From a283a6725f4e7498b4cfc81ec2c2410415b278f4 Mon Sep 17 00:00:00 2001 From: wangchen Date: Tue, 22 Apr 2025 19:43:05 +0800 Subject: [PATCH] =?UTF-8?q?=E6=96=B0=E5=A2=9E=E6=8C=89=E7=94=A8=E6=88=B7?= =?UTF-8?q?=E6=B8=85=E7=90=86=E6=9D=83=E9=99=90=E8=83=BD=E5=8A=9B=20close?= =?UTF-8?q?=20#IC2EPA=20Signed-off-by:=20wangchen=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../include/sandbox_manager_client.h | 4 +- .../src/sandbox_manager_client.cpp | 9 +- .../src/sandbox_manager_kit.cpp | 12 +- .../inner_api/sandbox_manager/test/BUILD.gn | 1 + .../unittest/src/sandbox_manager_kit_test.cpp | 326 ++++++++++++++++++ .../sandbox_manager/ISandboxManager.idl | 1 + .../include/sandbox_manager_kit.h | 9 +- .../libsandbox_manager_sdk.map | 1 + .../cpp/include/service/policy_info_manager.h | 9 +- .../include/service/sandbox_manager_service.h | 3 +- .../cpp/src/service/policy_info_manager.cpp | 42 ++- .../src/service/sandbox_manager_service.cpp | 18 +- .../unittest/sandbox_manager_service_test.cpp | 27 ++ .../innerkits/sandbox_manager/BUILD.gn | 1 + .../cleanpolicybyuser_fuzzer/BUILD.gn | 47 +++ .../cleanpolicybyuser_fuzzer.cpp | 60 ++++ .../cleanpolicybyuser_fuzzer.h | 21 ++ .../cleanpolicybyuser_fuzzer/corpus/init | 14 + .../cleanpolicybyuser_fuzzer/project.xml | 25 ++ .../services/sandbox_manager/BUILD.gn | 1 + .../cleanpolicybyuserstub_fuzzer/BUILD.gn | 45 +++ .../cleanpolicybyuserstub_fuzzer.cpp | 82 +++++ .../cleanpolicybyuserstub_fuzzer.h | 21 ++ .../cleanpolicybyuserstub_fuzzer/corpus/init | 14 + .../cleanpolicybyuserstub_fuzzer/project.xml | 25 ++ 25 files changed, 808 insertions(+), 10 deletions(-) create mode 100644 test/fuzztest/innerkits/sandbox_manager/cleanpolicybyuser_fuzzer/BUILD.gn create mode 100644 test/fuzztest/innerkits/sandbox_manager/cleanpolicybyuser_fuzzer/cleanpolicybyuser_fuzzer.cpp create mode 100644 test/fuzztest/innerkits/sandbox_manager/cleanpolicybyuser_fuzzer/cleanpolicybyuser_fuzzer.h create mode 100644 test/fuzztest/innerkits/sandbox_manager/cleanpolicybyuser_fuzzer/corpus/init create mode 100644 test/fuzztest/innerkits/sandbox_manager/cleanpolicybyuser_fuzzer/project.xml create mode 100644 test/fuzztest/services/sandbox_manager/cleanpolicybyuserstub_fuzzer/BUILD.gn create mode 100644 test/fuzztest/services/sandbox_manager/cleanpolicybyuserstub_fuzzer/cleanpolicybyuserstub_fuzzer.cpp create mode 100644 test/fuzztest/services/sandbox_manager/cleanpolicybyuserstub_fuzzer/cleanpolicybyuserstub_fuzzer.h create mode 100644 test/fuzztest/services/sandbox_manager/cleanpolicybyuserstub_fuzzer/corpus/init create mode 100644 test/fuzztest/services/sandbox_manager/cleanpolicybyuserstub_fuzzer/project.xml diff --git a/frameworks/inner_api/sandbox_manager/include/sandbox_manager_client.h b/frameworks/inner_api/sandbox_manager/include/sandbox_manager_client.h index 17fc170..0ee9b6c 100644 --- a/frameworks/inner_api/sandbox_manager/include/sandbox_manager_client.h +++ b/frameworks/inner_api/sandbox_manager/include/sandbox_manager_client.h @@ -39,7 +39,7 @@ public: static SandboxManagerClient &GetInstance(); virtual ~SandboxManagerClient(); - int32_t CleanPersistPolicyByPath(const std::vector& filePathList); + int32_t CleanPersistPolicyByPath(const std::vector &filePathList); int32_t PersistPolicy(const std::vector &policy, std::vector &result); int32_t UnPersistPolicy(const std::vector &policy, std::vector &result); int32_t SetPolicy(uint32_t tokenId, const std::vector &policy, uint64_t policyFlag, @@ -59,7 +59,7 @@ public: uint32_t tokenId, const std::vector &policy, std::vector &result); int32_t StartAccessingByTokenId(uint32_t tokenId, uint64_t timestamp); int32_t UnSetAllPolicyByToken(uint32_t tokenId, uint64_t timestamp); - + int32_t CleanPolicyByUser(uint32_t userId, const std::vector &filePathList); private: SandboxManagerClient(); DISALLOW_COPY_AND_MOVE(SandboxManagerClient); diff --git a/frameworks/inner_api/sandbox_manager/src/sandbox_manager_client.cpp b/frameworks/inner_api/sandbox_manager/src/sandbox_manager_client.cpp index 7b6ee7d..fafee95 100644 --- a/frameworks/inner_api/sandbox_manager/src/sandbox_manager_client.cpp +++ b/frameworks/inner_api/sandbox_manager/src/sandbox_manager_client.cpp @@ -59,13 +59,20 @@ SandboxManagerClient::SandboxManagerClient() SandboxManagerClient::~SandboxManagerClient() {} -int32_t SandboxManagerClient::CleanPersistPolicyByPath(const std::vector& filePathList) +int32_t SandboxManagerClient::CleanPersistPolicyByPath(const std::vector &filePathList) { std::function &)> func = [&](sptr &proxy) { return proxy->CleanPersistPolicyByPath(filePathList); }; return CallProxyWithRetry(func, __FUNCTION__); } +int32_t SandboxManagerClient::CleanPolicyByUser(uint32_t userId, const std::vector &filePathList) +{ + std::function &)> func = + [&](sptr &proxy) { return proxy->CleanPolicyByUser(userId, filePathList); }; + return CallProxyWithRetry(func, __FUNCTION__); +} + int32_t SandboxManagerClient::PersistPolicy(const std::vector &policy, std::vector &result) { PolicyVecRawData policyRawData; diff --git a/frameworks/inner_api/sandbox_manager/src/sandbox_manager_kit.cpp b/frameworks/inner_api/sandbox_manager/src/sandbox_manager_kit.cpp index ed825a6..765a214 100644 --- a/frameworks/inner_api/sandbox_manager/src/sandbox_manager_kit.cpp +++ b/frameworks/inner_api/sandbox_manager/src/sandbox_manager_kit.cpp @@ -30,7 +30,7 @@ static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { } const uint32_t POLICY_PATH_LIMIT = 4095; -int32_t SandboxManagerKit::CleanPersistPolicyByPath(const std::vector& filePathList) +int32_t SandboxManagerKit::CleanPersistPolicyByPath(const std::vector &filePathList) { size_t filePathSize = filePathList.size(); if (filePathSize == 0) { @@ -255,6 +255,16 @@ int32_t SandboxManagerKit::UnSetAllPolicyByToken(uint32_t tokenId, uint64_t time } return SandboxManagerClient::GetInstance().UnSetAllPolicyByToken(tokenId, timestamp); } + +int32_t SandboxManagerKit::CleanPolicyByUser(uint32_t userId, const std::vector &filePathList) +{ + size_t filePathSize = filePathList.size(); + if (filePathSize == 0) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "FilePathSize = %{public}zu", filePathSize); + return SandboxManagerErrCode::INVALID_PARAMTER; + } + return SandboxManagerClient::GetInstance().CleanPolicyByUser(userId, filePathList); +} } // SandboxManager } // AccessControl } // OHOS \ No newline at end of file diff --git a/frameworks/inner_api/sandbox_manager/test/BUILD.gn b/frameworks/inner_api/sandbox_manager/test/BUILD.gn index 63286ac..6eb1ed1 100644 --- a/frameworks/inner_api/sandbox_manager/test/BUILD.gn +++ b/frameworks/inner_api/sandbox_manager/test/BUILD.gn @@ -64,6 +64,7 @@ ohos_unittest("libsandbox_manager_sdk_test") { "config_policy:configpolicy_util", "hilog:libhilog", "ipc:ipc_single", + "os_account:os_account_innerkits", "samgr:samgr_proxy", ] } diff --git a/frameworks/inner_api/sandbox_manager/test/unittest/src/sandbox_manager_kit_test.cpp b/frameworks/inner_api/sandbox_manager/test/unittest/src/sandbox_manager_kit_test.cpp index d1780b7..b7c8c24 100644 --- a/frameworks/inner_api/sandbox_manager/test/unittest/src/sandbox_manager_kit_test.cpp +++ b/frameworks/inner_api/sandbox_manager/test/unittest/src/sandbox_manager_kit_test.cpp @@ -35,6 +35,7 @@ #include "sandbox_test_common.h" #include "token_setproc.h" #include "mac_adapter.h" +#include "os_account_manager.h" #define HM_DEC_IOCTL_BASE 's' #define HM_DENY_POLICY_ID 6 @@ -94,6 +95,10 @@ Security::AccessToken::HapPolicyParams g_testPolicyPrams = { }; }; +static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = { + LOG_CORE, ACCESSCONTROL_DOMAIN_SANDBOXMANAGER, "SandboxManagerKitTest" +}; + struct PathInfo { char *path = nullptr; uint32_t pathLen = 0; @@ -2255,6 +2260,327 @@ HWTEST_F(SandboxManagerKitTest, CleanPersistPolicyByPathTest006, TestSize.Level0 } #endif + +#ifdef DEC_ENABLED +/** + * @tc.name: CleanPolicyByUserTest001 + * @tc.desc: Clean persist policy by path + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, CleanPolicyByUserTest001, TestSize.Level1) +{ + std::vector policy; + uint64_t policyFlag = 1; + std::vector policyResult; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE + }; + policy.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policy, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + + std::vector retType; + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(g_mockToken, policy, retType)); + ASSERT_EQ(1, retType.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, retType[0]); + + std::vector result; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + Security::AccessToken::AccessTokenID tokenID = GetTokenIdFromProcess("file_manager_service"); + EXPECT_NE(0, tokenID); + EXPECT_EQ(0, SetSelfTokenID(tokenID)); + + int32_t userId = 0; + int32_t ret = AccountSA::OsAccountManager::GetForegroundOsAccountLocalId(userId); + if (ret != 0) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "CleanPolicyByUserTest, get user id failed error=%{public}d", ret); + userId = 0; // set default userId + } + std::vector filePaths; + filePaths.emplace_back(infoParent.path); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CleanPolicyByUser(userId, filePaths)); + EXPECT_EQ(0, SetSelfTokenID(g_mockToken)); + sleep(1); + std::vector result1; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result1)); + ASSERT_EQ(1, result1.size()); + EXPECT_FALSE(result1[0]); + std::vector result2; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPersistPolicy(g_mockToken, policy, result2)); + ASSERT_EQ(1, result2.size()); + EXPECT_FALSE(result2[0]); +} +#endif + +#ifdef DEC_ENABLED +/** + * @tc.name: CleanPolicyByUserTest002 + * @tc.desc: Clean child persist policy by path + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, CleanPolicyByUserTest002, TestSize.Level1) +{ + std::vector policy; + uint64_t policyFlag = 1; + std::vector policyResult; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE + }; + policy.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policy, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + + std::vector result; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + std::vector retType; + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(g_mockToken, policy, retType)); + ASSERT_EQ(1, retType.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, retType[0]); + + infoParent.path = "/A/B/C"; + std::vector policyB; + policyB.emplace_back(infoParent); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(g_mockToken, policyB, retType)); + ASSERT_EQ(1, retType.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, retType[0]); + + Security::AccessToken::AccessTokenID tokenID = GetTokenIdFromProcess("file_manager_service"); + EXPECT_NE(0, tokenID); + EXPECT_EQ(0, SetSelfTokenID(tokenID)); + + int32_t userId = 0; + int32_t ret = AccountSA::OsAccountManager::GetForegroundOsAccountLocalId(userId); + if (ret != 0) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "CleanPolicyByUserTest, get user id failed error=%{public}d", ret); + userId = 0; // set default userId + } + std::vector filePaths; + infoParent.path = "/A/B"; + filePaths.emplace_back(infoParent.path); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CleanPolicyByUser(userId, filePaths)); + EXPECT_EQ(0, SetSelfTokenID(g_mockToken)); + sleep(1); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPersistPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPersistPolicy(g_mockToken, policyB, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); +} +#endif + +#ifdef DEC_ENABLED +/** + * @tc.name: CleanPolicyByUserTest003 + * @tc.desc: Clean child persist policy by path + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, CleanPolicyByUserTest003, TestSize.Level1) +{ + std::vector policy; + uint64_t policyFlag = 1; + std::vector policyResult; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE + }; + policy.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policy, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + + std::vector result; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + std::vector retType; + infoParent.path = "/A/B/C"; + std::vector policyB; + policyB.emplace_back(infoParent); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(g_mockToken, policyB, retType)); + ASSERT_EQ(1, retType.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, retType[0]); + + Security::AccessToken::AccessTokenID tokenID = GetTokenIdFromProcess("file_manager_service"); + EXPECT_NE(0, tokenID); + EXPECT_EQ(0, SetSelfTokenID(tokenID)); + + int32_t userId = 0; + int32_t ret = AccountSA::OsAccountManager::GetForegroundOsAccountLocalId(userId); + if (ret != 0) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "CleanPolicyByUserTest, get user id failed error=%{public}d", ret); + userId = 0; // set default userId + } + std::vector filePaths; + filePaths.emplace_back(infoParent.path); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CleanPolicyByUser(userId, filePaths)); + EXPECT_EQ(0, SetSelfTokenID(g_mockToken)); + sleep(1); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policyB, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPersistPolicy(g_mockToken, policyB, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPersistPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_FALSE(result[0]); +} +#endif + +/** + * @tc.name: CleanPolicyByUserTest004 + * @tc.desc: Clean persist policy by path with invalid path + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, CleanPolicyByUserTest004, TestSize.Level1) +{ + std::string filePath = "/A/B"; + std::vector filePaths; + for (int i = 0; i < POLICY_VECTOR_SIZE; i++) { + filePaths.emplace_back(filePath); + } + int32_t userId = 0; + int32_t ret = AccountSA::OsAccountManager::GetForegroundOsAccountLocalId(userId); + if (ret != 0) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "CleanPolicyByUserTest, get user id failed error=%{public}d", ret); + userId = 0; // set default userId + } + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CleanPolicyByUser(userId, filePaths)); +} + +#ifdef DEC_ENABLED +/** + * @tc.name: CleanPolicyByUserTest005 + * @tc.desc: Clean persist policy by path with invalid path + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, CleanPolicyByUserTest005, TestSize.Level1) +{ + std::vector policy; + uint64_t policyFlag = 1; + std::vector policyResult; + PolicyInfo infoParent = { + .path = "/A/B", + .mode = OperateMode::READ_MODE | OperateMode::WRITE_MODE + }; + policy.emplace_back(infoParent); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policy, policyFlag, policyResult)); + ASSERT_EQ(1, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + + std::vector result; + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPolicy(g_mockToken, policy, result)); + ASSERT_EQ(1, result.size()); + EXPECT_TRUE(result[0]); + + std::vector retType; + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(g_mockToken, policy, retType)); + ASSERT_EQ(1, retType.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, retType[0]); + + int32_t userId = 0; + int32_t ret = AccountSA::OsAccountManager::GetForegroundOsAccountLocalId(userId); + if (ret != 0) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "CleanPolicyByUserTest, get user id failed error=%{public}d", ret); + userId = 0; // set default userId + } + std::vector filePaths; + filePaths.emplace_back(infoParent.path); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CleanPolicyByUser(userId, filePaths)); +} +#endif + +#ifdef DEC_ENABLED +/** + * @tc.name: CleanPolicyByUserTest006 + * @tc.desc: Clean persist policy by path with invalid path + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(SandboxManagerKitTest, CleanPolicyByUserTest006, TestSize.Level1) +{ + std::vector policy; + uint64_t policyFlag = 1; + std::vector policyResult; + PolicyInfo infoParentA = { + .path = "/A/B", + .mode = OperateMode::READ_MODE + }; + PolicyInfo infoParentB = { + .path = "/A/C", + .mode = OperateMode::READ_MODE + }; + PolicyInfo infoParentC = { + .path = "/A/B/C", + .mode = OperateMode::WRITE_MODE + }; + policy.emplace_back(infoParentA); + policy.emplace_back(infoParentB); + + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::SetPolicy(g_mockToken, policy, policyFlag, policyResult)); + ASSERT_EQ(2, policyResult.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, policyResult[0]); + + std::vector retType; + std::vector policyB; + policyB.emplace_back(infoParentB); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::PersistPolicy(g_mockToken, policyB, retType)); + ASSERT_EQ(1, retType.size()); + EXPECT_EQ(OPERATE_SUCCESSFULLY, retType[0]); + + Security::AccessToken::AccessTokenID tokenID = GetTokenIdFromProcess("file_manager_service"); + EXPECT_NE(0, tokenID); + EXPECT_EQ(0, SetSelfTokenID(tokenID)); + + int32_t userId = 0; + int32_t ret = AccountSA::OsAccountManager::GetForegroundOsAccountLocalId(userId); + if (ret != 0) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "CleanPolicyByUserTest, get user id failed error=%{public}d", ret); + userId = 0; // set default userId + } + std::vector filePaths; + infoParentC.path = "/A/B/C 2"; + infoParentB.path = "/A/C 1"; + filePaths.emplace_back(infoParentC.path); + filePaths.emplace_back(infoParentB.path); + EXPECT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CleanPolicyByUser(userId, filePaths)); + EXPECT_EQ(0, SetSelfTokenID(g_mockToken)); + sleep(1); + + std::vector policyCheck; + std::vector checkrResult; + infoParentB.path = "/A/C"; + policyCheck.emplace_back(infoParentB); + ASSERT_EQ(SANDBOX_MANAGER_OK, SandboxManagerKit::CheckPersistPolicy(g_mockToken, policyCheck, checkrResult)); + ASSERT_EQ(1, checkrResult.size()); + EXPECT_TRUE(checkrResult[0]); +} +#endif + /** * @tc.name: StartAccessingByTokenIdTest001 * @tc.desc: Start accessing by invalid tokenId diff --git a/frameworks/sandbox_manager/ISandboxManager.idl b/frameworks/sandbox_manager/ISandboxManager.idl index 7c5ba51..1b07f8e 100644 --- a/frameworks/sandbox_manager/ISandboxManager.idl +++ b/frameworks/sandbox_manager/ISandboxManager.idl @@ -35,4 +35,5 @@ interface OHOS.AccessControl.SandboxManager.ISandboxManager { [ipccode 0xffbc] void PersistPolicyByTokenId([in] unsigned int tokenId, [in] PolicyVecRawData policyRawData, [out] Uint32VecRawData resultRawData); [ipccode 0xffbd] void UnPersistPolicyByTokenId([in] unsigned int tokenId, [in] PolicyVecRawData policyRawData, [out] Uint32VecRawData resultRawData); [ipccode 0xffbe, oneway] void CleanPersistPolicyByPath([in] List filePathList); + [ipccode 0xffbf, oneway] void CleanPolicyByUser([in] unsigned int userId, [in] List filePathList); } \ No newline at end of file diff --git a/interfaces/inner_api/sandbox_manager/include/sandbox_manager_kit.h b/interfaces/inner_api/sandbox_manager/include/sandbox_manager_kit.h index 8656d5b..532d8f2 100644 --- a/interfaces/inner_api/sandbox_manager/include/sandbox_manager_kit.h +++ b/interfaces/inner_api/sandbox_manager/include/sandbox_manager_kit.h @@ -32,7 +32,7 @@ public: * @param Policy vector of string, file path * @return SandboxManagerErrCode, see sandbox_manager_err_code.h */ - static int32_t CleanPersistPolicyByPath(const std::vector& filePathList); + static int32_t CleanPersistPolicyByPath(const std::vector &filePathList); /** * @brief Persist policys with caller's tokenId * @param policy vector of PolicyInfo, see policy_info.h @@ -186,6 +186,13 @@ public: * @return SandboxManagerErrCode, see sandbox_manager_err_code.h */ static int32_t UnSetAllPolicyByToken(uint32_t tokenId, uint64_t timestamp); + /** + * @brief Clear the policys of a given userid + * @param userId a given userid + * @param Policy vector of string, file path + * @return SandboxManagerErrCode, see sandbox_manager_err_code.h + */ + static int32_t CleanPolicyByUser(uint32_t userId, const std::vector &filePathList); }; } // SandboxManager } // AccessControl diff --git a/interfaces/inner_api/sandbox_manager/libsandbox_manager_sdk.map b/interfaces/inner_api/sandbox_manager/libsandbox_manager_sdk.map index 5dcedff..f4d5148 100644 --- a/interfaces/inner_api/sandbox_manager/libsandbox_manager_sdk.map +++ b/interfaces/inner_api/sandbox_manager/libsandbox_manager_sdk.map @@ -43,6 +43,7 @@ "OHOS::AccessControl::SandboxManager::SandboxManagerKit::UnSetAllPolicyByToken(unsigned int)"; "OHOS::AccessControl::SandboxManager::SandboxManagerKit::UnSetAllPolicyByToken(unsigned int, unsigned long)"; "OHOS::AccessControl::SandboxManager::SandboxManagerKit::UnSetAllPolicyByToken(unsigned int, unsigned long long)"; + "OHOS::AccessControl::SandboxManager::SandboxManagerKit::CleanPolicyByUser(unsigned int, std::__h::vector, std::__h::allocator>, std::__h::allocator, std::__h::allocator>>> const&)"; ""; ""; }; diff --git a/services/sandbox_manager/main/cpp/include/service/policy_info_manager.h b/services/sandbox_manager/main/cpp/include/service/policy_info_manager.h index acfa25a..8c87271 100644 --- a/services/sandbox_manager/main/cpp/include/service/policy_info_manager.h +++ b/services/sandbox_manager/main/cpp/include/service/policy_info_manager.h @@ -38,7 +38,14 @@ public: * @param policy vector of string, file path * @return SANDBOX_MANAGER_OK */ - int32_t CleanPersistPolicyByPath(const std::vector& filePaths); + int32_t CleanPersistPolicyByPath(const std::vector &filePaths); + /** + * @brief Clear the policys of a given userid + * @param userId a given userid + * @param policy vector of string, file path + * @return SANDBOX_MANAGER_OK + */ + int32_t CleanPolicyByUser(uint32_t userId, const std::vector &filePaths); /** * @brief Insert policys to database * @param tokenId token id of the object diff --git a/services/sandbox_manager/main/cpp/include/service/sandbox_manager_service.h b/services/sandbox_manager/main/cpp/include/service/sandbox_manager_service.h index d4aa253..49ae2a0 100644 --- a/services/sandbox_manager/main/cpp/include/service/sandbox_manager_service.h +++ b/services/sandbox_manager/main/cpp/include/service/sandbox_manager_service.h @@ -41,7 +41,8 @@ public: void OnStop() override; void OnStart(const SystemAbilityOnDemandReason& startReason) override; - int32_t CleanPersistPolicyByPath(const std::vector& filePathList) override; + int32_t CleanPersistPolicyByPath(const std::vector &filePathList) override; + int32_t CleanPolicyByUser(uint32_t userId, const std::vector &filePathList) override; int32_t PersistPolicy(const PolicyVecRawData &policyRawData, Uint32VecRawData &resultRawData) override; int32_t UnPersistPolicy(const PolicyVecRawData &policyRawData, Uint32VecRawData &resultRawData) override; int32_t PersistPolicyByTokenId( diff --git a/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp b/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp index 7f2a608..8638c0c 100644 --- a/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp +++ b/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp @@ -117,7 +117,7 @@ void PolicyInfoManager::RemoveResultByUserId(std::vector &results } } -int32_t PolicyInfoManager::CleanPersistPolicyByPath(const std::vector& filePathList) +int32_t PolicyInfoManager::CleanPersistPolicyByPath(const std::vector &filePathList) { // clean MAC int32_t userId = 0; @@ -165,6 +165,44 @@ int32_t PolicyInfoManager::CleanPersistPolicyByPath(const std::vector &filePathList) +{ + SANDBOXMANAGER_LOG_INFO(LABEL, "clean policy by userId:%{public}d", userId); + CleanPolicyOnMac(filePathList, userId); + std::vector results; + for (const std::string& path : filePathList) { + uint32_t length = path.length(); + if ((length == 0) || (length > POLICY_PATH_LIMIT)) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Policy path check fail, length = %{public}zu.", path.length()); + continue; + } + std::string pathTmp = AdjustPath(path); + int32_t ret = SandboxManagerRdb::GetInstance().FindSubPath( + SANDBOX_MANAGER_PERSISTED_POLICY, pathTmp, results); + if (ret != SandboxManagerRdb::SUCCESS) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Database operate error."); + } + } + if (results.empty()) { + PolicyOperateInfo info(0, 0, 0, 0); + SandboxManagerDfxHelper::WritePersistPolicyOperateSucc( + OperateTypeEnum::CLEAN_PERSIST_POLICY_BY_PATH, info); + SANDBOXMANAGER_LOG_INFO(LABEL, "No persistence policy was found to delete."); + return SANDBOX_MANAGER_OK; + } + + RemoveResultByUserId(results, userId); + //clear the persistence policy + for (const auto& res: results) { + int32_t ret = SandboxManagerRdb::GetInstance().Remove( + SANDBOX_MANAGER_PERSISTED_POLICY, res); + if (ret != SandboxManagerRdb::SUCCESS) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Delete fail!"); + } + } + return SANDBOX_MANAGER_OK; +} + int32_t PolicyInfoManager::AddPolicy(const uint32_t tokenId, const std::vector &policy, std::vector &result, const uint32_t flag) { @@ -236,7 +274,7 @@ int32_t PolicyInfoManager::AddToDatabaseIfNotDuplicate(const uint32_t tokenId, c SANDBOXMANAGER_LOG_INFO(LABEL, "No policies need to add."); return SANDBOX_MANAGER_OK; } - + for (size_t each : passIndexes) { GenericValues condition; TransferPolicyToGeneric(tokenId, policies[each], condition); diff --git a/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp b/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp index f5ba9c3..86139e0 100644 --- a/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp +++ b/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp @@ -131,7 +131,7 @@ void SandboxManagerService::OnStart(const SystemAbilityOnDemandReason& startReas SANDBOXMANAGER_LOG_INFO(LABEL, "SandboxManagerService start successful."); } -int32_t SandboxManagerService::CleanPersistPolicyByPath(const std::vector& filePathList) +int32_t SandboxManagerService::CleanPersistPolicyByPath(const std::vector &filePathList) { DelayUnloadService(); uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); @@ -147,6 +147,22 @@ int32_t SandboxManagerService::CleanPersistPolicyByPath(const std::vector &filePathList) +{ + DelayUnloadService(); + uint32_t callingTokenId = IPCSkeleton::GetCallingTokenID(); + if (!IsFileManagerCalling(callingTokenId)) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "Permission denied(tokenID=%{public}d)", callingTokenId); + return PERMISSION_DENIED; + } + size_t filePathSize = filePathList.size(); + if (filePathSize == 0) { + SANDBOXMANAGER_LOG_ERROR(LABEL, "FilePath vector size error, size = %{public}zu.", filePathSize); + return INVALID_PARAMTER; + } + return PolicyInfoManager::GetInstance().CleanPolicyByUser(userId, filePathList); +} + int32_t SandboxManagerService::PersistPolicy(const PolicyVecRawData &policyRawData, Uint32VecRawData &resultRawData) { DelayUnloadService(); diff --git a/services/sandbox_manager/test/unittest/sandbox_manager_service_test.cpp b/services/sandbox_manager/test/unittest/sandbox_manager_service_test.cpp index 45d8105..57e2be5 100644 --- a/services/sandbox_manager/test/unittest/sandbox_manager_service_test.cpp +++ b/services/sandbox_manager/test/unittest/sandbox_manager_service_test.cpp @@ -38,6 +38,7 @@ #include "system_ability_definition.h" #include "sandbox_test_common.h" #include "token_setproc.h" +#include "os_account_manager.h" using namespace testing::ext; @@ -514,6 +515,32 @@ HWTEST_F(SandboxManagerServiceTest, SandboxManagerServiceTest013, TestSize.Level SetSelfTokenID(selfTokenId_); } +/** + * @tc.name: SandboxManagerStub015 + * @tc.desc: Test CleanPolicyByUser + * @tc.type: FUNC + * @tc.require: + */ + HWTEST_F(SandboxManagerServiceTest, SandboxManagerStub015, TestSize.Level1) +{ + std::vector paths = {}; + uint32_t fileManagerToken = Security::AccessToken::AccessTokenKit::GetNativeTokenId("file_manager_service"); + EXPECT_EQ(PERMISSION_DENIED, sandboxManagerService_->CleanPersistPolicyByPath(paths)); + SetSelfTokenID(fileManagerToken); + int32_t userId = 0; + int32_t ret = AccountSA::OsAccountManager::GetForegroundOsAccountLocalId(userId); + if (ret != 0) { + userId = 0; // set default userId + } + + int32_t otherUserId = userId++; + EXPECT_EQ(INVALID_PARAMTER, sandboxManagerService_->CleanPolicyByUser(otherUserId, paths)); + // success + std::vector paths1 = {"/A/B" }; + EXPECT_EQ(SANDBOX_MANAGER_OK, sandboxManagerService_->CleanPolicyByUser(userId, paths1)); + SetSelfTokenID(selfTokenId_); +} + /** * @tc.name: SandboxManagerSubscriberTest001 * @tc.desc: Test SandboxManagerCommonEventSubscriber diff --git a/test/fuzztest/innerkits/sandbox_manager/BUILD.gn b/test/fuzztest/innerkits/sandbox_manager/BUILD.gn index 87f71d6..cbddaf5 100644 --- a/test/fuzztest/innerkits/sandbox_manager/BUILD.gn +++ b/test/fuzztest/innerkits/sandbox_manager/BUILD.gn @@ -22,6 +22,7 @@ group("fuzztest") { "checkpersistpolicy_fuzzer:CheckPersistPolicyFuzzTest", "checkpolicy_fuzzer:CheckPolicyFuzzTest", "cleanpersistpolicybypath_fuzzer:CleanPersistPolicyByPathFuzzTest", + "cleanpolicybyuser_fuzzer:CleanPolicyByUserFuzzTest", "persistpolicy_fuzzer:PersistPolicyFuzzTest", "persistpolicytoken_fuzzer:PersistPolicyTokenFuzzTest", "setpolicy_fuzzer:SetPolicyFuzzTest", diff --git a/test/fuzztest/innerkits/sandbox_manager/cleanpolicybyuser_fuzzer/BUILD.gn b/test/fuzztest/innerkits/sandbox_manager/cleanpolicybyuser_fuzzer/BUILD.gn new file mode 100644 index 0000000..b00b225 --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/cleanpolicybyuser_fuzzer/BUILD.gn @@ -0,0 +1,47 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../sandbox_manager.gni") + +ohos_fuzztest("CleanPolicyByUserFuzzTest") { + module_out_path = module_output_path_interface_sandbox + fuzz_config_file = "." + + include_dirs = [ "../../../common" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ + "../../../common/alloc_token.cpp", + "../../../common/fuzz_common.cpp", + "cleanpolicybyuser_fuzzer.cpp", + ] + + deps = [ "${sandbox_manager_path}/frameworks/inner_api/sandbox_manager:libsandbox_manager_sdk" ] + + configs = [ "${sandbox_manager_path}/config:coverage_flags" ] + + external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/innerkits/sandbox_manager/cleanpolicybyuser_fuzzer/cleanpolicybyuser_fuzzer.cpp b/test/fuzztest/innerkits/sandbox_manager/cleanpolicybyuser_fuzzer/cleanpolicybyuser_fuzzer.cpp new file mode 100644 index 0000000..5cf37b7 --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/cleanpolicybyuser_fuzzer/cleanpolicybyuser_fuzzer.cpp @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "cleanpolicybyuser_fuzzer.h" + +#include +#include +#include +#include "accesstoken_kit.h" +#include "fuzz_common.h" +#include "sandbox_manager_kit.h" +#include "token_setproc.h" + +using namespace OHOS::AccessControl::SandboxManager; + +namespace OHOS { +namespace { +static uint32_t SELF_TOKEN = 0; +static uint32_t FILE_MANAGER_TOKEN = 0; +}; + bool CleanPolicyByUserFuzzTest(const uint8_t *data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + FILE_MANAGER_TOKEN = Security::AccessToken::AccessTokenKit::GetNativeTokenId( + "file_manager_service"); + SELF_TOKEN = GetSelfTokenID(); + SetSelfTokenID(FILE_MANAGER_TOKEN); + + std::vector pathList; + PolicyInfoRandomGenerator gen(data, size); + uint32_t userId = gen.GetData(); + gen.GenerateStringVec(pathList); + + SandboxManagerKit::CleanPolicyByUser(userId, pathList); + SetSelfTokenID(SELF_TOKEN); + return true; + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::CleanPolicyByUserFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/innerkits/sandbox_manager/cleanpolicybyuser_fuzzer/cleanpolicybyuser_fuzzer.h b/test/fuzztest/innerkits/sandbox_manager/cleanpolicybyuser_fuzzer/cleanpolicybyuser_fuzzer.h new file mode 100644 index 0000000..85647f2 --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/cleanpolicybyuser_fuzzer/cleanpolicybyuser_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_CLEANPOLICYBYUSER_FUZZER_H +#define TEST_FUZZTEST_CLEANPOLICYBYUSER_FUZZER_H + +#define FUZZ_PROJECT_NAME "cleanpolicybyuser_fuzzer" + +#endif // TEST_FUZZTEST_CLEANPOLICYBYUSER_FUZZER_H diff --git a/test/fuzztest/innerkits/sandbox_manager/cleanpolicybyuser_fuzzer/corpus/init b/test/fuzztest/innerkits/sandbox_manager/cleanpolicybyuser_fuzzer/corpus/init new file mode 100644 index 0000000..e7c3fec --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/cleanpolicybyuser_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/innerkits/sandbox_manager/cleanpolicybyuser_fuzzer/project.xml b/test/fuzztest/innerkits/sandbox_manager/cleanpolicybyuser_fuzzer/project.xml new file mode 100644 index 0000000..7133b2b --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/cleanpolicybyuser_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/sandbox_manager/BUILD.gn b/test/fuzztest/services/sandbox_manager/BUILD.gn index b1d3cef..47eb735 100644 --- a/test/fuzztest/services/sandbox_manager/BUILD.gn +++ b/test/fuzztest/services/sandbox_manager/BUILD.gn @@ -22,6 +22,7 @@ group("fuzztest") { "checkpersistpolicystub_fuzzer:CheckPersistPolicyStubFuzzTest", "checkpolicystub_fuzzer:CheckPolicyStubFuzzTest", "cleanpersistpolicybypathstub_fuzzer:CleanPersistPolicyByPathStubFuzzTest", + "cleanpolicybyuserstub_fuzzer:CleanPolicyByUserStubFuzzTest", "persistpolicystub_fuzzer:PersistPolicyStubFuzzTest", "persistpolicytokenstub_fuzzer:PersistPolicyTokenStubFuzzTest", "setpolicyasyncstub_fuzzer:SetPolicyAsyncStubFuzzTest", diff --git a/test/fuzztest/services/sandbox_manager/cleanpolicybyuserstub_fuzzer/BUILD.gn b/test/fuzztest/services/sandbox_manager/cleanpolicybyuserstub_fuzzer/BUILD.gn new file mode 100644 index 0000000..577e437 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/cleanpolicybyuserstub_fuzzer/BUILD.gn @@ -0,0 +1,45 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../sandbox_manager.gni") +import("../sandbox_manager_service_fuzz.gni") + +ohos_fuzztest("CleanPolicyByUserStubFuzzTest") { + module_out_path = module_output_path_service_sandbox + fuzz_config_file = "." + + include_dirs = [] + include_dirs += sandbox_manager_include_dirs + + sources = [ "cleanpolicybyuserstub_fuzzer.cpp" ] + sources += sandbox_manager_sources + + deps = [] + deps += sandbox_manager_deps + + external_deps = [] + external_deps += sandbox_manager_external_deps + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + configs = [ "${sandbox_manager_path}/config:coverage_flags" ] + + cflags_cc = [ "-DHILOG_ENABLE" ] +} diff --git a/test/fuzztest/services/sandbox_manager/cleanpolicybyuserstub_fuzzer/cleanpolicybyuserstub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/cleanpolicybyuserstub_fuzzer/cleanpolicybyuserstub_fuzzer.cpp new file mode 100644 index 0000000..7e4b132 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/cleanpolicybyuserstub_fuzzer/cleanpolicybyuserstub_fuzzer.cpp @@ -0,0 +1,82 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "cleanpolicybyuserstub_fuzzer.h" + +#include +#include +#include +#include "accesstoken_kit.h" +#include "fuzz_common.h" +#include "isandbox_manager.h" +#include "policy_info_vector_parcel.h" +#define private public +#include "sandbox_manager_service.h" +#undef private +#include "token_setproc.h" + +using namespace OHOS::AccessControl::SandboxManager; + +namespace OHOS { +namespace { +static uint32_t SELF_TOKEN = 0; +static uint32_t FILE_MANAGER_TOKEN = 0; +}; + bool CleanPolicyByUserStubFuzzTest(const uint8_t *data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + FILE_MANAGER_TOKEN = Security::AccessToken::AccessTokenKit::GetNativeTokenId( + "file_manager_service"); + SELF_TOKEN = GetSelfTokenID(); + SetSelfTokenID(FILE_MANAGER_TOKEN); + + std::vector pathList; + PolicyInfoRandomGenerator gen(data, size); + uint32_t userId = gen.GetData(); + gen.GenerateStringVec(pathList); + + MessageParcel datas; + if (!datas.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { + return false; + } + + if (!datas.WriteUint32(userId)) { + return false; + } + + if (!datas.WriteStringVector(pathList)) { + return false; + } + + uint32_t code = static_cast(ISandboxManagerIpcCode::COMMAND_CLEAN_POLICY_BY_USER); + + MessageParcel reply; + MessageOption option; + DelayedSingleton::GetInstance()->Initialize(); + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + SetSelfTokenID(SELF_TOKEN); + return true; + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::CleanPolicyByUserStubFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/cleanpolicybyuserstub_fuzzer/cleanpolicybyuserstub_fuzzer.h b/test/fuzztest/services/sandbox_manager/cleanpolicybyuserstub_fuzzer/cleanpolicybyuserstub_fuzzer.h new file mode 100644 index 0000000..ec48391 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/cleanpolicybyuserstub_fuzzer/cleanpolicybyuserstub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_CLEANPOLICYBYUSERSTUB_FUZZER_H +#define TEST_FUZZTEST_CLEANPOLICYBYUSERSTUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "cleanpolicybyuserstub_fuzzer" + +#endif // TEST_FUZZTEST_CLEANPOLICYBYUSERSTUB_FUZZER_H diff --git a/test/fuzztest/services/sandbox_manager/cleanpolicybyuserstub_fuzzer/corpus/init b/test/fuzztest/services/sandbox_manager/cleanpolicybyuserstub_fuzzer/corpus/init new file mode 100644 index 0000000..e7c3fec --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/cleanpolicybyuserstub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/cleanpolicybyuserstub_fuzzer/project.xml b/test/fuzztest/services/sandbox_manager/cleanpolicybyuserstub_fuzzer/project.xml new file mode 100644 index 0000000..7133b2b --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/cleanpolicybyuserstub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + -- Gitee