From d0c827083e25cb13b06de87bccbc8f55649f5470 Mon Sep 17 00:00:00 2001 From: "yaoruozi1@huawei.com" Date: Mon, 7 Jul 2025 21:03:40 +0800 Subject: [PATCH] modify extension fuzz Signed-off-by: yaoruozi1@huawei.com --- interfaces/common/include/sandbox_helper.h | 1 + interfaces/common/src/sandbox_helper.cpp | 6 ++ .../backupext_fuzzer/backupext_fuzzer.cpp | 73 +++++++++++++++---- test/fuzztest/backupsaanother_fuzzer/BUILD.gn | 3 + .../backupsaanother_fuzzer.cpp | 2 + 5 files changed, 70 insertions(+), 15 deletions(-) diff --git a/interfaces/common/include/sandbox_helper.h b/interfaces/common/include/sandbox_helper.h index cf2d1c4af..ce5fcefd6 100644 --- a/interfaces/common/include/sandbox_helper.h +++ b/interfaces/common/include/sandbox_helper.h @@ -44,6 +44,7 @@ public: static void GetNetworkIdFromUri(const std::string &fileUri, std::string &networkId); static std::string GetLowerDir(std::string &lowerPathHead, const std::string &userId, const std::string &bundleName, const std::string &networkId); + static void ClearBackupSandboxPathMap(); }; } // namespace AppFileService } // namespace OHOS diff --git a/interfaces/common/src/sandbox_helper.cpp b/interfaces/common/src/sandbox_helper.cpp index 8c00e7f4a..0536ab7fd 100644 --- a/interfaces/common/src/sandbox_helper.cpp +++ b/interfaces/common/src/sandbox_helper.cpp @@ -552,6 +552,12 @@ bool SandboxHelper::CheckValidPath(const std::string &filePath) return true; } + +void SandboxHelper::ClearBackupSandboxPathMap() +{ + lock_guard lock(mapMutex_); + backupSandboxPathMap_.clear(); +} } // namespace AppFileService } // namespace OHOS diff --git a/test/fuzztest/backupext_fuzzer/backupext_fuzzer.cpp b/test/fuzztest/backupext_fuzzer/backupext_fuzzer.cpp index 2d7559fca..a100e64fa 100644 --- a/test/fuzztest/backupext_fuzzer/backupext_fuzzer.cpp +++ b/test/fuzztest/backupext_fuzzer/backupext_fuzzer.cpp @@ -138,40 +138,49 @@ bool SetCreatorFuzzTest(shared_ptr backup, const uint8_t *data, size_ return true; } -bool CmdGetFileHandleFuzzTest(shared_ptr extension, const uint8_t *data, size_t size) +bool CmdGetFileHandleFuzzTest(OHOS::sptr extension, const uint8_t *data, size_t size) { MessageParcel msg; MessageParcel reply; MessageOption option; uint32_t code = static_cast(IExtensionIpcCode::COMMAND_GET_FILE_HANDLE_WITH_UNIQUE_FD); msg.WriteString(string(reinterpret_cast(data), size)); + if (extension == nullptr) { + return false; + } extension->OnRemoteRequest(code, msg, reply, option); return true; } -bool CmdHandleClearFuzzTest(shared_ptr extension, const uint8_t *data, size_t size) +bool CmdHandleClearFuzzTest(OHOS::sptr extension, const uint8_t *data, size_t size) { MessageParcel msg; MessageParcel reply; MessageOption option; uint32_t code = static_cast(IExtensionIpcCode::COMMAND_HANDLE_CLEAR); msg.WriteBuffer(data, size); + if (extension == nullptr) { + return false; + } extension->OnRemoteRequest(code, msg, reply, option); return true; } -bool CmdHandleUser0BackupFuzzTest(shared_ptr extension, const uint8_t *data, size_t size) +bool CmdHandleUser0BackupFuzzTest(OHOS::sptr extension, const uint8_t *data, size_t size) { MessageParcel msg; MessageParcel reply; MessageOption option; uint32_t code = static_cast(IExtensionIpcCode::COMMAND_USER0_ON_BACKUP); msg.WriteBuffer(data, size); + if (extension == nullptr) { + return false; + } extension->OnRemoteRequest(code, msg, reply, option); return true; } -bool CmdHandleBackupFuzzTest(shared_ptr extension, const uint8_t *data, size_t size) +bool CmdHandleBackupFuzzTest(OHOS::sptr extension, const uint8_t *data, size_t size) { if (data == nullptr || size < sizeof(bool)) { return true; @@ -182,22 +191,28 @@ bool CmdHandleBackupFuzzTest(shared_ptr extension, const uin MessageOption option; uint32_t code = static_cast(IExtensionIpcCode::COMMAND_HANDLE_BACKUP); msg.WriteBool(*reinterpret_cast(data)); + if (extension == nullptr) { + return false; + } extension->OnRemoteRequest(code, msg, reply, option); return true; } -bool CmdPublishFileFuzzTest(shared_ptr extension, const uint8_t *data, size_t size) +bool CmdPublishFileFuzzTest(OHOS::sptr extension, const uint8_t *data, size_t size) { MessageParcel msg; MessageParcel reply; MessageOption option; uint32_t code = static_cast(IExtensionIpcCode::COMMAND_PUBLISH_FILE); msg.WriteString(string(reinterpret_cast(data), size)); + if (extension == nullptr) { + return false; + } extension->OnRemoteRequest(code, msg, reply, option); return true; } -bool CmdHandleRestoreFuzzTest(shared_ptr extension, const uint8_t *data, size_t size) +bool CmdHandleRestoreFuzzTest(OHOS::sptr extension, const uint8_t *data, size_t size) { if (data == nullptr || size < sizeof(bool)) { return true; @@ -208,33 +223,42 @@ bool CmdHandleRestoreFuzzTest(shared_ptr extension, const ui MessageOption option; uint32_t code = static_cast(IExtensionIpcCode::COMMAND_HANDLE_RESTORE); msg.WriteBool(*reinterpret_cast(data)); + if (extension == nullptr) { + return false; + } extension->OnRemoteRequest(code, msg, reply, option); return true; } -bool CmdGetIncrementalFileHandleFuzzTest(shared_ptr extension, const uint8_t *data, size_t size) +bool CmdGetIncrementalFileHandleFuzzTest(OHOS::sptr extension, const uint8_t *data, size_t size) { MessageParcel msg; MessageParcel reply; MessageOption option; uint32_t code = static_cast(IExtensionIpcCode::COMMAND_GET_INCREMENTAL_FILE_HANDLE); msg.WriteString(string(reinterpret_cast(data), size)); + if (extension == nullptr) { + return false; + } extension->OnRemoteRequest(code, msg, reply, option); return true; } -bool CmdPublishIncrementalFileFuzzTest(shared_ptr extension, const uint8_t *data, size_t size) +bool CmdPublishIncrementalFileFuzzTest(OHOS::sptr extension, const uint8_t *data, size_t size) { MessageParcel msg; MessageParcel reply; MessageOption option; uint32_t code = static_cast(IExtensionIpcCode::COMMAND_PUBLISH_INCREMENTAL_FILE); msg.WriteString(string(reinterpret_cast(data), size)); + if (extension == nullptr) { + return false; + } extension->OnRemoteRequest(code, msg, reply, option); return true; } -bool CmdHandleIncrementalBackupFuzzTest(shared_ptr extension, const uint8_t *data, size_t size) +bool CmdHandleIncrementalBackupFuzzTest(OHOS::sptr extension, const uint8_t *data, size_t size) { if (data == nullptr || size < sizeof(int) + sizeof(int)) { return true; @@ -249,11 +273,14 @@ bool CmdHandleIncrementalBackupFuzzTest(shared_ptr extension uint32_t code = static_cast(IExtensionIpcCode::COMMAND_HANDLE_INCREMENTAL_BACKUP); msg.WriteFileDescriptor(incrementalFd); msg.WriteFileDescriptor(manifestFd); + if (extension == nullptr) { + return false; + } extension->OnRemoteRequest(code, msg, reply, option); return true; } -bool CmdIncrementalOnBackupFuzzTest(shared_ptr extension, const uint8_t *data, size_t size) +bool CmdIncrementalOnBackupFuzzTest(OHOS::sptr extension, const uint8_t *data, size_t size) { if (data == nullptr || size < sizeof(bool)) { return true; @@ -264,11 +291,14 @@ bool CmdIncrementalOnBackupFuzzTest(shared_ptr extension, co MessageOption option; uint32_t code = static_cast(IExtensionIpcCode::COMMAND_INCREMENTAL_ON_BACKUP); msg.WriteBool(*reinterpret_cast(data)); + if (extension == nullptr) { + return false; + } extension->OnRemoteRequest(code, msg, reply, option); return true; } -bool CmdGetIncrementalBackupFileHandleFuzzTest(shared_ptr extension, +bool CmdGetIncrementalBackupFileHandleFuzzTest(OHOS::sptr extension, const uint8_t *data, size_t size) { @@ -277,13 +307,16 @@ bool CmdGetIncrementalBackupFileHandleFuzzTest(shared_ptr ex MessageOption option; uint32_t code = static_cast(IExtensionIpcCode::COMMAND_GET_INCREMENTAL_BACKUP_FILE_HANDLE); msg.WriteBuffer(data, size); + if (extension == nullptr) { + return false; + } extension->OnRemoteRequest(code, msg, reply, option); return true; } -bool OnRemoteRequestFuzzTest(shared_ptr extension, const uint8_t *data, size_t size) +bool OnRemoteRequestFuzzTest(OHOS::sptr extension, const uint8_t *data, size_t size) { - uint32_t codeMax = 15; + uint32_t codeMax = 17; for (uint32_t code = 1; code < codeMax; code++) { MessageParcel datas; MessageParcel reply; @@ -292,7 +325,16 @@ bool OnRemoteRequestFuzzTest(shared_ptr extension, const ui datas.WriteInterfaceToken(ExtensionStub::GetDescriptor()); datas.WriteBuffer(reinterpret_cast(data), size); datas.RewindRead(0); - extension->OnRemoteRequest(code, datas, reply, option); + if (extension == nullptr) { + return false; + } + try { + extension->OnRemoteRequest(code, datas, reply, option); + } catch (OHOS::FileManagement::Backup::BError &err) { + // filter Backup error + } catch (...) { + // filter other error + } } return true; } @@ -303,7 +345,8 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* Run your code on data */ auto extBackup = std::make_shared(); - auto extension = std::make_shared(extBackup, ""); + auto extension = OHOS::sptr( + new OHOS::FileManagement::Backup::BackupExtExtension(extBackup, "")); OHOS::InitFuzzTest(extBackup, data, size); OHOS::OnCommandFuzzTest(extBackup, data, size); diff --git a/test/fuzztest/backupsaanother_fuzzer/BUILD.gn b/test/fuzztest/backupsaanother_fuzzer/BUILD.gn index 764660d8d..36412f43b 100644 --- a/test/fuzztest/backupsaanother_fuzzer/BUILD.gn +++ b/test/fuzztest/backupsaanother_fuzzer/BUILD.gn @@ -39,6 +39,7 @@ ohos_fuzztest("BackupSaAnotherFuzzTest") { deps = [ "${app_file_service_path}/services/backup_sa:backup_sa", "${path_backup}/interfaces/inner_api/native/backup_kit_inner:backup_kit_inner", + "${path_backup}/interfaces/innerkits/native:sandbox_helper_native", "${path_backup}/utils:backup_utils", ] @@ -59,5 +60,7 @@ ohos_fuzztest("BackupSaAnotherFuzzTest") { "LOG_TAG=\"app_file_service\"", "LOG_DOMAIN=0xD004303", ] + + use_exceptions = true } ############################################################################### diff --git a/test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.cpp b/test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.cpp index a202ce4b6..8c3ae92d8 100644 --- a/test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.cpp +++ b/test/fuzztest/backupsaanother_fuzzer/backupsaanother_fuzzer.cpp @@ -23,6 +23,7 @@ #include #include "message_parcel.h" +#include "sandbox_helper.h" #include "service.h" #include "service_proxy.h" #include "service_reverse.h" @@ -160,6 +161,7 @@ bool CmdGetLocalCapabilitiesIncrementalFuzzTest(const uint8_t *data, size_t size sptr service(new Service(SERVICE_ID)); uint32_t code = static_cast(IServiceIpcCode::COMMAND_GET_LOCAL_CAPABILITIES_INCREMENTAL); service->OnRemoteRequest(code, datas, reply, option); + OHOS::AppFileService::SandboxHelper::ClearBackupSandboxPathMap(); service = nullptr; return true; } -- Gitee