1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <cstddef>
17 #include <cstdint>
18 #include <string>
19 #include <unistd.h>
20
21 #include "device_manager.h"
22 #include "device_manager_callback.h"
23 #include "device_manager_impl.h"
24 #include "accesstoken_kit.h"
25 #include "authenticate_device_fuzzer.h"
26 #include "nativetoken_kit.h"
27 #include "token_setproc.h"
28
29 namespace OHOS {
30 namespace DistributedHardware {
31 class AuthenticateCallbackTest : public AuthenticateCallback {
32 public:
~AuthenticateCallbackTest()33 virtual ~AuthenticateCallbackTest() {}
OnAuthResult(const std::string & deviceId,const std::string & token,int32_t status,int32_t reason)34 void OnAuthResult(const std::string &deviceId, const std::string &token, int32_t status,
35 int32_t reason) override {}
36 };
37
38 class DmInitCallbackTest : public DmInitCallback {
39 public:
DmInitCallbackTest()40 DmInitCallbackTest() : DmInitCallback() {}
~DmInitCallbackTest()41 virtual ~DmInitCallbackTest() {}
OnRemoteDied()42 void OnRemoteDied() override {}
43 };
44
45 class DeviceStateCallbackTest : public DeviceStateCallback {
46 public:
DeviceStateCallbackTest()47 DeviceStateCallbackTest() : DeviceStateCallback() {}
~DeviceStateCallbackTest()48 virtual ~DeviceStateCallbackTest() {}
OnDeviceOnline(const DmDeviceInfo & deviceInfo)49 void OnDeviceOnline(const DmDeviceInfo &deviceInfo) override {}
OnDeviceReady(const DmDeviceInfo & deviceInfo)50 void OnDeviceReady(const DmDeviceInfo &deviceInfo) override {}
OnDeviceOffline(const DmDeviceInfo & deviceInfo)51 void OnDeviceOffline(const DmDeviceInfo &deviceInfo) override {}
OnDeviceChanged(const DmDeviceInfo & deviceInfo)52 void OnDeviceChanged(const DmDeviceInfo &deviceInfo) override {}
53 };
54
55 class DeviceStatusCallbackTest : public DeviceStatusCallback {
56 public:
~DeviceStatusCallbackTest()57 virtual ~DeviceStatusCallbackTest() { }
OnDeviceOnline(const DmDeviceBasicInfo & deviceBasicInfo)58 void OnDeviceOnline(const DmDeviceBasicInfo &deviceBasicInfo) override {}
OnDeviceOffline(const DmDeviceBasicInfo & deviceBasicInfo)59 void OnDeviceOffline(const DmDeviceBasicInfo &deviceBasicInfo) override {}
OnDeviceChanged(const DmDeviceBasicInfo & deviceBasicInfo)60 void OnDeviceChanged(const DmDeviceBasicInfo &deviceBasicInfo) override {}
OnDeviceReady(const DmDeviceBasicInfo & deviceBasicInfo)61 void OnDeviceReady(const DmDeviceBasicInfo &deviceBasicInfo) override {}
62 };
63
64 class DeviceDiscoveryCallbackTest : public DiscoveryCallback {
65 public:
DeviceDiscoveryCallbackTest()66 DeviceDiscoveryCallbackTest() : DiscoveryCallback() {}
~DeviceDiscoveryCallbackTest()67 virtual ~DeviceDiscoveryCallbackTest() {}
OnDiscoverySuccess(uint16_t subscribeId)68 void OnDiscoverySuccess(uint16_t subscribeId) override {}
OnDiscoveryFailed(uint16_t subscribeId,int32_t failedReason)69 void OnDiscoveryFailed(uint16_t subscribeId, int32_t failedReason) override {}
OnDeviceFound(uint16_t subscribeId,const DmDeviceInfo & deviceInfo)70 void OnDeviceFound(uint16_t subscribeId, const DmDeviceInfo &deviceInfo) override {}
OnDeviceFound(uint16_t subscribeId,const DmDeviceBasicInfo & deviceBasicInfo)71 void OnDeviceFound(uint16_t subscribeId, const DmDeviceBasicInfo &deviceBasicInfo) override{}
72 };
73
74 class DevicePublishCallbackTest : public PublishCallback {
75 public:
DevicePublishCallbackTest()76 DevicePublishCallbackTest() : PublishCallback() {}
~DevicePublishCallbackTest()77 virtual ~DevicePublishCallbackTest() {}
OnPublishResult(int32_t publishId,int32_t failedReason)78 void OnPublishResult(int32_t publishId, int32_t failedReason) override {}
79 };
80
81 class DeviceManagerUiCallbackTest : public DeviceManagerUiCallback {
82 public:
~DeviceManagerUiCallbackTest()83 virtual ~DeviceManagerUiCallbackTest() {}
OnCall(const std::string & paramJson)84 void OnCall(const std::string ¶mJson) override {}
85 };
86
87 std::string g_returnStr;
88 std::string g_reqJsonStr = R"(
89 {
90 "userId":"4269DC28B639681698809A67EDAD08E39F207900038F91EFF95DD042FE2874E4"
91 }
92 )";
93
94 std::string g_credentialInfo = R"(
95 {
96 "processType" : 1,
97 "g_authType" : 1,
98 "userId" : "123",
99 "credentialData" :
100 [
101 {
102 "credentialType" : 1,
103 "credentialId" : "104",
104 "authCode" : "1234567812345678123456781234567812345678123456781234567812345678",
105 "serverPk" : "",
106 "pkInfoSignature" : "",
107 "pkInfo" : "",
108 "peerDeviceId" : ""
109 }
110 ]
111 }
112 )";
113
114 std::string g_deleteInfo = R"(
115 {
116 "processType" : 1,
117 "g_authType" : 1,
118 "userId" : "123"
119 }
120 )";
121
122 DmDeviceInfo g_deviceInfo = {
123 .deviceId = "123456789101112131415",
124 .deviceName = "deviceName",
125 .deviceTypeId = 1
126 };
127
128 DmSubscribeInfo g_subscribeInfo = {
129 .subscribeId = 0,
130 .mode = DmDiscoverMode::DM_DISCOVER_MODE_ACTIVE,
131 .medium = DmExchangeMedium::DM_AUTO,
132 .freq = DmExchangeFreq::DM_MID,
133 .isSameAccount = true,
134 .isWakeRemote = true,
135 };
136
137 DmPublishInfo g_publishInfo = {
138 .publishId = 1234,
139 .mode = DmDiscoverMode::DM_DISCOVER_MODE_ACTIVE,
140 .freq = DmExchangeFreq::DM_MID,
141 .ranging = true,
142 };
143
144 PeerTargetId g_targetId = {
145 .deviceId = "deviceId",
146 .brMac = "brMac",
147 .bleMac = "bleMac",
148 .wifiIp = "wifiIp",
149 };
150
151 DmDeviceInfo g_getDeviceInfo;
152 DmPinType g_pinType = DmPinType::SUPER_SONIC;
153
154 uint64_t g_tokenId = 1;
155 int32_t g_authType = -1;
156 int32_t g_action = 2;
157 int32_t g_eventId = 1;
158 int32_t g_bindType = 1;
159 int32_t g_securityLevel = 1;
160 int64_t g_accessControlId = 1;
161
162 bool g_isRefresh = false;
163
164 std::vector<DmDeviceInfo> g_deviceList;
165 std::vector<DmDeviceBasicInfo> g_deviceBasic;
166
167 std::shared_ptr<DmInitCallback> g_initcallback = std::make_shared<DmInitCallbackTest>();
168 std::shared_ptr<DeviceStateCallback> g_stateCallback = std::make_shared<DeviceStateCallbackTest>();
169 std::shared_ptr<AuthenticateCallback> g_callbackk = std::make_shared<AuthenticateCallbackTest>();
170 std::shared_ptr<DeviceStatusCallback> g_statusCallback = std::make_shared<DeviceStatusCallbackTest>();
171 std::shared_ptr<DiscoveryCallback> g_discoveryCallback = std::make_shared<DeviceDiscoveryCallbackTest>();
172 std::shared_ptr<PublishCallback> g_publishCallback = std::make_shared<DevicePublishCallbackTest>();
173 std::shared_ptr<DeviceManagerUiCallback> g_Uicallback = std::make_shared<DeviceManagerUiCallbackTest>();
174
AddPermission()175 void AddPermission()
176 {
177 const int32_t permsNum = 3;
178 const int32_t indexZero = 0;
179 const int32_t indexOne = 1;
180 const int32_t indexTwo = 2;
181 uint64_t tokenId;
182 const char *perms[permsNum];
183 perms[indexZero] = "ohos.permission.ACCESS_SERVICE_DM";
184 perms[indexOne] = "ohos.permission.DISTRIBUTED_DATASYNC";
185 perms[indexTwo] = "ohos.permission.DISTRIBUTED_SOFTBUS_CENTER";
186 NativeTokenInfoParams infoInstance = {
187 .dcapsNum = 0,
188 .permsNum = permsNum,
189 .aclsNum = 0,
190 .dcaps = NULL,
191 .perms = perms,
192 .acls = NULL,
193 .processName = "device_manager",
194 .aplStr = "system_core",
195 };
196 tokenId = GetAccessTokenId(&infoInstance);
197 SetSelfTokenID(tokenId);
198 OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
199 }
200
AuthenticateDeviceFirstFuzzTest(const uint8_t * data,size_t size)201 void AuthenticateDeviceFirstFuzzTest(const uint8_t* data, size_t size)
202 {
203 if ((data == nullptr) || (size == 0)) {
204 return;
205 }
206 AddPermission();
207 std::string str(reinterpret_cast<const char*>(data), size);
208
209 DeviceManagerImpl::GetInstance().ipcClientProxy_ =
210 std::make_shared<IpcClientProxy>(std::make_shared<IpcClientManager>());
211
212 DeviceManager::GetInstance().InitDeviceManager(str, g_initcallback);
213 DeviceManager::GetInstance().RegisterDevStateCallback(str, str, g_stateCallback);
214 DeviceManager::GetInstance().RegisterDevStatusCallback(str, str, g_statusCallback);
215 DeviceManager::GetInstance().RegisterDeviceManagerFaCallback(str, g_Uicallback);
216 DeviceManager::GetInstance().AuthenticateDevice(str, g_authType, g_deviceInfo, str, g_callbackk);
217 DeviceManager::GetInstance().UnAuthenticateDevice(str, g_deviceInfo);
218 DeviceManager::GetInstance().StartDeviceDiscovery(str, g_subscribeInfo, str, g_discoveryCallback);
219 DeviceManager::GetInstance().StopDeviceDiscovery(str, g_subscribeInfo.subscribeId);
220 DeviceManager::GetInstance().StartDeviceDiscovery(str, g_tokenId, str, g_discoveryCallback);
221 DeviceManager::GetInstance().StopDeviceDiscovery(g_tokenId, str);
222 DeviceManager::GetInstance().PublishDeviceDiscovery(str, g_publishInfo, g_publishCallback);
223 DeviceManager::GetInstance().UnPublishDeviceDiscovery(str, g_publishInfo.publishId);
224 DeviceManager::GetInstance().UnInitDeviceManager(str);
225 }
226
AuthenticateDeviceSecondFuzzTest(const uint8_t * data,size_t size)227 void AuthenticateDeviceSecondFuzzTest(const uint8_t* data, size_t size)
228 {
229 if ((data == nullptr) || (size == 0)) {
230 return;
231 }
232 AddPermission();
233 std::string str(reinterpret_cast<const char*>(data), size);
234
235 DeviceManagerImpl::GetInstance().ipcClientProxy_ =
236 std::make_shared<IpcClientProxy>(std::make_shared<IpcClientManager>());
237
238 DeviceManager::GetInstance().GetTrustedDeviceList(str, str, g_deviceList);
239 DeviceManager::GetInstance().GetTrustedDeviceList(str, str, g_isRefresh, g_deviceList);
240 DeviceManager::GetInstance().GetAvailableDeviceList(str, g_deviceBasic);
241 DeviceManager::GetInstance().GetDeviceInfo(str, str, g_getDeviceInfo);
242 DeviceManager::GetInstance().GetLocalDeviceInfo(str, g_getDeviceInfo);
243 DeviceManager::GetInstance().GetUdidByNetworkId(str, str, g_returnStr);
244 DeviceManager::GetInstance().GetUuidByNetworkId(str, str, g_returnStr);
245 DeviceManager::GetInstance().DpAclAdd(g_accessControlId, str, g_bindType);
246 DeviceManager::GetInstance().CreatePinHolder(str, g_targetId, g_pinType, str);
247 DeviceManager::GetInstance().DestroyPinHolder(str, g_targetId, g_pinType, str);
248 DeviceManager::GetInstance().CheckAccessToTarget(g_tokenId, str);
249 DeviceManager::GetInstance().IsSameAccount(str);
250 }
251
AuthenticateDeviceThirdFuzzTest(const uint8_t * data,size_t size)252 void AuthenticateDeviceThirdFuzzTest(const uint8_t* data, size_t size)
253 {
254 if ((data == nullptr) || (size == 0)) {
255 return;
256 }
257 AddPermission();
258 std::string str(reinterpret_cast<const char*>(data), size);
259
260 DeviceManagerImpl::GetInstance().ipcClientProxy_ =
261 std::make_shared<IpcClientProxy>(std::make_shared<IpcClientManager>());
262
263 DeviceManager::GetInstance().SetUserOperation(str, g_action, str);
264 DeviceManager::GetInstance().RequestCredential(str, g_returnStr);
265 DeviceManager::GetInstance().RequestCredential(str, g_reqJsonStr, g_returnStr);
266 DeviceManager::GetInstance().ImportCredential(str, g_credentialInfo);
267 DeviceManager::GetInstance().DeleteCredential(str, g_deleteInfo);
268 DeviceManager::GetInstance().CheckCredential(str, g_reqJsonStr, g_returnStr);
269 DeviceManager::GetInstance().ImportCredential(str, g_reqJsonStr, g_returnStr);
270 DeviceManager::GetInstance().DeleteCredential(str, g_reqJsonStr, g_returnStr);
271 DeviceManager::GetInstance().NotifyEvent(str, g_eventId, str);
272 DeviceManager::GetInstance().BindDevice(str, g_authType, str, str, g_callbackk);
273 DeviceManager::GetInstance().UnBindDevice(str, g_deviceInfo.deviceId);
274 DeviceManager::GetInstance().UnRegisterDeviceManagerFaCallback(str);
275 DeviceManager::GetInstance().UnRegisterDevStateCallback(str);
276 DeviceManager::GetInstance().UnRegisterDevStatusCallback(str);
277 }
278
AuthenticateDeviceFourthFuzzTest(const uint8_t * data,size_t size)279 void AuthenticateDeviceFourthFuzzTest(const uint8_t* data, size_t size)
280 {
281 if ((data == nullptr) || (size == 0)) {
282 return;
283 }
284 AddPermission();
285 std::string str(reinterpret_cast<const char*>(data), size);
286
287 DeviceManagerImpl::GetInstance().ipcClientProxy_ =
288 std::make_shared<IpcClientProxy>(std::make_shared<IpcClientManager>());
289 std::string emptyStr = "";
290 DmDeviceInfo info;
291 DmDeviceBasicInfo deviceBasicInfo;
292 int32_t indexTwo = 2;
293 int32_t numOne = 1;
294 int32_t numOneTwoTimes = 11;
295 int32_t numOneThreeTimes = 111;
296 int32_t numOneSixTimes = 111111;
297
298 DeviceManagerImpl::GetInstance().ConvertDeviceInfoToDeviceBasicInfo(info, deviceBasicInfo);
299 DeviceManagerImpl::GetInstance().GetTrustedDeviceList(emptyStr, emptyStr, g_deviceList);
300 DeviceManagerImpl::GetInstance().GetTrustedDeviceList(emptyStr, emptyStr, false, g_deviceList);
301 DeviceManagerImpl::GetInstance().GetDeviceInfo(emptyStr, emptyStr, info);
302 DeviceManagerImpl::GetInstance().RegisterDevStatusCallback(emptyStr, emptyStr, nullptr);
303 DeviceManagerImpl::GetInstance().UnRegisterDevStateCallback(emptyStr);
304 DeviceManagerImpl::GetInstance().UnRegisterDevStatusCallback(emptyStr);
305 DeviceManagerImpl::GetInstance().StartDeviceDiscovery(emptyStr, g_subscribeInfo, emptyStr, nullptr);
306 DeviceManagerImpl::GetInstance().StartDeviceDiscovery(emptyStr, numOneSixTimes, emptyStr, nullptr);
307 DeviceManagerImpl::GetInstance().StopDeviceDiscovery(emptyStr, numOneTwoTimes);
308 DeviceManagerImpl::GetInstance().StopDeviceDiscovery(numOneThreeTimes, "");
309 DeviceManagerImpl::GetInstance().PublishDeviceDiscovery(emptyStr, g_publishInfo, nullptr);
310 DeviceManagerImpl::GetInstance().UnPublishDeviceDiscovery(emptyStr, numOneTwoTimes);
311 DeviceManagerImpl::GetInstance().AuthenticateDevice(emptyStr, numOne, info, emptyStr, nullptr);
312 DeviceManagerImpl::GetInstance().RegisterDeviceManagerFaCallback(emptyStr, nullptr);
313 DeviceManagerImpl::GetInstance().UnRegisterDeviceManagerFaCallback(emptyStr);
314 DeviceManagerImpl::GetInstance().VerifyAuthentication(emptyStr, emptyStr, nullptr);
315 PeerTargetId targetId;
316 std::map<std::string, std::string> discoverParam;
317 DeviceManagerImpl::GetInstance().BindTarget(emptyStr, targetId, discoverParam, nullptr);
318 DeviceManagerImpl::GetInstance().UnbindTarget(emptyStr, targetId, discoverParam, nullptr);
319 DeviceManagerImpl::GetInstance().GetTrustedDeviceList(emptyStr, discoverParam, false, g_deviceList);
320 DeviceManagerImpl::GetInstance().RegisterDevStateCallback(emptyStr, discoverParam, nullptr);
321 DeviceManagerImpl::GetInstance().AddDiscoveryCallback("test", nullptr);
322 DeviceManagerImpl::GetInstance().RemoveDiscoveryCallback("test");
323 DeviceManagerImpl::GetInstance().AddPublishCallback("test");
324 DeviceManagerImpl::GetInstance().RemovePublishCallback("test");
325 DeviceManagerImpl::GetInstance().RegisterPinHolderCallback(emptyStr, nullptr);
326 DeviceManagerImpl::GetInstance().GetDeviceSecurityLevel(emptyStr, emptyStr, indexTwo);
327 DeviceManagerImpl::GetInstance().IsSameAccount(emptyStr);
328 }
329
AuthenticateDeviceFifthFuzzTest(const uint8_t * data,size_t size)330 void AuthenticateDeviceFifthFuzzTest(const uint8_t* data, size_t size)
331 {
332 if ((data == nullptr) || (size == 0)) {
333 return;
334 }
335 AddPermission();
336 std::string str(reinterpret_cast<const char*>(data), size);
337
338 DeviceManagerImpl::GetInstance().ipcClientProxy_ =
339 std::make_shared<IpcClientProxy>(std::make_shared<IpcClientManager>());
340 std::string emptyStr = "";
341 DmDeviceInfo info;
342 DmDeviceBasicInfo deviceBasicInfo;
343 int32_t indexTwo = 2;
344 DmAuthParam dmFaParam;
345 DeviceManagerImpl::GetInstance().GetFaParam(emptyStr, dmFaParam);
346 DeviceManagerImpl::GetInstance().SetUserOperation(emptyStr, 1, emptyStr);
347 DeviceManagerImpl::GetInstance().GetUdidByNetworkId(emptyStr, emptyStr, g_returnStr);
348 DeviceManagerImpl::GetInstance().GetUuidByNetworkId(emptyStr, emptyStr, g_returnStr);
349 DeviceManagerImpl::GetInstance().RegisterDevStateCallback(emptyStr, emptyStr);
350 DeviceManagerImpl::GetInstance().UnRegisterDevStateCallback(emptyStr, emptyStr);
351 DeviceManagerImpl::GetInstance().RegisterUiStateCallback(emptyStr);
352 DeviceManagerImpl::GetInstance().UnRegisterUiStateCallback(emptyStr);
353 DeviceManagerImpl::GetInstance().RequestCredential(emptyStr, g_reqJsonStr, g_returnStr);
354 DeviceManagerImpl::GetInstance().ImportCredential(emptyStr, emptyStr);
355 DeviceManagerImpl::GetInstance().DeleteCredential(emptyStr, emptyStr);
356 DeviceManagerImpl::GetInstance().RegisterCredentialCallback(emptyStr, nullptr);
357 DeviceManagerImpl::GetInstance().UnRegisterCredentialCallback(emptyStr);
358 DeviceManagerImpl::GetInstance().NotifyEvent(emptyStr, 1, emptyStr);
359 DeviceManagerImpl::GetInstance().RequestCredential(emptyStr, g_returnStr);
360 DeviceManagerImpl::GetInstance().CheckCredential(emptyStr, g_reqJsonStr, g_returnStr);
361 DeviceManagerImpl::GetInstance().GetEncryptedUuidByNetworkId(emptyStr, emptyStr, g_returnStr);
362 DeviceManagerImpl::GetInstance().GenerateEncryptedUuid(emptyStr, emptyStr, emptyStr, g_returnStr);
363 DeviceManagerImpl::GetInstance().BindDevice(emptyStr, 1, emptyStr, emptyStr, nullptr);
364 DeviceManagerImpl::GetInstance().UnBindDevice(emptyStr, emptyStr);
365 DeviceManagerImpl::GetInstance().GetNetworkTypeByNetworkId(emptyStr, emptyStr, indexTwo);
366 DeviceManagerImpl::GetInstance().ImportAuthCode(emptyStr, emptyStr);
367 DeviceManagerImpl::GetInstance().ExportAuthCode(g_returnStr);
368 std::map<std::string, std::string> discoverParam;
369 DeviceManagerImpl::GetInstance().StartDiscovering(emptyStr, discoverParam, discoverParam, nullptr);
370 DeviceManagerImpl::GetInstance().StopDiscovering(emptyStr, discoverParam);
371 DeviceManagerImpl::GetInstance().RegisterDiscoveryCallback(emptyStr, discoverParam, discoverParam, nullptr);
372 DeviceManagerImpl::GetInstance().UnRegisterDiscoveryCallback(emptyStr);
373 DeviceManagerImpl::GetInstance().StartAdvertising(emptyStr, discoverParam, nullptr);
374 DeviceManagerImpl::GetInstance().StopAdvertising(emptyStr, discoverParam);
375 DeviceManagerImpl::GetInstance().SetDnPolicy(emptyStr, discoverParam);
376 DeviceManagerImpl::GetInstance().RegisterDeviceScreenStatusCallback(emptyStr, nullptr);
377 DeviceManagerImpl::GetInstance().UnRegisterDeviceScreenStatusCallback(emptyStr);
378 DeviceManagerImpl::GetInstance().GetDeviceScreenStatus(emptyStr, emptyStr, indexTwo);
379 }
380 }
381 }
382
383 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)384 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
385 {
386 /* Run your code on data */
387 OHOS::DistributedHardware::AuthenticateDeviceFirstFuzzTest(data, size);
388 OHOS::DistributedHardware::AuthenticateDeviceSecondFuzzTest(data, size);
389 OHOS::DistributedHardware::AuthenticateDeviceThirdFuzzTest(data, size);
390 OHOS::DistributedHardware::AuthenticateDeviceFourthFuzzTest(data, size);
391 OHOS::DistributedHardware::AuthenticateDeviceFifthFuzzTest(data, size);
392 return 0;
393 }
394