diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp index f99286c1323738c4961d31e2548df58ef9ce48d3..9340bd92044625c431d2535748ddc1d8a7a801be 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp @@ -36,6 +36,8 @@ namespace AccessToken { namespace { static AccessTokenID g_selfTokenId = 0; static constexpr int32_t THIRTY_TIME_CYCLES = 30; +static constexpr int32_t MAX_EXTENDED_MAP_SIZE = 512; +static constexpr int32_t MAX_VALUE_LENGTH = 1024; const std::string APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM = "enterprise_mdm"; const std::string APP_DISTRIBUTION_TYPE_NONE = "none"; const std::string OVER_SIZE_STR = @@ -1008,99 +1010,121 @@ HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest009, TestSize.Level1) EXPECT_EQ(ret, PERMISSION_DENIED); } -static void PreparePermissionDefinition( - HapInfoParams& infoParams, HapPolicyParams& policyParams) +/** + * @tc.name: InitHapTokenSpecsTest010 + * @tc.desc: aclExtendedMap size test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest010, TestSize.Level1) { - PermissionDef permDefBasic = { - .permissionName = "ohos.permission.test_basic", - .bundleName = "accesstoken_test", - .grantMode = 1, - .availableLevel = APL_SYSTEM_CORE, - .label = "label", - .labelId = 1, - .description = "test", - .descriptionId = 1, - .provisionEnable = true, - .isKernelEffect = true, - .hasValue = true, - }; - - PermissionDef permDef1 = permDefBasic; - permDef1.permissionName = "ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY"; - PermissionDef permDef2 = permDefBasic; - permDef2.permissionName = "ohos.permission.kernel.DISABLE_CODE_MEMORY_PROTECTION"; - permDef2.hasValue = false; - - policyParams.permList = {permDef1, permDef2}; + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; AccessTokenIDEx fullTokenId; - - // update permission definition int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); ASSERT_EQ(RET_SUCCESS, ret); + + for (size_t i = 0; i < MAX_EXTENDED_MAP_SIZE - 1; i++) { + policyParams.aclExtendedMap[std::to_string(i)] = std::to_string(i); + } + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(RET_SUCCESS, ret); + + policyParams.aclExtendedMap[std::to_string(MAX_EXTENDED_MAP_SIZE - 1)] = + std::to_string(MAX_EXTENDED_MAP_SIZE - 1); + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(RET_SUCCESS, ret); + + policyParams.aclExtendedMap[std::to_string(MAX_EXTENDED_MAP_SIZE)] = + std::to_string(MAX_EXTENDED_MAP_SIZE); + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + tokenID = fullTokenId.tokenIdExStruct.tokenID; + ret = AccessTokenKit::DeleteToken(tokenID); + EXPECT_EQ(RET_SUCCESS, ret); } /** - * @tc.name: InitHapTokenSpecsTest010 - * @tc.desc: InitHapToken permission with value + * @tc.name: InitHapTokenSpecsTest011 + * @tc.desc: aclExtendedMap content size test * @tc.type: FUNC * @tc.require: */ -HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest010, TestSize.Level1) +HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest011, TestSize.Level1) { HapInfoParams infoParams; HapPolicyParams policyParams; TestCommon::GetHapParams(infoParams, policyParams); policyParams.apl = APL_SYSTEM_CORE; - PreparePermissionDefinition(infoParams, policyParams); - PermissionStateFull permissionStateFull_basic = { - .permissionName = "ohos.permission.test_basic", - .isGeneral = false, - .resDeviceID = {"local"}, - .grantStatus = {PERMISSION_GRANTED}, - .grantFlags = {PERMISSION_SYSTEM_FIXED} - }; - - PermissionStateFull permissionStateFull001 = permissionStateFull_basic; - permissionStateFull001.permissionName = "ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY"; - PermissionStateFull permissionStateFull002 = permissionStateFull_basic; - permissionStateFull002.permissionName = "ohos.permission.kernel.DISABLE_CODE_MEMORY_PROTECTION"; - policyParams.permStateList = {permissionStateFull001, permissionStateFull002}; - policyParams.aclRequestedList = { - "ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY", - "ohos.permission.kernel.DISABLE_CODE_MEMORY_PROTECTION" - }; - policyParams.aclExtendedMap["ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY"] = "123"; AccessTokenIDEx fullTokenId; + policyParams.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = ""; int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + std::string testValue(MAX_VALUE_LENGTH - 1, '1'); + policyParams.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue; + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(RET_SUCCESS, ret); + + testValue.push_back('1'); + policyParams.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue; + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); ASSERT_EQ(RET_SUCCESS, ret); + testValue.push_back('1'); + policyParams.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue; + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ret = AccessTokenKit::DeleteToken(tokenID); EXPECT_EQ(RET_SUCCESS, ret); } /** - * @tc.name: InitHapTokenSpecsTest011 - * @tc.desc: InitHapToken with over large aclExtendedMap + * @tc.name: InitHapTokenSpecsTest012 + * @tc.desc: InitHapToken permission with value * @tc.type: FUNC * @tc.require: */ -HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest011, TestSize.Level1) +HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest012, TestSize.Level1) { HapInfoParams infoParams; HapPolicyParams policyParams; TestCommon::GetHapParams(infoParams, policyParams); policyParams.apl = APL_SYSTEM_CORE; - - for (size_t i = 0; i < 520; i++) { - policyParams.aclExtendedMap[std::to_string(i)] = std::to_string(i); - } - + TestCommon::TestPrepareKernelPermissionDefinition(infoParams, policyParams); + TestCommon::TestPrepareKernelPermissionStatus(policyParams); AccessTokenIDEx fullTokenId; int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + // switch to shell token + SetSelfTokenID(g_selfTokenId); + + std::vector kernelPermList; + ret = AccessTokenKit::GetKernelPermissions(tokenID, kernelPermList); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(2, kernelPermList.size()); + + std::string value; + ret = AccessTokenKit::GetReqPermissionByName( + tokenID, "ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY", value); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ("123", value); + + ret = AccessTokenKit::GetReqPermissionByName( + tokenID, "ohos.permission.kernel.ALLOW_EXECUTABLE_FORT_MEMORY", value); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ("456", value); + + ret = AccessTokenKit::DeleteToken(tokenID); + EXPECT_EQ(RET_SUCCESS, ret); } } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp index df8d70174ab9d0c87627b45394c95318686c45af..81e978b75c8c58a429405baf83359e732a0cb341 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp @@ -1001,6 +1001,67 @@ HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest010, TestSize.Level1) ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); } +/** + * @tc.name: UpdateHapTokenSpecsTest011 + * @tc.desc: InitHapToken permission with value + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest011, TestSize.Level1) +{ + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; + TestCommon::TestPrepareKernelPermissionDefinition(infoParams, policyParams); + TestCommon::TestPrepareKernelPermissionStatus(policyParams); + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + policyParams.aclExtendedMap["ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY"] = "1"; // modified value + policyParams.aclExtendedMap.erase("ohos.permission.kernel.ALLOW_EXECUTABLE_FORT_MEMORY"); // delete + auto it = policyParams.permStateList.begin(); + while (it != policyParams.permStateList.end()) { + if (it->permissionName == "ohos.permission.kernel.ALLOW_EXECUTABLE_FORT_MEMORY") { + policyParams.permStateList.erase(it); + break; + } + it++; + } + + UpdateHapInfoParams updateInfoParams = { + .appIDDesc = "AccessTOkenTestAppID", + .apiVersion = TestCommon::DEFAULT_API_VERSION, + .isSystemApp = true, + .appDistributionType = "", + }; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateInfoParams, policyParams); + ASSERT_EQ(RET_SUCCESS, ret); + + // switch to shell token + SetSelfTokenID(g_selfTokenId); + + std::vector kernelPermList; + ret = AccessTokenKit::GetKernelPermissions(tokenID, kernelPermList); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(2, kernelPermList.size()); + + std::string value; + ret = AccessTokenKit::GetReqPermissionByName( + tokenID, "ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY", value); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ("1", value); + + ret = AccessTokenKit::GetReqPermissionByName( + tokenID, "ohos.permission.kernel.ALLOW_EXECUTABLE_FORT_MEMORY", value); + ASSERT_EQ(ERR_PERMISSION_WITHOUT_VALUE, ret); + + ret = AccessTokenKit::DeleteToken(tokenID); + EXPECT_EQ(RET_SUCCESS, ret); +} + /** * @tc.name: UpdateHapTokenAbnormalTest001 * @tc.desc: test invaild UpdateHapInfoParams.appIDDesc diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp index 4502c407537d310f796c27a4a55ebf41cebcad39..2b71d7aefd3c7b534ff169a85833a92408974a05 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp @@ -538,6 +538,59 @@ HWTEST_F(GetPermissionTest, GetPermissionManagerInfoFuncTest001, TestSize.Level1 AccessTokenKit::GetPermissionManagerInfo(info); ASSERT_EQ(false, info.grantBundleName.empty()); } + +/** + * @tc.name: GetKernelPermissionTest001 + * @tc.desc: + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetPermissionTest, GetKernelPermissionTest001, TestSize.Level1) +{ + setuid(1); + std::vector kernelPermList; + int32_t ret = AccessTokenKit::GetKernelPermissions(123, kernelPermList); + EXPECT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, ret); + setuid(0); + + SetSelfTokenID(g_selfTokenId); + ret = AccessTokenKit::GetKernelPermissions(123, kernelPermList); + EXPECT_EQ(AccessTokenError::ERR_TOKEN_INVALID, ret); + + ret = AccessTokenKit::GetKernelPermissions(123, kernelPermList); + EXPECT_EQ(AccessTokenError::ERR_TOKEN_INVALID, ret); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ret = AccessTokenKit::GetKernelPermissions(tokenID, kernelPermList); + EXPECT_EQ(RET_SUCCESS, ret); + EXPECT_EQ(0, kernelPermList.size()); +} + +/** + * @tc.name: GetReqPermissionByNameTest001 + * @tc.desc: test Ge + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetPermissionTest, GetReqPermissionByNameTest001, TestSize.Level1) +{ + setuid(1); + std::string value; + int32_t ret = AccessTokenKit::GetReqPermissionByName(123, "ohos.permission.test1", value); + EXPECT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, ret); + setuid(0); + + SetSelfTokenID(g_selfTokenId); + ret = AccessTokenKit::GetReqPermissionByName(123, "ohos.permission.test1", value); + EXPECT_EQ(AccessTokenError::ERR_TOKEN_INVALID, ret); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ret = AccessTokenKit::GetReqPermissionByName(tokenID, "ohos.permission.test1", value); + EXPECT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); + + ret = AccessTokenKit::GetReqPermissionByName(tokenID, "ohos.permission.MANAGE_HAP_TOKENID", value); + EXPECT_EQ(AccessTokenError::ERR_PERMISSION_WITHOUT_VALUE, ret); +} } // namespace AccessToken } // namespace Security } // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/common/test_common.cpp b/interfaces/innerkits/accesstoken/test/unittest/common/test_common.cpp index fcf076812fe44734d54f528b92f0e40ab85a8b56..4e8846e2f33b8af8f483c5d02522e5ea351ba433 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/common/test_common.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/common/test_common.cpp @@ -204,6 +204,67 @@ void TestCommon::TestPreparePermDefList(HapPolicyParams &policy) policy.permList.emplace_back(permissionDefAlpha); } +void TestCommon::TestPrepareKernelPermissionDefinition( + HapInfoParams& infoParams, HapPolicyParams& policyParams) +{ + PermissionDef permDefBasic = { + .permissionName = "ohos.permission.test_basic", + .bundleName = "accesstoken_test", + .grantMode = 1, + .availableLevel = APL_SYSTEM_CORE, + .label = "label", + .labelId = 1, + .description = "test", + .descriptionId = 1, + .provisionEnable = true, + .isKernelEffect = true, + .hasValue = true, + }; + + PermissionDef permDef1 = permDefBasic; + permDef1.permissionName = "ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY"; + PermissionDef permDef2 = permDefBasic; + permDef2.permissionName = "ohos.permission.kernel.DISABLE_CODE_MEMORY_PROTECTION"; + permDef2.hasValue = false; + PermissionDef permDef3 = permDefBasic; + permDef3.permissionName = "ohos.permission.kernel.ALLOW_EXECUTABLE_FORT_MEMORY"; + permDef3.isKernelEffect = false; + + policyParams.permList = {permDef1, permDef2, permDef3}; + + AccessTokenIDEx fullTokenId; + + // update permission definition + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(RET_SUCCESS, ret); +} + +void TestCommon::TestPrepareKernelPermissionStatus(HapPolicyParams& policyParams) +{ + PermissionStateFull permissionStateFull_basic = { + .permissionName = "ohos.permission.test_basic", + .isGeneral = false, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_GRANTED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + PermissionStateFull permissionStateFull001 = permissionStateFull_basic; + permissionStateFull001.permissionName = "ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY"; + PermissionStateFull permissionStateFull002 = permissionStateFull_basic; + permissionStateFull002.permissionName = "ohos.permission.kernel.DISABLE_CODE_MEMORY_PROTECTION"; + PermissionStateFull permissionStateFull003 = permissionStateFull_basic; + permissionStateFull003.permissionName = "ohos.permission.kernel.ALLOW_EXECUTABLE_FORT_MEMORY"; + PermissionStateFull permissionStateFull004 = permissionStateFull_basic; + permissionStateFull004.permissionName = "ohos.permission.CAMERA"; + policyParams.permStateList = {permissionStateFull001, permissionStateFull002, + permissionStateFull003, permissionStateFull004}; + policyParams.aclExtendedMap["ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY"] = "123"; + policyParams.aclExtendedMap["ohos.permission.kernel.ALLOW_EXECUTABLE_FORT_MEMORY"] = "456"; + policyParams.aclExtendedMap["ohos.permission.test1"] = "test"; // filtered + policyParams.aclExtendedMap["ohos.permission.CAMERA"] = "789"; // filtered +} + AccessTokenID TestCommon::AllocTestToken( const HapInfoParams& hapInfo, const HapPolicyParams& hapPolicy) { diff --git a/interfaces/innerkits/accesstoken/test/unittest/common/test_common.h b/interfaces/innerkits/accesstoken/test/unittest/common/test_common.h index 74ab90f73eece08898d1cc541d0b00ee4cc44e97..ff7328356696d8c84b2af515da7565d7a307923b 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/common/test_common.h +++ b/interfaces/innerkits/accesstoken/test/unittest/common/test_common.h @@ -33,11 +33,15 @@ public: static void GetHapParams(HapInfoParams& infoParams, HapPolicyParams& policyParams); static void TestPreparePermStateList(HapPolicyParams &policy); static void TestPreparePermDefList(HapPolicyParams &policy); + static void TestPrepareKernelPermissionDefinition( + HapInfoParams& infoParams, HapPolicyParams& policyParams); + static void TestPrepareKernelPermissionStatus(HapPolicyParams& policyParams); static HapPolicyParams GetTestPolicyParams(); static HapInfoParams GetInfoManagerTestInfoParms(); static HapInfoParams GetInfoManagerTestNormalInfoParms(); static HapInfoParams GetInfoManagerTestSystemInfoParms(); static HapPolicyParams GetInfoManagerTestPolicyPrams(); + static AccessTokenID AllocTestToken(const HapInfoParams& hapInfo, const HapPolicyParams& hapPolicy); static void GetNativeTokenTest(); static uint64_t GetNativeToken(const char *processName, const char **perms, int32_t permNum); diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index b737f55917c9543bd92f4a7a9c1df5e21f11f9e5..d1e069a14fbea7a414a439d68423e6c412d14aea 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -848,13 +848,6 @@ void AccessTokenManagerStub::GetKernelPermissionsInner(MessageParcel& data, Mess reply.WriteUint32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteUint32 failed."); return; } - - if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } AccessTokenID tokenID; IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadUint32(tokenID), "ReadUint32 failed."); diff --git a/test/fuzztest/services/accesstoken/BUILD.gn b/test/fuzztest/services/accesstoken/BUILD.gn index cc53a5a6eea0da9563b8913871920ace39e0721b..e474ba0c7ebf09b4b484673974e40681515d21f7 100644 --- a/test/fuzztest/services/accesstoken/BUILD.gn +++ b/test/fuzztest/services/accesstoken/BUILD.gn @@ -29,6 +29,7 @@ group("fuzztest") { "gethaptokeninfoextstub_fuzzer:GetHapTokenInfoExtStubFuzzTest", "gethaptokeninfofromremotestub_fuzzer:GetHapTokenInfoFromRemoteStubFuzzTest", "gethaptokeninfostub_fuzzer:GetHapTokenInfoStubFuzzTest", + "getkernelpermissionsstub_fuzzer:GetKernelPermissionsStubFuzzTest", "getnativetokenidstub_fuzzer:GetNativeTokenIdStubFuzzTest", "getnativetokeninfostub_fuzzer:GetNativeTokenInfoStubFuzzTest", "getpermissionflagstub_fuzzer:GetPermissionFlagStubFuzzTest", @@ -36,6 +37,7 @@ group("fuzztest") { "getpermissionsstatusstub_fuzzer:GetPermissionsStatusStubFuzzTest", "getpermissionusedtypestub_fuzzer:GetPermissionUsedTypeStubFuzzTest", "getremotenativetokenidstub_fuzzer:GetRemoteNativeTokenIDStubFuzzTest", + "getreqpermissionbynamestub_fuzzer:GetReqPermissionByNameStubFuzzTest", "getreqpermissionsstub_fuzzer:GetReqPermissionsStubFuzzTest", "getselfpermissionsstatestub_fuzzer:GetSelfPermissionsStateStubFuzzTest", "gettokenidbyuseridstub_fuzzer:GetTokenIDByUserIDStubFuzzTest", diff --git a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..5a0763a72fb4c1d4acffd9960562d869281cd5fb --- /dev/null +++ b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/BUILD.gn @@ -0,0 +1,47 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../access_token_service_fuzz.gni") + +ohos_fuzztest("GetKernelPermissionsStubFuzzTest") { + module_out_path = module_output_path_service_access_token + fuzz_config_file = "." + + sources = [ "getkernelpermissionsstub_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = access_token_include_dirs + + deps = access_token_deps + + configs = [ "${access_token_path}/config:coverage_flags" ] + + external_deps = access_token_external_deps + + include_dirs += access_token_impl_include_dirs + + cflags_cc = access_token_cflags_cc + + sources += access_token_sources + + sources += access_token_impl_sources +} diff --git a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..e7c3fecd8d4d4816e40088113a2316bb9eb2e13f --- /dev/null +++ b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..5d18288f5acc58338dbd4d16f8a36df504c5bf72 --- /dev/null +++ b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.cpp @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "getkernelpermissionsstub_fuzzer.h" + +#include +#include +#include +#undef private +#include "accesstoken_fuzzdata.h" +#include "accesstoken_manager_service.h" +#include "i_accesstoken_manager.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; + +namespace OHOS { + bool GetKernelPermissionsStubFuzzTestFuzzTest(const uint8_t* data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + + AccessTokenFuzzData fuzzData(data, size); + AccessTokenID tokenId = fuzzData.GetData(); + + MessageParcel datas; + datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + if (!datas.WriteUint32(tokenId)) { + return false; + } + + uint32_t code = static_cast(AccessTokenInterfaceCode::GET_KERNEL_PERMISSIONS); + + MessageParcel reply; + MessageOption option; + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + + return true; + } +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::GetKernelPermissionsStubFuzzTestFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.h b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..4891253ee9bb420a7e5c7122f10737660d5b4822 --- /dev/null +++ b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_GETKERNELPERMISSIONSTUB_FUZZER_H +#define TEST_FUZZTEST_GETKERNELPERMISSIONSTUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "getkernelpermissionsstub_fuzzer.h" + +#endif // TEST_FUZZTEST_GETKERNELPERMISSIONSTUB_FUZZER_H diff --git a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..7133b2b92440904a5ed04b838733acea0f97486a --- /dev/null +++ b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..f2de773f08d93df3eeaef2b965bc0b52949d1224 --- /dev/null +++ b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/BUILD.gn @@ -0,0 +1,47 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../access_token_service_fuzz.gni") + +ohos_fuzztest("GetReqPermissionByNameStubFuzzTest") { + module_out_path = module_output_path_service_access_token + fuzz_config_file = "." + + sources = [ "getreqpermissionbynamestub_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = access_token_include_dirs + + deps = access_token_deps + + configs = [ "${access_token_path}/config:coverage_flags" ] + + external_deps = access_token_external_deps + + include_dirs += access_token_impl_include_dirs + + cflags_cc = access_token_cflags_cc + + sources += access_token_sources + + sources += access_token_impl_sources +} diff --git a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..e7c3fecd8d4d4816e40088113a2316bb9eb2e13f --- /dev/null +++ b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..d9f021801db41f5c66041eae2c9258f1d923dddf --- /dev/null +++ b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.cpp @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "getreqpermissionbynamestub_fuzzer.h" + +#include +#include +#include +#undef private +#include "accesstoken_fuzzdata.h" +#include "accesstoken_manager_service.h" +#include "i_accesstoken_manager.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; + +namespace OHOS { + bool GetKernelPermissionsStubFuzzTestFuzzTest(const uint8_t* data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + + AccessTokenFuzzData fuzzData(data, size); + AccessTokenID tokenId = fuzzData.GetData(); + std::string permissionName = fuzzData.GenerateStochasticString(); + MessageParcel datas; + datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + if (!datas.WriteUint32(tokenId) || !datas.WriteString(permissionName)) { + return false; + } + + uint32_t code = static_cast(AccessTokenInterfaceCode::GET_PERMISSION_BY_NAME); + + MessageParcel reply; + MessageOption option; + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + + return true; + } +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::GetKernelPermissionsStubFuzzTestFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.h b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..2463e7b0b7279a2729636926e0d27f5162d86e0d --- /dev/null +++ b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_GETREQPERMISSIONBYNAMESTUB_FUZZER_H +#define TEST_FUZZTEST_GETREQPERMISSIONBYNAMESTUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "getreqpermissionbynamestub_fuzzer" + +#endif // TEST_FUZZTEST_GETREQPERMISSIONBYNAMESTUB_FUZZER_H diff --git a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..7133b2b92440904a5ed04b838733acea0f97486a --- /dev/null +++ b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + +