diff --git a/test/fuzztest/BUILD.gn b/test/fuzztest/BUILD.gn index 1c4a33acaca84456e4ced6a5b2f1fded21826eaa..94ef49b8512b96699b20a672bc2dec92a9a4a072 100644 --- a/test/fuzztest/BUILD.gn +++ b/test/fuzztest/BUILD.gn @@ -18,8 +18,16 @@ group("fuzztest") { # deps file "backupext_fuzzer:BackupExtFuzzTest", "backupsa_fuzzer:BackupSaFuzzTest", - "backupsaanother_fuzzer:BackupSaAnotherFuzzTest", - "backupsaappend_fuzzer:BackupSaAppendFuzzTest", + "backupsaappendbundlesbackupsession_fuzzer:BackupSaAppendBundlesBackupSessionFuzzTest", + "backupsaappendbundlesincrementalbackupsession_fuzzer:BackupSaAppendBundlesIncrementalBackupSessionFuzzTest", + "backupsaappincrementaldone_fuzzer:BackupSaAppIncrementalDoneFuzzTest", + "backupsaappincrementalfileready_fuzzer:BackupSaAppIncrementalFileReadyFuzzTest", + "backupsagetfilehandle_fuzzer:BackupSaGetFileHandleFuzzTest", + "backupsagetincrementalfilehandle_fuzzer:BackupSaGetIncrementalFileHandleFuzzTest", + "backupsagetincrementallocalcapabilities_fuzzer:BackupSaGetIncrementalLocalCapabilitiesFuzzTest", + "backupsainitincrementalbackupsession_fuzzer:BackupSaInitIncrementalBackupSessionFuzzTest", + "backupsapublishincrementalfile_fuzzer:BackupSaPublishIncrementalFileFuzzTest", + "backupsarelease_fuzzer:BackupSaReleaseFuzzTest", "backupservicestub_fuzzer:BackupServiceStubFuzzTest", "fileshare_fuzzer:FileShareFuzzTest", "remotefileshare_fuzzer:RemoteFileShareFuzzTest", diff --git a/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.cpp b/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.cpp deleted file mode 100644 index 9a6e46113927a07fb242375553133ee2882cdd70..0000000000000000000000000000000000000000 --- a/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.cpp +++ /dev/null @@ -1,243 +0,0 @@ -/* - * Copyright (c) 2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "backupsaappend_fuzzer.h" - -#include -#include -#include -#include -#include - -#include "message_parcel.h" -#include "service.h" -#include "service_proxy.h" -#include "service_reverse.h" -#include "service_stub.h" -#include "securec.h" -#include "system_ability.h" - -using namespace std; -using namespace OHOS::FileManagement::Backup; - -namespace OHOS { -constexpr int32_t SERVICE_ID = 5203; - -bool CmdInitRestoreSessionFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - datas.WriteBuffer(data, size); - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_INIT_RESTORE_SESSION), - datas, reply, option); - service = nullptr; - return true; -} - -bool CmdInitBackupSessionFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - datas.WriteBuffer(data, size); - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_INIT_BACKUP_SESSION), - datas, reply, option); - service = nullptr; - return true; -} - -bool CmdPublishFileFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - if (size > 0) { - int pos = (size + 1) >> 1; - std::string fileName(reinterpret_cast(data), pos); - std::string bundleName(reinterpret_cast(data + pos), size - pos); - uint32_t sn = 0; - if (size > sizeof(uint32_t)) { - sn = *(reinterpret_cast(data)); - } - BFileInfo fileInfo(fileName, bundleName, sn); - datas.WriteParcelable(&fileInfo); - } - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_PUBLISH_FILE), - datas, reply, option); - service = nullptr; - return true; -} - -bool CmdGetLocalCapabilitiesFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - datas.WriteBuffer(data, size); - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - uint32_t code = static_cast(IServiceIpcCode::COMMAND_GET_LOCAL_CAPABILITIES); - service->OnRemoteRequest(code, datas, reply, option); - service = nullptr; - return true; -} - -bool CmdAppFileReadyFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - std::string fileName(reinterpret_cast(data), size); - datas.WriteString(fileName); - - int fd = -1; - if (size >= sizeof(int)) { - fd = *(reinterpret_cast(data)); - } - datas.WriteFileDescriptor(UniqueFd(fd)); - - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - uint32_t code = static_cast(IServiceIpcCode::COMMAND_APP_FILE_READY); - service->OnRemoteRequest(code, datas, reply, option); - service = nullptr; - return true; -} - -bool CmdAppDoneFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - if (size >= sizeof(bool)) { - datas.WriteBool(*(reinterpret_cast(data))); - } - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_APP_DONE), - datas, reply, option); - service = nullptr; - return true; -} - -bool CmdStartFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - datas.WriteBuffer(data, size); - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_START), - datas, reply, option); - service = nullptr; - return true; -} - -bool CmdFinishFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - datas.WriteBuffer(data, size); - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_FINISH), - datas, reply, option); - service = nullptr; - return true; -} - -bool CmdAppendBundlesRestoreSessionFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - - size_t len = sizeof(int); - if (size >= len) { - int fd = *(reinterpret_cast(data)); - datas.WriteFileDescriptor(UniqueFd(fd)); - } - - if (size > 0) { - vector bundleNames; - for (size_t i = 0; i < size; i++) { - string param(reinterpret_cast(data), size); - string name = param + to_string(i); - bundleNames.push_back(name); - } - datas.WriteStringVector(bundleNames); - } - - if (size >= len + sizeof(int32_t)) { - int32_t type = static_cast(*(reinterpret_cast(data + len))); - datas.WriteInt32(type); - len += sizeof(int32_t); - } - - if (size >= len + sizeof(int32_t)) { - int32_t userId = static_cast(*(reinterpret_cast(data + len))); - datas.WriteInt32(userId); - } - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_APPEND_BUNDLES_RESTORE_SESSION_DATA), - datas, reply, option); - service = nullptr; - return true; -} -} // namespace OHOS - -/* Fuzzer entry point */ -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) -{ - /* Run your code on data */ - OHOS::CmdInitRestoreSessionFuzzTest(data, size); - OHOS::CmdInitBackupSessionFuzzTest(data, size); - OHOS::CmdPublishFileFuzzTest(data, size); - OHOS::CmdGetLocalCapabilitiesFuzzTest(data, size); - OHOS::CmdAppFileReadyFuzzTest(data, size); - OHOS::CmdAppDoneFuzzTest(data, size); - OHOS::CmdStartFuzzTest(data, size); - OHOS::CmdFinishFuzzTest(data, size); - OHOS::CmdAppendBundlesRestoreSessionFuzzTest(data, size); - return 0; -} \ No newline at end of file diff --git a/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/BUILD.gn b/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..652bfdfa6ab7a128dd007e504687593f43cbd0ca --- /dev/null +++ b/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/BUILD.gn @@ -0,0 +1,66 @@ +# Copyright (c) 2022-2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/app_file_service/app_file_service.gni") +import("//foundation/filemanagement/app_file_service/backup.gni") + +##############################fuzztest########################################## +ohos_fuzztest("BackupSaAppendBundlesBackupSessionFuzzTest") { + module_out_path = "app_file_service/app_file_service" + fuzz_config_file = + "${app_file_service_path}/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer" + include_dirs = [ + "${app_file_service_path}/services/backup_sa/include/module_ipc", + "${app_file_service_path}/services/backup_sa/include", + "${app_file_service_path}/interfaces/inner_api/native/backup_kit_inner/impl", + "${app_file_service_path}/frameworks/native/backup_kit_inner/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "backupsaappendbundlesbackupsession_fuzzer.cpp" ] + + deps = [ + "${app_file_service_path}/services/backup_sa:backup_sa", + "${path_backup}/interfaces/inner_api/native/backup_kit_inner:backup_kit_inner", + "${path_backup}/interfaces/innerkits/native:sandbox_helper_native", + "${path_backup}/utils:backup_utils", + ] + + public_configs = [ "${path_backup}/services/backup_sa:public_idl_config" ] + + external_deps = [ + "ability_runtime:ability_manager", + "ability_runtime:abilitykit_native", + "bounds_checking_function:libsec_shared", + "c_utils:utils", + "file_api:filemgmt_libn", + "hilog:libhilog", + "ipc:ipc_core", + "safwk:system_ability_fwk", + ] + + defines = [ + "LOG_TAG=\"app_file_service\"", + "LOG_DOMAIN=0xD004303", + ] + + use_exceptions = true +} +############################################################################### diff --git a/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/backupsaappendbundlesbackupsession_fuzzer.cpp b/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/backupsaappendbundlesbackupsession_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..9eea23fc6d7d9e1737339e1efdeb2d3d7ef2197b --- /dev/null +++ b/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/backupsaappendbundlesbackupsession_fuzzer.cpp @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "backupsaappendbundlesbackupsession_fuzzer.h" + +#include +#include +#include +#include +#include +#include + +#include "message_parcel.h" +#include "sandbox_helper.h" +#include "service.h" +#include "service_proxy.h" +#include "service_reverse.h" +#include "service_stub.h" +#include "securec.h" +#include "system_ability.h" + +using namespace std; +using namespace OHOS::FileManagement::Backup; + +namespace OHOS { +constexpr int32_t SERVICE_ID = 5203; + +bool CmdAppendBundlesBackupSessionFuzzTest(const uint8_t *data, size_t size) +{ + MessageParcel datas; + datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); + if (size > 0) { + vector bundleNames; + for (size_t i = 0; i < size; i++) { + string param(reinterpret_cast(data), size); + string name = param + to_string(i); + bundleNames.push_back(name); + } + datas.WriteStringVector(bundleNames); + } + + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + sptr service(new Service(SERVICE_ID)); + uint32_t code = static_cast(IServiceIpcCode::COMMAND_APPEND_BUNDLES_BACKUP_SESSION); + try { + service->OnRemoteRequest(code, datas, reply, option); + } catch (OHOS::FileManagement::Backup::BError &err) { + HILOGE("BackupSaFuzzTest error"); + } catch (...) { + HILOGE("BackupSaFuzzTest exception"); + } + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + try { + OHOS::CmdAppendBundlesBackupSessionFuzzTest(data, size); + } catch (OHOS::FileManagement::Backup::BError &err) { + HILOGE("BackupSaFuzzTest error"); + } catch (...) { + HILOGE("BackupSaFuzzTest exception"); + } + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/backupsaappendbundlesbackupsession_fuzzer.h b/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/backupsaappendbundlesbackupsession_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..ba3b72aa2b05e7aefb5fa9450924eb00a77a5b90 --- /dev/null +++ b/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/backupsaappendbundlesbackupsession_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef BACKUPSAAPPENDBUNDLEBACKUPSESSION_FUZZER_H +#define BACKUPSAAPPENDBUNDLEBACKUPSESSION_FUZZER_H + +#define FUZZ_PROJECT_NAME "backupsaappendbundlesbackupsession_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.h b/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/corpus/init similarity index 76% rename from test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.h rename to test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/corpus/init index f89e351e66d771ee30bc024ed714385ee7e74239..f46fe5351cb930ef82a5de307b80b1aff683af81 100644 --- a/test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.h +++ b/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/corpus/init @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,9 +13,4 @@ * limitations under the License. */ -#ifndef BACKUPSAANOTHER_FUZZER_H -#define BACKUPSAANOTHER_FUZZER_H - -#define FUZZ_PROJECT_NAME "backupsaanother_fuzzer" - -#endif \ No newline at end of file +FUZZ \ No newline at end of file diff --git a/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/project.xml b/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..0c2ea469afb5c046ff42412fec2eb3b110bfb7d0 --- /dev/null +++ b/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/BUILD.gn b/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..cf1c5dbb53128934b51b6fae7946d3e7cd5b3992 --- /dev/null +++ b/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/BUILD.gn @@ -0,0 +1,66 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/app_file_service/app_file_service.gni") +import("//foundation/filemanagement/app_file_service/backup.gni") + +##############################fuzztest########################################## +ohos_fuzztest("BackupSaAppendBundlesIncrementalBackupSessionFuzzTest") { + module_out_path = "app_file_service/app_file_service" + fuzz_config_file = + "${app_file_service_path}/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer" + include_dirs = [ + "${app_file_service_path}/services/backup_sa/include/module_ipc", + "${app_file_service_path}/services/backup_sa/include", + "${app_file_service_path}/interfaces/inner_api/native/backup_kit_inner/impl", + "${app_file_service_path}/frameworks/native/backup_kit_inner/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "backupsaappendbundlesincrementalbackupsession_fuzzer.cpp" ] + + deps = [ + "${app_file_service_path}/services/backup_sa:backup_sa", + "${path_backup}/interfaces/inner_api/native/backup_kit_inner:backup_kit_inner", + "${path_backup}/interfaces/innerkits/native:sandbox_helper_native", + "${path_backup}/utils:backup_utils", + ] + + public_configs = [ "${path_backup}/services/backup_sa:public_idl_config" ] + + external_deps = [ + "ability_runtime:ability_manager", + "ability_runtime:abilitykit_native", + "bounds_checking_function:libsec_shared", + "c_utils:utils", + "file_api:filemgmt_libn", + "hilog:libhilog", + "ipc:ipc_core", + "safwk:system_ability_fwk", + ] + + defines = [ + "LOG_TAG=\"app_file_service\"", + "LOG_DOMAIN=0xD004303", + ] + + use_exceptions = true +} +############################################################################### diff --git a/test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.cpp b/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/backupsaappendbundlesincrementalbackupsession_fuzzer.cpp similarity index 30% rename from test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.cpp rename to test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/backupsaappendbundlesincrementalbackupsession_fuzzer.cpp index 8c3ae92d8cd04655bea0f5e016cb2c184f7ce5a8..5d4c9cbfbebfacb055b99284119951e0e198d47d 100644 --- a/test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.cpp +++ b/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/backupsaappendbundlesincrementalbackupsession_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,7 +13,7 @@ * limitations under the License. */ -#include "backupsaanother_fuzzer.h" +#include "backupsaappendbundlesincrementalbackupsession_fuzzer.h" #include #include @@ -37,72 +37,6 @@ using namespace OHOS::FileManagement::Backup; namespace OHOS { constexpr int32_t SERVICE_ID = 5203; -bool CmdGetFileHandleFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - int pos = (size + 1) >> 1; - if (size > 0) { - std::string param(string(reinterpret_cast(data), pos)); - datas.WriteString(param); - } - - if (size > 1) { - std::string param(string(reinterpret_cast(data + pos), size - pos)); - datas.WriteString(param); - } - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_GET_FILE_HANDLE), - datas, reply, option); - service = nullptr; - return true; -} - -bool CmdAppendBundlesBackupSessionFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - if (size > 0) { - vector bundleNames; - for (size_t i = 0; i < size; i++) { - string param(reinterpret_cast(data), size); - string name = param + to_string(i); - bundleNames.push_back(name); - } - datas.WriteStringVector(bundleNames); - } - - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - uint32_t code = static_cast(IServiceIpcCode::COMMAND_APPEND_BUNDLES_BACKUP_SESSION); - service->OnRemoteRequest(code, datas, reply, option); - service = nullptr; - return true; -} - -bool CmdReleaseFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - datas.WriteBuffer(data, size); - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - uint32_t code = static_cast(IServiceIpcCode::COMMAND_RELEASE); - service->OnRemoteRequest(code, datas, reply, option); - service = nullptr; - return true; -} - void GetBundleNamesData(const uint8_t *data, size_t size, vector &bundleNames) { int minLen = sizeof(int64_t) + sizeof(int) + sizeof(int32_t); @@ -144,44 +78,6 @@ void WriteParcelableVector(const std::vector &parcelableVector, Parcel &data) return; } -bool CmdGetLocalCapabilitiesIncrementalFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - if (size >= sizeof(int32_t)) { - vector bundleNames; - GetBundleNamesData(data, size, bundleNames); - WriteParcelableVector(bundleNames, datas); - } - - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - uint32_t code = static_cast(IServiceIpcCode::COMMAND_GET_LOCAL_CAPABILITIES_INCREMENTAL); - service->OnRemoteRequest(code, datas, reply, option); - OHOS::AppFileService::SandboxHelper::ClearBackupSandboxPathMap(); - service = nullptr; - return true; -} - -bool CmdInitIncrementalBackupSessionFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - datas.WriteBuffer(data, size); - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - uint32_t code = static_cast(IServiceIpcCode::COMMAND_INIT_INCREMENTAL_BACKUP_SESSION); - service->OnRemoteRequest(code, datas, reply, option); - service = nullptr; - return true; -} - bool CmdAppendBundlesIncrementalBackupSessionFuzzTest(const uint8_t *data, size_t size) { MessageParcel datas; @@ -199,105 +95,6 @@ bool CmdAppendBundlesIncrementalBackupSessionFuzzTest(const uint8_t *data, size_ uint32_t code = static_cast( IServiceIpcCode::COMMAND_APPEND_BUNDLES_INCREMENTAL_BACKUP_SESSION); service->OnRemoteRequest(code, datas, reply, option); - service = nullptr; - return true; -} - -bool CmdPublishIncrementalFileFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - if (size > 0) { - int pos = (size + 1) >> 1; - std::string fileName(reinterpret_cast(data), pos); - std::string bundleName(reinterpret_cast(data + pos), size - pos); - uint32_t sn = 0; - if (size > sizeof(uint32_t)) { - sn = *(reinterpret_cast(data)); - } - BFileInfo fileInfo(fileName, bundleName, sn); - datas.WriteParcelable(&fileInfo); - } - - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - uint32_t code = static_cast(IServiceIpcCode::COMMAND_PUBLISH_INCREMENTAL_FILE); - service->OnRemoteRequest(code, datas, reply, option); - service = nullptr; - return true; -} - -bool CmdAppIncrementalFileReadyFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - std::string fileName(reinterpret_cast(data), size); - datas.WriteString(fileName); - if (size >= sizeof(int)) { - int fd = *(reinterpret_cast(data)); - datas.WriteFileDescriptor(UniqueFd(fd)); - } - - if (size >= sizeof(int) + sizeof(int)) { - int manifestId = *(reinterpret_cast(data + sizeof(int))); - datas.WriteFileDescriptor(UniqueFd(manifestId)); - } - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - uint32_t code = static_cast(IServiceIpcCode::COMMAND_APP_INCREMENTAL_FILE_READY); - service->OnRemoteRequest(code, datas, reply, option); - service = nullptr; - return true; -} - -bool CmdAppIncrementalDoneFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - if (size >= sizeof(int32_t)) { - datas.WriteInt32(*(reinterpret_cast(data))); - } - - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_APP_INCREMENTAL_DONE), - datas, reply, option); - service = nullptr; - return true; -} - -bool CmdGetIncrementalFileHandleFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - int pos = (size + 1) >> 1; - if (size > 0) { - string param(reinterpret_cast(data), pos); - datas.WriteString(param); - } - - if (size > 1) { - string param(reinterpret_cast(data + pos), size - pos); - datas.WriteString(param); - } - - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_GET_INCREMENTAL_FILE_HANDLE), - datas, reply, option); - service = nullptr; return true; } } // namespace OHOS @@ -305,15 +102,12 @@ bool CmdGetIncrementalFileHandleFuzzTest(const uint8_t *data, size_t size) /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - OHOS::CmdGetFileHandleFuzzTest(data, size); - OHOS::CmdAppendBundlesBackupSessionFuzzTest(data, size); - OHOS::CmdReleaseFuzzTest(data, size); - OHOS::CmdGetLocalCapabilitiesIncrementalFuzzTest(data, size); - OHOS::CmdInitIncrementalBackupSessionFuzzTest(data, size); - OHOS::CmdPublishIncrementalFileFuzzTest(data, size); - OHOS::CmdAppIncrementalFileReadyFuzzTest(data, size); - OHOS::CmdAppIncrementalDoneFuzzTest(data, size); - OHOS::CmdGetIncrementalFileHandleFuzzTest(data, size); - OHOS::CmdAppendBundlesIncrementalBackupSessionFuzzTest(data, size); + try { + OHOS::CmdAppendBundlesIncrementalBackupSessionFuzzTest(data, size); + } catch (OHOS::FileManagement::Backup::BError &err) { + HILOGE("BackupSaFuzzTest error"); + } catch (...) { + HILOGE("BackupSaFuzzTest exception"); + } return 0; } \ No newline at end of file diff --git a/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/backupsaappendbundlesincrementalbackupsession_fuzzer.h b/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/backupsaappendbundlesincrementalbackupsession_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..b354ba6e5b2ab6a4eaaffff5f0a3e35501226f6b --- /dev/null +++ b/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/backupsaappendbundlesincrementalbackupsession_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef BACKUPSAAPPENDBUNDLESINCREMENTALBACKUPSESSION_FUZZER_H +#define BACKUPSAAPPENDBUNDLESINCREMENTALBACKUPSESSION_FUZZER_H + +#define FUZZ_PROJECT_NAME "backupsaappendbundlesincrementalbackupsession_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/backupsaappend_fuzzer/corpus/init b/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/corpus/init similarity index 92% rename from test/fuzztest/backupsaappend_fuzzer/corpus/init rename to test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/corpus/init index 6198079a28e860189d4294f6598f8ac6804c0dff..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 100644 --- a/test/fuzztest/backupsaappend_fuzzer/corpus/init +++ b/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/corpus/init @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at diff --git a/test/fuzztest/backupsaanother_fuzzer/project.xml b/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/project.xml similarity index 95% rename from test/fuzztest/backupsaanother_fuzzer/project.xml rename to test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/project.xml index 7133b2b92440904a5ed04b838733acea0f97486a..66e1dcac475475fb101b6f8670ec699e6e9696aa 100644 --- a/test/fuzztest/backupsaanother_fuzzer/project.xml +++ b/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/project.xml @@ -1,5 +1,5 @@ - + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/backupsaappend_fuzzer/BUILD.gn b/test/fuzztest/backupsagetfilehandle_fuzzer/BUILD.gn similarity index 86% rename from test/fuzztest/backupsaappend_fuzzer/BUILD.gn rename to test/fuzztest/backupsagetfilehandle_fuzzer/BUILD.gn index 410ead2a27573f5b26ef45e0eac52f0b52156143..20f53983703dabe9601d0f6f88bb1a85b4f2ce35 100644 --- a/test/fuzztest/backupsaappend_fuzzer/BUILD.gn +++ b/test/fuzztest/backupsagetfilehandle_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021-2024 Huawei Device Co., Ltd. +# Copyright (c) 2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -18,10 +18,10 @@ import("//foundation/filemanagement/app_file_service/app_file_service.gni") import("//foundation/filemanagement/app_file_service/backup.gni") ##############################fuzztest########################################## -ohos_fuzztest("BackupSaAppendFuzzTest") { +ohos_fuzztest("BackupSaGetFileHandleFuzzTest") { module_out_path = "app_file_service/app_file_service" fuzz_config_file = - "${app_file_service_path}/test/fuzztest/backupsaappend_fuzzer" + "${app_file_service_path}/test/fuzztest/backupsagetfilehandle_fuzzer" include_dirs = [ "${app_file_service_path}/services/backup_sa/include/module_ipc", "${app_file_service_path}/services/backup_sa/include", @@ -34,14 +34,17 @@ ohos_fuzztest("BackupSaAppendFuzzTest") { "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - sources = [ "backupsaappend_fuzzer.cpp" ] + sources = [ "backupsagetfilehandle_fuzzer.cpp" ] deps = [ "${app_file_service_path}/services/backup_sa:backup_sa", "${path_backup}/interfaces/inner_api/native/backup_kit_inner:backup_kit_inner", + "${path_backup}/interfaces/innerkits/native:sandbox_helper_native", "${path_backup}/utils:backup_utils", ] + public_configs = [ "${path_backup}/services/backup_sa:public_idl_config" ] + external_deps = [ "ability_runtime:ability_manager", "ability_runtime:abilitykit_native", @@ -56,7 +59,8 @@ ohos_fuzztest("BackupSaAppendFuzzTest") { defines = [ "LOG_TAG=\"app_file_service\"", "LOG_DOMAIN=0xD004303", - "private=public", ] + + use_exceptions = true } ############################################################################### diff --git a/test/fuzztest/backupsagetfilehandle_fuzzer/backupsagetfilehandle_fuzzer.cpp b/test/fuzztest/backupsagetfilehandle_fuzzer/backupsagetfilehandle_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..e77e7dfe35b15d5995056b7ae36aa8c5f18bf0fe --- /dev/null +++ b/test/fuzztest/backupsagetfilehandle_fuzzer/backupsagetfilehandle_fuzzer.cpp @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "backupsagetfilehandle_fuzzer.h" + +#include +#include +#include +#include +#include +#include + +#include "message_parcel.h" +#include "sandbox_helper.h" +#include "service.h" +#include "service_proxy.h" +#include "service_reverse.h" +#include "service_stub.h" +#include "securec.h" +#include "system_ability.h" + +using namespace std; +using namespace OHOS::FileManagement::Backup; + +namespace OHOS { +constexpr int32_t SERVICE_ID = 5203; + +bool CmdGetFileHandleFuzzTest(const uint8_t *data, size_t size) +{ + MessageParcel datas; + datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); + int len = size >> 1; + std::string bundleName(string(reinterpret_cast(data), len)); + datas.WriteString(bundleName); + std::string filePath(string(reinterpret_cast(data + len), len)); + datas.WriteString(filePath); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + sptr service(new Service(SERVICE_ID)); + service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_GET_FILE_HANDLE), + datas, reply, option); + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + try { + OHOS::CmdGetFileHandleFuzzTest(data, size); + } catch (OHOS::FileManagement::Backup::BError &err) { + HILOGE("BackupSaFuzzTest error"); + } catch (...) { + HILOGE("BackupSaFuzzTest exception"); + } + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/backupsagetfilehandle_fuzzer/backupsagetfilehandle_fuzzer.h b/test/fuzztest/backupsagetfilehandle_fuzzer/backupsagetfilehandle_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..aa579532bfa6718b66c553ec2c719ca290d042b0 --- /dev/null +++ b/test/fuzztest/backupsagetfilehandle_fuzzer/backupsagetfilehandle_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef BACKUPSAGETFILEHANDLE_FUZZER_H +#define BACKUPSAGETFILEHANDLE_FUZZER_H + +#define FUZZ_PROJECT_NAME "backupsagetfilehandle_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/backupsagetfilehandle_fuzzer/corpus/init b/test/fuzztest/backupsagetfilehandle_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/backupsagetfilehandle_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/backupsagetfilehandle_fuzzer/project.xml b/test/fuzztest/backupsagetfilehandle_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..66e1dcac475475fb101b6f8670ec699e6e9696aa --- /dev/null +++ b/test/fuzztest/backupsagetfilehandle_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/BUILD.gn b/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..1e0ebaa3b5aeb7585febac558b8edc8632a0cefa --- /dev/null +++ b/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/BUILD.gn @@ -0,0 +1,66 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/app_file_service/app_file_service.gni") +import("//foundation/filemanagement/app_file_service/backup.gni") + +##############################fuzztest########################################## +ohos_fuzztest("BackupSaGetIncrementalFileHandleFuzzTest") { + module_out_path = "app_file_service/app_file_service" + fuzz_config_file = + "${app_file_service_path}/test/fuzztest/backupsagetincrementalfilehandle_fuzzer" + include_dirs = [ + "${app_file_service_path}/services/backup_sa/include/module_ipc", + "${app_file_service_path}/services/backup_sa/include", + "${app_file_service_path}/interfaces/inner_api/native/backup_kit_inner/impl", + "${app_file_service_path}/frameworks/native/backup_kit_inner/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "backupsagetincrementalfilehandle_fuzzer.cpp" ] + + deps = [ + "${app_file_service_path}/services/backup_sa:backup_sa", + "${path_backup}/interfaces/inner_api/native/backup_kit_inner:backup_kit_inner", + "${path_backup}/interfaces/innerkits/native:sandbox_helper_native", + "${path_backup}/utils:backup_utils", + ] + + public_configs = [ "${path_backup}/services/backup_sa:public_idl_config" ] + + external_deps = [ + "ability_runtime:ability_manager", + "ability_runtime:abilitykit_native", + "bounds_checking_function:libsec_shared", + "c_utils:utils", + "file_api:filemgmt_libn", + "hilog:libhilog", + "ipc:ipc_core", + "safwk:system_ability_fwk", + ] + + defines = [ + "LOG_TAG=\"app_file_service\"", + "LOG_DOMAIN=0xD004303", + ] + + use_exceptions = true +} +############################################################################### diff --git a/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/backupsagetincrementalfilehandle_fuzzer.cpp b/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/backupsagetincrementalfilehandle_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..47d4fdf91456bc4d77f88c7588552022fd844686 --- /dev/null +++ b/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/backupsagetincrementalfilehandle_fuzzer.cpp @@ -0,0 +1,72 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "backupsagetincrementalfilehandle_fuzzer.h" + +#include +#include +#include +#include +#include +#include + +#include "message_parcel.h" +#include "sandbox_helper.h" +#include "service.h" +#include "service_proxy.h" +#include "service_reverse.h" +#include "service_stub.h" +#include "securec.h" +#include "system_ability.h" + +using namespace std; +using namespace OHOS::FileManagement::Backup; + +namespace OHOS { +constexpr int32_t SERVICE_ID = 5203; + +bool CmdGetIncrementalFileHandleFuzzTest(const uint8_t *data, size_t size) +{ + MessageParcel datas; + datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); + int len = size >> 1; + string bundleName(reinterpret_cast(data), len); + datas.WriteString(bundleName); + string filePath(reinterpret_cast(data + len), len); + datas.WriteString(filePath); + + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + sptr service(new Service(SERVICE_ID)); + service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_GET_INCREMENTAL_FILE_HANDLE), + datas, reply, option); + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + try { + OHOS::CmdGetIncrementalFileHandleFuzzTest(data, size); + } catch (OHOS::FileManagement::Backup::BError &err) { + HILOGE("BackupSaFuzzTest error"); + } catch (...) { + HILOGE("BackupSaFuzzTest exception"); + } + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/backupsagetincrementalfilehandle_fuzzer.h b/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/backupsagetincrementalfilehandle_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..e8176490033bf0e776ee77d80d99e2daa66c2613 --- /dev/null +++ b/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/backupsagetincrementalfilehandle_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef BACKUPSAINCREMENTALFILEHANDLE_FUZZER_H +#define BACKUPSAINCREMENTALFILEHANDLE_FUZZER_H + +#define FUZZ_PROJECT_NAME "backupsagetincrementalfilehandle_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/corpus/init b/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/project.xml b/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..66e1dcac475475fb101b6f8670ec699e6e9696aa --- /dev/null +++ b/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/BUILD.gn b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..87fd0b5f0960c8e08d944d3ca138a40c066293cf --- /dev/null +++ b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/BUILD.gn @@ -0,0 +1,70 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/app_file_service/app_file_service.gni") +import("//foundation/filemanagement/app_file_service/backup.gni") + +##############################fuzztest########################################## +ohos_fuzztest("BackupSaGetIncrementalLocalCapabilitiesFuzzTest") { + module_out_path = "app_file_service/app_file_service" + fuzz_config_file = + "${app_file_service_path}/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer" + include_dirs = [ + "${app_file_service_path}/services/backup_sa/include/module_ipc", + "${app_file_service_path}/services/backup_sa/include", + "${app_file_service_path}/interfaces/inner_api/native/backup_kit_inner/impl", + "${app_file_service_path}/frameworks/native/backup_kit_inner/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "backupsagetincrementallocalcapabilities_fuzzer.cpp" ] + + deps = [ + "${app_file_service_path}/services/backup_sa:backup_sa", + "${path_backup}/interfaces/inner_api/native/backup_kit_inner:backup_kit_inner", + "${path_backup}/interfaces/innerkits/native:sandbox_helper_native", + "${path_backup}/utils:backup_utils", + ] + + public_configs = [ "${path_backup}/services/backup_sa:public_idl_config" ] + + external_deps = [ + "ability_runtime:ability_manager", + "ability_runtime:abilitykit_native", + "bounds_checking_function:libsec_shared", + "c_utils:utils", + "data_share:datashare_common", + "data_share:datashare_consumer", + "file_api:filemgmt_libn", + "hilog:libhilog", + "ipc:ipc_core", + "safwk:system_ability_fwk", + "storage_service:storage_manager_sa_proxy", + ] + + defines = [ + "LOG_TAG=\"app_file_service\"", + "LOG_DOMAIN=0xD004303", + "private = public", + ] + + use_exceptions = true +} +############################################################################### diff --git a/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/backupsagetincrementallocalcapabilities_fuzzer.cpp b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/backupsagetincrementallocalcapabilities_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..226d8255b206394ffdd9c1b2e653cc6eb13fb3bb --- /dev/null +++ b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/backupsagetincrementallocalcapabilities_fuzzer.cpp @@ -0,0 +1,335 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "backupsagetincrementallocalcapabilities_fuzzer.h" + +#include +#include +#include +#include +#include +#include + +#include "directory_ex.h" +#include "message_parcel.h" +#include "module_external/storage_manager_service.h" +#include "sandbox_helper.h" +#include "service.h" +#include "service_proxy.h" +#include "service_reverse.h" +#include "service_stub.h" +#include "securec.h" +#include "system_ability.h" + +using namespace std; +using namespace OHOS::FileManagement::Backup; + +template +T TypeCast(const uint8_t *data, int *pos = nullptr) +{ + if (pos) { + *pos += sizeof(T); + } + return *(reinterpret_cast(data)); +} + +namespace OHOS { +constexpr int32_t SERVICE_ID = 5203; +constexpr int32_t NEED_CREATE_THREE_STRING_NUM = 3; + +void GetBundleNamesData(const uint8_t *data, size_t size, vector &bundleNames) +{ + int minLen = sizeof(int64_t) + sizeof(int) + sizeof(int32_t); + if (size < minLen + 1) { + return; + } + FuzzedDataProvider fdp(data, size); + uint8_t loop = fdp.ConsumeIntegral(); + size--; + if (loop == 0 || (minLen * loop) > size) { + return; + } + int blob = (size / loop); + int len = (blob - minLen) >> 1; + for (size_t i = 0, pos = 1; i < loop; i++, pos += blob) { + int64_t nTime = fdp.ConsumeIntegral(); + int fd = fdp.ConsumeIntegral(); + int32_t priority = fdp.ConsumeIntegral(); + string name(reinterpret_cast(data + pos + minLen), len); + string parameters(reinterpret_cast(data + pos + len + minLen), len); + BIncrementalData incrementaData(name, nTime, fd, parameters, priority); + bundleNames.push_back(incrementaData); + } +} + +template +void WriteParcelableVector(const std::vector &parcelableVector, Parcel &data) +{ + if (!data.WriteUint32(parcelableVector.size())) { + return; + } + + for (const auto &parcelable : parcelableVector) { + if (!data.WriteParcelable(&parcelable)) { + return; + } + } + + return; +} + +bool CmdGetLocalCapabilitiesIncrementalFuzzTest(const uint8_t *data, size_t size) +{ + MessageParcel datas; + datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); + if (size >= sizeof(int32_t)) { + vector bundleNames; + GetBundleNamesData(data, size, bundleNames); + WriteParcelableVector(bundleNames, datas); + } + + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + sptr service(new Service(SERVICE_ID)); + uint32_t code = static_cast(IServiceIpcCode::COMMAND_GET_LOCAL_CAPABILITIES_INCREMENTAL); + service->OnRemoteRequest(code, datas, reply, option); + return true; +} + +bool GetStorageRecognizeSandboxPathEl1FuzzTest(const uint8_t *data, size_t size) +{ + uint32_t userId = 100; + int len = size >> 1; + string bundleName(reinterpret_cast(data), len); + string sandBoxSubpath(reinterpret_cast(data + len), len); + string fullPath = BASE_EL1 + DEFAULT_PATH_WITH_WILDCARD + sandBoxSubpath; + std::vector phyIncludes; + std::map pathMap; + StorageManagerService::GetInstance().RecognizeSandboxWildCard(userId, bundleName, fullPath, phyIncludes, pathMap); + return true; +} + +bool CmdExcludeFilter(const uint8_t *data, size_t size) +{ + int len = size / NEED_CREATE_THREE_STRING_NUM; + string dirPath(reinterpret_cast(data), len); + string pathVal1(reinterpret_cast(data + len), len); + string pathVal2(reinterpret_cast(data + len * 2), len); + std::map excludesMap; + excludesMap.insert(std::make_pair(pathVal1, true)); + excludesMap.insert(std::make_pair(pathVal2, false)); + StorageManagerService::GetInstance().ExcludeFilter(excludesMap, dirPath); + return true; +} + +bool GetStorageRecognizeSandboxPathEl2FuzzTest(const uint8_t *data, size_t size) +{ + uint32_t userId = 100; + int len = size >> 1; + string bundleName(reinterpret_cast(data), len); + string sandBoxSubpath(reinterpret_cast(data + len), len); + string fullPath = BASE_EL2 + DEFAULT_PATH_WITH_WILDCARD + sandBoxSubpath; + std::vector phyIncludes; + std::map pathMap; + StorageManagerService::GetInstance().RecognizeSandboxWildCard(userId, bundleName, fullPath, phyIncludes, pathMap); + return true; +} + +bool CmdGetMediaType(const uint8_t *data, size_t size) +{ + (void)data; + std::shared_ptr resultSet = std::make_shared(); + StorageManager::StorageStats storageStats = {}; + StorageManagerService::GetInstance().GetMediaTypeAndSize(resultSet, storageStats); + return true; +} + +bool CmdGetFileStorageStats(const uint8_t *data, size_t size) +{ + (void)data; + int32_t userId = 100; + StorageManager::StorageStats storageStats = {}; + StorageManagerService::GetInstance().GetFileStorageStats(userId, storageStats); + return true; +} + + +bool CmdInitQuotaMounts(const uint8_t *data, size_t size) +{ + (void)data; + StorageManagerService::GetInstance().InitialiseQuotaMounts(); + return true; +} +bool CmdExcludePathMap(const uint8_t *data, size_t size) +{ + string excludePath(reinterpret_cast(data), size); + std::map excludesMap; + StorageManagerService::GetInstance().SetExcludePathMap(excludePath, excludesMap); + return true; +} + +bool CmdConvertSandbxRealPath(const uint8_t *data, size_t size) +{ + uint32_t userId = 100; + int len = size >> 1; + string bundleName(reinterpret_cast(data), len); + string sandBoxSubpath(reinterpret_cast(data + len), len); + string fullSandBoxPath = NORMAL_SAND_PREFIX + sandBoxSubpath; + std::vector realPaths; + std::map pathMap; + StorageManagerService::GetInstance().ConvertSandboxRealPath(userId, bundleName, fullSandBoxPath, + realPaths, pathMap); + + string fullSandBoxFilePath = FILE_SAND_PREFIX + sandBoxSubpath; + StorageManagerService::GetInstance().ConvertSandboxRealPath(userId, bundleName, fullSandBoxFilePath, + realPaths, pathMap); + + string fullSandBoxMediaPath = MEDIA_SAND_PREFIX + sandBoxSubpath; + StorageManagerService::GetInstance().ConvertSandboxRealPath(userId, bundleName, fullSandBoxMediaPath, + realPaths, pathMap); + + string fullSandBoxMediaCloudPath = MEDIA_CLOUD_SAND_PREFIX + sandBoxSubpath; + StorageManagerService::GetInstance().ConvertSandboxRealPath(userId, bundleName, fullSandBoxMediaCloudPath, + realPaths, pathMap); + return true; +} + +bool CmdAddQuterDirInfoFileStateFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size < sizeof(int64_t)) { + return false; + } + int64_t lastBackupTime = *(reinterpret_cast(data)); + int len = (size - sizeof(int64_t)) / NEED_CREATE_THREE_STRING_NUM; + string dir(reinterpret_cast(data), len); + string bundleName(reinterpret_cast(data + len), len); + BundleStatsParas bundleStatsParas = {100, bundleName, lastBackupTime, 0, 0}; + string sanboxDir(reinterpret_cast(data + len * 2), len); + std::ofstream statFile; + std::map excludesMap; + StorageManagerService::GetInstance().AddOuterDirIntoFileStat(dir, bundleStatsParas, sanboxDir, + statFile, excludesMap); + return true; +} + +bool CmdPhysicalToSanboxPath(const uint8_t *data, size_t size) +{ + int len = size / NEED_CREATE_THREE_STRING_NUM; + string dir(reinterpret_cast(data), len); + string sandBodDir(reinterpret_cast(data + len), len); + string path(reinterpret_cast(data + len * 2), len); + StorageManagerService::GetInstance().PhysicalToSandboxPath(dir, sandBodDir, path); + return true; +} + +bool CmdAddPathMapForPathWildCard(const uint8_t *data, size_t size) +{ + uint32_t userId = 100; + int len = size >> 1; + string bundleName(reinterpret_cast(data), len); + string phyPath(reinterpret_cast(data + len), len); + std::map pathMap; + StorageManagerService::GetInstance().AddPathMapForPathWildCard(userId, bundleName, phyPath, pathMap); + return true; +} + +bool CheckIfDirForIncludesFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size < sizeof(int64_t) * NEED_CREATE_THREE_STRING_NUM) { + return false; + } + int pos = 0; + string bundleName = "com.example.test"; + BundleStatsParas paras = { + .userId = 100, + .lastBackupTime = TypeCast(data, &pos), + .fileSizeSum = TypeCast(data + pos, &pos), + .incFileSizeSum = TypeCast(data + pos, &pos), + .bundleName = bundleName + }; + + string path(reinterpret_cast(data + pos), size - pos); + map pathMap; + map execludePathMap; + string dir = BACKUP_PATH_PREFIX + std::to_string(paras.userId) + BACKUP_PATH_SURFFIX + bundleName + + FILE_SEPARATOR_CHAR; + string filePath = dir + BACKUP_STAT_SYMBOL + std::to_string(0); + ofstream statFile; + ForceCreateDirectory(dir); + statFile.open(filePath, std::ios::out | std::ios::trunc); + if (!statFile.is_open()) { + return false; + } + statFile << VER_10_LINE1 << std::endl; + statFile << VER_10_LINE2 << std::endl; + StorageManagerService::GetInstance().CheckIfDirForIncludes(path, paras, pathMap, statFile, execludePathMap); + StorageManagerService::GetInstance().GetIncludesFileStats(path, paras, pathMap, statFile, execludePathMap); + FileStat fileStat; + fileStat.filePath = path; + StorageManagerService::GetInstance().WriteFileList(statFile, fileStat, paras); + StorageManagerService::GetInstance().AddOuterDirIntoFileStat("/data/test", paras, "/data/test", statFile, + execludePathMap); + StorageManagerService::GetInstance().InsertStatFile(path, fileStat, statFile, execludePathMap, paras); + return true; +} + +bool GetPathWildCardFuzzTest(const uint8_t *data, size_t size) +{ + uint32_t userId = 100; + string bundleName(reinterpret_cast(data), size); + string includeWildCard = "/data/test/" + WILDCARD_DEFAULT_INCLUDE; + std::vector includePathList; + std::map pathMap; + StorageManagerService::GetInstance().GetPathWildCard(userId, bundleName, includeWildCard, includePathList, pathMap); + return true; +} + +bool CmdCheckOverLongPath(const uint8_t *data, size_t size) +{ + string filePath(reinterpret_cast(data), size); + StorageManagerService::GetInstance().CheckOverLongPath(filePath); + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + try { + OHOS::CmdGetLocalCapabilitiesIncrementalFuzzTest(data, size); + OHOS::GetStorageRecognizeSandboxPathEl1FuzzTest(data, size); + OHOS::GetStorageRecognizeSandboxPathEl2FuzzTest(data, size); + OHOS::CmdExcludeFilter(data, size); + OHOS::CmdGetMediaType(data, size); + OHOS::CmdGetFileStorageStats(data, size); + OHOS::CmdInitQuotaMounts(data, size); + OHOS::CmdExcludePathMap(data, size); + OHOS::CmdConvertSandbxRealPath(data, size); + OHOS::CmdAddQuterDirInfoFileStateFuzzTest(data, size); + OHOS::CmdPhysicalToSanboxPath(data, size); + OHOS::CmdAddPathMapForPathWildCard(data, size); + OHOS::CheckIfDirForIncludesFuzzTest(data, size); + OHOS::GetPathWildCardFuzzTest(data, size); + OHOS::CmdCheckOverLongPath(data, size); + OHOS::AppFileService::SandboxHelper::ClearBackupSandboxPathMap(); + } catch (OHOS::FileManagement::Backup::BError &err) { + HILOGE("BackupSaFuzzTest error"); + } catch (...) { + HILOGE("BackupSaFuzzTest exception"); + } + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/backupsagetincrementallocalcapabilities_fuzzer.h b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/backupsagetincrementallocalcapabilities_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..e7cc0740814330253c11b0522e7fb82144b46590 --- /dev/null +++ b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/backupsagetincrementallocalcapabilities_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef BACKUPSAGETINCREMENTALLOCALCAPABILITIES_FUZZER_H +#define BACKUPSAGETINCREMENTALLOCALCAPABILITIES_FUZZER_H + +#define FUZZ_PROJECT_NAME "backupsagetincrementallocalcapabilities_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/corpus/init b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/project.xml b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..66e1dcac475475fb101b6f8670ec699e6e9696aa --- /dev/null +++ b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/BUILD.gn b/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..cc95ecc276223648136ec83a7e5cf4282a9e65e7 --- /dev/null +++ b/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/BUILD.gn @@ -0,0 +1,66 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/app_file_service/app_file_service.gni") +import("//foundation/filemanagement/app_file_service/backup.gni") + +##############################fuzztest########################################## +ohos_fuzztest("BackupSaInitIncrementalBackupSessionFuzzTest") { + module_out_path = "app_file_service/app_file_service" + fuzz_config_file = + "${app_file_service_path}/test/fuzztest/backupsainitincrementalbackupsession_fuzzer" + include_dirs = [ + "${app_file_service_path}/services/backup_sa/include/module_ipc", + "${app_file_service_path}/services/backup_sa/include", + "${app_file_service_path}/interfaces/inner_api/native/backup_kit_inner/impl", + "${app_file_service_path}/frameworks/native/backup_kit_inner/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "backupsainitincrementalbackupsession_fuzzer.cpp" ] + + deps = [ + "${app_file_service_path}/services/backup_sa:backup_sa", + "${path_backup}/interfaces/inner_api/native/backup_kit_inner:backup_kit_inner", + "${path_backup}/interfaces/innerkits/native:sandbox_helper_native", + "${path_backup}/utils:backup_utils", + ] + + public_configs = [ "${path_backup}/services/backup_sa:public_idl_config" ] + + external_deps = [ + "ability_runtime:ability_manager", + "ability_runtime:abilitykit_native", + "bounds_checking_function:libsec_shared", + "c_utils:utils", + "file_api:filemgmt_libn", + "hilog:libhilog", + "ipc:ipc_core", + "safwk:system_ability_fwk", + ] + + defines = [ + "LOG_TAG=\"app_file_service\"", + "LOG_DOMAIN=0xD004303", + ] + + use_exceptions = true +} +############################################################################### diff --git a/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/backupsainitincrementalbackupsession_fuzzer.cpp b/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/backupsainitincrementalbackupsession_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..3e96b2a683eb780aedfa522272840b820ef5b6fe --- /dev/null +++ b/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/backupsainitincrementalbackupsession_fuzzer.cpp @@ -0,0 +1,67 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "backupsainitincrementalbackupsession_fuzzer.h" + +#include +#include +#include +#include +#include +#include + +#include "message_parcel.h" +#include "sandbox_helper.h" +#include "service.h" +#include "service_proxy.h" +#include "service_reverse.h" +#include "service_stub.h" +#include "securec.h" +#include "system_ability.h" + +using namespace std; +using namespace OHOS::FileManagement::Backup; + +namespace OHOS { +constexpr int32_t SERVICE_ID = 5203; + +bool CmdInitIncrementalBackupSessionFuzzTest(const uint8_t *data, size_t size) +{ + MessageParcel datas; + datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); + datas.WriteBuffer(data, size); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + sptr service(new Service(SERVICE_ID)); + uint32_t code = static_cast(IServiceIpcCode::COMMAND_INIT_INCREMENTAL_BACKUP_SESSION); + service->OnRemoteRequest(code, datas, reply, option); + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + try { + OHOS::CmdInitIncrementalBackupSessionFuzzTest(data, size); + } catch (OHOS::FileManagement::Backup::BError &err) { + HILOGE("BackupSaFuzzTest error"); + } catch (...) { + HILOGE("BackupSaFuzzTest exception"); + } + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/backupsainitincrementalbackupsession_fuzzer.h b/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/backupsainitincrementalbackupsession_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..e02194a523ba7a9a8fa49141af2ea9d2145b1dd2 --- /dev/null +++ b/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/backupsainitincrementalbackupsession_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef BACKUPSAINITINCREMENTALBACKUPSESSION_FUZZER_H +#define BACKUPSAINITINCREMENTALBACKUPSESSION_FUZZER_H + +#define FUZZ_PROJECT_NAME "backupsainitincrementalbackupsession_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/corpus/init b/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/project.xml b/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..66e1dcac475475fb101b6f8670ec699e6e9696aa --- /dev/null +++ b/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/backupsapublishincrementalfile_fuzzer/BUILD.gn b/test/fuzztest/backupsapublishincrementalfile_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..c3a3e0469b8232e7954d8dda6726db9cb94673de --- /dev/null +++ b/test/fuzztest/backupsapublishincrementalfile_fuzzer/BUILD.gn @@ -0,0 +1,66 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/app_file_service/app_file_service.gni") +import("//foundation/filemanagement/app_file_service/backup.gni") + +##############################fuzztest########################################## +ohos_fuzztest("BackupSaPublishIncrementalFileFuzzTest") { + module_out_path = "app_file_service/app_file_service" + fuzz_config_file = + "${app_file_service_path}/test/fuzztest/backupsapublishincrementalfile_fuzzer" + include_dirs = [ + "${app_file_service_path}/services/backup_sa/include/module_ipc", + "${app_file_service_path}/services/backup_sa/include", + "${app_file_service_path}/interfaces/inner_api/native/backup_kit_inner/impl", + "${app_file_service_path}/frameworks/native/backup_kit_inner/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "backupsapublishincrementalfile_fuzzer.cpp" ] + + deps = [ + "${app_file_service_path}/services/backup_sa:backup_sa", + "${path_backup}/interfaces/inner_api/native/backup_kit_inner:backup_kit_inner", + "${path_backup}/interfaces/innerkits/native:sandbox_helper_native", + "${path_backup}/utils:backup_utils", + ] + + public_configs = [ "${path_backup}/services/backup_sa:public_idl_config" ] + + external_deps = [ + "ability_runtime:ability_manager", + "ability_runtime:abilitykit_native", + "bounds_checking_function:libsec_shared", + "c_utils:utils", + "file_api:filemgmt_libn", + "hilog:libhilog", + "ipc:ipc_core", + "safwk:system_ability_fwk", + ] + + defines = [ + "LOG_TAG=\"app_file_service\"", + "LOG_DOMAIN=0xD004303", + ] + + use_exceptions = true +} +############################################################################### diff --git a/test/fuzztest/backupsapublishincrementalfile_fuzzer/backupsapublishincrementalfile_fuzzer.cpp b/test/fuzztest/backupsapublishincrementalfile_fuzzer/backupsapublishincrementalfile_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..273545989b285445cf791cbb6a883627e66282d6 --- /dev/null +++ b/test/fuzztest/backupsapublishincrementalfile_fuzzer/backupsapublishincrementalfile_fuzzer.cpp @@ -0,0 +1,77 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "backupsapublishincrementalfile_fuzzer.h" + +#include +#include +#include +#include +#include +#include + +#include "message_parcel.h" +#include "sandbox_helper.h" +#include "service.h" +#include "service_proxy.h" +#include "service_reverse.h" +#include "service_stub.h" +#include "securec.h" +#include "system_ability.h" + +using namespace std; +using namespace OHOS::FileManagement::Backup; + +namespace OHOS { +constexpr int32_t SERVICE_ID = 5203; + +bool CmdPublishIncrementalFileFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size < sizeof(uint32_t)) { + return false; + } + MessageParcel datas; + datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); + uint32_t sn = *(reinterpret_cast(data)); + int len = (size - sizeof(uint32_t)) >> 1; + std::string fileName(reinterpret_cast(data + sizeof(uint32_t)), len); + std::string bundleName(reinterpret_cast(data + sizeof(uint32_t) + len), len); + + BFileInfo fileInfo(fileName, bundleName, sn); + datas.WriteParcelable(&fileInfo); + + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + sptr service(new Service(SERVICE_ID)); + uint32_t code = static_cast(IServiceIpcCode::COMMAND_PUBLISH_INCREMENTAL_FILE); + service->OnRemoteRequest(code, datas, reply, option); + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + try { + OHOS::CmdPublishIncrementalFileFuzzTest(data, size); + } catch (OHOS::FileManagement::Backup::BError &err) { + HILOGE("BackupSaFuzzTest error"); + } catch (...) { + HILOGE("BackupSaFuzzTest exception"); + } + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/backupsapublishincrementalfile_fuzzer/backupsapublishincrementalfile_fuzzer.h b/test/fuzztest/backupsapublishincrementalfile_fuzzer/backupsapublishincrementalfile_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..d919c77c8fc35897e5befdc840e1169ce77bd4d3 --- /dev/null +++ b/test/fuzztest/backupsapublishincrementalfile_fuzzer/backupsapublishincrementalfile_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef BACKUPSAPUBLISHINCREMENTALFILE_FUZZER_H +#define BACKUPSAPUBLISHINCREMENTALFILE_FUZZER_H + +#define FUZZ_PROJECT_NAME "backupsapublishincrementalfile_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/backupsapublishincrementalfile_fuzzer/corpus/init b/test/fuzztest/backupsapublishincrementalfile_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/backupsapublishincrementalfile_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/backupsapublishincrementalfile_fuzzer/project.xml b/test/fuzztest/backupsapublishincrementalfile_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..66e1dcac475475fb101b6f8670ec699e6e9696aa --- /dev/null +++ b/test/fuzztest/backupsapublishincrementalfile_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/backupsaanother_fuzzer/BUILD.gn b/test/fuzztest/backupsarelease_fuzzer/BUILD.gn similarity index 91% rename from test/fuzztest/backupsaanother_fuzzer/BUILD.gn rename to test/fuzztest/backupsarelease_fuzzer/BUILD.gn index 36412f43bd770ce6008cb96cf1806a78a79128f8..e2b375306e5a1372f531ca9ea6114a2847e15927 100644 --- a/test/fuzztest/backupsaanother_fuzzer/BUILD.gn +++ b/test/fuzztest/backupsarelease_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2022-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -18,10 +18,10 @@ import("//foundation/filemanagement/app_file_service/app_file_service.gni") import("//foundation/filemanagement/app_file_service/backup.gni") ##############################fuzztest########################################## -ohos_fuzztest("BackupSaAnotherFuzzTest") { +ohos_fuzztest("BackupSaReleaseFuzzTest") { module_out_path = "app_file_service/app_file_service" fuzz_config_file = - "${app_file_service_path}/test/fuzztest/backupsaanother_fuzzer" + "${app_file_service_path}/test/fuzztest/backupsarelease_fuzzer" include_dirs = [ "${app_file_service_path}/services/backup_sa/include/module_ipc", "${app_file_service_path}/services/backup_sa/include", @@ -34,7 +34,7 @@ ohos_fuzztest("BackupSaAnotherFuzzTest") { "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - sources = [ "backupsaanother_fuzzer.cpp" ] + sources = [ "backupsarelease_fuzzer.cpp" ] deps = [ "${app_file_service_path}/services/backup_sa:backup_sa", diff --git a/test/fuzztest/backupsarelease_fuzzer/backupsarelease_fuzzer.cpp b/test/fuzztest/backupsarelease_fuzzer/backupsarelease_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..f683bf7d81e370f0218b418b194a275b6c00cc50 --- /dev/null +++ b/test/fuzztest/backupsarelease_fuzzer/backupsarelease_fuzzer.cpp @@ -0,0 +1,67 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "backupsarelease_fuzzer.h" + +#include +#include +#include +#include +#include +#include + +#include "message_parcel.h" +#include "sandbox_helper.h" +#include "service.h" +#include "service_proxy.h" +#include "service_reverse.h" +#include "service_stub.h" +#include "securec.h" +#include "system_ability.h" + +using namespace std; +using namespace OHOS::FileManagement::Backup; + +namespace OHOS { +constexpr int32_t SERVICE_ID = 5203; + +bool CmdReleaseFuzzTest(const uint8_t *data, size_t size) +{ + MessageParcel datas; + datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); + datas.WriteBuffer(data, size); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + sptr service(new Service(SERVICE_ID)); + uint32_t code = static_cast(IServiceIpcCode::COMMAND_RELEASE); + service->OnRemoteRequest(code, datas, reply, option); + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + try { + OHOS::CmdReleaseFuzzTest(data, size); + } catch (OHOS::FileManagement::Backup::BError &err) { + HILOGE("BackupSaFuzzTest error"); + } catch (...) { + HILOGE("BackupSaFuzzTest exception"); + } + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.h b/test/fuzztest/backupsarelease_fuzzer/backupsarelease_fuzzer.h similarity index 77% rename from test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.h rename to test/fuzztest/backupsarelease_fuzzer/backupsarelease_fuzzer.h index 8ddfc2126b559d055ee576338bf4e3ca548e75f9..f24a31b220f59e647b0d452508592242e9e6d1fa 100644 --- a/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.h +++ b/test/fuzztest/backupsarelease_fuzzer/backupsarelease_fuzzer.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,9 +13,9 @@ * limitations under the License. */ -#ifndef BACKUPSAAPPEND_FUZZER_H -#define BACKUPSAAPPEND_FUZZER_H +#ifndef BACKUPSARELEASE_FUZZER_H +#define BACKUPSARELEASE_FUZZER_H -#define FUZZ_PROJECT_NAME "backupsaappend_fuzzer" +#define FUZZ_PROJECT_NAME "backupsarelease_fuzzer" #endif \ No newline at end of file diff --git a/test/fuzztest/backupsarelease_fuzzer/corpus/init b/test/fuzztest/backupsarelease_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/backupsarelease_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/backupsarelease_fuzzer/project.xml b/test/fuzztest/backupsarelease_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..66e1dcac475475fb101b6f8670ec699e6e9696aa --- /dev/null +++ b/test/fuzztest/backupsarelease_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + +