From c07ea73ca48d8fc1c31c40932014f0a4333d288d Mon Sep 17 00:00:00 2001 From: huangshiwei Date: Sat, 28 Jun 2025 13:44:22 +0800 Subject: [PATCH] huangshiwei4@huawei.com Signed-off-by: huangshiwei --- .../src/appmgr/render_state_observer_stub.cpp | 2 +- test/fuzztest/BUILD.gn | 1 + test/fuzztest/ability_fuzz_util.h | 23 ++++ .../abilityappmgrrunningmultiinfo_fuzzer.cpp | 19 ++-- .../BUILD.gn | 106 ++++++++++++++++++ ...tyecologicalrulemgrservicefirst_fuzzer.cpp | 70 ++++++++++++ ...lityecologicalrulemgrservicefirst_fuzzer.h | 21 ++++ .../corpus/init | 16 +++ .../project.xml | 25 +++++ ...facesappmgrappdebuglistenerstub_fuzzer.cpp | 90 ++++----------- ...rappforegroundstateobserverstub_fuzzer.cpp | 85 +++----------- ...erfacesappmgrchildschedulerstub_fuzzer.cpp | 90 ++++----------- ...esappmgrrenderstateobserverstub_fuzzer.cpp | 84 +++----------- ...itystartwithwaitobservermanager_fuzzer.cpp | 1 + .../project.xml | 2 +- .../dataabilitymanager_fuzzer.cpp | 70 +++++------- .../dataabilitymanager_fuzzer/project.xml | 4 +- 17 files changed, 378 insertions(+), 331 deletions(-) create mode 100644 test/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer/BUILD.gn create mode 100644 test/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer/abilityecologicalrulemgrservicefirst_fuzzer.cpp create mode 100644 test/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer/abilityecologicalrulemgrservicefirst_fuzzer.h create mode 100644 test/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer/corpus/init create mode 100644 test/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer/project.xml diff --git a/interfaces/inner_api/app_manager/src/appmgr/render_state_observer_stub.cpp b/interfaces/inner_api/app_manager/src/appmgr/render_state_observer_stub.cpp index 8d28fa4007b..6acf851fe4d 100644 --- a/interfaces/inner_api/app_manager/src/appmgr/render_state_observer_stub.cpp +++ b/interfaces/inner_api/app_manager/src/appmgr/render_state_observer_stub.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at diff --git a/test/fuzztest/BUILD.gn b/test/fuzztest/BUILD.gn index 576db4c2555..03eccd8b1e0 100644 --- a/test/fuzztest/BUILD.gn +++ b/test/fuzztest/BUILD.gn @@ -67,6 +67,7 @@ group("fuzztest") { "abilitycontext_fuzzer:fuzztest", "abilitydebugdeal_fuzzer:fuzztest", "abilitydebugresponseproxy_fuzzer:fuzztest", + "abilityecologicalrulemgrservicefirst_fuzzer:fuzztest", "abilityeventutil_fuzzer:fuzztest", "abilityfirstframestateobservermanager_fuzzer:fuzztest", "abilityforegroundstateobserverproxy_fuzzer:fuzztest", diff --git a/test/fuzztest/ability_fuzz_util.h b/test/fuzztest/ability_fuzz_util.h index 61fb92433c9..f7059d58d8e 100644 --- a/test/fuzztest/ability_fuzz_util.h +++ b/test/fuzztest/ability_fuzz_util.h @@ -21,6 +21,7 @@ #include #include +#include "ability_ecological_rule_mgr_service_param.h" #include "auto_startup_info.h" #include "bundle_info.h" #include "bundle_user_info.h" @@ -167,6 +168,28 @@ void GenerateSignatureInfo(FuzzedDataProvider& fdp, SignatureInfo &signatureInfo signatureInfo.certificate = fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH); } +void GetRandomAbilityInfo(FuzzedDataProvider& fdp, AbilityInfo& info) +{ + info.name = fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH); + info.label = fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH); + info.description = fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH); + info.iconPath = fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH); + info.labelId = fdp.ConsumeIntegral(); + info.descriptionId = fdp.ConsumeIntegral(); + info.iconId = fdp.ConsumeIntegral(); + info.theme = fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH); + info.visible = fdp.ConsumeBool(); + info.kind = fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH); +} + +void GetRandomAbilityExperienceRule(FuzzedDataProvider& fdp, AbilityExperienceRule& rule) +{ + rule.resultCode = fdp.ConsumeIntegral(); + rule.sceneCode = fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH); + rule.isBackSkuExempt = fdp.ConsumeBool(); + rule.embedResultCode = fdp.ConsumeIntegral(); +} + void GetRandomAutoStartupInfo(FuzzedDataProvider& fdp, AutoStartupInfo& info) { info.appCloneIndex = fdp.ConsumeIntegral(); diff --git a/test/fuzztest/abilityappmgrrunningmultiinfo_fuzzer/abilityappmgrrunningmultiinfo_fuzzer.cpp b/test/fuzztest/abilityappmgrrunningmultiinfo_fuzzer/abilityappmgrrunningmultiinfo_fuzzer.cpp index b23273586e3..1f283529573 100644 --- a/test/fuzztest/abilityappmgrrunningmultiinfo_fuzzer/abilityappmgrrunningmultiinfo_fuzzer.cpp +++ b/test/fuzztest/abilityappmgrrunningmultiinfo_fuzzer/abilityappmgrrunningmultiinfo_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -19,9 +19,7 @@ #include #include -#define private public #include "page_state_data.h" -#undef private #include "securec.h" #include "ability_record.h" @@ -30,14 +28,15 @@ using namespace OHOS::AAFwk; using namespace OHOS::AppExecFwk; namespace OHOS { -bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider *fdp) +bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) { RenderStateData info; - std::string stringData = fdp->ConsumeRandomLengthString(); Parcel parcel; - parcel.WriteString(stringData); + FuzzedDataProvider fdp(data, size); + parcel.WriteInt32(fdp.ConsumeIntegral()); info.Marshalling(parcel); info.ReadFromParcel(parcel); + info.Unmarshalling(parcel); return true; } } @@ -45,9 +44,7 @@ bool DoSomethingInterestingWithMyAPI(FuzzedDataProvider *fdp) /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - /* Run your code on data */ - FuzzedDataProvider fdp(data, size); - OHOS::DoSomethingInterestingWithMyAPI(&fdp); + // Run your code on data. + OHOS::DoSomethingInterestingWithMyAPI(data, size); return 0; -} - +} \ No newline at end of file diff --git a/test/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer/BUILD.gn b/test/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer/BUILD.gn new file mode 100644 index 00000000000..d1d2ae0e906 --- /dev/null +++ b/test/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer/BUILD.gn @@ -0,0 +1,106 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/ohos.gni") +import("//build/test.gni") +import("//foundation/ability/ability_runtime/ability_runtime.gni") +module_output_path = "ability_runtime/abilitymgr" + +##############################fuzztest########################################## +ohos_fuzztest("AbilityEcologicalRuleMgrServiceFirstFuzzTest") { + module_out_path = module_output_path + + fuzz_config_file = "${ability_runtime_test_path}/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer" + + include_dirs = [ + "${ability_runtime_services_path}/abilitymgr/include/ecological_rule", + "${ability_runtime_services_path}/abilitymgr/include/utils", + "${ability_runtime_services_path}/common/include", + ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + sources = [ + "${ability_runtime_services_path}/abilitymgr/src/ecological_rule/ability_ecological_rule_mgr_service.cpp", + "${ability_runtime_services_path}/abilitymgr/src/ecological_rule/ability_ecological_rule_mgr_service_param.cpp", + "${ability_runtime_services_path}/abilitymgr/src/interceptor/ecological_rule_interceptor.cpp", + "${ability_runtime_services_path}/common/src/record_cost_time_util.cpp", + "${ability_runtime_services_path}/abilitymgr/src/utils/start_ability_utils.cpp", + "abilityecologicalrulemgrservicefirst_fuzzer.cpp" + ] + + configs = [ + "${ability_runtime_services_path}/abilitymgr:abilityms_config", + "${ability_runtime_innerkits_path}/ability_manager:ability_manager_public_config", + ] + cflags = [] + if (target_cpu == "arm") { + cflags += [ "-DBINDER_IPC_32BIT" ] + } + deps = [ + "${ability_runtime_innerkits_path}/ability_manager:ability_manager", + "${ability_runtime_innerkits_path}/ability_manager:ability_start_options", + "${ability_runtime_innerkits_path}/app_manager:app_manager", + "${ability_runtime_native_path}/ability/native:abilitykit_native", + "${ability_runtime_native_path}/appkit:appkit_manager_helper", + "${ability_runtime_path}/utils/global/freeze:freeze_util", + "${ability_runtime_path}/utils/server/startup:startup_util", + "${ability_runtime_services_path}/abilitymgr:abilityms", + "${ability_runtime_services_path}/common:app_util", + "${ability_runtime_services_path}/common:perm_verification", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "access_token:libaccesstoken_sdk", + "c_utils:utils", + "common_event_service:cesfwk_innerkits", + "config_policy:configpolicy_util", + "eventhandler:libeventhandler", + "ffrt:libffrt", + "hilog:libhilog", + "hisysevent:libhisysevent", + "hitrace:hitrace_meter", + "init:libbeget_proxy", + "ipc:ipc_core", + "napi:ace_napi", + "relational_store:native_appdatafwk", + "relational_store:native_dataability", + "relational_store:native_rdb", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", + ] + + if (background_task_mgr_continuous_task_enable) { + external_deps += [ "background_task_mgr:bgtaskmgr_innerkits" ] + } +} + +############################################################################### +group("fuzztest") { + testonly = true + deps = [] + deps += [ + # deps file + ":AbilityEcologicalRuleMgrServiceFirstFuzzTest", + ] +} +############################################################################### diff --git a/test/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer/abilityecologicalrulemgrservicefirst_fuzzer.cpp b/test/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer/abilityecologicalrulemgrservicefirst_fuzzer.cpp new file mode 100644 index 00000000000..ccfbd853c45 --- /dev/null +++ b/test/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer/abilityecologicalrulemgrservicefirst_fuzzer.cpp @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "abilityecologicalrulemgrservicefirst_fuzzer.h" + +#include +#include +#include + +#define private public +#include "ability_ecological_rule_mgr_service.h" +#undef private + +#include "../ability_fuzz_util.h" + +using namespace OHOS::AAFwk; +using namespace OHOS::AppExecFwk; + +namespace OHOS { +namespace { +constexpr size_t STRING_MAX_LENGTH = 128; +} +bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) +{ + auto client = std::make_shared(); + wptr object; + Want want; + AbilityCallerInfo callerInfo; + int32_t type; + vector abilityInfos; + AbilityInfo info; + vector extInfos; + AbilityExperienceRule rule; + FuzzedDataProvider fdp(data, size); + client->ConnectService(); + client->CheckConnectService(); + client->OnRemoteSaDied(object); + type = fdp.ConsumeIntegral(); + size_t arraySize = fdp.ConsumeIntegralInRange(0, STRING_MAX_LENGTH); + for (size_t i = 0; i < arraySize; ++i) { + AbilityFuzzUtil::GetRandomAbilityInfo(fdp, info); + abilityInfos.emplace_back(info); + } + client->EvaluateResolveInfos(want, callerInfo, type, abilityInfos, extInfos); + AbilityFuzzUtil::GetRandomAbilityExperienceRule(fdp, rule); + client->QueryStartExperience(want, callerInfo, rule); + + return true; +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + // Run your code on data. + OHOS::DoSomethingInterestingWithMyAPI(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer/abilityecologicalrulemgrservicefirst_fuzzer.h b/test/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer/abilityecologicalrulemgrservicefirst_fuzzer.h new file mode 100644 index 00000000000..152dacf4d67 --- /dev/null +++ b/test/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer/abilityecologicalrulemgrservicefirst_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FUZZTEST_OHOS_ABILITY_RUNTIME_ABILITYECOLOGICALRULEMGRSERVICE_FIRST_FUZZER_H +#define FUZZTEST_OHOS_ABILITY_RUNTIME_ABILITYECOLOGICALRULEMGRSERVICE_FIRST_FUZZER_H + +#define FUZZ_PROJECT_NAME "abilityecologicalrulemgrservicefirst_fuzzer" + +#endif diff --git a/test/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer/corpus/init b/test/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer/corpus/init new file mode 100644 index 00000000000..7ade8a0faaf --- /dev/null +++ b/test/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer/project.xml b/test/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer/project.xml new file mode 100644 index 00000000000..4a9e5e0e8a1 --- /dev/null +++ b/test/fuzztest/abilityecologicalrulemgrservicefirst_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 600 + + 4096 + + diff --git a/test/fuzztest/abilityinterfacesappmgrappdebuglistenerstub_fuzzer/abilityinterfacesappmgrappdebuglistenerstub_fuzzer.cpp b/test/fuzztest/abilityinterfacesappmgrappdebuglistenerstub_fuzzer/abilityinterfacesappmgrappdebuglistenerstub_fuzzer.cpp index 2b94e21e8d6..90a4aec1543 100644 --- a/test/fuzztest/abilityinterfacesappmgrappdebuglistenerstub_fuzzer/abilityinterfacesappmgrappdebuglistenerstub_fuzzer.cpp +++ b/test/fuzztest/abilityinterfacesappmgrappdebuglistenerstub_fuzzer/abilityinterfacesappmgrappdebuglistenerstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -17,6 +17,7 @@ #include #include +#include #define private public #include "app_debug_listener_stub.h" @@ -32,23 +33,9 @@ using namespace OHOS::AppExecFwk; namespace OHOS { namespace { -constexpr int INPUT_ZERO = 0; -constexpr int INPUT_ONE = 1; -constexpr int INPUT_TWO = 2; -constexpr int INPUT_THREE = 3; -constexpr size_t U32_AT_SIZE = 4; -constexpr size_t OFFSET_ZERO = 24; -constexpr size_t OFFSET_ONE = 16; -constexpr size_t OFFSET_TWO = 8; -constexpr uint8_t ENABLE = 2; +constexpr size_t STRING_MAX_LENGTH = 128; } const std::u16string AMSMGR_INTERFACE_TOKEN = u"ohos.appexecfwk.IAmsMgr"; -uint32_t GetU32Data(const char* ptr) -{ - // convert fuzz input data to an integer - return (ptr[INPUT_ZERO] << OFFSET_ZERO) | (ptr[INPUT_ONE] << OFFSET_ONE) | (ptr[INPUT_TWO] << OFFSET_TWO) | - ptr[INPUT_THREE]; -} class AppDebugListenerStubFUZZ : public AppDebugListenerStub { public: explicit AppDebugListenerStubFUZZ() {}; @@ -59,33 +46,25 @@ public: void OnAppDebugStoped(const std::vector &debugInfos) override{}; }; -sptr GetFuzzAbilityToken() -{ - sptr token = nullptr; - AbilityRequest abilityRequest; - abilityRequest.appInfo.bundleName = "com.example.fuzzTest"; - abilityRequest.abilityInfo.name = "MainAbility"; - abilityRequest.abilityInfo.type = AbilityType::DATA; - std::shared_ptr abilityRecord = AbilityRecord::CreateAbilityRecord(abilityRequest); - if (abilityRecord) { - token = abilityRecord->GetToken(); - } - return token; -} - -bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) +bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) { - uint32_t codeOne = static_cast(IAppDebugListener::Message::ON_APP_DEBUG_STARTED); + std::shared_ptr stub = std::make_shared(); + uint32_t code1; + uint32_t code2; MessageParcel parcel; - parcel.WriteInterfaceToken(AMSMGR_INTERFACE_TOKEN); - parcel.WriteBuffer(data, size); - parcel.RewindRead(0); MessageParcel reply; MessageOption option; - std::shared_ptr abmsOne = std::make_shared(); - abmsOne->OnRemoteRequest(codeOne, parcel, reply, option); - uint32_t codeTwo = static_cast(IAppDebugListener::Message::ON_APP_DEBUG_STOPED); - abmsOne->OnRemoteRequest(codeTwo, parcel, reply, option); + FuzzedDataProvider fdp(data, size); + parcel.WriteInterfaceToken(AMSMGR_INTERFACE_TOKEN); + parcel.WriteString(fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH)); + parcel.WriteInt32(fdp.ConsumeIntegral()); + parcel.RewindRead(0); + code1 = static_cast(IAppDebugListener::Message::ON_APP_DEBUG_STARTED); + stub->OnRemoteRequest(codeOne, parcel, reply, option); + code2 = static_cast(IAppDebugListener::Message::ON_APP_DEBUG_STOPED); + stub->OnRemoteRequest(codeTwo, parcel, reply, option); + stub->HandleOnAppDebugStarted(parcel, reply); + stub->HandleOnAppDebugStoped(parcel, reply); return true; } } @@ -93,34 +72,7 @@ bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - /* Run your code on data */ - if (data == nullptr) { - std::cout << "invalid data" << std::endl; - return 0; - } - - /* Validate the length of size */ - if (size < OHOS::U32_AT_SIZE) { - return 0; - } - - char* ch = static_cast(malloc(size + 1)); - if (ch == nullptr) { - std::cout << "malloc failed." << std::endl; - return 0; - } - - (void)memset_s(ch, size + 1, 0x00, size + 1); - if (memcpy_s(ch, size + 1, data, size) != EOK) { - std::cout << "copy failed." << std::endl; - free(ch); - ch = nullptr; - return 0; - } - - OHOS::DoSomethingInterestingWithMyAPI(ch, size); - free(ch); - ch = nullptr; + // Run your code on data. + OHOS::DoSomethingInterestingWithMyAPI(data, size); return 0; -} - +} \ No newline at end of file diff --git a/test/fuzztest/abilityinterfacesappmgrappforegroundstateobserverstub_fuzzer/abilityinterfacesappmgrappforegroundstateobserverstub_fuzzer.cpp b/test/fuzztest/abilityinterfacesappmgrappforegroundstateobserverstub_fuzzer/abilityinterfacesappmgrappforegroundstateobserverstub_fuzzer.cpp index 049e3e8cc63..fb7e3cfd328 100644 --- a/test/fuzztest/abilityinterfacesappmgrappforegroundstateobserverstub_fuzzer/abilityinterfacesappmgrappforegroundstateobserverstub_fuzzer.cpp +++ b/test/fuzztest/abilityinterfacesappmgrappforegroundstateobserverstub_fuzzer/abilityinterfacesappmgrappforegroundstateobserverstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -17,6 +17,7 @@ #include #include +#include #define private public #include "app_foreground_state_observer_stub.h" @@ -32,23 +33,9 @@ using namespace OHOS::AppExecFwk; namespace OHOS { namespace { -constexpr int INPUT_ZERO = 0; -constexpr int INPUT_ONE = 1; -constexpr int INPUT_TWO = 2; -constexpr int INPUT_THREE = 3; -constexpr size_t U32_AT_SIZE = 4; -constexpr size_t OFFSET_ZERO = 24; -constexpr size_t OFFSET_ONE = 16; -constexpr size_t OFFSET_TWO = 8; -constexpr uint8_t ENABLE = 2; +constexpr size_t STRING_MAX_LENGTH = 128; } const std::u16string IA_APP_FOREGROUND_STATE_OBSERVER_TOKEN = u"ohos.appexecfwk.IAppForegroundStateObserver"; -uint32_t GetU32Data(const char* ptr) -{ - // convert fuzz input data to an integer - return (ptr[INPUT_ZERO] << OFFSET_ZERO) | (ptr[INPUT_ONE] << OFFSET_ONE) | (ptr[INPUT_TWO] << OFFSET_TWO) | - ptr[INPUT_THREE]; -} class AppForegroundStateObserverStubFUZZ : public AppForegroundStateObserverStub { public: @@ -59,32 +46,21 @@ public: void OnAppStateChanged(const AppStateData &appStateData) override{}; }; -sptr GetFuzzAbilityToken() +bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) { - sptr token = nullptr; - AbilityRequest abilityRequest; - abilityRequest.appInfo.bundleName = "com.example.fuzzTest"; - abilityRequest.abilityInfo.name = "MainAbility"; - abilityRequest.abilityInfo.type = AbilityType::DATA; - std::shared_ptr abilityRecord = AbilityRecord::CreateAbilityRecord(abilityRequest); - if (abilityRecord) { - token = abilityRecord->GetToken(); - } - return token; -} - -bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) -{ - uint32_t code = static_cast(IAppForegroundStateObserver::Message::ON_APP_STATE_CHANGED); + std::shared_ptr stub = std::make_shared(); + uint32_t code; MessageParcel parcel; - parcel.WriteInterfaceToken(IA_APP_FOREGROUND_STATE_OBSERVER_TOKEN); - parcel.WriteBuffer(data, size); - parcel.RewindRead(0); MessageParcel reply; MessageOption option; - std::shared_ptr abms = - std::make_shared(); - abms->OnRemoteRequest(code, parcel, reply, option); + FuzzedDataProvider fdp(data, size); + parcel.WriteInterfaceToken(AMSMGR_INTERFACE_TOKEN); + parcel.WriteString(fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH)); + parcel.WriteInt32(fdp.ConsumeIntegral()); + parcel.RewindRead(0); + code = static_cast(IAppForegroundStateObserver::Message::ON_APP_STATE_CHANGED); + stub->OnRemoteRequest(code, parcel, reply, option); + stub->HandleOnAppStateChanged(parcel, reply); using RemoteDiedHandler = std::function &)>; RemoteDiedHandler handler; std::shared_ptr infos = @@ -98,34 +74,7 @@ bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - /* Run your code on data */ - if (data == nullptr) { - std::cout << "invalid data" << std::endl; - return 0; - } - - /* Validate the length of size */ - if (size < OHOS::U32_AT_SIZE) { - return 0; - } - - char* ch = static_cast(malloc(size + 1)); - if (ch == nullptr) { - std::cout << "malloc failed." << std::endl; - return 0; - } - - (void)memset_s(ch, size + 1, 0x00, size + 1); - if (memcpy_s(ch, size + 1, data, size) != EOK) { - std::cout << "copy failed." << std::endl; - free(ch); - ch = nullptr; - return 0; - } - - OHOS::DoSomethingInterestingWithMyAPI(ch, size); - free(ch); - ch = nullptr; + // Run your code on data. + OHOS::DoSomethingInterestingWithMyAPI(data, size); return 0; -} - +} \ No newline at end of file diff --git a/test/fuzztest/abilityinterfacesappmgrchildschedulerstub_fuzzer/abilityinterfacesappmgrchildschedulerstub_fuzzer.cpp b/test/fuzztest/abilityinterfacesappmgrchildschedulerstub_fuzzer/abilityinterfacesappmgrchildschedulerstub_fuzzer.cpp index eb204415cd9..404c8e2a199 100644 --- a/test/fuzztest/abilityinterfacesappmgrchildschedulerstub_fuzzer/abilityinterfacesappmgrchildschedulerstub_fuzzer.cpp +++ b/test/fuzztest/abilityinterfacesappmgrchildschedulerstub_fuzzer/abilityinterfacesappmgrchildschedulerstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -17,6 +17,7 @@ #include #include +#include #define private public #include "child_scheduler_stub.h" @@ -32,23 +33,9 @@ using namespace OHOS::AppExecFwk; namespace OHOS { namespace { -constexpr int INPUT_ZERO = 0; -constexpr int INPUT_ONE = 1; -constexpr int INPUT_TWO = 2; -constexpr int INPUT_THREE = 3; -constexpr size_t U32_AT_SIZE = 4; -constexpr size_t OFFSET_ZERO = 24; -constexpr size_t OFFSET_ONE = 16; -constexpr size_t OFFSET_TWO = 8; -constexpr uint8_t ENABLE = 2; +constexpr size_t STRING_MAX_LENGTH = 128; } const std::u16string CHILD_SCHEDULER_TOKEN = u"ohos.appexecfwk.ChildScheduler"; -uint32_t GetU32Data(const char* ptr) -{ - // convert fuzz input data to an integer - return (ptr[INPUT_ZERO] << OFFSET_ZERO) | (ptr[INPUT_ONE] << OFFSET_ONE) | (ptr[INPUT_TWO] << OFFSET_TWO) | - ptr[INPUT_THREE]; -} class ChildSchedulerStubFUZZ : public ChildSchedulerStub { public: @@ -61,35 +48,27 @@ public: bool ScheduleRunNativeProc(const sptr &mainProcessCb) override{ return true; }; }; -sptr GetFuzzAbilityToken() +bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) { - sptr token = nullptr; - AbilityRequest abilityRequest; - abilityRequest.appInfo.bundleName = "com.example.fuzzTest"; - abilityRequest.abilityInfo.name = "MainAbility"; - abilityRequest.abilityInfo.type = AbilityType::DATA; - std::shared_ptr abilityRecord = AbilityRecord::CreateAbilityRecord(abilityRequest); - if (abilityRecord) { - token = abilityRecord->GetToken(); - } - return token; -} - -bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) -{ - uint32_t code = static_cast(IChildScheduler::Message::SCHEDULE_LOAD_JS); + std::shared_ptr stub = std::make_shared(); + uint32_t code; MessageParcel parcel; - parcel.WriteInterfaceToken(CHILD_SCHEDULER_TOKEN); - parcel.WriteBuffer(data, size); - parcel.RewindRead(0); MessageParcel reply; MessageOption option; - std::shared_ptr abms = std::make_shared(); - abms->OnRemoteRequest(code, parcel, reply, option); + FuzzedDataProvider fdp(data, size); + parcel.WriteInterfaceToken(AMSMGR_INTERFACE_TOKEN); + parcel.WriteString(fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH)); + parcel.WriteInt32(fdp.ConsumeIntegral()); + parcel.RewindRead(0); + code = static_cast(IChildScheduler::Message::SCHEDULE_LOAD_JS); + stub->OnRemoteRequest(code, parcel, reply, option); code = static_cast(IChildScheduler::Message::SCHEDULE_EXIT_PROCESS_SAFELY); - abms->OnRemoteRequest(code, parcel, reply, option); + stub->OnRemoteRequest(code, parcel, reply, option); code = static_cast(IChildScheduler::Message::SCHEDULE_RUN_NATIVE_PROC); - abms->OnRemoteRequest(code, parcel, reply, option); + stub->OnRemoteRequest(code, parcel, reply, option); + stub->HandleScheduleLoadChild(parcel, reply); + stub->HandleScheduleExitProcessSafely(parcel, reply); + stub->HandleScheduleRunNativeProc(parcel, reply); return true; } } @@ -97,34 +76,7 @@ bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - /* Run your code on data */ - if (data == nullptr) { - std::cout << "invalid data" << std::endl; - return 0; - } - - /* Validate the length of size */ - if (size < OHOS::U32_AT_SIZE) { - return 0; - } - - char* ch = static_cast(malloc(size + 1)); - if (ch == nullptr) { - std::cout << "malloc failed." << std::endl; - return 0; - } - - (void)memset_s(ch, size + 1, 0x00, size + 1); - if (memcpy_s(ch, size + 1, data, size) != EOK) { - std::cout << "copy failed." << std::endl; - free(ch); - ch = nullptr; - return 0; - } - - OHOS::DoSomethingInterestingWithMyAPI(ch, size); - free(ch); - ch = nullptr; + // Run your code on data. + OHOS::DoSomethingInterestingWithMyAPI(data, size); return 0; -} - +} \ No newline at end of file diff --git a/test/fuzztest/abilityinterfacesappmgrrenderstateobserverstub_fuzzer/abilityinterfacesappmgrrenderstateobserverstub_fuzzer.cpp b/test/fuzztest/abilityinterfacesappmgrrenderstateobserverstub_fuzzer/abilityinterfacesappmgrrenderstateobserverstub_fuzzer.cpp index 07d3000d8e3..34152391f2f 100644 --- a/test/fuzztest/abilityinterfacesappmgrrenderstateobserverstub_fuzzer/abilityinterfacesappmgrrenderstateobserverstub_fuzzer.cpp +++ b/test/fuzztest/abilityinterfacesappmgrrenderstateobserverstub_fuzzer/abilityinterfacesappmgrrenderstateobserverstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -17,6 +17,7 @@ #include #include +#include #define private public #include "render_state_observer_stub.h" @@ -31,23 +32,9 @@ using namespace OHOS::AppExecFwk; namespace OHOS { namespace { -constexpr int INPUT_ZERO = 0; -constexpr int INPUT_ONE = 1; -constexpr int INPUT_TWO = 2; -constexpr int INPUT_THREE = 3; -constexpr size_t U32_AT_SIZE = 4; -constexpr size_t OFFSET_ZERO = 24; -constexpr size_t OFFSET_ONE = 16; -constexpr size_t OFFSET_TWO = 8; -constexpr uint8_t ENABLE = 2; +constexpr size_t STRING_MAX_LENGTH = 128; } const std::u16string IR_ENDER_STATE_OBSERVER_TOKEN = u"ohos.appexecfwk.IRenderStateObserver"; -uint32_t GetU32Data(const char* ptr) -{ - // convert fuzz input data to an integer - return (ptr[INPUT_ZERO] << OFFSET_ZERO) | (ptr[INPUT_ONE] << OFFSET_ONE) | (ptr[INPUT_TWO] << OFFSET_TWO) | - ptr[INPUT_THREE]; -} class RenderStateObserverStubFUZZ : public RenderStateObserverStub { public: explicit RenderStateObserverStubFUZZ() {}; @@ -57,31 +44,21 @@ public: void OnRenderStateChanged(const RenderStateData &renderStateData) override{}; }; -sptr GetFuzzAbilityToken() +bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) { - sptr token = nullptr; - AbilityRequest abilityRequest; - abilityRequest.appInfo.bundleName = "com.example.fuzzTest"; - abilityRequest.abilityInfo.name = "MainAbility"; - abilityRequest.abilityInfo.type = AbilityType::DATA; - std::shared_ptr abilityRecord = AbilityRecord::CreateAbilityRecord(abilityRequest); - if (abilityRecord) { - token = abilityRecord->GetToken(); - } - return token; -} - -bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) -{ - uint32_t code = static_cast(IRenderStateObserver::ON_RENDER_STATE_CHANGED); + std::shared_ptr stub = std::make_shared(); + uint32_t code; MessageParcel parcel; - parcel.WriteInterfaceToken(IR_ENDER_STATE_OBSERVER_TOKEN); - parcel.WriteBuffer(data, size); - parcel.RewindRead(0); MessageParcel reply; MessageOption option; - std::shared_ptr abms = std::make_shared(); - abms->OnRemoteRequest(code, parcel, reply, option); + FuzzedDataProvider fdp(data, size); + parcel.WriteInterfaceToken(AMSMGR_INTERFACE_TOKEN); + parcel.WriteString(fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH)); + parcel.WriteInt32(fdp.ConsumeIntegral()); + parcel.RewindRead(0); + stub->OnRenderStateChangedInner(parcel, reply); + code = static_cast(IRenderStateObserver::ON_RENDER_STATE_CHANGED); + stub->OnRemoteRequest(code, parcel, reply, option); return true; } } @@ -89,34 +66,7 @@ bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - /* Run your code on data */ - if (data == nullptr) { - std::cout << "invalid data" << std::endl; - return 0; - } - - /* Validate the length of size */ - if (size < OHOS::U32_AT_SIZE) { - return 0; - } - - char* ch = static_cast(malloc(size + 1)); - if (ch == nullptr) { - std::cout << "malloc failed." << std::endl; - return 0; - } - - (void)memset_s(ch, size + 1, 0x00, size + 1); - if (memcpy_s(ch, size + 1, data, size) != EOK) { - std::cout << "copy failed." << std::endl; - free(ch); - ch = nullptr; - return 0; - } - - OHOS::DoSomethingInterestingWithMyAPI(ch, size); - free(ch); - ch = nullptr; + // Run your code on data. + OHOS::DoSomethingInterestingWithMyAPI(data, size); return 0; -} - +} \ No newline at end of file diff --git a/test/fuzztest/abilitystartwithwaitobservermanager_fuzzer/abilitystartwithwaitobservermanager_fuzzer.cpp b/test/fuzztest/abilitystartwithwaitobservermanager_fuzzer/abilitystartwithwaitobservermanager_fuzzer.cpp index d9f726ff9fe..37375e592e8 100644 --- a/test/fuzztest/abilitystartwithwaitobservermanager_fuzzer/abilitystartwithwaitobservermanager_fuzzer.cpp +++ b/test/fuzztest/abilitystartwithwaitobservermanager_fuzzer/abilitystartwithwaitobservermanager_fuzzer.cpp @@ -47,6 +47,7 @@ bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) infos->NotifyAATerminateWait(want); infos->NotifyAATerminateWait(abilityRecord); infos->SetColdStartForShellCall(abilityRecord); + infos->GenerateDeathRecipient(observer); return true; } } diff --git a/test/fuzztest/abilitystartwithwaitobservermanager_fuzzer/project.xml b/test/fuzztest/abilitystartwithwaitobservermanager_fuzzer/project.xml index 66e1dcac475..4a9e5e0e8a1 100644 --- a/test/fuzztest/abilitystartwithwaitobservermanager_fuzzer/project.xml +++ b/test/fuzztest/abilitystartwithwaitobservermanager_fuzzer/project.xml @@ -18,7 +18,7 @@ 1000 - 300 + 600 4096 diff --git a/test/fuzztest/dataabilitymanager_fuzzer/dataabilitymanager_fuzzer.cpp b/test/fuzztest/dataabilitymanager_fuzzer/dataabilitymanager_fuzzer.cpp index 4967a3366b3..4d11c2d019e 100755 --- a/test/fuzztest/dataabilitymanager_fuzzer/dataabilitymanager_fuzzer.cpp +++ b/test/fuzztest/dataabilitymanager_fuzzer/dataabilitymanager_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -17,6 +17,7 @@ #include #include +#include #define private public #include "data_ability_manager.h" @@ -29,8 +30,9 @@ using namespace OHOS::AppExecFwk; namespace OHOS { namespace { -constexpr size_t U32_AT_SIZE = 4; constexpr uint8_t ENABLE = 2; +constexpr size_t U32_AT_SIZE = 4; +constexpr size_t STRING_MAX_LENGTH = 128; } uint32_t GetU32Data(const char* ptr) @@ -63,20 +65,26 @@ sptr GetFuzzAbilityToken() return token; } -bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) +bool DoSomethingInterestingWithMyAPI(const uint8_t* data, size_t size) { - bool boolParam = *data % ENABLE; - int intParam = static_cast(GetU32Data(data)); - int32_t int32Param = static_cast(GetU32Data(data)); - int64_t int64Param = static_cast(GetU32Data(data)); - std::string stringParam(data, size); + auto dataAbilityManager = std::make_shared(); + bool boolParam; + bool isClient; + int intParam; + int32_t int32Param; + int64_t int64Param; + std::string stringParam; std::shared_ptr abilityRecord = GetFuzzAbilityRecord(); sptr token = GetFuzzAbilityToken(); std::vector info; AbilityRequest abilityRequest; - - // fuzz for DataAbilityManager - auto dataAbilityManager = std::make_shared(); + FuzzedDataProvider fdp(data, size); + boolParam = fdp.ConsumeBool(); + isClient = fdp.ConsumeBool(); + intParam = fdp.ConsumeIntegral(); + int32Param = fdp.ConsumeIntegral(); + int64Param = fdp.ConsumeIntegral(); + stringParam = fdp.ConsumeRandomLengthString(STRING_MAX_LENGTH); sptr client; dataAbilityManager->Acquire(abilityRequest, boolParam, client, boolParam); sptr scheduler; @@ -91,15 +99,17 @@ bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) dataAbilityManager->GetAbilityRecordById(int64Param); dataAbilityManager->GetAbilityRecordByToken(token); dataAbilityManager->GetAbilityRecordByScheduler(scheduler); - dataAbilityManager->Dump(data, intParam); + char *func = new char[stringParam.length() + 1]; + dataAbilityManager->Dump(func, intParam); dataAbilityManager->LoadLocked(stringParam, abilityRequest); - dataAbilityManager->DumpLocked(data, intParam); + dataAbilityManager->DumpLocked(func, intParam); dataAbilityManager->DumpState(info, stringParam); + std::shared_ptr record; + dataAbilityManager->DumpClientInfo(info, isClient, record); dataAbilityManager->DumpSysState(info, boolParam, stringParam); std::vector AbilityRunningInfoVector; dataAbilityManager->GetAbilityRunningInfos(AbilityRunningInfoVector, boolParam); dataAbilityManager->RestartDataAbility(abilityRecord); - std::shared_ptr record; dataAbilityManager->ReportDataAbilityAcquired(client, boolParam, record); dataAbilityManager->ReportDataAbilityReleased(client, boolParam, record); @@ -110,33 +120,7 @@ bool DoSomethingInterestingWithMyAPI(const char* data, size_t size) /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { - /* Run your code on data */ - if (data == nullptr) { - return 0; - } - - /* Validate the length of size */ - if (size < OHOS::U32_AT_SIZE) { - return 0; - } - - char* ch = static_cast(malloc(size + 1)); - if (ch == nullptr) { - std::cout << "malloc failed." << std::endl; - return 0; - } - - (void)memset_s(ch, size + 1, 0x00, size + 1); - if (memcpy_s(ch, size, data, size) != EOK) { - std::cout << "copy failed." << std::endl; - free(ch); - ch = nullptr; - return 0; - } - - OHOS::DoSomethingInterestingWithMyAPI(ch, size); - free(ch); - ch = nullptr; + // Run your code on data. + OHOS::DoSomethingInterestingWithMyAPI(data, size); return 0; -} - +} \ No newline at end of file diff --git a/test/fuzztest/dataabilitymanager_fuzzer/project.xml b/test/fuzztest/dataabilitymanager_fuzzer/project.xml index 7133b2b9244..47b61ad4698 100755 --- a/test/fuzztest/dataabilitymanager_fuzzer/project.xml +++ b/test/fuzztest/dataabilitymanager_fuzzer/project.xml @@ -1,5 +1,5 @@ - 1000 - 300 + 600 4096 -- Gitee