From 02fd84f60b1c7ee73bd9afa2852db230910d362c Mon Sep 17 00:00:00 2001 From: dinghao Date: Wed, 16 Jul 2025 16:43:42 +0800 Subject: [PATCH] add backupSa fuzz Signed-off-by: dinghao --- test/fuzztest/BUILD.gn | 12 +- .../backupsaappend_fuzzer.cpp | 243 ------------- .../BUILD.gn | 66 ++++ ...kupsaappendbundlesbackupsession_fuzzer.cpp | 82 +++++ ...ackupsaappendbundlesbackupsession_fuzzer.h | 21 ++ .../corpus/init} | 9 +- .../project.xml | 25 ++ .../BUILD.gn | 66 ++++ ...undlesincrementalbackupsession_fuzzer.cpp} | 224 +----------- ...ndbundlesincrementalbackupsession_fuzzer.h | 21 ++ .../corpus/init | 2 +- .../project.xml | 2 +- .../BUILD.gn | 66 ++++ .../backupsaappincrementaldone_fuzzer.cpp | 71 ++++ .../backupsaappincrementaldone_fuzzer.h | 21 ++ .../corpus/init | 2 +- .../project.xml | 2 +- .../BUILD.gn | 66 ++++ ...backupsaappincrementalfileready_fuzzer.cpp | 77 ++++ .../backupsaappincrementalfileready_fuzzer.h | 21 ++ .../corpus/init | 16 + .../project.xml | 25 ++ .../BUILD.gn | 14 +- .../backupsagetfilehandle_fuzzer.cpp | 71 ++++ .../backupsagetfilehandle_fuzzer.h | 21 ++ .../backupsagetfilehandle_fuzzer/corpus/init | 16 + .../backupsagetfilehandle_fuzzer/project.xml | 25 ++ .../BUILD.gn | 66 ++++ ...ackupsagetincrementalfilehandle_fuzzer.cpp | 72 ++++ .../backupsagetincrementalfilehandle_fuzzer.h | 21 ++ .../corpus/init | 16 + .../project.xml | 25 ++ .../BUILD.gn | 70 ++++ ...getincrementallocalcapabilities_fuzzer.cpp | 335 ++++++++++++++++++ ...sagetincrementallocalcapabilities_fuzzer.h | 21 ++ .../corpus/init | 16 + .../project.xml | 25 ++ .../BUILD.gn | 66 ++++ ...psainitincrementalbackupsession_fuzzer.cpp | 67 ++++ ...kupsainitincrementalbackupsession_fuzzer.h | 21 ++ .../corpus/init | 16 + .../project.xml | 25 ++ .../BUILD.gn | 66 ++++ .../backupsapublishincrementalfile_fuzzer.cpp | 77 ++++ .../backupsapublishincrementalfile_fuzzer.h | 21 ++ .../corpus/init | 16 + .../project.xml | 25 ++ .../BUILD.gn | 8 +- .../backupsarelease_fuzzer.cpp | 67 ++++ .../backupsarelease_fuzzer.h} | 8 +- .../backupsarelease_fuzzer/corpus/init | 16 + .../backupsarelease_fuzzer/project.xml | 25 ++ 52 files changed, 1994 insertions(+), 484 deletions(-) delete mode 100644 test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.cpp create mode 100644 test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/BUILD.gn create mode 100644 test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/backupsaappendbundlesbackupsession_fuzzer.cpp create mode 100644 test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/backupsaappendbundlesbackupsession_fuzzer.h rename test/fuzztest/{backupsaanother_fuzzer/backupsaanother_fuzzer.h => backupsaappendbundlesbackupsession_fuzzer/corpus/init} (76%) create mode 100644 test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/project.xml create mode 100644 test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/BUILD.gn rename test/fuzztest/{backupsaanother_fuzzer/backupsaanother_fuzzer.cpp => backupsaappendbundlesincrementalbackupsession_fuzzer/backupsaappendbundlesincrementalbackupsession_fuzzer.cpp} (30%) create mode 100644 test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/backupsaappendbundlesincrementalbackupsession_fuzzer.h rename test/fuzztest/{backupsaappend_fuzzer => backupsaappendbundlesincrementalbackupsession_fuzzer}/corpus/init (92%) rename test/fuzztest/{backupsaanother_fuzzer => backupsaappendbundlesincrementalbackupsession_fuzzer}/project.xml (95%) create mode 100644 test/fuzztest/backupsaappincrementaldone_fuzzer/BUILD.gn create mode 100644 test/fuzztest/backupsaappincrementaldone_fuzzer/backupsaappincrementaldone_fuzzer.cpp create mode 100644 test/fuzztest/backupsaappincrementaldone_fuzzer/backupsaappincrementaldone_fuzzer.h rename test/fuzztest/{backupsaanother_fuzzer => backupsaappincrementaldone_fuzzer}/corpus/init (92%) rename test/fuzztest/{backupsaappend_fuzzer => backupsaappincrementaldone_fuzzer}/project.xml (95%) create mode 100644 test/fuzztest/backupsaappincrementalfileready_fuzzer/BUILD.gn create mode 100644 test/fuzztest/backupsaappincrementalfileready_fuzzer/backupsaappincrementalfileready_fuzzer.cpp create mode 100644 test/fuzztest/backupsaappincrementalfileready_fuzzer/backupsaappincrementalfileready_fuzzer.h create mode 100644 test/fuzztest/backupsaappincrementalfileready_fuzzer/corpus/init create mode 100644 test/fuzztest/backupsaappincrementalfileready_fuzzer/project.xml rename test/fuzztest/{backupsaappend_fuzzer => backupsagetfilehandle_fuzzer}/BUILD.gn (86%) create mode 100644 test/fuzztest/backupsagetfilehandle_fuzzer/backupsagetfilehandle_fuzzer.cpp create mode 100644 test/fuzztest/backupsagetfilehandle_fuzzer/backupsagetfilehandle_fuzzer.h create mode 100644 test/fuzztest/backupsagetfilehandle_fuzzer/corpus/init create mode 100644 test/fuzztest/backupsagetfilehandle_fuzzer/project.xml create mode 100644 test/fuzztest/backupsagetincrementalfilehandle_fuzzer/BUILD.gn create mode 100644 test/fuzztest/backupsagetincrementalfilehandle_fuzzer/backupsagetincrementalfilehandle_fuzzer.cpp create mode 100644 test/fuzztest/backupsagetincrementalfilehandle_fuzzer/backupsagetincrementalfilehandle_fuzzer.h create mode 100644 test/fuzztest/backupsagetincrementalfilehandle_fuzzer/corpus/init create mode 100644 test/fuzztest/backupsagetincrementalfilehandle_fuzzer/project.xml create mode 100644 test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/BUILD.gn create mode 100644 test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/backupsagetincrementallocalcapabilities_fuzzer.cpp create mode 100644 test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/backupsagetincrementallocalcapabilities_fuzzer.h create mode 100644 test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/corpus/init create mode 100644 test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/project.xml create mode 100644 test/fuzztest/backupsainitincrementalbackupsession_fuzzer/BUILD.gn create mode 100644 test/fuzztest/backupsainitincrementalbackupsession_fuzzer/backupsainitincrementalbackupsession_fuzzer.cpp create mode 100644 test/fuzztest/backupsainitincrementalbackupsession_fuzzer/backupsainitincrementalbackupsession_fuzzer.h create mode 100644 test/fuzztest/backupsainitincrementalbackupsession_fuzzer/corpus/init create mode 100644 test/fuzztest/backupsainitincrementalbackupsession_fuzzer/project.xml create mode 100644 test/fuzztest/backupsapublishincrementalfile_fuzzer/BUILD.gn create mode 100644 test/fuzztest/backupsapublishincrementalfile_fuzzer/backupsapublishincrementalfile_fuzzer.cpp create mode 100644 test/fuzztest/backupsapublishincrementalfile_fuzzer/backupsapublishincrementalfile_fuzzer.h create mode 100644 test/fuzztest/backupsapublishincrementalfile_fuzzer/corpus/init create mode 100644 test/fuzztest/backupsapublishincrementalfile_fuzzer/project.xml rename test/fuzztest/{backupsaanother_fuzzer => backupsarelease_fuzzer}/BUILD.gn (91%) create mode 100644 test/fuzztest/backupsarelease_fuzzer/backupsarelease_fuzzer.cpp rename test/fuzztest/{backupsaappend_fuzzer/backupsaappend_fuzzer.h => backupsarelease_fuzzer/backupsarelease_fuzzer.h} (77%) create mode 100644 test/fuzztest/backupsarelease_fuzzer/corpus/init create mode 100644 test/fuzztest/backupsarelease_fuzzer/project.xml diff --git a/test/fuzztest/BUILD.gn b/test/fuzztest/BUILD.gn index 1c4a33aca..94ef49b85 100644 --- a/test/fuzztest/BUILD.gn +++ b/test/fuzztest/BUILD.gn @@ -18,8 +18,16 @@ group("fuzztest") { # deps file "backupext_fuzzer:BackupExtFuzzTest", "backupsa_fuzzer:BackupSaFuzzTest", - "backupsaanother_fuzzer:BackupSaAnotherFuzzTest", - "backupsaappend_fuzzer:BackupSaAppendFuzzTest", + "backupsaappendbundlesbackupsession_fuzzer:BackupSaAppendBundlesBackupSessionFuzzTest", + "backupsaappendbundlesincrementalbackupsession_fuzzer:BackupSaAppendBundlesIncrementalBackupSessionFuzzTest", + "backupsaappincrementaldone_fuzzer:BackupSaAppIncrementalDoneFuzzTest", + "backupsaappincrementalfileready_fuzzer:BackupSaAppIncrementalFileReadyFuzzTest", + "backupsagetfilehandle_fuzzer:BackupSaGetFileHandleFuzzTest", + "backupsagetincrementalfilehandle_fuzzer:BackupSaGetIncrementalFileHandleFuzzTest", + "backupsagetincrementallocalcapabilities_fuzzer:BackupSaGetIncrementalLocalCapabilitiesFuzzTest", + "backupsainitincrementalbackupsession_fuzzer:BackupSaInitIncrementalBackupSessionFuzzTest", + "backupsapublishincrementalfile_fuzzer:BackupSaPublishIncrementalFileFuzzTest", + "backupsarelease_fuzzer:BackupSaReleaseFuzzTest", "backupservicestub_fuzzer:BackupServiceStubFuzzTest", "fileshare_fuzzer:FileShareFuzzTest", "remotefileshare_fuzzer:RemoteFileShareFuzzTest", diff --git a/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.cpp b/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.cpp deleted file mode 100644 index 9a6e46113..000000000 --- a/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.cpp +++ /dev/null @@ -1,243 +0,0 @@ -/* - * Copyright (c) 2024 Huawei Device Co., Ltd. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "backupsaappend_fuzzer.h" - -#include -#include -#include -#include -#include - -#include "message_parcel.h" -#include "service.h" -#include "service_proxy.h" -#include "service_reverse.h" -#include "service_stub.h" -#include "securec.h" -#include "system_ability.h" - -using namespace std; -using namespace OHOS::FileManagement::Backup; - -namespace OHOS { -constexpr int32_t SERVICE_ID = 5203; - -bool CmdInitRestoreSessionFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - datas.WriteBuffer(data, size); - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_INIT_RESTORE_SESSION), - datas, reply, option); - service = nullptr; - return true; -} - -bool CmdInitBackupSessionFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - datas.WriteBuffer(data, size); - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_INIT_BACKUP_SESSION), - datas, reply, option); - service = nullptr; - return true; -} - -bool CmdPublishFileFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - if (size > 0) { - int pos = (size + 1) >> 1; - std::string fileName(reinterpret_cast(data), pos); - std::string bundleName(reinterpret_cast(data + pos), size - pos); - uint32_t sn = 0; - if (size > sizeof(uint32_t)) { - sn = *(reinterpret_cast(data)); - } - BFileInfo fileInfo(fileName, bundleName, sn); - datas.WriteParcelable(&fileInfo); - } - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_PUBLISH_FILE), - datas, reply, option); - service = nullptr; - return true; -} - -bool CmdGetLocalCapabilitiesFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - datas.WriteBuffer(data, size); - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - uint32_t code = static_cast(IServiceIpcCode::COMMAND_GET_LOCAL_CAPABILITIES); - service->OnRemoteRequest(code, datas, reply, option); - service = nullptr; - return true; -} - -bool CmdAppFileReadyFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - std::string fileName(reinterpret_cast(data), size); - datas.WriteString(fileName); - - int fd = -1; - if (size >= sizeof(int)) { - fd = *(reinterpret_cast(data)); - } - datas.WriteFileDescriptor(UniqueFd(fd)); - - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - uint32_t code = static_cast(IServiceIpcCode::COMMAND_APP_FILE_READY); - service->OnRemoteRequest(code, datas, reply, option); - service = nullptr; - return true; -} - -bool CmdAppDoneFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - if (size >= sizeof(bool)) { - datas.WriteBool(*(reinterpret_cast(data))); - } - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_APP_DONE), - datas, reply, option); - service = nullptr; - return true; -} - -bool CmdStartFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - datas.WriteBuffer(data, size); - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_START), - datas, reply, option); - service = nullptr; - return true; -} - -bool CmdFinishFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - datas.WriteBuffer(data, size); - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_FINISH), - datas, reply, option); - service = nullptr; - return true; -} - -bool CmdAppendBundlesRestoreSessionFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - - size_t len = sizeof(int); - if (size >= len) { - int fd = *(reinterpret_cast(data)); - datas.WriteFileDescriptor(UniqueFd(fd)); - } - - if (size > 0) { - vector bundleNames; - for (size_t i = 0; i < size; i++) { - string param(reinterpret_cast(data), size); - string name = param + to_string(i); - bundleNames.push_back(name); - } - datas.WriteStringVector(bundleNames); - } - - if (size >= len + sizeof(int32_t)) { - int32_t type = static_cast(*(reinterpret_cast(data + len))); - datas.WriteInt32(type); - len += sizeof(int32_t); - } - - if (size >= len + sizeof(int32_t)) { - int32_t userId = static_cast(*(reinterpret_cast(data + len))); - datas.WriteInt32(userId); - } - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_APPEND_BUNDLES_RESTORE_SESSION_DATA), - datas, reply, option); - service = nullptr; - return true; -} -} // namespace OHOS - -/* Fuzzer entry point */ -extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) -{ - /* Run your code on data */ - OHOS::CmdInitRestoreSessionFuzzTest(data, size); - OHOS::CmdInitBackupSessionFuzzTest(data, size); - OHOS::CmdPublishFileFuzzTest(data, size); - OHOS::CmdGetLocalCapabilitiesFuzzTest(data, size); - OHOS::CmdAppFileReadyFuzzTest(data, size); - OHOS::CmdAppDoneFuzzTest(data, size); - OHOS::CmdStartFuzzTest(data, size); - OHOS::CmdFinishFuzzTest(data, size); - OHOS::CmdAppendBundlesRestoreSessionFuzzTest(data, size); - return 0; -} \ No newline at end of file diff --git a/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/BUILD.gn b/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/BUILD.gn new file mode 100644 index 000000000..652bfdfa6 --- /dev/null +++ b/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/BUILD.gn @@ -0,0 +1,66 @@ +# Copyright (c) 2022-2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/app_file_service/app_file_service.gni") +import("//foundation/filemanagement/app_file_service/backup.gni") + +##############################fuzztest########################################## +ohos_fuzztest("BackupSaAppendBundlesBackupSessionFuzzTest") { + module_out_path = "app_file_service/app_file_service" + fuzz_config_file = + "${app_file_service_path}/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer" + include_dirs = [ + "${app_file_service_path}/services/backup_sa/include/module_ipc", + "${app_file_service_path}/services/backup_sa/include", + "${app_file_service_path}/interfaces/inner_api/native/backup_kit_inner/impl", + "${app_file_service_path}/frameworks/native/backup_kit_inner/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "backupsaappendbundlesbackupsession_fuzzer.cpp" ] + + deps = [ + "${app_file_service_path}/services/backup_sa:backup_sa", + "${path_backup}/interfaces/inner_api/native/backup_kit_inner:backup_kit_inner", + "${path_backup}/interfaces/innerkits/native:sandbox_helper_native", + "${path_backup}/utils:backup_utils", + ] + + public_configs = [ "${path_backup}/services/backup_sa:public_idl_config" ] + + external_deps = [ + "ability_runtime:ability_manager", + "ability_runtime:abilitykit_native", + "bounds_checking_function:libsec_shared", + "c_utils:utils", + "file_api:filemgmt_libn", + "hilog:libhilog", + "ipc:ipc_core", + "safwk:system_ability_fwk", + ] + + defines = [ + "LOG_TAG=\"app_file_service\"", + "LOG_DOMAIN=0xD004303", + ] + + use_exceptions = true +} +############################################################################### diff --git a/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/backupsaappendbundlesbackupsession_fuzzer.cpp b/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/backupsaappendbundlesbackupsession_fuzzer.cpp new file mode 100644 index 000000000..9eea23fc6 --- /dev/null +++ b/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/backupsaappendbundlesbackupsession_fuzzer.cpp @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "backupsaappendbundlesbackupsession_fuzzer.h" + +#include +#include +#include +#include +#include +#include + +#include "message_parcel.h" +#include "sandbox_helper.h" +#include "service.h" +#include "service_proxy.h" +#include "service_reverse.h" +#include "service_stub.h" +#include "securec.h" +#include "system_ability.h" + +using namespace std; +using namespace OHOS::FileManagement::Backup; + +namespace OHOS { +constexpr int32_t SERVICE_ID = 5203; + +bool CmdAppendBundlesBackupSessionFuzzTest(const uint8_t *data, size_t size) +{ + MessageParcel datas; + datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); + if (size > 0) { + vector bundleNames; + for (size_t i = 0; i < size; i++) { + string param(reinterpret_cast(data), size); + string name = param + to_string(i); + bundleNames.push_back(name); + } + datas.WriteStringVector(bundleNames); + } + + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + sptr service(new Service(SERVICE_ID)); + uint32_t code = static_cast(IServiceIpcCode::COMMAND_APPEND_BUNDLES_BACKUP_SESSION); + try { + service->OnRemoteRequest(code, datas, reply, option); + } catch (OHOS::FileManagement::Backup::BError &err) { + HILOGE("BackupSaFuzzTest error"); + } catch (...) { + HILOGE("BackupSaFuzzTest exception"); + } + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + try { + OHOS::CmdAppendBundlesBackupSessionFuzzTest(data, size); + } catch (OHOS::FileManagement::Backup::BError &err) { + HILOGE("BackupSaFuzzTest error"); + } catch (...) { + HILOGE("BackupSaFuzzTest exception"); + } + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/backupsaappendbundlesbackupsession_fuzzer.h b/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/backupsaappendbundlesbackupsession_fuzzer.h new file mode 100644 index 000000000..ba3b72aa2 --- /dev/null +++ b/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/backupsaappendbundlesbackupsession_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef BACKUPSAAPPENDBUNDLEBACKUPSESSION_FUZZER_H +#define BACKUPSAAPPENDBUNDLEBACKUPSESSION_FUZZER_H + +#define FUZZ_PROJECT_NAME "backupsaappendbundlesbackupsession_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.h b/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/corpus/init similarity index 76% rename from test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.h rename to test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/corpus/init index f89e351e6..f46fe5351 100644 --- a/test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.h +++ b/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/corpus/init @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,9 +13,4 @@ * limitations under the License. */ -#ifndef BACKUPSAANOTHER_FUZZER_H -#define BACKUPSAANOTHER_FUZZER_H - -#define FUZZ_PROJECT_NAME "backupsaanother_fuzzer" - -#endif \ No newline at end of file +FUZZ \ No newline at end of file diff --git a/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/project.xml b/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/project.xml new file mode 100644 index 000000000..0c2ea469a --- /dev/null +++ b/test/fuzztest/backupsaappendbundlesbackupsession_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/BUILD.gn b/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/BUILD.gn new file mode 100644 index 000000000..cf1c5dbb5 --- /dev/null +++ b/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/BUILD.gn @@ -0,0 +1,66 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/app_file_service/app_file_service.gni") +import("//foundation/filemanagement/app_file_service/backup.gni") + +##############################fuzztest########################################## +ohos_fuzztest("BackupSaAppendBundlesIncrementalBackupSessionFuzzTest") { + module_out_path = "app_file_service/app_file_service" + fuzz_config_file = + "${app_file_service_path}/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer" + include_dirs = [ + "${app_file_service_path}/services/backup_sa/include/module_ipc", + "${app_file_service_path}/services/backup_sa/include", + "${app_file_service_path}/interfaces/inner_api/native/backup_kit_inner/impl", + "${app_file_service_path}/frameworks/native/backup_kit_inner/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "backupsaappendbundlesincrementalbackupsession_fuzzer.cpp" ] + + deps = [ + "${app_file_service_path}/services/backup_sa:backup_sa", + "${path_backup}/interfaces/inner_api/native/backup_kit_inner:backup_kit_inner", + "${path_backup}/interfaces/innerkits/native:sandbox_helper_native", + "${path_backup}/utils:backup_utils", + ] + + public_configs = [ "${path_backup}/services/backup_sa:public_idl_config" ] + + external_deps = [ + "ability_runtime:ability_manager", + "ability_runtime:abilitykit_native", + "bounds_checking_function:libsec_shared", + "c_utils:utils", + "file_api:filemgmt_libn", + "hilog:libhilog", + "ipc:ipc_core", + "safwk:system_ability_fwk", + ] + + defines = [ + "LOG_TAG=\"app_file_service\"", + "LOG_DOMAIN=0xD004303", + ] + + use_exceptions = true +} +############################################################################### diff --git a/test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.cpp b/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/backupsaappendbundlesincrementalbackupsession_fuzzer.cpp similarity index 30% rename from test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.cpp rename to test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/backupsaappendbundlesincrementalbackupsession_fuzzer.cpp index 8c3ae92d8..5d4c9cbfb 100644 --- a/test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.cpp +++ b/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/backupsaappendbundlesincrementalbackupsession_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,7 +13,7 @@ * limitations under the License. */ -#include "backupsaanother_fuzzer.h" +#include "backupsaappendbundlesincrementalbackupsession_fuzzer.h" #include #include @@ -37,72 +37,6 @@ using namespace OHOS::FileManagement::Backup; namespace OHOS { constexpr int32_t SERVICE_ID = 5203; -bool CmdGetFileHandleFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - int pos = (size + 1) >> 1; - if (size > 0) { - std::string param(string(reinterpret_cast(data), pos)); - datas.WriteString(param); - } - - if (size > 1) { - std::string param(string(reinterpret_cast(data + pos), size - pos)); - datas.WriteString(param); - } - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_GET_FILE_HANDLE), - datas, reply, option); - service = nullptr; - return true; -} - -bool CmdAppendBundlesBackupSessionFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - if (size > 0) { - vector bundleNames; - for (size_t i = 0; i < size; i++) { - string param(reinterpret_cast(data), size); - string name = param + to_string(i); - bundleNames.push_back(name); - } - datas.WriteStringVector(bundleNames); - } - - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - uint32_t code = static_cast(IServiceIpcCode::COMMAND_APPEND_BUNDLES_BACKUP_SESSION); - service->OnRemoteRequest(code, datas, reply, option); - service = nullptr; - return true; -} - -bool CmdReleaseFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - datas.WriteBuffer(data, size); - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - uint32_t code = static_cast(IServiceIpcCode::COMMAND_RELEASE); - service->OnRemoteRequest(code, datas, reply, option); - service = nullptr; - return true; -} - void GetBundleNamesData(const uint8_t *data, size_t size, vector &bundleNames) { int minLen = sizeof(int64_t) + sizeof(int) + sizeof(int32_t); @@ -144,44 +78,6 @@ void WriteParcelableVector(const std::vector &parcelableVector, Parcel &data) return; } -bool CmdGetLocalCapabilitiesIncrementalFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - if (size >= sizeof(int32_t)) { - vector bundleNames; - GetBundleNamesData(data, size, bundleNames); - WriteParcelableVector(bundleNames, datas); - } - - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - uint32_t code = static_cast(IServiceIpcCode::COMMAND_GET_LOCAL_CAPABILITIES_INCREMENTAL); - service->OnRemoteRequest(code, datas, reply, option); - OHOS::AppFileService::SandboxHelper::ClearBackupSandboxPathMap(); - service = nullptr; - return true; -} - -bool CmdInitIncrementalBackupSessionFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - datas.WriteBuffer(data, size); - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - uint32_t code = static_cast(IServiceIpcCode::COMMAND_INIT_INCREMENTAL_BACKUP_SESSION); - service->OnRemoteRequest(code, datas, reply, option); - service = nullptr; - return true; -} - bool CmdAppendBundlesIncrementalBackupSessionFuzzTest(const uint8_t *data, size_t size) { MessageParcel datas; @@ -199,105 +95,6 @@ bool CmdAppendBundlesIncrementalBackupSessionFuzzTest(const uint8_t *data, size_ uint32_t code = static_cast( IServiceIpcCode::COMMAND_APPEND_BUNDLES_INCREMENTAL_BACKUP_SESSION); service->OnRemoteRequest(code, datas, reply, option); - service = nullptr; - return true; -} - -bool CmdPublishIncrementalFileFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - if (size > 0) { - int pos = (size + 1) >> 1; - std::string fileName(reinterpret_cast(data), pos); - std::string bundleName(reinterpret_cast(data + pos), size - pos); - uint32_t sn = 0; - if (size > sizeof(uint32_t)) { - sn = *(reinterpret_cast(data)); - } - BFileInfo fileInfo(fileName, bundleName, sn); - datas.WriteParcelable(&fileInfo); - } - - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - uint32_t code = static_cast(IServiceIpcCode::COMMAND_PUBLISH_INCREMENTAL_FILE); - service->OnRemoteRequest(code, datas, reply, option); - service = nullptr; - return true; -} - -bool CmdAppIncrementalFileReadyFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - std::string fileName(reinterpret_cast(data), size); - datas.WriteString(fileName); - if (size >= sizeof(int)) { - int fd = *(reinterpret_cast(data)); - datas.WriteFileDescriptor(UniqueFd(fd)); - } - - if (size >= sizeof(int) + sizeof(int)) { - int manifestId = *(reinterpret_cast(data + sizeof(int))); - datas.WriteFileDescriptor(UniqueFd(manifestId)); - } - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - uint32_t code = static_cast(IServiceIpcCode::COMMAND_APP_INCREMENTAL_FILE_READY); - service->OnRemoteRequest(code, datas, reply, option); - service = nullptr; - return true; -} - -bool CmdAppIncrementalDoneFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - if (size >= sizeof(int32_t)) { - datas.WriteInt32(*(reinterpret_cast(data))); - } - - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_APP_INCREMENTAL_DONE), - datas, reply, option); - service = nullptr; - return true; -} - -bool CmdGetIncrementalFileHandleFuzzTest(const uint8_t *data, size_t size) -{ - MessageParcel datas; - datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - int pos = (size + 1) >> 1; - if (size > 0) { - string param(reinterpret_cast(data), pos); - datas.WriteString(param); - } - - if (size > 1) { - string param(reinterpret_cast(data + pos), size - pos); - datas.WriteString(param); - } - - datas.RewindRead(0); - MessageParcel reply; - MessageOption option; - - sptr service(new Service(SERVICE_ID)); - service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_GET_INCREMENTAL_FILE_HANDLE), - datas, reply, option); - service = nullptr; return true; } } // namespace OHOS @@ -305,15 +102,12 @@ bool CmdGetIncrementalFileHandleFuzzTest(const uint8_t *data, size_t size) /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { - OHOS::CmdGetFileHandleFuzzTest(data, size); - OHOS::CmdAppendBundlesBackupSessionFuzzTest(data, size); - OHOS::CmdReleaseFuzzTest(data, size); - OHOS::CmdGetLocalCapabilitiesIncrementalFuzzTest(data, size); - OHOS::CmdInitIncrementalBackupSessionFuzzTest(data, size); - OHOS::CmdPublishIncrementalFileFuzzTest(data, size); - OHOS::CmdAppIncrementalFileReadyFuzzTest(data, size); - OHOS::CmdAppIncrementalDoneFuzzTest(data, size); - OHOS::CmdGetIncrementalFileHandleFuzzTest(data, size); - OHOS::CmdAppendBundlesIncrementalBackupSessionFuzzTest(data, size); + try { + OHOS::CmdAppendBundlesIncrementalBackupSessionFuzzTest(data, size); + } catch (OHOS::FileManagement::Backup::BError &err) { + HILOGE("BackupSaFuzzTest error"); + } catch (...) { + HILOGE("BackupSaFuzzTest exception"); + } return 0; } \ No newline at end of file diff --git a/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/backupsaappendbundlesincrementalbackupsession_fuzzer.h b/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/backupsaappendbundlesincrementalbackupsession_fuzzer.h new file mode 100644 index 000000000..b354ba6e5 --- /dev/null +++ b/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/backupsaappendbundlesincrementalbackupsession_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef BACKUPSAAPPENDBUNDLESINCREMENTALBACKUPSESSION_FUZZER_H +#define BACKUPSAAPPENDBUNDLESINCREMENTALBACKUPSESSION_FUZZER_H + +#define FUZZ_PROJECT_NAME "backupsaappendbundlesincrementalbackupsession_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/backupsaappend_fuzzer/corpus/init b/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/corpus/init similarity index 92% rename from test/fuzztest/backupsaappend_fuzzer/corpus/init rename to test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/corpus/init index 6198079a2..7ade8a0fa 100644 --- a/test/fuzztest/backupsaappend_fuzzer/corpus/init +++ b/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/corpus/init @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at diff --git a/test/fuzztest/backupsaanother_fuzzer/project.xml b/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/project.xml similarity index 95% rename from test/fuzztest/backupsaanother_fuzzer/project.xml rename to test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/project.xml index 7133b2b92..66e1dcac4 100644 --- a/test/fuzztest/backupsaanother_fuzzer/project.xml +++ b/test/fuzztest/backupsaappendbundlesincrementalbackupsession_fuzzer/project.xml @@ -1,5 +1,5 @@ - + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/backupsaappend_fuzzer/BUILD.gn b/test/fuzztest/backupsagetfilehandle_fuzzer/BUILD.gn similarity index 86% rename from test/fuzztest/backupsaappend_fuzzer/BUILD.gn rename to test/fuzztest/backupsagetfilehandle_fuzzer/BUILD.gn index 410ead2a2..20f539837 100644 --- a/test/fuzztest/backupsaappend_fuzzer/BUILD.gn +++ b/test/fuzztest/backupsagetfilehandle_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2021-2024 Huawei Device Co., Ltd. +# Copyright (c) 2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -18,10 +18,10 @@ import("//foundation/filemanagement/app_file_service/app_file_service.gni") import("//foundation/filemanagement/app_file_service/backup.gni") ##############################fuzztest########################################## -ohos_fuzztest("BackupSaAppendFuzzTest") { +ohos_fuzztest("BackupSaGetFileHandleFuzzTest") { module_out_path = "app_file_service/app_file_service" fuzz_config_file = - "${app_file_service_path}/test/fuzztest/backupsaappend_fuzzer" + "${app_file_service_path}/test/fuzztest/backupsagetfilehandle_fuzzer" include_dirs = [ "${app_file_service_path}/services/backup_sa/include/module_ipc", "${app_file_service_path}/services/backup_sa/include", @@ -34,14 +34,17 @@ ohos_fuzztest("BackupSaAppendFuzzTest") { "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - sources = [ "backupsaappend_fuzzer.cpp" ] + sources = [ "backupsagetfilehandle_fuzzer.cpp" ] deps = [ "${app_file_service_path}/services/backup_sa:backup_sa", "${path_backup}/interfaces/inner_api/native/backup_kit_inner:backup_kit_inner", + "${path_backup}/interfaces/innerkits/native:sandbox_helper_native", "${path_backup}/utils:backup_utils", ] + public_configs = [ "${path_backup}/services/backup_sa:public_idl_config" ] + external_deps = [ "ability_runtime:ability_manager", "ability_runtime:abilitykit_native", @@ -56,7 +59,8 @@ ohos_fuzztest("BackupSaAppendFuzzTest") { defines = [ "LOG_TAG=\"app_file_service\"", "LOG_DOMAIN=0xD004303", - "private=public", ] + + use_exceptions = true } ############################################################################### diff --git a/test/fuzztest/backupsagetfilehandle_fuzzer/backupsagetfilehandle_fuzzer.cpp b/test/fuzztest/backupsagetfilehandle_fuzzer/backupsagetfilehandle_fuzzer.cpp new file mode 100644 index 000000000..e77e7dfe3 --- /dev/null +++ b/test/fuzztest/backupsagetfilehandle_fuzzer/backupsagetfilehandle_fuzzer.cpp @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "backupsagetfilehandle_fuzzer.h" + +#include +#include +#include +#include +#include +#include + +#include "message_parcel.h" +#include "sandbox_helper.h" +#include "service.h" +#include "service_proxy.h" +#include "service_reverse.h" +#include "service_stub.h" +#include "securec.h" +#include "system_ability.h" + +using namespace std; +using namespace OHOS::FileManagement::Backup; + +namespace OHOS { +constexpr int32_t SERVICE_ID = 5203; + +bool CmdGetFileHandleFuzzTest(const uint8_t *data, size_t size) +{ + MessageParcel datas; + datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); + int len = size >> 1; + std::string bundleName(string(reinterpret_cast(data), len)); + datas.WriteString(bundleName); + std::string filePath(string(reinterpret_cast(data + len), len)); + datas.WriteString(filePath); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + sptr service(new Service(SERVICE_ID)); + service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_GET_FILE_HANDLE), + datas, reply, option); + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + try { + OHOS::CmdGetFileHandleFuzzTest(data, size); + } catch (OHOS::FileManagement::Backup::BError &err) { + HILOGE("BackupSaFuzzTest error"); + } catch (...) { + HILOGE("BackupSaFuzzTest exception"); + } + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/backupsagetfilehandle_fuzzer/backupsagetfilehandle_fuzzer.h b/test/fuzztest/backupsagetfilehandle_fuzzer/backupsagetfilehandle_fuzzer.h new file mode 100644 index 000000000..aa579532b --- /dev/null +++ b/test/fuzztest/backupsagetfilehandle_fuzzer/backupsagetfilehandle_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef BACKUPSAGETFILEHANDLE_FUZZER_H +#define BACKUPSAGETFILEHANDLE_FUZZER_H + +#define FUZZ_PROJECT_NAME "backupsagetfilehandle_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/backupsagetfilehandle_fuzzer/corpus/init b/test/fuzztest/backupsagetfilehandle_fuzzer/corpus/init new file mode 100644 index 000000000..7ade8a0fa --- /dev/null +++ b/test/fuzztest/backupsagetfilehandle_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/backupsagetfilehandle_fuzzer/project.xml b/test/fuzztest/backupsagetfilehandle_fuzzer/project.xml new file mode 100644 index 000000000..66e1dcac4 --- /dev/null +++ b/test/fuzztest/backupsagetfilehandle_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/BUILD.gn b/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/BUILD.gn new file mode 100644 index 000000000..1e0ebaa3b --- /dev/null +++ b/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/BUILD.gn @@ -0,0 +1,66 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/app_file_service/app_file_service.gni") +import("//foundation/filemanagement/app_file_service/backup.gni") + +##############################fuzztest########################################## +ohos_fuzztest("BackupSaGetIncrementalFileHandleFuzzTest") { + module_out_path = "app_file_service/app_file_service" + fuzz_config_file = + "${app_file_service_path}/test/fuzztest/backupsagetincrementalfilehandle_fuzzer" + include_dirs = [ + "${app_file_service_path}/services/backup_sa/include/module_ipc", + "${app_file_service_path}/services/backup_sa/include", + "${app_file_service_path}/interfaces/inner_api/native/backup_kit_inner/impl", + "${app_file_service_path}/frameworks/native/backup_kit_inner/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "backupsagetincrementalfilehandle_fuzzer.cpp" ] + + deps = [ + "${app_file_service_path}/services/backup_sa:backup_sa", + "${path_backup}/interfaces/inner_api/native/backup_kit_inner:backup_kit_inner", + "${path_backup}/interfaces/innerkits/native:sandbox_helper_native", + "${path_backup}/utils:backup_utils", + ] + + public_configs = [ "${path_backup}/services/backup_sa:public_idl_config" ] + + external_deps = [ + "ability_runtime:ability_manager", + "ability_runtime:abilitykit_native", + "bounds_checking_function:libsec_shared", + "c_utils:utils", + "file_api:filemgmt_libn", + "hilog:libhilog", + "ipc:ipc_core", + "safwk:system_ability_fwk", + ] + + defines = [ + "LOG_TAG=\"app_file_service\"", + "LOG_DOMAIN=0xD004303", + ] + + use_exceptions = true +} +############################################################################### diff --git a/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/backupsagetincrementalfilehandle_fuzzer.cpp b/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/backupsagetincrementalfilehandle_fuzzer.cpp new file mode 100644 index 000000000..47d4fdf91 --- /dev/null +++ b/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/backupsagetincrementalfilehandle_fuzzer.cpp @@ -0,0 +1,72 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "backupsagetincrementalfilehandle_fuzzer.h" + +#include +#include +#include +#include +#include +#include + +#include "message_parcel.h" +#include "sandbox_helper.h" +#include "service.h" +#include "service_proxy.h" +#include "service_reverse.h" +#include "service_stub.h" +#include "securec.h" +#include "system_ability.h" + +using namespace std; +using namespace OHOS::FileManagement::Backup; + +namespace OHOS { +constexpr int32_t SERVICE_ID = 5203; + +bool CmdGetIncrementalFileHandleFuzzTest(const uint8_t *data, size_t size) +{ + MessageParcel datas; + datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); + int len = size >> 1; + string bundleName(reinterpret_cast(data), len); + datas.WriteString(bundleName); + string filePath(reinterpret_cast(data + len), len); + datas.WriteString(filePath); + + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + sptr service(new Service(SERVICE_ID)); + service->OnRemoteRequest(static_cast(IServiceIpcCode::COMMAND_GET_INCREMENTAL_FILE_HANDLE), + datas, reply, option); + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + try { + OHOS::CmdGetIncrementalFileHandleFuzzTest(data, size); + } catch (OHOS::FileManagement::Backup::BError &err) { + HILOGE("BackupSaFuzzTest error"); + } catch (...) { + HILOGE("BackupSaFuzzTest exception"); + } + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/backupsagetincrementalfilehandle_fuzzer.h b/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/backupsagetincrementalfilehandle_fuzzer.h new file mode 100644 index 000000000..e81764900 --- /dev/null +++ b/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/backupsagetincrementalfilehandle_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef BACKUPSAINCREMENTALFILEHANDLE_FUZZER_H +#define BACKUPSAINCREMENTALFILEHANDLE_FUZZER_H + +#define FUZZ_PROJECT_NAME "backupsagetincrementalfilehandle_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/corpus/init b/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/corpus/init new file mode 100644 index 000000000..7ade8a0fa --- /dev/null +++ b/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/project.xml b/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/project.xml new file mode 100644 index 000000000..66e1dcac4 --- /dev/null +++ b/test/fuzztest/backupsagetincrementalfilehandle_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/BUILD.gn b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/BUILD.gn new file mode 100644 index 000000000..87fd0b5f0 --- /dev/null +++ b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/BUILD.gn @@ -0,0 +1,70 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/app_file_service/app_file_service.gni") +import("//foundation/filemanagement/app_file_service/backup.gni") + +##############################fuzztest########################################## +ohos_fuzztest("BackupSaGetIncrementalLocalCapabilitiesFuzzTest") { + module_out_path = "app_file_service/app_file_service" + fuzz_config_file = + "${app_file_service_path}/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer" + include_dirs = [ + "${app_file_service_path}/services/backup_sa/include/module_ipc", + "${app_file_service_path}/services/backup_sa/include", + "${app_file_service_path}/interfaces/inner_api/native/backup_kit_inner/impl", + "${app_file_service_path}/frameworks/native/backup_kit_inner/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "backupsagetincrementallocalcapabilities_fuzzer.cpp" ] + + deps = [ + "${app_file_service_path}/services/backup_sa:backup_sa", + "${path_backup}/interfaces/inner_api/native/backup_kit_inner:backup_kit_inner", + "${path_backup}/interfaces/innerkits/native:sandbox_helper_native", + "${path_backup}/utils:backup_utils", + ] + + public_configs = [ "${path_backup}/services/backup_sa:public_idl_config" ] + + external_deps = [ + "ability_runtime:ability_manager", + "ability_runtime:abilitykit_native", + "bounds_checking_function:libsec_shared", + "c_utils:utils", + "data_share:datashare_common", + "data_share:datashare_consumer", + "file_api:filemgmt_libn", + "hilog:libhilog", + "ipc:ipc_core", + "safwk:system_ability_fwk", + "storage_service:storage_manager_sa_proxy", + ] + + defines = [ + "LOG_TAG=\"app_file_service\"", + "LOG_DOMAIN=0xD004303", + "private = public", + ] + + use_exceptions = true +} +############################################################################### diff --git a/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/backupsagetincrementallocalcapabilities_fuzzer.cpp b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/backupsagetincrementallocalcapabilities_fuzzer.cpp new file mode 100644 index 000000000..226d8255b --- /dev/null +++ b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/backupsagetincrementallocalcapabilities_fuzzer.cpp @@ -0,0 +1,335 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "backupsagetincrementallocalcapabilities_fuzzer.h" + +#include +#include +#include +#include +#include +#include + +#include "directory_ex.h" +#include "message_parcel.h" +#include "module_external/storage_manager_service.h" +#include "sandbox_helper.h" +#include "service.h" +#include "service_proxy.h" +#include "service_reverse.h" +#include "service_stub.h" +#include "securec.h" +#include "system_ability.h" + +using namespace std; +using namespace OHOS::FileManagement::Backup; + +template +T TypeCast(const uint8_t *data, int *pos = nullptr) +{ + if (pos) { + *pos += sizeof(T); + } + return *(reinterpret_cast(data)); +} + +namespace OHOS { +constexpr int32_t SERVICE_ID = 5203; +constexpr int32_t NEED_CREATE_THREE_STRING_NUM = 3; + +void GetBundleNamesData(const uint8_t *data, size_t size, vector &bundleNames) +{ + int minLen = sizeof(int64_t) + sizeof(int) + sizeof(int32_t); + if (size < minLen + 1) { + return; + } + FuzzedDataProvider fdp(data, size); + uint8_t loop = fdp.ConsumeIntegral(); + size--; + if (loop == 0 || (minLen * loop) > size) { + return; + } + int blob = (size / loop); + int len = (blob - minLen) >> 1; + for (size_t i = 0, pos = 1; i < loop; i++, pos += blob) { + int64_t nTime = fdp.ConsumeIntegral(); + int fd = fdp.ConsumeIntegral(); + int32_t priority = fdp.ConsumeIntegral(); + string name(reinterpret_cast(data + pos + minLen), len); + string parameters(reinterpret_cast(data + pos + len + minLen), len); + BIncrementalData incrementaData(name, nTime, fd, parameters, priority); + bundleNames.push_back(incrementaData); + } +} + +template +void WriteParcelableVector(const std::vector &parcelableVector, Parcel &data) +{ + if (!data.WriteUint32(parcelableVector.size())) { + return; + } + + for (const auto &parcelable : parcelableVector) { + if (!data.WriteParcelable(&parcelable)) { + return; + } + } + + return; +} + +bool CmdGetLocalCapabilitiesIncrementalFuzzTest(const uint8_t *data, size_t size) +{ + MessageParcel datas; + datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); + if (size >= sizeof(int32_t)) { + vector bundleNames; + GetBundleNamesData(data, size, bundleNames); + WriteParcelableVector(bundleNames, datas); + } + + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + sptr service(new Service(SERVICE_ID)); + uint32_t code = static_cast(IServiceIpcCode::COMMAND_GET_LOCAL_CAPABILITIES_INCREMENTAL); + service->OnRemoteRequest(code, datas, reply, option); + return true; +} + +bool GetStorageRecognizeSandboxPathEl1FuzzTest(const uint8_t *data, size_t size) +{ + uint32_t userId = 100; + int len = size >> 1; + string bundleName(reinterpret_cast(data), len); + string sandBoxSubpath(reinterpret_cast(data + len), len); + string fullPath = BASE_EL1 + DEFAULT_PATH_WITH_WILDCARD + sandBoxSubpath; + std::vector phyIncludes; + std::map pathMap; + StorageManagerService::GetInstance().RecognizeSandboxWildCard(userId, bundleName, fullPath, phyIncludes, pathMap); + return true; +} + +bool CmdExcludeFilter(const uint8_t *data, size_t size) +{ + int len = size / NEED_CREATE_THREE_STRING_NUM; + string dirPath(reinterpret_cast(data), len); + string pathVal1(reinterpret_cast(data + len), len); + string pathVal2(reinterpret_cast(data + len * 2), len); + std::map excludesMap; + excludesMap.insert(std::make_pair(pathVal1, true)); + excludesMap.insert(std::make_pair(pathVal2, false)); + StorageManagerService::GetInstance().ExcludeFilter(excludesMap, dirPath); + return true; +} + +bool GetStorageRecognizeSandboxPathEl2FuzzTest(const uint8_t *data, size_t size) +{ + uint32_t userId = 100; + int len = size >> 1; + string bundleName(reinterpret_cast(data), len); + string sandBoxSubpath(reinterpret_cast(data + len), len); + string fullPath = BASE_EL2 + DEFAULT_PATH_WITH_WILDCARD + sandBoxSubpath; + std::vector phyIncludes; + std::map pathMap; + StorageManagerService::GetInstance().RecognizeSandboxWildCard(userId, bundleName, fullPath, phyIncludes, pathMap); + return true; +} + +bool CmdGetMediaType(const uint8_t *data, size_t size) +{ + (void)data; + std::shared_ptr resultSet = std::make_shared(); + StorageManager::StorageStats storageStats = {}; + StorageManagerService::GetInstance().GetMediaTypeAndSize(resultSet, storageStats); + return true; +} + +bool CmdGetFileStorageStats(const uint8_t *data, size_t size) +{ + (void)data; + int32_t userId = 100; + StorageManager::StorageStats storageStats = {}; + StorageManagerService::GetInstance().GetFileStorageStats(userId, storageStats); + return true; +} + + +bool CmdInitQuotaMounts(const uint8_t *data, size_t size) +{ + (void)data; + StorageManagerService::GetInstance().InitialiseQuotaMounts(); + return true; +} +bool CmdExcludePathMap(const uint8_t *data, size_t size) +{ + string excludePath(reinterpret_cast(data), size); + std::map excludesMap; + StorageManagerService::GetInstance().SetExcludePathMap(excludePath, excludesMap); + return true; +} + +bool CmdConvertSandbxRealPath(const uint8_t *data, size_t size) +{ + uint32_t userId = 100; + int len = size >> 1; + string bundleName(reinterpret_cast(data), len); + string sandBoxSubpath(reinterpret_cast(data + len), len); + string fullSandBoxPath = NORMAL_SAND_PREFIX + sandBoxSubpath; + std::vector realPaths; + std::map pathMap; + StorageManagerService::GetInstance().ConvertSandboxRealPath(userId, bundleName, fullSandBoxPath, + realPaths, pathMap); + + string fullSandBoxFilePath = FILE_SAND_PREFIX + sandBoxSubpath; + StorageManagerService::GetInstance().ConvertSandboxRealPath(userId, bundleName, fullSandBoxFilePath, + realPaths, pathMap); + + string fullSandBoxMediaPath = MEDIA_SAND_PREFIX + sandBoxSubpath; + StorageManagerService::GetInstance().ConvertSandboxRealPath(userId, bundleName, fullSandBoxMediaPath, + realPaths, pathMap); + + string fullSandBoxMediaCloudPath = MEDIA_CLOUD_SAND_PREFIX + sandBoxSubpath; + StorageManagerService::GetInstance().ConvertSandboxRealPath(userId, bundleName, fullSandBoxMediaCloudPath, + realPaths, pathMap); + return true; +} + +bool CmdAddQuterDirInfoFileStateFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size < sizeof(int64_t)) { + return false; + } + int64_t lastBackupTime = *(reinterpret_cast(data)); + int len = (size - sizeof(int64_t)) / NEED_CREATE_THREE_STRING_NUM; + string dir(reinterpret_cast(data), len); + string bundleName(reinterpret_cast(data + len), len); + BundleStatsParas bundleStatsParas = {100, bundleName, lastBackupTime, 0, 0}; + string sanboxDir(reinterpret_cast(data + len * 2), len); + std::ofstream statFile; + std::map excludesMap; + StorageManagerService::GetInstance().AddOuterDirIntoFileStat(dir, bundleStatsParas, sanboxDir, + statFile, excludesMap); + return true; +} + +bool CmdPhysicalToSanboxPath(const uint8_t *data, size_t size) +{ + int len = size / NEED_CREATE_THREE_STRING_NUM; + string dir(reinterpret_cast(data), len); + string sandBodDir(reinterpret_cast(data + len), len); + string path(reinterpret_cast(data + len * 2), len); + StorageManagerService::GetInstance().PhysicalToSandboxPath(dir, sandBodDir, path); + return true; +} + +bool CmdAddPathMapForPathWildCard(const uint8_t *data, size_t size) +{ + uint32_t userId = 100; + int len = size >> 1; + string bundleName(reinterpret_cast(data), len); + string phyPath(reinterpret_cast(data + len), len); + std::map pathMap; + StorageManagerService::GetInstance().AddPathMapForPathWildCard(userId, bundleName, phyPath, pathMap); + return true; +} + +bool CheckIfDirForIncludesFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size < sizeof(int64_t) * NEED_CREATE_THREE_STRING_NUM) { + return false; + } + int pos = 0; + string bundleName = "com.example.test"; + BundleStatsParas paras = { + .userId = 100, + .lastBackupTime = TypeCast(data, &pos), + .fileSizeSum = TypeCast(data + pos, &pos), + .incFileSizeSum = TypeCast(data + pos, &pos), + .bundleName = bundleName + }; + + string path(reinterpret_cast(data + pos), size - pos); + map pathMap; + map execludePathMap; + string dir = BACKUP_PATH_PREFIX + std::to_string(paras.userId) + BACKUP_PATH_SURFFIX + bundleName + + FILE_SEPARATOR_CHAR; + string filePath = dir + BACKUP_STAT_SYMBOL + std::to_string(0); + ofstream statFile; + ForceCreateDirectory(dir); + statFile.open(filePath, std::ios::out | std::ios::trunc); + if (!statFile.is_open()) { + return false; + } + statFile << VER_10_LINE1 << std::endl; + statFile << VER_10_LINE2 << std::endl; + StorageManagerService::GetInstance().CheckIfDirForIncludes(path, paras, pathMap, statFile, execludePathMap); + StorageManagerService::GetInstance().GetIncludesFileStats(path, paras, pathMap, statFile, execludePathMap); + FileStat fileStat; + fileStat.filePath = path; + StorageManagerService::GetInstance().WriteFileList(statFile, fileStat, paras); + StorageManagerService::GetInstance().AddOuterDirIntoFileStat("/data/test", paras, "/data/test", statFile, + execludePathMap); + StorageManagerService::GetInstance().InsertStatFile(path, fileStat, statFile, execludePathMap, paras); + return true; +} + +bool GetPathWildCardFuzzTest(const uint8_t *data, size_t size) +{ + uint32_t userId = 100; + string bundleName(reinterpret_cast(data), size); + string includeWildCard = "/data/test/" + WILDCARD_DEFAULT_INCLUDE; + std::vector includePathList; + std::map pathMap; + StorageManagerService::GetInstance().GetPathWildCard(userId, bundleName, includeWildCard, includePathList, pathMap); + return true; +} + +bool CmdCheckOverLongPath(const uint8_t *data, size_t size) +{ + string filePath(reinterpret_cast(data), size); + StorageManagerService::GetInstance().CheckOverLongPath(filePath); + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + try { + OHOS::CmdGetLocalCapabilitiesIncrementalFuzzTest(data, size); + OHOS::GetStorageRecognizeSandboxPathEl1FuzzTest(data, size); + OHOS::GetStorageRecognizeSandboxPathEl2FuzzTest(data, size); + OHOS::CmdExcludeFilter(data, size); + OHOS::CmdGetMediaType(data, size); + OHOS::CmdGetFileStorageStats(data, size); + OHOS::CmdInitQuotaMounts(data, size); + OHOS::CmdExcludePathMap(data, size); + OHOS::CmdConvertSandbxRealPath(data, size); + OHOS::CmdAddQuterDirInfoFileStateFuzzTest(data, size); + OHOS::CmdPhysicalToSanboxPath(data, size); + OHOS::CmdAddPathMapForPathWildCard(data, size); + OHOS::CheckIfDirForIncludesFuzzTest(data, size); + OHOS::GetPathWildCardFuzzTest(data, size); + OHOS::CmdCheckOverLongPath(data, size); + OHOS::AppFileService::SandboxHelper::ClearBackupSandboxPathMap(); + } catch (OHOS::FileManagement::Backup::BError &err) { + HILOGE("BackupSaFuzzTest error"); + } catch (...) { + HILOGE("BackupSaFuzzTest exception"); + } + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/backupsagetincrementallocalcapabilities_fuzzer.h b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/backupsagetincrementallocalcapabilities_fuzzer.h new file mode 100644 index 000000000..e7cc07408 --- /dev/null +++ b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/backupsagetincrementallocalcapabilities_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef BACKUPSAGETINCREMENTALLOCALCAPABILITIES_FUZZER_H +#define BACKUPSAGETINCREMENTALLOCALCAPABILITIES_FUZZER_H + +#define FUZZ_PROJECT_NAME "backupsagetincrementallocalcapabilities_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/corpus/init b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/corpus/init new file mode 100644 index 000000000..7ade8a0fa --- /dev/null +++ b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/project.xml b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/project.xml new file mode 100644 index 000000000..66e1dcac4 --- /dev/null +++ b/test/fuzztest/backupsagetincrementallocalcapabilities_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/BUILD.gn b/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/BUILD.gn new file mode 100644 index 000000000..cc95ecc27 --- /dev/null +++ b/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/BUILD.gn @@ -0,0 +1,66 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/app_file_service/app_file_service.gni") +import("//foundation/filemanagement/app_file_service/backup.gni") + +##############################fuzztest########################################## +ohos_fuzztest("BackupSaInitIncrementalBackupSessionFuzzTest") { + module_out_path = "app_file_service/app_file_service" + fuzz_config_file = + "${app_file_service_path}/test/fuzztest/backupsainitincrementalbackupsession_fuzzer" + include_dirs = [ + "${app_file_service_path}/services/backup_sa/include/module_ipc", + "${app_file_service_path}/services/backup_sa/include", + "${app_file_service_path}/interfaces/inner_api/native/backup_kit_inner/impl", + "${app_file_service_path}/frameworks/native/backup_kit_inner/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "backupsainitincrementalbackupsession_fuzzer.cpp" ] + + deps = [ + "${app_file_service_path}/services/backup_sa:backup_sa", + "${path_backup}/interfaces/inner_api/native/backup_kit_inner:backup_kit_inner", + "${path_backup}/interfaces/innerkits/native:sandbox_helper_native", + "${path_backup}/utils:backup_utils", + ] + + public_configs = [ "${path_backup}/services/backup_sa:public_idl_config" ] + + external_deps = [ + "ability_runtime:ability_manager", + "ability_runtime:abilitykit_native", + "bounds_checking_function:libsec_shared", + "c_utils:utils", + "file_api:filemgmt_libn", + "hilog:libhilog", + "ipc:ipc_core", + "safwk:system_ability_fwk", + ] + + defines = [ + "LOG_TAG=\"app_file_service\"", + "LOG_DOMAIN=0xD004303", + ] + + use_exceptions = true +} +############################################################################### diff --git a/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/backupsainitincrementalbackupsession_fuzzer.cpp b/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/backupsainitincrementalbackupsession_fuzzer.cpp new file mode 100644 index 000000000..3e96b2a68 --- /dev/null +++ b/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/backupsainitincrementalbackupsession_fuzzer.cpp @@ -0,0 +1,67 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "backupsainitincrementalbackupsession_fuzzer.h" + +#include +#include +#include +#include +#include +#include + +#include "message_parcel.h" +#include "sandbox_helper.h" +#include "service.h" +#include "service_proxy.h" +#include "service_reverse.h" +#include "service_stub.h" +#include "securec.h" +#include "system_ability.h" + +using namespace std; +using namespace OHOS::FileManagement::Backup; + +namespace OHOS { +constexpr int32_t SERVICE_ID = 5203; + +bool CmdInitIncrementalBackupSessionFuzzTest(const uint8_t *data, size_t size) +{ + MessageParcel datas; + datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); + datas.WriteBuffer(data, size); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + sptr service(new Service(SERVICE_ID)); + uint32_t code = static_cast(IServiceIpcCode::COMMAND_INIT_INCREMENTAL_BACKUP_SESSION); + service->OnRemoteRequest(code, datas, reply, option); + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + try { + OHOS::CmdInitIncrementalBackupSessionFuzzTest(data, size); + } catch (OHOS::FileManagement::Backup::BError &err) { + HILOGE("BackupSaFuzzTest error"); + } catch (...) { + HILOGE("BackupSaFuzzTest exception"); + } + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/backupsainitincrementalbackupsession_fuzzer.h b/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/backupsainitincrementalbackupsession_fuzzer.h new file mode 100644 index 000000000..e02194a52 --- /dev/null +++ b/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/backupsainitincrementalbackupsession_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef BACKUPSAINITINCREMENTALBACKUPSESSION_FUZZER_H +#define BACKUPSAINITINCREMENTALBACKUPSESSION_FUZZER_H + +#define FUZZ_PROJECT_NAME "backupsainitincrementalbackupsession_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/corpus/init b/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/corpus/init new file mode 100644 index 000000000..7ade8a0fa --- /dev/null +++ b/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/project.xml b/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/project.xml new file mode 100644 index 000000000..66e1dcac4 --- /dev/null +++ b/test/fuzztest/backupsainitincrementalbackupsession_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/backupsapublishincrementalfile_fuzzer/BUILD.gn b/test/fuzztest/backupsapublishincrementalfile_fuzzer/BUILD.gn new file mode 100644 index 000000000..c3a3e0469 --- /dev/null +++ b/test/fuzztest/backupsapublishincrementalfile_fuzzer/BUILD.gn @@ -0,0 +1,66 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/app_file_service/app_file_service.gni") +import("//foundation/filemanagement/app_file_service/backup.gni") + +##############################fuzztest########################################## +ohos_fuzztest("BackupSaPublishIncrementalFileFuzzTest") { + module_out_path = "app_file_service/app_file_service" + fuzz_config_file = + "${app_file_service_path}/test/fuzztest/backupsapublishincrementalfile_fuzzer" + include_dirs = [ + "${app_file_service_path}/services/backup_sa/include/module_ipc", + "${app_file_service_path}/services/backup_sa/include", + "${app_file_service_path}/interfaces/inner_api/native/backup_kit_inner/impl", + "${app_file_service_path}/frameworks/native/backup_kit_inner/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "backupsapublishincrementalfile_fuzzer.cpp" ] + + deps = [ + "${app_file_service_path}/services/backup_sa:backup_sa", + "${path_backup}/interfaces/inner_api/native/backup_kit_inner:backup_kit_inner", + "${path_backup}/interfaces/innerkits/native:sandbox_helper_native", + "${path_backup}/utils:backup_utils", + ] + + public_configs = [ "${path_backup}/services/backup_sa:public_idl_config" ] + + external_deps = [ + "ability_runtime:ability_manager", + "ability_runtime:abilitykit_native", + "bounds_checking_function:libsec_shared", + "c_utils:utils", + "file_api:filemgmt_libn", + "hilog:libhilog", + "ipc:ipc_core", + "safwk:system_ability_fwk", + ] + + defines = [ + "LOG_TAG=\"app_file_service\"", + "LOG_DOMAIN=0xD004303", + ] + + use_exceptions = true +} +############################################################################### diff --git a/test/fuzztest/backupsapublishincrementalfile_fuzzer/backupsapublishincrementalfile_fuzzer.cpp b/test/fuzztest/backupsapublishincrementalfile_fuzzer/backupsapublishincrementalfile_fuzzer.cpp new file mode 100644 index 000000000..273545989 --- /dev/null +++ b/test/fuzztest/backupsapublishincrementalfile_fuzzer/backupsapublishincrementalfile_fuzzer.cpp @@ -0,0 +1,77 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "backupsapublishincrementalfile_fuzzer.h" + +#include +#include +#include +#include +#include +#include + +#include "message_parcel.h" +#include "sandbox_helper.h" +#include "service.h" +#include "service_proxy.h" +#include "service_reverse.h" +#include "service_stub.h" +#include "securec.h" +#include "system_ability.h" + +using namespace std; +using namespace OHOS::FileManagement::Backup; + +namespace OHOS { +constexpr int32_t SERVICE_ID = 5203; + +bool CmdPublishIncrementalFileFuzzTest(const uint8_t *data, size_t size) +{ + if (data == nullptr || size < sizeof(uint32_t)) { + return false; + } + MessageParcel datas; + datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); + uint32_t sn = *(reinterpret_cast(data)); + int len = (size - sizeof(uint32_t)) >> 1; + std::string fileName(reinterpret_cast(data + sizeof(uint32_t)), len); + std::string bundleName(reinterpret_cast(data + sizeof(uint32_t) + len), len); + + BFileInfo fileInfo(fileName, bundleName, sn); + datas.WriteParcelable(&fileInfo); + + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + sptr service(new Service(SERVICE_ID)); + uint32_t code = static_cast(IServiceIpcCode::COMMAND_PUBLISH_INCREMENTAL_FILE); + service->OnRemoteRequest(code, datas, reply, option); + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + try { + OHOS::CmdPublishIncrementalFileFuzzTest(data, size); + } catch (OHOS::FileManagement::Backup::BError &err) { + HILOGE("BackupSaFuzzTest error"); + } catch (...) { + HILOGE("BackupSaFuzzTest exception"); + } + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/backupsapublishincrementalfile_fuzzer/backupsapublishincrementalfile_fuzzer.h b/test/fuzztest/backupsapublishincrementalfile_fuzzer/backupsapublishincrementalfile_fuzzer.h new file mode 100644 index 000000000..d919c77c8 --- /dev/null +++ b/test/fuzztest/backupsapublishincrementalfile_fuzzer/backupsapublishincrementalfile_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef BACKUPSAPUBLISHINCREMENTALFILE_FUZZER_H +#define BACKUPSAPUBLISHINCREMENTALFILE_FUZZER_H + +#define FUZZ_PROJECT_NAME "backupsapublishincrementalfile_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/backupsapublishincrementalfile_fuzzer/corpus/init b/test/fuzztest/backupsapublishincrementalfile_fuzzer/corpus/init new file mode 100644 index 000000000..7ade8a0fa --- /dev/null +++ b/test/fuzztest/backupsapublishincrementalfile_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/backupsapublishincrementalfile_fuzzer/project.xml b/test/fuzztest/backupsapublishincrementalfile_fuzzer/project.xml new file mode 100644 index 000000000..66e1dcac4 --- /dev/null +++ b/test/fuzztest/backupsapublishincrementalfile_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/backupsaanother_fuzzer/BUILD.gn b/test/fuzztest/backupsarelease_fuzzer/BUILD.gn similarity index 91% rename from test/fuzztest/backupsaanother_fuzzer/BUILD.gn rename to test/fuzztest/backupsarelease_fuzzer/BUILD.gn index 36412f43b..e2b375306 100644 --- a/test/fuzztest/backupsaanother_fuzzer/BUILD.gn +++ b/test/fuzztest/backupsarelease_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2024 Huawei Device Co., Ltd. +# Copyright (c) 2022-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -18,10 +18,10 @@ import("//foundation/filemanagement/app_file_service/app_file_service.gni") import("//foundation/filemanagement/app_file_service/backup.gni") ##############################fuzztest########################################## -ohos_fuzztest("BackupSaAnotherFuzzTest") { +ohos_fuzztest("BackupSaReleaseFuzzTest") { module_out_path = "app_file_service/app_file_service" fuzz_config_file = - "${app_file_service_path}/test/fuzztest/backupsaanother_fuzzer" + "${app_file_service_path}/test/fuzztest/backupsarelease_fuzzer" include_dirs = [ "${app_file_service_path}/services/backup_sa/include/module_ipc", "${app_file_service_path}/services/backup_sa/include", @@ -34,7 +34,7 @@ ohos_fuzztest("BackupSaAnotherFuzzTest") { "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - sources = [ "backupsaanother_fuzzer.cpp" ] + sources = [ "backupsarelease_fuzzer.cpp" ] deps = [ "${app_file_service_path}/services/backup_sa:backup_sa", diff --git a/test/fuzztest/backupsarelease_fuzzer/backupsarelease_fuzzer.cpp b/test/fuzztest/backupsarelease_fuzzer/backupsarelease_fuzzer.cpp new file mode 100644 index 000000000..f683bf7d8 --- /dev/null +++ b/test/fuzztest/backupsarelease_fuzzer/backupsarelease_fuzzer.cpp @@ -0,0 +1,67 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "backupsarelease_fuzzer.h" + +#include +#include +#include +#include +#include +#include + +#include "message_parcel.h" +#include "sandbox_helper.h" +#include "service.h" +#include "service_proxy.h" +#include "service_reverse.h" +#include "service_stub.h" +#include "securec.h" +#include "system_ability.h" + +using namespace std; +using namespace OHOS::FileManagement::Backup; + +namespace OHOS { +constexpr int32_t SERVICE_ID = 5203; + +bool CmdReleaseFuzzTest(const uint8_t *data, size_t size) +{ + MessageParcel datas; + datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); + datas.WriteBuffer(data, size); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + sptr service(new Service(SERVICE_ID)); + uint32_t code = static_cast(IServiceIpcCode::COMMAND_RELEASE); + service->OnRemoteRequest(code, datas, reply, option); + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + try { + OHOS::CmdReleaseFuzzTest(data, size); + } catch (OHOS::FileManagement::Backup::BError &err) { + HILOGE("BackupSaFuzzTest error"); + } catch (...) { + HILOGE("BackupSaFuzzTest exception"); + } + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.h b/test/fuzztest/backupsarelease_fuzzer/backupsarelease_fuzzer.h similarity index 77% rename from test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.h rename to test/fuzztest/backupsarelease_fuzzer/backupsarelease_fuzzer.h index 8ddfc2126..f24a31b22 100644 --- a/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.h +++ b/test/fuzztest/backupsarelease_fuzzer/backupsarelease_fuzzer.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -13,9 +13,9 @@ * limitations under the License. */ -#ifndef BACKUPSAAPPEND_FUZZER_H -#define BACKUPSAAPPEND_FUZZER_H +#ifndef BACKUPSARELEASE_FUZZER_H +#define BACKUPSARELEASE_FUZZER_H -#define FUZZ_PROJECT_NAME "backupsaappend_fuzzer" +#define FUZZ_PROJECT_NAME "backupsarelease_fuzzer" #endif \ No newline at end of file diff --git a/test/fuzztest/backupsarelease_fuzzer/corpus/init b/test/fuzztest/backupsarelease_fuzzer/corpus/init new file mode 100644 index 000000000..7ade8a0fa --- /dev/null +++ b/test/fuzztest/backupsarelease_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/backupsarelease_fuzzer/project.xml b/test/fuzztest/backupsarelease_fuzzer/project.xml new file mode 100644 index 000000000..66e1dcac4 --- /dev/null +++ b/test/fuzztest/backupsarelease_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + -- Gitee