From 305a565767d20699e32d68b76a79ef4d9deac991 Mon Sep 17 00:00:00 2001 From: wangchen Date: Thu, 24 Jul 2025 11:43:47 +0800 Subject: [PATCH] =?UTF-8?q?fuzz=E7=94=A8=E4=BE=8B=E6=95=B4=E6=94=B9=20clos?= =?UTF-8?q?e=20#ICOHCG=20Signed-off-by:=20wangchen=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../checkpersistpolicystub_fuzzer.cpp | 10 +++++-- .../checkpolicystub_fuzzer.cpp | 10 +++++-- .../startaccessingpolicystub_fuzzer.cpp | 30 +++++++++++++++---- .../stopaccessingpolicystub_fuzzer.cpp | 10 +++++-- .../unpersistpolicystub_fuzzer.cpp | 12 +++++--- .../unpersistpolicytokenstub_fuzzer.cpp | 9 ++++-- 6 files changed, 60 insertions(+), 21 deletions(-) diff --git a/test/fuzztest/services/sandbox_manager/checkpersistpolicystub_fuzzer/checkpersistpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/checkpersistpolicystub_fuzzer/checkpersistpolicystub_fuzzer.cpp index 10c38f2..8c860a8 100644 --- a/test/fuzztest/services/sandbox_manager/checkpersistpolicystub_fuzzer/checkpersistpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/checkpersistpolicystub_fuzzer/checkpersistpolicystub_fuzzer.cpp @@ -47,13 +47,17 @@ namespace OHOS { return false; } + PolicyVecRawData policyRawData; + policyRawData.Marshalling(policyVec); if (!datas.WriteUint32(tokenId)) { return false; } - PolicyInfoVectorParcel policyInfoParcel; - policyInfoParcel.policyVector = policyVec; - if (!datas.WriteParcelable(&policyInfoParcel)) { + if (!datas.WriteUint32(policyRawData.size)) { + return false; + } + + if (!datas.WriteRawData(policyRawData.data, policyRawData.size)) { return false; } diff --git a/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/checkpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/checkpolicystub_fuzzer.cpp index fe1351b..5300220 100644 --- a/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/checkpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/checkpolicystub_fuzzer.cpp @@ -46,13 +46,17 @@ namespace OHOS { return false; } + PolicyVecRawData policyRawData; + policyRawData.Marshalling(policyVec); if (!datas.WriteUint32(tokenId)) { return false; } - PolicyInfoVectorParcel policyInfoParcel; - policyInfoParcel.policyVector = policyVec; - if (!datas.WriteParcelable(&policyInfoParcel)) { + if (!datas.WriteUint32(policyRawData.size)) { + return false; + } + + if (!datas.WriteRawData(policyRawData.data, policyRawData.size)) { return false; } diff --git a/test/fuzztest/services/sandbox_manager/startaccessingpolicystub_fuzzer/startaccessingpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/startaccessingpolicystub_fuzzer/startaccessingpolicystub_fuzzer.cpp index 88e64eb..16bb23a 100644 --- a/test/fuzztest/services/sandbox_manager/startaccessingpolicystub_fuzzer/startaccessingpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/startaccessingpolicystub_fuzzer/startaccessingpolicystub_fuzzer.cpp @@ -25,6 +25,8 @@ #define private public #include "sandbox_manager_service.h" #undef private +#include "accesstoken_kit.h" +#include "token_setproc.h" using namespace OHOS::AccessControl::SandboxManager; @@ -39,18 +41,36 @@ namespace OHOS { std::vector result; PolicyInfoRandomGenerator gen(data, size); gen.GeneratePolicyInfoVec(policyVec); + uint32_t tokenId = GetSelfTokenID(); MessageParcel datas; if (!datas.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { return false; } - PolicyInfoVectorParcel policyInfoParcel; - policyInfoParcel.policyVector = policyVec; - if (!datas.WriteParcelable(&policyInfoParcel)) { + PolicyVecRawData policyRawData; + policyRawData.Marshalling(policyVec); + if (!datas.WriteUint32(policyRawData.size)) { + return false; + } + + if (!datas.WriteRawData(policyRawData.data, policyRawData.size)) { + return false; + } + + uint32_t useCallerToken = gen.GetData(); + if (!datas.WriteUint32(useCallerToken)) { + return false; + } + + if (!datas.WriteUint32(tokenId)) { + return false; + } + + uint32_t timestamp = gen.GetData(); + if (!datas.WriteUint64(timestamp)) { return false; } - uint32_t code = static_cast(ISandboxManagerIpcCode::COMMAND_START_ACCESSING_POLICY); MessageParcel reply; @@ -73,4 +93,4 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) /* Run your code on data */ OHOS::StartAccessingPolicyStubFuzzTest(data, size); return 0; -} \ No newline at end of file +} diff --git a/test/fuzztest/services/sandbox_manager/stopaccessingpolicystub_fuzzer/stopaccessingpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/stopaccessingpolicystub_fuzzer/stopaccessingpolicystub_fuzzer.cpp index 6a28961..404f5b2 100644 --- a/test/fuzztest/services/sandbox_manager/stopaccessingpolicystub_fuzzer/stopaccessingpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/stopaccessingpolicystub_fuzzer/stopaccessingpolicystub_fuzzer.cpp @@ -45,9 +45,13 @@ namespace OHOS { return false; } - PolicyInfoVectorParcel policyInfoParcel; - policyInfoParcel.policyVector = policyVec; - if (!datas.WriteParcelable(&policyInfoParcel)) { + PolicyVecRawData policyRawData; + policyRawData.Marshalling(policyVec); + if (!datas.WriteUint32(policyRawData.size)) { + return false; + } + + if (!datas.WriteRawData(policyRawData.data, policyRawData.size)) { return false; } diff --git a/test/fuzztest/services/sandbox_manager/unpersistpolicystub_fuzzer/unpersistpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/unpersistpolicystub_fuzzer/unpersistpolicystub_fuzzer.cpp index 03a7247..f010edc 100644 --- a/test/fuzztest/services/sandbox_manager/unpersistpolicystub_fuzzer/unpersistpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/unpersistpolicystub_fuzzer/unpersistpolicystub_fuzzer.cpp @@ -45,9 +45,13 @@ namespace OHOS { return false; } - PolicyInfoVectorParcel policyInfoParcel; - policyInfoParcel.policyVector = policyVec; - if (!datas.WriteParcelable(&policyInfoParcel)) { + PolicyVecRawData policyRawData; + policyRawData.Marshalling(policyVec); + if (!datas.WriteUint32(policyRawData.size)) { + return false; + } + + if (!datas.WriteRawData(policyRawData.data, policyRawData.size)) { return false; } @@ -73,4 +77,4 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) /* Run your code on data */ OHOS::UnpersistPolicyStubFuzzTest(data, size); return 0; -} \ No newline at end of file +} diff --git a/test/fuzztest/services/sandbox_manager/unpersistpolicytokenstub_fuzzer/unpersistpolicytokenstub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/unpersistpolicytokenstub_fuzzer/unpersistpolicytokenstub_fuzzer.cpp index 9fcc43d..cb6d195 100644 --- a/test/fuzztest/services/sandbox_manager/unpersistpolicytokenstub_fuzzer/unpersistpolicytokenstub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/unpersistpolicytokenstub_fuzzer/unpersistpolicytokenstub_fuzzer.cpp @@ -41,6 +41,8 @@ namespace OHOS { uint32_t tokenId = gen.GetData(); gen.GeneratePolicyInfoVec(policyVec); + PolicyVecRawData policyRawData; + policyRawData.Marshalling(policyVec); MessageParcel datas; if (!datas.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { return false; @@ -50,12 +52,13 @@ namespace OHOS { return false; } - PolicyInfoVectorParcel policyInfoParcel; - policyInfoParcel.policyVector = policyVec; - if (!datas.WriteParcelable(&policyInfoParcel)) { + if (!datas.WriteUint32(policyRawData.size)) { return false; } + if (!datas.WriteRawData(policyRawData.data, policyRawData.size)) { + return false; + } uint32_t code = static_cast(ISandboxManagerIpcCode::COMMAND_UN_PERSIST_POLICY_BY_TOKEN_ID); MessageParcel reply; -- Gitee