diff --git a/test/fuzztest/services/sandbox_manager/BUILD.gn b/test/fuzztest/services/sandbox_manager/BUILD.gn index 40b5f691ca0868982c48763c2af8ab4b852396e5..b1d3cef4b8fe64c5f8a7ceafed30ac602e6e4a82 100644 --- a/test/fuzztest/services/sandbox_manager/BUILD.gn +++ b/test/fuzztest/services/sandbox_manager/BUILD.gn @@ -20,12 +20,19 @@ group("fuzztest") { deps += [ # deps file "checkpersistpolicystub_fuzzer:CheckPersistPolicyStubFuzzTest", + "checkpolicystub_fuzzer:CheckPolicyStubFuzzTest", + "cleanpersistpolicybypathstub_fuzzer:CleanPersistPolicyByPathStubFuzzTest", "persistpolicystub_fuzzer:PersistPolicyStubFuzzTest", "persistpolicytokenstub_fuzzer:PersistPolicyTokenStubFuzzTest", + "setpolicyasyncstub_fuzzer:SetPolicyAsyncStubFuzzTest", "setpolicystub_fuzzer:SetPolicyStubFuzzTest", + "startaccessingbytokenidstub_fuzzer:StartAccessingByTokenidStubFuzzTest", "startaccessingpolicystub_fuzzer:StartAccessingPolicyStubFuzzTest", "stopaccessingpolicystub_fuzzer:StopAccessingPolicyStubFuzzTest", "unpersistpolicystub_fuzzer:UnPersistPolicyStubFuzzTest", "unpersistpolicytokenstub_fuzzer:UnpersistPolicyTokenStubFuzzTest", + "unsetallpolicybytokenstub_fuzzer:UnsetAllPolicyByTokenStubFuzzTest", + "unsetpolicyasyncstub_fuzzer:UnsetPolicyAsyncStubFuzzTest", + "unsetpolicystub_fuzzer:UnsetPolicyStubFuzzTest", ] } diff --git a/test/fuzztest/services/sandbox_manager/checkpersistpolicystub_fuzzer/checkpersistpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/checkpersistpolicystub_fuzzer/checkpersistpolicystub_fuzzer.cpp index a9761a6ef9340b2b21c56068bd9c4e183510f8d2..155871b3fe4bec3782a9f2305b5fc429207c00df 100644 --- a/test/fuzztest/services/sandbox_manager/checkpersistpolicystub_fuzzer/checkpersistpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/checkpersistpolicystub_fuzzer/checkpersistpolicystub_fuzzer.cpp @@ -18,6 +18,7 @@ #include #include #include +#include "fuzz_common.h" #include "i_sandbox_manager.h" #include "policy_info_vector_parcel.h" #include "sandboxmanager_service_ipc_interface_code.h" @@ -34,20 +35,16 @@ namespace OHOS { std::vector policyVec; std::vector result; - uint64_t tokenId = static_cast(size); - - PolicyInfo policy = { - .path = std::string(reinterpret_cast(data), size), - .mode = static_cast(size), - }; - policyVec.emplace_back(policy); + PolicyInfoRandomGenerator gen(data, size); + uint32_t tokenId = gen.GetData(); + gen.GeneratePolicyInfoVec(policyVec); MessageParcel datas; if (!datas.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { return false; } - if (!datas.WriteUint64(tokenId)) { + if (!datas.WriteUint32(tokenId)) { return false; } diff --git a/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/BUILD.gn b/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..237549146b60a14d598f94790ecf8442135ce963 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/BUILD.gn @@ -0,0 +1,45 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../sandbox_manager.gni") +import("../sandbox_manager_service_fuzz.gni") + +ohos_fuzztest("CheckPolicyStubFuzzTest") { + module_out_path = module_output_path_interface_sandbox + fuzz_config_file = "." + + include_dirs = [] + include_dirs += sandbox_manager_include_dirs + + sources = [ "checkpolicystub_fuzzer.cpp" ] + sources += sandbox_manager_sources + + deps = [] + deps += sandbox_manager_deps + + external_deps = [] + external_deps += sandbox_manager_external_deps + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + configs = [ "${sandbox_manager_path}/config:coverage_flags" ] + + cflags_cc = [ "-DHILOG_ENABLE" ] +} diff --git a/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/checkpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/checkpolicystub_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..d8b2b0806e908a5077de1afeb5b9d96a04e21981 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/checkpolicystub_fuzzer.cpp @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "checkpolicystub_fuzzer.h" + +#include +#include +#include +#include "fuzz_common.h" +#include "i_sandbox_manager.h" +#include "policy_info_vector_parcel.h" +#include "sandboxmanager_service_ipc_interface_code.h" +#include "sandbox_manager_service.h" + +using namespace OHOS::AccessControl::SandboxManager; + +namespace OHOS { + bool CheckPolicyStubFuzzTest(const uint8_t *data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + + std::vector policyVec; + PolicyInfoRandomGenerator gen(data, size); + uint32_t tokenId = gen.GetData(); + gen.GeneratePolicyInfoVec(policyVec); + + MessageParcel datas; + if (!datas.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { + return false; + } + + if (!datas.WriteUint32(tokenId)) { + return false; + } + + PolicyInfoVectorParcel policyInfoParcel; + policyInfoParcel.policyVector = policyVec; + if (!datas.WriteParcelable(&policyInfoParcel)) { + return false; + } + + uint32_t code = static_cast(SandboxManagerInterfaceCode::CHECK_POLICY); + + MessageParcel reply; + MessageOption option; + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + return true; + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::CheckPolicyStubFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/checkpolicystub_fuzzer.h b/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/checkpolicystub_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..d4669f407a9fe418b08c5c311084e81a1f2e30b0 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/checkpolicystub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_CHECKPOLICYSTUB_FUZZER_H +#define TEST_FUZZTEST_CHECKPOLICYSTUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "checkpolicystub_fuzzer" + +#endif // TEST_FUZZTEST_CHECKPOLICYSTUB_FUZZER_H \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/corpus/init b/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..e7c3fecd8d4d4816e40088113a2316bb9eb2e13f --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/project.xml b/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..7133b2b92440904a5ed04b838733acea0f97486a --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/checkpolicystub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/sandbox_manager/cleanpersistpolicybypathstub_fuzzer/BUILD.gn b/test/fuzztest/services/sandbox_manager/cleanpersistpolicybypathstub_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..016c7ce06170651e240ec4f4570e249acb7994bb --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/cleanpersistpolicybypathstub_fuzzer/BUILD.gn @@ -0,0 +1,45 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../sandbox_manager.gni") +import("../sandbox_manager_service_fuzz.gni") + +ohos_fuzztest("CleanPersistPolicyByPathStubFuzzTest") { + module_out_path = module_output_path_interface_sandbox + fuzz_config_file = "." + + include_dirs = [] + include_dirs += sandbox_manager_include_dirs + + sources = [ "cleanpersistpolicybypathstub_fuzzer.cpp" ] + sources += sandbox_manager_sources + + deps = [] + deps += sandbox_manager_deps + + external_deps = [] + external_deps += sandbox_manager_external_deps + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + configs = [ "${sandbox_manager_path}/config:coverage_flags" ] + + cflags_cc = [ "-DHILOG_ENABLE" ] +} diff --git a/test/fuzztest/services/sandbox_manager/cleanpersistpolicybypathstub_fuzzer/cleanpersistpolicybypathstub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/cleanpersistpolicybypathstub_fuzzer/cleanpersistpolicybypathstub_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..be12a5c505f91616e3b8fb9838eb0122b529d884 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/cleanpersistpolicybypathstub_fuzzer/cleanpersistpolicybypathstub_fuzzer.cpp @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "cleanpersistpolicybypathstub_fuzzer.h" + +#include +#include +#include +#include "accesstoken_kit.h" +#include "fuzz_common.h" +#include "i_sandbox_manager.h" +#include "policy_info_vector_parcel.h" +#include "sandboxmanager_service_ipc_interface_code.h" +#include "sandbox_manager_service.h" +#include "token_setproc.h" + +using namespace OHOS::AccessControl::SandboxManager; + +namespace OHOS { +namespace { +static uint32_t SELF_TOKEN = 0; +static uint32_t FILE_MANAGER_TOKEN = 0; +}; + bool CleanPersistPolicyByPathStubFuzzTest(const uint8_t *data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + FILE_MANAGER_TOKEN = Security::AccessToken::AccessTokenKit::GetNativeTokenId( + "file_manager_service"); + SELF_TOKEN = GetSelfTokenID(); + SetSelfTokenID(FILE_MANAGER_TOKEN); + + std::vector pathList; + PolicyInfoRandomGenerator gen(data, size); + gen.GenerateStringVec(pathList); + + MessageParcel datas; + if (!datas.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { + return false; + } + + if (!datas.WriteStringVector(pathList)) { + return false; + } + + uint32_t code = static_cast(SandboxManagerInterfaceCode::CLEAN_PERSIST_POLICY_BY_PATH); + + MessageParcel reply; + MessageOption option; + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + SetSelfTokenID(SELF_TOKEN); + return true; + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::CleanPersistPolicyByPathStubFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/cleanpersistpolicybypathstub_fuzzer/cleanpersistpolicybypathstub_fuzzer.h b/test/fuzztest/services/sandbox_manager/cleanpersistpolicybypathstub_fuzzer/cleanpersistpolicybypathstub_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..14177f30c396effc5508e0d7b9ade4e22927c279 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/cleanpersistpolicybypathstub_fuzzer/cleanpersistpolicybypathstub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_CLEANPERSISTPOLICYBYPATHSTUB_FUZZER_H +#define TEST_FUZZTEST_CLEANPERSISTPOLICYBYPATHSTUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "cleanpersistpolicybypathstub_fuzzer" + +#endif // TEST_FUZZTEST_CLEANPERSISTPOLICYBYPATHSTUB_FUZZER_H diff --git a/test/fuzztest/services/sandbox_manager/cleanpersistpolicybypathstub_fuzzer/corpus/init b/test/fuzztest/services/sandbox_manager/cleanpersistpolicybypathstub_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..e7c3fecd8d4d4816e40088113a2316bb9eb2e13f --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/cleanpersistpolicybypathstub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/cleanpersistpolicybypathstub_fuzzer/project.xml b/test/fuzztest/services/sandbox_manager/cleanpersistpolicybypathstub_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..7133b2b92440904a5ed04b838733acea0f97486a --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/cleanpersistpolicybypathstub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/sandbox_manager/persistpolicystub_fuzzer/BUILD.gn b/test/fuzztest/services/sandbox_manager/persistpolicystub_fuzzer/BUILD.gn index 7277858e0363410573f96da12dff201e5b56197f..90c4f592fae33252f50fb92f14dc0746b5a3fe5c 100644 --- a/test/fuzztest/services/sandbox_manager/persistpolicystub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/sandbox_manager/persistpolicystub_fuzzer/BUILD.gn @@ -23,10 +23,7 @@ ohos_fuzztest("PersistPolicyStubFuzzTest") { include_dirs = [ "../../../common" ] include_dirs += sandbox_manager_include_dirs - sources = [ - "../../../common/alloc_token.cpp", - "persistpolicystub_fuzzer.cpp", - ] + sources = [ "persistpolicystub_fuzzer.cpp" ] sources += sandbox_manager_sources deps = [] diff --git a/test/fuzztest/services/sandbox_manager/persistpolicystub_fuzzer/persistpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/persistpolicystub_fuzzer/persistpolicystub_fuzzer.cpp index 109e51514cf915bcd1902b9792484cedf5d66cec..64e081b132ea05cefa3198bbef583181b1ac0fd6 100644 --- a/test/fuzztest/services/sandbox_manager/persistpolicystub_fuzzer/persistpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/persistpolicystub_fuzzer/persistpolicystub_fuzzer.cpp @@ -19,6 +19,7 @@ #include #include #include "alloc_token.h" +#include "fuzz_common.h" #include "i_sandbox_manager.h" #include "policy_info_vector_parcel.h" #include "sandboxmanager_service_ipc_interface_code.h" @@ -35,13 +36,9 @@ namespace OHOS { std::vector policyVec; std::vector result; + PolicyInfoRandomGenerator gen(data, size); - PolicyInfo policy = { - .path = std::string(reinterpret_cast(data), size), - .mode = static_cast(size), - }; - - policyVec.emplace_back(policy); + gen.GeneratePolicyInfoVec(policyVec); MessageParcel datas; if (!datas.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { diff --git a/test/fuzztest/services/sandbox_manager/persistpolicytokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/sandbox_manager/persistpolicytokenstub_fuzzer/BUILD.gn index f51758b3d8f53058ec4007aa25f2c5073d7c086e..25dc18d1d388658d1e6525f7ab7235f66ee436b0 100644 --- a/test/fuzztest/services/sandbox_manager/persistpolicytokenstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/sandbox_manager/persistpolicytokenstub_fuzzer/BUILD.gn @@ -23,10 +23,7 @@ ohos_fuzztest("PersistPolicyTokenStubFuzzTest") { include_dirs = [ "../../../common" ] include_dirs += sandbox_manager_include_dirs - sources = [ - "../../../common/alloc_token.cpp", - "persistpolicytokenstub_fuzzer.cpp", - ] + sources = [ "persistpolicytokenstub_fuzzer.cpp" ] sources += sandbox_manager_sources deps = [] diff --git a/test/fuzztest/services/sandbox_manager/persistpolicytokenstub_fuzzer/persistpolicytokenstub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/persistpolicytokenstub_fuzzer/persistpolicytokenstub_fuzzer.cpp index 006677324115caa678399ee48aacc585323c3dcd..dd91b59270f4b431fb9014a4549a74fea94801de 100644 --- a/test/fuzztest/services/sandbox_manager/persistpolicytokenstub_fuzzer/persistpolicytokenstub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/persistpolicytokenstub_fuzzer/persistpolicytokenstub_fuzzer.cpp @@ -19,6 +19,7 @@ #include #include #include "alloc_token.h" +#include "fuzz_common.h" #include "i_sandbox_manager.h" #include "policy_info_vector_parcel.h" #include "sandboxmanager_service_ipc_interface_code.h" @@ -35,20 +36,17 @@ namespace OHOS { std::vector policyVec; std::vector result; - uint64_t tokenId = static_cast(size); + PolicyInfoRandomGenerator gen(data, size); + uint32_t tokenId = gen.GetData(); - PolicyInfo policy = { - .path = std::string(reinterpret_cast(data), size), - .mode = static_cast(size), - }; - policyVec.emplace_back(policy); + gen.GeneratePolicyInfoVec(policyVec); MessageParcel datas; if (!datas.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { return false; } - if (!datas.WriteUint64(tokenId)) { + if (!datas.WriteUint32(tokenId)) { return false; } diff --git a/test/fuzztest/services/sandbox_manager/sandbox_manager_service_fuzz.gni b/test/fuzztest/services/sandbox_manager/sandbox_manager_service_fuzz.gni index e683e65d783fc65fe94c7a409706d3103c870a82..93bf102b7b2a34afa80dde8c98cc93baa966f89c 100644 --- a/test/fuzztest/services/sandbox_manager/sandbox_manager_service_fuzz.gni +++ b/test/fuzztest/services/sandbox_manager/sandbox_manager_service_fuzz.gni @@ -22,6 +22,7 @@ sandbox_manager_include_dirs = [ "${sandbox_manager_path}/services/sandbox_manager/main/cpp/include/sensitive", "${sandbox_manager_path}/services/sandbox_manager/main/cpp/include/service", "${sandbox_manager_path}/services/sandbox_manager/main/cpp/include/mac", + "../../../common/", ] sandbox_manager_sources = [ @@ -36,6 +37,8 @@ sandbox_manager_sources = [ "${sandbox_manager_path}/services/sandbox_manager/main/cpp/src/service/policy_info_manager.cpp", "${sandbox_manager_path}/services/sandbox_manager/main/cpp/src/service/sandbox_manager_service.cpp", "${sandbox_manager_path}/services/sandbox_manager/main/cpp/src/service/sandbox_manager_stub.cpp", + "${sandbox_manager_path}/test/fuzztest/common/alloc_token.cpp", + "${sandbox_manager_path}/test/fuzztest/common/fuzz_common.cpp", ] sandbox_manager_deps = [ @@ -48,6 +51,8 @@ sandbox_manager_deps = [ sandbox_manager_external_deps = [ "ability_base:want", "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", "c_utils:utils", "common_event_service:cesfwk_core", "common_event_service:cesfwk_innerkits", diff --git a/test/fuzztest/services/sandbox_manager/setpolicyasyncstub_fuzzer/BUILD.gn b/test/fuzztest/services/sandbox_manager/setpolicyasyncstub_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..2f246fe2dd1472598073a87e6a623dd260e7cf71 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/setpolicyasyncstub_fuzzer/BUILD.gn @@ -0,0 +1,48 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../sandbox_manager.gni") +import("../sandbox_manager_service_fuzz.gni") + +ohos_fuzztest("SetPolicyAsyncStubFuzzTest") { + module_out_path = module_output_path_interface_sandbox + fuzz_config_file = "." + + include_dirs = [ "../../../common" ] + include_dirs += sandbox_manager_include_dirs + + sources = [ "setpolicyasyncstub_fuzzer.cpp" ] + sources += sandbox_manager_sources + + deps = [] + deps += sandbox_manager_deps + + external_deps = [ + "access_token:libnativetoken", + "access_token:libtoken_setproc", + ] + external_deps += sandbox_manager_external_deps + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + configs = [ "${sandbox_manager_path}/config:coverage_flags" ] + + cflags_cc = [ "-DHILOG_ENABLE" ] +} diff --git a/test/fuzztest/services/sandbox_manager/setpolicyasyncstub_fuzzer/corpus/init b/test/fuzztest/services/sandbox_manager/setpolicyasyncstub_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..e7c3fecd8d4d4816e40088113a2316bb9eb2e13f --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/setpolicyasyncstub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/setpolicyasyncstub_fuzzer/project.xml b/test/fuzztest/services/sandbox_manager/setpolicyasyncstub_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..7133b2b92440904a5ed04b838733acea0f97486a --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/setpolicyasyncstub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/sandbox_manager/setpolicyasyncstub_fuzzer/setpolicyasyncstub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/setpolicyasyncstub_fuzzer/setpolicyasyncstub_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..b8b520b01b240ed271b261f1df43cb2ba9ab9d98 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/setpolicyasyncstub_fuzzer/setpolicyasyncstub_fuzzer.cpp @@ -0,0 +1,83 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "setpolicyasyncstub_fuzzer.h" + +#include +#include +#include +#include "alloc_token.h" +#include "fuzz_common.h" +#include "policy_info_vector_parcel.h" +#include "i_sandbox_manager.h" +#include "sandboxmanager_service_ipc_interface_code.h" +#include "sandbox_manager_service.h" + +using namespace OHOS::AccessControl::SandboxManager; + +namespace OHOS { + bool SetPolicyAsyncStub(const uint8_t *data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + + std::vector policyVec; + PolicyInfoRandomGenerator gen(data, size); + uint32_t tokenId = gen.GetData(); + uint64_t policyFlag = gen.GetData() % 2; // 2 is flag max + + gen.GeneratePolicyInfoVec(policyVec); + + MessageParcel datas; + if (!datas.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { + return false; + } + + if (!datas.WriteUint32(tokenId)) { + return false; + } + + PolicyInfoVectorParcel policyInfoParcel; + policyInfoParcel.policyVector = policyVec; + if (!datas.WriteParcelable(&policyInfoParcel)) { + return false; + } + + if (!datas.WriteUint64(policyFlag)) { + return false; + } + + uint32_t code = static_cast(SandboxManagerInterfaceCode::SET_POLICY_ASYNC); + MessageParcel reply; + MessageOption option; + + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + return true; + } + + bool SetPolicyAsyncStubFuzzTest(const uint8_t *data, size_t size) + { + return AllocTokenWithFuzz(data, size, SetPolicyAsyncStub); + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::SetPolicyAsyncStubFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/setpolicyasyncstub_fuzzer/setpolicyasyncstub_fuzzer.h b/test/fuzztest/services/sandbox_manager/setpolicyasyncstub_fuzzer/setpolicyasyncstub_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..d13022c31837085755c032b4f4225ef2df5ef7f8 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/setpolicyasyncstub_fuzzer/setpolicyasyncstub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_SETPOLICYASYNCSTUB_FUZZER_H +#define TEST_FUZZTEST_SETPOLICYASYNCSTUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "setpolicyasyncstub_fuzzer" + +#endif // TEST_FUZZTEST_SETPOLICYASYNCSTUB_FUZZER_H diff --git a/test/fuzztest/services/sandbox_manager/setpolicystub_fuzzer/BUILD.gn b/test/fuzztest/services/sandbox_manager/setpolicystub_fuzzer/BUILD.gn index 67a6f077605aa38995b3da230259dec871ef002a..312052efa71745b2daa6c801bdf6839f82e9ec8a 100644 --- a/test/fuzztest/services/sandbox_manager/setpolicystub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/sandbox_manager/setpolicystub_fuzzer/BUILD.gn @@ -23,10 +23,7 @@ ohos_fuzztest("SetPolicyStubFuzzTest") { include_dirs = [ "../../../common" ] include_dirs += sandbox_manager_include_dirs - sources = [ - "../../../common/alloc_token.cpp", - "setpolicystub_fuzzer.cpp", - ] + sources = [ "setpolicystub_fuzzer.cpp" ] sources += sandbox_manager_sources deps = [] diff --git a/test/fuzztest/services/sandbox_manager/setpolicystub_fuzzer/setpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/setpolicystub_fuzzer/setpolicystub_fuzzer.cpp index 4385b183f7e963337a20b3e21c04d430918f71d3..b2b63f10db7a501dd443ecf44cf53d139e669594 100644 --- a/test/fuzztest/services/sandbox_manager/setpolicystub_fuzzer/setpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/setpolicystub_fuzzer/setpolicystub_fuzzer.cpp @@ -19,6 +19,7 @@ #include #include #include "alloc_token.h" +#include "fuzz_common.h" #include "policy_info_vector_parcel.h" #include "i_sandbox_manager.h" #include "sandboxmanager_service_ipc_interface_code.h" @@ -34,14 +35,11 @@ namespace OHOS { } std::vector policyVec; - uint64_t tokenId = static_cast(size); - uint64_t policyFlag = static_cast(size); + PolicyInfoRandomGenerator gen(data, size); + uint32_t tokenId = gen.GetData(); + uint64_t policyFlag = gen.GetData() % 2; // 2 is flag max - PolicyInfo policy = { - .path = std::string(reinterpret_cast(data), size), - .mode = static_cast(size), - }; - policyVec.emplace_back(policy); + gen.GeneratePolicyInfoVec(policyVec); MessageParcel datas; if (!datas.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { diff --git a/test/fuzztest/services/sandbox_manager/startaccessingbytokenidstub_fuzzer/BUILD.gn b/test/fuzztest/services/sandbox_manager/startaccessingbytokenidstub_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..d21a8540508f0ac7e31e34a996e43c677268ae16 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/startaccessingbytokenidstub_fuzzer/BUILD.gn @@ -0,0 +1,48 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../sandbox_manager.gni") +import("../sandbox_manager_service_fuzz.gni") + +ohos_fuzztest("StartAccessingByTokenidStubFuzzTest") { + module_out_path = module_output_path_interface_sandbox + fuzz_config_file = "." + + include_dirs = [ "../../../common" ] + include_dirs += sandbox_manager_include_dirs + + sources = [ "startaccessingbytokenidstub_fuzzer.cpp" ] + sources += sandbox_manager_sources + + deps = [] + deps += sandbox_manager_deps + + external_deps = [ + "access_token:libnativetoken", + "access_token:libtoken_setproc", + ] + external_deps += sandbox_manager_external_deps + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + configs = [ "${sandbox_manager_path}/config:coverage_flags" ] + + cflags_cc = [ "-DHILOG_ENABLE" ] +} diff --git a/test/fuzztest/services/sandbox_manager/startaccessingbytokenidstub_fuzzer/corpus/init b/test/fuzztest/services/sandbox_manager/startaccessingbytokenidstub_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..e7c3fecd8d4d4816e40088113a2316bb9eb2e13f --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/startaccessingbytokenidstub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/startaccessingbytokenidstub_fuzzer/project.xml b/test/fuzztest/services/sandbox_manager/startaccessingbytokenidstub_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..7133b2b92440904a5ed04b838733acea0f97486a --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/startaccessingbytokenidstub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/sandbox_manager/startaccessingbytokenidstub_fuzzer/startaccessingbytokenidstub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/startaccessingbytokenidstub_fuzzer/startaccessingbytokenidstub_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..d22d2784ee2fe5d1e5915d03a8a6ed2bd2cf4f17 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/startaccessingbytokenidstub_fuzzer/startaccessingbytokenidstub_fuzzer.cpp @@ -0,0 +1,69 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "startaccessingbytokenidstub_fuzzer.h" + +#include +#include +#include +#include "alloc_token.h" +#include "fuzz_common.h" +#include "i_sandbox_manager.h" +#include "policy_info_vector_parcel.h" +#include "sandboxmanager_service_ipc_interface_code.h" +#include "sandbox_manager_service.h" + +using namespace OHOS::AccessControl::SandboxManager; + +namespace OHOS { +namespace { +const int32_t FOUNDATION_UID = 5523; +}; + + bool StartAccessingByTokenidStubFuzzTest(const uint8_t *data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + int32_t uid = getuid(); + setuid(FOUNDATION_UID); + PolicyInfoRandomGenerator gen(data, size); + uint32_t tokenid = gen.GetData(); + + MessageParcel datas; + if (!datas.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { + return false; + } + if (!datas.WriteUint32(tokenid)) { + return false; + } + + uint32_t code = static_cast(SandboxManagerInterfaceCode::START_ACCESSING_BY_TOKEN); + + MessageParcel reply; + MessageOption option; + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + setuid(uid); + return true; + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::StartAccessingByTokenidStubFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/startaccessingbytokenidstub_fuzzer/startaccessingbytokenidstub_fuzzer.h b/test/fuzztest/services/sandbox_manager/startaccessingbytokenidstub_fuzzer/startaccessingbytokenidstub_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..bd8f36e6d90226e68bbce27457d3023ca728eaed --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/startaccessingbytokenidstub_fuzzer/startaccessingbytokenidstub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_STARTACCESSINGBYTOKENIDSTUB_FUZZER_H +#define TEST_FUZZTEST_STARTACCESSINGBYTOKENIDSTUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "startaccessingbytokenidstub_fuzzer" + +#endif // TEST_FUZZTEST_STARTACCESSINGBYTOKENIDSTUB_FUZZER_H diff --git a/test/fuzztest/services/sandbox_manager/startaccessingpolicystub_fuzzer/BUILD.gn b/test/fuzztest/services/sandbox_manager/startaccessingpolicystub_fuzzer/BUILD.gn index a5f934aa5ad8e2bf153e3f7b5d2ac385a5e9836f..ef6cdf35cf8027c72fcd9a6db6d0fbd0d437809d 100644 --- a/test/fuzztest/services/sandbox_manager/startaccessingpolicystub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/sandbox_manager/startaccessingpolicystub_fuzzer/BUILD.gn @@ -23,10 +23,7 @@ ohos_fuzztest("StartAccessingPolicyStubFuzzTest") { include_dirs = [ "../../../common" ] include_dirs += sandbox_manager_include_dirs - sources = [ - "../../../common/alloc_token.cpp", - "startaccessingpolicystub_fuzzer.cpp", - ] + sources = [ "startaccessingpolicystub_fuzzer.cpp" ] sources += sandbox_manager_sources deps = [] diff --git a/test/fuzztest/services/sandbox_manager/startaccessingpolicystub_fuzzer/startaccessingpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/startaccessingpolicystub_fuzzer/startaccessingpolicystub_fuzzer.cpp index db2332f5925a09b9fcefc32ad022b48f05229289..1027177d5cae28e8e127a6b48ca82532cec32d12 100644 --- a/test/fuzztest/services/sandbox_manager/startaccessingpolicystub_fuzzer/startaccessingpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/startaccessingpolicystub_fuzzer/startaccessingpolicystub_fuzzer.cpp @@ -19,6 +19,7 @@ #include #include #include "alloc_token.h" +#include "fuzz_common.h" #include "i_sandbox_manager.h" #include "policy_info_vector_parcel.h" #include "sandboxmanager_service_ipc_interface_code.h" @@ -35,12 +36,8 @@ namespace OHOS { std::vector policyVec; std::vector result; - - PolicyInfo policy = { - .path = std::string(reinterpret_cast(data), size), - .mode = static_cast(size), - }; - policyVec.emplace_back(policy); + PolicyInfoRandomGenerator gen(data, size); + gen.GeneratePolicyInfoVec(policyVec); MessageParcel datas; if (!datas.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { diff --git a/test/fuzztest/services/sandbox_manager/stopaccessingpolicystub_fuzzer/BUILD.gn b/test/fuzztest/services/sandbox_manager/stopaccessingpolicystub_fuzzer/BUILD.gn index c7a5737a95766597e55f353a49ff8bbdfc9779c1..e466d31ce2193a6955828905d2f2e086c25b0a3d 100644 --- a/test/fuzztest/services/sandbox_manager/stopaccessingpolicystub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/sandbox_manager/stopaccessingpolicystub_fuzzer/BUILD.gn @@ -23,10 +23,7 @@ ohos_fuzztest("StopAccessingPolicyStubFuzzTest") { include_dirs = [ "../../../common" ] include_dirs += sandbox_manager_include_dirs - sources = [ - "../../../common/alloc_token.cpp", - "stopaccessingpolicystub_fuzzer.cpp", - ] + sources = [ "stopaccessingpolicystub_fuzzer.cpp" ] sources += sandbox_manager_sources deps = [] diff --git a/test/fuzztest/services/sandbox_manager/stopaccessingpolicystub_fuzzer/stopaccessingpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/stopaccessingpolicystub_fuzzer/stopaccessingpolicystub_fuzzer.cpp index 125b4fd6ea9108c90f7ffa3c035676b5c9069fee..86e1067f75ddfc94b52459fbf0c0d09f27e2359a 100644 --- a/test/fuzztest/services/sandbox_manager/stopaccessingpolicystub_fuzzer/stopaccessingpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/stopaccessingpolicystub_fuzzer/stopaccessingpolicystub_fuzzer.cpp @@ -19,6 +19,7 @@ #include #include #include "alloc_token.h" +#include "fuzz_common.h" #include "i_sandbox_manager.h" #include "policy_info_vector_parcel.h" #include "sandboxmanager_service_ipc_interface_code.h" @@ -35,12 +36,8 @@ namespace OHOS { std::vector policyVec; std::vector result; - - PolicyInfo policy = { - .path = std::string(reinterpret_cast(data), size), - .mode = static_cast(size), - }; - policyVec.emplace_back(policy); + PolicyInfoRandomGenerator gen(data, size); + gen.GeneratePolicyInfoVec(policyVec); MessageParcel datas; if (!datas.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { diff --git a/test/fuzztest/services/sandbox_manager/unpersistpolicystub_fuzzer/BUILD.gn b/test/fuzztest/services/sandbox_manager/unpersistpolicystub_fuzzer/BUILD.gn index 4e2f64195b9a102de33d549b1bf6d0c77a843de3..715ad694d698ac7fb73df3a08e0b6b84ad403eea 100644 --- a/test/fuzztest/services/sandbox_manager/unpersistpolicystub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/sandbox_manager/unpersistpolicystub_fuzzer/BUILD.gn @@ -23,10 +23,7 @@ ohos_fuzztest("UnPersistPolicyStubFuzzTest") { include_dirs = [ "../../../common" ] include_dirs += sandbox_manager_include_dirs - sources = [ - "../../../common/alloc_token.cpp", - "unpersistpolicystub_fuzzer.cpp", - ] + sources = [ "unpersistpolicystub_fuzzer.cpp" ] sources += sandbox_manager_sources deps = [] diff --git a/test/fuzztest/services/sandbox_manager/unpersistpolicystub_fuzzer/unpersistpolicystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/unpersistpolicystub_fuzzer/unpersistpolicystub_fuzzer.cpp index e08d44229327dbf3a109c21289f1e6f07bde0d13..d29dd44c994b6c83ce9d9820a91e64b64352841c 100644 --- a/test/fuzztest/services/sandbox_manager/unpersistpolicystub_fuzzer/unpersistpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/unpersistpolicystub_fuzzer/unpersistpolicystub_fuzzer.cpp @@ -19,6 +19,7 @@ #include #include #include "alloc_token.h" +#include "fuzz_common.h" #include "i_sandbox_manager.h" #include "policy_info_vector_parcel.h" #include "sandboxmanager_service_ipc_interface_code.h" @@ -35,12 +36,8 @@ namespace OHOS { std::vector policyVec; std::vector result; - - PolicyInfo policy = { - .path = std::string(reinterpret_cast(data), size), - .mode = static_cast(size), - }; - policyVec.emplace_back(policy); + PolicyInfoRandomGenerator gen(data, size); + gen.GeneratePolicyInfoVec(policyVec); MessageParcel datas; if (!datas.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { diff --git a/test/fuzztest/services/sandbox_manager/unpersistpolicytokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/sandbox_manager/unpersistpolicytokenstub_fuzzer/BUILD.gn index 0e56808dff39d383591e8fbe2e5227df1c4046d0..55eb83a80aff40bef3e008ed025c20eef9513a7d 100644 --- a/test/fuzztest/services/sandbox_manager/unpersistpolicytokenstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/sandbox_manager/unpersistpolicytokenstub_fuzzer/BUILD.gn @@ -23,10 +23,7 @@ ohos_fuzztest("UnpersistPolicyTokenStubFuzzTest") { include_dirs = [ "../../../common" ] include_dirs += sandbox_manager_include_dirs - sources = [ - "../../../common/alloc_token.cpp", - "unpersistpolicytokenstub_fuzzer.cpp", - ] + sources = [ "unpersistpolicytokenstub_fuzzer.cpp" ] sources += sandbox_manager_sources deps = [] diff --git a/test/fuzztest/services/sandbox_manager/unpersistpolicytokenstub_fuzzer/unpersistpolicytokenstub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/unpersistpolicytokenstub_fuzzer/unpersistpolicytokenstub_fuzzer.cpp index 63ef101edd298817c8c8046d7fe3ac5266621f58..fd8a6cbd919fe6f8dedb24b8fd426420f5700f68 100644 --- a/test/fuzztest/services/sandbox_manager/unpersistpolicytokenstub_fuzzer/unpersistpolicytokenstub_fuzzer.cpp +++ b/test/fuzztest/services/sandbox_manager/unpersistpolicytokenstub_fuzzer/unpersistpolicytokenstub_fuzzer.cpp @@ -19,6 +19,7 @@ #include #include #include "alloc_token.h" +#include "fuzz_common.h" #include "i_sandbox_manager.h" #include "policy_info_vector_parcel.h" #include "sandboxmanager_service_ipc_interface_code.h" @@ -35,20 +36,16 @@ namespace OHOS { std::vector policyVec; std::vector result; - uint64_t tokenId = static_cast(size); - - PolicyInfo policy = { - .path = std::string(reinterpret_cast(data), size), - .mode = static_cast(size), - }; - policyVec.emplace_back(policy); + PolicyInfoRandomGenerator gen(data, size); + uint32_t tokenId = gen.GetData(); + gen.GeneratePolicyInfoVec(policyVec); MessageParcel datas; if (!datas.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { return false; } - if (!datas.WriteUint64(tokenId)) { + if (!datas.WriteUint32(tokenId)) { return false; } diff --git a/test/fuzztest/services/sandbox_manager/unsetallpolicybytokenstub_fuzzer/BUILD.gn b/test/fuzztest/services/sandbox_manager/unsetallpolicybytokenstub_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..cd3d6068f5ffdf4cc178163db026c64677a7431b --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/unsetallpolicybytokenstub_fuzzer/BUILD.gn @@ -0,0 +1,48 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../sandbox_manager.gni") +import("../sandbox_manager_service_fuzz.gni") + +ohos_fuzztest("UnsetAllPolicyByTokenStubFuzzTest") { + module_out_path = module_output_path_interface_sandbox + fuzz_config_file = "." + + include_dirs = [ "../../../common" ] + include_dirs += sandbox_manager_include_dirs + + sources = [ "unsetallpolicybytokenstub_fuzzer.cpp" ] + sources += sandbox_manager_sources + + deps = [] + deps += sandbox_manager_deps + + external_deps = [ + "access_token:libnativetoken", + "access_token:libtoken_setproc", + ] + external_deps += sandbox_manager_external_deps + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + configs = [ "${sandbox_manager_path}/config:coverage_flags" ] + + cflags_cc = [ "-DHILOG_ENABLE" ] +} diff --git a/test/fuzztest/services/sandbox_manager/unsetallpolicybytokenstub_fuzzer/corpus/init b/test/fuzztest/services/sandbox_manager/unsetallpolicybytokenstub_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..e7c3fecd8d4d4816e40088113a2316bb9eb2e13f --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/unsetallpolicybytokenstub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/unsetallpolicybytokenstub_fuzzer/project.xml b/test/fuzztest/services/sandbox_manager/unsetallpolicybytokenstub_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..7133b2b92440904a5ed04b838733acea0f97486a --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/unsetallpolicybytokenstub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/sandbox_manager/unsetallpolicybytokenstub_fuzzer/unsetallpolicybytokenstub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/unsetallpolicybytokenstub_fuzzer/unsetallpolicybytokenstub_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..4bb290858d46a2529e1e96fba4b133e983c44135 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/unsetallpolicybytokenstub_fuzzer/unsetallpolicybytokenstub_fuzzer.cpp @@ -0,0 +1,67 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "unsetallpolicybytokenstub_fuzzer.h" + +#include +#include +#include +#include "alloc_token.h" +#include "fuzz_common.h" +#include "i_sandbox_manager.h" +#include "policy_info_vector_parcel.h" +#include "sandboxmanager_service_ipc_interface_code.h" +#include "sandbox_manager_service.h" + +using namespace OHOS::AccessControl::SandboxManager; + +namespace OHOS { + bool UnsetAllPolicyByTokenStub(const uint8_t *data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + PolicyInfoRandomGenerator gen(data, size); + uint32_t tokenid = gen.GetData(); + + MessageParcel datas; + if (!datas.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { + return false; + } + if (!datas.WriteUint32(tokenid)) { + return false; + } + + uint32_t code = static_cast(SandboxManagerInterfaceCode::UNSET_ALL_POLICY_BY_TOKEN); + + MessageParcel reply; + MessageOption option; + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + return true; + } + + bool UnsetAllPolicyByTokenFuzzTest(const uint8_t *data, size_t size) + { + return AllocTokenWithFuzz(data, size, UnsetAllPolicyByTokenStub); + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::UnsetAllPolicyByTokenFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/unsetallpolicybytokenstub_fuzzer/unsetallpolicybytokenstub_fuzzer.h b/test/fuzztest/services/sandbox_manager/unsetallpolicybytokenstub_fuzzer/unsetallpolicybytokenstub_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..52ca4b345bfd32c8e5c444316c1443f2d058e90d --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/unsetallpolicybytokenstub_fuzzer/unsetallpolicybytokenstub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_UNSETALLPOLICYBYTOKENSTUB_FUZZER_H +#define TEST_FUZZTEST_UNSETALLPOLICYBYTOKENSTUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "unsetallpolicybytokenstub_fuzzer" + +#endif // TEST_FUZZTEST_UNSETALLPOLICYBYTOKENSTUB_FUZZER_H diff --git a/test/fuzztest/services/sandbox_manager/unsetpolicyasyncstub_fuzzer/BUILD.gn b/test/fuzztest/services/sandbox_manager/unsetpolicyasyncstub_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..5f0bde5e1b2ca3cbdad4a811c208be61177bfff5 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/unsetpolicyasyncstub_fuzzer/BUILD.gn @@ -0,0 +1,48 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../sandbox_manager.gni") +import("../sandbox_manager_service_fuzz.gni") + +ohos_fuzztest("UnsetPolicyAsyncStubFuzzTest") { + module_out_path = module_output_path_interface_sandbox + fuzz_config_file = "." + + include_dirs = [ "../../../common" ] + include_dirs += sandbox_manager_include_dirs + + sources = [ "unsetpolicyasyncstub_fuzzer.cpp" ] + sources += sandbox_manager_sources + + deps = [] + deps += sandbox_manager_deps + + external_deps = [ + "access_token:libnativetoken", + "access_token:libtoken_setproc", + ] + external_deps += sandbox_manager_external_deps + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + configs = [ "${sandbox_manager_path}/config:coverage_flags" ] + + cflags_cc = [ "-DHILOG_ENABLE" ] +} diff --git a/test/fuzztest/services/sandbox_manager/unsetpolicyasyncstub_fuzzer/corpus/init b/test/fuzztest/services/sandbox_manager/unsetpolicyasyncstub_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..e7c3fecd8d4d4816e40088113a2316bb9eb2e13f --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/unsetpolicyasyncstub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/unsetpolicyasyncstub_fuzzer/project.xml b/test/fuzztest/services/sandbox_manager/unsetpolicyasyncstub_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..7133b2b92440904a5ed04b838733acea0f97486a --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/unsetpolicyasyncstub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/sandbox_manager/unsetpolicyasyncstub_fuzzer/unsetpolicyasyncstub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/unsetpolicyasyncstub_fuzzer/unsetpolicyasyncstub_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..231b33c3ae744dc06b16621f3b3e070c2f12deae --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/unsetpolicyasyncstub_fuzzer/unsetpolicyasyncstub_fuzzer.cpp @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "unsetpolicyasyncstub_fuzzer.h" + +#include +#include +#include +#include "alloc_token.h" +#include "fuzz_common.h" +#include "i_sandbox_manager.h" +#include "policy_info_parcel.h" +#include "sandboxmanager_service_ipc_interface_code.h" +#include "sandbox_manager_service.h" + +using namespace OHOS::AccessControl::SandboxManager; + +namespace OHOS { + bool UnsetPolicyAsyncStub(const uint8_t *data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + PolicyInfoRandomGenerator gen(data, size); + uint32_t tokenid = gen.GetData(); + + PolicyInfo policy; + gen.GeneratePolicyInfo(policy); + + MessageParcel datas; + if (!datas.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { + return false; + } + if (!datas.WriteUint32(tokenid)) { + return false; + } + PolicyInfoParcel policyInfoParcel; + policyInfoParcel.policyInfo = policy; + if (!datas.WriteParcelable(&policyInfoParcel)) { + return false; + } + + uint32_t code = static_cast(SandboxManagerInterfaceCode::UNSET_POLICY_ASYNC); + + MessageParcel reply; + MessageOption option; + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + return true; + } + + bool UnsetPolicyAsyncStubFuzzTest(const uint8_t *data, size_t size) + { + return AllocTokenWithFuzz(data, size, UnsetPolicyAsyncStub); + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::UnsetPolicyAsyncStubFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/unsetpolicyasyncstub_fuzzer/unsetpolicyasyncstub_fuzzer.h b/test/fuzztest/services/sandbox_manager/unsetpolicyasyncstub_fuzzer/unsetpolicyasyncstub_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..28d1cab5a74f6a750d109aa0c30a1d9369026e28 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/unsetpolicyasyncstub_fuzzer/unsetpolicyasyncstub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_UNSETPOLICYASYNCSTUB_FUZZER_H +#define TEST_FUZZTEST_UNSETPOLICYASYNCSTUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "unsetpolicyasyncstub_fuzzer" + +#endif // TEST_FUZZTEST_UNSETPOLICYASYNCSTUB_FUZZER_H diff --git a/test/fuzztest/services/sandbox_manager/unsetpolicystub_fuzzer/BUILD.gn b/test/fuzztest/services/sandbox_manager/unsetpolicystub_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..809637c8f6fb4bd5e502b4ab66ef542c82460100 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/unsetpolicystub_fuzzer/BUILD.gn @@ -0,0 +1,48 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../sandbox_manager.gni") +import("../sandbox_manager_service_fuzz.gni") + +ohos_fuzztest("UnsetPolicyStubFuzzTest") { + module_out_path = module_output_path_interface_sandbox + fuzz_config_file = "." + + include_dirs = [ "../../../common" ] + include_dirs += sandbox_manager_include_dirs + + sources = [ "unsetpolilcystub_fuzzer.cpp" ] + sources += sandbox_manager_sources + + deps = [] + deps += sandbox_manager_deps + + external_deps = [ + "access_token:libnativetoken", + "access_token:libtoken_setproc", + ] + external_deps += sandbox_manager_external_deps + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + configs = [ "${sandbox_manager_path}/config:coverage_flags" ] + + cflags_cc = [ "-DHILOG_ENABLE" ] +} diff --git a/test/fuzztest/services/sandbox_manager/unsetpolicystub_fuzzer/corpus/init b/test/fuzztest/services/sandbox_manager/unsetpolicystub_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..e7c3fecd8d4d4816e40088113a2316bb9eb2e13f --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/unsetpolicystub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/unsetpolicystub_fuzzer/project.xml b/test/fuzztest/services/sandbox_manager/unsetpolicystub_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..7133b2b92440904a5ed04b838733acea0f97486a --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/unsetpolicystub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/sandbox_manager/unsetpolicystub_fuzzer/unsetpolilcystub_fuzzer.cpp b/test/fuzztest/services/sandbox_manager/unsetpolicystub_fuzzer/unsetpolilcystub_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..529270157f9fcd88b61d39261e1d6dddfc5415d4 --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/unsetpolicystub_fuzzer/unsetpolilcystub_fuzzer.cpp @@ -0,0 +1,75 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "unsetpolilcystub_fuzzer.h" + +#include +#include +#include +#include "alloc_token.h" +#include "fuzz_common.h" +#include "i_sandbox_manager.h" +#include "policy_info_parcel.h" +#include "sandboxmanager_service_ipc_interface_code.h" +#include "sandbox_manager_service.h" + +using namespace OHOS::AccessControl::SandboxManager; + +namespace OHOS { + bool UnsetPolicyStub(const uint8_t *data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + PolicyInfoRandomGenerator gen(data, size); + uint32_t tokenid = gen.GetData(); + + PolicyInfo policy; + gen.GeneratePolicyInfo(policy); + + MessageParcel datas; + if (!datas.WriteInterfaceToken(ISandboxManager::GetDescriptor())) { + return false; + } + if (!datas.WriteUint32(tokenid)) { + return false; + } + PolicyInfoParcel policyInfoParcel; + policyInfoParcel.policyInfo = policy; + if (!datas.WriteParcelable(&policyInfoParcel)) { + return false; + } + + uint32_t code = static_cast(SandboxManagerInterfaceCode::UNSET_POLICY); + + MessageParcel reply; + MessageOption option; + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + return true; + } + + bool UnsetPolicyStubFuzzTest(const uint8_t *data, size_t size) + { + return AllocTokenWithFuzz(data, size, UnsetPolicyStub); + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::UnsetPolicyStubFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/services/sandbox_manager/unsetpolicystub_fuzzer/unsetpolilcystub_fuzzer.h b/test/fuzztest/services/sandbox_manager/unsetpolicystub_fuzzer/unsetpolilcystub_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..837bc0b527ed484b63f12f714aa12ec8f55e09aa --- /dev/null +++ b/test/fuzztest/services/sandbox_manager/unsetpolicystub_fuzzer/unsetpolilcystub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_UNSETPOLICYSTUB_FUZZER_H +#define TEST_FUZZTEST_UNSETPOLICYSTUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "unsetpolilcystub_fuzzer" + +#endif // TEST_FUZZTEST_UNSETPOLICYSTUB_FUZZER_H