1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "formmgrstub_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20
21 #define private public
22 #define protected public
23 #include "form_mgr_stub.h"
24 #undef private
25 #undef protected
26 #include "message_parcel.h"
27 #include "securec.h"
28
29 using namespace OHOS::AppExecFwk;
30
31 namespace OHOS {
32 constexpr size_t FOO_MAX_LEN = 1024;
33 constexpr size_t U32_AT_SIZE = 4;
34 constexpr size_t MESSAGE_BASE = 3001;
35 constexpr size_t MESSAGE_MAX = 3077;
36 constexpr size_t MESSAGE_RANGE = 77;
37 const std::u16string FORMMGR_INTERFACE_TOKEN = u"ohos.appexecfwk.FormMgr";
38
39 class FormMgrStubFuzzTest : public FormMgrStub {
40 public:
41 FormMgrStubFuzzTest() = default;
42 virtual ~FormMgrStubFuzzTest() = default;
AddForm(const int64_t formId,const Want & want,const sptr<IRemoteObject> & callerToken,FormJsInfo & formInfo)43 int AddForm(const int64_t formId, const Want &want,
44 const sptr<IRemoteObject> &callerToken, FormJsInfo &formInfo) override
45 {
46 return 0;
47 }
DeleteForm(const int64_t formId,const sptr<IRemoteObject> & callerToken)48 int DeleteForm(const int64_t formId, const sptr<IRemoteObject> &callerToken) override
49 {
50 return 0;
51 }
ReleaseForm(const int64_t formId,const sptr<IRemoteObject> & callerToken,const bool delCache)52 int ReleaseForm(const int64_t formId, const sptr<IRemoteObject> &callerToken, const bool delCache) override
53 {
54 return 0;
55 }
UpdateForm(const int64_t formId,const FormProviderData & formProviderData)56 int UpdateForm(const int64_t formId, const FormProviderData &formProviderData) override
57 {
58 return 0;
59 }
SetNextRefreshTime(const int64_t formId,const int64_t nextTime)60 int SetNextRefreshTime(const int64_t formId, const int64_t nextTime) override
61 {
62 return 0;
63 }
RequestPublishForm(Want & want,bool withFormBindingData,std::unique_ptr<FormProviderData> & formBindingData,int64_t & formId)64 ErrCode RequestPublishForm(Want &want, bool withFormBindingData,
65 std::unique_ptr<FormProviderData> &formBindingData, int64_t &formId) override
66 {
67 return 0;
68 }
LifecycleUpdate(const std::vector<int64_t> & formIds,const sptr<IRemoteObject> & callerToken,bool updateType)69 int LifecycleUpdate(const std::vector<int64_t> &formIds,
70 const sptr<IRemoteObject> &callerToken, bool updateType) override
71 {
72 return 0;
73 }
RequestForm(const int64_t formId,const sptr<IRemoteObject> & callerToken,const Want & want)74 int RequestForm(const int64_t formId, const sptr<IRemoteObject> &callerToken, const Want &want) override
75 {
76 return 0;
77 }
NotifyWhetherVisibleForms(const std::vector<int64_t> & formIds,const sptr<IRemoteObject> & callerToken,const int32_t formVisibleType)78 int NotifyWhetherVisibleForms(const std::vector<int64_t> &formIds,
79 const sptr<IRemoteObject> &callerToken, const int32_t formVisibleType) override
80 {
81 return 0;
82 }
HasFormVisible(const uint32_t tokenId)83 bool HasFormVisible(const uint32_t tokenId) override
84 {
85 return false;
86 }
CastTempForm(const int64_t formId,const sptr<IRemoteObject> & callerToken)87 int CastTempForm(const int64_t formId, const sptr<IRemoteObject> &callerToken) override
88 {
89 return 0;
90 }
DumpStorageFormInfos(std::string & formInfos)91 int DumpStorageFormInfos(std::string &formInfos) override
92 {
93 return 0;
94 }
DumpFormInfoByBundleName(const std::string & bundleName,std::string & formInfos)95 int DumpFormInfoByBundleName(const std::string &bundleName, std::string &formInfos) override
96 {
97 return 0;
98 }
DumpFormInfoByFormId(const std::int64_t formId,std::string & formInfo)99 int DumpFormInfoByFormId(const std::int64_t formId, std::string &formInfo) override
100 {
101 return 0;
102 }
DumpFormTimerByFormId(const std::int64_t formId,std::string & isTimingService)103 int DumpFormTimerByFormId(const std::int64_t formId, std::string &isTimingService) override
104 {
105 return 0;
106 }
MessageEvent(const int64_t formId,const Want & want,const sptr<IRemoteObject> & callerToken)107 int MessageEvent(const int64_t formId, const Want &want, const sptr<IRemoteObject> &callerToken) override
108 {
109 return 0;
110 }
RouterEvent(const int64_t formId,Want & want,const sptr<IRemoteObject> & callerToken)111 int RouterEvent(const int64_t formId, Want &want, const sptr<IRemoteObject> &callerToken) override
112 {
113 return 0;
114 }
BackgroundEvent(const int64_t formId,Want & want,const sptr<IRemoteObject> & callerToken)115 int BackgroundEvent(const int64_t formId, Want &want, const sptr<IRemoteObject> &callerToken) override
116 {
117 return 0;
118 }
DeleteInvalidForms(const std::vector<int64_t> & formIds,const sptr<IRemoteObject> & callerToken,int32_t & numFormsDeleted)119 int DeleteInvalidForms(const std::vector<int64_t> &formIds,
120 const sptr<IRemoteObject> &callerToken, int32_t &numFormsDeleted) override
121 {
122 return 0;
123 }
AcquireFormState(const Want & want,const sptr<IRemoteObject> & callerToken,FormStateInfo & stateInfo)124 int AcquireFormState(const Want &want,
125 const sptr<IRemoteObject> &callerToken, FormStateInfo &stateInfo) override
126 {
127 return 0;
128 }
NotifyFormsVisible(const std::vector<int64_t> & formIds,bool isVisible,const sptr<IRemoteObject> & callerToken)129 int NotifyFormsVisible(const std::vector<int64_t> &formIds, bool isVisible,
130 const sptr<IRemoteObject> &callerToken) override
131 {
132 return 0;
133 }
NotifyFormsPrivacyProtected(const std::vector<int64_t> & formIds,bool isProtected,const sptr<IRemoteObject> & callerToken)134 int NotifyFormsPrivacyProtected(const std::vector<int64_t> &formIds,
135 bool isProtected, const sptr<IRemoteObject> &callerToken) override
136 {
137 return 0;
138 }
NotifyFormsEnableUpdate(const std::vector<int64_t> & formIds,bool isEnableUpdate,const sptr<IRemoteObject> & callerToken)139 int NotifyFormsEnableUpdate(const std::vector<int64_t> &formIds, bool isEnableUpdate,
140 const sptr<IRemoteObject> &callerToken) override
141 {
142 return 0;
143 }
GetAllFormsInfo(std::vector<FormInfo> & formInfos)144 int GetAllFormsInfo(std::vector<FormInfo> &formInfos) override
145 {
146 return 0;
147 }
GetFormsInfoByApp(std::string & bundleName,std::vector<FormInfo> & formInfos)148 int GetFormsInfoByApp(std::string &bundleName, std::vector<FormInfo> &formInfos) override
149 {
150 return 0;
151 }
GetFormsInfoByModule(std::string & bundleName,std::string & moduleName,std::vector<FormInfo> & formInfos)152 int GetFormsInfoByModule(std::string &bundleName,
153 std::string &moduleName, std::vector<FormInfo> &formInfos) override
154 {
155 return 0;
156 }
GetFormsInfo(const FormInfoFilter & filter,std::vector<FormInfo> & formInfos)157 int32_t GetFormsInfo(const FormInfoFilter &filter, std::vector<FormInfo> &formInfos) override
158 {
159 return 0;
160 }
IsRequestPublishFormSupported()161 bool IsRequestPublishFormSupported() override
162 {
163 return 0;
164 }
StartAbility(const Want & want,const sptr<IRemoteObject> & callerToken)165 int32_t StartAbility(const Want &want, const sptr<IRemoteObject> &callerToken) override
166 {
167 return 0;
168 }
ShareForm(int64_t formId,const std::string & deviceId,const sptr<IRemoteObject> & callerToken,int64_t requestCode)169 int32_t ShareForm(int64_t formId, const std::string &deviceId,
170 const sptr<IRemoteObject> &callerToken, int64_t requestCode) override
171 {
172 return 0;
173 }
AcquireFormData(int64_t formId,int64_t requestCode,const sptr<IRemoteObject> & callerToken,AAFwk::WantParams & formData)174 int32_t AcquireFormData(int64_t formId, int64_t requestCode, const sptr<IRemoteObject> &callerToken,
175 AAFwk::WantParams &formData) override
176 {
177 return 0;
178 }
RecvFormShareInfoFromRemote(const FormShareInfo & info)179 int32_t RecvFormShareInfoFromRemote(const FormShareInfo &info) override
180 {
181 return 0;
182 }
CheckFMSReady()183 bool CheckFMSReady() override
184 {
185 return false;
186 }
SetBackgroundFunction(const std::string funcName,const std::string params)187 int32_t SetBackgroundFunction(const std::string funcName, const std::string params) override
188 {
189 return 0;
190 }
GetFormsCount(bool isTempFormFlag,int32_t & formCount)191 int32_t GetFormsCount(bool isTempFormFlag, int32_t &formCount) override
192 {
193 return 0;
194 }
GetHostFormsCount(std::string & bundleName,int32_t & formCount)195 int32_t GetHostFormsCount(std::string &bundleName, int32_t &formCount) override
196 {
197 return 0;
198 }
GetRunningFormInfos(bool isUnusedIncluded,std::vector<RunningFormInfo> & runningFormInfos)199 ErrCode GetRunningFormInfos(bool isUnusedIncluded, std::vector<RunningFormInfo> &runningFormInfos) override
200 {
201 return 0;
202 }
GetRunningFormInfosByBundleName(const std::string & bundleName,bool isUnusedIncluded,std::vector<RunningFormInfo> & runningFormInfos)203 ErrCode GetRunningFormInfosByBundleName(
204 const std::string &bundleName, bool isUnusedIncluded, std::vector<RunningFormInfo> &runningFormInfos) override
205 {
206 return 0;
207 }
208
GetFormInstancesByFilter(const FormInstancesFilter & formInstancesFilter,std::vector<FormInstance> & formInstances)209 int32_t GetFormInstancesByFilter(const FormInstancesFilter &formInstancesFilter,
210 std::vector<FormInstance> &formInstances) override
211 {
212 return 0;
213 }
GetFormInstanceById(const int64_t formId,FormInstance & formInstances)214 int32_t GetFormInstanceById(const int64_t formId, FormInstance &formInstances) override
215 {
216 return 0;
217 }
RegisterFormAddObserverByBundle(const std::string bundleName,const sptr<IRemoteObject> & callerToken)218 ErrCode RegisterFormAddObserverByBundle(const std::string bundleName,
219 const sptr<IRemoteObject> &callerToken) override
220 {
221 return ERR_OK;
222 }
223
RegisterFormRemoveObserverByBundle(const std::string bundleName,const sptr<IRemoteObject> & callerToken)224 ErrCode RegisterFormRemoveObserverByBundle(const std::string bundleName,
225 const sptr<IRemoteObject> &callerToken) override
226 {
227 return ERR_OK;
228 }
229
RegisterAddObserver(const std::string & bundleName,const sptr<IRemoteObject> & callerToken)230 ErrCode RegisterAddObserver(const std::string &bundleName, const sptr<IRemoteObject> &callerToken) override
231 {
232 return ERR_OK;
233 }
234
RegisterRemoveObserver(const std::string & bundleName,const sptr<IRemoteObject> & callerToken)235 ErrCode RegisterRemoveObserver(const std::string &bundleName, const sptr<IRemoteObject> &callerToken) override
236 {
237 return ERR_OK;
238 }
239
RegisterClickEventObserver(const std::string & bundleName,const std::string & formEventType,const sptr<IRemoteObject> & observer)240 ErrCode RegisterClickEventObserver(
241 const std::string &bundleName, const std::string &formEventType, const sptr<IRemoteObject> &observer) override
242 {
243 return ERR_OK;
244 }
245
RegisterFormRouterProxy(const std::vector<int64_t> & formIds,const sptr<IRemoteObject> & callerToken)246 ErrCode RegisterFormRouterProxy(const std::vector<int64_t> &formIds,
247 const sptr<IRemoteObject> &callerToken) override
248 {
249 return ERR_OK;
250 }
251
UnregisterClickEventObserver(const std::string & bundleName,const std::string & formEventType,const sptr<IRemoteObject> & observer)252 ErrCode UnregisterClickEventObserver(
253 const std::string &bundleName, const std::string &formEventType, const sptr<IRemoteObject> &observer) override
254 {
255 return ERR_OK;
256 }
257
UnregisterFormRouterProxy(const std::vector<int64_t> & formIds)258 ErrCode UnregisterFormRouterProxy(const std::vector<int64_t> &formIds) override
259 {
260 return ERR_OK;
261 }
262
RequestPublishFormWithSnapshot(Want & want,bool withFormBindingData,std::unique_ptr<FormProviderData> & formBindingData,int64_t & formId)263 ErrCode RequestPublishFormWithSnapshot(Want &want, bool withFormBindingData,
264 std::unique_ptr<FormProviderData> &formBindingData, int64_t &formId) override
265 {
266 return 0;
267 }
268 };
269
HandleFormMessage(std::shared_ptr<FormMgrStub> formMgrStub,MessageParcel & data,MessageParcel & reply)270 void HandleFormMessage(std::shared_ptr<FormMgrStub> formMgrStub, MessageParcel &data, MessageParcel &reply)
271 {
272 if (formMgrStub == nullptr) {
273 return;
274 }
275 formMgrStub->HandleRegisterFormRemoveObserverByBundle(data, reply);
276 formMgrStub->HandleGetFormsCount(data, reply);
277 formMgrStub->HandleGetHostFormsCount(data, reply);
278 formMgrStub->HandleGetRunningFormInfos(data, reply);
279 formMgrStub->HandleGetRunningFormInfosByBundleName(data, reply);
280 formMgrStub->HandleGetFormInstanceById(data, reply);
281 formMgrStub->HandleGetAllFormsInfo(data, reply);
282 formMgrStub->HandleGetFormsInfoByApp(data, reply);
283 formMgrStub->HandleGetFormsInfoByModule(data, reply);
284 formMgrStub->HandleIsRequestPublishFormSupported(data, reply);
285 formMgrStub->HandleShareForm(data, reply);
286 formMgrStub->HandleCheckFMSReady(data, reply);
287 formMgrStub->HandleDeleteForm(data, reply);
288 formMgrStub->HandleStopRenderingForm(data, reply);
289 formMgrStub->HandleReleaseForm(data, reply);
290 formMgrStub->HandleSetNextRefreshTime(data, reply);
291 formMgrStub->HandleLifecycleUpdate(data, reply);
292 formMgrStub->HandleRequestForm(data, reply);
293 formMgrStub->HandleNotifyWhetherVisibleForms(data, reply);
294 formMgrStub->HandleCastTempForm(data, reply);
295 formMgrStub->HandleDumpFormInfoByBundleName(data, reply);
296 formMgrStub->HandleDumpFormInfoByFormId(data, reply);
297 formMgrStub->HandleDumpFormTimerByFormId(data, reply);
298 formMgrStub->HandleDeleteInvalidForms(data, reply);
299 formMgrStub->HandleNotifyFormsVisible(data, reply);
300 formMgrStub->HandleNotifyFormsPrivacyProtected(data, reply);
301 formMgrStub->HandleNotifyFormsEnableUpdate(data, reply);
302 formMgrStub->HandleRegisterFormAddObserverByBundle(data, reply);
303 formMgrStub->HandleAddForm(data, reply);
304 formMgrStub->HandleUpdateForm(data, reply);
305 formMgrStub->HandleRequestPublishForm(data, reply);
306 formMgrStub->HandleMessageEvent(data, reply);
307 formMgrStub->HandleBackgroundEvent(data, reply);
308 formMgrStub->HandleRouterEvent(data, reply);
309 formMgrStub->HandleAcquireFormState(data, reply);
310 formMgrStub->HandleGetFormsInfo(data, reply);
311 formMgrStub->HandleStartAbility(data, reply);
312 formMgrStub->HandleRecvFormShareInfoFromRemote(data, reply);
313 formMgrStub->HandleAcquireFormData(data, reply);
314 formMgrStub->HandleGetFormInstancesByFilter(data, reply);
315 }
316
HandleFormRequest(std::shared_ptr<FormMgrStub> formMgrStub,MessageParcel & data,MessageParcel & reply)317 void HandleFormRequest(std::shared_ptr<FormMgrStub> formMgrStub, MessageParcel &data, MessageParcel &reply)
318 {
319 if (formMgrStub == nullptr) {
320 return;
321 }
322 formMgrStub->HandleCreateForm(data, reply);
323 formMgrStub->HandleReleaseRenderer(data, reply);
324 formMgrStub->HandleSetPublishFormResult(data, reply);
325 formMgrStub->HandleAcquireAddFormResult(data, reply);
326 formMgrStub->HandleHasFormVisible(data, reply);
327 formMgrStub->HandleDumpStorageFormInfos(data, reply);
328 formMgrStub->HandleGetFormsInfoByFilter(data, reply);
329 formMgrStub->HandleIsSystemAppForm(data, reply);
330 formMgrStub->HandleRegisterAddObserver(data, reply);
331 formMgrStub->HandleRegisterRemoveObserver(data, reply);
332 formMgrStub->HandleRegisterFormRouterProxy(data, reply);
333 formMgrStub->HandleUnregisterFormRouterProxy(data, reply);
334 formMgrStub->HandleUpdateProxyForm(data, reply);
335 formMgrStub->HandleRequestPublishProxyForm(data, reply);
336 formMgrStub->HandleUnregisterPublishFormInterceptor(data, reply);
337 formMgrStub->HandleRegisterClickCallbackEventObserver(data, reply);
338 formMgrStub->HandleUnregisterClickCallbackEventObserver(data, reply);
339 std::vector<FormDataProxy> formDataProxies;
340 formMgrStub->ReadFormDataProxies(data, formDataProxies);
341 formMgrStub->HandleSetFormsRecyclable(data, reply);
342 formMgrStub->HandleRecoverForms(data, reply);
343 formMgrStub->HandleUpdateFormLocation(data, reply);
344 formMgrStub->HandleRequestPublishFormWithSnapshot(data, reply);
345 formMgrStub->HandleBatchRefreshForms(data, reply);
346 formMgrStub->HandleEnableForms(data, reply);
347 formMgrStub->HandleIsFormBundleForbidden(data, reply);
348 }
349
GetU32Data(const char * ptr)350 uint32_t GetU32Data(const char* ptr)
351 {
352 // 将第0个数字左移24位,将第1个数字左移16位,将第2个数字左移8位,第3个数字不左移
353 return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | (ptr[3]);
354 }
355
DoSomethingInterestingWithMyAPI(const char * data,size_t size)356 bool DoSomethingInterestingWithMyAPI(const char* data, size_t size)
357 {
358 uint32_t code = GetU32Data(data);
359 MessageParcel datas;
360 datas.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN);
361 datas.WriteBuffer(data, size);
362 datas.RewindRead(0);
363 MessageParcel reply;
364 MessageOption option;
365 std::shared_ptr<FormMgrStub> formmgrstub = std::make_shared<FormMgrStubFuzzTest>();
366 formmgrstub->OnRemoteRequest(code, datas, reply, option);
367 code = MESSAGE_BASE + code % MESSAGE_RANGE;
368 formmgrstub->OnRemoteRequest(code, datas, reply, option);
369 for (uint32_t code = MESSAGE_BASE; code < MESSAGE_MAX; code++) {
370 MessageParcel parcel;
371 parcel.WriteInterfaceToken(FORMMGR_INTERFACE_TOKEN);
372 parcel.WriteBuffer(data, size);
373 parcel.RewindRead(0);
374 MessageParcel reply;
375 MessageOption option;
376 std::shared_ptr<FormMgrStub> formMgrStub = std::make_shared<FormMgrStubFuzzTest>();
377 formMgrStub->OnRemoteRequest(code, parcel, reply, option);
378 }
379 HandleFormMessage(formmgrstub, datas, reply);
380 HandleFormRequest(formmgrstub, datas, reply);
381 return true;
382 }
383 }
384
385 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)386 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
387 {
388 /* Run your code on data */
389 if (data == nullptr) {
390 return 0;
391 }
392
393 if (size < OHOS::U32_AT_SIZE) {
394 return 0;
395 }
396
397 /* Validate the length of size */
398 if (size == 0 || size > OHOS::FOO_MAX_LEN) {
399 return 0;
400 }
401
402 char* ch = static_cast<char*>(malloc(size + 1));
403 if (ch == nullptr) {
404 return 0;
405 }
406
407 (void)memset_s(ch, size + 1, 0x00, size + 1);
408 if (memcpy_s(ch, size + 1, data, size) != EOK) {
409 free(ch);
410 ch = nullptr;
411 return 0;
412 }
413
414 OHOS::DoSomethingInterestingWithMyAPI(ch, size);
415 free(ch);
416 ch = nullptr;
417 return 0;
418 }
419
420