From 846b26179ce6279ceb30792c79d8d422adc764ef Mon Sep 17 00:00:00 2001
From: hellohyh001 <huiyuehong@huawei.com>
Date: Mon, 22 May 2023 02:07:52 +0000
Subject: [PATCH 1/5] =?UTF-8?q?=E6=B7=BB=E5=8A=A0sensor=E7=9A=84OnRemoteRe?=
 =?UTF-8?q?questfuzz=E7=94=A8=E4=BE=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: hellohyh001 <huiyuehong@huawei.com>
Change-Id: Ie5f501578277c2a827d5a7ebef8b3300f9297615
---
 interfaces/native/test/fuzztest/BUILD.gn      |   3 +-
 .../sensoronremoterequest_fuzzer/BUILD.gn     |  66 +++++++++++
 .../sensoronremoterequest_fuzzer/corpus/init  |  14 +++
 .../sensoronremoterequest_fuzzer/project.xml  |  25 ++++
 .../sensoronremoterequest_fuzzer.cpp          | 107 ++++++++++++++++++
 .../sensoronremoterequest_fuzzer.h            |  22 ++++
 services/sensor/BUILD.gn                      |   1 -
 7 files changed, 236 insertions(+), 2 deletions(-)
 create mode 100644 interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn
 create mode 100644 interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/corpus/init
 create mode 100644 interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/project.xml
 create mode 100644 interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp
 create mode 100644 interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.h

diff --git a/interfaces/native/test/fuzztest/BUILD.gn b/interfaces/native/test/fuzztest/BUILD.gn
index bd9265b3..10394f0e 100644
--- a/interfaces/native/test/fuzztest/BUILD.gn
+++ b/interfaces/native/test/fuzztest/BUILD.gn
@@ -17,5 +17,6 @@ import("//build/test.gni")
 
 group("fuzztest") {
   testonly = true
-  deps = [ "sensoragent_fuzzer:fuzztest" ]
+  deps = [ "sensoragent_fuzzer:fuzztest",
+           "sensoronremoterequest_fuzzer:fuzztest" ]
 }
diff --git a/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn b/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn
new file mode 100644
index 00000000..c59348db
--- /dev/null
+++ b/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn
@@ -0,0 +1,66 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/config/features.gni")
+import("//build/ohos.gni")
+import("//build/test.gni")
+import("./../../../../../sensor.gni")
+
+ohos_fuzztest("SensorOnRemoteRequestFuzzTest") {
+  module_out_path = "sensors/sensor"
+
+  fuzz_config_file =
+      "$SUBSYSTEM_DIR/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer"
+
+  include_dirs = [
+    "include",
+    "$SUBSYSTEM_DIR/services/sensor/include",
+    "$SUBSYSTEM_DIR/frameworks/native/sensor/include",
+    "$SUBSYSTEM_DIR/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer",
+    "$SUBSYSTEM_DIR/services/sensor/hdi_connection/interface/include",
+    "$SUBSYSTEM_DIR/services/sensor/hdi_connection/adapter/include",
+    "$SUBSYSTEM_DIR/services/sensor/hdi_connection/hardware/include",
+    "$SUBSYSTEM_DIR/utils/common/include",
+    "$SUBSYSTEM_DIR/utils/ipc/include",
+  ]
+
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+
+  sources = [ "sensoronremoterequest_fuzzer.cpp" ]
+
+  deps = [ "$SUBSYSTEM_DIR/interfaces/native:sensor_interface_native",
+           "$SUBSYSTEM_DIR/services/sensor:libsensor_service",
+           "$SUBSYSTEM_DIR/utils/common:libsensor_utils",
+           "$SUBSYSTEM_DIR/utils/ipc:libsensor_ipc",
+           ]
+
+  external_deps = [ "c_utils:utils",
+                    "ipc:ipc_core",
+                    "samgr:samgr_proxy",
+                    "access_token:libaccesstoken_sdk",
+                    "hiviewdfx_hilog_native:libhilog", ]
+}
+
+group("fuzztest") {
+  testonly = true
+  deps = []
+  deps += [
+    # deps file
+    ":SensorOnRemoteRequestFuzzTest",
+  ]
+}
diff --git a/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/corpus/init b/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/corpus/init
new file mode 100644
index 00000000..e4ceac1b
--- /dev/null
+++ b/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/corpus/init
@@ -0,0 +1,14 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FUZZ
\ No newline at end of file
diff --git a/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/project.xml b/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/project.xml
new file mode 100644
index 00000000..53811f01
--- /dev/null
+++ b/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2023 Huawei Device Co., Ltd.
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>120</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>2048</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp b/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp
new file mode 100644
index 00000000..5f1fcbfa
--- /dev/null
+++ b/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp
@@ -0,0 +1,107 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "sensoronremoterequest_fuzzer.h"
+
+#include <cstddef>
+#include <cstdint>
+#include <iostream>
+
+#include "message_parcel.h"
+#include "sensor.h"
+#include "sensor_service.h"
+
+
+namespace OHOS {
+namespace Sensors {
+namespace {
+constexpr size_t FOO_MAX_LEN = 1024;
+constexpr size_t U32_AT_SIZE = 4;
+const std::u16string SENSOR_INTERFACE_TOKEN = u"ISensorService";
+}
+
+class SensorOnRemoteRequestFuzzTest : public SensorServiceStub {
+public:
+    SensorOnRemoteRequestFuzzTest() {}
+    virtual ~SensorOnRemoteRequestFuzzTest() = default;
+    ErrCode EnableSensor(int32_t sensorId, int64_t samplingPeriodNs,
+                                int64_t maxReportDelayNs) {return 0;};
+    ErrCode DisableSensor(int32_t sensorId) {return 0;};
+    std::vector<Sensor> GetSensorList() {return {};};
+    ErrCode TransferDataChannel(const sptr<Sensors::SensorBasicDataChannel> &sensorBasicDataChannel,
+                                    const sptr<IRemoteObject> &sensorClient) {return 0;};
+    ErrCode DestroySensorChannel(sptr<IRemoteObject> sensorClient) {return 0;};
+    ErrCode SuspendSensors(int32_t pid) {return 0;};
+    ErrCode ResumeSensors(int32_t pid) {return 0;};
+    ErrCode GetActiveInfoList(int32_t pid, std::vector<Sensors::ActiveInfo> &activeInfoList) {return 0;};
+    ErrCode CreateSocketChannel(sptr<IRemoteObject> sensorClient, int32_t &clientFd) {return 0;};
+    ErrCode DestroySocketChannel(sptr<IRemoteObject> sensorClient) {return 0;};
+    ErrCode EnableActiveInfoCB() {return 0;};
+    ErrCode DisableActiveInfoCB() {return 0;};
+};
+
+uint32_t GetU32Data(const char* ptr)
+{
+    // convert fuzz input data to an integer
+    return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3];
+}
+
+bool OnRemoteRequestFuzzTest(const char* data, size_t size)
+{
+    uint32_t code = GetU32Data(data);
+    MessageParcel datas;
+    datas.WriteInterfaceToken(SENSOR_INTERFACE_TOKEN);
+    datas.WriteBuffer(data, size);
+    datas.RewindRead(0);
+    MessageParcel reply;
+    MessageOption option;
+    std::shared_ptr<Sensors::SensorServiceStub> sensorServiceStub = std::make_shared<SensorOnRemoteRequestFuzzTest>();
+    sensorServiceStub->OnRemoteRequest(code, datas, reply, option);
+    return true;
+}
+}
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+        /* Run your code on data */
+    if (data == nullptr) {
+        std::cout << "invalid data" << std::endl;
+        return 0;
+    }
+
+    /* Validate the length of size */
+    if (size > OHOS::Sensors::FOO_MAX_LEN || size < OHOS::Sensors::U32_AT_SIZE) {
+        return 0;
+    }
+
+    char* ch = (char*)malloc(size + 1);
+    if (ch == nullptr) {
+        std::cout << "malloc failed." << std::endl;
+        return 0;
+    }
+
+    (void)memset_s(ch, size + 1, 0x00, size + 1);
+    if (memcpy_s(ch, size, data, size) != EOK) {
+        std::cout << "copy failed." << std::endl;
+        free(ch);
+        ch = nullptr;
+        return 0;
+    }
+    OHOS::Sensors::OnRemoteRequestFuzzTest(ch, size);
+    free(ch);
+    ch = nullptr;
+    return 0;
+}
diff --git a/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.h b/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.h
new file mode 100644
index 00000000..f5469b05
--- /dev/null
+++ b/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SENSOR_ON_REMOTE_REQUEST_FUZZER_H
+#define SENSOR_ON_REMOTE_REQUEST_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "sensoronremoterequest_fuzzer"
+
+#endif // SENSOR_ON_REMOTE_REQUEST_FUZZER_H
+
diff --git a/services/sensor/BUILD.gn b/services/sensor/BUILD.gn
index da1031c4..7582d312 100644
--- a/services/sensor/BUILD.gn
+++ b/services/sensor/BUILD.gn
@@ -60,7 +60,6 @@ ohos_shared_library("libsensor_service") {
     "safwk:system_ability_fwk",
   ]
 
-  shlib_type = "sa"
   part_name = "sensor"
   subsystem_name = "sensors"
 }
-- 
Gitee


From 76133c5577fd42f147f522baeeb044f01b3f81ef Mon Sep 17 00:00:00 2001
From: hellohyh001 <huiyuehong@huawei.com>
Date: Mon, 22 May 2023 07:12:38 +0000
Subject: [PATCH 2/5] =?UTF-8?q?=E6=B7=BB=E5=8A=A0sensor=E7=9A=84OnRemoteRe?=
 =?UTF-8?q?questfuzz=E7=94=A8=E4=BE=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: hellohyh001 <huiyuehong@huawei.com>
Change-Id: I1a0cb03e4f4668eaa744c1aa9a0876dadd2613e7
---
 .../sensoronremoterequest_fuzzer.cpp                          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp b/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp
index 5f1fcbfa..a3e900e5 100644
--- a/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp
+++ b/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp
@@ -71,8 +71,8 @@ bool OnRemoteRequestFuzzTest(const char* data, size_t size)
     sensorServiceStub->OnRemoteRequest(code, datas, reply, option);
     return true;
 }
-}
-}
+}  // namespace Sensors
+}  // namespace OHOS
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
 {
-- 
Gitee


From 70be0f393e5fd6ae8fba63ff2afe3dde274bc23b Mon Sep 17 00:00:00 2001
From: hellohyh001 <huiyuehong@huawei.com>
Date: Wed, 24 May 2023 01:06:44 +0000
Subject: [PATCH 3/5] =?UTF-8?q?=E6=B7=BB=E5=8A=A0sensor=E7=9A=84OnRemoteRe?=
 =?UTF-8?q?questfuzz=E7=94=A8=E4=BE=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: hellohyh001 <huiyuehong@huawei.com>
Change-Id: I6cf228f9bd3fdf7d581a51be43b12ed94395b40d
---
 bundle.json                                   |  3 +-
 interfaces/native/test/fuzztest/BUILD.gn      |  3 +-
 services/sensor/test/fuzztest/BUILD.gn        | 21 ++++++
 .../sensoronremoterequest_fuzzer/BUILD.gn     | 30 +++++----
 .../sensoronremoterequest_fuzzer/corpus/init  |  0
 .../sensoronremoterequest_fuzzer/project.xml  |  0
 .../sensoronremoterequest_fuzzer.cpp          | 64 +++++++++++++++----
 .../sensoronremoterequest_fuzzer.h            |  2 +-
 8 files changed, 91 insertions(+), 32 deletions(-)
 create mode 100644 services/sensor/test/fuzztest/BUILD.gn
 rename {interfaces/native => services/sensor}/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn (69%)
 rename {interfaces/native => services/sensor}/test/fuzztest/sensoronremoterequest_fuzzer/corpus/init (100%)
 rename {interfaces/native => services/sensor}/test/fuzztest/sensoronremoterequest_fuzzer/project.xml (100%)
 rename {interfaces/native => services/sensor}/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp (81%)
 rename {interfaces/native => services/sensor}/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.h (94%)

diff --git a/bundle.json b/bundle.json
index 374a17bf..87ab0926 100644
--- a/bundle.json
+++ b/bundle.json
@@ -62,7 +62,8 @@
       "test": [
           "//base/sensors/sensor/interfaces/plugin/test/unittest:unittest",
           "//base/sensors/sensor/interfaces/native/test/fuzztest:fuzztest",
-          "//base/sensors/sensor/interfaces/native/test:unittest"
+          "//base/sensors/sensor/interfaces/native/test:unittest",
+          "//base/sensors/sensor/services/sensor/test/fuzztest:fuzztest"
       ]
     }
   }
diff --git a/interfaces/native/test/fuzztest/BUILD.gn b/interfaces/native/test/fuzztest/BUILD.gn
index 10394f0e..bd9265b3 100644
--- a/interfaces/native/test/fuzztest/BUILD.gn
+++ b/interfaces/native/test/fuzztest/BUILD.gn
@@ -17,6 +17,5 @@ import("//build/test.gni")
 
 group("fuzztest") {
   testonly = true
-  deps = [ "sensoragent_fuzzer:fuzztest",
-           "sensoronremoterequest_fuzzer:fuzztest" ]
+  deps = [ "sensoragent_fuzzer:fuzztest" ]
 }
diff --git a/services/sensor/test/fuzztest/BUILD.gn b/services/sensor/test/fuzztest/BUILD.gn
new file mode 100644
index 00000000..8ea5c564
--- /dev/null
+++ b/services/sensor/test/fuzztest/BUILD.gn
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/config/features.gni")
+import("//build/ohos.gni")
+import("//build/test.gni")
+
+group("fuzztest") {
+  testonly = true
+  deps = [ "sensoronremoterequest_fuzzer:fuzztest" ]
+}
diff --git a/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn
similarity index 69%
rename from interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn
rename to services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn
index c59348db..c9509216 100644
--- a/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn
+++ b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn
@@ -20,16 +20,15 @@ ohos_fuzztest("SensorOnRemoteRequestFuzzTest") {
   module_out_path = "sensors/sensor"
 
   fuzz_config_file =
-      "$SUBSYSTEM_DIR/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer"
+      "$SUBSYSTEM_DIR/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer"
 
   include_dirs = [
-    "include",
-    "$SUBSYSTEM_DIR/services/sensor/include",
     "$SUBSYSTEM_DIR/frameworks/native/sensor/include",
-    "$SUBSYSTEM_DIR/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer",
     "$SUBSYSTEM_DIR/services/sensor/hdi_connection/interface/include",
     "$SUBSYSTEM_DIR/services/sensor/hdi_connection/adapter/include",
     "$SUBSYSTEM_DIR/services/sensor/hdi_connection/hardware/include",
+    "$SUBSYSTEM_DIR/services/sensor/include",
+    "$SUBSYSTEM_DIR/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer",
     "$SUBSYSTEM_DIR/utils/common/include",
     "$SUBSYSTEM_DIR/utils/ipc/include",
   ]
@@ -43,17 +42,20 @@ ohos_fuzztest("SensorOnRemoteRequestFuzzTest") {
 
   sources = [ "sensoronremoterequest_fuzzer.cpp" ]
 
-  deps = [ "$SUBSYSTEM_DIR/interfaces/native:sensor_interface_native",
-           "$SUBSYSTEM_DIR/services/sensor:libsensor_service",
-           "$SUBSYSTEM_DIR/utils/common:libsensor_utils",
-           "$SUBSYSTEM_DIR/utils/ipc:libsensor_ipc",
-           ]
+  deps = [ 
+      "$SUBSYSTEM_DIR/interfaces/native:sensor_interface_native",
+      "$SUBSYSTEM_DIR/services/sensor:libsensor_service",
+      "$SUBSYSTEM_DIR/utils/common:libsensor_utils",
+      "$SUBSYSTEM_DIR/utils/ipc:libsensor_ipc",
+    ]
 
-  external_deps = [ "c_utils:utils",
-                    "ipc:ipc_core",
-                    "samgr:samgr_proxy",
-                    "access_token:libaccesstoken_sdk",
-                    "hiviewdfx_hilog_native:libhilog", ]
+  external_deps = [
+      "access_token:libaccesstoken_sdk",
+      "c_utils:utils",
+      "hiviewdfx_hilog_native:libhilog",
+      "ipc:ipc_core",
+      "samgr:samgr_proxy",
+    ]
 }
 
 group("fuzztest") {
diff --git a/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/corpus/init b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/corpus/init
similarity index 100%
rename from interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/corpus/init
rename to services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/corpus/init
diff --git a/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/project.xml b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/project.xml
similarity index 100%
rename from interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/project.xml
rename to services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/project.xml
diff --git a/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp
similarity index 81%
rename from interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp
rename to services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp
index a3e900e5..55dce2ca 100644
--- a/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp
+++ b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp
@@ -37,19 +37,55 @@ public:
     SensorOnRemoteRequestFuzzTest() {}
     virtual ~SensorOnRemoteRequestFuzzTest() = default;
     ErrCode EnableSensor(int32_t sensorId, int64_t samplingPeriodNs,
-                                int64_t maxReportDelayNs) {return 0;};
-    ErrCode DisableSensor(int32_t sensorId) {return 0;};
-    std::vector<Sensor> GetSensorList() {return {};};
+                                int64_t maxReportDelayNs)
+    {
+        return 0;
+    }
+    ErrCode DisableSensor(int32_t sensorId)
+    {
+        return 0;
+    }
+    std::vector<Sensor> GetSensorList()
+    {
+        return {};
+    }
     ErrCode TransferDataChannel(const sptr<Sensors::SensorBasicDataChannel> &sensorBasicDataChannel,
-                                    const sptr<IRemoteObject> &sensorClient) {return 0;};
-    ErrCode DestroySensorChannel(sptr<IRemoteObject> sensorClient) {return 0;};
-    ErrCode SuspendSensors(int32_t pid) {return 0;};
-    ErrCode ResumeSensors(int32_t pid) {return 0;};
-    ErrCode GetActiveInfoList(int32_t pid, std::vector<Sensors::ActiveInfo> &activeInfoList) {return 0;};
-    ErrCode CreateSocketChannel(sptr<IRemoteObject> sensorClient, int32_t &clientFd) {return 0;};
-    ErrCode DestroySocketChannel(sptr<IRemoteObject> sensorClient) {return 0;};
-    ErrCode EnableActiveInfoCB() {return 0;};
-    ErrCode DisableActiveInfoCB() {return 0;};
+                                    const sptr<IRemoteObject> &sensorClient)
+    {
+        return 0;
+    }
+    ErrCode DestroySensorChannel(sptr<IRemoteObject> sensorClient)
+    {
+        return 0;
+    }
+    ErrCode SuspendSensors(int32_t pid)
+    {
+        return 0;
+    }
+    ErrCode ResumeSensors(int32_t pid)
+    {
+        return 0;
+    }
+    ErrCode GetActiveInfoList(int32_t pid, std::vector<Sensors::ActiveInfo> &activeInfoList)
+    {
+        return 0;
+    }
+    ErrCode CreateSocketChannel(sptr<IRemoteObject> sensorClient, int32_t &clientFd)
+    {
+        return 0;
+    }
+    ErrCode DestroySocketChannel(sptr<IRemoteObject> sensorClient)
+    {
+        return 0;
+    }
+    ErrCode EnableActiveInfoCB()
+    {
+        return 0;
+    }
+    ErrCode DisableActiveInfoCB()
+    {
+        return 0;
+    }
 };
 
 uint32_t GetU32Data(const char* ptr)
@@ -71,8 +107,8 @@ bool OnRemoteRequestFuzzTest(const char* data, size_t size)
     sensorServiceStub->OnRemoteRequest(code, datas, reply, option);
     return true;
 }
-}  // namespace Sensors
-}  // namespace OHOS
+}
+}
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
 {
diff --git a/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.h b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.h
similarity index 94%
rename from interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.h
rename to services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.h
index f5469b05..11e15229 100644
--- a/interfaces/native/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.h
+++ b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
-- 
Gitee


From 66a1fc7f708ce1ff30a563f8aa5159e434c9b1ee Mon Sep 17 00:00:00 2001
From: hellohyh001 <huiyuehong@huawei.com>
Date: Fri, 26 May 2023 01:25:26 +0000
Subject: [PATCH 4/5] =?UTF-8?q?=E6=B7=BB=E5=8A=A0sensor=E7=9A=84OnRemoteRe?=
 =?UTF-8?q?questfuzz=E7=94=A8=E4=BE=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: hellohyh001 <huiyuehong@huawei.com>
Change-Id: I1ed91ccff77ed01f951a28cbe587b90e61964a5d
---
 services/sensor/BUILD.gn                      | 52 +++++++++++++++-
 .../sensoronremoterequest_fuzzer/BUILD.gn     |  2 +-
 .../sensoronremoterequest_fuzzer.cpp          | 61 +------------------
 3 files changed, 55 insertions(+), 60 deletions(-)

diff --git a/services/sensor/BUILD.gn b/services/sensor/BUILD.gn
index 7582d312..d0f2f6ba 100644
--- a/services/sensor/BUILD.gn
+++ b/services/sensor/BUILD.gn
@@ -59,11 +59,61 @@ ohos_shared_library("libsensor_service") {
     "ipc:ipc_core",
     "safwk:system_ability_fwk",
   ]
-
+  shlib_type = "sa"
   part_name = "sensor"
   subsystem_name = "sensors"
 }
 
+##########################################################################
+ohos_shared_library("libsensor_service_static") {
+  sources = [
+    "hdi_connection/adapter/src/compatible_connection.cpp",
+    "hdi_connection/adapter/src/hdi_connection.cpp",
+    "hdi_connection/adapter/src/sensor_event_callback.cpp",
+    "hdi_connection/hardware/src/hdi_service_impl.cpp",
+    "hdi_connection/interface/src/sensor_hdi_connection.cpp",
+    "src/client_info.cpp",
+    "src/fifo_cache_data.cpp",
+    "src/flush_info_record.cpp",
+    "src/sensor_data_processer.cpp",
+    "src/sensor_dump.cpp",
+    "src/sensor_manager.cpp",
+    "src/sensor_power_policy.cpp",
+    "src/sensor_service.cpp",
+    "src/sensor_service_stub.cpp",
+    "src/stream_server.cpp",
+  ]
+
+  include_dirs = [
+    "$SUBSYSTEM_DIR/frameworks/native/sensor/include",
+    "$SUBSYSTEM_DIR/interfaces/native/include",
+    "$SUBSYSTEM_DIR/services/sensor/include",
+    "$SUBSYSTEM_DIR/services/sensor/hdi_connection/interface/include",
+    "$SUBSYSTEM_DIR/services/sensor/hdi_connection/adapter/include",
+    "$SUBSYSTEM_DIR/services/sensor/hdi_connection/hardware/include",
+    "$SUBSYSTEM_DIR/utils/common/include",
+    "$SUBSYSTEM_DIR/utils/ipc/include",
+  ]
+
+  deps = [
+    "$SUBSYSTEM_DIR/utils/common:libsensor_utils",
+    "$SUBSYSTEM_DIR/utils/ipc:libsensor_ipc",
+  ]
+
+  external_deps = [
+    "access_token:libaccesstoken_sdk",
+    "c_utils:utils",
+    "drivers_interface_sensor:libsensor_proxy_1.0",
+    "hisysevent_native:libhisysevent",
+    "hitrace_native:hitrace_meter",
+    "hiviewdfx_hilog_native:libhilog",
+    "ipc:ipc_core",
+    "safwk:system_ability_fwk",
+  ]
+
+  part_name = "sensor"
+  subsystem_name = "sensors"
+}
 group("sensor_service_target") {
   deps = [ ":libsensor_service" ]
 }
diff --git a/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn
index c9509216..3d6ab7b5 100644
--- a/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn
+++ b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn
@@ -44,7 +44,7 @@ ohos_fuzztest("SensorOnRemoteRequestFuzzTest") {
 
   deps = [ 
       "$SUBSYSTEM_DIR/interfaces/native:sensor_interface_native",
-      "$SUBSYSTEM_DIR/services/sensor:libsensor_service",
+      "$SUBSYSTEM_DIR/services/sensor:libsensor_service_static",
       "$SUBSYSTEM_DIR/utils/common:libsensor_utils",
       "$SUBSYSTEM_DIR/utils/ipc:libsensor_ipc",
     ]
diff --git a/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp
index 55dce2ca..2c0e9c4f 100644
--- a/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp
+++ b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp
@@ -29,65 +29,11 @@ namespace Sensors {
 namespace {
 constexpr size_t FOO_MAX_LEN = 1024;
 constexpr size_t U32_AT_SIZE = 4;
+std::shared_ptr<SensorService> sensorServicePtr =
+                            std::make_shared<SensorService>(3601, false);
 const std::u16string SENSOR_INTERFACE_TOKEN = u"ISensorService";
 }
 
-class SensorOnRemoteRequestFuzzTest : public SensorServiceStub {
-public:
-    SensorOnRemoteRequestFuzzTest() {}
-    virtual ~SensorOnRemoteRequestFuzzTest() = default;
-    ErrCode EnableSensor(int32_t sensorId, int64_t samplingPeriodNs,
-                                int64_t maxReportDelayNs)
-    {
-        return 0;
-    }
-    ErrCode DisableSensor(int32_t sensorId)
-    {
-        return 0;
-    }
-    std::vector<Sensor> GetSensorList()
-    {
-        return {};
-    }
-    ErrCode TransferDataChannel(const sptr<Sensors::SensorBasicDataChannel> &sensorBasicDataChannel,
-                                    const sptr<IRemoteObject> &sensorClient)
-    {
-        return 0;
-    }
-    ErrCode DestroySensorChannel(sptr<IRemoteObject> sensorClient)
-    {
-        return 0;
-    }
-    ErrCode SuspendSensors(int32_t pid)
-    {
-        return 0;
-    }
-    ErrCode ResumeSensors(int32_t pid)
-    {
-        return 0;
-    }
-    ErrCode GetActiveInfoList(int32_t pid, std::vector<Sensors::ActiveInfo> &activeInfoList)
-    {
-        return 0;
-    }
-    ErrCode CreateSocketChannel(sptr<IRemoteObject> sensorClient, int32_t &clientFd)
-    {
-        return 0;
-    }
-    ErrCode DestroySocketChannel(sptr<IRemoteObject> sensorClient)
-    {
-        return 0;
-    }
-    ErrCode EnableActiveInfoCB()
-    {
-        return 0;
-    }
-    ErrCode DisableActiveInfoCB()
-    {
-        return 0;
-    }
-};
-
 uint32_t GetU32Data(const char* ptr)
 {
     // convert fuzz input data to an integer
@@ -103,8 +49,7 @@ bool OnRemoteRequestFuzzTest(const char* data, size_t size)
     datas.RewindRead(0);
     MessageParcel reply;
     MessageOption option;
-    std::shared_ptr<Sensors::SensorServiceStub> sensorServiceStub = std::make_shared<SensorOnRemoteRequestFuzzTest>();
-    sensorServiceStub->OnRemoteRequest(code, datas, reply, option);
+    sensorServicePtr->OnRemoteRequest(code, datas, reply, option);
     return true;
 }
 }
-- 
Gitee


From 0c4294f9287ffaef9384e63477bbd997f1dadc6c Mon Sep 17 00:00:00 2001
From: hellohyh001 <huiyuehong@huawei.com>
Date: Fri, 26 May 2023 10:14:00 +0000
Subject: [PATCH 5/5] =?UTF-8?q?=E6=B7=BB=E5=8A=A0sensor=E7=9A=84OnRemoteRe?=
 =?UTF-8?q?questfuzz=E7=94=A8=E4=BE=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: hellohyh001 <huiyuehong@huawei.com>
Change-Id: I57d378bf61b37a8091aabfbbbf87c8e33ff2739c
---
 services/sensor/BUILD.gn                                  | 1 -
 .../test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn   | 3 +--
 .../sensoronremoterequest_fuzzer.cpp                      | 8 ++++----
 .../sensoronremoterequest_fuzzer.h                        | 2 +-
 4 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/services/sensor/BUILD.gn b/services/sensor/BUILD.gn
index d0f2f6ba..4d136508 100644
--- a/services/sensor/BUILD.gn
+++ b/services/sensor/BUILD.gn
@@ -63,7 +63,6 @@ ohos_shared_library("libsensor_service") {
   part_name = "sensor"
   subsystem_name = "sensors"
 }
-
 ##########################################################################
 ohos_shared_library("libsensor_service_static") {
   sources = [
diff --git a/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn
index 3d6ab7b5..36bc9a3d 100644
--- a/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn
+++ b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn
@@ -60,8 +60,7 @@ ohos_fuzztest("SensorOnRemoteRequestFuzzTest") {
 
 group("fuzztest") {
   testonly = true
-  deps = []
-  deps += [
+  deps = [
     # deps file
     ":SensorOnRemoteRequestFuzzTest",
   ]
diff --git a/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp
index 2c0e9c4f..92527388 100644
--- a/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp
+++ b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp
@@ -32,7 +32,7 @@ constexpr size_t U32_AT_SIZE = 4;
 std::shared_ptr<SensorService> sensorServicePtr =
                             std::make_shared<SensorService>(3601, false);
 const std::u16string SENSOR_INTERFACE_TOKEN = u"ISensorService";
-}
+}  // namespace
 
 uint32_t GetU32Data(const char* ptr)
 {
@@ -52,12 +52,12 @@ bool OnRemoteRequestFuzzTest(const char* data, size_t size)
     sensorServicePtr->OnRemoteRequest(code, datas, reply, option);
     return true;
 }
-}
-}
+}  // namespace Sensors
+}  // namespace OHOS
 
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
 {
-        /* Run your code on data */
+    /* Run your code on data */
     if (data == nullptr) {
         std::cout << "invalid data" << std::endl;
         return 0;
diff --git a/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.h b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.h
index 11e15229..f5469b05 100644
--- a/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.h
+++ b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
-- 
Gitee