diff --git a/bundle.json b/bundle.json
old mode 100644
new mode 100755
index 374a17bf76e7b3f65c7a54adc057549c39d15ae9..394e814a95525c13754efd85e0747354ad0dc7c3
--- a/bundle.json
+++ b/bundle.json
@@ -62,6 +62,7 @@
"test": [
"//base/sensors/sensor/interfaces/plugin/test/unittest:unittest",
"//base/sensors/sensor/interfaces/native/test/fuzztest:fuzztest",
+ "//base/sensors/sensor/services/sensor/test/fuzztest:fuzztest",
"//base/sensors/sensor/interfaces/native/test:unittest"
]
}
diff --git a/services/sensor/BUILD.gn b/services/sensor/BUILD.gn
old mode 100644
new mode 100755
index da1031c44a5e3782f817efc8306a5de35cfb0953..ec04d526e3d58aad23d8ea4a356c674c63ebf8df
--- a/services/sensor/BUILD.gn
+++ b/services/sensor/BUILD.gn
@@ -64,7 +64,56 @@ ohos_shared_library("libsensor_service") {
part_name = "sensor"
subsystem_name = "sensors"
}
+################################################################
+ohos_shared_library("libsensor_service_static") {
+ sources = [
+ "hdi_connection/adapter/src/compatible_connection.cpp",
+ "hdi_connection/adapter/src/hdi_connection.cpp",
+ "hdi_connection/adapter/src/sensor_event_callback.cpp",
+ "hdi_connection/hardware/src/hdi_service_impl.cpp",
+ "hdi_connection/interface/src/sensor_hdi_connection.cpp",
+ "src/client_info.cpp",
+ "src/fifo_cache_data.cpp",
+ "src/flush_info_record.cpp",
+ "src/sensor_data_processer.cpp",
+ "src/sensor_dump.cpp",
+ "src/sensor_manager.cpp",
+ "src/sensor_power_policy.cpp",
+ "src/sensor_service.cpp",
+ "src/sensor_service_stub.cpp",
+ "src/stream_server.cpp",
+ ]
+ include_dirs = [
+ "$SUBSYSTEM_DIR/frameworks/native/sensor/include",
+ "$SUBSYSTEM_DIR/interfaces/native/include",
+ "$SUBSYSTEM_DIR/services/sensor/include",
+ "$SUBSYSTEM_DIR/services/sensor/hdi_connection/interface/include",
+ "$SUBSYSTEM_DIR/services/sensor/hdi_connection/adapter/include",
+ "$SUBSYSTEM_DIR/services/sensor/hdi_connection/hardware/include",
+ "$SUBSYSTEM_DIR/utils/common/include",
+ "$SUBSYSTEM_DIR/utils/ipc/include",
+ ]
+
+ deps = [
+ "$SUBSYSTEM_DIR/utils/common:libsensor_utils",
+ "$SUBSYSTEM_DIR/utils/ipc:libsensor_ipc",
+ ]
+
+ external_deps = [
+ "access_token:libaccesstoken_sdk",
+ "c_utils:utils",
+ "drivers_interface_sensor:libsensor_proxy_1.0",
+ "hisysevent_native:libhisysevent",
+ "hitrace_native:hitrace_meter",
+ "hiviewdfx_hilog_native:libhilog",
+ "ipc:ipc_core",
+ "safwk:system_ability_fwk",
+ ]
+
+ part_name = "sensor"
+ subsystem_name = "sensors"
+}
group("sensor_service_target") {
deps = [ ":libsensor_service" ]
}
diff --git a/services/sensor/test/fuzztest/BUILD.gn b/services/sensor/test/fuzztest/BUILD.gn
new file mode 100644
index 0000000000000000000000000000000000000000..e0c9dfd132b28f090131c0ab2d63bf3e45aeb7c4
--- /dev/null
+++ b/services/sensor/test/fuzztest/BUILD.gn
@@ -0,0 +1,21 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/config/features.gni")
+import("//build/ohos.gni")
+import("//build/test.gni")
+
+group("fuzztest") {
+ testonly = true
+ deps = [ "sensoronremoterequest_fuzzer:fuzztest" ]
+}
diff --git a/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn
new file mode 100644
index 0000000000000000000000000000000000000000..78df04c20b30fea9a1328603d8d1d378905c0890
--- /dev/null
+++ b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/BUILD.gn
@@ -0,0 +1,61 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/config/features.gni")
+import("//build/ohos.gni")
+import("//build/test.gni")
+import("./../../../../../sensor.gni")
+
+ohos_fuzztest("SensorOnRemoteRequestFuzzTest") {
+ module_out_path = "sensors/sensor"
+
+ fuzz_config_file =
+ "$SUBSYSTEM_DIR/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer"
+
+ include_dirs = [
+ "$SUBSYSTEM_DIR/services/sensor/include",
+ "$SUBSYSTEM_DIR/frameworks/native/sensor/include",
+ "$SUBSYSTEM_DIR/services/sensor/hdi_connection/interface/include",
+ "$SUBSYSTEM_DIR/services/sensor/hdi_connection/adapter/include",
+ "$SUBSYSTEM_DIR/services/sensor/hdi_connection/hardware/include",
+ "$SUBSYSTEM_DIR/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer",
+ "$SUBSYSTEM_DIR/utils/common/include",
+ "$SUBSYSTEM_DIR/utils/ipc/include",
+ ]
+
+ cflags = [
+ "-g",
+ "-O0",
+ "-Wno-unused-variable",
+ "-fno-omit-frame-pointer",
+ ]
+
+ sources = [ "sensoronremoterequest_fuzzer.cpp" ]
+
+ deps = [ "$SUBSYSTEM_DIR/interfaces/native:sensor_interface_native",
+ "$SUBSYSTEM_DIR/services/sensor:libsensor_service_static",
+ "$SUBSYSTEM_DIR/utils/common:libsensor_utils",
+ "$SUBSYSTEM_DIR/utils/ipc:libsensor_ipc",
+ ]
+
+ external_deps = [ "c_utils:utils",
+ "ipc:ipc_core",
+ "samgr:samgr_proxy",
+ "access_token:libaccesstoken_sdk",
+ "hiviewdfx_hilog_native:libhilog", ]
+}
+
+group("fuzztest") {
+ testonly = true
+ deps = [ ":SensorOnRemoteRequestFuzzTest" ]
+}
diff --git a/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/corpus/init b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/corpus/init
new file mode 100644
index 0000000000000000000000000000000000000000..f81282317c02765362915c7c5f739821565b1f0a
--- /dev/null
+++ b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/corpus/init
@@ -0,0 +1,14 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FUZZ
\ No newline at end of file
diff --git a/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/project.xml b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/project.xml
new file mode 100644
index 0000000000000000000000000000000000000000..583744377bcf4ce45663fedabe6589066b7d15c2
--- /dev/null
+++ b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/project.xml
@@ -0,0 +1,25 @@
+
+
+
+
+
+ 1000
+
+ 120
+
+ 2048
+
+
diff --git a/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..dc48f7e4abe9905bfc7b800c33c78c9fbee0df92
--- /dev/null
+++ b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.cpp
@@ -0,0 +1,87 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "sensoronremoterequest_fuzzer.h"
+
+#include
+#include
+#include
+
+#include "message_parcel.h"
+#include "sensor.h"
+#include "sensor_service.h"
+
+namespace OHOS {
+namespace Sensors {
+namespace {
+constexpr size_t FOO_MAX_LEN = 1024;
+constexpr size_t U32_AT_SIZE = 4;
+std::shared_ptr sensorServicePtr =
+ std::make_shared(3601, false);
+const std::u16string SENSOR_INTERFACE_TOKEN = u"ISensorService";
+}
+
+uint32_t GetU32Data(const char* ptr)
+{
+ // convert fuzz input data to an integer
+ return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | ptr[3];
+}
+
+bool OnRemoteRequestFuzzTest(const char* data, size_t size)
+{
+ uint32_t code = GetU32Data(data);
+ MessageParcel datas;
+ datas.WriteInterfaceToken(SENSOR_INTERFACE_TOKEN);
+ datas.WriteBuffer(data, size);
+ datas.RewindRead(0);
+ MessageParcel reply;
+ MessageOption option;
+ sensorServicePtr->OnRemoteRequest(code, datas, reply, option);
+ return true;
+}
+}
+}
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+ /* Run your code on data */
+ if (data == nullptr) {
+ std::cout << "invalid data" << std::endl;
+ return 0;
+ }
+
+ /* Validate the length of size */
+ if (size > OHOS::Sensors::FOO_MAX_LEN || size < OHOS::Sensors::U32_AT_SIZE) {
+ return 0;
+ }
+
+ char* ch = (char*)malloc(size + 1);
+ if (ch == nullptr) {
+ std::cout << "malloc failed." << std::endl;
+ return 0;
+ }
+
+ (void)memset_s(ch, size + 1, 0x00, size + 1);
+ if (memcpy_s(ch, size, data, size) != EOK) {
+ std::cout << "copy failed." << std::endl;
+ free(ch);
+ ch = nullptr;
+ return 0;
+ }
+ OHOS::Sensors::OnRemoteRequestFuzzTest(ch, size);
+ free(ch);
+ ch = nullptr;
+ return 0;
+}
diff --git a/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.h b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.h
new file mode 100644
index 0000000000000000000000000000000000000000..abd3436117b13679d464bb16c3fb9b8543f58505
--- /dev/null
+++ b/services/sensor/test/fuzztest/sensoronremoterequest_fuzzer/sensoronremoterequest_fuzzer.h
@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SENSOR_ON_REMOTE_REQUEST_FUZZER_H
+#define SENSOR_ON_REMOTE_REQUEST_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "sensoronremoterequest_fuzzer"
+
+#endif // SENSOR_ON_REMOTE_REQUEST_FUZZER_H
+