From 242abb397d2658d7a3a47bd02d7e84be910c4f27 Mon Sep 17 00:00:00 2001 From: xia-bubai Date: Wed, 5 Mar 2025 20:14:51 +0800 Subject: [PATCH] add testcase about extended value Signed-off-by: xia-bubai --- .../HapTokenTest/init_hap_token_test.cpp | 138 ++++++++++-------- .../HapTokenTest/update_hap_token_test.cpp | 61 ++++++++ .../PermissionsTest/get_permission_test.cpp | 53 +++++++ .../test/unittest/common/test_common.cpp | 61 ++++++++ .../test/unittest/common/test_common.h | 4 + .../src/service/accesstoken_manager_stub.cpp | 7 - test/fuzztest/services/accesstoken/BUILD.gn | 2 + .../getkernelpermissionsstub_fuzzer/BUILD.gn | 47 ++++++ .../corpus/init | 14 ++ .../getkernelpermissionsstub_fuzzer.cpp | 61 ++++++++ .../getkernelpermissionsstub_fuzzer.h | 21 +++ .../project.xml | 25 ++++ .../BUILD.gn | 47 ++++++ .../corpus/init | 14 ++ .../getreqpermissionbynamestub_fuzzer.cpp | 61 ++++++++ .../getreqpermissionbynamestub_fuzzer.h | 21 +++ .../project.xml | 25 ++++ 17 files changed, 598 insertions(+), 64 deletions(-) create mode 100644 test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/BUILD.gn create mode 100644 test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/corpus/init create mode 100644 test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.cpp create mode 100644 test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.h create mode 100644 test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/project.xml create mode 100644 test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/BUILD.gn create mode 100644 test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/corpus/init create mode 100644 test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.cpp create mode 100644 test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.h create mode 100644 test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/project.xml diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp index f99286c13..9340bd920 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/init_hap_token_test.cpp @@ -36,6 +36,8 @@ namespace AccessToken { namespace { static AccessTokenID g_selfTokenId = 0; static constexpr int32_t THIRTY_TIME_CYCLES = 30; +static constexpr int32_t MAX_EXTENDED_MAP_SIZE = 512; +static constexpr int32_t MAX_VALUE_LENGTH = 1024; const std::string APP_DISTRIBUTION_TYPE_ENTERPRISE_MDM = "enterprise_mdm"; const std::string APP_DISTRIBUTION_TYPE_NONE = "none"; const std::string OVER_SIZE_STR = @@ -1008,99 +1010,121 @@ HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest009, TestSize.Level1) EXPECT_EQ(ret, PERMISSION_DENIED); } -static void PreparePermissionDefinition( - HapInfoParams& infoParams, HapPolicyParams& policyParams) +/** + * @tc.name: InitHapTokenSpecsTest010 + * @tc.desc: aclExtendedMap size test + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest010, TestSize.Level1) { - PermissionDef permDefBasic = { - .permissionName = "ohos.permission.test_basic", - .bundleName = "accesstoken_test", - .grantMode = 1, - .availableLevel = APL_SYSTEM_CORE, - .label = "label", - .labelId = 1, - .description = "test", - .descriptionId = 1, - .provisionEnable = true, - .isKernelEffect = true, - .hasValue = true, - }; - - PermissionDef permDef1 = permDefBasic; - permDef1.permissionName = "ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY"; - PermissionDef permDef2 = permDefBasic; - permDef2.permissionName = "ohos.permission.kernel.DISABLE_CODE_MEMORY_PROTECTION"; - permDef2.hasValue = false; - - policyParams.permList = {permDef1, permDef2}; + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; AccessTokenIDEx fullTokenId; - - // update permission definition int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); ASSERT_EQ(RET_SUCCESS, ret); + + for (size_t i = 0; i < MAX_EXTENDED_MAP_SIZE - 1; i++) { + policyParams.aclExtendedMap[std::to_string(i)] = std::to_string(i); + } + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(RET_SUCCESS, ret); + + policyParams.aclExtendedMap[std::to_string(MAX_EXTENDED_MAP_SIZE - 1)] = + std::to_string(MAX_EXTENDED_MAP_SIZE - 1); + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(RET_SUCCESS, ret); + + policyParams.aclExtendedMap[std::to_string(MAX_EXTENDED_MAP_SIZE)] = + std::to_string(MAX_EXTENDED_MAP_SIZE); + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + tokenID = fullTokenId.tokenIdExStruct.tokenID; + ret = AccessTokenKit::DeleteToken(tokenID); + EXPECT_EQ(RET_SUCCESS, ret); } /** - * @tc.name: InitHapTokenSpecsTest010 - * @tc.desc: InitHapToken permission with value + * @tc.name: InitHapTokenSpecsTest011 + * @tc.desc: aclExtendedMap content size test * @tc.type: FUNC * @tc.require: */ -HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest010, TestSize.Level1) +HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest011, TestSize.Level1) { HapInfoParams infoParams; HapPolicyParams policyParams; TestCommon::GetHapParams(infoParams, policyParams); policyParams.apl = APL_SYSTEM_CORE; - PreparePermissionDefinition(infoParams, policyParams); - PermissionStateFull permissionStateFull_basic = { - .permissionName = "ohos.permission.test_basic", - .isGeneral = false, - .resDeviceID = {"local"}, - .grantStatus = {PERMISSION_GRANTED}, - .grantFlags = {PERMISSION_SYSTEM_FIXED} - }; - - PermissionStateFull permissionStateFull001 = permissionStateFull_basic; - permissionStateFull001.permissionName = "ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY"; - PermissionStateFull permissionStateFull002 = permissionStateFull_basic; - permissionStateFull002.permissionName = "ohos.permission.kernel.DISABLE_CODE_MEMORY_PROTECTION"; - policyParams.permStateList = {permissionStateFull001, permissionStateFull002}; - policyParams.aclRequestedList = { - "ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY", - "ohos.permission.kernel.DISABLE_CODE_MEMORY_PROTECTION" - }; - policyParams.aclExtendedMap["ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY"] = "123"; AccessTokenIDEx fullTokenId; + policyParams.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = ""; int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); - AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + + std::string testValue(MAX_VALUE_LENGTH - 1, '1'); + policyParams.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue; + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(RET_SUCCESS, ret); + + testValue.push_back('1'); + policyParams.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue; + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); ASSERT_EQ(RET_SUCCESS, ret); + testValue.push_back('1'); + policyParams.aclExtendedMap["ohos.permission.ACCESS_CERT_MANAGER"] = testValue; + ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ret = AccessTokenKit::DeleteToken(tokenID); EXPECT_EQ(RET_SUCCESS, ret); } /** - * @tc.name: InitHapTokenSpecsTest011 - * @tc.desc: InitHapToken with over large aclExtendedMap + * @tc.name: InitHapTokenSpecsTest012 + * @tc.desc: InitHapToken permission with value * @tc.type: FUNC * @tc.require: */ -HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest011, TestSize.Level1) +HWTEST_F(InitHapTokenTest, InitHapTokenSpecsTest012, TestSize.Level1) { HapInfoParams infoParams; HapPolicyParams policyParams; TestCommon::GetHapParams(infoParams, policyParams); policyParams.apl = APL_SYSTEM_CORE; - - for (size_t i = 0; i < 520; i++) { - policyParams.aclExtendedMap[std::to_string(i)] = std::to_string(i); - } - + TestCommon::TestPrepareKernelPermissionDefinition(infoParams, policyParams); + TestCommon::TestPrepareKernelPermissionStatus(policyParams); AccessTokenIDEx fullTokenId; int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); - ASSERT_EQ(AccessTokenError::ERR_PARAM_INVALID, ret); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + // switch to shell token + SetSelfTokenID(g_selfTokenId); + + std::vector kernelPermList; + ret = AccessTokenKit::GetKernelPermissions(tokenID, kernelPermList); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(2, kernelPermList.size()); + + std::string value; + ret = AccessTokenKit::GetReqPermissionByName( + tokenID, "ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY", value); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ("123", value); + + ret = AccessTokenKit::GetReqPermissionByName( + tokenID, "ohos.permission.kernel.ALLOW_EXECUTABLE_FORT_MEMORY", value); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ("456", value); + + ret = AccessTokenKit::DeleteToken(tokenID); + EXPECT_EQ(RET_SUCCESS, ret); } } // namespace AccessToken } // namespace Security diff --git a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp index df8d70174..81e978b75 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/HapTokenTest/update_hap_token_test.cpp @@ -1001,6 +1001,67 @@ HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest010, TestSize.Level1) ASSERT_EQ(RET_SUCCESS, AccessTokenKit::DeleteToken(tokenID)); } +/** + * @tc.name: UpdateHapTokenSpecsTest011 + * @tc.desc: InitHapToken permission with value + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(UpdateHapTokenTest, UpdateHapTokenSpecsTest011, TestSize.Level1) +{ + HapInfoParams infoParams; + HapPolicyParams policyParams; + TestCommon::GetHapParams(infoParams, policyParams); + policyParams.apl = APL_SYSTEM_CORE; + TestCommon::TestPrepareKernelPermissionDefinition(infoParams, policyParams); + TestCommon::TestPrepareKernelPermissionStatus(policyParams); + AccessTokenIDEx fullTokenId; + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + AccessTokenID tokenID = fullTokenId.tokenIdExStruct.tokenID; + ASSERT_EQ(RET_SUCCESS, ret); + + policyParams.aclExtendedMap["ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY"] = "1"; // modified value + policyParams.aclExtendedMap.erase("ohos.permission.kernel.ALLOW_EXECUTABLE_FORT_MEMORY"); // delete + auto it = policyParams.permStateList.begin(); + while (it != policyParams.permStateList.end()) { + if (it->permissionName == "ohos.permission.kernel.ALLOW_EXECUTABLE_FORT_MEMORY") { + policyParams.permStateList.erase(it); + break; + } + it++; + } + + UpdateHapInfoParams updateInfoParams = { + .appIDDesc = "AccessTOkenTestAppID", + .apiVersion = TestCommon::DEFAULT_API_VERSION, + .isSystemApp = true, + .appDistributionType = "", + }; + ret = AccessTokenKit::UpdateHapToken(fullTokenId, updateInfoParams, policyParams); + ASSERT_EQ(RET_SUCCESS, ret); + + // switch to shell token + SetSelfTokenID(g_selfTokenId); + + std::vector kernelPermList; + ret = AccessTokenKit::GetKernelPermissions(tokenID, kernelPermList); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ(2, kernelPermList.size()); + + std::string value; + ret = AccessTokenKit::GetReqPermissionByName( + tokenID, "ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY", value); + ASSERT_EQ(RET_SUCCESS, ret); + ASSERT_EQ("1", value); + + ret = AccessTokenKit::GetReqPermissionByName( + tokenID, "ohos.permission.kernel.ALLOW_EXECUTABLE_FORT_MEMORY", value); + ASSERT_EQ(ERR_PERMISSION_WITHOUT_VALUE, ret); + + ret = AccessTokenKit::DeleteToken(tokenID); + EXPECT_EQ(RET_SUCCESS, ret); +} + /** * @tc.name: UpdateHapTokenAbnormalTest001 * @tc.desc: test invaild UpdateHapInfoParams.appIDDesc diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp index 4502c4075..2b71d7aef 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/PermissionsTest/get_permission_test.cpp @@ -538,6 +538,59 @@ HWTEST_F(GetPermissionTest, GetPermissionManagerInfoFuncTest001, TestSize.Level1 AccessTokenKit::GetPermissionManagerInfo(info); ASSERT_EQ(false, info.grantBundleName.empty()); } + +/** + * @tc.name: GetKernelPermissionTest001 + * @tc.desc: + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetPermissionTest, GetKernelPermissionTest001, TestSize.Level1) +{ + setuid(1); + std::vector kernelPermList; + int32_t ret = AccessTokenKit::GetKernelPermissions(123, kernelPermList); + EXPECT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, ret); + setuid(0); + + SetSelfTokenID(g_selfTokenId); + ret = AccessTokenKit::GetKernelPermissions(123, kernelPermList); + EXPECT_EQ(AccessTokenError::ERR_TOKEN_INVALID, ret); + + ret = AccessTokenKit::GetKernelPermissions(123, kernelPermList); + EXPECT_EQ(AccessTokenError::ERR_TOKEN_INVALID, ret); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ret = AccessTokenKit::GetKernelPermissions(tokenID, kernelPermList); + EXPECT_EQ(RET_SUCCESS, ret); + EXPECT_EQ(0, kernelPermList.size()); +} + +/** + * @tc.name: GetReqPermissionByNameTest001 + * @tc.desc: test Ge + * @tc.type: FUNC + * @tc.require: + */ +HWTEST_F(GetPermissionTest, GetReqPermissionByNameTest001, TestSize.Level1) +{ + setuid(1); + std::string value; + int32_t ret = AccessTokenKit::GetReqPermissionByName(123, "ohos.permission.test1", value); + EXPECT_EQ(AccessTokenError::ERR_PERMISSION_DENIED, ret); + setuid(0); + + SetSelfTokenID(g_selfTokenId); + ret = AccessTokenKit::GetReqPermissionByName(123, "ohos.permission.test1", value); + EXPECT_EQ(AccessTokenError::ERR_TOKEN_INVALID, ret); + + AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0); + ret = AccessTokenKit::GetReqPermissionByName(tokenID, "ohos.permission.test1", value); + EXPECT_EQ(AccessTokenError::ERR_PERMISSION_NOT_EXIST, ret); + + ret = AccessTokenKit::GetReqPermissionByName(tokenID, "ohos.permission.MANAGE_HAP_TOKENID", value); + EXPECT_EQ(AccessTokenError::ERR_PERMISSION_WITHOUT_VALUE, ret); +} } // namespace AccessToken } // namespace Security } // namespace OHOS \ No newline at end of file diff --git a/interfaces/innerkits/accesstoken/test/unittest/common/test_common.cpp b/interfaces/innerkits/accesstoken/test/unittest/common/test_common.cpp index fcf076812..4e8846e2f 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/common/test_common.cpp +++ b/interfaces/innerkits/accesstoken/test/unittest/common/test_common.cpp @@ -204,6 +204,67 @@ void TestCommon::TestPreparePermDefList(HapPolicyParams &policy) policy.permList.emplace_back(permissionDefAlpha); } +void TestCommon::TestPrepareKernelPermissionDefinition( + HapInfoParams& infoParams, HapPolicyParams& policyParams) +{ + PermissionDef permDefBasic = { + .permissionName = "ohos.permission.test_basic", + .bundleName = "accesstoken_test", + .grantMode = 1, + .availableLevel = APL_SYSTEM_CORE, + .label = "label", + .labelId = 1, + .description = "test", + .descriptionId = 1, + .provisionEnable = true, + .isKernelEffect = true, + .hasValue = true, + }; + + PermissionDef permDef1 = permDefBasic; + permDef1.permissionName = "ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY"; + PermissionDef permDef2 = permDefBasic; + permDef2.permissionName = "ohos.permission.kernel.DISABLE_CODE_MEMORY_PROTECTION"; + permDef2.hasValue = false; + PermissionDef permDef3 = permDefBasic; + permDef3.permissionName = "ohos.permission.kernel.ALLOW_EXECUTABLE_FORT_MEMORY"; + permDef3.isKernelEffect = false; + + policyParams.permList = {permDef1, permDef2, permDef3}; + + AccessTokenIDEx fullTokenId; + + // update permission definition + int32_t ret = AccessTokenKit::InitHapToken(infoParams, policyParams, fullTokenId); + ASSERT_EQ(RET_SUCCESS, ret); +} + +void TestCommon::TestPrepareKernelPermissionStatus(HapPolicyParams& policyParams) +{ + PermissionStateFull permissionStateFull_basic = { + .permissionName = "ohos.permission.test_basic", + .isGeneral = false, + .resDeviceID = {"local"}, + .grantStatus = {PERMISSION_GRANTED}, + .grantFlags = {PERMISSION_SYSTEM_FIXED} + }; + + PermissionStateFull permissionStateFull001 = permissionStateFull_basic; + permissionStateFull001.permissionName = "ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY"; + PermissionStateFull permissionStateFull002 = permissionStateFull_basic; + permissionStateFull002.permissionName = "ohos.permission.kernel.DISABLE_CODE_MEMORY_PROTECTION"; + PermissionStateFull permissionStateFull003 = permissionStateFull_basic; + permissionStateFull003.permissionName = "ohos.permission.kernel.ALLOW_EXECUTABLE_FORT_MEMORY"; + PermissionStateFull permissionStateFull004 = permissionStateFull_basic; + permissionStateFull004.permissionName = "ohos.permission.CAMERA"; + policyParams.permStateList = {permissionStateFull001, permissionStateFull002, + permissionStateFull003, permissionStateFull004}; + policyParams.aclExtendedMap["ohos.permission.kernel.ALLOW_WRITABLE_CODE_MEMORY"] = "123"; + policyParams.aclExtendedMap["ohos.permission.kernel.ALLOW_EXECUTABLE_FORT_MEMORY"] = "456"; + policyParams.aclExtendedMap["ohos.permission.test1"] = "test"; // filtered + policyParams.aclExtendedMap["ohos.permission.CAMERA"] = "789"; // filtered +} + AccessTokenID TestCommon::AllocTestToken( const HapInfoParams& hapInfo, const HapPolicyParams& hapPolicy) { diff --git a/interfaces/innerkits/accesstoken/test/unittest/common/test_common.h b/interfaces/innerkits/accesstoken/test/unittest/common/test_common.h index 74ab90f73..ff7328356 100644 --- a/interfaces/innerkits/accesstoken/test/unittest/common/test_common.h +++ b/interfaces/innerkits/accesstoken/test/unittest/common/test_common.h @@ -33,11 +33,15 @@ public: static void GetHapParams(HapInfoParams& infoParams, HapPolicyParams& policyParams); static void TestPreparePermStateList(HapPolicyParams &policy); static void TestPreparePermDefList(HapPolicyParams &policy); + static void TestPrepareKernelPermissionDefinition( + HapInfoParams& infoParams, HapPolicyParams& policyParams); + static void TestPrepareKernelPermissionStatus(HapPolicyParams& policyParams); static HapPolicyParams GetTestPolicyParams(); static HapInfoParams GetInfoManagerTestInfoParms(); static HapInfoParams GetInfoManagerTestNormalInfoParms(); static HapInfoParams GetInfoManagerTestSystemInfoParms(); static HapPolicyParams GetInfoManagerTestPolicyPrams(); + static AccessTokenID AllocTestToken(const HapInfoParams& hapInfo, const HapPolicyParams& hapPolicy); static void GetNativeTokenTest(); static uint64_t GetNativeToken(const char *processName, const char **perms, int32_t permNum); diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp index b737f5591..d1e069a14 100644 --- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp +++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp @@ -848,13 +848,6 @@ void AccessTokenManagerStub::GetKernelPermissionsInner(MessageParcel& data, Mess reply.WriteUint32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteUint32 failed."); return; } - - if (VerifyAccessToken(callingToken, GET_SENSITIVE_PERMISSIONS) == PERMISSION_DENIED) { - LOGE(ATM_DOMAIN, ATM_TAG, "Permission denied(tokenID=%{public}d)", callingToken); - IF_FALSE_PRINT_LOG(ATM_DOMAIN, ATM_TAG, - reply.WriteInt32(AccessTokenError::ERR_PERMISSION_DENIED), "WriteInt32 failed."); - return; - } AccessTokenID tokenID; IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, data.ReadUint32(tokenID), "ReadUint32 failed."); diff --git a/test/fuzztest/services/accesstoken/BUILD.gn b/test/fuzztest/services/accesstoken/BUILD.gn index cc53a5a6e..e474ba0c7 100644 --- a/test/fuzztest/services/accesstoken/BUILD.gn +++ b/test/fuzztest/services/accesstoken/BUILD.gn @@ -29,6 +29,7 @@ group("fuzztest") { "gethaptokeninfoextstub_fuzzer:GetHapTokenInfoExtStubFuzzTest", "gethaptokeninfofromremotestub_fuzzer:GetHapTokenInfoFromRemoteStubFuzzTest", "gethaptokeninfostub_fuzzer:GetHapTokenInfoStubFuzzTest", + "getkernelpermissionsstub_fuzzer:GetKernelPermissionsStubFuzzTest", "getnativetokenidstub_fuzzer:GetNativeTokenIdStubFuzzTest", "getnativetokeninfostub_fuzzer:GetNativeTokenInfoStubFuzzTest", "getpermissionflagstub_fuzzer:GetPermissionFlagStubFuzzTest", @@ -36,6 +37,7 @@ group("fuzztest") { "getpermissionsstatusstub_fuzzer:GetPermissionsStatusStubFuzzTest", "getpermissionusedtypestub_fuzzer:GetPermissionUsedTypeStubFuzzTest", "getremotenativetokenidstub_fuzzer:GetRemoteNativeTokenIDStubFuzzTest", + "getreqpermissionbynamestub_fuzzer:GetReqPermissionByNameStubFuzzTest", "getreqpermissionsstub_fuzzer:GetReqPermissionsStubFuzzTest", "getselfpermissionsstatestub_fuzzer:GetSelfPermissionsStateStubFuzzTest", "gettokenidbyuseridstub_fuzzer:GetTokenIDByUserIDStubFuzzTest", diff --git a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/BUILD.gn new file mode 100644 index 000000000..5a0763a72 --- /dev/null +++ b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/BUILD.gn @@ -0,0 +1,47 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../access_token_service_fuzz.gni") + +ohos_fuzztest("GetKernelPermissionsStubFuzzTest") { + module_out_path = module_output_path_service_access_token + fuzz_config_file = "." + + sources = [ "getkernelpermissionsstub_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = access_token_include_dirs + + deps = access_token_deps + + configs = [ "${access_token_path}/config:coverage_flags" ] + + external_deps = access_token_external_deps + + include_dirs += access_token_impl_include_dirs + + cflags_cc = access_token_cflags_cc + + sources += access_token_sources + + sources += access_token_impl_sources +} diff --git a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/corpus/init new file mode 100644 index 000000000..e7c3fecd8 --- /dev/null +++ b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.cpp new file mode 100644 index 000000000..5d18288f5 --- /dev/null +++ b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.cpp @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "getkernelpermissionsstub_fuzzer.h" + +#include +#include +#include +#undef private +#include "accesstoken_fuzzdata.h" +#include "accesstoken_manager_service.h" +#include "i_accesstoken_manager.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; + +namespace OHOS { + bool GetKernelPermissionsStubFuzzTestFuzzTest(const uint8_t* data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + + AccessTokenFuzzData fuzzData(data, size); + AccessTokenID tokenId = fuzzData.GetData(); + + MessageParcel datas; + datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + if (!datas.WriteUint32(tokenId)) { + return false; + } + + uint32_t code = static_cast(AccessTokenInterfaceCode::GET_KERNEL_PERMISSIONS); + + MessageParcel reply; + MessageOption option; + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + + return true; + } +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::GetKernelPermissionsStubFuzzTestFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.h b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.h new file mode 100644 index 000000000..4891253ee --- /dev/null +++ b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/getkernelpermissionsstub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_GETKERNELPERMISSIONSTUB_FUZZER_H +#define TEST_FUZZTEST_GETKERNELPERMISSIONSTUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "getkernelpermissionsstub_fuzzer.h" + +#endif // TEST_FUZZTEST_GETKERNELPERMISSIONSTUB_FUZZER_H diff --git a/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/project.xml new file mode 100644 index 000000000..7133b2b92 --- /dev/null +++ b/test/fuzztest/services/accesstoken/getkernelpermissionsstub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/BUILD.gn new file mode 100644 index 000000000..f2de773f0 --- /dev/null +++ b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/BUILD.gn @@ -0,0 +1,47 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../access_token_service_fuzz.gni") + +ohos_fuzztest("GetReqPermissionByNameStubFuzzTest") { + module_out_path = module_output_path_service_access_token + fuzz_config_file = "." + + sources = [ "getreqpermissionbynamestub_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = access_token_include_dirs + + deps = access_token_deps + + configs = [ "${access_token_path}/config:coverage_flags" ] + + external_deps = access_token_external_deps + + include_dirs += access_token_impl_include_dirs + + cflags_cc = access_token_cflags_cc + + sources += access_token_sources + + sources += access_token_impl_sources +} diff --git a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/corpus/init new file mode 100644 index 000000000..e7c3fecd8 --- /dev/null +++ b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2024 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.cpp new file mode 100644 index 000000000..d9f021801 --- /dev/null +++ b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.cpp @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "getreqpermissionbynamestub_fuzzer.h" + +#include +#include +#include +#undef private +#include "accesstoken_fuzzdata.h" +#include "accesstoken_manager_service.h" +#include "i_accesstoken_manager.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; + +namespace OHOS { + bool GetKernelPermissionsStubFuzzTestFuzzTest(const uint8_t* data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + + AccessTokenFuzzData fuzzData(data, size); + AccessTokenID tokenId = fuzzData.GetData(); + std::string permissionName = fuzzData.GenerateStochasticString(); + MessageParcel datas; + datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + if (!datas.WriteUint32(tokenId) || !datas.WriteString(permissionName)) { + return false; + } + + uint32_t code = static_cast(AccessTokenInterfaceCode::GET_PERMISSION_BY_NAME); + + MessageParcel reply; + MessageOption option; + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + + return true; + } +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::GetKernelPermissionsStubFuzzTestFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.h b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.h new file mode 100644 index 000000000..2463e7b0b --- /dev/null +++ b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/getreqpermissionbynamestub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_GETREQPERMISSIONBYNAMESTUB_FUZZER_H +#define TEST_FUZZTEST_GETREQPERMISSIONBYNAMESTUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "getreqpermissionbynamestub_fuzzer" + +#endif // TEST_FUZZTEST_GETREQPERMISSIONBYNAMESTUB_FUZZER_H diff --git a/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/project.xml new file mode 100644 index 000000000..7133b2b92 --- /dev/null +++ b/test/fuzztest/services/accesstoken/getreqpermissionbynamestub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + -- Gitee