From bc9d26b9de68cf8bb0bd2312d65f7dc1b095ea77 Mon Sep 17 00:00:00 2001
From: y30045862 <yangjingbo10@huawei.com>
Date: Thu, 17 Aug 2023 10:21:08 +0800
Subject: [PATCH] t FileAccessExtAbilityFuzz Signed-off-by: yangjingbo10
 <yangjingbo10@huawei.com>

Change-Id: I2e045bd7f49548bf4f02a3bbb61caf41bb826c4b
---
 test/fuzztest/BUILD.gn                        |  17 ++-
 .../externalfileaccessaccess_fuzzer/BUILD.gn  |  70 ++++++++++
 .../corpus/init                               |  16 +++
 .../externalfileaccessaccess_fuzzer.cpp       | 120 ++++++++++++++++++
 .../externalfileaccessaccess_fuzzer.h         |  21 +++
 .../project.xml                               |  25 ++++
 .../BUILD.gn                                  |  69 ++++++++++
 .../corpus/init                               |  16 +++
 .../externalfileaccesscreatefile_fuzzer.cpp   | 120 ++++++++++++++++++
 .../externalfileaccesscreatefile_fuzzer.h     |  21 +++
 .../project.xml                               |  25 ++++
 .../externalfileaccessdelete_fuzzer/BUILD.gn  |  70 ++++++++++
 .../corpus/init                               |  16 +++
 .../externalfileaccessdelete_fuzzer.cpp       | 120 ++++++++++++++++++
 .../externalfileaccessdelete_fuzzer.h         |  21 +++
 .../project.xml                               |  25 ++++
 .../BUILD.gn                                  |  69 ++++++++++
 .../corpus/init                               |  16 +++
 ...cessgetfileinfofromrelativepath_fuzzer.cpp | 120 ++++++++++++++++++
 ...accessgetfileinfofromrelativepath_fuzzer.h |  21 +++
 .../project.xml                               |  25 ++++
 .../BUILD.gn                                  |  69 ++++++++++
 .../corpus/init                               |  16 +++
 ...nalfileaccessgetfileinfofromuri_fuzzer.cpp | 120 ++++++++++++++++++
 ...ernalfileaccessgetfileinfofromuri_fuzzer.h |  21 +++
 .../project.xml                               |  25 ++++
 .../BUILD.gn                                  |  69 ++++++++++
 .../corpus/init                               |  16 +++
 .../externalfileaccessgetroots_fuzzer.cpp     | 120 ++++++++++++++++++
 .../externalfileaccessgetroots_fuzzer.h       |  21 +++
 .../project.xml                               |  25 ++++
 .../BUILD.gn                                  |  69 ++++++++++
 .../corpus/init                               |  16 +++
 .../externalfileaccessgetthumbnail_fuzzer.cpp | 120 ++++++++++++++++++
 .../externalfileaccessgetthumbnail_fuzzer.h   |  21 +++
 .../project.xml                               |  25 ++++
 .../BUILD.gn                                  |  69 ++++++++++
 .../corpus/init                               |  16 +++
 .../externalfileaccesslistfile_fuzzer.cpp     | 120 ++++++++++++++++++
 .../externalfileaccesslistfile_fuzzer.h       |  21 +++
 .../project.xml                               |  25 ++++
 .../externalfileaccessmkdir_fuzzer/BUILD.gn   |  70 ++++++++++
 .../corpus/init                               |  16 +++
 .../externalfileaccessmkdir_fuzzer.cpp        | 120 ++++++++++++++++++
 .../externalfileaccessmkdir_fuzzer.h          |  21 +++
 .../project.xml                               |  25 ++++
 .../externalfileaccessmove_fuzzer/BUILD.gn    |  70 ++++++++++
 .../externalfileaccessmove_fuzzer/corpus/init |  16 +++
 .../externalfileaccessmove_fuzzer.cpp         | 120 ++++++++++++++++++
 .../externalfileaccessmove_fuzzer.h           |  21 +++
 .../externalfileaccessmove_fuzzer/project.xml |  25 ++++
 .../BUILD.gn                                  |  70 ++++++++++
 .../corpus/init                               |  16 +++
 .../externalfileaccessopenfile_fuzzer.cpp     | 120 ++++++++++++++++++
 .../externalfileaccessopenfile_fuzzer.h       |  21 +++
 .../project.xml                               |  25 ++++
 .../externalfileaccessrename_fuzzer/BUILD.gn  |  70 ++++++++++
 .../corpus/init                               |  16 +++
 .../externalfileaccessrename_fuzzer.cpp       | 120 ++++++++++++++++++
 .../externalfileaccessrename_fuzzer.h         |  21 +++
 .../project.xml                               |  25 ++++
 .../BUILD.gn                                  |  69 ++++++++++
 .../corpus/init                               |  16 +++
 .../externalfileaccessscanfile_fuzzer.cpp     | 120 ++++++++++++++++++
 .../externalfileaccessscanfile_fuzzer.h       |  21 +++
 .../project.xml                               |  25 ++++
 66 files changed, 3285 insertions(+), 1 deletion(-)
 create mode 100644 test/fuzztest/externalfileaccessaccess_fuzzer/BUILD.gn
 create mode 100644 test/fuzztest/externalfileaccessaccess_fuzzer/corpus/init
 create mode 100644 test/fuzztest/externalfileaccessaccess_fuzzer/externalfileaccessaccess_fuzzer.cpp
 create mode 100644 test/fuzztest/externalfileaccessaccess_fuzzer/externalfileaccessaccess_fuzzer.h
 create mode 100644 test/fuzztest/externalfileaccessaccess_fuzzer/project.xml
 create mode 100644 test/fuzztest/externalfileaccesscreatefile_fuzzer/BUILD.gn
 create mode 100644 test/fuzztest/externalfileaccesscreatefile_fuzzer/corpus/init
 create mode 100644 test/fuzztest/externalfileaccesscreatefile_fuzzer/externalfileaccesscreatefile_fuzzer.cpp
 create mode 100644 test/fuzztest/externalfileaccesscreatefile_fuzzer/externalfileaccesscreatefile_fuzzer.h
 create mode 100644 test/fuzztest/externalfileaccesscreatefile_fuzzer/project.xml
 create mode 100644 test/fuzztest/externalfileaccessdelete_fuzzer/BUILD.gn
 create mode 100644 test/fuzztest/externalfileaccessdelete_fuzzer/corpus/init
 create mode 100644 test/fuzztest/externalfileaccessdelete_fuzzer/externalfileaccessdelete_fuzzer.cpp
 create mode 100644 test/fuzztest/externalfileaccessdelete_fuzzer/externalfileaccessdelete_fuzzer.h
 create mode 100644 test/fuzztest/externalfileaccessdelete_fuzzer/project.xml
 create mode 100644 test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/BUILD.gn
 create mode 100644 test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/corpus/init
 create mode 100644 test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/externalfileaccessgetfileinfofromrelativepath_fuzzer.cpp
 create mode 100644 test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/externalfileaccessgetfileinfofromrelativepath_fuzzer.h
 create mode 100644 test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/project.xml
 create mode 100644 test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/BUILD.gn
 create mode 100644 test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/corpus/init
 create mode 100644 test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/externalfileaccessgetfileinfofromuri_fuzzer.cpp
 create mode 100644 test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/externalfileaccessgetfileinfofromuri_fuzzer.h
 create mode 100644 test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/project.xml
 create mode 100644 test/fuzztest/externalfileaccessgetroots_fuzzer/BUILD.gn
 create mode 100644 test/fuzztest/externalfileaccessgetroots_fuzzer/corpus/init
 create mode 100644 test/fuzztest/externalfileaccessgetroots_fuzzer/externalfileaccessgetroots_fuzzer.cpp
 create mode 100644 test/fuzztest/externalfileaccessgetroots_fuzzer/externalfileaccessgetroots_fuzzer.h
 create mode 100644 test/fuzztest/externalfileaccessgetroots_fuzzer/project.xml
 create mode 100644 test/fuzztest/externalfileaccessgetthumbnail_fuzzer/BUILD.gn
 create mode 100644 test/fuzztest/externalfileaccessgetthumbnail_fuzzer/corpus/init
 create mode 100644 test/fuzztest/externalfileaccessgetthumbnail_fuzzer/externalfileaccessgetthumbnail_fuzzer.cpp
 create mode 100644 test/fuzztest/externalfileaccessgetthumbnail_fuzzer/externalfileaccessgetthumbnail_fuzzer.h
 create mode 100644 test/fuzztest/externalfileaccessgetthumbnail_fuzzer/project.xml
 create mode 100644 test/fuzztest/externalfileaccesslistfile_fuzzer/BUILD.gn
 create mode 100644 test/fuzztest/externalfileaccesslistfile_fuzzer/corpus/init
 create mode 100644 test/fuzztest/externalfileaccesslistfile_fuzzer/externalfileaccesslistfile_fuzzer.cpp
 create mode 100644 test/fuzztest/externalfileaccesslistfile_fuzzer/externalfileaccesslistfile_fuzzer.h
 create mode 100644 test/fuzztest/externalfileaccesslistfile_fuzzer/project.xml
 create mode 100644 test/fuzztest/externalfileaccessmkdir_fuzzer/BUILD.gn
 create mode 100644 test/fuzztest/externalfileaccessmkdir_fuzzer/corpus/init
 create mode 100644 test/fuzztest/externalfileaccessmkdir_fuzzer/externalfileaccessmkdir_fuzzer.cpp
 create mode 100644 test/fuzztest/externalfileaccessmkdir_fuzzer/externalfileaccessmkdir_fuzzer.h
 create mode 100644 test/fuzztest/externalfileaccessmkdir_fuzzer/project.xml
 create mode 100644 test/fuzztest/externalfileaccessmove_fuzzer/BUILD.gn
 create mode 100644 test/fuzztest/externalfileaccessmove_fuzzer/corpus/init
 create mode 100644 test/fuzztest/externalfileaccessmove_fuzzer/externalfileaccessmove_fuzzer.cpp
 create mode 100644 test/fuzztest/externalfileaccessmove_fuzzer/externalfileaccessmove_fuzzer.h
 create mode 100644 test/fuzztest/externalfileaccessmove_fuzzer/project.xml
 create mode 100644 test/fuzztest/externalfileaccessopenfile_fuzzer/BUILD.gn
 create mode 100644 test/fuzztest/externalfileaccessopenfile_fuzzer/corpus/init
 create mode 100644 test/fuzztest/externalfileaccessopenfile_fuzzer/externalfileaccessopenfile_fuzzer.cpp
 create mode 100644 test/fuzztest/externalfileaccessopenfile_fuzzer/externalfileaccessopenfile_fuzzer.h
 create mode 100644 test/fuzztest/externalfileaccessopenfile_fuzzer/project.xml
 create mode 100644 test/fuzztest/externalfileaccessrename_fuzzer/BUILD.gn
 create mode 100644 test/fuzztest/externalfileaccessrename_fuzzer/corpus/init
 create mode 100644 test/fuzztest/externalfileaccessrename_fuzzer/externalfileaccessrename_fuzzer.cpp
 create mode 100644 test/fuzztest/externalfileaccessrename_fuzzer/externalfileaccessrename_fuzzer.h
 create mode 100644 test/fuzztest/externalfileaccessrename_fuzzer/project.xml
 create mode 100644 test/fuzztest/externalfileaccessscanfile_fuzzer/BUILD.gn
 create mode 100644 test/fuzztest/externalfileaccessscanfile_fuzzer/corpus/init
 create mode 100644 test/fuzztest/externalfileaccessscanfile_fuzzer/externalfileaccessscanfile_fuzzer.cpp
 create mode 100644 test/fuzztest/externalfileaccessscanfile_fuzzer/externalfileaccessscanfile_fuzzer.h
 create mode 100644 test/fuzztest/externalfileaccessscanfile_fuzzer/project.xml

diff --git a/test/fuzztest/BUILD.gn b/test/fuzztest/BUILD.gn
index e27dcb4b..79744bf2 100644
--- a/test/fuzztest/BUILD.gn
+++ b/test/fuzztest/BUILD.gn
@@ -14,5 +14,20 @@
 group("user_file_service_fuzz_test") {
   testonly = true
 
-  deps = [ "externalfileaccess_fuzzer:ExternalFileAccessFuzzTest" ]
+  deps = [
+    "externalfileaccess_fuzzer:ExternalFileAccessFuzzTest",
+    "externalfileaccessaccess_fuzzer:ExternalFileAccessAccessFuzzTest",
+    "externalfileaccesscreatefile_fuzzer:ExternalFileAccessCreateFileFuzzTest",
+    "externalfileaccessdelete_fuzzer:ExternalFileAccessDeleteFuzzTest",
+    "externalfileaccessgetfileinfofromrelativepath_fuzzer:ExternalFileAccessGetFileInfoFromRelativePathFuzzTest",
+    "externalfileaccessgetfileinfofromuri_fuzzer:ExternalFileAccessGetFileInfoFromUriFuzzTest",
+    "externalfileaccessgetroots_fuzzer:ExternalFileAccessGetRootsFuzzTest",
+    "externalfileaccessgetthumbnail_fuzzer:ExternalFileAccessGetThumbnailFuzzTest",
+    "externalfileaccesslistfile_fuzzer:ExternalFileAccessListFileFuzzTest",
+    "externalfileaccessmkdir_fuzzer:ExternalFileAccessMkdirFuzzTest",
+    "externalfileaccessmove_fuzzer:ExternalFileAccessMoveFuzzTest",
+    "externalfileaccessopenfile_fuzzer:ExternalFileAccessOpenFileFuzzTest",
+    "externalfileaccessrename_fuzzer:ExternalFileAccessRenameFuzzTest",
+    "externalfileaccessscanfile_fuzzer:ExternalFileAccessScanFileFuzzTest",
+  ]
 }
diff --git a/test/fuzztest/externalfileaccessaccess_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessaccess_fuzzer/BUILD.gn
new file mode 100644
index 00000000..29884986
--- /dev/null
+++ b/test/fuzztest/externalfileaccessaccess_fuzzer/BUILD.gn
@@ -0,0 +1,70 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################hydra-fuzz###################
+import("//build/config/features.gni")
+import("//build/test.gni")
+import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni")
+ohos_fuzztest("ExternalFileAccessAccessFuzzTest") {
+  module_out_path = "filemanagement/user_file_service"
+  fuzz_config_file =
+      "${user_file_service_path}/test/fuzztest/externalfileaccessaccess_fuzzer"
+  include_dirs = [
+    "${user_file_service_path}/utils",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/app",
+    "${ability_runtime_kits_path}/appkit/native/app/include",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/context",
+    "${user_file_service_path}/interfaces/inner_api/file_access/include",
+  ]
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+  sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessaccess_fuzzer/externalfileaccessaccess_fuzzer.cpp" ]
+
+  deps = [
+    "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native",
+    "${ability_runtime_path}/frameworks/native/appkit:app_context",
+    "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx",
+    "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit",
+  ]
+
+  external_deps = [
+    "ability_base:want",
+    "ability_base:zuri",
+    "ability_runtime:ability_manager",
+    "ability_runtime:app_context",
+    "ability_runtime:extensionkit_native",
+    "ability_runtime:napi_common",
+    "ability_runtime:runtime",
+    "access_token:libaccesstoken_sdk",
+    "access_token:libnativetoken",
+    "access_token:libtoken_setproc",
+    "bundle_framework:appexecfwk_base",
+    "bundle_framework:appexecfwk_core",
+    "c_utils:utils",
+    "hilog:libhilog",
+    "hitrace:hitrace_meter",
+    "image_framework:image_native",
+    "ipc:ipc_core",
+    "napi:ace_napi",
+    "samgr:samgr_proxy",
+  ]
+}
+
+group("fuzztest") {
+  testonly = true
+  deps = [ ":ExternalFileAccessAccessFuzzTest" ]
+}
diff --git a/test/fuzztest/externalfileaccessaccess_fuzzer/corpus/init b/test/fuzztest/externalfileaccessaccess_fuzzer/corpus/init
new file mode 100644
index 00000000..2b595da0
--- /dev/null
+++ b/test/fuzztest/externalfileaccessaccess_fuzzer/corpus/init
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessaccess_fuzzer/externalfileaccessaccess_fuzzer.cpp b/test/fuzztest/externalfileaccessaccess_fuzzer/externalfileaccessaccess_fuzzer.cpp
new file mode 100644
index 00000000..dc48b118
--- /dev/null
+++ b/test/fuzztest/externalfileaccessaccess_fuzzer/externalfileaccessaccess_fuzzer.cpp
@@ -0,0 +1,120 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "externalfileaccessaccess_fuzzer.h"
+
+#include <cstddef>
+#include <cstdint>
+#include <cstring>
+#include <memory>
+
+#include "extension_base.h"
+#include "extension_context.h"
+#include "message_parcel.h"
+#include "file_access_ext_stub.h"
+#include "file_access_ext_stub_impl.h"
+#include "file_access_ext_ability.h"
+#include "js_file_access_ext_ability.h"
+#include "js_runtime.h"
+#include "securec.h"
+#include "nativetoken_kit.h"
+#include "token_setproc.h"
+#include "accesstoken_kit.h"
+
+namespace OHOS {
+using namespace std;
+using namespace OHOS;
+using namespace FileAccessFwk;
+using namespace AbilityRuntime;
+constexpr size_t FOO_MAX_LEN = 1024;
+constexpr size_t U32_AT_SIZE = 4;
+
+
+enum {
+    TOKEN_INDEX_ONE = 0,
+};
+
+void SetNativeToken()
+{
+    uint64_t tokenId;
+    const char **perms = new const char *[1];
+    perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER";
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = 0,
+        .permsNum = 1,
+        .aclsNum = 0,
+        .dcaps = nullptr,
+        .perms = perms,
+        .acls = nullptr,
+        .aplStr = "system_core",
+    };
+
+    infoInstance.processName = "ExternalFileAccessAccessFuzzTest";
+    tokenId = GetAccessTokenId(&infoInstance);
+    const uint64_t systemAppMask = (static_cast<uint64_t>(1) << 32);
+    tokenId |= systemAppMask;
+    SetSelfTokenID(tokenId);
+    OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
+    delete[] perms;
+}
+
+bool ExternalFileAccessAccessFuzzTest(std::unique_ptr<char[]> data, size_t size)
+{
+    SetNativeToken();
+    // CMD_ACCESS
+    uint32_t code = 14;
+    MessageParcel datas;
+    datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor());
+    datas.WriteBuffer(data.get(), size);
+    datas.RewindRead(0);
+    MessageParcel reply;
+    MessageOption option;
+
+    auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr);
+    auto fileAccessExtAbilitySharePtr = std::shared_ptr<FileAccessExtAbility>(fileAccessExtAbility);
+
+    sptr<FileAccessExtStubImpl> fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl(
+        fileAccessExtAbilitySharePtr, nullptr));
+
+    fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option);
+    
+    fileAccessExtAbility = nullptr;
+    fileAccessExtStubObj = nullptr;
+
+    return true;
+}
+} // namespace OHOS
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    /* Run your code on data */
+    if (data == nullptr) {
+        return 0;
+    }
+
+    /* Validate the length of size */
+    if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) {
+        return 0;
+    }
+
+    auto str = std::make_unique<char[]>(size + 1);
+    (void)memset_s(str.get(), size + 1, 0x00, size + 1);
+    if (memcpy_s(str.get(), size, data, size) != EOK) {
+        return 0;
+    }
+
+    OHOS::ExternalFileAccessAccessFuzzTest(move(str), size);
+    return 0;
+}
diff --git a/test/fuzztest/externalfileaccessaccess_fuzzer/externalfileaccessaccess_fuzzer.h b/test/fuzztest/externalfileaccessaccess_fuzzer/externalfileaccessaccess_fuzzer.h
new file mode 100644
index 00000000..fb913d16
--- /dev/null
+++ b/test/fuzztest/externalfileaccessaccess_fuzzer/externalfileaccessaccess_fuzzer.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_ACCESS_FUZZER_H
+#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_ACCESS_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "externalfileaccessaccess_fuzzer"
+
+#endif
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessaccess_fuzzer/project.xml b/test/fuzztest/externalfileaccessaccess_fuzzer/project.xml
new file mode 100644
index 00000000..2bb0dbd7
--- /dev/null
+++ b/test/fuzztest/externalfileaccessaccess_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2023 Huawei Device Co., Ltd.
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/test/fuzztest/externalfileaccesscreatefile_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccesscreatefile_fuzzer/BUILD.gn
new file mode 100644
index 00000000..ca2a2dd5
--- /dev/null
+++ b/test/fuzztest/externalfileaccesscreatefile_fuzzer/BUILD.gn
@@ -0,0 +1,69 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################hydra-fuzz###################
+import("//build/config/features.gni")
+import("//build/test.gni")
+import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni")
+ohos_fuzztest("ExternalFileAccessCreateFileFuzzTest") {
+  module_out_path = "filemanagement/user_file_service"
+  fuzz_config_file = "${user_file_service_path}/test/fuzztest/externalfileaccesscreatefile_fuzzer"
+  include_dirs = [
+    "${user_file_service_path}/utils",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/app",
+    "${ability_runtime_kits_path}/appkit/native/app/include",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/context",
+    "${user_file_service_path}/interfaces/inner_api/file_access/include",
+  ]
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+  sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccesscreatefile_fuzzer/externalfileaccesscreatefile_fuzzer.cpp" ]
+
+  deps = [
+    "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native",
+    "${ability_runtime_path}/frameworks/native/appkit:app_context",
+    "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx",
+    "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit",
+  ]
+
+  external_deps = [
+    "ability_base:want",
+    "ability_base:zuri",
+    "ability_runtime:ability_manager",
+    "ability_runtime:app_context",
+    "ability_runtime:extensionkit_native",
+    "ability_runtime:napi_common",
+    "ability_runtime:runtime",
+    "access_token:libaccesstoken_sdk",
+    "access_token:libnativetoken",
+    "access_token:libtoken_setproc",
+    "bundle_framework:appexecfwk_base",
+    "bundle_framework:appexecfwk_core",
+    "c_utils:utils",
+    "hilog:libhilog",
+    "hitrace:hitrace_meter",
+    "image_framework:image_native",
+    "ipc:ipc_core",
+    "napi:ace_napi",
+    "samgr:samgr_proxy",
+  ]
+}
+
+group("fuzztest") {
+  testonly = true
+  deps = [ ":ExternalFileAccessCreateFileFuzzTest" ]
+}
diff --git a/test/fuzztest/externalfileaccesscreatefile_fuzzer/corpus/init b/test/fuzztest/externalfileaccesscreatefile_fuzzer/corpus/init
new file mode 100644
index 00000000..2b595da0
--- /dev/null
+++ b/test/fuzztest/externalfileaccesscreatefile_fuzzer/corpus/init
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccesscreatefile_fuzzer/externalfileaccesscreatefile_fuzzer.cpp b/test/fuzztest/externalfileaccesscreatefile_fuzzer/externalfileaccesscreatefile_fuzzer.cpp
new file mode 100644
index 00000000..c09f4d0e
--- /dev/null
+++ b/test/fuzztest/externalfileaccesscreatefile_fuzzer/externalfileaccesscreatefile_fuzzer.cpp
@@ -0,0 +1,120 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "externalfileaccesscreatefile_fuzzer.h"
+
+#include <cstddef>
+#include <cstdint>
+#include <cstring>
+#include <memory>
+
+#include "extension_base.h"
+#include "extension_context.h"
+#include "message_parcel.h"
+#include "file_access_ext_stub.h"
+#include "file_access_ext_stub_impl.h"
+#include "file_access_ext_ability.h"
+#include "js_file_access_ext_ability.h"
+#include "js_runtime.h"
+#include "securec.h"
+#include "nativetoken_kit.h"
+#include "token_setproc.h"
+#include "accesstoken_kit.h"
+
+namespace OHOS {
+using namespace std;
+using namespace OHOS;
+using namespace FileAccessFwk;
+using namespace AbilityRuntime;
+constexpr size_t FOO_MAX_LEN = 1024;
+constexpr size_t U32_AT_SIZE = 4;
+
+
+enum {
+    TOKEN_INDEX_ONE = 0,
+};
+
+void SetNativeToken()
+{
+    uint64_t tokenId;
+    const char **perms = new const char *[1];
+    perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER";
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = 0,
+        .permsNum = 1,
+        .aclsNum = 0,
+        .dcaps = nullptr,
+        .perms = perms,
+        .acls = nullptr,
+        .aplStr = "system_core",
+    };
+
+    infoInstance.processName = "ExternalFileAccessCreateFileFuzzTest";
+    tokenId = GetAccessTokenId(&infoInstance);
+    const uint64_t systemAppMask = (static_cast<uint64_t>(1) << 32);
+    tokenId |= systemAppMask;
+    SetSelfTokenID(tokenId);
+    OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
+    delete[] perms;
+}
+
+bool ExternalFileAccessCreateFileFuzzTest(std::unique_ptr<char[]> data, size_t size)
+{
+    SetNativeToken();
+    // CMD_CREATEILE
+    uint32_t code = 2;
+    MessageParcel datas;
+    datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor());
+    datas.WriteBuffer(data.get(), size);
+    datas.RewindRead(0);
+    MessageParcel reply;
+    MessageOption option;
+
+    auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr);
+    auto fileAccessExtAbilitySharePtr = std::shared_ptr<FileAccessExtAbility>(fileAccessExtAbility);
+
+    sptr<FileAccessExtStubImpl> fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl(
+        fileAccessExtAbilitySharePtr, nullptr));
+
+    fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option);
+    
+    fileAccessExtAbility = nullptr;
+    fileAccessExtStubObj = nullptr;
+
+    return true;
+}
+} // namespace OHOS
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    /* Run your code on data */
+    if (data == nullptr) {
+        return 0;
+    }
+
+    /* Validate the length of size */
+    if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) {
+        return 0;
+    }
+
+    auto str = std::make_unique<char[]>(size + 1);
+    (void)memset_s(str.get(), size + 1, 0x00, size + 1);
+    if (memcpy_s(str.get(), size, data, size) != EOK) {
+        return 0;
+    }
+
+    OHOS::ExternalFileAccessCreateFileFuzzTest(move(str), size);
+    return 0;
+}
diff --git a/test/fuzztest/externalfileaccesscreatefile_fuzzer/externalfileaccesscreatefile_fuzzer.h b/test/fuzztest/externalfileaccesscreatefile_fuzzer/externalfileaccesscreatefile_fuzzer.h
new file mode 100644
index 00000000..297daa9b
--- /dev/null
+++ b/test/fuzztest/externalfileaccesscreatefile_fuzzer/externalfileaccesscreatefile_fuzzer.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_CREATE_FILE_FUZZER_H
+#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_CREATE_FILE_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "externalfileaccesscreatefile_fuzzer"
+
+#endif
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccesscreatefile_fuzzer/project.xml b/test/fuzztest/externalfileaccesscreatefile_fuzzer/project.xml
new file mode 100644
index 00000000..2bb0dbd7
--- /dev/null
+++ b/test/fuzztest/externalfileaccesscreatefile_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2023 Huawei Device Co., Ltd.
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/test/fuzztest/externalfileaccessdelete_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessdelete_fuzzer/BUILD.gn
new file mode 100644
index 00000000..52517cc8
--- /dev/null
+++ b/test/fuzztest/externalfileaccessdelete_fuzzer/BUILD.gn
@@ -0,0 +1,70 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################hydra-fuzz###################
+import("//build/config/features.gni")
+import("//build/test.gni")
+import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni")
+ohos_fuzztest("ExternalFileAccessDeleteFuzzTest") {
+  module_out_path = "filemanagement/user_file_service"
+  fuzz_config_file =
+      "${user_file_service_path}/test/fuzztest/externalfileaccessdelete_fuzzer"
+  include_dirs = [
+    "${user_file_service_path}/utils",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/app",
+    "${ability_runtime_kits_path}/appkit/native/app/include",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/context",
+    "${user_file_service_path}/interfaces/inner_api/file_access/include",
+  ]
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+  sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessdelete_fuzzer/externalfileaccessdelete_fuzzer.cpp" ]
+
+  deps = [
+    "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native",
+    "${ability_runtime_path}/frameworks/native/appkit:app_context",
+    "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx",
+    "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit",
+  ]
+
+  external_deps = [
+    "ability_base:want",
+    "ability_base:zuri",
+    "ability_runtime:ability_manager",
+    "ability_runtime:app_context",
+    "ability_runtime:extensionkit_native",
+    "ability_runtime:napi_common",
+    "ability_runtime:runtime",
+    "access_token:libaccesstoken_sdk",
+    "access_token:libnativetoken",
+    "access_token:libtoken_setproc",
+    "bundle_framework:appexecfwk_base",
+    "bundle_framework:appexecfwk_core",
+    "c_utils:utils",
+    "hilog:libhilog",
+    "hitrace:hitrace_meter",
+    "image_framework:image_native",
+    "ipc:ipc_core",
+    "napi:ace_napi",
+    "samgr:samgr_proxy",
+  ]
+}
+
+group("fuzztest") {
+  testonly = true
+  deps = [ ":ExternalFileAccessDeleteFuzzTest" ]
+}
diff --git a/test/fuzztest/externalfileaccessdelete_fuzzer/corpus/init b/test/fuzztest/externalfileaccessdelete_fuzzer/corpus/init
new file mode 100644
index 00000000..2b595da0
--- /dev/null
+++ b/test/fuzztest/externalfileaccessdelete_fuzzer/corpus/init
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessdelete_fuzzer/externalfileaccessdelete_fuzzer.cpp b/test/fuzztest/externalfileaccessdelete_fuzzer/externalfileaccessdelete_fuzzer.cpp
new file mode 100644
index 00000000..d6afb780
--- /dev/null
+++ b/test/fuzztest/externalfileaccessdelete_fuzzer/externalfileaccessdelete_fuzzer.cpp
@@ -0,0 +1,120 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "externalfileaccessdelete_fuzzer.h"
+
+#include <cstddef>
+#include <cstdint>
+#include <cstring>
+#include <memory>
+
+#include "extension_base.h"
+#include "extension_context.h"
+#include "message_parcel.h"
+#include "file_access_ext_stub.h"
+#include "file_access_ext_stub_impl.h"
+#include "file_access_ext_ability.h"
+#include "js_file_access_ext_ability.h"
+#include "js_runtime.h"
+#include "securec.h"
+#include "nativetoken_kit.h"
+#include "token_setproc.h"
+#include "accesstoken_kit.h"
+
+namespace OHOS {
+using namespace std;
+using namespace OHOS;
+using namespace FileAccessFwk;
+using namespace AbilityRuntime;
+constexpr size_t FOO_MAX_LEN = 1024;
+constexpr size_t U32_AT_SIZE = 4;
+
+
+enum {
+    TOKEN_INDEX_ONE = 0,
+};
+
+void SetNativeToken()
+{
+    uint64_t tokenId;
+    const char **perms = new const char *[1];
+    perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER";
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = 0,
+        .permsNum = 1,
+        .aclsNum = 0,
+        .dcaps = nullptr,
+        .perms = perms,
+        .acls = nullptr,
+        .aplStr = "system_core",
+    };
+
+    infoInstance.processName = "ExternalFileAccessDeleteFuzzTest";
+    tokenId = GetAccessTokenId(&infoInstance);
+    const uint64_t systemAppMask = (static_cast<uint64_t>(1) << 32);
+    tokenId |= systemAppMask;
+    SetSelfTokenID(tokenId);
+    OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
+    delete[] perms;
+}
+
+bool ExternalFileAccessDeleteFuzzTest(std::unique_ptr<char[]> data, size_t size)
+{
+    SetNativeToken();
+    // CMD_DELETE
+    uint32_t code = 4;
+    MessageParcel datas;
+    datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor());
+    datas.WriteBuffer(data.get(), size);
+    datas.RewindRead(0);
+    MessageParcel reply;
+    MessageOption option;
+
+    auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr);
+    auto fileAccessExtAbilitySharePtr = std::shared_ptr<FileAccessExtAbility>(fileAccessExtAbility);
+
+    sptr<FileAccessExtStubImpl> fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl(
+        fileAccessExtAbilitySharePtr, nullptr));
+
+    fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option);
+    
+    fileAccessExtAbility = nullptr;
+    fileAccessExtStubObj = nullptr;
+
+    return true;
+}
+} // namespace OHOS
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    /* Run your code on data */
+    if (data == nullptr) {
+        return 0;
+    }
+
+    /* Validate the length of size */
+    if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) {
+        return 0;
+    }
+
+    auto str = std::make_unique<char[]>(size + 1);
+    (void)memset_s(str.get(), size + 1, 0x00, size + 1);
+    if (memcpy_s(str.get(), size, data, size) != EOK) {
+        return 0;
+    }
+
+    OHOS::ExternalFileAccessDeleteFuzzTest(move(str), size);
+    return 0;
+}
diff --git a/test/fuzztest/externalfileaccessdelete_fuzzer/externalfileaccessdelete_fuzzer.h b/test/fuzztest/externalfileaccessdelete_fuzzer/externalfileaccessdelete_fuzzer.h
new file mode 100644
index 00000000..cc224346
--- /dev/null
+++ b/test/fuzztest/externalfileaccessdelete_fuzzer/externalfileaccessdelete_fuzzer.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_DELETE_FUZZER_H
+#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_DELETE_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "externalfileaccessdelete_fuzzer"
+
+#endif
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessdelete_fuzzer/project.xml b/test/fuzztest/externalfileaccessdelete_fuzzer/project.xml
new file mode 100644
index 00000000..2bb0dbd7
--- /dev/null
+++ b/test/fuzztest/externalfileaccessdelete_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2023 Huawei Device Co., Ltd.
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/BUILD.gn
new file mode 100644
index 00000000..5117fa82
--- /dev/null
+++ b/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/BUILD.gn
@@ -0,0 +1,69 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################hydra-fuzz###################
+import("//build/config/features.gni")
+import("//build/test.gni")
+import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni")
+ohos_fuzztest("ExternalFileAccessGetFileInfoFromRelativePathFuzzTest") {
+  module_out_path = "filemanagement/user_file_service"
+  fuzz_config_file = "${user_file_service_path}/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer"
+  include_dirs = [
+    "${user_file_service_path}/utils",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/app",
+    "${ability_runtime_kits_path}/appkit/native/app/include",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/context",
+    "${user_file_service_path}/interfaces/inner_api/file_access/include",
+  ]
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+  sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/externalfileaccessgetfileinfofromrelativepath_fuzzer.cpp" ]
+
+  deps = [
+    "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native",
+    "${ability_runtime_path}/frameworks/native/appkit:app_context",
+    "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx",
+    "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit",
+  ]
+
+  external_deps = [
+    "ability_base:want",
+    "ability_base:zuri",
+    "ability_runtime:ability_manager",
+    "ability_runtime:app_context",
+    "ability_runtime:extensionkit_native",
+    "ability_runtime:napi_common",
+    "ability_runtime:runtime",
+    "access_token:libaccesstoken_sdk",
+    "access_token:libnativetoken",
+    "access_token:libtoken_setproc",
+    "bundle_framework:appexecfwk_base",
+    "bundle_framework:appexecfwk_core",
+    "c_utils:utils",
+    "hilog:libhilog",
+    "hitrace:hitrace_meter",
+    "image_framework:image_native",
+    "ipc:ipc_core",
+    "napi:ace_napi",
+    "samgr:samgr_proxy",
+  ]
+}
+
+group("fuzztest") {
+  testonly = true
+  deps = [ ":ExternalFileAccessGetFileInfoFromRelativePathFuzzTest" ]
+}
diff --git a/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/corpus/init b/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/corpus/init
new file mode 100644
index 00000000..2b595da0
--- /dev/null
+++ b/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/corpus/init
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/externalfileaccessgetfileinfofromrelativepath_fuzzer.cpp b/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/externalfileaccessgetfileinfofromrelativepath_fuzzer.cpp
new file mode 100644
index 00000000..879f9560
--- /dev/null
+++ b/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/externalfileaccessgetfileinfofromrelativepath_fuzzer.cpp
@@ -0,0 +1,120 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "externalfileaccessgetfileinfofromrelativepath_fuzzer.h"
+
+#include <cstddef>
+#include <cstdint>
+#include <cstring>
+#include <memory>
+
+#include "extension_base.h"
+#include "extension_context.h"
+#include "message_parcel.h"
+#include "file_access_ext_stub.h"
+#include "file_access_ext_stub_impl.h"
+#include "file_access_ext_ability.h"
+#include "js_file_access_ext_ability.h"
+#include "js_runtime.h"
+#include "securec.h"
+#include "nativetoken_kit.h"
+#include "token_setproc.h"
+#include "accesstoken_kit.h"
+
+namespace OHOS {
+using namespace std;
+using namespace OHOS;
+using namespace FileAccessFwk;
+using namespace AbilityRuntime;
+constexpr size_t FOO_MAX_LEN = 1024;
+constexpr size_t U32_AT_SIZE = 4;
+
+
+enum {
+    TOKEN_INDEX_ONE = 0,
+};
+
+void SetNativeToken()
+{
+    uint64_t tokenId;
+    const char **perms = new const char *[1];
+    perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER";
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = 0,
+        .permsNum = 1,
+        .aclsNum = 0,
+        .dcaps = nullptr,
+        .perms = perms,
+        .acls = nullptr,
+        .aplStr = "system_core",
+    };
+
+    infoInstance.processName = "ExternalFileAccessGetFileInfoFromRelativePathFuzzTest";
+    tokenId = GetAccessTokenId(&infoInstance);
+    const uint64_t systemAppMask = (static_cast<uint64_t>(1) << 32);
+    tokenId |= systemAppMask;
+    SetSelfTokenID(tokenId);
+    OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
+    delete[] perms;
+}
+
+bool ExternalFileAccessGetFileInfoFromRelativePathFuzzTest(std::unique_ptr<char[]> data, size_t size)
+{
+    SetNativeToken();
+    // CMD_GET_FILEINFO_FROM_RELATIVE_PATH
+    uint32_t code = 17;
+    MessageParcel datas;
+    datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor());
+    datas.WriteBuffer(data.get(), size);
+    datas.RewindRead(0);
+    MessageParcel reply;
+    MessageOption option;
+
+    auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr);
+    auto fileAccessExtAbilitySharePtr = std::shared_ptr<FileAccessExtAbility>(fileAccessExtAbility);
+
+    sptr<FileAccessExtStubImpl> fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl(
+        fileAccessExtAbilitySharePtr, nullptr));
+
+    fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option);
+    
+    fileAccessExtAbility = nullptr;
+    fileAccessExtStubObj = nullptr;
+
+    return true;
+}
+} // namespace OHOS
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    /* Run your code on data */
+    if (data == nullptr) {
+        return 0;
+    }
+
+    /* Validate the length of size */
+    if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) {
+        return 0;
+    }
+
+    auto str = std::make_unique<char[]>(size + 1);
+    (void)memset_s(str.get(), size + 1, 0x00, size + 1);
+    if (memcpy_s(str.get(), size, data, size) != EOK) {
+        return 0;
+    }
+
+    OHOS::ExternalFileAccessGetFileInfoFromRelativePathFuzzTest(move(str), size);
+    return 0;
+}
diff --git a/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/externalfileaccessgetfileinfofromrelativepath_fuzzer.h b/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/externalfileaccessgetfileinfofromrelativepath_fuzzer.h
new file mode 100644
index 00000000..e8e5b9f1
--- /dev/null
+++ b/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/externalfileaccessgetfileinfofromrelativepath_fuzzer.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_GET_FILEINFO_RELATIVEPATH_FUZZER_H
+#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_GET_FILEINFO_RELATIVEPATH_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "externalfileaccessgetfileinfofromrelativepath_fuzzer"
+
+#endif
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/project.xml b/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/project.xml
new file mode 100644
index 00000000..2bb0dbd7
--- /dev/null
+++ b/test/fuzztest/externalfileaccessgetfileinfofromrelativepath_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2023 Huawei Device Co., Ltd.
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/BUILD.gn
new file mode 100644
index 00000000..2d63b4d0
--- /dev/null
+++ b/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/BUILD.gn
@@ -0,0 +1,69 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################hydra-fuzz###################
+import("//build/config/features.gni")
+import("//build/test.gni")
+import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni")
+ohos_fuzztest("ExternalFileAccessGetFileInfoFromUriFuzzTest") {
+  module_out_path = "filemanagement/user_file_service"
+  fuzz_config_file = "${user_file_service_path}/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer"
+  include_dirs = [
+    "${user_file_service_path}/utils",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/app",
+    "${ability_runtime_kits_path}/appkit/native/app/include",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/context",
+    "${user_file_service_path}/interfaces/inner_api/file_access/include",
+  ]
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+  sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/externalfileaccessgetfileinfofromuri_fuzzer.cpp" ]
+
+  deps = [
+    "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native",
+    "${ability_runtime_path}/frameworks/native/appkit:app_context",
+    "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx",
+    "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit",
+  ]
+
+  external_deps = [
+    "ability_base:want",
+    "ability_base:zuri",
+    "ability_runtime:ability_manager",
+    "ability_runtime:app_context",
+    "ability_runtime:extensionkit_native",
+    "ability_runtime:napi_common",
+    "ability_runtime:runtime",
+    "access_token:libaccesstoken_sdk",
+    "access_token:libnativetoken",
+    "access_token:libtoken_setproc",
+    "bundle_framework:appexecfwk_base",
+    "bundle_framework:appexecfwk_core",
+    "c_utils:utils",
+    "hilog:libhilog",
+    "hitrace:hitrace_meter",
+    "image_framework:image_native",
+    "ipc:ipc_core",
+    "napi:ace_napi",
+    "samgr:samgr_proxy",
+  ]
+}
+
+group("fuzztest") {
+  testonly = true
+  deps = [ ":ExternalFileAccessGetFileInfoFromUriFuzzTest" ]
+}
diff --git a/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/corpus/init b/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/corpus/init
new file mode 100644
index 00000000..2b595da0
--- /dev/null
+++ b/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/corpus/init
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/externalfileaccessgetfileinfofromuri_fuzzer.cpp b/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/externalfileaccessgetfileinfofromuri_fuzzer.cpp
new file mode 100644
index 00000000..30d23022
--- /dev/null
+++ b/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/externalfileaccessgetfileinfofromuri_fuzzer.cpp
@@ -0,0 +1,120 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "externalfileaccessgetfileinfofromuri_fuzzer.h"
+
+#include <cstddef>
+#include <cstdint>
+#include <cstring>
+#include <memory>
+
+#include "extension_base.h"
+#include "extension_context.h"
+#include "message_parcel.h"
+#include "file_access_ext_stub.h"
+#include "file_access_ext_stub_impl.h"
+#include "file_access_ext_ability.h"
+#include "js_file_access_ext_ability.h"
+#include "js_runtime.h"
+#include "securec.h"
+#include "nativetoken_kit.h"
+#include "token_setproc.h"
+#include "accesstoken_kit.h"
+
+namespace OHOS {
+using namespace std;
+using namespace OHOS;
+using namespace FileAccessFwk;
+using namespace AbilityRuntime;
+constexpr size_t FOO_MAX_LEN = 1024;
+constexpr size_t U32_AT_SIZE = 4;
+
+
+enum {
+    TOKEN_INDEX_ONE = 0,
+};
+
+void SetNativeToken()
+{
+    uint64_t tokenId;
+    const char **perms = new const char *[1];
+    perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER";
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = 0,
+        .permsNum = 1,
+        .aclsNum = 0,
+        .dcaps = nullptr,
+        .perms = perms,
+        .acls = nullptr,
+        .aplStr = "system_core",
+    };
+
+    infoInstance.processName = "ExternalFileAccessGetFileInfoFromUriFuzzTest";
+    tokenId = GetAccessTokenId(&infoInstance);
+    const uint64_t systemAppMask = (static_cast<uint64_t>(1) << 32);
+    tokenId |= systemAppMask;
+    SetSelfTokenID(tokenId);
+    OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
+    delete[] perms;
+}
+
+bool ExternalFileAccessGetFileInfoFromUriFuzzTest(std::unique_ptr<char[]> data, size_t size)
+{
+    SetNativeToken();
+    // CMD_GET_FILEINFO_FROM_URI
+    uint32_t code = 16;
+    MessageParcel datas;
+    datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor());
+    datas.WriteBuffer(data.get(), size);
+    datas.RewindRead(0);
+    MessageParcel reply;
+    MessageOption option;
+
+    auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr);
+    auto fileAccessExtAbilitySharePtr = std::shared_ptr<FileAccessExtAbility>(fileAccessExtAbility);
+
+    sptr<FileAccessExtStubImpl> fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl(
+        fileAccessExtAbilitySharePtr, nullptr));
+
+    fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option);
+    
+    fileAccessExtAbility = nullptr;
+    fileAccessExtStubObj = nullptr;
+
+    return true;
+}
+} // namespace OHOS
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    /* Run your code on data */
+    if (data == nullptr) {
+        return 0;
+    }
+
+    /* Validate the length of size */
+    if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) {
+        return 0;
+    }
+
+    auto str = std::make_unique<char[]>(size + 1);
+    (void)memset_s(str.get(), size + 1, 0x00, size + 1);
+    if (memcpy_s(str.get(), size, data, size) != EOK) {
+        return 0;
+    }
+
+    OHOS::ExternalFileAccessGetFileInfoFromUriFuzzTest(move(str), size);
+    return 0;
+}
diff --git a/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/externalfileaccessgetfileinfofromuri_fuzzer.h b/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/externalfileaccessgetfileinfofromuri_fuzzer.h
new file mode 100644
index 00000000..8a7e6e67
--- /dev/null
+++ b/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/externalfileaccessgetfileinfofromuri_fuzzer.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_GET_FILEINFO_URI_FUZZER_H
+#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_GET_FILEINFO_URI_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "externalfileaccessgetfileinfofromuri_fuzzer"
+
+#endif
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/project.xml b/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/project.xml
new file mode 100644
index 00000000..2bb0dbd7
--- /dev/null
+++ b/test/fuzztest/externalfileaccessgetfileinfofromuri_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2023 Huawei Device Co., Ltd.
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/test/fuzztest/externalfileaccessgetroots_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessgetroots_fuzzer/BUILD.gn
new file mode 100644
index 00000000..baddb4ff
--- /dev/null
+++ b/test/fuzztest/externalfileaccessgetroots_fuzzer/BUILD.gn
@@ -0,0 +1,69 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################hydra-fuzz###################
+import("//build/config/features.gni")
+import("//build/test.gni")
+import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni")
+ohos_fuzztest("ExternalFileAccessGetRootsFuzzTest") {
+  module_out_path = "filemanagement/user_file_service"
+  fuzz_config_file = "${user_file_service_path}/test/fuzztest/externalfileaccessgetroots_fuzzer"
+  include_dirs = [
+    "${user_file_service_path}/utils",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/app",
+    "${ability_runtime_kits_path}/appkit/native/app/include",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/context",
+    "${user_file_service_path}/interfaces/inner_api/file_access/include",
+  ]
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+  sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessgetroots_fuzzer/externalfileaccessgetroots_fuzzer.cpp" ]
+
+  deps = [
+    "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native",
+    "${ability_runtime_path}/frameworks/native/appkit:app_context",
+    "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx",
+    "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit",
+  ]
+
+  external_deps = [
+    "ability_base:want",
+    "ability_base:zuri",
+    "ability_runtime:ability_manager",
+    "ability_runtime:app_context",
+    "ability_runtime:extensionkit_native",
+    "ability_runtime:napi_common",
+    "ability_runtime:runtime",
+    "access_token:libaccesstoken_sdk",
+    "access_token:libnativetoken",
+    "access_token:libtoken_setproc",
+    "bundle_framework:appexecfwk_base",
+    "bundle_framework:appexecfwk_core",
+    "c_utils:utils",
+    "hilog:libhilog",
+    "hitrace:hitrace_meter",
+    "image_framework:image_native",
+    "ipc:ipc_core",
+    "napi:ace_napi",
+    "samgr:samgr_proxy",
+  ]
+}
+
+group("fuzztest") {
+  testonly = true
+  deps = [ ":ExternalFileAccessGetRootsFuzzTest" ]
+}
diff --git a/test/fuzztest/externalfileaccessgetroots_fuzzer/corpus/init b/test/fuzztest/externalfileaccessgetroots_fuzzer/corpus/init
new file mode 100644
index 00000000..2b595da0
--- /dev/null
+++ b/test/fuzztest/externalfileaccessgetroots_fuzzer/corpus/init
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessgetroots_fuzzer/externalfileaccessgetroots_fuzzer.cpp b/test/fuzztest/externalfileaccessgetroots_fuzzer/externalfileaccessgetroots_fuzzer.cpp
new file mode 100644
index 00000000..efc87b4e
--- /dev/null
+++ b/test/fuzztest/externalfileaccessgetroots_fuzzer/externalfileaccessgetroots_fuzzer.cpp
@@ -0,0 +1,120 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "externalfileaccessgetroots_fuzzer.h"
+
+#include <cstddef>
+#include <cstdint>
+#include <cstring>
+#include <memory>
+
+#include "extension_base.h"
+#include "extension_context.h"
+#include "message_parcel.h"
+#include "file_access_ext_stub.h"
+#include "file_access_ext_stub_impl.h"
+#include "file_access_ext_ability.h"
+#include "js_file_access_ext_ability.h"
+#include "js_runtime.h"
+#include "securec.h"
+#include "nativetoken_kit.h"
+#include "token_setproc.h"
+#include "accesstoken_kit.h"
+
+namespace OHOS {
+using namespace std;
+using namespace OHOS;
+using namespace FileAccessFwk;
+using namespace AbilityRuntime;
+constexpr size_t FOO_MAX_LEN = 1024;
+constexpr size_t U32_AT_SIZE = 4;
+
+
+enum {
+    TOKEN_INDEX_ONE = 0,
+};
+
+void SetNativeToken()
+{
+    uint64_t tokenId;
+    const char **perms = new const char *[1];
+    perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER";
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = 0,
+        .permsNum = 1,
+        .aclsNum = 0,
+        .dcaps = nullptr,
+        .perms = perms,
+        .acls = nullptr,
+        .aplStr = "system_core",
+    };
+
+    infoInstance.processName = "ExternalFileAccessGetRootsFuzzTest";
+    tokenId = GetAccessTokenId(&infoInstance);
+    const uint64_t systemAppMask = (static_cast<uint64_t>(1) << 32);
+    tokenId |= systemAppMask;
+    SetSelfTokenID(tokenId);
+    OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
+    delete[] perms;
+}
+
+bool ExternalFileAccessGetRootsFuzzTest(std::unique_ptr<char[]> data, size_t size)
+{
+    SetNativeToken();
+    // CMD_GET_ROOTS
+    uint32_t code = 13;
+    MessageParcel datas;
+    datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor());
+    datas.WriteBuffer(data.get(), size);
+    datas.RewindRead(0);
+    MessageParcel reply;
+    MessageOption option;
+
+    auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr);
+    auto fileAccessExtAbilitySharePtr = std::shared_ptr<FileAccessExtAbility>(fileAccessExtAbility);
+
+    sptr<FileAccessExtStubImpl> fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl(
+        fileAccessExtAbilitySharePtr, nullptr));
+
+    fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option);
+    
+    fileAccessExtAbility = nullptr;
+    fileAccessExtStubObj = nullptr;
+
+    return true;
+}
+} // namespace OHOS
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    /* Run your code on data */
+    if (data == nullptr) {
+        return 0;
+    }
+
+    /* Validate the length of size */
+    if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) {
+        return 0;
+    }
+
+    auto str = std::make_unique<char[]>(size + 1);
+    (void)memset_s(str.get(), size + 1, 0x00, size + 1);
+    if (memcpy_s(str.get(), size, data, size) != EOK) {
+        return 0;
+    }
+
+    OHOS::ExternalFileAccessGetRootsFuzzTest(move(str), size);
+    return 0;
+}
diff --git a/test/fuzztest/externalfileaccessgetroots_fuzzer/externalfileaccessgetroots_fuzzer.h b/test/fuzztest/externalfileaccessgetroots_fuzzer/externalfileaccessgetroots_fuzzer.h
new file mode 100644
index 00000000..120b7bc6
--- /dev/null
+++ b/test/fuzztest/externalfileaccessgetroots_fuzzer/externalfileaccessgetroots_fuzzer.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_GET_ROOTS_FUZZER_H
+#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_GET_ROOTS_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "externalfileaccessgetroots_fuzzer"
+
+#endif
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessgetroots_fuzzer/project.xml b/test/fuzztest/externalfileaccessgetroots_fuzzer/project.xml
new file mode 100644
index 00000000..2bb0dbd7
--- /dev/null
+++ b/test/fuzztest/externalfileaccessgetroots_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2023 Huawei Device Co., Ltd.
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/BUILD.gn
new file mode 100644
index 00000000..488e4830
--- /dev/null
+++ b/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/BUILD.gn
@@ -0,0 +1,69 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################hydra-fuzz###################
+import("//build/config/features.gni")
+import("//build/test.gni")
+import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni")
+ohos_fuzztest("ExternalFileAccessGetThumbnailFuzzTest") {
+  module_out_path = "filemanagement/user_file_service"
+  fuzz_config_file = "${user_file_service_path}/test/fuzztest/externalfileaccessgetthumbnail_fuzzer"
+  include_dirs = [
+    "${user_file_service_path}/utils",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/app",
+    "${ability_runtime_kits_path}/appkit/native/app/include",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/context",
+    "${user_file_service_path}/interfaces/inner_api/file_access/include",
+  ]
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+  sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/externalfileaccessgetthumbnail_fuzzer.cpp" ]
+
+  deps = [
+    "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native",
+    "${ability_runtime_path}/frameworks/native/appkit:app_context",
+    "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx",
+    "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit",
+  ]
+
+  external_deps = [
+    "ability_base:want",
+    "ability_base:zuri",
+    "ability_runtime:ability_manager",
+    "ability_runtime:app_context",
+    "ability_runtime:extensionkit_native",
+    "ability_runtime:napi_common",
+    "ability_runtime:runtime",
+    "access_token:libaccesstoken_sdk",
+    "access_token:libnativetoken",
+    "access_token:libtoken_setproc",
+    "bundle_framework:appexecfwk_base",
+    "bundle_framework:appexecfwk_core",
+    "c_utils:utils",
+    "hilog:libhilog",
+    "hitrace:hitrace_meter",
+    "image_framework:image_native",
+    "ipc:ipc_core",
+    "napi:ace_napi",
+    "samgr:samgr_proxy",
+  ]
+}
+
+group("fuzztest") {
+  testonly = true
+  deps = [ ":ExternalFileAccessGetThumbnailFuzzTest" ]
+}
diff --git a/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/corpus/init b/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/corpus/init
new file mode 100644
index 00000000..2b595da0
--- /dev/null
+++ b/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/corpus/init
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/externalfileaccessgetthumbnail_fuzzer.cpp b/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/externalfileaccessgetthumbnail_fuzzer.cpp
new file mode 100644
index 00000000..4eb68cb3
--- /dev/null
+++ b/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/externalfileaccessgetthumbnail_fuzzer.cpp
@@ -0,0 +1,120 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "externalfileaccessgetthumbnail_fuzzer.h"
+
+#include <cstddef>
+#include <cstdint>
+#include <cstring>
+#include <memory>
+
+#include "extension_base.h"
+#include "extension_context.h"
+#include "message_parcel.h"
+#include "file_access_ext_stub.h"
+#include "file_access_ext_stub_impl.h"
+#include "file_access_ext_ability.h"
+#include "js_file_access_ext_ability.h"
+#include "js_runtime.h"
+#include "securec.h"
+#include "nativetoken_kit.h"
+#include "token_setproc.h"
+#include "accesstoken_kit.h"
+
+namespace OHOS {
+using namespace std;
+using namespace OHOS;
+using namespace FileAccessFwk;
+using namespace AbilityRuntime;
+constexpr size_t FOO_MAX_LEN = 1024;
+constexpr size_t U32_AT_SIZE = 4;
+
+
+enum {
+    TOKEN_INDEX_ONE = 0,
+};
+
+void SetNativeToken()
+{
+    uint64_t tokenId;
+    const char **perms = new const char *[1];
+    perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER";
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = 0,
+        .permsNum = 1,
+        .aclsNum = 0,
+        .dcaps = nullptr,
+        .perms = perms,
+        .acls = nullptr,
+        .aplStr = "system_core",
+    };
+
+    infoInstance.processName = "ExternalFileAccessGetThumbnailFuzzTest";
+    tokenId = GetAccessTokenId(&infoInstance);
+    const uint64_t systemAppMask = (static_cast<uint64_t>(1) << 32);
+    tokenId |= systemAppMask;
+    SetSelfTokenID(tokenId);
+    OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
+    delete[] perms;
+}
+
+bool ExternalFileAccessGetThumbnailFuzzTest(std::unique_ptr<char[]> data, size_t size)
+{
+    SetNativeToken();
+    // CMD_GET_THUMBNAIL
+    uint32_t code = 15;
+    MessageParcel datas;
+    datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor());
+    datas.WriteBuffer(data.get(), size);
+    datas.RewindRead(0);
+    MessageParcel reply;
+    MessageOption option;
+
+    auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr);
+    auto fileAccessExtAbilitySharePtr = std::shared_ptr<FileAccessExtAbility>(fileAccessExtAbility);
+
+    sptr<FileAccessExtStubImpl> fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl(
+        fileAccessExtAbilitySharePtr, nullptr));
+
+    fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option);
+    
+    fileAccessExtAbility = nullptr;
+    fileAccessExtStubObj = nullptr;
+
+    return true;
+}
+} // namespace OHOS
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    /* Run your code on data */
+    if (data == nullptr) {
+        return 0;
+    }
+
+    /* Validate the length of size */
+    if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) {
+        return 0;
+    }
+
+    auto str = std::make_unique<char[]>(size + 1);
+    (void)memset_s(str.get(), size + 1, 0x00, size + 1);
+    if (memcpy_s(str.get(), size, data, size) != EOK) {
+        return 0;
+    }
+
+    OHOS::ExternalFileAccessGetThumbnailFuzzTest(move(str), size);
+    return 0;
+}
diff --git a/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/externalfileaccessgetthumbnail_fuzzer.h b/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/externalfileaccessgetthumbnail_fuzzer.h
new file mode 100644
index 00000000..eae80c7a
--- /dev/null
+++ b/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/externalfileaccessgetthumbnail_fuzzer.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_GET_THUMBNAIL_FUZZER_H
+#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_GET_THUMBNAIL_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "externalfileaccessgetthumbnail_fuzzer"
+
+#endif
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/project.xml b/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/project.xml
new file mode 100644
index 00000000..2bb0dbd7
--- /dev/null
+++ b/test/fuzztest/externalfileaccessgetthumbnail_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2023 Huawei Device Co., Ltd.
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/test/fuzztest/externalfileaccesslistfile_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccesslistfile_fuzzer/BUILD.gn
new file mode 100644
index 00000000..6890b87c
--- /dev/null
+++ b/test/fuzztest/externalfileaccesslistfile_fuzzer/BUILD.gn
@@ -0,0 +1,69 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################hydra-fuzz###################
+import("//build/config/features.gni")
+import("//build/test.gni")
+import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni")
+ohos_fuzztest("ExternalFileAccessListFileFuzzTest") {
+  module_out_path = "filemanagement/user_file_service"
+  fuzz_config_file = "${user_file_service_path}/test/fuzztest/externalfileaccesslistfile_fuzzer"
+  include_dirs = [
+    "${user_file_service_path}/utils",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/app",
+    "${ability_runtime_kits_path}/appkit/native/app/include",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/context",
+    "${user_file_service_path}/interfaces/inner_api/file_access/include",
+  ]
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+  sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccesslistfile_fuzzer/externalfileaccesslistfile_fuzzer.cpp" ]
+
+  deps = [
+    "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native",
+    "${ability_runtime_path}/frameworks/native/appkit:app_context",
+    "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx",
+    "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit",
+  ]
+
+  external_deps = [
+    "ability_base:want",
+    "ability_base:zuri",
+    "ability_runtime:ability_manager",
+    "ability_runtime:app_context",
+    "ability_runtime:extensionkit_native",
+    "ability_runtime:napi_common",
+    "ability_runtime:runtime",
+    "access_token:libaccesstoken_sdk",
+    "access_token:libnativetoken",
+    "access_token:libtoken_setproc",
+    "bundle_framework:appexecfwk_base",
+    "bundle_framework:appexecfwk_core",
+    "c_utils:utils",
+    "hilog:libhilog",
+    "hitrace:hitrace_meter",
+    "image_framework:image_native",
+    "ipc:ipc_core",
+    "napi:ace_napi",
+    "samgr:samgr_proxy",
+  ]
+}
+
+group("fuzztest") {
+  testonly = true
+  deps = [ ":ExternalFileAccessListFileFuzzTest" ]
+}
diff --git a/test/fuzztest/externalfileaccesslistfile_fuzzer/corpus/init b/test/fuzztest/externalfileaccesslistfile_fuzzer/corpus/init
new file mode 100644
index 00000000..2b595da0
--- /dev/null
+++ b/test/fuzztest/externalfileaccesslistfile_fuzzer/corpus/init
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccesslistfile_fuzzer/externalfileaccesslistfile_fuzzer.cpp b/test/fuzztest/externalfileaccesslistfile_fuzzer/externalfileaccesslistfile_fuzzer.cpp
new file mode 100644
index 00000000..3ebb65b4
--- /dev/null
+++ b/test/fuzztest/externalfileaccesslistfile_fuzzer/externalfileaccesslistfile_fuzzer.cpp
@@ -0,0 +1,120 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "externalfileaccesslistfile_fuzzer.h"
+
+#include <cstddef>
+#include <cstdint>
+#include <cstring>
+#include <memory>
+
+#include "extension_base.h"
+#include "extension_context.h"
+#include "message_parcel.h"
+#include "file_access_ext_stub.h"
+#include "file_access_ext_stub_impl.h"
+#include "file_access_ext_ability.h"
+#include "js_file_access_ext_ability.h"
+#include "js_runtime.h"
+#include "securec.h"
+#include "nativetoken_kit.h"
+#include "token_setproc.h"
+#include "accesstoken_kit.h"
+
+namespace OHOS {
+using namespace std;
+using namespace OHOS;
+using namespace FileAccessFwk;
+using namespace AbilityRuntime;
+constexpr size_t FOO_MAX_LEN = 1024;
+constexpr size_t U32_AT_SIZE = 4;
+
+
+enum {
+    TOKEN_INDEX_ONE = 0,
+};
+
+void SetNativeToken()
+{
+    uint64_t tokenId;
+    const char **perms = new const char *[1];
+    perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER";
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = 0,
+        .permsNum = 1,
+        .aclsNum = 0,
+        .dcaps = nullptr,
+        .perms = perms,
+        .acls = nullptr,
+        .aplStr = "system_core",
+    };
+
+    infoInstance.processName = "ExternalFileAccessListFileFuzzTest";
+    tokenId = GetAccessTokenId(&infoInstance);
+    const uint64_t systemAppMask = (static_cast<uint64_t>(1) << 32);
+    tokenId |= systemAppMask;
+    SetSelfTokenID(tokenId);
+    OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
+    delete[] perms;
+}
+
+bool ExternalFileAccessListFileFuzzTest(std::unique_ptr<char[]> data, size_t size)
+{
+    SetNativeToken();
+    // CMD_LISTFILE
+    uint32_t code = 8;
+    MessageParcel datas;
+    datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor());
+    datas.WriteBuffer(data.get(), size);
+    datas.RewindRead(0);
+    MessageParcel reply;
+    MessageOption option;
+
+    auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr);
+    auto fileAccessExtAbilitySharePtr = std::shared_ptr<FileAccessExtAbility>(fileAccessExtAbility);
+
+    sptr<FileAccessExtStubImpl> fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl(
+        fileAccessExtAbilitySharePtr, nullptr));
+
+    fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option);
+    
+    fileAccessExtAbility = nullptr;
+    fileAccessExtStubObj = nullptr;
+
+    return true;
+}
+} // namespace OHOS
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    /* Run your code on data */
+    if (data == nullptr) {
+        return 0;
+    }
+
+    /* Validate the length of size */
+    if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) {
+        return 0;
+    }
+
+    auto str = std::make_unique<char[]>(size + 1);
+    (void)memset_s(str.get(), size + 1, 0x00, size + 1);
+    if (memcpy_s(str.get(), size, data, size) != EOK) {
+        return 0;
+    }
+
+    OHOS::ExternalFileAccessListFileFuzzTest(move(str), size);
+    return 0;
+}
diff --git a/test/fuzztest/externalfileaccesslistfile_fuzzer/externalfileaccesslistfile_fuzzer.h b/test/fuzztest/externalfileaccesslistfile_fuzzer/externalfileaccesslistfile_fuzzer.h
new file mode 100644
index 00000000..15fd85f4
--- /dev/null
+++ b/test/fuzztest/externalfileaccesslistfile_fuzzer/externalfileaccesslistfile_fuzzer.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_LIST_FILE_FUZZER_H
+#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_LIST_FILE_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "externalfileaccesslistfile_fuzzer"
+
+#endif
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccesslistfile_fuzzer/project.xml b/test/fuzztest/externalfileaccesslistfile_fuzzer/project.xml
new file mode 100644
index 00000000..2bb0dbd7
--- /dev/null
+++ b/test/fuzztest/externalfileaccesslistfile_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2023 Huawei Device Co., Ltd.
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/test/fuzztest/externalfileaccessmkdir_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessmkdir_fuzzer/BUILD.gn
new file mode 100644
index 00000000..54fcb5d1
--- /dev/null
+++ b/test/fuzztest/externalfileaccessmkdir_fuzzer/BUILD.gn
@@ -0,0 +1,70 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################hydra-fuzz###################
+import("//build/config/features.gni")
+import("//build/test.gni")
+import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni")
+ohos_fuzztest("ExternalFileAccessMkdirFuzzTest") {
+  module_out_path = "filemanagement/user_file_service"
+  fuzz_config_file =
+      "${user_file_service_path}/test/fuzztest/externalfileaccessmkdir_fuzzer"
+  include_dirs = [
+    "${user_file_service_path}/utils",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/app",
+    "${ability_runtime_kits_path}/appkit/native/app/include",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/context",
+    "${user_file_service_path}/interfaces/inner_api/file_access/include",
+  ]
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+  sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessmkdir_fuzzer/externalfileaccessmkdir_fuzzer.cpp" ]
+
+  deps = [
+    "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native",
+    "${ability_runtime_path}/frameworks/native/appkit:app_context",
+    "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx",
+    "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit",
+  ]
+
+  external_deps = [
+    "ability_base:want",
+    "ability_base:zuri",
+    "ability_runtime:ability_manager",
+    "ability_runtime:app_context",
+    "ability_runtime:extensionkit_native",
+    "ability_runtime:napi_common",
+    "ability_runtime:runtime",
+    "access_token:libaccesstoken_sdk",
+    "access_token:libnativetoken",
+    "access_token:libtoken_setproc",
+    "bundle_framework:appexecfwk_base",
+    "bundle_framework:appexecfwk_core",
+    "c_utils:utils",
+    "hilog:libhilog",
+    "hitrace:hitrace_meter",
+    "image_framework:image_native",
+    "ipc:ipc_core",
+    "napi:ace_napi",
+    "samgr:samgr_proxy",
+  ]
+}
+
+group("fuzztest") {
+  testonly = true
+  deps = [ ":ExternalFileAccessMkdirFuzzTest" ]
+}
diff --git a/test/fuzztest/externalfileaccessmkdir_fuzzer/corpus/init b/test/fuzztest/externalfileaccessmkdir_fuzzer/corpus/init
new file mode 100644
index 00000000..2b595da0
--- /dev/null
+++ b/test/fuzztest/externalfileaccessmkdir_fuzzer/corpus/init
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessmkdir_fuzzer/externalfileaccessmkdir_fuzzer.cpp b/test/fuzztest/externalfileaccessmkdir_fuzzer/externalfileaccessmkdir_fuzzer.cpp
new file mode 100644
index 00000000..4b693043
--- /dev/null
+++ b/test/fuzztest/externalfileaccessmkdir_fuzzer/externalfileaccessmkdir_fuzzer.cpp
@@ -0,0 +1,120 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "externalfileaccessmkdir_fuzzer.h"
+
+#include <cstddef>
+#include <cstdint>
+#include <cstring>
+#include <memory>
+
+#include "extension_base.h"
+#include "extension_context.h"
+#include "message_parcel.h"
+#include "file_access_ext_stub.h"
+#include "file_access_ext_stub_impl.h"
+#include "file_access_ext_ability.h"
+#include "js_file_access_ext_ability.h"
+#include "js_runtime.h"
+#include "securec.h"
+#include "nativetoken_kit.h"
+#include "token_setproc.h"
+#include "accesstoken_kit.h"
+
+namespace OHOS {
+using namespace std;
+using namespace OHOS;
+using namespace FileAccessFwk;
+using namespace AbilityRuntime;
+constexpr size_t FOO_MAX_LEN = 1024;
+constexpr size_t U32_AT_SIZE = 4;
+
+
+enum {
+    TOKEN_INDEX_ONE = 0,
+};
+
+void SetNativeToken()
+{
+    uint64_t tokenId;
+    const char **perms = new const char *[1];
+    perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER";
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = 0,
+        .permsNum = 1,
+        .aclsNum = 0,
+        .dcaps = nullptr,
+        .perms = perms,
+        .acls = nullptr,
+        .aplStr = "system_core",
+    };
+
+    infoInstance.processName = "ExternalFileAccessMkdirFuzzTest";
+    tokenId = GetAccessTokenId(&infoInstance);
+    const uint64_t systemAppMask = (static_cast<uint64_t>(1) << 32);
+    tokenId |= systemAppMask;
+    SetSelfTokenID(tokenId);
+    OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
+    delete[] perms;
+}
+
+bool ExternalFileAccessMkdirFuzzTest(std::unique_ptr<char[]> data, size_t size)
+{
+    SetNativeToken();
+    // CMD_MKDIR
+    uint32_t code = 3;
+    MessageParcel datas;
+    datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor());
+    datas.WriteBuffer(data.get(), size);
+    datas.RewindRead(0);
+    MessageParcel reply;
+    MessageOption option;
+
+    auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr);
+    auto fileAccessExtAbilitySharePtr = std::shared_ptr<FileAccessExtAbility>(fileAccessExtAbility);
+
+    sptr<FileAccessExtStubImpl> fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl(
+        fileAccessExtAbilitySharePtr, nullptr));
+
+    fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option);
+    
+    fileAccessExtAbility = nullptr;
+    fileAccessExtStubObj = nullptr;
+
+    return true;
+}
+} // namespace OHOS
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    /* Run your code on data */
+    if (data == nullptr) {
+        return 0;
+    }
+
+    /* Validate the length of size */
+    if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) {
+        return 0;
+    }
+
+    auto str = std::make_unique<char[]>(size + 1);
+    (void)memset_s(str.get(), size + 1, 0x00, size + 1);
+    if (memcpy_s(str.get(), size, data, size) != EOK) {
+        return 0;
+    }
+
+    OHOS::ExternalFileAccessMkdirFuzzTest(move(str), size);
+    return 0;
+}
diff --git a/test/fuzztest/externalfileaccessmkdir_fuzzer/externalfileaccessmkdir_fuzzer.h b/test/fuzztest/externalfileaccessmkdir_fuzzer/externalfileaccessmkdir_fuzzer.h
new file mode 100644
index 00000000..111bc329
--- /dev/null
+++ b/test/fuzztest/externalfileaccessmkdir_fuzzer/externalfileaccessmkdir_fuzzer.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_MKDIR_FUZZER_H
+#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_MKDIR_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "externalfileaccessmkdir_fuzzer"
+
+#endif
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessmkdir_fuzzer/project.xml b/test/fuzztest/externalfileaccessmkdir_fuzzer/project.xml
new file mode 100644
index 00000000..2bb0dbd7
--- /dev/null
+++ b/test/fuzztest/externalfileaccessmkdir_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2023 Huawei Device Co., Ltd.
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/test/fuzztest/externalfileaccessmove_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessmove_fuzzer/BUILD.gn
new file mode 100644
index 00000000..bcd18429
--- /dev/null
+++ b/test/fuzztest/externalfileaccessmove_fuzzer/BUILD.gn
@@ -0,0 +1,70 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################hydra-fuzz###################
+import("//build/config/features.gni")
+import("//build/test.gni")
+import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni")
+ohos_fuzztest("ExternalFileAccessMoveFuzzTest") {
+  module_out_path = "filemanagement/user_file_service"
+  fuzz_config_file =
+      "${user_file_service_path}/test/fuzztest/externalfileaccessmove_fuzzer"
+  include_dirs = [
+    "${user_file_service_path}/utils",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/app",
+    "${ability_runtime_kits_path}/appkit/native/app/include",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/context",
+    "${user_file_service_path}/interfaces/inner_api/file_access/include",
+  ]
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+  sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessmove_fuzzer/externalfileaccessmove_fuzzer.cpp" ]
+
+  deps = [
+    "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native",
+    "${ability_runtime_path}/frameworks/native/appkit:app_context",
+    "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx",
+    "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit",
+  ]
+
+  external_deps = [
+    "ability_base:want",
+    "ability_base:zuri",
+    "ability_runtime:ability_manager",
+    "ability_runtime:app_context",
+    "ability_runtime:extensionkit_native",
+    "ability_runtime:napi_common",
+    "ability_runtime:runtime",
+    "access_token:libaccesstoken_sdk",
+    "access_token:libnativetoken",
+    "access_token:libtoken_setproc",
+    "bundle_framework:appexecfwk_base",
+    "bundle_framework:appexecfwk_core",
+    "c_utils:utils",
+    "hilog:libhilog",
+    "hitrace:hitrace_meter",
+    "image_framework:image_native",
+    "ipc:ipc_core",
+    "napi:ace_napi",
+    "samgr:samgr_proxy",
+  ]
+}
+
+group("fuzztest") {
+  testonly = true
+  deps = [ ":ExternalFileAccessMoveFuzzTest" ]
+}
diff --git a/test/fuzztest/externalfileaccessmove_fuzzer/corpus/init b/test/fuzztest/externalfileaccessmove_fuzzer/corpus/init
new file mode 100644
index 00000000..2b595da0
--- /dev/null
+++ b/test/fuzztest/externalfileaccessmove_fuzzer/corpus/init
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessmove_fuzzer/externalfileaccessmove_fuzzer.cpp b/test/fuzztest/externalfileaccessmove_fuzzer/externalfileaccessmove_fuzzer.cpp
new file mode 100644
index 00000000..b5731f0a
--- /dev/null
+++ b/test/fuzztest/externalfileaccessmove_fuzzer/externalfileaccessmove_fuzzer.cpp
@@ -0,0 +1,120 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "externalfileaccessmove_fuzzer.h"
+
+#include <cstddef>
+#include <cstdint>
+#include <cstring>
+#include <memory>
+
+#include "extension_base.h"
+#include "extension_context.h"
+#include "message_parcel.h"
+#include "file_access_ext_stub.h"
+#include "file_access_ext_stub_impl.h"
+#include "file_access_ext_ability.h"
+#include "js_file_access_ext_ability.h"
+#include "js_runtime.h"
+#include "securec.h"
+#include "nativetoken_kit.h"
+#include "token_setproc.h"
+#include "accesstoken_kit.h"
+
+namespace OHOS {
+using namespace std;
+using namespace OHOS;
+using namespace FileAccessFwk;
+using namespace AbilityRuntime;
+constexpr size_t FOO_MAX_LEN = 1024;
+constexpr size_t U32_AT_SIZE = 4;
+
+
+enum {
+    TOKEN_INDEX_ONE = 0,
+};
+
+void SetNativeToken()
+{
+    uint64_t tokenId;
+    const char **perms = new const char *[1];
+    perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER";
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = 0,
+        .permsNum = 1,
+        .aclsNum = 0,
+        .dcaps = nullptr,
+        .perms = perms,
+        .acls = nullptr,
+        .aplStr = "system_core",
+    };
+
+    infoInstance.processName = "ExternalFileAccessMoveFuzzTest";
+    tokenId = GetAccessTokenId(&infoInstance);
+    const uint64_t systemAppMask = (static_cast<uint64_t>(1) << 32);
+    tokenId |= systemAppMask;
+    SetSelfTokenID(tokenId);
+    OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
+    delete[] perms;
+}
+
+bool ExternalFileAccessMoveFuzzTest(std::unique_ptr<char[]> data, size_t size)
+{
+    SetNativeToken();
+    // CMD_MOVE
+    uint32_t code = 5;
+    MessageParcel datas;
+    datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor());
+    datas.WriteBuffer(data.get(), size);
+    datas.RewindRead(0);
+    MessageParcel reply;
+    MessageOption option;
+
+    auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr);
+    auto fileAccessExtAbilitySharePtr = std::shared_ptr<FileAccessExtAbility>(fileAccessExtAbility);
+
+    sptr<FileAccessExtStubImpl> fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl(
+        fileAccessExtAbilitySharePtr, nullptr));
+
+    fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option);
+    
+    fileAccessExtAbility = nullptr;
+    fileAccessExtStubObj = nullptr;
+
+    return true;
+}
+} // namespace OHOS
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    /* Run your code on data */
+    if (data == nullptr) {
+        return 0;
+    }
+
+    /* Validate the length of size */
+    if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) {
+        return 0;
+    }
+
+    auto str = std::make_unique<char[]>(size + 1);
+    (void)memset_s(str.get(), size + 1, 0x00, size + 1);
+    if (memcpy_s(str.get(), size, data, size) != EOK) {
+        return 0;
+    }
+
+    OHOS::ExternalFileAccessMoveFuzzTest(move(str), size);
+    return 0;
+}
diff --git a/test/fuzztest/externalfileaccessmove_fuzzer/externalfileaccessmove_fuzzer.h b/test/fuzztest/externalfileaccessmove_fuzzer/externalfileaccessmove_fuzzer.h
new file mode 100644
index 00000000..76d20fb1
--- /dev/null
+++ b/test/fuzztest/externalfileaccessmove_fuzzer/externalfileaccessmove_fuzzer.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_MOVE_FUZZER_H
+#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_MOVE_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "externalfileaccessmove_fuzzer"
+
+#endif
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessmove_fuzzer/project.xml b/test/fuzztest/externalfileaccessmove_fuzzer/project.xml
new file mode 100644
index 00000000..2bb0dbd7
--- /dev/null
+++ b/test/fuzztest/externalfileaccessmove_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2023 Huawei Device Co., Ltd.
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/test/fuzztest/externalfileaccessopenfile_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessopenfile_fuzzer/BUILD.gn
new file mode 100644
index 00000000..f5b21d25
--- /dev/null
+++ b/test/fuzztest/externalfileaccessopenfile_fuzzer/BUILD.gn
@@ -0,0 +1,70 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################hydra-fuzz###################
+import("//build/config/features.gni")
+import("//build/test.gni")
+import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni")
+ohos_fuzztest("ExternalFileAccessOpenFileFuzzTest") {
+  module_out_path = "filemanagement/user_file_service"
+  fuzz_config_file =
+      "${user_file_service_path}/test/fuzztest/externalfileaccessrename_fuzzer"
+  include_dirs = [
+    "${user_file_service_path}/utils",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/app",
+    "${ability_runtime_kits_path}/appkit/native/app/include",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/context",
+    "${user_file_service_path}/interfaces/inner_api/file_access/include",
+  ]
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+  sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessrename_fuzzer/externalfileaccessrename_fuzzer.cpp" ]
+
+  deps = [
+    "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native",
+    "${ability_runtime_path}/frameworks/native/appkit:app_context",
+    "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx",
+    "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit",
+  ]
+
+  external_deps = [
+    "ability_base:want",
+    "ability_base:zuri",
+    "ability_runtime:ability_manager",
+    "ability_runtime:app_context",
+    "ability_runtime:extensionkit_native",
+    "ability_runtime:napi_common",
+    "ability_runtime:runtime",
+    "access_token:libaccesstoken_sdk",
+    "access_token:libnativetoken",
+    "access_token:libtoken_setproc",
+    "bundle_framework:appexecfwk_base",
+    "bundle_framework:appexecfwk_core",
+    "c_utils:utils",
+    "hilog:libhilog",
+    "hitrace:hitrace_meter",
+    "image_framework:image_native",
+    "ipc:ipc_core",
+    "napi:ace_napi",
+    "samgr:samgr_proxy",
+  ]
+}
+
+group("fuzztest") {
+  testonly = true
+  deps = [ ":ExternalFileAccessOpenFileFuzzTest" ]
+}
diff --git a/test/fuzztest/externalfileaccessopenfile_fuzzer/corpus/init b/test/fuzztest/externalfileaccessopenfile_fuzzer/corpus/init
new file mode 100644
index 00000000..2b595da0
--- /dev/null
+++ b/test/fuzztest/externalfileaccessopenfile_fuzzer/corpus/init
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessopenfile_fuzzer/externalfileaccessopenfile_fuzzer.cpp b/test/fuzztest/externalfileaccessopenfile_fuzzer/externalfileaccessopenfile_fuzzer.cpp
new file mode 100644
index 00000000..d404bc00
--- /dev/null
+++ b/test/fuzztest/externalfileaccessopenfile_fuzzer/externalfileaccessopenfile_fuzzer.cpp
@@ -0,0 +1,120 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "externalfileaccessopenfile_fuzzer.h"
+
+#include <cstddef>
+#include <cstdint>
+#include <cstring>
+#include <memory>
+
+#include "extension_base.h"
+#include "extension_context.h"
+#include "message_parcel.h"
+#include "file_access_ext_stub.h"
+#include "file_access_ext_stub_impl.h"
+#include "file_access_ext_ability.h"
+#include "js_file_access_ext_ability.h"
+#include "js_runtime.h"
+#include "securec.h"
+#include "nativetoken_kit.h"
+#include "token_setproc.h"
+#include "accesstoken_kit.h"
+
+namespace OHOS {
+using namespace std;
+using namespace OHOS;
+using namespace FileAccessFwk;
+using namespace AbilityRuntime;
+constexpr size_t FOO_MAX_LEN = 1024;
+constexpr size_t U32_AT_SIZE = 4;
+
+
+enum {
+    TOKEN_INDEX_ONE = 0,
+};
+
+void SetNativeToken()
+{
+    uint64_t tokenId;
+    const char **perms = new const char *[1];
+    perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER";
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = 0,
+        .permsNum = 1,
+        .aclsNum = 0,
+        .dcaps = nullptr,
+        .perms = perms,
+        .acls = nullptr,
+        .aplStr = "system_core",
+    };
+
+    infoInstance.processName = "ExternalFileAccessOpenFileFuzzTest";
+    tokenId = GetAccessTokenId(&infoInstance);
+    const uint64_t systemAppMask = (static_cast<uint64_t>(1) << 32);
+    tokenId |= systemAppMask;
+    SetSelfTokenID(tokenId);
+    OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
+    delete[] perms;
+}
+
+bool ExternalFileAccessOpenFileFuzzTest(std::unique_ptr<char[]> data, size_t size)
+{
+    SetNativeToken();
+    // CMD_OPENFILE
+    uint32_t code = 1;
+    MessageParcel datas;
+    datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor());
+    datas.WriteBuffer(data.get(), size);
+    datas.RewindRead(0);
+    MessageParcel reply;
+    MessageOption option;
+
+    auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr);
+    auto fileAccessExtAbilitySharePtr = std::shared_ptr<FileAccessExtAbility>(fileAccessExtAbility);
+
+    sptr<FileAccessExtStubImpl> fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl(
+        fileAccessExtAbilitySharePtr, nullptr));
+
+    fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option);
+    
+    fileAccessExtAbility = nullptr;
+    fileAccessExtStubObj = nullptr;
+
+    return true;
+}
+} // namespace OHOS
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    /* Run your code on data */
+    if (data == nullptr) {
+        return 0;
+    }
+
+    /* Validate the length of size */
+    if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) {
+        return 0;
+    }
+
+    auto str = std::make_unique<char[]>(size + 1);
+    (void)memset_s(str.get(), size + 1, 0x00, size + 1);
+    if (memcpy_s(str.get(), size, data, size) != EOK) {
+        return 0;
+    }
+
+    OHOS::ExternalFileAccessOpenFileFuzzTest(move(str), size);
+    return 0;
+}
diff --git a/test/fuzztest/externalfileaccessopenfile_fuzzer/externalfileaccessopenfile_fuzzer.h b/test/fuzztest/externalfileaccessopenfile_fuzzer/externalfileaccessopenfile_fuzzer.h
new file mode 100644
index 00000000..80865c06
--- /dev/null
+++ b/test/fuzztest/externalfileaccessopenfile_fuzzer/externalfileaccessopenfile_fuzzer.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_OPEN_FILE_FUZZER_H
+#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_OPEN_FILE_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "externalfileaccessopenfile_fuzzer"
+
+#endif
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessopenfile_fuzzer/project.xml b/test/fuzztest/externalfileaccessopenfile_fuzzer/project.xml
new file mode 100644
index 00000000..2bb0dbd7
--- /dev/null
+++ b/test/fuzztest/externalfileaccessopenfile_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2023 Huawei Device Co., Ltd.
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/test/fuzztest/externalfileaccessrename_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessrename_fuzzer/BUILD.gn
new file mode 100644
index 00000000..b86979e7
--- /dev/null
+++ b/test/fuzztest/externalfileaccessrename_fuzzer/BUILD.gn
@@ -0,0 +1,70 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################hydra-fuzz###################
+import("//build/config/features.gni")
+import("//build/test.gni")
+import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni")
+ohos_fuzztest("ExternalFileAccessRenameFuzzTest") {
+  module_out_path = "filemanagement/user_file_service"
+  fuzz_config_file =
+      "${user_file_service_path}/test/fuzztest/externalfileaccessrename_fuzzer"
+  include_dirs = [
+    "${user_file_service_path}/utils",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/app",
+    "${ability_runtime_kits_path}/appkit/native/app/include",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/context",
+    "${user_file_service_path}/interfaces/inner_api/file_access/include",
+  ]
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+  sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessrename_fuzzer/externalfileaccessrename_fuzzer.cpp" ]
+
+  deps = [
+    "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native",
+    "${ability_runtime_path}/frameworks/native/appkit:app_context",
+    "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx",
+    "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit",
+  ]
+
+  external_deps = [
+    "ability_base:want",
+    "ability_base:zuri",
+    "ability_runtime:ability_manager",
+    "ability_runtime:app_context",
+    "ability_runtime:extensionkit_native",
+    "ability_runtime:napi_common",
+    "ability_runtime:runtime",
+    "access_token:libaccesstoken_sdk",
+    "access_token:libnativetoken",
+    "access_token:libtoken_setproc",
+    "bundle_framework:appexecfwk_base",
+    "bundle_framework:appexecfwk_core",
+    "c_utils:utils",
+    "hilog:libhilog",
+    "hitrace:hitrace_meter",
+    "image_framework:image_native",
+    "ipc:ipc_core",
+    "napi:ace_napi",
+    "samgr:samgr_proxy",
+  ]
+}
+
+group("fuzztest") {
+  testonly = true
+  deps = [ ":ExternalFileAccessRenameFuzzTest" ]
+}
diff --git a/test/fuzztest/externalfileaccessrename_fuzzer/corpus/init b/test/fuzztest/externalfileaccessrename_fuzzer/corpus/init
new file mode 100644
index 00000000..2b595da0
--- /dev/null
+++ b/test/fuzztest/externalfileaccessrename_fuzzer/corpus/init
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessrename_fuzzer/externalfileaccessrename_fuzzer.cpp b/test/fuzztest/externalfileaccessrename_fuzzer/externalfileaccessrename_fuzzer.cpp
new file mode 100644
index 00000000..229d7e4d
--- /dev/null
+++ b/test/fuzztest/externalfileaccessrename_fuzzer/externalfileaccessrename_fuzzer.cpp
@@ -0,0 +1,120 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "externalfileaccessrename_fuzzer.h"
+
+#include <cstddef>
+#include <cstdint>
+#include <cstring>
+#include <memory>
+
+#include "extension_base.h"
+#include "extension_context.h"
+#include "message_parcel.h"
+#include "file_access_ext_stub.h"
+#include "file_access_ext_stub_impl.h"
+#include "file_access_ext_ability.h"
+#include "js_file_access_ext_ability.h"
+#include "js_runtime.h"
+#include "securec.h"
+#include "nativetoken_kit.h"
+#include "token_setproc.h"
+#include "accesstoken_kit.h"
+
+namespace OHOS {
+using namespace std;
+using namespace OHOS;
+using namespace FileAccessFwk;
+using namespace AbilityRuntime;
+constexpr size_t FOO_MAX_LEN = 1024;
+constexpr size_t U32_AT_SIZE = 4;
+
+
+enum {
+    TOKEN_INDEX_ONE = 0,
+};
+
+void SetNativeToken()
+{
+    uint64_t tokenId;
+    const char **perms = new const char *[1];
+    perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER";
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = 0,
+        .permsNum = 1,
+        .aclsNum = 0,
+        .dcaps = nullptr,
+        .perms = perms,
+        .acls = nullptr,
+        .aplStr = "system_core",
+    };
+
+    infoInstance.processName = "ExternalFileAccessRenameFuzzTest";
+    tokenId = GetAccessTokenId(&infoInstance);
+    const uint64_t systemAppMask = (static_cast<uint64_t>(1) << 32);
+    tokenId |= systemAppMask;
+    SetSelfTokenID(tokenId);
+    OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
+    delete[] perms;
+}
+
+bool ExternalFileAccessRenameFuzzTest(std::unique_ptr<char[]> data, size_t size)
+{
+    SetNativeToken();
+    // CMD_RENAME
+    uint32_t code = 7;
+    MessageParcel datas;
+    datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor());
+    datas.WriteBuffer(data.get(), size);
+    datas.RewindRead(0);
+    MessageParcel reply;
+    MessageOption option;
+
+    auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr);
+    auto fileAccessExtAbilitySharePtr = std::shared_ptr<FileAccessExtAbility>(fileAccessExtAbility);
+
+    sptr<FileAccessExtStubImpl> fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl(
+        fileAccessExtAbilitySharePtr, nullptr));
+
+    fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option);
+    
+    fileAccessExtAbility = nullptr;
+    fileAccessExtStubObj = nullptr;
+
+    return true;
+}
+} // namespace OHOS
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    /* Run your code on data */
+    if (data == nullptr) {
+        return 0;
+    }
+
+    /* Validate the length of size */
+    if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) {
+        return 0;
+    }
+
+    auto str = std::make_unique<char[]>(size + 1);
+    (void)memset_s(str.get(), size + 1, 0x00, size + 1);
+    if (memcpy_s(str.get(), size, data, size) != EOK) {
+        return 0;
+    }
+
+    OHOS::ExternalFileAccessRenameFuzzTest(move(str), size);
+    return 0;
+}
diff --git a/test/fuzztest/externalfileaccessrename_fuzzer/externalfileaccessrename_fuzzer.h b/test/fuzztest/externalfileaccessrename_fuzzer/externalfileaccessrename_fuzzer.h
new file mode 100644
index 00000000..e529c13b
--- /dev/null
+++ b/test/fuzztest/externalfileaccessrename_fuzzer/externalfileaccessrename_fuzzer.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_RENAME_FUZZER_H
+#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_RENAME_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "externalfileaccessrename_fuzzer"
+
+#endif
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessrename_fuzzer/project.xml b/test/fuzztest/externalfileaccessrename_fuzzer/project.xml
new file mode 100644
index 00000000..2bb0dbd7
--- /dev/null
+++ b/test/fuzztest/externalfileaccessrename_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2023 Huawei Device Co., Ltd.
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/test/fuzztest/externalfileaccessscanfile_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessscanfile_fuzzer/BUILD.gn
new file mode 100644
index 00000000..f1f168a5
--- /dev/null
+++ b/test/fuzztest/externalfileaccessscanfile_fuzzer/BUILD.gn
@@ -0,0 +1,69 @@
+# Copyright (c) 2023 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################hydra-fuzz###################
+import("//build/config/features.gni")
+import("//build/test.gni")
+import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni")
+ohos_fuzztest("ExternalFileAccessScanFileFuzzTest") {
+  module_out_path = "filemanagement/user_file_service"
+  fuzz_config_file = "${user_file_service_path}/test/fuzztest/externalfileaccessscanfile_fuzzer"
+  include_dirs = [
+    "${user_file_service_path}/utils",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/app",
+    "${ability_runtime_kits_path}/appkit/native/app/include",
+    "${ability_runtime_kits_path}/appkit/native/ability_runtime/context",
+    "${user_file_service_path}/interfaces/inner_api/file_access/include",
+  ]
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+  sources = [ "${user_file_service_path}/test/fuzztest/externalfileaccessscanfile_fuzzer/externalfileaccessscanfile_fuzzer.cpp" ]
+
+  deps = [
+    "${ability_runtime_path}/frameworks/native/ability/native:abilitykit_native",
+    "${ability_runtime_path}/frameworks/native/appkit:app_context",
+    "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx",
+    "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit",
+  ]
+
+  external_deps = [
+    "ability_base:want",
+    "ability_base:zuri",
+    "ability_runtime:ability_manager",
+    "ability_runtime:app_context",
+    "ability_runtime:extensionkit_native",
+    "ability_runtime:napi_common",
+    "ability_runtime:runtime",
+    "access_token:libaccesstoken_sdk",
+    "access_token:libnativetoken",
+    "access_token:libtoken_setproc",
+    "bundle_framework:appexecfwk_base",
+    "bundle_framework:appexecfwk_core",
+    "c_utils:utils",
+    "hilog:libhilog",
+    "hitrace:hitrace_meter",
+    "image_framework:image_native",
+    "ipc:ipc_core",
+    "napi:ace_napi",
+    "samgr:samgr_proxy",
+  ]
+}
+
+group("fuzztest") {
+  testonly = true
+  deps = [ ":ExternalFileAccessScanFileFuzzTest" ]
+}
diff --git a/test/fuzztest/externalfileaccessscanfile_fuzzer/corpus/init b/test/fuzztest/externalfileaccessscanfile_fuzzer/corpus/init
new file mode 100644
index 00000000..2b595da0
--- /dev/null
+++ b/test/fuzztest/externalfileaccessscanfile_fuzzer/corpus/init
@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessscanfile_fuzzer/externalfileaccessscanfile_fuzzer.cpp b/test/fuzztest/externalfileaccessscanfile_fuzzer/externalfileaccessscanfile_fuzzer.cpp
new file mode 100644
index 00000000..7a93e1b0
--- /dev/null
+++ b/test/fuzztest/externalfileaccessscanfile_fuzzer/externalfileaccessscanfile_fuzzer.cpp
@@ -0,0 +1,120 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "externalfileaccessscanfile_fuzzer.h"
+
+#include <cstddef>
+#include <cstdint>
+#include <cstring>
+#include <memory>
+
+#include "extension_base.h"
+#include "extension_context.h"
+#include "message_parcel.h"
+#include "file_access_ext_stub.h"
+#include "file_access_ext_stub_impl.h"
+#include "file_access_ext_ability.h"
+#include "js_file_access_ext_ability.h"
+#include "js_runtime.h"
+#include "securec.h"
+#include "nativetoken_kit.h"
+#include "token_setproc.h"
+#include "accesstoken_kit.h"
+
+namespace OHOS {
+using namespace std;
+using namespace OHOS;
+using namespace FileAccessFwk;
+using namespace AbilityRuntime;
+constexpr size_t FOO_MAX_LEN = 1024;
+constexpr size_t U32_AT_SIZE = 4;
+
+
+enum {
+    TOKEN_INDEX_ONE = 0,
+};
+
+void SetNativeToken()
+{
+    uint64_t tokenId;
+    const char **perms = new const char *[1];
+    perms[TOKEN_INDEX_ONE] = "ohos.permission.FILE_ACCESS_MANAGER";
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = 0,
+        .permsNum = 1,
+        .aclsNum = 0,
+        .dcaps = nullptr,
+        .perms = perms,
+        .acls = nullptr,
+        .aplStr = "system_core",
+    };
+
+    infoInstance.processName = "ExternalFileAccessScanFileFuzzTest";
+    tokenId = GetAccessTokenId(&infoInstance);
+    const uint64_t systemAppMask = (static_cast<uint64_t>(1) << 32);
+    tokenId |= systemAppMask;
+    SetSelfTokenID(tokenId);
+    OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
+    delete[] perms;
+}
+
+bool ExternalFileAccessScanFileFuzzTest(std::unique_ptr<char[]> data, size_t size)
+{
+    SetNativeToken();
+    // CMD_SCANFILE
+    uint32_t code = 9;
+    MessageParcel datas;
+    datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor());
+    datas.WriteBuffer(data.get(), size);
+    datas.RewindRead(0);
+    MessageParcel reply;
+    MessageOption option;
+
+    auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr);
+    auto fileAccessExtAbilitySharePtr = std::shared_ptr<FileAccessExtAbility>(fileAccessExtAbility);
+
+    sptr<FileAccessExtStubImpl> fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl(
+        fileAccessExtAbilitySharePtr, nullptr));
+
+    fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option);
+    
+    fileAccessExtAbility = nullptr;
+    fileAccessExtStubObj = nullptr;
+
+    return true;
+}
+} // namespace OHOS
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    /* Run your code on data */
+    if (data == nullptr) {
+        return 0;
+    }
+
+    /* Validate the length of size */
+    if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) {
+        return 0;
+    }
+
+    auto str = std::make_unique<char[]>(size + 1);
+    (void)memset_s(str.get(), size + 1, 0x00, size + 1);
+    if (memcpy_s(str.get(), size, data, size) != EOK) {
+        return 0;
+    }
+
+    OHOS::ExternalFileAccessScanFileFuzzTest(move(str), size);
+    return 0;
+}
diff --git a/test/fuzztest/externalfileaccessscanfile_fuzzer/externalfileaccessscanfile_fuzzer.h b/test/fuzztest/externalfileaccessscanfile_fuzzer/externalfileaccessscanfile_fuzzer.h
new file mode 100644
index 00000000..4e4e9e64
--- /dev/null
+++ b/test/fuzztest/externalfileaccessscanfile_fuzzer/externalfileaccessscanfile_fuzzer.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2023 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_SCAN_FILE_FUZZER_H
+#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_SCAN_FILE_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "externalfileaccessscanfile_fuzzer"
+
+#endif
\ No newline at end of file
diff --git a/test/fuzztest/externalfileaccessscanfile_fuzzer/project.xml b/test/fuzztest/externalfileaccessscanfile_fuzzer/project.xml
new file mode 100644
index 00000000..2bb0dbd7
--- /dev/null
+++ b/test/fuzztest/externalfileaccessscanfile_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2023 Huawei Device Co., Ltd.
+  Licensed under the Apache License, Version 2.0 (the "License");
+  you may not use this file except in compliance with the License.
+  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
-- 
Gitee