From d85b6f971e9f28cd7c830a4298960dc2e0d08a89 Mon Sep 17 00:00:00 2001 From: wuliushuan Date: Thu, 24 Apr 2025 09:21:54 +0800 Subject: [PATCH] =?UTF-8?q?FUZZ=E6=95=B4=E6=94=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wuliushuan Change-Id: If0cf885960bc3145f188d8e9dfc29b82cd881ad9 --- BUILD.gn | 1 + .../normalize_service/accesstoken/BUILD.gn | 24 +++ .../accesstoken/access_token_service_fuzz.gni | 173 ++++++++++++++++++ .../allochaptokenservice_fuzzer/BUILD.gn | 54 ++++++ .../allochaptokenservice_fuzzer.cpp | 134 ++++++++++++++ .../allochaptokenservice_fuzzer.h | 21 +++ .../allochaptokenservice_fuzzer/corpus/init | 14 ++ .../allochaptokenservice_fuzzer/project.xml | 25 +++ .../getpermissionflagservice_fuzzer/BUILD.gn | 50 +++++ .../corpus/init | 14 ++ .../getpermissionflagservice_fuzzer.cpp | 70 +++++++ .../getpermissionflagservice_fuzzer.h | 21 +++ .../project.xml | 25 +++ .../grantpermissionservice_fuzzer/BUILD.gn | 50 +++++ .../grantpermissionservice_fuzzer/corpus/init | 14 ++ .../grantpermissionservice_fuzzer.cpp | 120 ++++++++++++ .../grantpermissionservice_fuzzer.h | 21 +++ .../grantpermissionservice_fuzzer/project.xml | 25 +++ .../inithaptokenservice_fuzzer/BUILD.gn | 54 ++++++ .../inithaptokenservice_fuzzer/corpus/init | 14 ++ .../inithaptokenservice_fuzzer.cpp | 134 ++++++++++++++ .../inithaptokenservice_fuzzer.h | 21 +++ .../inithaptokenservice_fuzzer/project.xml | 25 +++ .../revokepermissionservice_fuzzer/BUILD.gn | 50 +++++ .../corpus/init | 14 ++ .../project.xml | 25 +++ .../revokepermissionservice_fuzzer.cpp | 85 +++++++++ .../revokepermissionservice_fuzzer.h | 21 +++ 28 files changed, 1299 insertions(+) create mode 100644 test/fuzztest/normalize_service/accesstoken/BUILD.gn create mode 100644 test/fuzztest/normalize_service/accesstoken/access_token_service_fuzz.gni create mode 100644 test/fuzztest/normalize_service/accesstoken/allochaptokenservice_fuzzer/BUILD.gn create mode 100644 test/fuzztest/normalize_service/accesstoken/allochaptokenservice_fuzzer/allochaptokenservice_fuzzer.cpp create mode 100644 test/fuzztest/normalize_service/accesstoken/allochaptokenservice_fuzzer/allochaptokenservice_fuzzer.h create mode 100644 test/fuzztest/normalize_service/accesstoken/allochaptokenservice_fuzzer/corpus/init create mode 100644 test/fuzztest/normalize_service/accesstoken/allochaptokenservice_fuzzer/project.xml create mode 100644 test/fuzztest/normalize_service/accesstoken/getpermissionflagservice_fuzzer/BUILD.gn create mode 100644 test/fuzztest/normalize_service/accesstoken/getpermissionflagservice_fuzzer/corpus/init create mode 100644 test/fuzztest/normalize_service/accesstoken/getpermissionflagservice_fuzzer/getpermissionflagservice_fuzzer.cpp create mode 100644 test/fuzztest/normalize_service/accesstoken/getpermissionflagservice_fuzzer/getpermissionflagservice_fuzzer.h create mode 100644 test/fuzztest/normalize_service/accesstoken/getpermissionflagservice_fuzzer/project.xml create mode 100644 test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/BUILD.gn create mode 100644 test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/corpus/init create mode 100644 test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/grantpermissionservice_fuzzer.cpp create mode 100644 test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/grantpermissionservice_fuzzer.h create mode 100644 test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/project.xml create mode 100644 test/fuzztest/normalize_service/accesstoken/inithaptokenservice_fuzzer/BUILD.gn create mode 100644 test/fuzztest/normalize_service/accesstoken/inithaptokenservice_fuzzer/corpus/init create mode 100644 test/fuzztest/normalize_service/accesstoken/inithaptokenservice_fuzzer/inithaptokenservice_fuzzer.cpp create mode 100644 test/fuzztest/normalize_service/accesstoken/inithaptokenservice_fuzzer/inithaptokenservice_fuzzer.h create mode 100644 test/fuzztest/normalize_service/accesstoken/inithaptokenservice_fuzzer/project.xml create mode 100644 test/fuzztest/normalize_service/accesstoken/revokepermissionservice_fuzzer/BUILD.gn create mode 100644 test/fuzztest/normalize_service/accesstoken/revokepermissionservice_fuzzer/corpus/init create mode 100644 test/fuzztest/normalize_service/accesstoken/revokepermissionservice_fuzzer/project.xml create mode 100644 test/fuzztest/normalize_service/accesstoken/revokepermissionservice_fuzzer/revokepermissionservice_fuzzer.cpp create mode 100644 test/fuzztest/normalize_service/accesstoken/revokepermissionservice_fuzzer/revokepermissionservice_fuzzer.h diff --git a/BUILD.gn b/BUILD.gn index da01e9973..1e2f53fde 100644 --- a/BUILD.gn +++ b/BUILD.gn @@ -56,6 +56,7 @@ group("accesstoken_build_fuzz_test") { deps += [ "test/fuzztest/innerkits/accesstoken:fuzztest", "test/fuzztest/innerkits/privacy:fuzztest", + "test/fuzztest/normalize_service/accesstoken:fuzztest", "test/fuzztest/services/accesstoken:fuzztest", "test/fuzztest/services/privacy:fuzztest", ] diff --git a/test/fuzztest/normalize_service/accesstoken/BUILD.gn b/test/fuzztest/normalize_service/accesstoken/BUILD.gn new file mode 100644 index 000000000..041dda304 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/BUILD.gn @@ -0,0 +1,24 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +import("../../../../access_token.gni") +group("fuzztest") { + testonly = true + + deps = [ + "allochaptokenservice_fuzzer:AllocHapTokenServiceFuzzTest", + "getpermissionflagservice_fuzzer:GetPermissionFlagServiceFuzzTest", + "grantpermissionservice_fuzzer:GrantPermissionServiceFuzzTest", + "inithaptokenservice_fuzzer:InitHapTokenServiceFuzzTest", + "revokepermissionservice_fuzzer:RevokePermissionServiceFuzzTest", + ] +} diff --git a/test/fuzztest/normalize_service/accesstoken/access_token_service_fuzz.gni b/test/fuzztest/normalize_service/accesstoken/access_token_service_fuzz.gni new file mode 100644 index 000000000..408be5013 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/access_token_service_fuzz.gni @@ -0,0 +1,173 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("../../../../access_token.gni") + +access_token_include_dirs = [ + "${access_token_path}/services/accesstokenmanager/main/cpp/include", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/callback", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/service", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/form_manager", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/token", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/permission", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/database", + "${access_token_path}/services/accesstokenmanager/main/cpp/include/dfx", + "${access_token_path}/services/tokensyncmanager/include/service", + "${access_token_path}/services/tokensyncmanager/include/remote", + "${access_token_path}/services/tokensyncmanager/include/command", + "${access_token_path}/services/tokensyncmanager/include/common", + "${access_token_path}/services/tokensyncmanager/include/device", + "${access_token_path}/services/tokensyncmanager/include/protocol", + "${access_token_path}/frameworks/common/include", + "${access_token_path}/frameworks/accesstoken/include", + "${access_token_path}/interfaces/innerkits/privacy/include", + "${access_token_path}/interfaces/innerkits/tokensync/src", + "${access_token_path}/services/common/ability_manager/include", + "${access_token_path}/services/common/app_manager/include", + "${access_token_path}/services/common/json_parse/include", + "${access_token_path}/services/common/database/include", + "${access_token_path}/services/common/handler/include", + "${access_token_path}/services/common/random/include", + "${access_token_path}/services/common/utils/include", + "${access_token_path}/frameworks/tokensync/include", + "${access_token_path}/interfaces/innerkits/accesstoken/include", + "${access_token_path}/interfaces/innerkits/nativetoken/include", + "${access_token_path}/test/fuzztest/common", +] + +access_token_deps = [ + "${access_token_path}/frameworks/accesstoken:accesstoken_communication_adapter_cxx", + "${access_token_path}/frameworks/common:accesstoken_common_cxx", + "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk", + "${access_token_path}/interfaces/innerkits/accesstoken:libtokenid_sdk", + "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk", + "${access_token_path}/interfaces/innerkits/token_setproc:libperm_setproc", + "${access_token_path}/interfaces/innerkits/token_setproc:libtokensetproc_shared", + "${access_token_path}/services/accesstokenmanager:access_token.rc", + "${access_token_path}/services/accesstokenmanager/etc:param_files", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_stub", + "${access_token_path}/services/common:accesstoken_service_common", + "${access_token_path}/services/common/json_parse:accesstoken_cjson_utils", +] + +access_token_external_deps = [ + "ability_base:want", + "cJSON:cjson", + "c_utils:utils", + "device_manager:devicemanagersdk", + "dsoftbus:softbus_client", + "hilog:libhilog", + "hisysevent:libhisysevent", + "hitrace:hitrace_meter", + "init:libbegetutil", + "ipc:ipc_single", + "openssl:libcrypto_shared", + "relational_store:native_rdb", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", + "zlib:shared_libz", +] + +access_token_sources = [ + "${access_token_path}/services/accesstokenmanager/main/cpp/src/callback/accesstoken_callback_proxys.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/callback/callback_death_recipients.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/callback/callback_manager.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/access_token_db_util.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/access_token_open_callback.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/data_translator.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/database/token_field_const.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_instance.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_access_client.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_access_proxy.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_manager_death_recipient.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/form_manager/form_status_change_callback.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_grant_event.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/seccomp/sec_comp_monitor.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_id_manager.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp", +] + +token_sync_sources = [ + "${access_token_path}/services/common/random/src/random_openssl.cpp", + "${access_token_path}/services/tokensyncmanager/src/command/base_remote_command.cpp", + "${access_token_path}/services/tokensyncmanager/src/command/delete_remote_token_command.cpp", + "${access_token_path}/services/tokensyncmanager/src/command/sync_remote_hap_token_command.cpp", + "${access_token_path}/services/tokensyncmanager/src/command/update_remote_hap_token_command.cpp", + "${access_token_path}/services/tokensyncmanager/src/common/constant.cpp", + "${access_token_path}/services/tokensyncmanager/src/device/device_info_manager.cpp", + "${access_token_path}/services/tokensyncmanager/src/device/device_info_repository.cpp", + "${access_token_path}/services/tokensyncmanager/src/remote/remote_command_executor.cpp", + "${access_token_path}/services/tokensyncmanager/src/remote/remote_command_factory.cpp", + "${access_token_path}/services/tokensyncmanager/src/remote/remote_command_manager.cpp", + "${access_token_path}/services/tokensyncmanager/src/remote/soft_bus_channel.cpp", + "${access_token_path}/services/tokensyncmanager/src/remote/soft_bus_device_connection_listener.cpp", + "${access_token_path}/services/tokensyncmanager/src/remote/soft_bus_manager.cpp", + "${access_token_path}/services/tokensyncmanager/src/remote/soft_bus_socket_listener.cpp", + "${access_token_path}/services/tokensyncmanager/src/service/token_sync_manager_service.cpp", + "${access_token_path}/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp", +] + +access_token_cflags_cc = [ "-DHILOG_ENABLE" ] + +if (dlp_permission_enable == true) { + access_token_cflags_cc += [ "-DSUPPORT_SANDBOX_APP" ] + access_token_sources += [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/permission/dlp_permission_set_manager.cpp" ] +} + +if (hicollie_enable == true) { + access_token_external_deps += [ "hicollie:libhicollie" ] + access_token_cflags_cc += [ "-DHICOLLIE_ENABLE" ] +} + +if (token_sync_enable == true) { + access_token_cflags_cc += [ + "-DTOKEN_SYNC_ENABLE", + "-DFUZZ_ENABLE", + ] + access_token_sources += [ + "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/accesstoken_remote_token_manager.cpp", + "${access_token_path}/services/accesstokenmanager/main/cpp/src/token/token_modify_notifier.cpp", + "${access_token_path}/services/common/libraryloader/src/libraryloader.cpp", + ] + access_token_include_dirs += [ + "${access_token_path}/interfaces/innerkits/tokensync/include", + "${access_token_path}/services/common/libraryloader/include", + ] +} + +if (access_token_background_task_mgr_continuous_task_enable == true) { + access_token_include_dirs += + [ "${access_token_path}/services/common/background_task_manager/include" ] + access_token_sources += [ + "${access_token_path}/services/common/background_task_manager/src/background_task_manager_access_client.cpp", + "${access_token_path}/services/common/background_task_manager/src/background_task_manager_access_proxy.cpp", + "${access_token_path}/services/common/background_task_manager/src/background_task_manager_death_recipient.cpp", + "${access_token_path}/services/common/background_task_manager/src/continuous_task_callback_info.cpp", + "${access_token_path}/services/common/background_task_manager/src/continuous_task_change_callback.cpp", + ] +} + +if (eventhandler_enable == true) { + access_token_cflags_cc += [ "-DEVENTHANDLER_ENABLE" ] + access_token_external_deps += [ "eventhandler:libeventhandler" ] +} diff --git a/test/fuzztest/normalize_service/accesstoken/allochaptokenservice_fuzzer/BUILD.gn b/test/fuzztest/normalize_service/accesstoken/allochaptokenservice_fuzzer/BUILD.gn new file mode 100644 index 000000000..7d814ffad --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/allochaptokenservice_fuzzer/BUILD.gn @@ -0,0 +1,54 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../access_token_service_fuzz.gni") + +ohos_fuzztest("AllocHapTokenServiceFuzzTest") { + module_out_path = module_output_path_service_access_token + fuzz_config_file = "." + + sources = [ "allochaptokenservice_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = access_token_include_dirs + + deps = access_token_deps + + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] + + external_deps = access_token_external_deps + + include_dirs += access_token_impl_include_dirs + + cflags_cc = access_token_cflags_cc + + sources += access_token_sources + + sources += access_token_impl_sources + + if (eventhandler_enable == true) { + sources += [ "${access_token_path}/services/common/handler/src/access_event_handler.cpp" ] + } +} diff --git a/test/fuzztest/normalize_service/accesstoken/allochaptokenservice_fuzzer/allochaptokenservice_fuzzer.cpp b/test/fuzztest/normalize_service/accesstoken/allochaptokenservice_fuzzer/allochaptokenservice_fuzzer.cpp new file mode 100644 index 000000000..c8db10bba --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/allochaptokenservice_fuzzer/allochaptokenservice_fuzzer.cpp @@ -0,0 +1,134 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "allochaptokenservice_fuzzer.h" +#include +#include +#include +#include +#include +#include +#include "accesstoken_fuzzdata.h" +#undef private +#include "accesstoken_manager_service.h" +#include "hap_info_parcel.h" +#include "iaccess_token_manager.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; +const int CONSTANTS_NUMBER_TEN = 10; +static const int32_t ROOT_UID = 0; +static const vector STATU_LIST = { + PERMISSION_GRANTED, + PERMISSION_DENIED +}; +static const vector FLAG_LIST = { + static_cast(0), + static_cast(2), + static_cast(4) +}; +static const uint32_t FLAG_LIST_SIZE = 3; +static const uint32_t STATU_LIST_SIZE = 2; + +static const vector APL_LIST = { + APL_NORMAL, + APL_SYSTEM_BASIC, + APL_SYSTEM_CORE, +}; +static const uint32_t APL_LIST_SIZE = 3; + +namespace OHOS { +void ConstructorParam(AccessTokenFuzzData& fuzzData, HapInfoParcel& hapInfoParcel, HapPolicyParcel& hapPolicyParcel) +{ + std::string permissionName = fuzzData.GenerateStochasticString(); + std::string bundleName = fuzzData.GenerateStochasticString(); + + uint32_t flagIndex = fuzzData.GetData() % FLAG_LIST_SIZE; + uint32_t statusIndex = 1; + if (flagIndex != 0) { + statusIndex = fuzzData.GetData() % STATU_LIST_SIZE; + } + PermissionStatus testState = { + .permissionName = permissionName, + .grantStatus = STATU_LIST[statusIndex], + .grantFlag = FLAG_LIST[flagIndex], + }; + HapInfoParams testInfoParms = { + .userID = fuzzData.GetData(), + .bundleName = bundleName, + .instIndex = 0, + .appIDDesc = fuzzData.GenerateStochasticString() + }; + PreAuthorizationInfo info1 = { + .permissionName = permissionName, + .userCancelable = fuzzData.GenerateStochasticBool() + }; + + uint32_t aplIndex = fuzzData.GetData() % APL_LIST_SIZE; + HapPolicy testPolicy = { + .apl = APL_LIST[aplIndex], + .domain = fuzzData.GenerateStochasticString(), + .permStateList = {testState}, + .aclRequestedList = {permissionName}, + .preAuthorizationInfo = {info1} + }; + + hapInfoParcel.hapInfoParameter = testInfoParms; + hapPolicyParcel.hapPolicy = testPolicy; +} + +bool AllocHapTokenServiceFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return false; + } + + AccessTokenFuzzData fuzzData(data, size); + HapInfoParcel hapInfoParcel; + HapPolicyParcel hapPolicyParcel; + ConstructorParam(fuzzData, hapInfoParcel, hapPolicyParcel); + + MessageParcel datas; + datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + if (!datas.WriteParcelable(&hapInfoParcel)) { + return false; + } + if (!datas.WriteParcelable(&hapPolicyParcel)) { + return false; + } + + uint32_t code = static_cast( + IAccessTokenManagerIpcCode::COMMAND_ALLOC_HAP_TOKEN); + + MessageParcel reply; + MessageOption option; + bool enable = ((size % CONSTANTS_NUMBER_TEN) == 0); + if (enable) { + setuid(CONSTANTS_NUMBER_TEN); + } + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + setuid(ROOT_UID); + + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::AllocHapTokenServiceFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/normalize_service/accesstoken/allochaptokenservice_fuzzer/allochaptokenservice_fuzzer.h b/test/fuzztest/normalize_service/accesstoken/allochaptokenservice_fuzzer/allochaptokenservice_fuzzer.h new file mode 100644 index 000000000..a3f9d67b7 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/allochaptokenservice_fuzzer/allochaptokenservice_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_ALLOCHAPTOKENSERVICE_FUZZER_H +#define TEST_FUZZTEST_ALLOCHAPTOKENSERVICE_FUZZER_H + +#define FUZZ_PROJECT_NAME "allochaptokenservice_fuzzer" + +#endif // TEST_FUZZTEST_ALLOCHAPTOKENSERVICE_FUZZER_H diff --git a/test/fuzztest/normalize_service/accesstoken/allochaptokenservice_fuzzer/corpus/init b/test/fuzztest/normalize_service/accesstoken/allochaptokenservice_fuzzer/corpus/init new file mode 100644 index 000000000..65af8ee8d --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/allochaptokenservice_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/normalize_service/accesstoken/allochaptokenservice_fuzzer/project.xml b/test/fuzztest/normalize_service/accesstoken/allochaptokenservice_fuzzer/project.xml new file mode 100644 index 000000000..66e1dcac4 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/allochaptokenservice_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/normalize_service/accesstoken/getpermissionflagservice_fuzzer/BUILD.gn b/test/fuzztest/normalize_service/accesstoken/getpermissionflagservice_fuzzer/BUILD.gn new file mode 100644 index 000000000..bf05ac159 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/getpermissionflagservice_fuzzer/BUILD.gn @@ -0,0 +1,50 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../access_token_service_fuzz.gni") + +ohos_fuzztest("GetPermissionFlagServiceFuzzTest") { + module_out_path = module_output_path_service_access_token + fuzz_config_file = "." + + sources = [ "getpermissionflagservice_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = access_token_include_dirs + + deps = access_token_deps + + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] + + external_deps = access_token_external_deps + + include_dirs += access_token_impl_include_dirs + + cflags_cc = access_token_cflags_cc + + sources += access_token_sources + + sources += access_token_impl_sources +} diff --git a/test/fuzztest/normalize_service/accesstoken/getpermissionflagservice_fuzzer/corpus/init b/test/fuzztest/normalize_service/accesstoken/getpermissionflagservice_fuzzer/corpus/init new file mode 100644 index 000000000..65af8ee8d --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/getpermissionflagservice_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/normalize_service/accesstoken/getpermissionflagservice_fuzzer/getpermissionflagservice_fuzzer.cpp b/test/fuzztest/normalize_service/accesstoken/getpermissionflagservice_fuzzer/getpermissionflagservice_fuzzer.cpp new file mode 100644 index 000000000..cfe7bdcf4 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/getpermissionflagservice_fuzzer/getpermissionflagservice_fuzzer.cpp @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "getpermissionflagservice_fuzzer.h" + +#include +#include +#include +#include +#include +#undef private +#include "accesstoken_fuzzdata.h" +#include "accesstoken_manager_service.h" +#include "iaccess_token_manager.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; +const int CONSTANTS_NUMBER_TEN = 10; +static const int32_t ROOT_UID = 0; + +namespace OHOS { + bool GetPermissionFlagServiceFuzzTest(const uint8_t* data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + AccessTokenFuzzData fuzzData(data, size); + AccessTokenID tokenId = fuzzData.GetData(); + std::string testName(fuzzData.GenerateStochasticString()); + MessageParcel sendData; + sendData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + if (!sendData.WriteUint32(tokenId) || !sendData.WriteString(testName)) { + return false; + } + + uint32_t code = static_cast( + IAccessTokenManagerIpcCode::COMMAND_GET_PERMISSION_FLAG); + + MessageParcel reply; + MessageOption option; + bool enable = ((size % CONSTANTS_NUMBER_TEN) == 0); + if (enable) { + setuid(CONSTANTS_NUMBER_TEN); + } + DelayedSingleton::GetInstance()->OnRemoteRequest(code, sendData, reply, option); + setuid(ROOT_UID); + + return true; + } +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::GetPermissionFlagServiceFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/normalize_service/accesstoken/getpermissionflagservice_fuzzer/getpermissionflagservice_fuzzer.h b/test/fuzztest/normalize_service/accesstoken/getpermissionflagservice_fuzzer/getpermissionflagservice_fuzzer.h new file mode 100644 index 000000000..11f5d0bd3 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/getpermissionflagservice_fuzzer/getpermissionflagservice_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_GETPERMISSIONFLAGSERVICE_FUZZER_H +#define TEST_FUZZTEST_GETPERMISSIONFLAGSERVICE_FUZZER_H + +#define FUZZ_PROJECT_NAME "getpermissionflagservice_fuzzer" + +#endif // TEST_FUZZTEST_GETPERMISSIONFLAGSERVICE_FUZZER_H diff --git a/test/fuzztest/normalize_service/accesstoken/getpermissionflagservice_fuzzer/project.xml b/test/fuzztest/normalize_service/accesstoken/getpermissionflagservice_fuzzer/project.xml new file mode 100644 index 000000000..66e1dcac4 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/getpermissionflagservice_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/BUILD.gn b/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/BUILD.gn new file mode 100644 index 000000000..2801fb100 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/BUILD.gn @@ -0,0 +1,50 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../access_token_service_fuzz.gni") + +ohos_fuzztest("GrantPermissionServiceFuzzTest") { + module_out_path = module_output_path_service_access_token + fuzz_config_file = "." + + sources = [ "grantpermissionservice_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = access_token_include_dirs + + deps = access_token_deps + + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] + + external_deps = access_token_external_deps + + include_dirs += access_token_impl_include_dirs + + cflags_cc = access_token_cflags_cc + + sources += access_token_sources + + sources += access_token_impl_sources +} diff --git a/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/corpus/init b/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/corpus/init new file mode 100644 index 000000000..65af8ee8d --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/grantpermissionservice_fuzzer.cpp b/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/grantpermissionservice_fuzzer.cpp new file mode 100644 index 000000000..37dc53095 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/grantpermissionservice_fuzzer.cpp @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "grantpermissionservice_fuzzer.h" + +#include +#include +#include +#include +#include +#undef private +#include "access_token.h" +#include "accesstoken_fuzzdata.h" +#include "accesstoken_info_manager.h" +#include "accesstoken_kit.h" +#include "accesstoken_manager_service.h" +#include "iaccess_token_manager.h" +#include "token_setproc.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; +static HapInfoParams g_InfoParms = { + .userID = 1, + .bundleName = "GrantPermissionServiceFuzzTest", + .instIndex = 0, + .appIDDesc = "test.bundle", + .isSystemApp = false +}; +static HapPolicyParams g_PolicyPrams = { + .apl = APL_NORMAL, + .domain = "test.domain", + .permList = {}, + .permStateList = {} +}; +const int CONSTANTS_NUMBER_FIVE = 5; +const int CONSTANTS_NUMBER_TEN = 10; +static const int32_t ROOT_UID = 0; +static const vector FLAG_LIST = { + PERMISSION_DEFAULT_FLAG, + PERMISSION_USER_SET, + PERMISSION_USER_FIXED, + PERMISSION_SYSTEM_FIXED, + PERMISSION_GRANTED_BY_POLICY, + PERMISSION_COMPONENT_SET, + PERMISSION_POLICY_FIXED, + PERMISSION_ALLOW_THIS_TIME +}; +static const uint32_t FLAG_LIST_SIZE = 8; + +namespace OHOS { +bool GrantPermissionServiceFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return false; + } + AccessTokenFuzzData fuzzData(data, size); + AccessTokenID tokenId = fuzzData.GetData(); + std::string testName(fuzzData.GenerateStochasticString()); + MessageParcel datas; + datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + + uint32_t flagIndex = fuzzData.GetData() % FLAG_LIST_SIZE; + PermissionFlag flag = FLAG_LIST[flagIndex]; + if (!datas.WriteUint32(tokenId) || !datas.WriteString(testName) || + !datas.WriteInt32(flag)) { + return false; + } + + uint32_t code = static_cast( + IAccessTokenManagerIpcCode::COMMAND_GRANT_PERMISSION); + + MessageParcel reply; + MessageOption option; + AccessTokenID tokenIdHap; + bool enable2 = ((fuzzData.GetData() % CONSTANTS_NUMBER_TEN) > 0); + if (enable2) { + AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_InfoParms, g_PolicyPrams); + tokenIdHap = tokenIdEx.tokenIDEx; + SetSelfTokenID(tokenIdHap); + uint32_t hapSize = 0; + uint32_t nativeSize = 0; + uint32_t pefDefSize = 0; + uint32_t dlpSize = 0; + AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize); + } + bool enable = ((fuzzData.GetData() % CONSTANTS_NUMBER_FIVE) == 0); + if (enable) { + setuid(CONSTANTS_NUMBER_FIVE); + } + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + setuid(ROOT_UID); + if (enable2) { + AccessTokenKit::DeleteToken(tokenIdHap); + AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd"); + SetSelfTokenID(hdcd); + } + + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::GrantPermissionServiceFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/grantpermissionservice_fuzzer.h b/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/grantpermissionservice_fuzzer.h new file mode 100644 index 000000000..1e57b8f54 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/grantpermissionservice_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_GRANTPERMISSIONSERVICE_FUZZER_H +#define TEST_FUZZTEST_GRANTPERMISSIONSERVICE_FUZZER_H + +#define FUZZ_PROJECT_NAME "grantpermissionservice_fuzzer" + +#endif // TEST_FUZZTEST_GRANTPERMISSIONSERVICE_FUZZER_H diff --git a/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/project.xml b/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/project.xml new file mode 100644 index 000000000..66e1dcac4 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/grantpermissionservice_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/normalize_service/accesstoken/inithaptokenservice_fuzzer/BUILD.gn b/test/fuzztest/normalize_service/accesstoken/inithaptokenservice_fuzzer/BUILD.gn new file mode 100644 index 000000000..5077bb31c --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/inithaptokenservice_fuzzer/BUILD.gn @@ -0,0 +1,54 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../access_token_service_fuzz.gni") + +ohos_fuzztest("InitHapTokenServiceFuzzTest") { + module_out_path = module_output_path_service_access_token + fuzz_config_file = "." + + sources = [ "inithaptokenservice_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = access_token_include_dirs + + deps = access_token_deps + + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] + + external_deps = access_token_external_deps + + include_dirs += access_token_impl_include_dirs + + cflags_cc = access_token_cflags_cc + + sources += access_token_sources + + sources += access_token_impl_sources + + if (eventhandler_enable == true) { + sources += [ "${access_token_path}/services/common/handler/src/access_event_handler.cpp" ] + } +} diff --git a/test/fuzztest/normalize_service/accesstoken/inithaptokenservice_fuzzer/corpus/init b/test/fuzztest/normalize_service/accesstoken/inithaptokenservice_fuzzer/corpus/init new file mode 100644 index 000000000..65af8ee8d --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/inithaptokenservice_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/normalize_service/accesstoken/inithaptokenservice_fuzzer/inithaptokenservice_fuzzer.cpp b/test/fuzztest/normalize_service/accesstoken/inithaptokenservice_fuzzer/inithaptokenservice_fuzzer.cpp new file mode 100644 index 000000000..eb3dd7259 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/inithaptokenservice_fuzzer/inithaptokenservice_fuzzer.cpp @@ -0,0 +1,134 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "inithaptokenservice_fuzzer.h" +#include +#include +#include +#include +#include +#include +#include "accesstoken_fuzzdata.h" +#undef private +#include "accesstoken_manager_service.h" +#include "hap_info_parcel.h" +#include "iaccess_token_manager.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; +const int CONSTANTS_NUMBER_TEN = 10; +static const int32_t ROOT_UID = 0; +static const vector STATU_LIST = { + PERMISSION_GRANTED, + PERMISSION_DENIED +}; +static const vector FLAG_LIST = { + static_cast(0), + static_cast(2), + static_cast(4) +}; +static const uint32_t FLAG_LIST_SIZE = 3; +static const uint32_t STATU_LIST_SIZE = 2; + +static const vector APL_LIST = { + APL_NORMAL, + APL_SYSTEM_BASIC, + APL_SYSTEM_CORE, +}; +static const uint32_t APL_LIST_SIZE = 3; + +namespace OHOS { +void ConstructorParam(AccessTokenFuzzData& fuzzData, HapInfoParcel& hapInfoParcel, HapPolicyParcel& hapPolicyParcel) +{ + std::string permissionName = fuzzData.GenerateStochasticString(); + std::string bundleName = fuzzData.GenerateStochasticString(); + + uint32_t flagIndex = fuzzData.GetData() % FLAG_LIST_SIZE; + uint32_t statusIndex = 1; + if (flagIndex != 0) { + statusIndex = fuzzData.GetData() % STATU_LIST_SIZE; + } + PermissionStatus testState = { + .permissionName = permissionName, + .grantStatus = STATU_LIST[statusIndex], + .grantFlag = FLAG_LIST[flagIndex], + }; + HapInfoParams testInfoParms = { + .userID = fuzzData.GetData(), + .bundleName = bundleName, + .instIndex = 0, + .appIDDesc = fuzzData.GenerateStochasticString() + }; + PreAuthorizationInfo info1 = { + .permissionName = permissionName, + .userCancelable = fuzzData.GenerateStochasticBool() + }; + + uint32_t aplIndex = fuzzData.GetData() % APL_LIST_SIZE; + HapPolicy testPolicy = { + .apl = APL_LIST[aplIndex], + .domain = fuzzData.GenerateStochasticString(), + .permStateList = {testState}, + .aclRequestedList = {permissionName}, + .preAuthorizationInfo = {info1} + }; + + hapInfoParcel.hapInfoParameter = testInfoParms; + hapPolicyParcel.hapPolicy = testPolicy; +} + +bool InitHapTokenServiceFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return false; + } + + AccessTokenFuzzData fuzzData(data, size); + HapInfoParcel hapInfoParcel; + HapPolicyParcel hapPolicyParcel; + ConstructorParam(fuzzData, hapInfoParcel, hapPolicyParcel); + + MessageParcel datas; + datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + if (!datas.WriteParcelable(&hapInfoParcel)) { + return false; + } + if (!datas.WriteParcelable(&hapPolicyParcel)) { + return false; + } + + uint32_t code = static_cast( + IAccessTokenManagerIpcCode::COMMAND_INIT_HAP_TOKEN); + + MessageParcel reply; + MessageOption option; + bool enable = ((size % CONSTANTS_NUMBER_TEN) == 0); + if (enable) { + setuid(CONSTANTS_NUMBER_TEN); + } + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + setuid(ROOT_UID); + + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::InitHapTokenServiceFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/normalize_service/accesstoken/inithaptokenservice_fuzzer/inithaptokenservice_fuzzer.h b/test/fuzztest/normalize_service/accesstoken/inithaptokenservice_fuzzer/inithaptokenservice_fuzzer.h new file mode 100644 index 000000000..947949169 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/inithaptokenservice_fuzzer/inithaptokenservice_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_INITHAPTOKENSERVICE_FUZZER_H +#define TEST_FUZZTEST_INITHAPTOKENSERVICE_FUZZER_H + +#define FUZZ_PROJECT_NAME "inithaptokenservice_fuzzer" + +#endif // TEST_FUZZTEST_INITHAPTOKENSERVICE_FUZZER_H diff --git a/test/fuzztest/normalize_service/accesstoken/inithaptokenservice_fuzzer/project.xml b/test/fuzztest/normalize_service/accesstoken/inithaptokenservice_fuzzer/project.xml new file mode 100644 index 000000000..66e1dcac4 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/inithaptokenservice_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/normalize_service/accesstoken/revokepermissionservice_fuzzer/BUILD.gn b/test/fuzztest/normalize_service/accesstoken/revokepermissionservice_fuzzer/BUILD.gn new file mode 100644 index 000000000..40953c7a8 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/revokepermissionservice_fuzzer/BUILD.gn @@ -0,0 +1,50 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../access_token_service_fuzz.gni") + +ohos_fuzztest("RevokePermissionServiceFuzzTest") { + module_out_path = module_output_path_service_access_token + fuzz_config_file = "." + + sources = [ "revokepermissionservice_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = access_token_include_dirs + + deps = access_token_deps + + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] + + external_deps = access_token_external_deps + + include_dirs += access_token_impl_include_dirs + + cflags_cc = access_token_cflags_cc + + sources += access_token_sources + + sources += access_token_impl_sources +} diff --git a/test/fuzztest/normalize_service/accesstoken/revokepermissionservice_fuzzer/corpus/init b/test/fuzztest/normalize_service/accesstoken/revokepermissionservice_fuzzer/corpus/init new file mode 100644 index 000000000..65af8ee8d --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/revokepermissionservice_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/normalize_service/accesstoken/revokepermissionservice_fuzzer/project.xml b/test/fuzztest/normalize_service/accesstoken/revokepermissionservice_fuzzer/project.xml new file mode 100644 index 000000000..66e1dcac4 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/revokepermissionservice_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/normalize_service/accesstoken/revokepermissionservice_fuzzer/revokepermissionservice_fuzzer.cpp b/test/fuzztest/normalize_service/accesstoken/revokepermissionservice_fuzzer/revokepermissionservice_fuzzer.cpp new file mode 100644 index 000000000..775e08ab6 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/revokepermissionservice_fuzzer/revokepermissionservice_fuzzer.cpp @@ -0,0 +1,85 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "revokepermissionservice_fuzzer.h" + +#include +#include +#include +#include +#include +#undef private +#include "accesstoken_fuzzdata.h" +#include "accesstoken_manager_service.h" +#include "iaccess_token_manager.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; +const int CONSTANTS_NUMBER_TEN = 10; +static const int32_t ROOT_UID = 0; +static const vector FLAG_LIST = { + PERMISSION_DEFAULT_FLAG, + PERMISSION_USER_SET, + PERMISSION_USER_FIXED, + PERMISSION_SYSTEM_FIXED, + PERMISSION_GRANTED_BY_POLICY, + PERMISSION_COMPONENT_SET, + PERMISSION_POLICY_FIXED, + PERMISSION_ALLOW_THIS_TIME +}; +static const uint32_t FLAG_LIST_SIZE = 8; + +namespace OHOS { + bool RevokePermissionServiceFuzzTest(const uint8_t* data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + + AccessTokenFuzzData fuzzData(data, size); + AccessTokenID tokenId = fuzzData.GetData(); + std::string testName(fuzzData.GenerateStochasticString()); + + MessageParcel datas; + datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + uint32_t flagIndex = fuzzData.GetData() % FLAG_LIST_SIZE; + PermissionFlag flag = FLAG_LIST[flagIndex]; + if (!datas.WriteUint32(tokenId) || !datas.WriteString(testName) || + !datas.WriteInt32(flag)) { + return false; + } + uint32_t code = static_cast( + IAccessTokenManagerIpcCode::COMMAND_REVOKE_PERMISSION); + + MessageParcel reply; + MessageOption option; + bool enable = ((size % CONSTANTS_NUMBER_TEN) == 0); + if (enable) { + setuid(CONSTANTS_NUMBER_TEN); + } + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + setuid(ROOT_UID); + + return true; + } +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::RevokePermissionServiceFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/normalize_service/accesstoken/revokepermissionservice_fuzzer/revokepermissionservice_fuzzer.h b/test/fuzztest/normalize_service/accesstoken/revokepermissionservice_fuzzer/revokepermissionservice_fuzzer.h new file mode 100644 index 000000000..da3a969e1 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/revokepermissionservice_fuzzer/revokepermissionservice_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_REVOKEPERMISSIONSERVICE_FUZZER_H +#define TEST_FUZZTEST_REVOKEPERMISSIONSERVICE_FUZZER_H + +#define FUZZ_PROJECT_NAME "revokepermissionservice_fuzzer" + +#endif // TEST_FUZZTEST_REVOKEPERMISSIONSERVICE_FUZZER_H -- Gitee