1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "backupsaappend_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <cstring>
21 #include <climits>
22 #include <vector>
23
24 #include "message_parcel.h"
25 #include "service.h"
26 #include "service_proxy.h"
27 #include "service_reverse.h"
28 #include "service_stub.h"
29 #include "securec.h"
30 #include "system_ability.h"
31
32 using namespace std;
33 using namespace OHOS::FileManagement::Backup;
34
35 namespace OHOS {
36 constexpr int32_t SERVICE_ID = 5203;
37
CmdInitRestoreSessionFuzzTest(const uint8_t * data,size_t size)38 bool CmdInitRestoreSessionFuzzTest(const uint8_t *data, size_t size)
39 {
40 MessageParcel datas;
41 datas.WriteInterfaceToken(ServiceStub::GetDescriptor());
42 datas.WriteBuffer(data, size);
43 datas.RewindRead(0);
44 MessageParcel reply;
45 MessageOption option;
46
47 sptr service(new Service(SERVICE_ID));
48 service->OnRemoteRequest(static_cast<uint32_t>(IServiceInterfaceCode::SERVICE_CMD_INIT_RESTORE_SESSION),
49 datas, reply, option);
50 service = nullptr;
51 return true;
52 }
53
CmdInitBackupSessionFuzzTest(const uint8_t * data,size_t size)54 bool CmdInitBackupSessionFuzzTest(const uint8_t *data, size_t size)
55 {
56 MessageParcel datas;
57 datas.WriteInterfaceToken(ServiceStub::GetDescriptor());
58 datas.WriteBuffer(data, size);
59 datas.RewindRead(0);
60 MessageParcel reply;
61 MessageOption option;
62
63 sptr service(new Service(SERVICE_ID));
64 service->OnRemoteRequest(static_cast<uint32_t>(IServiceInterfaceCode::SERVICE_CMD_INIT_BACKUP_SESSION),
65 datas, reply, option);
66 service = nullptr;
67 return true;
68 }
69
CmdPublishFileFuzzTest(const uint8_t * data,size_t size)70 bool CmdPublishFileFuzzTest(const uint8_t *data, size_t size)
71 {
72 MessageParcel datas;
73 datas.WriteInterfaceToken(ServiceStub::GetDescriptor());
74 if (size > 0) {
75 int pos = (size + 1) >> 1;
76 std::string fileName(reinterpret_cast<const char *>(data), pos);
77 std::string bundleName(reinterpret_cast<const char *>(data) + pos, size - pos);
78 uint32_t sn = 0;
79 if (size > sizeof(uint32_t)) {
80 sn = *(reinterpret_cast<const uint32_t *>(data));
81 }
82 BFileInfo fileInfo(fileName, bundleName, sn);
83 datas.WriteParcelable(&fileInfo);
84 }
85 datas.RewindRead(0);
86 MessageParcel reply;
87 MessageOption option;
88
89 sptr service(new Service(SERVICE_ID));
90 service->OnRemoteRequest(static_cast<uint32_t>(IServiceInterfaceCode::SERVICE_CMD_PUBLISH_FILE),
91 datas, reply, option);
92 service = nullptr;
93 return true;
94 }
95
CmdGetLocalCapabilitiesFuzzTest(const uint8_t * data,size_t size)96 bool CmdGetLocalCapabilitiesFuzzTest(const uint8_t *data, size_t size)
97 {
98 MessageParcel datas;
99 datas.WriteInterfaceToken(ServiceStub::GetDescriptor());
100 datas.WriteBuffer(data, size);
101 datas.RewindRead(0);
102 MessageParcel reply;
103 MessageOption option;
104
105 sptr service(new Service(SERVICE_ID));
106 uint32_t code = static_cast<uint32_t>(IServiceInterfaceCode::SERVICE_CMD_GET_LOCAL_CAPABILITIES);
107 service->OnRemoteRequest(code, datas, reply, option);
108 service = nullptr;
109 return true;
110 }
111
CmdAppFileReadyFuzzTest(const uint8_t * data,size_t size)112 bool CmdAppFileReadyFuzzTest(const uint8_t *data, size_t size)
113 {
114 MessageParcel datas;
115 datas.WriteInterfaceToken(ServiceStub::GetDescriptor());
116 std::string fileName(reinterpret_cast<const char *>(data), size);
117 datas.WriteString(fileName);
118
119 int fd = -1;
120 if (size >= sizeof(int)) {
121 fd = *(reinterpret_cast<const int *>(data));
122 }
123 datas.WriteFileDescriptor(UniqueFd(fd));
124
125 datas.RewindRead(0);
126 MessageParcel reply;
127 MessageOption option;
128
129 sptr service(new Service(SERVICE_ID));
130 uint32_t code = static_cast<uint32_t>(IServiceInterfaceCode::SERVICE_CMD_APP_FILE_READY);
131 service->OnRemoteRequest(code, datas, reply, option);
132 service = nullptr;
133 return true;
134 }
135
CmdAppDoneFuzzTest(const uint8_t * data,size_t size)136 bool CmdAppDoneFuzzTest(const uint8_t *data, size_t size)
137 {
138 MessageParcel datas;
139 datas.WriteInterfaceToken(ServiceStub::GetDescriptor());
140 if (size >= sizeof(bool)) {
141 datas.WriteBool(*(reinterpret_cast<const bool *>(data)));
142 }
143 datas.RewindRead(0);
144 MessageParcel reply;
145 MessageOption option;
146
147 sptr service(new Service(SERVICE_ID));
148 service->OnRemoteRequest(static_cast<uint32_t>(IServiceInterfaceCode::SERVICE_CMD_APP_DONE),
149 datas, reply, option);
150 service = nullptr;
151 return true;
152 }
153
CmdStartFuzzTest(const uint8_t * data,size_t size)154 bool CmdStartFuzzTest(const uint8_t *data, size_t size)
155 {
156 MessageParcel datas;
157 datas.WriteInterfaceToken(ServiceStub::GetDescriptor());
158 datas.WriteBuffer(data, size);
159 datas.RewindRead(0);
160 MessageParcel reply;
161 MessageOption option;
162
163 sptr service(new Service(SERVICE_ID));
164 service->OnRemoteRequest(static_cast<uint32_t>(IServiceInterfaceCode::SERVICE_CMD_START),
165 datas, reply, option);
166 service = nullptr;
167 return true;
168 }
169
CmdFinishFuzzTest(const uint8_t * data,size_t size)170 bool CmdFinishFuzzTest(const uint8_t *data, size_t size)
171 {
172 MessageParcel datas;
173 datas.WriteInterfaceToken(ServiceStub::GetDescriptor());
174 datas.WriteBuffer(data, size);
175 datas.RewindRead(0);
176 MessageParcel reply;
177 MessageOption option;
178
179 sptr service(new Service(SERVICE_ID));
180 service->OnRemoteRequest(static_cast<uint32_t>(IServiceInterfaceCode::SERVICE_CMD_FINISH),
181 datas, reply, option);
182 service = nullptr;
183 return true;
184 }
185
CmdAppendBundlesRestoreSessionFuzzTest(const uint8_t * data,size_t size)186 bool CmdAppendBundlesRestoreSessionFuzzTest(const uint8_t *data, size_t size)
187 {
188 MessageParcel datas;
189 datas.WriteInterfaceToken(ServiceStub::GetDescriptor());
190
191 size_t len = sizeof(int);
192 if (size >= len) {
193 int fd = *(reinterpret_cast<const int *>(data));
194 datas.WriteFileDescriptor(UniqueFd(fd));
195 }
196
197 if (size > 0) {
198 vector<string> bundleNames;
199 for (size_t i = 0; i < size; i++) {
200 string param(reinterpret_cast<const char*>(data), size);
201 string name = param + to_string(i);
202 bundleNames.push_back(name);
203 }
204 datas.WriteStringVector(bundleNames);
205 }
206
207 if (size >= len + sizeof(int32_t)) {
208 int32_t type = static_cast<int32_t>(*(reinterpret_cast<const int32_t *>(data + len)));
209 datas.WriteInt32(type);
210 len += sizeof(int32_t);
211 }
212
213 if (size >= len + sizeof(int32_t)) {
214 int32_t userId = static_cast<int32_t>(*(reinterpret_cast<const int32_t *>(data + len)));
215 datas.WriteInt32(userId);
216 }
217 datas.RewindRead(0);
218 MessageParcel reply;
219 MessageOption option;
220
221 sptr service(new Service(SERVICE_ID));
222 service->OnRemoteRequest(static_cast<uint32_t>(IServiceInterfaceCode::SERVICE_CMD_APPEND_BUNDLES_RESTORE_SESSION),
223 datas, reply, option);
224 service = nullptr;
225 return true;
226 }
227 } // namespace OHOS
228
229 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)230 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
231 {
232 /* Run your code on data */
233 if (data == nullptr) {
234 return 0;
235 }
236
237 OHOS::CmdInitRestoreSessionFuzzTest(data, size);
238 OHOS::CmdInitBackupSessionFuzzTest(data, size);
239 OHOS::CmdPublishFileFuzzTest(data, size);
240 OHOS::CmdGetLocalCapabilitiesFuzzTest(data, size);
241 OHOS::CmdAppFileReadyFuzzTest(data, size);
242 OHOS::CmdAppDoneFuzzTest(data, size);
243 OHOS::CmdStartFuzzTest(data, size);
244 OHOS::CmdFinishFuzzTest(data, size);
245 OHOS::CmdAppendBundlesRestoreSessionFuzzTest(data, size);
246 return 0;
247 }