1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "vibratoronremoterequest_fuzzer.h"
17 
18 #include <cstddef>
19 #include <cstdint>
20 
21 #include "accesstoken_kit.h"
22 #include "message_parcel.h"
23 #include "nativetoken_kit.h"
24 #include "securec.h"
25 #include "token_setproc.h"
26 
27 #include "miscdevice_service.h"
28 
29 namespace OHOS {
30 namespace Sensors {
31 using namespace Security::AccessToken;
32 using Security::AccessToken::AccessTokenID;
33 namespace {
34 constexpr size_t U32_AT_SIZE = 4;
35 #ifdef OHOS_BUILD_ENABLE_VIBRATOR_CUSTOM
36 constexpr uint32_t IPC_CODE_COUNT = 9;
37 #else
38 constexpr uint32_t IPC_CODE_COUNT = 8;
39 #endif // OHOS_BUILD_ENABLE_VIBRATOR_CUSTOM
40 auto g_service = MiscdeviceDelayedSpSingleton<MiscdeviceService>::GetInstance();
41 const std::u16string VIBRATOR_INTERFACE_TOKEN = u"IMiscdeviceService";
42 }
43 
SetUpTestCase()44 void SetUpTestCase()
45 {
46     const char **perms = new (std::nothrow) const char *[1];
47     if (perms == nullptr) {
48         return;
49     }
50     perms[0] = "ohos.permission.VIBRATE";
51     TokenInfoParams infoInstance = {
52         .dcapsNum = 0,
53         .permsNum = 1,
54         .aclsNum = 0,
55         .dcaps = nullptr,
56         .perms = perms,
57         .acls = nullptr,
58         .processName = "VibratorOnRemoteRequestFuzzTest",
59         .aplStr = "system_core",
60     };
61     uint64_t tokenId = GetAccessTokenId(&infoInstance);
62     SetSelfTokenID(tokenId);
63     AccessTokenKit::ReloadNativeTokenInfo();
64     delete[] perms;
65 }
66 
GetU32Data(const uint8_t * data)67 uint32_t GetU32Data(const uint8_t *data)
68 {
69     // convert fuzz input data to an integer
70     return ((data[0] << 24) | (data[1] << 16) | (data[2] << 8) | data[3]) % IPC_CODE_COUNT;
71 }
72 
OnRemoteRequestFuzzTest(const uint8_t * data,size_t size)73 bool OnRemoteRequestFuzzTest(const uint8_t *data, size_t size)
74 {
75     SetUpTestCase();
76     uint32_t code = GetU32Data(data);
77     MessageParcel datas;
78     datas.WriteInterfaceToken(VIBRATOR_INTERFACE_TOKEN);
79     datas.WriteBuffer(data + U32_AT_SIZE, size - U32_AT_SIZE);
80     datas.RewindRead(0);
81     MessageParcel reply;
82     MessageOption option;
83     g_service->OnStartFuzz();
84     g_service->OnRemoteRequest(code, datas, reply, option);
85     return true;
86 }
87 } // namespace Sensors
88 } // namespace OHOS
89 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)90 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
91 {
92     /* Run your code on data */
93     if (data == nullptr) {
94         return 0;
95     }
96 
97     /* Validate the length of size */
98     if (size < OHOS::Sensors::U32_AT_SIZE) {
99         return 0;
100     }
101 
102     OHOS::Sensors::OnRemoteRequestFuzzTest(data, size);
103     return 0;
104 }
105