diff --git a/test/fuzztest/BUILD.gn b/test/fuzztest/BUILD.gn index e27dcb4b2b7d01f9f99eeecb303fc6f3f4fa508a..79744bf21022027d4730c6161d4a4845a2bba1de 100644 --- a/test/fuzztest/BUILD.gn +++ b/test/fuzztest/BUILD.gn @@ -14,5 +14,20 @@ group("user_file_service_fuzz_test") { testonly = true - deps = [ "externalfileaccess_fuzzer:ExternalFileAccessFuzzTest" ] + deps = [ + "externalfileaccess_fuzzer:ExternalFileAccessFuzzTest", + "externalfileaccessaccess_fuzzer:ExternalFileAccessAccessFuzzTest", + "externalfileaccesscreatefile_fuzzer:ExternalFileAccessCreateFileFuzzTest", + "externalfileaccessdelete_fuzzer:ExternalFileAccessDeleteFuzzTest", + "externalfileaccessgetfileinfofromrelativepath_fuzzer:ExternalFileAccessGetFileInfoFromRelativePathFuzzTest", + "externalfileaccessgetfileinfofromuri_fuzzer:ExternalFileAccessGetFileInfoFromUriFuzzTest", + "externalfileaccessgetroots_fuzzer:ExternalFileAccessGetRootsFuzzTest", + "externalfileaccessgetthumbnail_fuzzer:ExternalFileAccessGetThumbnailFuzzTest", + "externalfileaccesslistfile_fuzzer:ExternalFileAccessListFileFuzzTest", + "externalfileaccessmkdir_fuzzer:ExternalFileAccessMkdirFuzzTest", + "externalfileaccessmove_fuzzer:ExternalFileAccessMoveFuzzTest", + "externalfileaccessopenfile_fuzzer:ExternalFileAccessOpenFileFuzzTest", + "externalfileaccessrename_fuzzer:ExternalFileAccessRenameFuzzTest", + "externalfileaccessscanfile_fuzzer:ExternalFileAccessScanFileFuzzTest", + ] } diff --git a/test/fuzztest/externalfileaccessaccess_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessaccess_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..29884986a3e01de539801b0f4d1a4ff14dd0c0a7 --- /dev/null +++ b/test/fuzztest/externalfileaccessaccess_fuzzer/BUILD.gn @@ -0,0 +1,70 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") +ohos_fuzztest("ExternalFileAccessAccessFuzzTest") { + module_out_path = "filemanagement/user_file_service" + fuzz_config_file = + "${user_file_service_path}/test/fuzztest/externalfileaccessaccess_fuzzer" + include_dirs = [ + "${user_file_service_path}/utils", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/app", + "${ability_runtime_kits_path}/appkit/native/app/include", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/context", + "${user_file_service_path}/interfaces/inner_api/file_access/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessaccess_fuzzer/externalfileaccessaccess_fuzzer.cpp" ] + + deps = [ + "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native", + "${ability_runtime_path}/frameworks/native/appkit:app_context", + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "ability_runtime:ability_manager", + "ability_runtime:app_context", + "ability_runtime:extensionkit_native", + "ability_runtime:napi_common", + "ability_runtime:runtime", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_base", + "bundle_framework:appexecfwk_core", + "c_utils:utils", + "hilog:libhilog", + "hitrace:hitrace_meter", + "image_framework:image_native", + "ipc:ipc_core", + "napi:ace_napi", + "samgr:samgr_proxy", + ] +} + +group("fuzztest") { + testonly = true + deps = [ ":ExternalFileAccessAccessFuzzTest" ] +} diff --git a/test/fuzztest/externalfileaccessaccess_fuzzer/corpus/init b/test/fuzztest/externalfileaccessaccess_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..2b595da0c26af63ffb2d5f4132c086b2e5986fce --- /dev/null +++ b/test/fuzztest/externalfileaccessaccess_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessaccess_fuzzer/externalfileaccessaccess_fuzzer.cpp b/test/fuzztest/externalfileaccessaccess_fuzzer/externalfileaccessaccess_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..dc48b118f904d4013534235280fd36f2a7217b0b --- /dev/null +++ b/test/fuzztest/externalfileaccessaccess_fuzzer/externalfileaccessaccess_fuzzer.cpp @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "externalfileaccessaccess_fuzzer.h" + +#include +#include +#include +#include + +#include "extension_base.h" +#include "extension_context.h" +#include "message_parcel.h" +#include "file_access_ext_stub.h" +#include "file_access_ext_stub_impl.h" +#include "file_access_ext_ability.h" +#include "js_file_access_ext_ability.h" +#include "js_runtime.h" +#include "securec.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" +#include "accesstoken_kit.h" + +namespace OHOS { +using namespace std; +using namespace OHOS; +using namespace FileAccessFwk; +using namespace AbilityRuntime; +constexpr size_t FOO_MAX_LEN = 1024; +constexpr size_t U32_AT_SIZE = 4; + + +enum { + TOKEN_INDEX_ONE = 0, +}; + +void SetNativeToken() +{ + uint64_t tokenId; + const char **perms = new const char *[1]; + perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + }; + + infoInstance.processName = "ExternalFileAccessAccessFuzzTest"; + tokenId = GetAccessTokenId(&infoInstance); + const uint64_t systemAppMask = (static_cast(1) << 32); + tokenId |= systemAppMask; + SetSelfTokenID(tokenId); + OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} + +bool ExternalFileAccessAccessFuzzTest(std::unique_ptr data, size_t size) +{ + SetNativeToken(); + // CMD_ACCESS + uint32_t code = 14; + MessageParcel datas; + datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor()); + datas.WriteBuffer(data.get(), size); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr); + auto fileAccessExtAbilitySharePtr = std::shared_ptr(fileAccessExtAbility); + + sptr fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl( + fileAccessExtAbilitySharePtr, nullptr)); + + fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option); + + fileAccessExtAbility = nullptr; + fileAccessExtStubObj = nullptr; + + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + /* Validate the length of size */ + if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) { + return 0; + } + + auto str = std::make_unique(size + 1); + (void)memset_s(str.get(), size + 1, 0x00, size + 1); + if (memcpy_s(str.get(), size, data, size) != EOK) { + return 0; + } + + OHOS::ExternalFileAccessAccessFuzzTest(move(str), size); + return 0; +} diff --git a/test/fuzztest/externalfileaccessaccess_fuzzer/externalfileaccessaccess_fuzzer.h b/test/fuzztest/externalfileaccessaccess_fuzzer/externalfileaccessaccess_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..fb913d162b72361ffd547789845c43e29187d219 --- /dev/null +++ b/test/fuzztest/externalfileaccessaccess_fuzzer/externalfileaccessaccess_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_ACCESS_FUZZER_H +#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_ACCESS_FUZZER_H + +#define FUZZ_PROJECT_NAME "externalfileaccessaccess_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessaccess_fuzzer/project.xml b/test/fuzztest/externalfileaccessaccess_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..2bb0dbd71370fa7c7b3e53168e4344fa49166dfd --- /dev/null +++ b/test/fuzztest/externalfileaccessaccess_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/externalfileaccesscreatefile_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccesscreatefile_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..ca2a2dd516084fa773a0a987e7974e746d27469f --- /dev/null +++ b/test/fuzztest/externalfileaccesscreatefile_fuzzer/BUILD.gn @@ -0,0 +1,69 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") +ohos_fuzztest("ExternalFileAccessCreateFileFuzzTest") { + module_out_path = "filemanagement/user_file_service" + fuzz_config_file = "${user_file_service_path}/test/fuzztest/externalfileaccesscreatefile_fuzzer" + include_dirs = [ + "${user_file_service_path}/utils", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/app", + "${ability_runtime_kits_path}/appkit/native/app/include", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/context", + "${user_file_service_path}/interfaces/inner_api/file_access/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccesscreatefile_fuzzer/externalfileaccesscreatefile_fuzzer.cpp" ] + + deps = [ + "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native", + "${ability_runtime_path}/frameworks/native/appkit:app_context", + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "ability_runtime:ability_manager", + "ability_runtime:app_context", + "ability_runtime:extensionkit_native", + "ability_runtime:napi_common", + "ability_runtime:runtime", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_base", + "bundle_framework:appexecfwk_core", + "c_utils:utils", + "hilog:libhilog", + "hitrace:hitrace_meter", + "image_framework:image_native", + "ipc:ipc_core", + "napi:ace_napi", + "samgr:samgr_proxy", + ] +} + +group("fuzztest") { + testonly = true + deps = [ ":ExternalFileAccessCreateFileFuzzTest" ] +} diff --git a/test/fuzztest/externalfileaccesscreatefile_fuzzer/corpus/init b/test/fuzztest/externalfileaccesscreatefile_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..2b595da0c26af63ffb2d5f4132c086b2e5986fce --- /dev/null +++ b/test/fuzztest/externalfileaccesscreatefile_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/externalfileaccesscreatefile_fuzzer/externalfileaccesscreatefile_fuzzer.cpp b/test/fuzztest/externalfileaccesscreatefile_fuzzer/externalfileaccesscreatefile_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..c09f4d0eccee88104cf7724b13a9d99476ebccfe --- /dev/null +++ b/test/fuzztest/externalfileaccesscreatefile_fuzzer/externalfileaccesscreatefile_fuzzer.cpp @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "externalfileaccesscreatefile_fuzzer.h" + +#include +#include +#include +#include + +#include "extension_base.h" +#include "extension_context.h" +#include "message_parcel.h" +#include "file_access_ext_stub.h" +#include "file_access_ext_stub_impl.h" +#include "file_access_ext_ability.h" +#include "js_file_access_ext_ability.h" +#include "js_runtime.h" +#include "securec.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" +#include "accesstoken_kit.h" + +namespace OHOS { +using namespace std; +using namespace OHOS; +using namespace FileAccessFwk; +using namespace AbilityRuntime; +constexpr size_t FOO_MAX_LEN = 1024; +constexpr size_t U32_AT_SIZE = 4; + + +enum { + TOKEN_INDEX_ONE = 0, +}; + +void SetNativeToken() +{ + uint64_t tokenId; + const char **perms = new const char *[1]; + perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + }; + + infoInstance.processName = "ExternalFileAccessCreateFileFuzzTest"; + tokenId = GetAccessTokenId(&infoInstance); + const uint64_t systemAppMask = (static_cast(1) << 32); + tokenId |= systemAppMask; + SetSelfTokenID(tokenId); + OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} + +bool ExternalFileAccessCreateFileFuzzTest(std::unique_ptr data, size_t size) +{ + SetNativeToken(); + // CMD_CREATEILE + uint32_t code = 2; + MessageParcel datas; + datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor()); + datas.WriteBuffer(data.get(), size); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr); + auto fileAccessExtAbilitySharePtr = std::shared_ptr(fileAccessExtAbility); + + sptr fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl( + fileAccessExtAbilitySharePtr, nullptr)); + + fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option); + + fileAccessExtAbility = nullptr; + fileAccessExtStubObj = nullptr; + + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + /* Validate the length of size */ + if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) { + return 0; + } + + auto str = std::make_unique(size + 1); + (void)memset_s(str.get(), size + 1, 0x00, size + 1); + if (memcpy_s(str.get(), size, data, size) != EOK) { + return 0; + } + + OHOS::ExternalFileAccessCreateFileFuzzTest(move(str), size); + return 0; +} diff --git a/test/fuzztest/externalfileaccesscreatefile_fuzzer/externalfileaccesscreatefile_fuzzer.h b/test/fuzztest/externalfileaccesscreatefile_fuzzer/externalfileaccesscreatefile_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..297daa9b79a5866ae0dbb209f88bc7f0917e1f10 --- /dev/null +++ b/test/fuzztest/externalfileaccesscreatefile_fuzzer/externalfileaccesscreatefile_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_CREATE_FILE_FUZZER_H +#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_CREATE_FILE_FUZZER_H + +#define FUZZ_PROJECT_NAME "externalfileaccesscreatefile_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/externalfileaccesscreatefile_fuzzer/project.xml b/test/fuzztest/externalfileaccesscreatefile_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..2bb0dbd71370fa7c7b3e53168e4344fa49166dfd --- /dev/null +++ b/test/fuzztest/externalfileaccesscreatefile_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/externalfileaccessdelete_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessdelete_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..52517cc895305a03d5bdce4089a4611c9abee068 --- /dev/null +++ b/test/fuzztest/externalfileaccessdelete_fuzzer/BUILD.gn @@ -0,0 +1,70 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") +ohos_fuzztest("ExternalFileAccessDeleteFuzzTest") { + module_out_path = "filemanagement/user_file_service" + fuzz_config_file = + "${user_file_service_path}/test/fuzztest/externalfileaccessdelete_fuzzer" + include_dirs = [ + "${user_file_service_path}/utils", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/app", + "${ability_runtime_kits_path}/appkit/native/app/include", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/context", + "${user_file_service_path}/interfaces/inner_api/file_access/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessdelete_fuzzer/externalfileaccessdelete_fuzzer.cpp" ] + + deps = [ + "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native", + "${ability_runtime_path}/frameworks/native/appkit:app_context", + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "ability_runtime:ability_manager", + "ability_runtime:app_context", + "ability_runtime:extensionkit_native", + "ability_runtime:napi_common", + "ability_runtime:runtime", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_base", + "bundle_framework:appexecfwk_core", + "c_utils:utils", + "hilog:libhilog", + "hitrace:hitrace_meter", + "image_framework:image_native", + "ipc:ipc_core", + "napi:ace_napi", + "samgr:samgr_proxy", + ] +} + +group("fuzztest") { + testonly = true + deps = [ ":ExternalFileAccessDeleteFuzzTest" ] +} diff --git a/test/fuzztest/externalfileaccessdelete_fuzzer/corpus/init b/test/fuzztest/externalfileaccessdelete_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..2b595da0c26af63ffb2d5f4132c086b2e5986fce --- /dev/null +++ b/test/fuzztest/externalfileaccessdelete_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessdelete_fuzzer/externalfileaccessdelete_fuzzer.cpp b/test/fuzztest/externalfileaccessdelete_fuzzer/externalfileaccessdelete_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..d6afb780fe9fb6d802f5b2ff1631f66491cebcc1 --- /dev/null +++ b/test/fuzztest/externalfileaccessdelete_fuzzer/externalfileaccessdelete_fuzzer.cpp @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "externalfileaccessdelete_fuzzer.h" + +#include +#include +#include +#include + +#include "extension_base.h" +#include "extension_context.h" +#include "message_parcel.h" +#include "file_access_ext_stub.h" +#include "file_access_ext_stub_impl.h" +#include "file_access_ext_ability.h" +#include "js_file_access_ext_ability.h" +#include "js_runtime.h" +#include "securec.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" +#include "accesstoken_kit.h" + +namespace OHOS { +using namespace std; +using namespace OHOS; +using namespace FileAccessFwk; +using namespace AbilityRuntime; +constexpr size_t FOO_MAX_LEN = 1024; +constexpr size_t U32_AT_SIZE = 4; + + +enum { + TOKEN_INDEX_ONE = 0, +}; + +void SetNativeToken() +{ + uint64_t tokenId; + const char **perms = new const char *[1]; + perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + }; + + infoInstance.processName = "ExternalFileAccessDeleteFuzzTest"; + tokenId = GetAccessTokenId(&infoInstance); + const uint64_t systemAppMask = (static_cast(1) << 32); + tokenId |= systemAppMask; + SetSelfTokenID(tokenId); + OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} + +bool ExternalFileAccessDeleteFuzzTest(std::unique_ptr data, size_t size) +{ + SetNativeToken(); + // CMD_DELETE + uint32_t code = 4; + MessageParcel datas; + datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor()); + datas.WriteBuffer(data.get(), size); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr); + auto fileAccessExtAbilitySharePtr = std::shared_ptr(fileAccessExtAbility); + + sptr fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl( + fileAccessExtAbilitySharePtr, nullptr)); + + fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option); + + fileAccessExtAbility = nullptr; + fileAccessExtStubObj = nullptr; + + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + /* Validate the length of size */ + if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) { + return 0; + } + + auto str = std::make_unique(size + 1); + (void)memset_s(str.get(), size + 1, 0x00, size + 1); + if (memcpy_s(str.get(), size, data, size) != EOK) { + return 0; + } + + OHOS::ExternalFileAccessDeleteFuzzTest(move(str), size); + return 0; +} diff --git a/test/fuzztest/externalfileaccessdelete_fuzzer/externalfileaccessdelete_fuzzer.h b/test/fuzztest/externalfileaccessdelete_fuzzer/externalfileaccessdelete_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..cc2243469542ef8e243cd6b834ba7823b389159c --- /dev/null +++ b/test/fuzztest/externalfileaccessdelete_fuzzer/externalfileaccessdelete_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_DELETE_FUZZER_H +#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_DELETE_FUZZER_H + +#define FUZZ_PROJECT_NAME "externalfileaccessdelete_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessdelete_fuzzer/project.xml b/test/fuzztest/externalfileaccessdelete_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..2bb0dbd71370fa7c7b3e53168e4344fa49166dfd --- /dev/null +++ b/test/fuzztest/externalfileaccessdelete_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..5117fa82fb2e617dfe6ea42f24540e502b466773 --- /dev/null +++ b/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/BUILD.gn @@ -0,0 +1,69 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") +ohos_fuzztest("ExternalFileAccessGetFileInfoFromRelativePathFuzzTest") { + module_out_path = "filemanagement/user_file_service" + fuzz_config_file = "${user_file_service_path}/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer" + include_dirs = [ + "${user_file_service_path}/utils", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/app", + "${ability_runtime_kits_path}/appkit/native/app/include", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/context", + "${user_file_service_path}/interfaces/inner_api/file_access/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/externalfileaccessgetfileinfofromrelativepath_fuzzer.cpp" ] + + deps = [ + "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native", + "${ability_runtime_path}/frameworks/native/appkit:app_context", + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "ability_runtime:ability_manager", + "ability_runtime:app_context", + "ability_runtime:extensionkit_native", + "ability_runtime:napi_common", + "ability_runtime:runtime", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_base", + "bundle_framework:appexecfwk_core", + "c_utils:utils", + "hilog:libhilog", + "hitrace:hitrace_meter", + "image_framework:image_native", + "ipc:ipc_core", + "napi:ace_napi", + "samgr:samgr_proxy", + ] +} + +group("fuzztest") { + testonly = true + deps = [ ":ExternalFileAccessGetFileInfoFromRelativePathFuzzTest" ] +} diff --git a/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/corpus/init b/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..2b595da0c26af63ffb2d5f4132c086b2e5986fce --- /dev/null +++ b/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/externalfileaccessgetfileinfofromrelativepath_fuzzer.cpp b/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/externalfileaccessgetfileinfofromrelativepath_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..879f95604f8fe739804d62941eed6845c5e79f77 --- /dev/null +++ b/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/externalfileaccessgetfileinfofromrelativepath_fuzzer.cpp @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "externalfileaccessgetfileinfofromrelativepath_fuzzer.h" + +#include +#include +#include +#include + +#include "extension_base.h" +#include "extension_context.h" +#include "message_parcel.h" +#include "file_access_ext_stub.h" +#include "file_access_ext_stub_impl.h" +#include "file_access_ext_ability.h" +#include "js_file_access_ext_ability.h" +#include "js_runtime.h" +#include "securec.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" +#include "accesstoken_kit.h" + +namespace OHOS { +using namespace std; +using namespace OHOS; +using namespace FileAccessFwk; +using namespace AbilityRuntime; +constexpr size_t FOO_MAX_LEN = 1024; +constexpr size_t U32_AT_SIZE = 4; + + +enum { + TOKEN_INDEX_ONE = 0, +}; + +void SetNativeToken() +{ + uint64_t tokenId; + const char **perms = new const char *[1]; + perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + }; + + infoInstance.processName = "ExternalFileAccessGetFileInfoFromRelativePathFuzzTest"; + tokenId = GetAccessTokenId(&infoInstance); + const uint64_t systemAppMask = (static_cast(1) << 32); + tokenId |= systemAppMask; + SetSelfTokenID(tokenId); + OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} + +bool ExternalFileAccessGetFileInfoFromRelativePathFuzzTest(std::unique_ptr data, size_t size) +{ + SetNativeToken(); + // CMD_GET_FILEINFO_FROM_RELATIVE_PATH + uint32_t code = 17; + MessageParcel datas; + datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor()); + datas.WriteBuffer(data.get(), size); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr); + auto fileAccessExtAbilitySharePtr = std::shared_ptr(fileAccessExtAbility); + + sptr fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl( + fileAccessExtAbilitySharePtr, nullptr)); + + fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option); + + fileAccessExtAbility = nullptr; + fileAccessExtStubObj = nullptr; + + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + /* Validate the length of size */ + if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) { + return 0; + } + + auto str = std::make_unique(size + 1); + (void)memset_s(str.get(), size + 1, 0x00, size + 1); + if (memcpy_s(str.get(), size, data, size) != EOK) { + return 0; + } + + OHOS::ExternalFileAccessGetFileInfoFromRelativePathFuzzTest(move(str), size); + return 0; +} diff --git a/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/externalfileaccessgetfileinfofromrelativepath_fuzzer.h b/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/externalfileaccessgetfileinfofromrelativepath_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..e8e5b9f16284c5f99d827a8ca3e7fd05118042f2 --- /dev/null +++ b/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/externalfileaccessgetfileinfofromrelativepath_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_GET_FILEINFO_RELATIVEPATH_FUZZER_H +#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_GET_FILEINFO_RELATIVEPATH_FUZZER_H + +#define FUZZ_PROJECT_NAME "externalfileaccessgetfileinfofromrelativepath_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/project.xml b/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..2bb0dbd71370fa7c7b3e53168e4344fa49166dfd --- /dev/null +++ b/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..2d63b4d05ed6de83cd8778e7f2e2998666d01951 --- /dev/null +++ b/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/BUILD.gn @@ -0,0 +1,69 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") +ohos_fuzztest("ExternalFileAccessGetFileInfoFromUriFuzzTest") { + module_out_path = "filemanagement/user_file_service" + fuzz_config_file = "${user_file_service_path}/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer" + include_dirs = [ + "${user_file_service_path}/utils", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/app", + "${ability_runtime_kits_path}/appkit/native/app/include", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/context", + "${user_file_service_path}/interfaces/inner_api/file_access/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/externalfileaccessgetfileinfofromuri_fuzzer.cpp" ] + + deps = [ + "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native", + "${ability_runtime_path}/frameworks/native/appkit:app_context", + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "ability_runtime:ability_manager", + "ability_runtime:app_context", + "ability_runtime:extensionkit_native", + "ability_runtime:napi_common", + "ability_runtime:runtime", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_base", + "bundle_framework:appexecfwk_core", + "c_utils:utils", + "hilog:libhilog", + "hitrace:hitrace_meter", + "image_framework:image_native", + "ipc:ipc_core", + "napi:ace_napi", + "samgr:samgr_proxy", + ] +} + +group("fuzztest") { + testonly = true + deps = [ ":ExternalFileAccessGetFileInfoFromUriFuzzTest" ] +} diff --git a/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/corpus/init b/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..2b595da0c26af63ffb2d5f4132c086b2e5986fce --- /dev/null +++ b/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/externalfileaccessgetfileinfofromuri_fuzzer.cpp b/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/externalfileaccessgetfileinfofromuri_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..30d2302241a04a81a2a658f66592e1aaf0122983 --- /dev/null +++ b/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/externalfileaccessgetfileinfofromuri_fuzzer.cpp @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "externalfileaccessgetfileinfofromuri_fuzzer.h" + +#include +#include +#include +#include + +#include "extension_base.h" +#include "extension_context.h" +#include "message_parcel.h" +#include "file_access_ext_stub.h" +#include "file_access_ext_stub_impl.h" +#include "file_access_ext_ability.h" +#include "js_file_access_ext_ability.h" +#include "js_runtime.h" +#include "securec.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" +#include "accesstoken_kit.h" + +namespace OHOS { +using namespace std; +using namespace OHOS; +using namespace FileAccessFwk; +using namespace AbilityRuntime; +constexpr size_t FOO_MAX_LEN = 1024; +constexpr size_t U32_AT_SIZE = 4; + + +enum { + TOKEN_INDEX_ONE = 0, +}; + +void SetNativeToken() +{ + uint64_t tokenId; + const char **perms = new const char *[1]; + perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + }; + + infoInstance.processName = "ExternalFileAccessGetFileInfoFromUriFuzzTest"; + tokenId = GetAccessTokenId(&infoInstance); + const uint64_t systemAppMask = (static_cast(1) << 32); + tokenId |= systemAppMask; + SetSelfTokenID(tokenId); + OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} + +bool ExternalFileAccessGetFileInfoFromUriFuzzTest(std::unique_ptr data, size_t size) +{ + SetNativeToken(); + // CMD_GET_FILEINFO_FROM_URI + uint32_t code = 16; + MessageParcel datas; + datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor()); + datas.WriteBuffer(data.get(), size); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr); + auto fileAccessExtAbilitySharePtr = std::shared_ptr(fileAccessExtAbility); + + sptr fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl( + fileAccessExtAbilitySharePtr, nullptr)); + + fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option); + + fileAccessExtAbility = nullptr; + fileAccessExtStubObj = nullptr; + + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + /* Validate the length of size */ + if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) { + return 0; + } + + auto str = std::make_unique(size + 1); + (void)memset_s(str.get(), size + 1, 0x00, size + 1); + if (memcpy_s(str.get(), size, data, size) != EOK) { + return 0; + } + + OHOS::ExternalFileAccessGetFileInfoFromUriFuzzTest(move(str), size); + return 0; +} diff --git a/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/externalfileaccessgetfileinfofromuri_fuzzer.h b/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/externalfileaccessgetfileinfofromuri_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..8a7e6e67dc677371c1ea7480fd68d0da898b0596 --- /dev/null +++ b/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/externalfileaccessgetfileinfofromuri_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_GET_FILEINFO_URI_FUZZER_H +#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_GET_FILEINFO_URI_FUZZER_H + +#define FUZZ_PROJECT_NAME "externalfileaccessgetfileinfofromuri_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/project.xml b/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..2bb0dbd71370fa7c7b3e53168e4344fa49166dfd --- /dev/null +++ b/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/externalfileaccessgetroots_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessgetroots_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..baddb4ff761af5615a5aa14aa619c7059e628e53 --- /dev/null +++ b/test/fuzztest/externalfileaccessgetroots_fuzzer/BUILD.gn @@ -0,0 +1,69 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") +ohos_fuzztest("ExternalFileAccessGetRootsFuzzTest") { + module_out_path = "filemanagement/user_file_service" + fuzz_config_file = "${user_file_service_path}/test/fuzztest/externalfileaccessgetroots_fuzzer" + include_dirs = [ + "${user_file_service_path}/utils", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/app", + "${ability_runtime_kits_path}/appkit/native/app/include", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/context", + "${user_file_service_path}/interfaces/inner_api/file_access/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessgetroots_fuzzer/externalfileaccessgetroots_fuzzer.cpp" ] + + deps = [ + "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native", + "${ability_runtime_path}/frameworks/native/appkit:app_context", + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "ability_runtime:ability_manager", + "ability_runtime:app_context", + "ability_runtime:extensionkit_native", + "ability_runtime:napi_common", + "ability_runtime:runtime", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_base", + "bundle_framework:appexecfwk_core", + "c_utils:utils", + "hilog:libhilog", + "hitrace:hitrace_meter", + "image_framework:image_native", + "ipc:ipc_core", + "napi:ace_napi", + "samgr:samgr_proxy", + ] +} + +group("fuzztest") { + testonly = true + deps = [ ":ExternalFileAccessGetRootsFuzzTest" ] +} diff --git a/test/fuzztest/externalfileaccessgetroots_fuzzer/corpus/init b/test/fuzztest/externalfileaccessgetroots_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..2b595da0c26af63ffb2d5f4132c086b2e5986fce --- /dev/null +++ b/test/fuzztest/externalfileaccessgetroots_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessgetroots_fuzzer/externalfileaccessgetroots_fuzzer.cpp b/test/fuzztest/externalfileaccessgetroots_fuzzer/externalfileaccessgetroots_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..efc87b4ee770a0aa5b0bc8f09578c5f4bd48f3a8 --- /dev/null +++ b/test/fuzztest/externalfileaccessgetroots_fuzzer/externalfileaccessgetroots_fuzzer.cpp @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "externalfileaccessgetroots_fuzzer.h" + +#include +#include +#include +#include + +#include "extension_base.h" +#include "extension_context.h" +#include "message_parcel.h" +#include "file_access_ext_stub.h" +#include "file_access_ext_stub_impl.h" +#include "file_access_ext_ability.h" +#include "js_file_access_ext_ability.h" +#include "js_runtime.h" +#include "securec.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" +#include "accesstoken_kit.h" + +namespace OHOS { +using namespace std; +using namespace OHOS; +using namespace FileAccessFwk; +using namespace AbilityRuntime; +constexpr size_t FOO_MAX_LEN = 1024; +constexpr size_t U32_AT_SIZE = 4; + + +enum { + TOKEN_INDEX_ONE = 0, +}; + +void SetNativeToken() +{ + uint64_t tokenId; + const char **perms = new const char *[1]; + perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + }; + + infoInstance.processName = "ExternalFileAccessGetRootsFuzzTest"; + tokenId = GetAccessTokenId(&infoInstance); + const uint64_t systemAppMask = (static_cast(1) << 32); + tokenId |= systemAppMask; + SetSelfTokenID(tokenId); + OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} + +bool ExternalFileAccessGetRootsFuzzTest(std::unique_ptr data, size_t size) +{ + SetNativeToken(); + // CMD_GET_ROOTS + uint32_t code = 13; + MessageParcel datas; + datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor()); + datas.WriteBuffer(data.get(), size); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr); + auto fileAccessExtAbilitySharePtr = std::shared_ptr(fileAccessExtAbility); + + sptr fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl( + fileAccessExtAbilitySharePtr, nullptr)); + + fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option); + + fileAccessExtAbility = nullptr; + fileAccessExtStubObj = nullptr; + + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + /* Validate the length of size */ + if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) { + return 0; + } + + auto str = std::make_unique(size + 1); + (void)memset_s(str.get(), size + 1, 0x00, size + 1); + if (memcpy_s(str.get(), size, data, size) != EOK) { + return 0; + } + + OHOS::ExternalFileAccessGetRootsFuzzTest(move(str), size); + return 0; +} diff --git a/test/fuzztest/externalfileaccessgetroots_fuzzer/externalfileaccessgetroots_fuzzer.h b/test/fuzztest/externalfileaccessgetroots_fuzzer/externalfileaccessgetroots_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..120b7bc67e7f53c9d35d9c556d1cc37d06799d46 --- /dev/null +++ b/test/fuzztest/externalfileaccessgetroots_fuzzer/externalfileaccessgetroots_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_GET_ROOTS_FUZZER_H +#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_GET_ROOTS_FUZZER_H + +#define FUZZ_PROJECT_NAME "externalfileaccessgetroots_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessgetroots_fuzzer/project.xml b/test/fuzztest/externalfileaccessgetroots_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..2bb0dbd71370fa7c7b3e53168e4344fa49166dfd --- /dev/null +++ b/test/fuzztest/externalfileaccessgetroots_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..488e4830ad86213babd52c2122e2224e21790bc5 --- /dev/null +++ b/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/BUILD.gn @@ -0,0 +1,69 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") +ohos_fuzztest("ExternalFileAccessGetThumbnailFuzzTest") { + module_out_path = "filemanagement/user_file_service" + fuzz_config_file = "${user_file_service_path}/test/fuzztest/externalfileaccessgetthumbnail_fuzzer" + include_dirs = [ + "${user_file_service_path}/utils", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/app", + "${ability_runtime_kits_path}/appkit/native/app/include", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/context", + "${user_file_service_path}/interfaces/inner_api/file_access/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/externalfileaccessgetthumbnail_fuzzer.cpp" ] + + deps = [ + "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native", + "${ability_runtime_path}/frameworks/native/appkit:app_context", + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "ability_runtime:ability_manager", + "ability_runtime:app_context", + "ability_runtime:extensionkit_native", + "ability_runtime:napi_common", + "ability_runtime:runtime", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_base", + "bundle_framework:appexecfwk_core", + "c_utils:utils", + "hilog:libhilog", + "hitrace:hitrace_meter", + "image_framework:image_native", + "ipc:ipc_core", + "napi:ace_napi", + "samgr:samgr_proxy", + ] +} + +group("fuzztest") { + testonly = true + deps = [ ":ExternalFileAccessGetThumbnailFuzzTest" ] +} diff --git a/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/corpus/init b/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..2b595da0c26af63ffb2d5f4132c086b2e5986fce --- /dev/null +++ b/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/externalfileaccessgetthumbnail_fuzzer.cpp b/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/externalfileaccessgetthumbnail_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..4eb68cb3423d65459a7e26996780027fff8b3a14 --- /dev/null +++ b/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/externalfileaccessgetthumbnail_fuzzer.cpp @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "externalfileaccessgetthumbnail_fuzzer.h" + +#include +#include +#include +#include + +#include "extension_base.h" +#include "extension_context.h" +#include "message_parcel.h" +#include "file_access_ext_stub.h" +#include "file_access_ext_stub_impl.h" +#include "file_access_ext_ability.h" +#include "js_file_access_ext_ability.h" +#include "js_runtime.h" +#include "securec.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" +#include "accesstoken_kit.h" + +namespace OHOS { +using namespace std; +using namespace OHOS; +using namespace FileAccessFwk; +using namespace AbilityRuntime; +constexpr size_t FOO_MAX_LEN = 1024; +constexpr size_t U32_AT_SIZE = 4; + + +enum { + TOKEN_INDEX_ONE = 0, +}; + +void SetNativeToken() +{ + uint64_t tokenId; + const char **perms = new const char *[1]; + perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + }; + + infoInstance.processName = "ExternalFileAccessGetThumbnailFuzzTest"; + tokenId = GetAccessTokenId(&infoInstance); + const uint64_t systemAppMask = (static_cast(1) << 32); + tokenId |= systemAppMask; + SetSelfTokenID(tokenId); + OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} + +bool ExternalFileAccessGetThumbnailFuzzTest(std::unique_ptr data, size_t size) +{ + SetNativeToken(); + // CMD_GET_THUMBNAIL + uint32_t code = 15; + MessageParcel datas; + datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor()); + datas.WriteBuffer(data.get(), size); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr); + auto fileAccessExtAbilitySharePtr = std::shared_ptr(fileAccessExtAbility); + + sptr fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl( + fileAccessExtAbilitySharePtr, nullptr)); + + fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option); + + fileAccessExtAbility = nullptr; + fileAccessExtStubObj = nullptr; + + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + /* Validate the length of size */ + if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) { + return 0; + } + + auto str = std::make_unique(size + 1); + (void)memset_s(str.get(), size + 1, 0x00, size + 1); + if (memcpy_s(str.get(), size, data, size) != EOK) { + return 0; + } + + OHOS::ExternalFileAccessGetThumbnailFuzzTest(move(str), size); + return 0; +} diff --git a/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/externalfileaccessgetthumbnail_fuzzer.h b/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/externalfileaccessgetthumbnail_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..eae80c7afa0b5e0f6bae047b72ad9e274aa97496 --- /dev/null +++ b/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/externalfileaccessgetthumbnail_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_GET_THUMBNAIL_FUZZER_H +#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_GET_THUMBNAIL_FUZZER_H + +#define FUZZ_PROJECT_NAME "externalfileaccessgetthumbnail_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/project.xml b/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..2bb0dbd71370fa7c7b3e53168e4344fa49166dfd --- /dev/null +++ b/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/externalfileaccesslistfile_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccesslistfile_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..6890b87c6cd83559aa09db72684cdbcb8f879566 --- /dev/null +++ b/test/fuzztest/externalfileaccesslistfile_fuzzer/BUILD.gn @@ -0,0 +1,69 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") +ohos_fuzztest("ExternalFileAccessListFileFuzzTest") { + module_out_path = "filemanagement/user_file_service" + fuzz_config_file = "${user_file_service_path}/test/fuzztest/externalfileaccesslistfile_fuzzer" + include_dirs = [ + "${user_file_service_path}/utils", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/app", + "${ability_runtime_kits_path}/appkit/native/app/include", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/context", + "${user_file_service_path}/interfaces/inner_api/file_access/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccesslistfile_fuzzer/externalfileaccesslistfile_fuzzer.cpp" ] + + deps = [ + "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native", + "${ability_runtime_path}/frameworks/native/appkit:app_context", + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "ability_runtime:ability_manager", + "ability_runtime:app_context", + "ability_runtime:extensionkit_native", + "ability_runtime:napi_common", + "ability_runtime:runtime", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_base", + "bundle_framework:appexecfwk_core", + "c_utils:utils", + "hilog:libhilog", + "hitrace:hitrace_meter", + "image_framework:image_native", + "ipc:ipc_core", + "napi:ace_napi", + "samgr:samgr_proxy", + ] +} + +group("fuzztest") { + testonly = true + deps = [ ":ExternalFileAccessListFileFuzzTest" ] +} diff --git a/test/fuzztest/externalfileaccesslistfile_fuzzer/corpus/init b/test/fuzztest/externalfileaccesslistfile_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..2b595da0c26af63ffb2d5f4132c086b2e5986fce --- /dev/null +++ b/test/fuzztest/externalfileaccesslistfile_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/externalfileaccesslistfile_fuzzer/externalfileaccesslistfile_fuzzer.cpp b/test/fuzztest/externalfileaccesslistfile_fuzzer/externalfileaccesslistfile_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..3ebb65b4d56376d491d8ae75b79de703033874ac --- /dev/null +++ b/test/fuzztest/externalfileaccesslistfile_fuzzer/externalfileaccesslistfile_fuzzer.cpp @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "externalfileaccesslistfile_fuzzer.h" + +#include +#include +#include +#include + +#include "extension_base.h" +#include "extension_context.h" +#include "message_parcel.h" +#include "file_access_ext_stub.h" +#include "file_access_ext_stub_impl.h" +#include "file_access_ext_ability.h" +#include "js_file_access_ext_ability.h" +#include "js_runtime.h" +#include "securec.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" +#include "accesstoken_kit.h" + +namespace OHOS { +using namespace std; +using namespace OHOS; +using namespace FileAccessFwk; +using namespace AbilityRuntime; +constexpr size_t FOO_MAX_LEN = 1024; +constexpr size_t U32_AT_SIZE = 4; + + +enum { + TOKEN_INDEX_ONE = 0, +}; + +void SetNativeToken() +{ + uint64_t tokenId; + const char **perms = new const char *[1]; + perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + }; + + infoInstance.processName = "ExternalFileAccessListFileFuzzTest"; + tokenId = GetAccessTokenId(&infoInstance); + const uint64_t systemAppMask = (static_cast(1) << 32); + tokenId |= systemAppMask; + SetSelfTokenID(tokenId); + OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} + +bool ExternalFileAccessListFileFuzzTest(std::unique_ptr data, size_t size) +{ + SetNativeToken(); + // CMD_LISTFILE + uint32_t code = 8; + MessageParcel datas; + datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor()); + datas.WriteBuffer(data.get(), size); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr); + auto fileAccessExtAbilitySharePtr = std::shared_ptr(fileAccessExtAbility); + + sptr fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl( + fileAccessExtAbilitySharePtr, nullptr)); + + fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option); + + fileAccessExtAbility = nullptr; + fileAccessExtStubObj = nullptr; + + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + /* Validate the length of size */ + if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) { + return 0; + } + + auto str = std::make_unique(size + 1); + (void)memset_s(str.get(), size + 1, 0x00, size + 1); + if (memcpy_s(str.get(), size, data, size) != EOK) { + return 0; + } + + OHOS::ExternalFileAccessListFileFuzzTest(move(str), size); + return 0; +} diff --git a/test/fuzztest/externalfileaccesslistfile_fuzzer/externalfileaccesslistfile_fuzzer.h b/test/fuzztest/externalfileaccesslistfile_fuzzer/externalfileaccesslistfile_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..15fd85f416610208de5041ec221dc2bd7e263a2a --- /dev/null +++ b/test/fuzztest/externalfileaccesslistfile_fuzzer/externalfileaccesslistfile_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_LIST_FILE_FUZZER_H +#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_LIST_FILE_FUZZER_H + +#define FUZZ_PROJECT_NAME "externalfileaccesslistfile_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/externalfileaccesslistfile_fuzzer/project.xml b/test/fuzztest/externalfileaccesslistfile_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..2bb0dbd71370fa7c7b3e53168e4344fa49166dfd --- /dev/null +++ b/test/fuzztest/externalfileaccesslistfile_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/externalfileaccessmkdir_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessmkdir_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..54fcb5d182f828746e1df5ef38fc4f4dadc5206a --- /dev/null +++ b/test/fuzztest/externalfileaccessmkdir_fuzzer/BUILD.gn @@ -0,0 +1,70 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") +ohos_fuzztest("ExternalFileAccessMkdirFuzzTest") { + module_out_path = "filemanagement/user_file_service" + fuzz_config_file = + "${user_file_service_path}/test/fuzztest/externalfileaccessmkdir_fuzzer" + include_dirs = [ + "${user_file_service_path}/utils", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/app", + "${ability_runtime_kits_path}/appkit/native/app/include", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/context", + "${user_file_service_path}/interfaces/inner_api/file_access/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessmkdir_fuzzer/externalfileaccessmkdir_fuzzer.cpp" ] + + deps = [ + "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native", + "${ability_runtime_path}/frameworks/native/appkit:app_context", + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "ability_runtime:ability_manager", + "ability_runtime:app_context", + "ability_runtime:extensionkit_native", + "ability_runtime:napi_common", + "ability_runtime:runtime", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_base", + "bundle_framework:appexecfwk_core", + "c_utils:utils", + "hilog:libhilog", + "hitrace:hitrace_meter", + "image_framework:image_native", + "ipc:ipc_core", + "napi:ace_napi", + "samgr:samgr_proxy", + ] +} + +group("fuzztest") { + testonly = true + deps = [ ":ExternalFileAccessMkdirFuzzTest" ] +} diff --git a/test/fuzztest/externalfileaccessmkdir_fuzzer/corpus/init b/test/fuzztest/externalfileaccessmkdir_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..2b595da0c26af63ffb2d5f4132c086b2e5986fce --- /dev/null +++ b/test/fuzztest/externalfileaccessmkdir_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessmkdir_fuzzer/externalfileaccessmkdir_fuzzer.cpp b/test/fuzztest/externalfileaccessmkdir_fuzzer/externalfileaccessmkdir_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..4b6930435ad3e9212e6290b08e836f9455ad1a4b --- /dev/null +++ b/test/fuzztest/externalfileaccessmkdir_fuzzer/externalfileaccessmkdir_fuzzer.cpp @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "externalfileaccessmkdir_fuzzer.h" + +#include +#include +#include +#include + +#include "extension_base.h" +#include "extension_context.h" +#include "message_parcel.h" +#include "file_access_ext_stub.h" +#include "file_access_ext_stub_impl.h" +#include "file_access_ext_ability.h" +#include "js_file_access_ext_ability.h" +#include "js_runtime.h" +#include "securec.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" +#include "accesstoken_kit.h" + +namespace OHOS { +using namespace std; +using namespace OHOS; +using namespace FileAccessFwk; +using namespace AbilityRuntime; +constexpr size_t FOO_MAX_LEN = 1024; +constexpr size_t U32_AT_SIZE = 4; + + +enum { + TOKEN_INDEX_ONE = 0, +}; + +void SetNativeToken() +{ + uint64_t tokenId; + const char **perms = new const char *[1]; + perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + }; + + infoInstance.processName = "ExternalFileAccessMkdirFuzzTest"; + tokenId = GetAccessTokenId(&infoInstance); + const uint64_t systemAppMask = (static_cast(1) << 32); + tokenId |= systemAppMask; + SetSelfTokenID(tokenId); + OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} + +bool ExternalFileAccessMkdirFuzzTest(std::unique_ptr data, size_t size) +{ + SetNativeToken(); + // CMD_MKDIR + uint32_t code = 3; + MessageParcel datas; + datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor()); + datas.WriteBuffer(data.get(), size); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr); + auto fileAccessExtAbilitySharePtr = std::shared_ptr(fileAccessExtAbility); + + sptr fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl( + fileAccessExtAbilitySharePtr, nullptr)); + + fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option); + + fileAccessExtAbility = nullptr; + fileAccessExtStubObj = nullptr; + + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + /* Validate the length of size */ + if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) { + return 0; + } + + auto str = std::make_unique(size + 1); + (void)memset_s(str.get(), size + 1, 0x00, size + 1); + if (memcpy_s(str.get(), size, data, size) != EOK) { + return 0; + } + + OHOS::ExternalFileAccessMkdirFuzzTest(move(str), size); + return 0; +} diff --git a/test/fuzztest/externalfileaccessmkdir_fuzzer/externalfileaccessmkdir_fuzzer.h b/test/fuzztest/externalfileaccessmkdir_fuzzer/externalfileaccessmkdir_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..111bc3299ee835bfdb0cf5df8bff21f908fa974c --- /dev/null +++ b/test/fuzztest/externalfileaccessmkdir_fuzzer/externalfileaccessmkdir_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_MKDIR_FUZZER_H +#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_MKDIR_FUZZER_H + +#define FUZZ_PROJECT_NAME "externalfileaccessmkdir_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessmkdir_fuzzer/project.xml b/test/fuzztest/externalfileaccessmkdir_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..2bb0dbd71370fa7c7b3e53168e4344fa49166dfd --- /dev/null +++ b/test/fuzztest/externalfileaccessmkdir_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/externalfileaccessmove_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessmove_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..bcd184298ba194ef142dc5c97d6180d78ea95193 --- /dev/null +++ b/test/fuzztest/externalfileaccessmove_fuzzer/BUILD.gn @@ -0,0 +1,70 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") +ohos_fuzztest("ExternalFileAccessMoveFuzzTest") { + module_out_path = "filemanagement/user_file_service" + fuzz_config_file = + "${user_file_service_path}/test/fuzztest/externalfileaccessmove_fuzzer" + include_dirs = [ + "${user_file_service_path}/utils", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/app", + "${ability_runtime_kits_path}/appkit/native/app/include", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/context", + "${user_file_service_path}/interfaces/inner_api/file_access/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessmove_fuzzer/externalfileaccessmove_fuzzer.cpp" ] + + deps = [ + "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native", + "${ability_runtime_path}/frameworks/native/appkit:app_context", + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "ability_runtime:ability_manager", + "ability_runtime:app_context", + "ability_runtime:extensionkit_native", + "ability_runtime:napi_common", + "ability_runtime:runtime", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_base", + "bundle_framework:appexecfwk_core", + "c_utils:utils", + "hilog:libhilog", + "hitrace:hitrace_meter", + "image_framework:image_native", + "ipc:ipc_core", + "napi:ace_napi", + "samgr:samgr_proxy", + ] +} + +group("fuzztest") { + testonly = true + deps = [ ":ExternalFileAccessMoveFuzzTest" ] +} diff --git a/test/fuzztest/externalfileaccessmove_fuzzer/corpus/init b/test/fuzztest/externalfileaccessmove_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..2b595da0c26af63ffb2d5f4132c086b2e5986fce --- /dev/null +++ b/test/fuzztest/externalfileaccessmove_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessmove_fuzzer/externalfileaccessmove_fuzzer.cpp b/test/fuzztest/externalfileaccessmove_fuzzer/externalfileaccessmove_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..b5731f0a24c2a68db2c926857a6954b6d239f0ad --- /dev/null +++ b/test/fuzztest/externalfileaccessmove_fuzzer/externalfileaccessmove_fuzzer.cpp @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "externalfileaccessmove_fuzzer.h" + +#include +#include +#include +#include + +#include "extension_base.h" +#include "extension_context.h" +#include "message_parcel.h" +#include "file_access_ext_stub.h" +#include "file_access_ext_stub_impl.h" +#include "file_access_ext_ability.h" +#include "js_file_access_ext_ability.h" +#include "js_runtime.h" +#include "securec.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" +#include "accesstoken_kit.h" + +namespace OHOS { +using namespace std; +using namespace OHOS; +using namespace FileAccessFwk; +using namespace AbilityRuntime; +constexpr size_t FOO_MAX_LEN = 1024; +constexpr size_t U32_AT_SIZE = 4; + + +enum { + TOKEN_INDEX_ONE = 0, +}; + +void SetNativeToken() +{ + uint64_t tokenId; + const char **perms = new const char *[1]; + perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + }; + + infoInstance.processName = "ExternalFileAccessMoveFuzzTest"; + tokenId = GetAccessTokenId(&infoInstance); + const uint64_t systemAppMask = (static_cast(1) << 32); + tokenId |= systemAppMask; + SetSelfTokenID(tokenId); + OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} + +bool ExternalFileAccessMoveFuzzTest(std::unique_ptr data, size_t size) +{ + SetNativeToken(); + // CMD_MOVE + uint32_t code = 5; + MessageParcel datas; + datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor()); + datas.WriteBuffer(data.get(), size); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr); + auto fileAccessExtAbilitySharePtr = std::shared_ptr(fileAccessExtAbility); + + sptr fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl( + fileAccessExtAbilitySharePtr, nullptr)); + + fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option); + + fileAccessExtAbility = nullptr; + fileAccessExtStubObj = nullptr; + + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + /* Validate the length of size */ + if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) { + return 0; + } + + auto str = std::make_unique(size + 1); + (void)memset_s(str.get(), size + 1, 0x00, size + 1); + if (memcpy_s(str.get(), size, data, size) != EOK) { + return 0; + } + + OHOS::ExternalFileAccessMoveFuzzTest(move(str), size); + return 0; +} diff --git a/test/fuzztest/externalfileaccessmove_fuzzer/externalfileaccessmove_fuzzer.h b/test/fuzztest/externalfileaccessmove_fuzzer/externalfileaccessmove_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..76d20fb15a0460be99db4a7c7b108912a2237bee --- /dev/null +++ b/test/fuzztest/externalfileaccessmove_fuzzer/externalfileaccessmove_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_MOVE_FUZZER_H +#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_MOVE_FUZZER_H + +#define FUZZ_PROJECT_NAME "externalfileaccessmove_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessmove_fuzzer/project.xml b/test/fuzztest/externalfileaccessmove_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..2bb0dbd71370fa7c7b3e53168e4344fa49166dfd --- /dev/null +++ b/test/fuzztest/externalfileaccessmove_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/externalfileaccessopenfile_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessopenfile_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..f5b21d255f911a94f83b61cf630f0c44afc1797e --- /dev/null +++ b/test/fuzztest/externalfileaccessopenfile_fuzzer/BUILD.gn @@ -0,0 +1,70 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") +ohos_fuzztest("ExternalFileAccessOpenFileFuzzTest") { + module_out_path = "filemanagement/user_file_service" + fuzz_config_file = + "${user_file_service_path}/test/fuzztest/externalfileaccessrename_fuzzer" + include_dirs = [ + "${user_file_service_path}/utils", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/app", + "${ability_runtime_kits_path}/appkit/native/app/include", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/context", + "${user_file_service_path}/interfaces/inner_api/file_access/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessrename_fuzzer/externalfileaccessrename_fuzzer.cpp" ] + + deps = [ + "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native", + "${ability_runtime_path}/frameworks/native/appkit:app_context", + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "ability_runtime:ability_manager", + "ability_runtime:app_context", + "ability_runtime:extensionkit_native", + "ability_runtime:napi_common", + "ability_runtime:runtime", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_base", + "bundle_framework:appexecfwk_core", + "c_utils:utils", + "hilog:libhilog", + "hitrace:hitrace_meter", + "image_framework:image_native", + "ipc:ipc_core", + "napi:ace_napi", + "samgr:samgr_proxy", + ] +} + +group("fuzztest") { + testonly = true + deps = [ ":ExternalFileAccessOpenFileFuzzTest" ] +} diff --git a/test/fuzztest/externalfileaccessopenfile_fuzzer/corpus/init b/test/fuzztest/externalfileaccessopenfile_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..2b595da0c26af63ffb2d5f4132c086b2e5986fce --- /dev/null +++ b/test/fuzztest/externalfileaccessopenfile_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessopenfile_fuzzer/externalfileaccessopenfile_fuzzer.cpp b/test/fuzztest/externalfileaccessopenfile_fuzzer/externalfileaccessopenfile_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..d404bc00c3f3f66fa8ac9849e860d4de9f1364ae --- /dev/null +++ b/test/fuzztest/externalfileaccessopenfile_fuzzer/externalfileaccessopenfile_fuzzer.cpp @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "externalfileaccessopenfile_fuzzer.h" + +#include +#include +#include +#include + +#include "extension_base.h" +#include "extension_context.h" +#include "message_parcel.h" +#include "file_access_ext_stub.h" +#include "file_access_ext_stub_impl.h" +#include "file_access_ext_ability.h" +#include "js_file_access_ext_ability.h" +#include "js_runtime.h" +#include "securec.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" +#include "accesstoken_kit.h" + +namespace OHOS { +using namespace std; +using namespace OHOS; +using namespace FileAccessFwk; +using namespace AbilityRuntime; +constexpr size_t FOO_MAX_LEN = 1024; +constexpr size_t U32_AT_SIZE = 4; + + +enum { + TOKEN_INDEX_ONE = 0, +}; + +void SetNativeToken() +{ + uint64_t tokenId; + const char **perms = new const char *[1]; + perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + }; + + infoInstance.processName = "ExternalFileAccessOpenFileFuzzTest"; + tokenId = GetAccessTokenId(&infoInstance); + const uint64_t systemAppMask = (static_cast(1) << 32); + tokenId |= systemAppMask; + SetSelfTokenID(tokenId); + OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} + +bool ExternalFileAccessOpenFileFuzzTest(std::unique_ptr data, size_t size) +{ + SetNativeToken(); + // CMD_OPENFILE + uint32_t code = 1; + MessageParcel datas; + datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor()); + datas.WriteBuffer(data.get(), size); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr); + auto fileAccessExtAbilitySharePtr = std::shared_ptr(fileAccessExtAbility); + + sptr fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl( + fileAccessExtAbilitySharePtr, nullptr)); + + fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option); + + fileAccessExtAbility = nullptr; + fileAccessExtStubObj = nullptr; + + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + /* Validate the length of size */ + if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) { + return 0; + } + + auto str = std::make_unique(size + 1); + (void)memset_s(str.get(), size + 1, 0x00, size + 1); + if (memcpy_s(str.get(), size, data, size) != EOK) { + return 0; + } + + OHOS::ExternalFileAccessOpenFileFuzzTest(move(str), size); + return 0; +} diff --git a/test/fuzztest/externalfileaccessopenfile_fuzzer/externalfileaccessopenfile_fuzzer.h b/test/fuzztest/externalfileaccessopenfile_fuzzer/externalfileaccessopenfile_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..80865c064c799c586a53117efb2e0c80ada000fd --- /dev/null +++ b/test/fuzztest/externalfileaccessopenfile_fuzzer/externalfileaccessopenfile_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_OPEN_FILE_FUZZER_H +#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_OPEN_FILE_FUZZER_H + +#define FUZZ_PROJECT_NAME "externalfileaccessopenfile_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessopenfile_fuzzer/project.xml b/test/fuzztest/externalfileaccessopenfile_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..2bb0dbd71370fa7c7b3e53168e4344fa49166dfd --- /dev/null +++ b/test/fuzztest/externalfileaccessopenfile_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/externalfileaccessrename_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessrename_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..b86979e78c5e0b1ec16b676251604a6a259accdf --- /dev/null +++ b/test/fuzztest/externalfileaccessrename_fuzzer/BUILD.gn @@ -0,0 +1,70 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") +ohos_fuzztest("ExternalFileAccessRenameFuzzTest") { + module_out_path = "filemanagement/user_file_service" + fuzz_config_file = + "${user_file_service_path}/test/fuzztest/externalfileaccessrename_fuzzer" + include_dirs = [ + "${user_file_service_path}/utils", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/app", + "${ability_runtime_kits_path}/appkit/native/app/include", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/context", + "${user_file_service_path}/interfaces/inner_api/file_access/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessrename_fuzzer/externalfileaccessrename_fuzzer.cpp" ] + + deps = [ + "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native", + "${ability_runtime_path}/frameworks/native/appkit:app_context", + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "ability_runtime:ability_manager", + "ability_runtime:app_context", + "ability_runtime:extensionkit_native", + "ability_runtime:napi_common", + "ability_runtime:runtime", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_base", + "bundle_framework:appexecfwk_core", + "c_utils:utils", + "hilog:libhilog", + "hitrace:hitrace_meter", + "image_framework:image_native", + "ipc:ipc_core", + "napi:ace_napi", + "samgr:samgr_proxy", + ] +} + +group("fuzztest") { + testonly = true + deps = [ ":ExternalFileAccessRenameFuzzTest" ] +} diff --git a/test/fuzztest/externalfileaccessrename_fuzzer/corpus/init b/test/fuzztest/externalfileaccessrename_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..2b595da0c26af63ffb2d5f4132c086b2e5986fce --- /dev/null +++ b/test/fuzztest/externalfileaccessrename_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessrename_fuzzer/externalfileaccessrename_fuzzer.cpp b/test/fuzztest/externalfileaccessrename_fuzzer/externalfileaccessrename_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..229d7e4d88d14189eb46ba100b6ec57872152e4f --- /dev/null +++ b/test/fuzztest/externalfileaccessrename_fuzzer/externalfileaccessrename_fuzzer.cpp @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "externalfileaccessrename_fuzzer.h" + +#include +#include +#include +#include + +#include "extension_base.h" +#include "extension_context.h" +#include "message_parcel.h" +#include "file_access_ext_stub.h" +#include "file_access_ext_stub_impl.h" +#include "file_access_ext_ability.h" +#include "js_file_access_ext_ability.h" +#include "js_runtime.h" +#include "securec.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" +#include "accesstoken_kit.h" + +namespace OHOS { +using namespace std; +using namespace OHOS; +using namespace FileAccessFwk; +using namespace AbilityRuntime; +constexpr size_t FOO_MAX_LEN = 1024; +constexpr size_t U32_AT_SIZE = 4; + + +enum { + TOKEN_INDEX_ONE = 0, +}; + +void SetNativeToken() +{ + uint64_t tokenId; + const char **perms = new const char *[1]; + perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + }; + + infoInstance.processName = "ExternalFileAccessRenameFuzzTest"; + tokenId = GetAccessTokenId(&infoInstance); + const uint64_t systemAppMask = (static_cast(1) << 32); + tokenId |= systemAppMask; + SetSelfTokenID(tokenId); + OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} + +bool ExternalFileAccessRenameFuzzTest(std::unique_ptr data, size_t size) +{ + SetNativeToken(); + // CMD_RENAME + uint32_t code = 7; + MessageParcel datas; + datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor()); + datas.WriteBuffer(data.get(), size); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr); + auto fileAccessExtAbilitySharePtr = std::shared_ptr(fileAccessExtAbility); + + sptr fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl( + fileAccessExtAbilitySharePtr, nullptr)); + + fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option); + + fileAccessExtAbility = nullptr; + fileAccessExtStubObj = nullptr; + + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + /* Validate the length of size */ + if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) { + return 0; + } + + auto str = std::make_unique(size + 1); + (void)memset_s(str.get(), size + 1, 0x00, size + 1); + if (memcpy_s(str.get(), size, data, size) != EOK) { + return 0; + } + + OHOS::ExternalFileAccessRenameFuzzTest(move(str), size); + return 0; +} diff --git a/test/fuzztest/externalfileaccessrename_fuzzer/externalfileaccessrename_fuzzer.h b/test/fuzztest/externalfileaccessrename_fuzzer/externalfileaccessrename_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..e529c13bb5abf9e7267ea8c8979dcb4cdfbf44c2 --- /dev/null +++ b/test/fuzztest/externalfileaccessrename_fuzzer/externalfileaccessrename_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_RENAME_FUZZER_H +#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_RENAME_FUZZER_H + +#define FUZZ_PROJECT_NAME "externalfileaccessrename_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessrename_fuzzer/project.xml b/test/fuzztest/externalfileaccessrename_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..2bb0dbd71370fa7c7b3e53168e4344fa49166dfd --- /dev/null +++ b/test/fuzztest/externalfileaccessrename_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/externalfileaccessscanfile_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessscanfile_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..f1f168a5cf7345d4835988da4e6554ba144748b7 --- /dev/null +++ b/test/fuzztest/externalfileaccessscanfile_fuzzer/BUILD.gn @@ -0,0 +1,69 @@ +# Copyright (c) 2023 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") +ohos_fuzztest("ExternalFileAccessScanFileFuzzTest") { + module_out_path = "filemanagement/user_file_service" + fuzz_config_file = "${user_file_service_path}/test/fuzztest/externalfileaccessscanfile_fuzzer" + include_dirs = [ + "${user_file_service_path}/utils", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/app", + "${ability_runtime_kits_path}/appkit/native/app/include", + "${ability_runtime_kits_path}/appkit/native/ability_runtime/context", + "${user_file_service_path}/interfaces/inner_api/file_access/include", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessscanfile_fuzzer/externalfileaccessscanfile_fuzzer.cpp" ] + + deps = [ + "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native", + "${ability_runtime_path}/frameworks/native/appkit:app_context", + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "ability_runtime:ability_manager", + "ability_runtime:app_context", + "ability_runtime:extensionkit_native", + "ability_runtime:napi_common", + "ability_runtime:runtime", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_base", + "bundle_framework:appexecfwk_core", + "c_utils:utils", + "hilog:libhilog", + "hitrace:hitrace_meter", + "image_framework:image_native", + "ipc:ipc_core", + "napi:ace_napi", + "samgr:samgr_proxy", + ] +} + +group("fuzztest") { + testonly = true + deps = [ ":ExternalFileAccessScanFileFuzzTest" ] +} diff --git a/test/fuzztest/externalfileaccessscanfile_fuzzer/corpus/init b/test/fuzztest/externalfileaccessscanfile_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..2b595da0c26af63ffb2d5f4132c086b2e5986fce --- /dev/null +++ b/test/fuzztest/externalfileaccessscanfile_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessscanfile_fuzzer/externalfileaccessscanfile_fuzzer.cpp b/test/fuzztest/externalfileaccessscanfile_fuzzer/externalfileaccessscanfile_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..7a93e1b0478460dd11e1b5443a9a8610300c5029 --- /dev/null +++ b/test/fuzztest/externalfileaccessscanfile_fuzzer/externalfileaccessscanfile_fuzzer.cpp @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "externalfileaccessscanfile_fuzzer.h" + +#include +#include +#include +#include + +#include "extension_base.h" +#include "extension_context.h" +#include "message_parcel.h" +#include "file_access_ext_stub.h" +#include "file_access_ext_stub_impl.h" +#include "file_access_ext_ability.h" +#include "js_file_access_ext_ability.h" +#include "js_runtime.h" +#include "securec.h" +#include "nativetoken_kit.h" +#include "token_setproc.h" +#include "accesstoken_kit.h" + +namespace OHOS { +using namespace std; +using namespace OHOS; +using namespace FileAccessFwk; +using namespace AbilityRuntime; +constexpr size_t FOO_MAX_LEN = 1024; +constexpr size_t U32_AT_SIZE = 4; + + +enum { + TOKEN_INDEX_ONE = 0, +}; + +void SetNativeToken() +{ + uint64_t tokenId; + const char **perms = new const char *[1]; + perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER"; + NativeTokenInfoParams infoInstance = { + .dcapsNum = 0, + .permsNum = 1, + .aclsNum = 0, + .dcaps = nullptr, + .perms = perms, + .acls = nullptr, + .aplStr = "system_core", + }; + + infoInstance.processName = "ExternalFileAccessScanFileFuzzTest"; + tokenId = GetAccessTokenId(&infoInstance); + const uint64_t systemAppMask = (static_cast(1) << 32); + tokenId |= systemAppMask; + SetSelfTokenID(tokenId); + OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); + delete[] perms; +} + +bool ExternalFileAccessScanFileFuzzTest(std::unique_ptr data, size_t size) +{ + SetNativeToken(); + // CMD_SCANFILE + uint32_t code = 9; + MessageParcel datas; + datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor()); + datas.WriteBuffer(data.get(), size); + datas.RewindRead(0); + MessageParcel reply; + MessageOption option; + + auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr); + auto fileAccessExtAbilitySharePtr = std::shared_ptr(fileAccessExtAbility); + + sptr fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl( + fileAccessExtAbilitySharePtr, nullptr)); + + fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option); + + fileAccessExtAbility = nullptr; + fileAccessExtStubObj = nullptr; + + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + /* Run your code on data */ + if (data == nullptr) { + return 0; + } + + /* Validate the length of size */ + if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) { + return 0; + } + + auto str = std::make_unique(size + 1); + (void)memset_s(str.get(), size + 1, 0x00, size + 1); + if (memcpy_s(str.get(), size, data, size) != EOK) { + return 0; + } + + OHOS::ExternalFileAccessScanFileFuzzTest(move(str), size); + return 0; +} diff --git a/test/fuzztest/externalfileaccessscanfile_fuzzer/externalfileaccessscanfile_fuzzer.h b/test/fuzztest/externalfileaccessscanfile_fuzzer/externalfileaccessscanfile_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..4e4e9e6441f48c409e23679fef799079cff57347 --- /dev/null +++ b/test/fuzztest/externalfileaccessscanfile_fuzzer/externalfileaccessscanfile_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_SCAN_FILE_FUZZER_H +#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_SCAN_FILE_FUZZER_H + +#define FUZZ_PROJECT_NAME "externalfileaccessscanfile_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/externalfileaccessscanfile_fuzzer/project.xml b/test/fuzztest/externalfileaccessscanfile_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..2bb0dbd71370fa7c7b3e53168e4344fa49166dfd --- /dev/null +++ b/test/fuzztest/externalfileaccessscanfile_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + +