From 79f44a344b78c9cff848593bd71c08138f330d92 Mon Sep 17 00:00:00 2001 From: wuliushuan Date: Tue, 23 Jul 2024 01:42:16 +0000 Subject: [PATCH] =?UTF-8?q?fuzz=E8=A1=A5=E5=85=85723?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wuliushuan Change-Id: I3054887d3ab387931732ac5fab18569a962e61a4 --- test/fuzztest/common/alloc_token.cpp | 27 -------- test/fuzztest/common/alloc_token.h | 1 - test/fuzztest/common/fuzz_common.cpp | 63 +++++++++++++++++++ test/fuzztest/common/fuzz_common.h | 58 +++++++++++++++++ .../innerkits/sandbox_manager/BUILD.gn | 7 +++ .../checkpersistpolicy_fuzzer/BUILD.gn | 11 +++- .../checkpersistpolicy_fuzzer.cpp | 17 +++-- .../checkpolicy_fuzzer/BUILD.gn | 45 +++++++++++++ .../checkpolicy_fuzzer/checkpolicy_fuzzer.cpp | 50 +++++++++++++++ .../checkpolicy_fuzzer/checkpolicy_fuzzer.h | 21 +++++++ .../checkpolicy_fuzzer/corpus/init | 14 +++++ .../checkpolicy_fuzzer/project.xml | 25 ++++++++ .../cleanpersistpolicybypath_fuzzer/BUILD.gn | 50 +++++++++++++++ .../cleanpersistpolicybypath_fuzzer.cpp | 59 +++++++++++++++++ .../cleanpersistpolicybypath_fuzzer.h | 21 +++++++ .../corpus/init | 14 +++++ .../project.xml | 25 ++++++++ .../persistpolicy_fuzzer/BUILD.gn | 1 + .../persistpolicy_fuzzer.cpp | 17 +++-- .../persistpolicytoken_fuzzer/BUILD.gn | 1 + .../persistpolicytoken_fuzzer.cpp | 18 +++--- .../sandbox_manager/setpolicy_fuzzer/BUILD.gn | 1 + .../setpolicy_fuzzer/setpolicy_fuzzer.cpp | 21 +++---- .../setpolicyasync_fuzzer/BUILD.gn | 49 +++++++++++++++ .../setpolicyasync_fuzzer/corpus/init | 14 +++++ .../setpolicyasync_fuzzer/project.xml | 25 ++++++++ .../setpolicyasync_fuzzer.cpp | 58 +++++++++++++++++ .../setpolicyasync_fuzzer.h | 21 +++++++ .../startaccessingbytokenid_fuzzer/BUILD.gn | 49 +++++++++++++++ .../corpus/init | 14 +++++ .../project.xml | 25 ++++++++ .../startaccessingbytokenid_fuzzer.cpp | 57 +++++++++++++++++ .../startaccessingbytokenid_fuzzer.h | 21 +++++++ .../startaccessingpolicy_fuzzer/BUILD.gn | 1 + .../startaccessingpolicy_fuzzer.cpp | 17 +++-- .../stopaccessingpolicy_fuzzer/BUILD.gn | 1 + .../stopaccessingpolicy_fuzzer.cpp | 20 +++--- .../unpersistpolicy_fuzzer/BUILD.gn | 1 + .../unpersistpolicy_fuzzer.cpp | 16 ++--- .../unpersistpolicytoken_fuzzer/BUILD.gn | 1 + .../unpersistpolicytoken_fuzzer.cpp | 20 +++--- .../unsetallpolicybytoken_fuzzer/BUILD.gn | 49 +++++++++++++++ .../unsetallpolicybytoken_fuzzer/corpus/init | 14 +++++ .../unsetallpolicybytoken_fuzzer/project.xml | 25 ++++++++ .../unsetallpolicybytoken_fuzzer.cpp | 55 ++++++++++++++++ .../unsetallpolicybytoken_fuzzer.h | 21 +++++++ .../unsetpolicy_fuzzer/BUILD.gn | 49 +++++++++++++++ .../unsetpolicy_fuzzer/corpus/init | 14 +++++ .../unsetpolicy_fuzzer/project.xml | 25 ++++++++ .../unsetpolilcy_fuzzer.cpp | 60 ++++++++++++++++++ .../unsetpolicy_fuzzer/unsetpolilcy_fuzzer.h | 21 +++++++ .../unsetpolicyasync_fuzzer/BUILD.gn | 49 +++++++++++++++ .../unsetpolicyasync_fuzzer/corpus/init | 14 +++++ .../unsetpolicyasync_fuzzer/project.xml | 25 ++++++++ .../unsetpolicyasync_fuzzer.cpp | 60 ++++++++++++++++++ .../unsetpolicyasync_fuzzer.h | 21 +++++++ 56 files changed, 1369 insertions(+), 110 deletions(-) create mode 100644 test/fuzztest/common/fuzz_common.cpp create mode 100644 test/fuzztest/common/fuzz_common.h create mode 100644 test/fuzztest/innerkits/sandbox_manager/checkpolicy_fuzzer/BUILD.gn create mode 100644 test/fuzztest/innerkits/sandbox_manager/checkpolicy_fuzzer/checkpolicy_fuzzer.cpp create mode 100644 test/fuzztest/innerkits/sandbox_manager/checkpolicy_fuzzer/checkpolicy_fuzzer.h create mode 100644 test/fuzztest/innerkits/sandbox_manager/checkpolicy_fuzzer/corpus/init create mode 100644 test/fuzztest/innerkits/sandbox_manager/checkpolicy_fuzzer/project.xml create mode 100644 test/fuzztest/innerkits/sandbox_manager/cleanpersistpolicybypath_fuzzer/BUILD.gn create mode 100644 test/fuzztest/innerkits/sandbox_manager/cleanpersistpolicybypath_fuzzer/cleanpersistpolicybypath_fuzzer.cpp create mode 100644 test/fuzztest/innerkits/sandbox_manager/cleanpersistpolicybypath_fuzzer/cleanpersistpolicybypath_fuzzer.h create mode 100644 test/fuzztest/innerkits/sandbox_manager/cleanpersistpolicybypath_fuzzer/corpus/init create mode 100644 test/fuzztest/innerkits/sandbox_manager/cleanpersistpolicybypath_fuzzer/project.xml create mode 100644 test/fuzztest/innerkits/sandbox_manager/setpolicyasync_fuzzer/BUILD.gn create mode 100644 test/fuzztest/innerkits/sandbox_manager/setpolicyasync_fuzzer/corpus/init create mode 100644 test/fuzztest/innerkits/sandbox_manager/setpolicyasync_fuzzer/project.xml create mode 100644 test/fuzztest/innerkits/sandbox_manager/setpolicyasync_fuzzer/setpolicyasync_fuzzer.cpp create mode 100644 test/fuzztest/innerkits/sandbox_manager/setpolicyasync_fuzzer/setpolicyasync_fuzzer.h create mode 100644 test/fuzztest/innerkits/sandbox_manager/startaccessingbytokenid_fuzzer/BUILD.gn create mode 100644 test/fuzztest/innerkits/sandbox_manager/startaccessingbytokenid_fuzzer/corpus/init create mode 100644 test/fuzztest/innerkits/sandbox_manager/startaccessingbytokenid_fuzzer/project.xml create mode 100644 test/fuzztest/innerkits/sandbox_manager/startaccessingbytokenid_fuzzer/startaccessingbytokenid_fuzzer.cpp create mode 100644 test/fuzztest/innerkits/sandbox_manager/startaccessingbytokenid_fuzzer/startaccessingbytokenid_fuzzer.h create mode 100644 test/fuzztest/innerkits/sandbox_manager/unsetallpolicybytoken_fuzzer/BUILD.gn create mode 100644 test/fuzztest/innerkits/sandbox_manager/unsetallpolicybytoken_fuzzer/corpus/init create mode 100644 test/fuzztest/innerkits/sandbox_manager/unsetallpolicybytoken_fuzzer/project.xml create mode 100644 test/fuzztest/innerkits/sandbox_manager/unsetallpolicybytoken_fuzzer/unsetallpolicybytoken_fuzzer.cpp create mode 100644 test/fuzztest/innerkits/sandbox_manager/unsetallpolicybytoken_fuzzer/unsetallpolicybytoken_fuzzer.h create mode 100644 test/fuzztest/innerkits/sandbox_manager/unsetpolicy_fuzzer/BUILD.gn create mode 100644 test/fuzztest/innerkits/sandbox_manager/unsetpolicy_fuzzer/corpus/init create mode 100644 test/fuzztest/innerkits/sandbox_manager/unsetpolicy_fuzzer/project.xml create mode 100644 test/fuzztest/innerkits/sandbox_manager/unsetpolicy_fuzzer/unsetpolilcy_fuzzer.cpp create mode 100644 test/fuzztest/innerkits/sandbox_manager/unsetpolicy_fuzzer/unsetpolilcy_fuzzer.h create mode 100644 test/fuzztest/innerkits/sandbox_manager/unsetpolicyasync_fuzzer/BUILD.gn create mode 100644 test/fuzztest/innerkits/sandbox_manager/unsetpolicyasync_fuzzer/corpus/init create mode 100644 test/fuzztest/innerkits/sandbox_manager/unsetpolicyasync_fuzzer/project.xml create mode 100644 test/fuzztest/innerkits/sandbox_manager/unsetpolicyasync_fuzzer/unsetpolicyasync_fuzzer.cpp create mode 100644 test/fuzztest/innerkits/sandbox_manager/unsetpolicyasync_fuzzer/unsetpolicyasync_fuzzer.h diff --git a/test/fuzztest/common/alloc_token.cpp b/test/fuzztest/common/alloc_token.cpp index 8a85484..0112c52 100644 --- a/test/fuzztest/common/alloc_token.cpp +++ b/test/fuzztest/common/alloc_token.cpp @@ -63,35 +63,8 @@ namespace OHOS { return ret; } - void NativeTokenGet() - { - uint64_t fullTokenId; - const char **perms = new const char *[1]; - perms[0] = "ohos.permission.DISTRIBUTED_DATASYNC"; - - NativeTokenInfoParams infoInstance = { - .dcapsNum = 0, - .permsNum = 1, - .aclsNum = 0, - .dcaps = nullptr, - .perms = perms, - .acls = nullptr, - .aplStr = "system_core", - }; - - infoInstance.processName = "TestCase"; - fullTokenId = GetAccessTokenId(&infoInstance); - SetSelfTokenID(fullTokenId); - Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); - delete[] perms; - } - void AllocToken() { - NativeTokenGet(); - Security::AccessToken::AccessTokenID tokenID = - Security::AccessToken::AccessTokenKit::GetNativeTokenId("foundation"); - SetSelfTokenID(tokenID); Security::AccessToken::AccessTokenIDEx tokenIdEx = {0}; tokenIdEx = Security::AccessToken::AccessTokenKit::AllocHapToken(g_testInfoParms, g_testPolicyPrams); g_mockToken = tokenIdEx.tokenIdExStruct.tokenID; diff --git a/test/fuzztest/common/alloc_token.h b/test/fuzztest/common/alloc_token.h index be6417b..c6de793 100644 --- a/test/fuzztest/common/alloc_token.h +++ b/test/fuzztest/common/alloc_token.h @@ -20,7 +20,6 @@ namespace OHOS { bool AllocTokenWithFuzz(const uint8_t *data, size_t size, bool(*func)(const uint8_t *, size_t)); -void NativeTokenGet(); void AllocToken(); void DeleteToken(); } // OHOS diff --git a/test/fuzztest/common/fuzz_common.cpp b/test/fuzztest/common/fuzz_common.cpp new file mode 100644 index 0000000..ce836c8 --- /dev/null +++ b/test/fuzztest/common/fuzz_common.cpp @@ -0,0 +1,63 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "fuzz_common.h" + +namespace OHOS { +namespace AccessControl { +namespace SandboxManager { +namespace { +const uint32_t POLICY_PATH_LIMIT = 4095; +const uint64_t POLICY_VECTOR_SIZE_LIMIT = 50; +}; +void PolicyInfoRandomGenerator::GeneratePolicyInfo(PolicyInfo &policyInfo) +{ + policyInfo.mode = GetData() % 3 + 1; // 3 is RW + GenerateString(policyInfo.path); +} + +void PolicyInfoRandomGenerator::GeneratePolicyInfoVec(std::vector &policyInfoVec) +{ + uint32_t size = GetData() % POLICY_VECTOR_SIZE_LIMIT; + policyInfoVec.clear(); + for (uint32_t i = 0; i < size; ++i) { + PolicyInfo policyInfo; + GeneratePolicyInfo(policyInfo); + policyInfoVec.push_back(policyInfo); + } +} + +void PolicyInfoRandomGenerator::GenerateString(std::string &str) +{ + uint32_t length = GetData() % POLICY_PATH_LIMIT; + str = "/"; + for (uint32_t i = 1; i < length; ++i) { + str += GetData(); + } +} + +void PolicyInfoRandomGenerator::GenerateStringVec(std::vector &strVec) +{ + uint32_t size = GetData() % POLICY_VECTOR_SIZE_LIMIT; + strVec.clear(); + for (uint32_t i = 0; i < size; ++i) { + std::string str; + GenerateString(str); + strVec.push_back(str); + } +} +} +} +} \ No newline at end of file diff --git a/test/fuzztest/common/fuzz_common.h b/test/fuzztest/common/fuzz_common.h new file mode 100644 index 0000000..0e7d796 --- /dev/null +++ b/test/fuzztest/common/fuzz_common.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ACCESSCONTROL_SANDBOX_MANAGER_FUZZ_COMMON +#define ACCESSCONTROL_SANDBOX_MANAGER_FUZZ_COMMON +#include +#include "policy_info.h" +#include "securec.h" + +namespace OHOS { +namespace AccessControl { +namespace SandboxManager { +class PolicyInfoRandomGenerator { +public: + PolicyInfoRandomGenerator(const uint8_t *data, const size_t size) + : data_(data), dataLenth_(size) + {} + template T GetData() + { + T object{}; + size_t objectSize = sizeof(object); + if (data_ == nullptr || objectSize > dataLenth_ - basePos) { + basePos = 0; // reset read point + return object; // return empty obj + } + errno_t ret = memcpy_s(&object, objectSize, data_ + basePos, objectSize); + if (ret != EOK) { + return {}; + } + basePos += objectSize; + return object; + } + + void GeneratePolicyInfo(PolicyInfo &policyInfo); + void GeneratePolicyInfoVec(std::vector &policyInfoVec); + void GenerateString(std::string &str); + void GenerateStringVec(std::vector &strVec); +private: + const uint8_t *data_; + const size_t dataLenth_; + size_t basePos = 0; +}; +} +} +} +#endif \ No newline at end of file diff --git a/test/fuzztest/innerkits/sandbox_manager/BUILD.gn b/test/fuzztest/innerkits/sandbox_manager/BUILD.gn index d94fcb6..87f71d6 100644 --- a/test/fuzztest/innerkits/sandbox_manager/BUILD.gn +++ b/test/fuzztest/innerkits/sandbox_manager/BUILD.gn @@ -20,12 +20,19 @@ group("fuzztest") { deps += [ # deps file "checkpersistpolicy_fuzzer:CheckPersistPolicyFuzzTest", + "checkpolicy_fuzzer:CheckPolicyFuzzTest", + "cleanpersistpolicybypath_fuzzer:CleanPersistPolicyByPathFuzzTest", "persistpolicy_fuzzer:PersistPolicyFuzzTest", "persistpolicytoken_fuzzer:PersistPolicyTokenFuzzTest", "setpolicy_fuzzer:SetPolicyFuzzTest", + "setpolicyasync_fuzzer:SetPolicyAsyncFuzzTest", + "startaccessingbytokenid_fuzzer:StartAccessingByTokenIdFuzzTest", "startaccessingpolicy_fuzzer:StartAccessingPolicyFuzzTest", "stopaccessingpolicy_fuzzer:StopAccessingPolicyFuzzTest", "unpersistpolicy_fuzzer:UnPersistPolicyFuzzTest", "unpersistpolicytoken_fuzzer:UnpersistPolicyTokenFuzzTest", + "unsetallpolicybytoken_fuzzer:UnsetAllPolicyByTokenFuzzTest", + "unsetpolicy_fuzzer:UnsetPolicyFuzzTest", + "unsetpolicyasync_fuzzer:UnsetPolicyAsyncFuzzTest", ] } diff --git a/test/fuzztest/innerkits/sandbox_manager/checkpersistpolicy_fuzzer/BUILD.gn b/test/fuzztest/innerkits/sandbox_manager/checkpersistpolicy_fuzzer/BUILD.gn index fae27a3..b414d1f 100644 --- a/test/fuzztest/innerkits/sandbox_manager/checkpersistpolicy_fuzzer/BUILD.gn +++ b/test/fuzztest/innerkits/sandbox_manager/checkpersistpolicy_fuzzer/BUILD.gn @@ -19,15 +19,20 @@ ohos_fuzztest("CheckPersistPolicyFuzzTest") { module_out_path = module_output_path_interface_sandbox fuzz_config_file = "." - include_dirs = - [ "${sandbox_manager_path}/interfaces/innerkits/sandbox_manager/include" ] + include_dirs = [ + "${sandbox_manager_path}/interfaces/innerkits/sandbox_manager/include", + "../../../common", + ] cflags = [ "-g", "-O0", "-Wno-unused-variable", "-fno-omit-frame-pointer", ] - sources = [ "checkpersistpolicy_fuzzer.cpp" ] + sources = [ + "../../../common/fuzz_common.cpp", + "checkpersistpolicy_fuzzer.cpp", + ] deps = [ "${sandbox_manager_path}/interfaces/innerkits/sandbox_manager:libsandbox_manager_sdk" ] diff --git a/test/fuzztest/innerkits/sandbox_manager/checkpersistpolicy_fuzzer/checkpersistpolicy_fuzzer.cpp b/test/fuzztest/innerkits/sandbox_manager/checkpersistpolicy_fuzzer/checkpersistpolicy_fuzzer.cpp index 41a9409..586d711 100644 --- a/test/fuzztest/innerkits/sandbox_manager/checkpersistpolicy_fuzzer/checkpersistpolicy_fuzzer.cpp +++ b/test/fuzztest/innerkits/sandbox_manager/checkpersistpolicy_fuzzer/checkpersistpolicy_fuzzer.cpp @@ -18,6 +18,7 @@ #include #include #include +#include "fuzz_common.h" #include "sandbox_manager_err_code.h" #include "sandbox_manager_kit.h" @@ -32,16 +33,12 @@ namespace OHOS { std::vector policyVec; std::vector result; - uint64_t tokenId = static_cast(size); - - PolicyInfo policy = { - .path = std::string(reinterpret_cast(data), size), - .mode = static_cast(size), - }; - policyVec.emplace_back(policy); - - int32_t ret = SandboxManagerKit::CheckPersistPolicy(tokenId, policyVec, result); - return ret == SandboxManagerErrCode::SANDBOX_MANAGER_OK; + PolicyInfoRandomGenerator gen(data, size); + uint32_t tokenId = gen.GetData(); + gen.GeneratePolicyInfoVec(policyVec); + + SandboxManagerKit::CheckPersistPolicy(tokenId, policyVec, result); + return true; } } diff --git a/test/fuzztest/innerkits/sandbox_manager/checkpolicy_fuzzer/BUILD.gn b/test/fuzztest/innerkits/sandbox_manager/checkpolicy_fuzzer/BUILD.gn new file mode 100644 index 0000000..8e107a4 --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/checkpolicy_fuzzer/BUILD.gn @@ -0,0 +1,45 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../sandbox_manager.gni") + +ohos_fuzztest("CheckPolicyFuzzTest") { + module_out_path = module_output_path_interface_sandbox + fuzz_config_file = "." + + include_dirs = [ + "${sandbox_manager_path}/interfaces/innerkits/sandbox_manager/include", + "../../../common", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ + "../../../common/fuzz_common.cpp", + "checkpolicy_fuzzer.cpp", + ] + + deps = [ "${sandbox_manager_path}/interfaces/innerkits/sandbox_manager:libsandbox_manager_sdk" ] + + configs = [ "${sandbox_manager_path}/config:coverage_flags" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/innerkits/sandbox_manager/checkpolicy_fuzzer/checkpolicy_fuzzer.cpp b/test/fuzztest/innerkits/sandbox_manager/checkpolicy_fuzzer/checkpolicy_fuzzer.cpp new file mode 100644 index 0000000..085e138 --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/checkpolicy_fuzzer/checkpolicy_fuzzer.cpp @@ -0,0 +1,50 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "checkpolicy_fuzzer.h" + +#include +#include +#include +#include "fuzz_common.h" +#include "sandbox_manager_kit.h" + +using namespace OHOS::AccessControl::SandboxManager; + +namespace OHOS { + bool CheckPersistPolicyFuzzTest(const uint8_t *data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + + std::vector policyVec; + std::vector result; + PolicyInfoRandomGenerator gen(data, size); + uint32_t tokenId = gen.GetData(); + gen.GeneratePolicyInfoVec(policyVec); + + SandboxManagerKit::CheckPolicy(tokenId, policyVec, result); + return true; + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::CheckPersistPolicyFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/innerkits/sandbox_manager/checkpolicy_fuzzer/checkpolicy_fuzzer.h b/test/fuzztest/innerkits/sandbox_manager/checkpolicy_fuzzer/checkpolicy_fuzzer.h new file mode 100644 index 0000000..68f6700 --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/checkpolicy_fuzzer/checkpolicy_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_CHECKPOLICY_FUZZER_H +#define TEST_FUZZTEST_CHECKPOLICY_FUZZER_H + +#define FUZZ_PROJECT_NAME "checkpolicy_fuzzer" + +#endif // TEST_FUZZTEST_CHECKPOLICY_FUZZER_H diff --git a/test/fuzztest/innerkits/sandbox_manager/checkpolicy_fuzzer/corpus/init b/test/fuzztest/innerkits/sandbox_manager/checkpolicy_fuzzer/corpus/init new file mode 100644 index 0000000..e7c3fec --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/checkpolicy_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/innerkits/sandbox_manager/checkpolicy_fuzzer/project.xml b/test/fuzztest/innerkits/sandbox_manager/checkpolicy_fuzzer/project.xml new file mode 100644 index 0000000..7133b2b --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/checkpolicy_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/innerkits/sandbox_manager/cleanpersistpolicybypath_fuzzer/BUILD.gn b/test/fuzztest/innerkits/sandbox_manager/cleanpersistpolicybypath_fuzzer/BUILD.gn new file mode 100644 index 0000000..752c891 --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/cleanpersistpolicybypath_fuzzer/BUILD.gn @@ -0,0 +1,50 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../sandbox_manager.gni") + +ohos_fuzztest("CleanPersistPolicyByPathFuzzTest") { + module_out_path = module_output_path_interface_sandbox + fuzz_config_file = "." + + include_dirs = [ + "${sandbox_manager_path}/interfaces/innerkits/sandbox_manager/include", + "../../../common", + ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ + "../../../common/alloc_token.cpp", + "../../../common/fuzz_common.cpp", + "cleanpersistpolicybypath_fuzzer.cpp", + ] + + deps = [ "${sandbox_manager_path}/interfaces/innerkits/sandbox_manager:libsandbox_manager_sdk" ] + + configs = [ "${sandbox_manager_path}/config:coverage_flags" ] + + external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/innerkits/sandbox_manager/cleanpersistpolicybypath_fuzzer/cleanpersistpolicybypath_fuzzer.cpp b/test/fuzztest/innerkits/sandbox_manager/cleanpersistpolicybypath_fuzzer/cleanpersistpolicybypath_fuzzer.cpp new file mode 100644 index 0000000..2921fa3 --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/cleanpersistpolicybypath_fuzzer/cleanpersistpolicybypath_fuzzer.cpp @@ -0,0 +1,59 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "cleanpersistpolicybypath_fuzzer.h" + +#include +#include +#include +#include "accesstoken_kit.h" +#include "fuzz_common.h" +#include "sandbox_manager_kit.h" +#include "token_setproc.h" + +using namespace OHOS::AccessControl::SandboxManager; + +namespace OHOS { +namespace { +static uint32_t SELF_TOKEN = 0; +static uint32_t FILE_MANAGER_TOKEN = 0; +}; + bool CheckPersistPolicyFuzzTest(const uint8_t *data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + FILE_MANAGER_TOKEN = Security::AccessToken::AccessTokenKit::GetNativeTokenId( + "file_manager_service"); + SELF_TOKEN = GetSelfTokenID(); + SetSelfTokenID(FILE_MANAGER_TOKEN); + + std::vector pathList; + PolicyInfoRandomGenerator gen(data, size); + gen.GenerateStringVec(pathList); + + SandboxManagerKit::CleanPersistPolicyByPath(pathList); + SetSelfTokenID(SELF_TOKEN); + return true; + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::CheckPersistPolicyFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/innerkits/sandbox_manager/cleanpersistpolicybypath_fuzzer/cleanpersistpolicybypath_fuzzer.h b/test/fuzztest/innerkits/sandbox_manager/cleanpersistpolicybypath_fuzzer/cleanpersistpolicybypath_fuzzer.h new file mode 100644 index 0000000..fc212f8 --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/cleanpersistpolicybypath_fuzzer/cleanpersistpolicybypath_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_CLEANPERSISTPOLICYBYPATH_FUZZER_H +#define TEST_FUZZTEST_CLEANPERSISTPOLICYBYPATH_FUZZER_H + +#define FUZZ_PROJECT_NAME "cleanpersistpolicybypath_fuzzer" + +#endif // TEST_FUZZTEST_CLEANPERSISTPOLICYBYPATH_FUZZER_H diff --git a/test/fuzztest/innerkits/sandbox_manager/cleanpersistpolicybypath_fuzzer/corpus/init b/test/fuzztest/innerkits/sandbox_manager/cleanpersistpolicybypath_fuzzer/corpus/init new file mode 100644 index 0000000..e7c3fec --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/cleanpersistpolicybypath_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/innerkits/sandbox_manager/cleanpersistpolicybypath_fuzzer/project.xml b/test/fuzztest/innerkits/sandbox_manager/cleanpersistpolicybypath_fuzzer/project.xml new file mode 100644 index 0000000..7133b2b --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/cleanpersistpolicybypath_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/innerkits/sandbox_manager/persistpolicy_fuzzer/BUILD.gn b/test/fuzztest/innerkits/sandbox_manager/persistpolicy_fuzzer/BUILD.gn index 224a723..9ee3909 100644 --- a/test/fuzztest/innerkits/sandbox_manager/persistpolicy_fuzzer/BUILD.gn +++ b/test/fuzztest/innerkits/sandbox_manager/persistpolicy_fuzzer/BUILD.gn @@ -31,6 +31,7 @@ ohos_fuzztest("PersistPolicyFuzzTest") { ] sources = [ "../../../common/alloc_token.cpp", + "../../../common/fuzz_common.cpp", "persistpolicy_fuzzer.cpp", ] diff --git a/test/fuzztest/innerkits/sandbox_manager/persistpolicy_fuzzer/persistpolicy_fuzzer.cpp b/test/fuzztest/innerkits/sandbox_manager/persistpolicy_fuzzer/persistpolicy_fuzzer.cpp index a5fbfae..9470c37 100644 --- a/test/fuzztest/innerkits/sandbox_manager/persistpolicy_fuzzer/persistpolicy_fuzzer.cpp +++ b/test/fuzztest/innerkits/sandbox_manager/persistpolicy_fuzzer/persistpolicy_fuzzer.cpp @@ -19,8 +19,9 @@ #include #include #include "alloc_token.h" -#include "sandbox_manager_err_code.h" +#include "fuzz_common.h" #include "sandbox_manager_kit.h" +#include "token_setproc.h" using namespace OHOS::AccessControl::SandboxManager; @@ -33,16 +34,12 @@ namespace OHOS { std::vector policyVec; std::vector result; + PolicyInfoRandomGenerator gen(data, size); + gen.GeneratePolicyInfoVec(policyVec); - PolicyInfo policy = { - .path = std::string(reinterpret_cast(data), size), - .mode = static_cast(size), - }; - - policyVec.emplace_back(policy); - - int32_t ret = SandboxManagerKit::PersistPolicy(policyVec, result); - return ret == SandboxManagerErrCode::SANDBOX_MANAGER_OK; + SandboxManagerKit::SetPolicy(GetSelfTokenID(), policyVec, 1, result); + SandboxManagerKit::PersistPolicy(policyVec, result); + return true; } bool PersistPolicyFuzzTest(const uint8_t *data, size_t size) diff --git a/test/fuzztest/innerkits/sandbox_manager/persistpolicytoken_fuzzer/BUILD.gn b/test/fuzztest/innerkits/sandbox_manager/persistpolicytoken_fuzzer/BUILD.gn index 11680a8..9f3efa2 100644 --- a/test/fuzztest/innerkits/sandbox_manager/persistpolicytoken_fuzzer/BUILD.gn +++ b/test/fuzztest/innerkits/sandbox_manager/persistpolicytoken_fuzzer/BUILD.gn @@ -31,6 +31,7 @@ ohos_fuzztest("PersistPolicyTokenFuzzTest") { ] sources = [ "../../../common/alloc_token.cpp", + "../../../common/fuzz_common.cpp", "persistpolicytoken_fuzzer.cpp", ] diff --git a/test/fuzztest/innerkits/sandbox_manager/persistpolicytoken_fuzzer/persistpolicytoken_fuzzer.cpp b/test/fuzztest/innerkits/sandbox_manager/persistpolicytoken_fuzzer/persistpolicytoken_fuzzer.cpp index 0748714..23a0c3c 100644 --- a/test/fuzztest/innerkits/sandbox_manager/persistpolicytoken_fuzzer/persistpolicytoken_fuzzer.cpp +++ b/test/fuzztest/innerkits/sandbox_manager/persistpolicytoken_fuzzer/persistpolicytoken_fuzzer.cpp @@ -19,8 +19,9 @@ #include #include #include "alloc_token.h" -#include "sandbox_manager_err_code.h" +#include "fuzz_common.h" #include "sandbox_manager_kit.h" +#include "token_setproc.h" using namespace OHOS::AccessControl::SandboxManager; @@ -33,16 +34,13 @@ namespace OHOS { std::vector policyVec; std::vector result; - uint64_t tokenId = static_cast(size); + PolicyInfoRandomGenerator gen(data, size); + gen.GeneratePolicyInfoVec(policyVec); + uint32_t tokenId = gen.GetData(); - PolicyInfo policy = { - .path = std::string(reinterpret_cast(data), size), - .mode = static_cast(size), - }; - policyVec.emplace_back(policy); - - int32_t ret = SandboxManagerKit::PersistPolicy(tokenId, policyVec, result); - return ret == SandboxManagerErrCode::SANDBOX_MANAGER_OK; + SandboxManagerKit::SetPolicy(tokenId, policyVec, 1, result); + SandboxManagerKit::PersistPolicy(tokenId, policyVec, result); + return true; } bool PersistPolicyTokenFuzzTest(const uint8_t *data, size_t size) diff --git a/test/fuzztest/innerkits/sandbox_manager/setpolicy_fuzzer/BUILD.gn b/test/fuzztest/innerkits/sandbox_manager/setpolicy_fuzzer/BUILD.gn index b8affd7..9219584 100644 --- a/test/fuzztest/innerkits/sandbox_manager/setpolicy_fuzzer/BUILD.gn +++ b/test/fuzztest/innerkits/sandbox_manager/setpolicy_fuzzer/BUILD.gn @@ -31,6 +31,7 @@ ohos_fuzztest("SetPolicyFuzzTest") { ] sources = [ "../../../common/alloc_token.cpp", + "../../../common/fuzz_common.cpp", "setpolicy_fuzzer.cpp", ] diff --git a/test/fuzztest/innerkits/sandbox_manager/setpolicy_fuzzer/setpolicy_fuzzer.cpp b/test/fuzztest/innerkits/sandbox_manager/setpolicy_fuzzer/setpolicy_fuzzer.cpp index 474d386..efb73fc 100644 --- a/test/fuzztest/innerkits/sandbox_manager/setpolicy_fuzzer/setpolicy_fuzzer.cpp +++ b/test/fuzztest/innerkits/sandbox_manager/setpolicy_fuzzer/setpolicy_fuzzer.cpp @@ -19,8 +19,9 @@ #include #include #include "alloc_token.h" -#include "sandbox_manager_err_code.h" +#include "fuzz_common.h" #include "sandbox_manager_kit.h" +#include "token_setproc.h" using namespace OHOS::AccessControl::SandboxManager; @@ -32,18 +33,16 @@ namespace OHOS { } std::vector policyVec; - uint32_t tokenId = static_cast(size); - uint64_t policyFlag = static_cast(size); - - PolicyInfo policy = { - .path = std::string(reinterpret_cast(data), size), - .mode = static_cast(size), - }; - policyVec.emplace_back(policy); + PolicyInfoRandomGenerator gen(data, size); + uint32_t tokenId = gen.GetData(); + // flag is between 0-1 + uint64_t policyFlag = gen.GetData() % 3; + gen.GeneratePolicyInfoVec(policyVec); + std::vector result; - int32_t ret = SandboxManagerKit::SetPolicy(tokenId, policyVec, policyFlag, result); - return ret == SandboxManagerErrCode::SANDBOX_MANAGER_OK; + SandboxManagerKit::SetPolicy(tokenId, policyVec, policyFlag, result); + return true; } bool SetPolicyFuzzTest(const uint8_t *data, size_t size) diff --git a/test/fuzztest/innerkits/sandbox_manager/setpolicyasync_fuzzer/BUILD.gn b/test/fuzztest/innerkits/sandbox_manager/setpolicyasync_fuzzer/BUILD.gn new file mode 100644 index 0000000..3ced07c --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/setpolicyasync_fuzzer/BUILD.gn @@ -0,0 +1,49 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../sandbox_manager.gni") + +ohos_fuzztest("SetPolicyAsyncFuzzTest") { + module_out_path = module_output_path_interface_sandbox + fuzz_config_file = "." + + include_dirs = [ + "${sandbox_manager_path}/interfaces/innerkits/sandbox_manager/include", + "../../../common", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ + "../../../common/alloc_token.cpp", + "../../../common/fuzz_common.cpp", + "setpolicyasync_fuzzer.cpp", + ] + + deps = [ "${sandbox_manager_path}/interfaces/innerkits/sandbox_manager:libsandbox_manager_sdk" ] + + configs = [ "${sandbox_manager_path}/config:coverage_flags" ] + + external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/innerkits/sandbox_manager/setpolicyasync_fuzzer/corpus/init b/test/fuzztest/innerkits/sandbox_manager/setpolicyasync_fuzzer/corpus/init new file mode 100644 index 0000000..e7c3fec --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/setpolicyasync_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/innerkits/sandbox_manager/setpolicyasync_fuzzer/project.xml b/test/fuzztest/innerkits/sandbox_manager/setpolicyasync_fuzzer/project.xml new file mode 100644 index 0000000..7133b2b --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/setpolicyasync_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/innerkits/sandbox_manager/setpolicyasync_fuzzer/setpolicyasync_fuzzer.cpp b/test/fuzztest/innerkits/sandbox_manager/setpolicyasync_fuzzer/setpolicyasync_fuzzer.cpp new file mode 100644 index 0000000..28d65a5 --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/setpolicyasync_fuzzer/setpolicyasync_fuzzer.cpp @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "setpolicyasync_fuzzer.h" + +#include +#include +#include +#include "alloc_token.h" +#include "fuzz_common.h" +#include "sandbox_manager_kit.h" +#include "token_setproc.h" + +using namespace OHOS::AccessControl::SandboxManager; + +namespace OHOS { + bool SetPolicyAsync(const uint8_t *data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + + std::vector policyVec; + PolicyInfoRandomGenerator gen(data, size); + uint32_t tokenId = gen.GetData(); + // flag is between 0-1 + uint64_t policyFlag = gen.GetData() % 3; + gen.GeneratePolicyInfoVec(policyVec); + + SandboxManagerKit::SetPolicyAsync(tokenId, policyVec, policyFlag); + return true; + } + + bool SetPolicyAsyncFuzzTest(const uint8_t *data, size_t size) + { + return AllocTokenWithFuzz(data, size, SetPolicyAsync); + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::SetPolicyAsyncFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/innerkits/sandbox_manager/setpolicyasync_fuzzer/setpolicyasync_fuzzer.h b/test/fuzztest/innerkits/sandbox_manager/setpolicyasync_fuzzer/setpolicyasync_fuzzer.h new file mode 100644 index 0000000..3ddc18c --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/setpolicyasync_fuzzer/setpolicyasync_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_SETPOLICYASYNC_FUZZER_H +#define TEST_FUZZTEST_SETPOLICYASYNC_FUZZER_H + +#define FUZZ_PROJECT_NAME "setpolicyasync_fuzzer" + +#endif // TEST_FUZZTEST_SETPOLICYASYNC_FUZZER_H diff --git a/test/fuzztest/innerkits/sandbox_manager/startaccessingbytokenid_fuzzer/BUILD.gn b/test/fuzztest/innerkits/sandbox_manager/startaccessingbytokenid_fuzzer/BUILD.gn new file mode 100644 index 0000000..2aff088 --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/startaccessingbytokenid_fuzzer/BUILD.gn @@ -0,0 +1,49 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../sandbox_manager.gni") + +ohos_fuzztest("StartAccessingByTokenIdFuzzTest") { + module_out_path = module_output_path_interface_sandbox + fuzz_config_file = "." + + include_dirs = [ + "${sandbox_manager_path}/interfaces/innerkits/sandbox_manager/include", + "../../../common", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ + "../../../common/alloc_token.cpp", + "../../../common/fuzz_common.cpp", + "startaccessingbytokenid_fuzzer.cpp", + ] + + deps = [ "${sandbox_manager_path}/interfaces/innerkits/sandbox_manager:libsandbox_manager_sdk" ] + + configs = [ "${sandbox_manager_path}/config:coverage_flags" ] + + external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/innerkits/sandbox_manager/startaccessingbytokenid_fuzzer/corpus/init b/test/fuzztest/innerkits/sandbox_manager/startaccessingbytokenid_fuzzer/corpus/init new file mode 100644 index 0000000..e7c3fec --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/startaccessingbytokenid_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/innerkits/sandbox_manager/startaccessingbytokenid_fuzzer/project.xml b/test/fuzztest/innerkits/sandbox_manager/startaccessingbytokenid_fuzzer/project.xml new file mode 100644 index 0000000..7133b2b --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/startaccessingbytokenid_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/innerkits/sandbox_manager/startaccessingbytokenid_fuzzer/startaccessingbytokenid_fuzzer.cpp b/test/fuzztest/innerkits/sandbox_manager/startaccessingbytokenid_fuzzer/startaccessingbytokenid_fuzzer.cpp new file mode 100644 index 0000000..6b3d25a --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/startaccessingbytokenid_fuzzer/startaccessingbytokenid_fuzzer.cpp @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "startaccessingbytokenid_fuzzer.h" + +#include +#include +#include +#include +#include "alloc_token.h" +#include "fuzz_common.h" +#include "sandbox_manager_kit.h" +#include "token_setproc.h" + +using namespace OHOS::AccessControl::SandboxManager; + +namespace OHOS { +namespace { +const int32_t FOUNDATION_UID = 5523; +}; + + bool StartAccessingByTokenIdFuzzTest(const uint8_t *data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + int32_t uid = getuid(); + setuid(FOUNDATION_UID); + std::vector result; + PolicyInfoRandomGenerator gen(data, size); + uint32_t tokenid = gen.GetData(); + + SandboxManagerKit::StartAccessingByTokenId(tokenid); + setuid(uid); + return true; + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::StartAccessingByTokenIdFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/innerkits/sandbox_manager/startaccessingbytokenid_fuzzer/startaccessingbytokenid_fuzzer.h b/test/fuzztest/innerkits/sandbox_manager/startaccessingbytokenid_fuzzer/startaccessingbytokenid_fuzzer.h new file mode 100644 index 0000000..2f80864 --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/startaccessingbytokenid_fuzzer/startaccessingbytokenid_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_STARTACCESSINGBYTOKENID_FUZZER_H +#define TEST_FUZZTEST_STARTACCESSINGBYTOKENID_FUZZER_H + +#define FUZZ_PROJECT_NAME "startaccessingbytokenid_fuzzer" + +#endif // TEST_FUZZTEST_STARTACCESSINGBYTOKENID_FUZZER_H diff --git a/test/fuzztest/innerkits/sandbox_manager/startaccessingpolicy_fuzzer/BUILD.gn b/test/fuzztest/innerkits/sandbox_manager/startaccessingpolicy_fuzzer/BUILD.gn index ec99d9f..11c71af 100644 --- a/test/fuzztest/innerkits/sandbox_manager/startaccessingpolicy_fuzzer/BUILD.gn +++ b/test/fuzztest/innerkits/sandbox_manager/startaccessingpolicy_fuzzer/BUILD.gn @@ -31,6 +31,7 @@ ohos_fuzztest("StartAccessingPolicyFuzzTest") { ] sources = [ "../../../common/alloc_token.cpp", + "../../../common/fuzz_common.cpp", "startaccessingpolicy_fuzzer.cpp", ] diff --git a/test/fuzztest/innerkits/sandbox_manager/startaccessingpolicy_fuzzer/startaccessingpolicy_fuzzer.cpp b/test/fuzztest/innerkits/sandbox_manager/startaccessingpolicy_fuzzer/startaccessingpolicy_fuzzer.cpp index e97c675..2a2bde3 100644 --- a/test/fuzztest/innerkits/sandbox_manager/startaccessingpolicy_fuzzer/startaccessingpolicy_fuzzer.cpp +++ b/test/fuzztest/innerkits/sandbox_manager/startaccessingpolicy_fuzzer/startaccessingpolicy_fuzzer.cpp @@ -19,8 +19,9 @@ #include #include #include "alloc_token.h" -#include "sandbox_manager_err_code.h" +#include "fuzz_common.h" #include "sandbox_manager_kit.h" +#include "token_setproc.h" using namespace OHOS::AccessControl::SandboxManager; @@ -33,15 +34,13 @@ namespace OHOS { std::vector policyVec; std::vector result; + PolicyInfoRandomGenerator gen(data, size); + gen.GeneratePolicyInfoVec(policyVec); - PolicyInfo policy = { - .path = std::string(reinterpret_cast(data), size), - .mode = static_cast(size), - }; - policyVec.emplace_back(policy); - - int32_t ret = SandboxManagerKit::StartAccessingPolicy(policyVec, result); - return ret == SandboxManagerErrCode::SANDBOX_MANAGER_OK; + SandboxManagerKit::SetPolicy(GetSelfTokenID(), policyVec, 1, result); + SandboxManagerKit::PersistPolicy(policyVec, result); + SandboxManagerKit::StartAccessingPolicy(policyVec, result); + return true; } bool StartAccessingPolicyFuzzTest(const uint8_t *data, size_t size) diff --git a/test/fuzztest/innerkits/sandbox_manager/stopaccessingpolicy_fuzzer/BUILD.gn b/test/fuzztest/innerkits/sandbox_manager/stopaccessingpolicy_fuzzer/BUILD.gn index 74bb608..91cf560 100644 --- a/test/fuzztest/innerkits/sandbox_manager/stopaccessingpolicy_fuzzer/BUILD.gn +++ b/test/fuzztest/innerkits/sandbox_manager/stopaccessingpolicy_fuzzer/BUILD.gn @@ -32,6 +32,7 @@ ohos_fuzztest("StopAccessingPolicyFuzzTest") { ] sources = [ "../../../common/alloc_token.cpp", + "../../../common/fuzz_common.cpp", "stopaccessingpolicy_fuzzer.cpp", ] diff --git a/test/fuzztest/innerkits/sandbox_manager/stopaccessingpolicy_fuzzer/stopaccessingpolicy_fuzzer.cpp b/test/fuzztest/innerkits/sandbox_manager/stopaccessingpolicy_fuzzer/stopaccessingpolicy_fuzzer.cpp index 11e1301..3d8838d 100644 --- a/test/fuzztest/innerkits/sandbox_manager/stopaccessingpolicy_fuzzer/stopaccessingpolicy_fuzzer.cpp +++ b/test/fuzztest/innerkits/sandbox_manager/stopaccessingpolicy_fuzzer/stopaccessingpolicy_fuzzer.cpp @@ -19,8 +19,9 @@ #include #include #include "alloc_token.h" -#include "sandbox_manager_err_code.h" +#include "fuzz_common.h" #include "sandbox_manager_kit.h" +#include "token_setproc.h" using namespace OHOS::AccessControl::SandboxManager; @@ -33,15 +34,14 @@ namespace OHOS { std::vector policyVec; std::vector result; - - PolicyInfo policy = { - .path = std::string(reinterpret_cast(data), size), - .mode = static_cast(size), - }; - policyVec.emplace_back(policy); - - int32_t ret = SandboxManagerKit::StopAccessingPolicy(policyVec, result); - return ret == SandboxManagerErrCode::SANDBOX_MANAGER_OK; + PolicyInfoRandomGenerator gen(data, size); + gen.GeneratePolicyInfoVec(policyVec); + + SandboxManagerKit::SetPolicy(GetSelfTokenID(), policyVec, 1, result); + SandboxManagerKit::PersistPolicy(policyVec, result); + SandboxManagerKit::StartAccessingPolicy(policyVec, result); + SandboxManagerKit::StopAccessingPolicy(policyVec, result); + return true; } bool StopAccessingPolicyFuzzTest(const uint8_t *data, size_t size) diff --git a/test/fuzztest/innerkits/sandbox_manager/unpersistpolicy_fuzzer/BUILD.gn b/test/fuzztest/innerkits/sandbox_manager/unpersistpolicy_fuzzer/BUILD.gn index 473a5bd..bdfd3d9 100644 --- a/test/fuzztest/innerkits/sandbox_manager/unpersistpolicy_fuzzer/BUILD.gn +++ b/test/fuzztest/innerkits/sandbox_manager/unpersistpolicy_fuzzer/BUILD.gn @@ -31,6 +31,7 @@ ohos_fuzztest("UnPersistPolicyFuzzTest") { ] sources = [ "../../../common/alloc_token.cpp", + "../../../common/fuzz_common.cpp", "unpersistpolicy_fuzzer.cpp", ] diff --git a/test/fuzztest/innerkits/sandbox_manager/unpersistpolicy_fuzzer/unpersistpolicy_fuzzer.cpp b/test/fuzztest/innerkits/sandbox_manager/unpersistpolicy_fuzzer/unpersistpolicy_fuzzer.cpp index 897ad21..526f3f2 100644 --- a/test/fuzztest/innerkits/sandbox_manager/unpersistpolicy_fuzzer/unpersistpolicy_fuzzer.cpp +++ b/test/fuzztest/innerkits/sandbox_manager/unpersistpolicy_fuzzer/unpersistpolicy_fuzzer.cpp @@ -19,8 +19,9 @@ #include #include #include "alloc_token.h" -#include "sandbox_manager_err_code.h" +#include "fuzz_common.h" #include "sandbox_manager_kit.h" +#include "token_setproc.h" using namespace OHOS::AccessControl::SandboxManager; @@ -34,14 +35,13 @@ namespace OHOS { std::vector policyVec; std::vector result; - PolicyInfo policy = { - .path = std::string(reinterpret_cast(data), size), - .mode = static_cast(size), - }; - policyVec.emplace_back(policy); + PolicyInfoRandomGenerator gen(data, size); + gen.GeneratePolicyInfoVec(policyVec); - int32_t ret = SandboxManagerKit::UnPersistPolicy(policyVec, result); - return ret == SandboxManagerErrCode::SANDBOX_MANAGER_OK; + SandboxManagerKit::SetPolicy(GetSelfTokenID(), policyVec, 1, result); + SandboxManagerKit::PersistPolicy(policyVec, result); + SandboxManagerKit::UnPersistPolicy(policyVec, result); + return true; } bool UnpersistPolicyFuzzTest(const uint8_t *data, size_t size) diff --git a/test/fuzztest/innerkits/sandbox_manager/unpersistpolicytoken_fuzzer/BUILD.gn b/test/fuzztest/innerkits/sandbox_manager/unpersistpolicytoken_fuzzer/BUILD.gn index f0832d8..111fada 100644 --- a/test/fuzztest/innerkits/sandbox_manager/unpersistpolicytoken_fuzzer/BUILD.gn +++ b/test/fuzztest/innerkits/sandbox_manager/unpersistpolicytoken_fuzzer/BUILD.gn @@ -31,6 +31,7 @@ ohos_fuzztest("UnpersistPolicyTokenFuzzTest") { ] sources = [ "../../../common/alloc_token.cpp", + "../../../common/fuzz_common.cpp", "unpersistpolicytoken_fuzzer.cpp", ] diff --git a/test/fuzztest/innerkits/sandbox_manager/unpersistpolicytoken_fuzzer/unpersistpolicytoken_fuzzer.cpp b/test/fuzztest/innerkits/sandbox_manager/unpersistpolicytoken_fuzzer/unpersistpolicytoken_fuzzer.cpp index 72eacab..85a349c 100644 --- a/test/fuzztest/innerkits/sandbox_manager/unpersistpolicytoken_fuzzer/unpersistpolicytoken_fuzzer.cpp +++ b/test/fuzztest/innerkits/sandbox_manager/unpersistpolicytoken_fuzzer/unpersistpolicytoken_fuzzer.cpp @@ -19,7 +19,7 @@ #include #include #include "alloc_token.h" -#include "sandbox_manager_err_code.h" +#include "fuzz_common.h" #include "sandbox_manager_kit.h" using namespace OHOS::AccessControl::SandboxManager; @@ -33,16 +33,14 @@ namespace OHOS { std::vector policyVec; std::vector result; - uint64_t tokenId = static_cast(size); - - PolicyInfo policy = { - .path = std::string(reinterpret_cast(data), size), - .mode = static_cast(size), - }; - policyVec.emplace_back(policy); - - int32_t ret = SandboxManagerKit::UnPersistPolicy(tokenId, policyVec, result); - return ret == SandboxManagerErrCode::SANDBOX_MANAGER_OK; + PolicyInfoRandomGenerator gen(data, size); + gen.GeneratePolicyInfoVec(policyVec); + uint32_t tokenId = gen.GetData(); + + SandboxManagerKit::SetPolicy(tokenId, policyVec, 1, result); + SandboxManagerKit::PersistPolicy(tokenId, policyVec, result); + SandboxManagerKit::UnPersistPolicy(tokenId, policyVec, result); + return true; } bool UnPersistPolicyTokenFuzzTest(const uint8_t *data, size_t size) diff --git a/test/fuzztest/innerkits/sandbox_manager/unsetallpolicybytoken_fuzzer/BUILD.gn b/test/fuzztest/innerkits/sandbox_manager/unsetallpolicybytoken_fuzzer/BUILD.gn new file mode 100644 index 0000000..1a029c9 --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/unsetallpolicybytoken_fuzzer/BUILD.gn @@ -0,0 +1,49 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../sandbox_manager.gni") + +ohos_fuzztest("UnsetAllPolicyByTokenFuzzTest") { + module_out_path = module_output_path_interface_sandbox + fuzz_config_file = "." + + include_dirs = [ + "${sandbox_manager_path}/interfaces/innerkits/sandbox_manager/include", + "../../../common", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ + "../../../common/alloc_token.cpp", + "../../../common/fuzz_common.cpp", + "unsetallpolicybytoken_fuzzer.cpp", + ] + + deps = [ "${sandbox_manager_path}/interfaces/innerkits/sandbox_manager:libsandbox_manager_sdk" ] + + configs = [ "${sandbox_manager_path}/config:coverage_flags" ] + + external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/innerkits/sandbox_manager/unsetallpolicybytoken_fuzzer/corpus/init b/test/fuzztest/innerkits/sandbox_manager/unsetallpolicybytoken_fuzzer/corpus/init new file mode 100644 index 0000000..e7c3fec --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/unsetallpolicybytoken_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/innerkits/sandbox_manager/unsetallpolicybytoken_fuzzer/project.xml b/test/fuzztest/innerkits/sandbox_manager/unsetallpolicybytoken_fuzzer/project.xml new file mode 100644 index 0000000..7133b2b --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/unsetallpolicybytoken_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/innerkits/sandbox_manager/unsetallpolicybytoken_fuzzer/unsetallpolicybytoken_fuzzer.cpp b/test/fuzztest/innerkits/sandbox_manager/unsetallpolicybytoken_fuzzer/unsetallpolicybytoken_fuzzer.cpp new file mode 100644 index 0000000..2447ad5 --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/unsetallpolicybytoken_fuzzer/unsetallpolicybytoken_fuzzer.cpp @@ -0,0 +1,55 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "unsetallpolicybytoken_fuzzer.h" + +#include +#include +#include +#include "alloc_token.h" +#include "fuzz_common.h" +#include "sandbox_manager_kit.h" +#include "token_setproc.h" + +using namespace OHOS::AccessControl::SandboxManager; + +namespace OHOS { + bool UnSetAllPolicyByToken(const uint8_t *data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + + std::vector result; + PolicyInfoRandomGenerator gen(data, size); + uint32_t tokenid = gen.GetData(); + + SandboxManagerKit::UnSetAllPolicyByToken(tokenid); + return true; + } + + bool UnSetAllPolicyByTokenFuzzTest(const uint8_t *data, size_t size) + { + return AllocTokenWithFuzz(data, size, UnSetAllPolicyByToken); + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::UnSetAllPolicyByTokenFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/innerkits/sandbox_manager/unsetallpolicybytoken_fuzzer/unsetallpolicybytoken_fuzzer.h b/test/fuzztest/innerkits/sandbox_manager/unsetallpolicybytoken_fuzzer/unsetallpolicybytoken_fuzzer.h new file mode 100644 index 0000000..51fda90 --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/unsetallpolicybytoken_fuzzer/unsetallpolicybytoken_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_UNSETALLPOLICYBYTOKEN_FUZZER_H +#define TEST_FUZZTEST_UNSETALLPOLICYBYTOKEN_FUZZER_H + +#define FUZZ_PROJECT_NAME "unsetallpolicybytoken_fuzzer" + +#endif // TEST_FUZZTEST_UNSETALLPOLICYBYTOKEN_FUZZER_H diff --git a/test/fuzztest/innerkits/sandbox_manager/unsetpolicy_fuzzer/BUILD.gn b/test/fuzztest/innerkits/sandbox_manager/unsetpolicy_fuzzer/BUILD.gn new file mode 100644 index 0000000..49b016a --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/unsetpolicy_fuzzer/BUILD.gn @@ -0,0 +1,49 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../sandbox_manager.gni") + +ohos_fuzztest("UnsetPolicyFuzzTest") { + module_out_path = module_output_path_interface_sandbox + fuzz_config_file = "." + + include_dirs = [ + "${sandbox_manager_path}/interfaces/innerkits/sandbox_manager/include", + "../../../common", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ + "../../../common/alloc_token.cpp", + "../../../common/fuzz_common.cpp", + "unsetpolilcy_fuzzer.cpp", + ] + + deps = [ "${sandbox_manager_path}/interfaces/innerkits/sandbox_manager:libsandbox_manager_sdk" ] + + configs = [ "${sandbox_manager_path}/config:coverage_flags" ] + + external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/innerkits/sandbox_manager/unsetpolicy_fuzzer/corpus/init b/test/fuzztest/innerkits/sandbox_manager/unsetpolicy_fuzzer/corpus/init new file mode 100644 index 0000000..e7c3fec --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/unsetpolicy_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/innerkits/sandbox_manager/unsetpolicy_fuzzer/project.xml b/test/fuzztest/innerkits/sandbox_manager/unsetpolicy_fuzzer/project.xml new file mode 100644 index 0000000..7133b2b --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/unsetpolicy_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/innerkits/sandbox_manager/unsetpolicy_fuzzer/unsetpolilcy_fuzzer.cpp b/test/fuzztest/innerkits/sandbox_manager/unsetpolicy_fuzzer/unsetpolilcy_fuzzer.cpp new file mode 100644 index 0000000..c2fdaff --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/unsetpolicy_fuzzer/unsetpolilcy_fuzzer.cpp @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "unsetpolilcy_fuzzer.h" + +#include +#include +#include +#include "alloc_token.h" +#include "fuzz_common.h" +#include "sandbox_manager_kit.h" +#include "token_setproc.h" + +using namespace OHOS::AccessControl::SandboxManager; + +namespace OHOS { + bool UnSetPolicy(const uint8_t *data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + + std::vector policyVec; + PolicyInfo policy; + std::vector result; + + PolicyInfoRandomGenerator gen(data, size); + gen.GeneratePolicyInfo(policy); + policyVec.push_back(policy); + + SandboxManagerKit::SetPolicy(GetSelfTokenID(), policyVec, 0, result); + SandboxManagerKit::UnSetPolicy(GetSelfTokenID(), policy); + return true; + } + + bool UnSetPolicyFuzzTest(const uint8_t *data, size_t size) + { + return AllocTokenWithFuzz(data, size, UnSetPolicy); + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::UnSetPolicyFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/innerkits/sandbox_manager/unsetpolicy_fuzzer/unsetpolilcy_fuzzer.h b/test/fuzztest/innerkits/sandbox_manager/unsetpolicy_fuzzer/unsetpolilcy_fuzzer.h new file mode 100644 index 0000000..40e3198 --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/unsetpolicy_fuzzer/unsetpolilcy_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_UNSETPOLICY_FUZZER_H +#define TEST_FUZZTEST_UNSETPOLICY_FUZZER_H + +#define FUZZ_PROJECT_NAME "unsetpolilcy_fuzzer" + +#endif // TEST_FUZZTEST_UNSETPOLICY_FUZZER_H diff --git a/test/fuzztest/innerkits/sandbox_manager/unsetpolicyasync_fuzzer/BUILD.gn b/test/fuzztest/innerkits/sandbox_manager/unsetpolicyasync_fuzzer/BUILD.gn new file mode 100644 index 0000000..43ad143 --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/unsetpolicyasync_fuzzer/BUILD.gn @@ -0,0 +1,49 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../sandbox_manager.gni") + +ohos_fuzztest("UnsetPolicyAsyncFuzzTest") { + module_out_path = module_output_path_interface_sandbox + fuzz_config_file = "." + + include_dirs = [ + "${sandbox_manager_path}/interfaces/innerkits/sandbox_manager/include", + "../../../common", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ + "../../../common/alloc_token.cpp", + "../../../common/fuzz_common.cpp", + "unsetpolicyasync_fuzzer.cpp", + ] + + deps = [ "${sandbox_manager_path}/interfaces/innerkits/sandbox_manager:libsandbox_manager_sdk" ] + + configs = [ "${sandbox_manager_path}/config:coverage_flags" ] + + external_deps = [ + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "c_utils:utils", + "hilog:libhilog", + ] +} diff --git a/test/fuzztest/innerkits/sandbox_manager/unsetpolicyasync_fuzzer/corpus/init b/test/fuzztest/innerkits/sandbox_manager/unsetpolicyasync_fuzzer/corpus/init new file mode 100644 index 0000000..e7c3fec --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/unsetpolicyasync_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/innerkits/sandbox_manager/unsetpolicyasync_fuzzer/project.xml b/test/fuzztest/innerkits/sandbox_manager/unsetpolicyasync_fuzzer/project.xml new file mode 100644 index 0000000..7133b2b --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/unsetpolicyasync_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/innerkits/sandbox_manager/unsetpolicyasync_fuzzer/unsetpolicyasync_fuzzer.cpp b/test/fuzztest/innerkits/sandbox_manager/unsetpolicyasync_fuzzer/unsetpolicyasync_fuzzer.cpp new file mode 100644 index 0000000..b9df4e6 --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/unsetpolicyasync_fuzzer/unsetpolicyasync_fuzzer.cpp @@ -0,0 +1,60 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "unsetpolicyasync_fuzzer.h" + +#include +#include +#include +#include "alloc_token.h" +#include "fuzz_common.h" +#include "sandbox_manager_kit.h" +#include "token_setproc.h" + +using namespace OHOS::AccessControl::SandboxManager; + +namespace OHOS { + bool UnSetPolicyAsync(const uint8_t *data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + + std::vector policyVec; + PolicyInfo policy; + std::vector result; + + PolicyInfoRandomGenerator gen(data, size); + gen.GeneratePolicyInfo(policy); + policyVec.push_back(policy); + + SandboxManagerKit::SetPolicy(GetSelfTokenID(), policyVec, 0, result); + SandboxManagerKit::UnSetPolicyAsync(GetSelfTokenID(), policy); + return true; + } + + bool UnSetPolicyAsyncFuzzTest(const uint8_t *data, size_t size) + { + return AllocTokenWithFuzz(data, size, UnSetPolicyAsync); + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::UnSetPolicyAsyncFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/innerkits/sandbox_manager/unsetpolicyasync_fuzzer/unsetpolicyasync_fuzzer.h b/test/fuzztest/innerkits/sandbox_manager/unsetpolicyasync_fuzzer/unsetpolicyasync_fuzzer.h new file mode 100644 index 0000000..df4c08e --- /dev/null +++ b/test/fuzztest/innerkits/sandbox_manager/unsetpolicyasync_fuzzer/unsetpolicyasync_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_UNSETPOLICYASYNC_FUZZER_H +#define TEST_FUZZTEST_UNSETPOLICYASYNC_FUZZER_H + +#define FUZZ_PROJECT_NAME "unsetpolicyasync_fuzzer" + +#endif // TEST_FUZZTEST_UNSETPOLICYASYNC_FUZZER_H -- Gitee