From 03b85d5a0a43ada575e4cdb2d4f233d6ee0d6fe4 Mon Sep 17 00:00:00 2001 From: li-yaoyao777 Date: Sat, 21 Jun 2025 11:42:51 +0800 Subject: [PATCH 1/5] add sensor fuzz tests Signed-off-by: li-yaoyao777 --- test/fuzztest/services/BUILD.gn | 2 + .../BUILD.gn | 77 +++++++++++++ .../corpus/init | 14 +++ .../destroyclientremoteobjectstub_fuzzer.cpp | 109 ++++++++++++++++++ .../destroyclientremoteobjectstub_fuzzer.h | 21 ++++ .../project.xml | 25 ++++ .../setdevicestatusstub_fuzzer/BUILD.gn | 77 +++++++++++++ .../setdevicestatusstub_fuzzer/corpus/init | 14 +++ .../setdevicestatusstub_fuzzer/project.xml | 25 ++++ .../setdevicestatusstub_fuzzer.cpp | 109 ++++++++++++++++++ .../setdevicestatusstub_fuzzer.h | 21 ++++ 11 files changed, 494 insertions(+) create mode 100644 test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/BUILD.gn create mode 100644 test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/corpus/init create mode 100644 test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/destroyclientremoteobjectstub_fuzzer.cpp create mode 100644 test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/destroyclientremoteobjectstub_fuzzer.h create mode 100644 test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/project.xml create mode 100644 test/fuzztest/services/setdevicestatusstub_fuzzer/BUILD.gn create mode 100644 test/fuzztest/services/setdevicestatusstub_fuzzer/corpus/init create mode 100644 test/fuzztest/services/setdevicestatusstub_fuzzer/project.xml create mode 100644 test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.cpp create mode 100644 test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.h diff --git a/test/fuzztest/services/BUILD.gn b/test/fuzztest/services/BUILD.gn index 55c38be0..726f5236 100644 --- a/test/fuzztest/services/BUILD.gn +++ b/test/fuzztest/services/BUILD.gn @@ -19,6 +19,7 @@ group("fuzztest") { testonly = true deps = [ "createdatachannelstub_fuzzer:fuzztest", + "destroyclientremoteobjectstub_fuzzer:fuzztest", "disableactiveinfocbstub_fuzzer:fuzztest", "enableactiveinfocbstub_fuzzer:fuzztest", "getactiveinfoliststub_fuzzer:fuzztest", @@ -38,6 +39,7 @@ group("fuzztest") { "service/reportonchangedata_fuzzer:fuzztest", "service/reportsensorsysevent_fuzzer:fuzztest", "service/setdevicestatusservice_fuzzer:fuzztest", + "setdevicestatusstub_fuzzer:fuzztest", "suspendsensorsstub_fuzzer:fuzztest", "transferclientremoteobjectstub_fuzzer:fuzztest", ] diff --git a/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/BUILD.gn b/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/BUILD.gn new file mode 100644 index 00000000..0e29a9b4 --- /dev/null +++ b/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/BUILD.gn @@ -0,0 +1,77 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/ohos.gni") +import("//build/test.gni") +import("./../../../../sensor.gni") + +ohos_fuzztest("DestroyClientRemoteObjectStubFuzzTest") { + module_out_path = FUZZ_MODULE_OUT_PATH + + fuzz_config_file = + "$SUBSYSTEM_DIR/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer" + + include_dirs = [ + "$SUBSYSTEM_DIR/frameworks/native/include", + "$SUBSYSTEM_DIR/interfaces/inner_api", + "$SUBSYSTEM_DIR/services/hdi_connection/interface/include", + "$SUBSYSTEM_DIR/services/hdi_connection/adapter/include", + "$SUBSYSTEM_DIR/services/hdi_connection/hardware/include", + "$SUBSYSTEM_DIR/services/include", + "$SUBSYSTEM_DIR/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer", + "$SUBSYSTEM_DIR/utils/common/include", + "$SUBSYSTEM_DIR/utils/ipc/include", + ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + sources = [ "destroyclientremoteobjectstub_fuzzer.cpp" ] + + defines = sensor_default_defines + + deps = [ + "$SUBSYSTEM_DIR/frameworks/native:sensor_interface_native", + "$SUBSYSTEM_DIR/frameworks/native:sensor_service_stub", + "$SUBSYSTEM_DIR/services:libsensor_service_static", + "$SUBSYSTEM_DIR/utils/common:libsensor_utils", + "$SUBSYSTEM_DIR/utils/ipc:libsensor_ipc", + ] + + external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken_shared", + "access_token:libtokensetproc_shared", + "c_utils:utils", + "cJSON:cjson_static", + "drivers_interface_sensor:libsensor_proxy_3.0", + "hilog:libhilog", + "ipc:ipc_single", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", + "selinux_adapter:librestorecon", + ] +} + +group("fuzztest") { + testonly = true + deps = [ + # deps file + ":DestroyClientRemoteObjectStubFuzzTest", + ] +} diff --git a/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/corpus/init b/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/corpus/init new file mode 100644 index 00000000..65af8ee8 --- /dev/null +++ b/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/destroyclientremoteobjectstub_fuzzer.cpp b/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/destroyclientremoteobjectstub_fuzzer.cpp new file mode 100644 index 00000000..5a8b807e --- /dev/null +++ b/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/destroyclientremoteobjectstub_fuzzer.cpp @@ -0,0 +1,109 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "destroyclientremoteobjectstub_fuzzer.h" + +#include +#include + +#include "accesstoken_kit.h" +#include "message_parcel.h" +#include "nativetoken_kit.h" +#include "securec.h" +#include "token_setproc.h" + +#include "sensor.h" +#include "sensor_service.h" + +namespace OHOS { +namespace Sensors { +using namespace Security::AccessToken; +using Security::AccessToken::AccessTokenID; +namespace { +constexpr size_t U32_AT_SIZE = 4; +auto g_service = SensorDelayedSpSingleton::GetInstance(); +const std::u16string SENSOR_INTERFACE_TOKEN = u"ISensorService"; +} // namespace + +void SetUpTestCase() +{ + const char **perms = new (std::nothrow) const char *[2]; + if (perms == nullptr) { + return; + } + perms[0] = "ohos.permission.ACCELEROMETER"; + perms[1] = "ohos.permission.MANAGE_SENSOR"; + TokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 2, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .processName = "DestroyClientRemoteObjectStubFuzzTest", + .aplStr = "system_core", + }; + uint64_t tokenId = GetAccessTokenId(&infoInstance); + SetSelfTokenID(tokenId); + AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} + +template +size_t GetObject(T &object, const uint8_t *data, size_t size) +{ + size_t objectSize = sizeof(object); + if (objectSize > size) { + return 0; + } + errno_t ret = memcpy_s(&object, objectSize, data, objectSize); + if (ret != EOK) { + return 0; + } + return objectSize; +} + +bool OnRemoteRequestFuzzTest(const uint8_t *data, size_t size) +{ + SetUpTestCase(); + MessageParcel datas; + datas.WriteInterfaceToken(SENSOR_INTERFACE_TOKEN); + sptr sensorClient = nullptr; + datas.WriteRemoteObject(sensorClient); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + g_service->OnRemoteRequest(static_cast(ISensorServiceIpcCode::COMMAND_TRANSFER_CLIENT_REMOTE_OBJECT), + datas, reply, option); + return true; +} +} // namespace Sensors +} // namespace OHOS + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + /* Validate the length of size */ + if (size < OHOS::Sensors::U32_AT_SIZE) { + return 0; + } + + OHOS::Sensors::OnRemoteRequestFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/destroyclientremoteobjectstub_fuzzer.h b/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/destroyclientremoteobjectstub_fuzzer.h new file mode 100644 index 00000000..ae44f1ce --- /dev/null +++ b/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/destroyclientremoteobjectstub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef DESTROY_CLIENT_REMOTE_OBJECT_STUB_FUZZER_H +#define DESTROY_CLIENT_REMOTE_OBJECT_STUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "destroyclientremoteobjectstub_fuzzer" + +#endif // DESTROY_CLIENT_REMOTE_OBJECT_STUB_FUZZER_H diff --git a/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/project.xml b/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/project.xml new file mode 100644 index 00000000..2eb360c2 --- /dev/null +++ b/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 120 + + 2048 + + diff --git a/test/fuzztest/services/setdevicestatusstub_fuzzer/BUILD.gn b/test/fuzztest/services/setdevicestatusstub_fuzzer/BUILD.gn new file mode 100644 index 00000000..71f01582 --- /dev/null +++ b/test/fuzztest/services/setdevicestatusstub_fuzzer/BUILD.gn @@ -0,0 +1,77 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/ohos.gni") +import("//build/test.gni") +import("./../../../../sensor.gni") + +ohos_fuzztest("SetDeviceStatusStubFuzzTest") { + module_out_path = FUZZ_MODULE_OUT_PATH + + fuzz_config_file = + "$SUBSYSTEM_DIR/test/fuzztest/services/setdevicestatusstub_fuzzer" + + include_dirs = [ + "$SUBSYSTEM_DIR/frameworks/native/include", + "$SUBSYSTEM_DIR/interfaces/inner_api", + "$SUBSYSTEM_DIR/services/hdi_connection/interface/include", + "$SUBSYSTEM_DIR/services/hdi_connection/adapter/include", + "$SUBSYSTEM_DIR/services/hdi_connection/hardware/include", + "$SUBSYSTEM_DIR/services/include", + "$SUBSYSTEM_DIR/test/fuzztest/services/setdevicestatusstub_fuzzer", + "$SUBSYSTEM_DIR/utils/common/include", + "$SUBSYSTEM_DIR/utils/ipc/include", + ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + sources = [ "setdevicestatusstub_fuzzer.cpp" ] + + defines = sensor_default_defines + + deps = [ + "$SUBSYSTEM_DIR/frameworks/native:sensor_interface_native", + "$SUBSYSTEM_DIR/frameworks/native:sensor_service_stub", + "$SUBSYSTEM_DIR/services:libsensor_service_static", + "$SUBSYSTEM_DIR/utils/common:libsensor_utils", + "$SUBSYSTEM_DIR/utils/ipc:libsensor_ipc", + ] + + external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken_shared", + "access_token:libtokensetproc_shared", + "c_utils:utils", + "cJSON:cjson_static", + "drivers_interface_sensor:libsensor_proxy_3.0", + "hilog:libhilog", + "ipc:ipc_single", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", + "selinux_adapter:librestorecon", + ] +} + +group("fuzztest") { + testonly = true + deps = [ + # deps file + ":SetDeviceStatusStubFuzzTest", + ] +} diff --git a/test/fuzztest/services/setdevicestatusstub_fuzzer/corpus/init b/test/fuzztest/services/setdevicestatusstub_fuzzer/corpus/init new file mode 100644 index 00000000..65af8ee8 --- /dev/null +++ b/test/fuzztest/services/setdevicestatusstub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/setdevicestatusstub_fuzzer/project.xml b/test/fuzztest/services/setdevicestatusstub_fuzzer/project.xml new file mode 100644 index 00000000..2eb360c2 --- /dev/null +++ b/test/fuzztest/services/setdevicestatusstub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 120 + + 2048 + + diff --git a/test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.cpp b/test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.cpp new file mode 100644 index 00000000..d1c0de6b --- /dev/null +++ b/test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.cpp @@ -0,0 +1,109 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "setdevicestatusstub_fuzzer.h" + +#include +#include + +#include "accesstoken_kit.h" +#include "message_parcel.h" +#include "nativetoken_kit.h" +#include "securec.h" +#include "token_setproc.h" + +#include "sensor.h" +#include "sensor_service.h" + +namespace OHOS { +namespace Sensors { +using namespace Security::AccessToken; +using Security::AccessToken::AccessTokenID; +namespace { +constexpr size_t U32_AT_SIZE = 4; +auto g_service = SensorDelayedSpSingleton::GetInstance(); +const std::u16string SENSOR_INTERFACE_TOKEN = u"ISensorService"; +} // namespace + +void SetUpTestCase() +{ + const char **perms = new (std::nothrow) const char *[2]; + if (perms == nullptr) { + return; + } + perms[0] = "ohos.permission.ACCELEROMETER"; + perms[1] = "ohos.permission.MANAGE_SENSOR"; + TokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 2, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .processName = "SetDeviceStatusStubFuzzTest", + .aplStr = "system_core", + }; + uint64_t tokenId = GetAccessTokenId(&infoInstance); + SetSelfTokenID(tokenId); + AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} + +template +size_t GetObject(T &object, const uint8_t *data, size_t size) +{ + size_t objectSize = sizeof(object); + if (objectSize > size) { + return 0; + } + errno_t ret = memcpy_s(&object, objectSize, data, objectSize); + if (ret != EOK) { + return 0; + } + return objectSize; +} + +bool OnRemoteRequestFuzzTest(const uint8_t *data, size_t size) +{ + SetUpTestCase(); + MessageParcel datas; + datas.WriteInterfaceToken(SENSOR_INTERFACE_TOKEN); + sptr sensorClient = nullptr; + datas.WriteRemoteObject(sensorClient); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + g_service->OnRemoteRequest(static_cast(ISensorServiceIpcCode::COMMAND_TRANSFER_CLIENT_REMOTE_OBJECT), + datas, reply, option); + return true; +} +} // namespace Sensors +} // namespace OHOS + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + /* Validate the length of size */ + if (size < OHOS::Sensors::U32_AT_SIZE) { + return 0; + } + + OHOS::Sensors::OnRemoteRequestFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.h b/test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.h new file mode 100644 index 00000000..1753e6f4 --- /dev/null +++ b/test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef SET_DEVICE_STATUS_STUB_FUZZER_H +#define SET_DEVICE_STATUS_STUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "setdevicestatusstub_fuzzer" + +#endif // SET_DEVICE_STATUS_STUB_FUZZER_H -- Gitee From cd06b1d1786615717f4f38416ce167b1f7f873c6 Mon Sep 17 00:00:00 2001 From: liyaoyao Date: Sat, 21 Jun 2025 05:51:44 +0000 Subject: [PATCH 2/5] add fuzz test Signed-off-by: liyaoyao --- .../destroyclientremoteobjectstub_fuzzer.cpp | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/destroyclientremoteobjectstub_fuzzer.cpp b/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/destroyclientremoteobjectstub_fuzzer.cpp index 5a8b807e..6eecd278 100644 --- a/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/destroyclientremoteobjectstub_fuzzer.cpp +++ b/test/fuzztest/services/destroyclientremoteobjectstub_fuzzer/destroyclientremoteobjectstub_fuzzer.cpp @@ -34,7 +34,8 @@ using Security::AccessToken::AccessTokenID; namespace { constexpr size_t U32_AT_SIZE = 4; auto g_service = SensorDelayedSpSingleton::GetInstance(); -const std::u16string SENSOR_INTERFACE_TOKEN = u"ISensorService"; +const std::u16string SENSOR_INTERFACE_TOKEN = u"OHOS.Sensors.ISensorService"; +static sptr g_remote = new (std::nothrow) IPCObjectStub(); } // namespace void SetUpTestCase() @@ -52,7 +53,7 @@ void SetUpTestCase() .dcaps = nullptr, .perms = perms, .acls = nullptr, - .processName = "DestroyClientRemoteObjectStubFuzzTest", + .processName = "CreateDataChannelStubFuzzTest", .aplStr = "system_core", }; uint64_t tokenId = GetAccessTokenId(&infoInstance); @@ -78,14 +79,16 @@ size_t GetObject(T &object, const uint8_t *data, size_t size) bool OnRemoteRequestFuzzTest(const uint8_t *data, size_t size) { SetUpTestCase(); + if (g_remote == nullptr || g_service == nullptr) { + return false; + } MessageParcel datas; datas.WriteInterfaceToken(SENSOR_INTERFACE_TOKEN); - sptr sensorClient = nullptr; - datas.WriteRemoteObject(sensorClient); + datas.WriteRemoteObject(g_remote); datas.RewindRead(0); MessageParcel reply; MessageOption option; - g_service->OnRemoteRequest(static_cast(ISensorServiceIpcCode::COMMAND_TRANSFER_CLIENT_REMOTE_OBJECT), + g_service->OnRemoteRequest(static_cast(ISensorServiceIpcCode::COMMAND_DESTROY_CLIENT_REMOTE_OBJECT), datas, reply, option); return true; } @@ -106,4 +109,4 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) OHOS::Sensors::OnRemoteRequestFuzzTest(data, size); return 0; -} +} \ No newline at end of file -- Gitee From 4543fe2bc95e96bb5e7474a993104d415011dad0 Mon Sep 17 00:00:00 2001 From: liyaoyao Date: Sat, 21 Jun 2025 05:52:10 +0000 Subject: [PATCH 3/5] update test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.cpp. Signed-off-by: liyaoyao --- .../setdevicestatusstub_fuzzer.cpp | 46 ++++++++++--------- 1 file changed, 25 insertions(+), 21 deletions(-) diff --git a/test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.cpp b/test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.cpp index d1c0de6b..1c0b5b8f 100644 --- a/test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.cpp +++ b/test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.cpp @@ -34,9 +34,23 @@ using Security::AccessToken::AccessTokenID; namespace { constexpr size_t U32_AT_SIZE = 4; auto g_service = SensorDelayedSpSingleton::GetInstance(); -const std::u16string SENSOR_INTERFACE_TOKEN = u"ISensorService"; +const std::u16string SENSOR_INTERFACE_TOKEN = u"OHOS.Sensors.ISensorService"; } // namespace +template +size_t GetObject(T &object, const uint8_t *data, size_t size) +{ + size_t objectSize = sizeof(object); + if (objectSize > size) { + return 0; + } + errno_t ret = memcpy_s(&object, objectSize, data, objectSize); + if (ret != EOK) { + return 0; + } + return objectSize; +} + void SetUpTestCase() { const char **perms = new (std::nothrow) const char *[2]; @@ -52,7 +66,7 @@ void SetUpTestCase() .dcaps = nullptr, .perms = perms, .acls = nullptr, - .processName = "SetDeviceStatusStubFuzzTest", + .processName = "SetDeviceStatusServiceFuzzTest", .aplStr = "system_core", }; uint64_t tokenId = GetAccessTokenId(&infoInstance); @@ -61,31 +75,21 @@ void SetUpTestCase() delete[] perms; } -template -size_t GetObject(T &object, const uint8_t *data, size_t size) -{ - size_t objectSize = sizeof(object); - if (objectSize > size) { - return 0; - } - errno_t ret = memcpy_s(&object, objectSize, data, objectSize); - if (ret != EOK) { - return 0; - } - return objectSize; -} - -bool OnRemoteRequestFuzzTest(const uint8_t *data, size_t size) +bool SetDeviceStatusFuzzTest(const uint8_t *data, size_t size) { SetUpTestCase(); + if (g_service == nullptr) { + return false; + } MessageParcel datas; datas.WriteInterfaceToken(SENSOR_INTERFACE_TOKEN); - sptr sensorClient = nullptr; - datas.WriteRemoteObject(sensorClient); + int32_t deviceStatus = 0; + GetObject(deviceStatus, data, size); + datas.WriteInt32(deviceStatus); datas.RewindRead(0); MessageParcel reply; MessageOption option; - g_service->OnRemoteRequest(static_cast(ISensorServiceIpcCode::COMMAND_TRANSFER_CLIENT_REMOTE_OBJECT), + g_service->OnRemoteRequest(static_cast(ISensorServiceIpcCode::COMMAND_SET_DEVICE_STATUS), datas, reply, option); return true; } @@ -104,6 +108,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) return 0; } - OHOS::Sensors::OnRemoteRequestFuzzTest(data, size); + OHOS::Sensors::SetDeviceStatusFuzzTest(data, size); return 0; } -- Gitee From 5305fb4e62fbd0414a51cc8eea7083ba8c316eab Mon Sep 17 00:00:00 2001 From: liyaoyao Date: Sat, 21 Jun 2025 05:54:14 +0000 Subject: [PATCH 4/5] update test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.cpp. Signed-off-by: liyaoyao --- .../setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.cpp b/test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.cpp index 1c0b5b8f..031dbfa7 100644 --- a/test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.cpp +++ b/test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at -- Gitee From 3ef7e710bf37cf802d08a9625b5c0178bbec0835 Mon Sep 17 00:00:00 2001 From: liyaoyao Date: Sat, 21 Jun 2025 05:54:26 +0000 Subject: [PATCH 5/5] update test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.h. Signed-off-by: liyaoyao --- .../setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.h b/test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.h index 1753e6f4..e211c8dc 100644 --- a/test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.h +++ b/test/fuzztest/services/setdevicestatusstub_fuzzer/setdevicestatusstub_fuzzer.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2023 Huawei Device Co., Ltd. + * Copyright (c) 2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at -- Gitee