClientSendMsg(const uint8_t *data, size_t size)
87 {
88 const char *name = APPSPAWN_SERVER_NAME;
89 AppSpawnClientHandle handle = nullptr;
90 if (AppSpawnClientInit(name, &handle) != 0) {
91 return -1;
92 }
93 AppSpawnReqMsgHandle reqHandle = nullptr;
94 AppSpawnResult appResult = {static_cast<int>(size), 0};
95 AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
96 std::string processName(reinterpret_cast<const char*>(data), size);
97 (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
98 (void)AppSpawnClientSendMsg(handle, reqHandle, &appResult);
99 return AppSpawnClientDestroy(handle);
100 }
101
FuzzAppSpawnReqMsgFree(const uint8_t * data,size_t size)102 int FuzzAppSpawnReqMsgFree(const uint8_t *data, size_t size)
103 {
104 const char *name = APPSPAWN_SERVER_NAME;
105 AppSpawnClientHandle handle = nullptr;
106 if (AppSpawnClientInit(name, &handle) != 0) {
107 return -1;
108 }
109 AppSpawnReqMsgHandle reqHandle = nullptr;
110 AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
111 std::string processName(reinterpret_cast<const char*>(data), size);
112 (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
113 AppSpawnReqMsgFree(reqHandle);
114 return AppSpawnClientDestroy(handle);
115 }
116
FuzzAppSpawnReqMsgSetBundleInfo(const uint8_t * data,size_t size)117 int FuzzAppSpawnReqMsgSetBundleInfo(const uint8_t *data, size_t size)
118 {
119 const char *name = APPSPAWN_SERVER_NAME;
120 AppSpawnClientHandle handle = nullptr;
121 if (AppSpawnClientInit(name, &handle) != 0) {
122 return -1;
123 }
124 AppSpawnReqMsgHandle reqHandle = nullptr;
125 AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
126 std::string processName(reinterpret_cast<const char*>(data), size);
127 (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
128 uint32_t bundleIndex = static_cast<uint32_t>(size);
129 std::string bundleName(reinterpret_cast<const char*>(data), size);
130 (void)AppSpawnReqMsgSetBundleInfo(reqHandle, bundleIndex, bundleName.c_str());
131 AppSpawnReqMsgFree(reqHandle);
132 return AppSpawnClientDestroy(handle);
133 }
134
FuzzAppSpawnReqMsgSetAppFlag(const uint8_t * data,size_t size)135 int FuzzAppSpawnReqMsgSetAppFlag(const uint8_t *data, size_t size)
136 {
137 const char *name = APPSPAWN_SERVER_NAME;
138 AppSpawnClientHandle handle = nullptr;
139 if (AppSpawnClientInit(name, &handle) != 0) {
140 return -1;
141 }
142 AppSpawnReqMsgHandle reqHandle = nullptr;
143 AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
144 std::string processName(reinterpret_cast<const char*>(data), size);
145 (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
146 AppFlagsIndex flagIndex = static_cast<AppFlagsIndex>(size);
147 (void)AppSpawnReqMsgSetAppFlag(reqHandle, flagIndex);
148 AppSpawnReqMsgFree(reqHandle);
149 return AppSpawnClientDestroy(handle);
150 }
151
FuzzAppSpawnReqMsgSetAppDacInfo(const uint8_t * data,size_t size)152 int FuzzAppSpawnReqMsgSetAppDacInfo(const uint8_t *data, size_t size)
153 {
154 const char *name = APPSPAWN_SERVER_NAME;
155 AppSpawnClientHandle handle = nullptr;
156 if (AppSpawnClientInit(name, &handle) != 0) {
157 return -1;
158 }
159 AppSpawnReqMsgHandle reqHandle = nullptr;
160 AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
161 std::string processName(reinterpret_cast<const char*>(data), size);
162 (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
163 AppDacInfo dacInfo = {};
164 (void)AppSpawnReqMsgSetAppDacInfo(reqHandle, &dacInfo);
165 AppSpawnReqMsgFree(reqHandle);
166 return AppSpawnClientDestroy(handle);
167 }
168
FuzzAppSpawnReqMsgSetAppDomainInfo(const uint8_t * data,size_t size)169 int FuzzAppSpawnReqMsgSetAppDomainInfo(const uint8_t *data, size_t size)
170 {
171 const char *name = APPSPAWN_SERVER_NAME;
172 AppSpawnClientHandle handle = nullptr;
173 if (AppSpawnClientInit(name, &handle) != 0) {
174 return -1;
175 }
176 AppSpawnReqMsgHandle reqHandle = nullptr;
177 AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
178 std::string processName(reinterpret_cast<const char*>(data), size);
179 (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
180 std::string apl(reinterpret_cast<const char*>(data), size);
181 uint32_t hapFlags = static_cast<uint32_t>(size);
182 (void)AppSpawnReqMsgSetAppDomainInfo(reqHandle, hapFlags, apl.c_str());
183 AppSpawnReqMsgFree(reqHandle);
184 return AppSpawnClientDestroy(handle);
185 }
186
FuzzAppSpawnReqMsgSetAppInternetPermissionInfo(const uint8_t * data,size_t size)187 int FuzzAppSpawnReqMsgSetAppInternetPermissionInfo(const uint8_t *data, size_t size)
188 {
189 const char *name = APPSPAWN_SERVER_NAME;
190 AppSpawnClientHandle handle = nullptr;
191 if (AppSpawnClientInit(name, &handle) != 0) {
192 return -1;
193 }
194 AppSpawnReqMsgHandle reqHandle = nullptr;
195 AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
196 std::string processName(reinterpret_cast<const char*>(data), size);
197 (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
198 uint8_t allow = static_cast<uint8_t>(size);
199 uint8_t setAllow = static_cast<uint8_t>(size);
200 (void)AppSpawnReqMsgSetAppInternetPermissionInfo(reqHandle, allow, setAllow);
201 AppSpawnReqMsgFree(reqHandle);
202 return AppSpawnClientDestroy(handle);
203 }
204
FuzzAppSpawnReqMsgSetAppAccessToken(const uint8_t * data,size_t size)205 int FuzzAppSpawnReqMsgSetAppAccessToken(const uint8_t *data, size_t size)
206 {
207 const char *name = APPSPAWN_SERVER_NAME;
208 AppSpawnClientHandle handle = nullptr;
209 if (AppSpawnClientInit(name, &handle) != 0) {
210 return -1;
211 }
212 AppSpawnReqMsgHandle reqHandle = nullptr;
213 AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
214 std::string processName(reinterpret_cast<const char*>(data), size);
215 (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
216 uint64_t accessTokenIdEx = static_cast<uint64_t>(size);
217 (void)AppSpawnReqMsgSetAppAccessToken(reqHandle, accessTokenIdEx);
218 AppSpawnReqMsgFree(reqHandle);
219 return AppSpawnClientDestroy(handle);
220 }
221
FuzzAppSpawnReqMsgSetAppOwnerId(const uint8_t * data,size_t size)222 int FuzzAppSpawnReqMsgSetAppOwnerId(const uint8_t *data, size_t size)
223 {
224 const char *name = APPSPAWN_SERVER_NAME;
225 AppSpawnClientHandle handle = nullptr;
226 if (AppSpawnClientInit(name, &handle) != 0) {
227 return -1;
228 }
229 AppSpawnReqMsgHandle reqHandle = nullptr;
230 AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
231 std::string processName(reinterpret_cast<const char*>(data), size);
232 (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
233 std::string ownerId(reinterpret_cast<const char*>(data), size);
234 (void)AppSpawnReqMsgSetAppOwnerId(reqHandle, ownerId.c_str());
235 AppSpawnReqMsgFree(reqHandle);
236 return AppSpawnClientDestroy(handle);
237 }
238
FuzzAppSpawnReqMsgAddPermission(const uint8_t * data,size_t size)239 int FuzzAppSpawnReqMsgAddPermission(const uint8_t *data, size_t size)
240 {
241 const char *name = APPSPAWN_SERVER_NAME;
242 AppSpawnClientHandle handle = nullptr;
243 if (AppSpawnClientInit(name, &handle) != 0) {
244 return -1;
245 }
246 AppSpawnReqMsgHandle reqHandle = nullptr;
247 AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
248 std::string processName(reinterpret_cast<const char*>(data), size);
249 (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
250 std::string permission(reinterpret_cast<const char*>(data), size);
251 (void)AppSpawnReqMsgAddPermission(reqHandle, permission.c_str());
252 AppSpawnReqMsgFree(reqHandle);
253 return AppSpawnClientDestroy(handle);
254 }
255
FuzzAppSpawnReqMsgAddExtInfo(const uint8_t * data,size_t size)256 int FuzzAppSpawnReqMsgAddExtInfo(const uint8_t *data, size_t size)
257 {
258 const char *name = APPSPAWN_SERVER_NAME;
259 AppSpawnClientHandle handle = nullptr;
260 if (AppSpawnClientInit(name, &handle) != 0) {
261 return -1;
262 }
263 AppSpawnReqMsgHandle reqHandle = nullptr;
264 AppSpawnMsgType msgType = static_cast<AppSpawnMsgType>(size);
265 std::string processName(reinterpret_cast<const char*>(data), size);
266 (void)AppSpawnReqMsgCreate(msgType, processName.c_str(), &reqHandle);
267 (void)AppSpawnReqMsgAddExtInfo(reqHandle, processName.c_str(), data, static_cast<uint32_t>(size));
268 AppSpawnReqMsgFree(reqHandle);
269 return AppSpawnClientDestroy(handle);
270 }
271
FuzzGetPermissionIndex(const uint8_t * data,size_t size)272 int FuzzGetPermissionIndex(const uint8_t *data, size_t size)
273 {
274 std::string permission(reinterpret_cast<const char*>(data), size);
275 return GetPermissionIndex(nullptr, permission.c_str());
276 }
277
FuzzGetMaxPermissionIndex(const uint8_t * data,size_t size)278 int FuzzGetMaxPermissionIndex(const uint8_t *data, size_t size)
279 {
280 return GetMaxPermissionIndex(nullptr);
281 }
282
FuzzGetPermissionByIndex(const uint8_t * data,size_t size)283 int FuzzGetPermissionByIndex(const uint8_t *data, size_t size)
284 {
285 int32_t index = static_cast<int32_t>(size);
286 if (GetPermissionByIndex(nullptr, index) == nullptr) {
287 return -1;
288 }
289 return 0;
290 }
291 }
292
293 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)294 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
295 {
296 /* Run your code on data */
297 OHOS::FuzzAppSpawnClientInit(data, size);
298 OHOS::FuzzAppSpawnClientDestroy(data, size);
299 OHOS::FuzzAppSpawnReqMsgCreate(data, size);
300 OHOS::FuzzAppSpawnTerminateMsgCreate(data, size);
301 OHOS::FuzzAppSpawnReqMsgFree(data, size);
302 OHOS::FuzzAppSpawnClientSendMsg(data, size);
303 OHOS::FuzzAppSpawnReqMsgSetBundleInfo(data, size);
304 OHOS::FuzzAppSpawnReqMsgSetAppFlag(data, size);
305 OHOS::FuzzAppSpawnReqMsgSetAppDacInfo(data, size);
306 OHOS::FuzzAppSpawnReqMsgSetAppDomainInfo(data, size);
307 OHOS::FuzzAppSpawnReqMsgSetAppInternetPermissionInfo(data, size);
308 OHOS::FuzzAppSpawnReqMsgSetAppAccessToken(data, size);
309 OHOS::FuzzAppSpawnReqMsgSetAppOwnerId(data, size);
310 OHOS::FuzzAppSpawnReqMsgAddPermission(data, size);
311 OHOS::FuzzAppSpawnReqMsgAddExtInfo(data, size);
312 OHOS::FuzzAppSpawnReqMsgAddStringInfo(data, size);
313 OHOS::FuzzGetPermissionIndex(data, size);
314 OHOS::FuzzGetMaxPermissionIndex(data, size);
315 OHOS::FuzzGetPermissionByIndex(data, size);
316 return 0;
317 }
318