diff --git a/test/fuzztest/services/sandbox_manager/BUILD.gn b/test/fuzztest/services/sandbox_manager/BUILD.gn index 7a6514e7741a391c3a0153c99119a540eb44ad73..7359e2888bbc2b1ca05acbb5e614a1723538435e 100644 --- a/test/fuzztest/services/sandbox_manager/BUILD.gn +++ b/test/fuzztest/services/sandbox_manager/BUILD.gn @@ -35,5 +35,7 @@ group("fuzztest") { "unsetallpolicybytokenstub_fuzzer:UnsetAllPolicyByTokenStubFuzzTest", "unsetpolicyasyncstub_fuzzer:UnsetPolicyAsyncStubFuzzTest", "unsetpolicystub_fuzzer:UnsetPolicyStubFuzzTest", + "setpolicybybundlenamestub_fuzzer:SetPolicyByBundleNameStubFuzzTest", + "startbyeventaction_fuzzer:StartByEventActionFuzzTest" ] } diff --git a/test/fuzztest/services/sandbox_manager/checkpersistpolicystub_fuzzer/checkpersistpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/checkpersistpolicystub_fuzzer/checkpersistpolicystub_fuzzer.cpp index 192ce5ff55db27183be5300328cb9967ef2f8d9e..10c38f2df62e8bab0843fb7d4ad35f3f701dd08e 100644 --- a/test/fuzztest/services/sandbox_manager/checkpersistpolicystub_fuzzer/checkpersistpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/checkpersistpolicystub_fuzzer/checkpersistpolicystub_fuzzer.cpp @@ -24,6 +24,8 @@ #define private public #include "sandbox_manager_service.h" #undef private +#include "accesstoken_kit.h" +#include "token_setproc.h" using namespace OHOS::AccessControl::SandboxManager; @@ -37,7 +39,7 @@ namespace OHOS { std::vector policyVec; std::vector result; PolicyInfoRandomGenerator gen(data, size); - uint32_t tokenId = gen.GetData(); + uint32_t tokenId = GetSelfTokenID(); gen.GeneratePolicyInfoVec(policyVec); MessageParcel datas; diff --git a/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/checkpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/checkpolicystub_fuzzer.cpp index 2462ab6e57c2ea4b8189e349d773acb37df1b015..fe1351bade0ef2f1984da2c466fe7a245baadf24 100644 --- a/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/checkpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/checkpolicystub_fuzzer.cpp @@ -24,6 +24,8 @@ #define private public #include "sandbox_manager_service.h" #undef private +#include "accesstoken_kit.h" +#include "token_setproc.h" using namespace OHOS::AccessControl::SandboxManager; @@ -36,7 +38,7 @@ namespace OHOS { std::vector policyVec; PolicyInfoRandomGenerator gen(data, size); - uint32_t tokenId = gen.GetData(); + uint32_t tokenId = GetSelfTokenID(); gen.GeneratePolicyInfoVec(policyVec); MessageParcel datas; diff --git a/test/fuzztest/services/sandbox_manager/persistpolicystub_fuzzer/persistpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/persistpolicystub_fuzzer/persistpolicystub_fuzzer.cpp index d799042c8d454d2dc5bfa3132f7e17d82f683aa1..d9a66f585e22ec112882ae842bb5df81abd349cb 100644 --- a/test/fuzztest/services/sandbox_manager/persistpolicystub_fuzzer/persistpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/persistpolicystub_fuzzer/persistpolicystub_fuzzer.cpp @@ -46,9 +46,13 @@ namespace OHOS { return false; } - PolicyInfoVectorParcel policyInfoParcel; - policyInfoParcel.policyVector = policyVec; - if (!datas.WriteParcelable(&policyInfoParcel)) { + PolicyVecRawData policyRawData; + policyRawData.Marshalling(policyVec); + if (!datas.WriteUint32(policyRawData.size)) { + return false; + } + + if (!datas.WriteRawData(policyRawData.data, policyRawData.size)) { return false; } diff --git a/test/fuzztest/services/sandbox_manager/persistpolicytokenstub_fuzzer/persistpolicytokenstub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/persistpolicytokenstub_fuzzer/persistpolicytokenstub_fuzzer.cpp index 886cb39c638c56af36b55a7d52a05e4ee67cfc5f..af762491d7c413cee8ab5b928a47886ac01c6296 100644 --- a/test/fuzztest/services/sandbox_manager/persistpolicytokenstub_fuzzer/persistpolicytokenstub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/persistpolicytokenstub_fuzzer/persistpolicytokenstub_fuzzer.cpp @@ -51,9 +51,13 @@ namespace OHOS { return false; } - PolicyInfoVectorParcel policyInfoParcel; - policyInfoParcel.policyVector = policyVec; - if (!datas.WriteParcelable(&policyInfoParcel)) { + PolicyVecRawData policyRawData; + policyRawData.Marshalling(policyVec); + if (!datas.WriteUint32(policyRawData.size)) { + return false; + } + + if (!datas.WriteRawData(policyRawData.data, policyRawData.size)) { return false; } diff --git a/test/fuzztest/services/sandbox_manager/setpolicybybundlenamestub_fuzzer/BUILD.gn b/test/fuzztest/services/sandbox_manager/setpolicybybundlenamestub_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..f1b18827bc0bd5d1ba7e4a9f9f87cb2f2daa7fec --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/setpolicybybundlenamestub_fuzzer/BUILD.gn @@ -0,0 +1,45 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../sandbox_manager.gni") +import("../sandbox_manager_service_fuzz.gni") + +ohos_fuzztest("SetPolicyByBundleNameStubFuzzTest") { + module_out_path = module_output_path_service_sandbox + fuzz_config_file = "." + + include_dirs = [] + include_dirs += sandbox_manager_include_dirs + + sources = [ "setpolicybybundlenamestub_fuzzer.cpp" ] + sources += sandbox_manager_sources + + deps = [] + deps += sandbox_manager_deps + + external_deps = [] + external_deps += sandbox_manager_external_deps + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + configs = [ "${sandbox_manager_path}/config:coverage_flags" ] + + cflags_cc = [ "-DHILOG_ENABLE" ] +} diff --git a/test/fuzztest/services/sandbox_manager/setpolicybybundlenamestub_fuzzer/corpus/init b/test/fuzztest/services/sandbox_manager/setpolicybybundlenamestub_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..e010f5889b59a772ce45fc45b17e8a578984479c --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/setpolicybybundlenamestub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/setpolicybybundlenamestub_fuzzer/project.xml b/test/fuzztest/services/sandbox_manager/setpolicybybundlenamestub_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..7133b2b92440904a5ed04b838733acea0f97486a --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/setpolicybybundlenamestub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/sandbox_manager/setpolicybybundlenamestub_fuzzer/setpolicybybundlenamestub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/setpolicybybundlenamestub_fuzzer/setpolicybybundlenamestub_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..7f9c1a4c37856df1c7ddac184c6bcd5a8751fd32 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/setpolicybybundlenamestub_fuzzer/setpolicybybundlenamestub_fuzzer.cpp @@ -0,0 +1,100 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "setpolicybybundlenamestub_fuzzer.h" + +#include +#include +#include +#include "accesstoken_kit.h" +#include "fuzz_common.h" +#include "isandbox_manager.h" +#include "policy_info_vector_parcel.h" +#define private public +#include "sandbox_manager_service.h" +#undef private +#include "token_setproc.h" + +using namespace OHOS::AccessControl::SandboxManager; + +namespace OHOS { +namespace { +static uint32_t SELF_TOKEN = 0; +static uint32_t FILE_MANAGER_TOKEN = 0; +}; + bool SetPolicyByBundleNameStubFuzzTest(const uint8_t *data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + + FILE_MANAGER_TOKEN = Security::AccessToken::AccessTokenKit::GetNativeTokenId( + "file_manager_service"); + SELF_TOKEN = GetSelfTokenID(); + SetSelfTokenID(FILE_MANAGER_TOKEN); + + std::vector policyVec; + std::string name; + PolicyInfoRandomGenerator gen(data, size); + + uint64_t policyFlag = gen.GetData() % 2; // 2 is flag max + int32_t appCloneIndex = gen.GetData(); + gen.GenerateString(name); + gen.GeneratePolicyInfoVec(policyVec); + + MessageParcel datas; + if (!datas.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { + return false; + } + + if (!datas.WriteString16(Str8ToStr16(name))) { + return false; + } + + if (!datas.WriteInt32(appCloneIndex)) { + return false; + } + + PolicyVecRawData policyRawData; + policyRawData.Marshalling(policyVec); + if (!datas.WriteUint32(policyRawData.size)) { + return false; + } + + if (!datas.WriteRawData(policyRawData.data, policyRawData.size)) { + return false; + } + + if (!datas.WriteUint64(policyFlag)) { + return false; + } + + uint32_t code = static_cast(ISandboxManagerIpcCode::COMMAND_SET_POLICY_BY_BUNDLE_NAME); + MessageParcel reply; + MessageOption option; + DelayedSingleton::GetInstance()->Initialize(); + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + SetSelfTokenID(SELF_TOKEN); + return true; + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::SetPolicyByBundleNameStubFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/setpolicybybundlenamestub_fuzzer/setpolicybybundlenamestub_fuzzer.h b/test/fuzztest/services/sandbox_manager/setpolicybybundlenamestub_fuzzer/setpolicybybundlenamestub_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..11a498fd4bfe157f91bb4b6bc415ba10e4f825b5 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/setpolicybybundlenamestub_fuzzer/setpolicybybundlenamestub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_SETPOLICYBYBUNDLENAME_FUZZER_H +#define TEST_FUZZTEST_SETPOLICYBYBUNDLENAME_FUZZER_H + +#define FUZZ_PROJECT_NAME "setpolicybybundlenamestub_fuzzer" + +#endif // TEST_FUZZTEST_SETPOLICYBYBUNDLENAME_FUZZER_H diff --git a/test/fuzztest/services/sandbox_manager/setpolicystub_fuzzer/setpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/setpolicystub_fuzzer/setpolicystub_fuzzer.cpp index 01eba81ebd28a9afa96b49257bbcf366d722c360..0b6a77d79777437900a083eff1b7a68adb1aef1b 100644 --- a/test/fuzztest/services/sandbox_manager/setpolicystub_fuzzer/setpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/setpolicystub_fuzzer/setpolicystub_fuzzer.cpp @@ -51,9 +51,13 @@ namespace OHOS { return false; } - PolicyInfoVectorParcel policyInfoParcel; - policyInfoParcel.policyVector = policyVec; - if (!datas.WriteParcelable(&policyInfoParcel)) { + PolicyVecRawData policyRawData; + policyRawData.Marshalling(policyVec); + if (!datas.WriteUint32(policyRawData.size)) { + return false; + } + + if (!datas.WriteRawData(policyRawData.data, policyRawData.size)) { return false; } diff --git a/test/fuzztest/services/sandbox_manager/startbyeventaction_fuzzer/BUILD.gn b/test/fuzztest/services/sandbox_manager/startbyeventaction_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..bdabd61f70aed9d98e17297fb9e85c6ab1d349d0 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/startbyeventaction_fuzzer/BUILD.gn @@ -0,0 +1,48 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../sandbox_manager.gni") +import("../sandbox_manager_service_fuzz.gni") + +ohos_fuzztest("StartByEventActionFuzzTest") { + module_out_path = module_output_path_service_sandbox + fuzz_config_file = "." + + include_dirs = [ "../../../common" ] + include_dirs += sandbox_manager_include_dirs + + sources = [ "startbyeventaction_fuzzer.cpp" ] + sources += sandbox_manager_sources + + deps = [] + deps += sandbox_manager_deps + + external_deps = [ + "access_token:libnativetoken", + "access_token:libtoken_setproc", + ] + external_deps += sandbox_manager_external_deps + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + configs = [ "${sandbox_manager_path}/config:coverage_flags" ] + + cflags_cc = [ "-DHILOG_ENABLE" ] +} diff --git a/test/fuzztest/services/sandbox_manager/startbyeventaction_fuzzer/corpus/init b/test/fuzztest/services/sandbox_manager/startbyeventaction_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..e010f5889b59a772ce45fc45b17e8a578984479c --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/startbyeventaction_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/startbyeventaction_fuzzer/project.xml b/test/fuzztest/services/sandbox_manager/startbyeventaction_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..7133b2b92440904a5ed04b838733acea0f97486a --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/startbyeventaction_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/sandbox_manager/startbyeventaction_fuzzer/startbyeventaction_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/startbyeventaction_fuzzer/startbyeventaction_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..d69bfae0d252e62814488ac9fa39bef001b3c74a --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/startbyeventaction_fuzzer/startbyeventaction_fuzzer.cpp @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "startbyeventaction_fuzzer.h" + +#include +#include +#include +#include "alloc_token.h" +#include "fuzz_common.h" +#include "isandbox_manager.h" +#include "policy_info_parcel.h" +#define private public +#include "sandbox_manager_service.h" +#undef private + +using namespace OHOS::AccessControl::SandboxManager; + +namespace OHOS { + bool StartByEventActionFuzzTest(const uint8_t *data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + PolicyInfoRandomGenerator gen(data, size); + std::string name; + std::string name1; + std::string name2; + gen.GenerateString(name); + gen.GenerateString(name1); + gen.GenerateString(name2); + + SystemAbilityOnDemandReason startReason; + startReason.SetName(name.c_str()); + DelayedSingleton::GetInstance()->StartByEventAction(startReason); + + std::map want = {{name1.c_str(), name2.c_str()}}; + OnDemandReasonExtraData extraData2(0, "test", want); + startReason.SetExtraData(extraData2); + DelayedSingleton::GetInstance()->StartByEventAction(startReason); + return true; + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::StartByEventActionFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/startbyeventaction_fuzzer/startbyeventaction_fuzzer.h b/test/fuzztest/services/sandbox_manager/startbyeventaction_fuzzer/startbyeventaction_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..463157b9bcfd27027fbbd9cfa62c0c529d47574b --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/startbyeventaction_fuzzer/startbyeventaction_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_STARTBYEVENTACTION_FUZZER_H +#define TEST_FUZZTEST_STARTBYEVENTACTION_FUZZER_H + +#define FUZZ_PROJECT_NAME "startbyeventaction_fuzzer" + +#endif // TEST_FUZZTEST_STARTBYEVENTACTION_FUZZER_H