From 1af17fa4b9efa3905ba66c65dccd31ffca3b598f Mon Sep 17 00:00:00 2001 From: li-tiangang4 Date: Sat, 28 Jun 2025 18:32:34 +0800 Subject: [PATCH] =?UTF-8?q?=E8=A1=A5=E5=85=85fUZZ?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: li-tiangang4 --- test/fuzztest/BUILD.gn | 3 +- .../dinputpermissioncheck_fuzzer/BUILD.gn | 88 +++++++++ .../dinputpermissioncheck_fuzzer/corpus/init | 14 ++ .../dinput_permission_check_fuzzer.cpp | 176 ++++++++++++++++++ .../dinput_permission_check_fuzzer.h | 21 +++ .../dinputpermissioncheck_fuzzer/project.xml | 25 +++ 6 files changed, 326 insertions(+), 1 deletion(-) create mode 100644 test/fuzztest/dinputpermissioncheck_fuzzer/BUILD.gn create mode 100644 test/fuzztest/dinputpermissioncheck_fuzzer/corpus/init create mode 100644 test/fuzztest/dinputpermissioncheck_fuzzer/dinput_permission_check_fuzzer.cpp create mode 100644 test/fuzztest/dinputpermissioncheck_fuzzer/dinput_permission_check_fuzzer.h create mode 100644 test/fuzztest/dinputpermissioncheck_fuzzer/project.xml diff --git a/test/fuzztest/BUILD.gn b/test/fuzztest/BUILD.gn index 55b7910..d8aa720 100644 --- a/test/fuzztest/BUILD.gn +++ b/test/fuzztest/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2022-2023 Huawei Device Co., Ltd. +# Copyright (c) 2022-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -20,6 +20,7 @@ group("fuzztest") { "dinputinitsource_fuzzer:fuzztest", "dinputonsessionclosed_fuzzer:fuzztest", "dinputonsessionopend_fuzzer:fuzztest", + "dinputpermissioncheck_fuzzer:fuzztest", "dinputreleasesink_fuzzer:fuzztest", "dinputreleasesource_fuzzer:fuzztest", "dinputsubscribelocaldh_fuzzer:fuzztest", diff --git a/test/fuzztest/dinputpermissioncheck_fuzzer/BUILD.gn b/test/fuzztest/dinputpermissioncheck_fuzzer/BUILD.gn new file mode 100644 index 0000000..3ca41b9 --- /dev/null +++ b/test/fuzztest/dinputpermissioncheck_fuzzer/BUILD.gn @@ -0,0 +1,88 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import( + "//foundation/distributedhardware/distributed_input/distributedinput.gni") + +##############################fuzztest########################################## +ohos_fuzztest("DinputPermissionCheckFuzzTest") { + module_out_path = fuzz_test_path + + fuzz_config_file = "${distributedinput_path}/test/fuzztest/dinputpermissioncheck_fuzzer" + + include_dirs = [ + "${services_source_path}/transport/include", + "${distributedinput_path}/services/transportbase/include", + "${common_path}/include", + "${service_common}/include", + "${services_source_path}/inputinject/include", + "${services_source_path}/transport/include", + "${dfx_utils_path}/include", + "${utils_path}/include", + "${frameworks_path}/include", + "${distributedinput_path}/inputdevicehandler/include", + ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + sources = [ "dinput_permission_check_fuzzer.cpp" ] + + deps = [ + "${dfx_utils_path}:libdinput_dfx_utils", + "${distributedinput_path}/services/transportbase:libdinput_trans_base", + "${services_source_path}/inputinject:libdinput_inject", + "${utils_path}:libdinput_utils", + ] + + external_deps = [ + "c_utils:utils", + "device_manager:devicemanagersdk", + "distributed_hardware_fwk:distributed_av_sender", + "distributed_hardware_fwk:distributedhardwareutils", + "distributed_hardware_fwk:libdhfwk_sdk", + "dsoftbus:softbus_client", + "eventhandler:libeventhandler", + "hilog:libhilog", + "hitrace:hitrace_meter", + "ipc:ipc_core", + "json:nlohmann_json_static", + "libevdev:libevdev", + "os_account:libaccountkits", + "os_account:os_account_innerkits", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", + ] + + defines = [ + "HI_LOG_ENABLE", + "DH_LOG_TAG=\"DinputPermissionCheckFuzzTest\"", + "LOG_DOMAIN=0xD004120", + "private=public", + ] +} + +############################################################################### +group("fuzztest") { + testonly = true + + deps = [ ":DinputPermissionCheckFuzzTest" ] +} +############################################################################### diff --git a/test/fuzztest/dinputpermissioncheck_fuzzer/corpus/init b/test/fuzztest/dinputpermissioncheck_fuzzer/corpus/init new file mode 100644 index 0000000..65af8ee --- /dev/null +++ b/test/fuzztest/dinputpermissioncheck_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/dinputpermissioncheck_fuzzer/dinput_permission_check_fuzzer.cpp b/test/fuzztest/dinputpermissioncheck_fuzzer/dinput_permission_check_fuzzer.cpp new file mode 100644 index 0000000..62d0867 --- /dev/null +++ b/test/fuzztest/dinputpermissioncheck_fuzzer/dinput_permission_check_fuzzer.cpp @@ -0,0 +1,176 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "dinput_permission_check_fuzzer.h" + +#include +#include +#include +#include +#include + +#include "constants_dinput.h" +#include "distributed_input_transport_base.h" +#include "softbus_permission_check.h" + +namespace OHOS { +namespace DistributedHardware { +void CheckSinkPermissionFuzzTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size < (sizeof(int32_t) + sizeof(uint64_t)))) { + return; + } + FuzzedDataProvider fdp(data, size); + int32_t userId = fdp.ConsumeIntegral(); + uint64_t tokenId = fdp.ConsumeIntegral(); + std::string accountId = fdp.ConsumeRandomLengthString(); + std::string networkId = fdp.ConsumeRandomLengthString(); + DistributedInput::AccountInfo callerAccountInfo = { + .userId_ = userId, + .tokenId_ = tokenId, + .accountId_ = accountId, + .networkId_ = networkId, + }; + DistributedInput::SoftBusPermissionCheck::CheckSinkPermission(callerAccountInfo); +} + +void CheckSrcAccessControlFuzzTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return; + } + + std::string sinkNetworkId(reinterpret_cast(data), size); + DistributedInput::AccountInfo localAccountInfo; + DistributedInput::SoftBusPermissionCheck::CheckSrcAccessControl(sinkNetworkId, localAccountInfo); +} + +void CheckSinkAccessControlFuzzTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size < (sizeof(int32_t) + sizeof(uint64_t)))) { + return; + } + FuzzedDataProvider fdp(data, size); + int32_t userId = fdp.ConsumeIntegral(); + uint64_t tokenId = fdp.ConsumeIntegral(); + std::string accountId = fdp.ConsumeRandomLengthString(); + std::string networkId = fdp.ConsumeRandomLengthString(); + DistributedInput::AccountInfo callerAccountInfo = { + .userId_ = userId, + .tokenId_ = tokenId, + .accountId_ = accountId, + .networkId_ = networkId, + }; + DistributedInput::AccountInfo calleeAccountInfo = { + .userId_ = userId, + .tokenId_ = tokenId, + .accountId_ = accountId, + .networkId_ = networkId, + }; + DistributedInput::SoftBusPermissionCheck::CheckSinkAccessControl(callerAccountInfo, calleeAccountInfo); +} + +void GetLocalNetworkIdFuzzTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return; + } + + std::string networkId(reinterpret_cast(data), size); + DistributedInput::SoftBusPermissionCheck::GetLocalNetworkId(networkId); +} + +void TransCallerInfoOneFuzzTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size < (sizeof(int32_t) + sizeof(uint64_t)))) { + return; + } + FuzzedDataProvider fdp(data, size); + int32_t userId = fdp.ConsumeIntegral(); + uint64_t tokenId = fdp.ConsumeIntegral(); + std::string accountId = fdp.ConsumeRandomLengthString(); + std::string accessInfo = "{\"accountId\":\"123\"}"; + SocketAccessInfo callerInfo = { + .userId = userId, + .localTokenId = tokenId, + .businessAccountId = const_cast(accountId.c_str()), + .extraAccessInfo = const_cast(accessInfo.c_str()), + }; + DistributedInput::AccountInfo callerAccountInfo; + std::string networkId = fdp.ConsumeRandomLengthString(); + DistributedInput::SoftBusPermissionCheck::TransCallerInfo(&callerInfo, callerAccountInfo, networkId); +} + +void TransCallerInfoSecondFuzzTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size < (sizeof(int32_t) + sizeof(uint64_t)))) { + return; + } + FuzzedDataProvider fdp(data, size); + int32_t userId = fdp.ConsumeIntegral(); + uint64_t tokenId = fdp.ConsumeIntegral(); + std::string accountId = fdp.ConsumeRandomLengthString(); + std::string accessInfo = fdp.ConsumeRandomLengthString(); + SocketAccessInfo callerInfo = { + .userId = userId, + .localTokenId = tokenId, + .businessAccountId = const_cast(accountId.c_str()), + .extraAccessInfo = const_cast(accessInfo.c_str()), + }; + DistributedInput::AccountInfo callerAccountInfo; + std::string networkId = fdp.ConsumeRandomLengthString(); + DistributedInput::SoftBusPermissionCheck::TransCallerInfo(&callerInfo, callerAccountInfo, networkId); +} + +void FillLocalInfoOneFuzzTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return; + } + SocketAccessInfo *localInfo = nullptr; + DistributedInput::SoftBusPermissionCheck::FillLocalInfo(localInfo); +} + +void FillLocalInfoSecondFuzzTest(const uint8_t *data, size_t size) +{ + if ((data == nullptr) || (size < (sizeof(int32_t) + sizeof(uint64_t)))) { + return; + } + FuzzedDataProvider fdp(data, size); + int32_t userId = fdp.ConsumeIntegral(); + uint64_t tokenId = fdp.ConsumeIntegral(); + SocketAccessInfo localInfo = { + .userId = userId, + .localTokenId = tokenId, + }; + DistributedInput::SoftBusPermissionCheck::FillLocalInfo(&localInfo); +} +} // namespace DistributedHardware +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::DistributedHardware::CheckSinkPermissionFuzzTest(data, size); + OHOS::DistributedHardware::CheckSrcAccessControlFuzzTest(data, size); + OHOS::DistributedHardware::CheckSinkAccessControlFuzzTest(data, size); + OHOS::DistributedHardware::GetLocalNetworkIdFuzzTest(data, size); + OHOS::DistributedHardware::TransCallerInfoOneFuzzTest(data, size); + OHOS::DistributedHardware::TransCallerInfoSecondFuzzTest(data, size); + OHOS::DistributedHardware::FillLocalInfoOneFuzzTest(data, size); + OHOS::DistributedHardware::FillLocalInfoSecondFuzzTest(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/dinputpermissioncheck_fuzzer/dinput_permission_check_fuzzer.h b/test/fuzztest/dinputpermissioncheck_fuzzer/dinput_permission_check_fuzzer.h new file mode 100644 index 0000000..11b9190 --- /dev/null +++ b/test/fuzztest/dinputpermissioncheck_fuzzer/dinput_permission_check_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef DINPUT_PERMISSION_CHECK_FUZZER_H +#define DINPUT_PERMISSION_CHECK_FUZZER_H + +#define FUZZ_PROJECT_NAME "dinputpermissioncheck_fuzzer" + +#endif // DINPUT_PERMISSION_CHECK_FUZZER_H diff --git a/test/fuzztest/dinputpermissioncheck_fuzzer/project.xml b/test/fuzztest/dinputpermissioncheck_fuzzer/project.xml new file mode 100644 index 0000000..66e1dca --- /dev/null +++ b/test/fuzztest/dinputpermissioncheck_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + -- Gitee