From 7a5c0b95542cf8b14b71ff811d1ea1cb9325ee92 Mon Sep 17 00:00:00 2001 From: lvyuanyuan Date: Mon, 1 Apr 2024 20:04:04 +0800 Subject: [PATCH] add afs fuzz test Signed-off-by: lvyuanyuan Change-Id: Ib23b36037b2f2f46ae31f07caef429240976ed5d --- test/fuzztest/backupsaappend_fuzzer/BUILD.gn | 2 + .../backupsaappend_fuzzer.cpp | 165 +++++++++++++++++- 2 files changed, 163 insertions(+), 4 deletions(-) diff --git a/test/fuzztest/backupsaappend_fuzzer/BUILD.gn b/test/fuzztest/backupsaappend_fuzzer/BUILD.gn index c7ae508b0..bc834696e 100644 --- a/test/fuzztest/backupsaappend_fuzzer/BUILD.gn +++ b/test/fuzztest/backupsaappend_fuzzer/BUILD.gn @@ -26,6 +26,7 @@ ohos_fuzztest("BackupSaAppendFuzzTest") { "${app_file_service_path}/services/backup_sa/include/module_ipc", "${app_file_service_path}/services/backup_sa/include", "${app_file_service_path}/interfaces/inner_api/native/backup_kit_inner/impl", + "${app_file_service_path}/frameworks/native/backup_kit_inner/include", ] cflags = [ "-g", @@ -37,6 +38,7 @@ ohos_fuzztest("BackupSaAppendFuzzTest") { deps = [ "${app_file_service_path}/services/backup_sa:backup_sa", + "${path_backup}/interfaces/inner_api/native/backup_kit_inner:backup_kit_inner", "${path_backup}/utils:backup_utils", "${third_party_path}/bounds_checking_function:libsec_shared", ] diff --git a/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.cpp b/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.cpp index b741dc24c..f5ada150a 100644 --- a/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.cpp +++ b/test/fuzztest/backupsaappend_fuzzer/backupsaappend_fuzzer.cpp @@ -18,19 +18,145 @@ #include #include #include - #include +#include + #include "message_parcel.h" -#include "service_stub.h" #include "service.h" +#include "service_proxy.h" +#include "service_reverse.h" +#include "service_stub.h" #include "securec.h" #include "system_ability.h" +using namespace std; using namespace OHOS::FileManagement::Backup; namespace OHOS { constexpr int32_t SERVICE_ID = 5203; +bool CmdInitRestoreSessionFuzzTest(const uint8_t *data, size_t size) +{ + MessageParcel datas; + datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); + BSessionRestore::Callbacks callbacks; + std::shared_ptr restorePtr = + std::make_shared(callbacks); + datas.WriteRemoteObject(restorePtr->AsObject().GetRefPtr()); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + sptr service = sptr(new Service(SERVICE_ID)); + service->OnRemoteRequest(static_cast(IServiceInterfaceCode::SERVICE_CMD_INIT_RESTORE_SESSION), + datas, reply, option); + service = nullptr; + return true; +} + +bool CmdInitBackupSessionFuzzTest(const uint8_t *data, size_t size) +{ + MessageParcel datas; + datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); + BSessionBackup::Callbacks callbacks; + std::shared_ptr backupPtr = + std::make_shared(callbacks); + datas.WriteRemoteObject(backupPtr->AsObject().GetRefPtr()); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + sptr service = sptr(new Service(SERVICE_ID)); + service->OnRemoteRequest(static_cast(IServiceInterfaceCode::SERVICE_CMD_INIT_BACKUP_SESSION), + datas, reply, option); + service = nullptr; + return true; +} + +bool CmdPublishFileFuzzTest(const uint8_t *data, size_t size) +{ + MessageParcel datas; + datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); + if (size > 0) { + int pos = (size + 1) >> 1; + std::string fileName((const char *)data, pos); + std::string bundleName((const char *)data + pos, size - pos); + uint32_t sn = 0; + if (size > sizeof(uint32_t)) { + sn = *(reinterpret_cast(data)); + } + BFileInfo fileInfo(fileName, bundleName, sn); + datas.WriteParcelable(&fileInfo); + } + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + sptr service = sptr(new Service(SERVICE_ID)); + service->OnRemoteRequest(static_cast(IServiceInterfaceCode::SERVICE_CMD_PUBLISH_FILE), + datas, reply, option); + service = nullptr; + return true; +} + +bool CmdGetLocalCapabilitiesFuzzTest(const uint8_t *data, size_t size) +{ + MessageParcel datas; + datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); + datas.WriteBuffer(data, size); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + sptr service = sptr(new Service(SERVICE_ID)); + uint32_t code = static_cast(IServiceInterfaceCode::SERVICE_CMD_GET_LOCAL_CAPABILITIES); + service->OnRemoteRequest(code, datas, reply, option); + service = nullptr; + return true; +} + +bool CmdAppFileReadyFuzzTest(const uint8_t *data, size_t size) +{ + MessageParcel datas; + datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); + std::string fileName((const char *)data, size); + datas.WriteString(fileName); + + int fd = -1; + if (size >= sizeof(int)) { + fd = *(reinterpret_cast(data)); + } + datas.WriteFileDescriptor(UniqueFd(fd)); + + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + sptr service = sptr(new Service(SERVICE_ID)); + uint32_t code = static_cast(IServiceInterfaceCode::SERVICE_CMD_APP_FILE_READY); + service->OnRemoteRequest(code, datas, reply, option); + service = nullptr; + return true; +} + +bool CmdAppDoneFuzzTest(const uint8_t *data, size_t size) +{ + MessageParcel datas; + datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); + if (size >= sizeof(bool)) { + datas.WriteBool(*(reinterpret_cast(data))); + } + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + sptr service = sptr(new Service(SERVICE_ID)); + service->OnRemoteRequest(static_cast(IServiceInterfaceCode::SERVICE_CMD_APP_DONE), + datas, reply, option); + service = nullptr; + return true; +} + bool CmdStartFuzzTest(const uint8_t *data, size_t size) { MessageParcel datas; @@ -67,7 +193,32 @@ bool CmdAppendBundlesRestoreSessionFuzzTest(const uint8_t *data, size_t size) { MessageParcel datas; datas.WriteInterfaceToken(ServiceStub::GetDescriptor()); - datas.WriteBuffer(data, size); + + size_t len = sizeof(int); + if (size >= len) { + int fd = *(reinterpret_cast(data)); + datas.WriteFileDescriptor(UniqueFd(fd)); + } + + if (size > 0) { + vector bundleNames; + for (size_t i = 0; i < size; i++) { + string name = string(reinterpret_cast(data), size) + to_string(i); + bundleNames.push_back(name); + } + datas.WriteStringVector(bundleNames); + } + + if (size >= len + sizeof(int32_t)) { + int32_t type = static_cast(*(reinterpret_cast(data + len))); + datas.WriteInt32(type); + len += sizeof(int32_t); + } + + if (size >= len + sizeof(int32_t)) { + int32_t userId = static_cast(*(reinterpret_cast(data + len))); + datas.WriteInt32(userId); + } datas.RewindRead(0); MessageParcel reply; MessageOption option; @@ -87,7 +238,13 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) if (data == nullptr) { return 0; } - + + OHOS::CmdInitRestoreSessionFuzzTest(data, size); + OHOS::CmdInitBackupSessionFuzzTest(data, size); + OHOS::CmdPublishFileFuzzTest(data, size); + OHOS::CmdGetLocalCapabilitiesFuzzTest(data, size); + OHOS::CmdAppFileReadyFuzzTest(data, size); + OHOS::CmdAppDoneFuzzTest(data, size); OHOS::CmdStartFuzzTest(data, size); OHOS::CmdFinishFuzzTest(data, size); OHOS::CmdAppendBundlesRestoreSessionFuzzTest(data, size); -- Gitee