diff --git a/test/fuzztest/normalize_service/accesstoken/BUILD.gn b/test/fuzztest/normalize_service/accesstoken/BUILD.gn index 041dda304d339bf621bdba22a3e68396dc1f9f89..cccd4e850e99e3c8ed28f953792aab41ecb3bd13 100644 --- a/test/fuzztest/normalize_service/accesstoken/BUILD.gn +++ b/test/fuzztest/normalize_service/accesstoken/BUILD.gn @@ -16,6 +16,10 @@ group("fuzztest") { deps = [ "allochaptokenservice_fuzzer:AllocHapTokenServiceFuzzTest", + "gethaptokenidservice_fuzzer:GetHapTokenIDServiceFuzzTest", + "gethaptokeninfoservice_fuzzer:GetHapTokenInfoServiceFuzzTest", + "getnativetokenidservice_fuzzer:GetNativeTokenIdServiceFuzzTest", + "getnativetokeninfoservice_fuzzer:GetNativeTokenInfoServiceFuzzTest", "getpermissionflagservice_fuzzer:GetPermissionFlagServiceFuzzTest", "grantpermissionservice_fuzzer:GrantPermissionServiceFuzzTest", "inithaptokenservice_fuzzer:InitHapTokenServiceFuzzTest", diff --git a/test/fuzztest/normalize_service/accesstoken/gethaptokenidservice_fuzzer/BUILD.gn b/test/fuzztest/normalize_service/accesstoken/gethaptokenidservice_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..86581597252b1889a30400112d58f5015f44222d --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/gethaptokenidservice_fuzzer/BUILD.gn @@ -0,0 +1,50 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../access_token_service_fuzz.gni") + +ohos_fuzztest("GetHapTokenIDServiceFuzzTest") { + module_out_path = module_output_path_service_access_token + fuzz_config_file = "." + + sources = [ "gethaptokenidservice_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = access_token_include_dirs + + deps = access_token_deps + + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] + + external_deps = access_token_external_deps + + include_dirs += access_token_impl_include_dirs + + cflags_cc = access_token_cflags_cc + + sources += access_token_sources + + sources += access_token_impl_sources +} diff --git a/test/fuzztest/normalize_service/accesstoken/gethaptokenidservice_fuzzer/corpus/init b/test/fuzztest/normalize_service/accesstoken/gethaptokenidservice_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..26cdf7c64f9ab77b47b3703faa9fc59c0e66a5e2 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/gethaptokenidservice_fuzzer/corpus/init @@ -0,0 +1 @@ +0x6f0x680x6f0x730x2e0x670x6c0x6f0x620x610x6c0x2e0x730x790x730x740x650x6d0x720x650x735c0000000000 \ No newline at end of file diff --git a/test/fuzztest/normalize_service/accesstoken/gethaptokenidservice_fuzzer/gethaptokenidservice_fuzzer.cpp b/test/fuzztest/normalize_service/accesstoken/gethaptokenidservice_fuzzer/gethaptokenidservice_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..cf4ae391d8437f330de19e22431ea1e111216e8e --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/gethaptokenidservice_fuzzer/gethaptokenidservice_fuzzer.cpp @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "gethaptokenidservice_fuzzer.h" + +#include +#include +#include +#include +#include +#include "accesstoken_fuzzdata.h" +#undef private +#include "accesstoken_manager_service.h" +#include "iaccess_token_manager.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; +const int CONSTANTS_NUMBER_TEN = 10; +static const int32_t ROOT_UID = 0; + +namespace OHOS { + bool GetHapTokenIDServiceFuzzTest(const uint8_t* data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + + AccessTokenFuzzData fuzzData(data, size); + int userID = fuzzData.GetData(); + int instIndex = static_cast(size); + std::string bundleName(fuzzData.GenerateStochasticString()); + + MessageParcel sendData; + sendData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + if (!sendData.WriteInt32(userID) || !sendData.WriteString(bundleName) || !sendData.WriteInt32(instIndex)) { + return false; + } + + uint32_t code = static_cast( + IAccessTokenManagerIpcCode::COMMAND_GET_HAP_TOKEN_I_D); + + MessageParcel reply; + MessageOption option; + bool enable = ((size % CONSTANTS_NUMBER_TEN) == 0); + if (enable) { + setuid(CONSTANTS_NUMBER_TEN); + } + DelayedSingleton::GetInstance()->OnRemoteRequest(code, sendData, reply, option); + setuid(ROOT_UID); + + return true; + } +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::GetHapTokenIDServiceFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/normalize_service/accesstoken/gethaptokenidservice_fuzzer/gethaptokenidservice_fuzzer.h b/test/fuzztest/normalize_service/accesstoken/gethaptokenidservice_fuzzer/gethaptokenidservice_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..11b3ec8ad2ceb78ea4958c0a186d1048e8f4ccb3 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/gethaptokenidservice_fuzzer/gethaptokenidservice_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_GETHAPTOKENIDSERVICE_FUZZER_H +#define TEST_FUZZTEST_GETHAPTOKENIDSERVICE_FUZZER_H + +#define FUZZ_PROJECT_NAME "gethaptokenidservice_fuzzer" + +#endif // TEST_FUZZTEST_GETHAPTOKENIDSERVICE_FUZZER_H diff --git a/test/fuzztest/normalize_service/accesstoken/gethaptokenidservice_fuzzer/project.xml b/test/fuzztest/normalize_service/accesstoken/gethaptokenidservice_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..66e1dcac475475fb101b6f8670ec699e6e9696aa --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/gethaptokenidservice_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/normalize_service/accesstoken/gethaptokeninfoservice_fuzzer/BUILD.gn b/test/fuzztest/normalize_service/accesstoken/gethaptokeninfoservice_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..ff1f41385af3b061a992cae3d0602c28ac1e09f7 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/gethaptokeninfoservice_fuzzer/BUILD.gn @@ -0,0 +1,50 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../access_token_service_fuzz.gni") + +ohos_fuzztest("GetHapTokenInfoServiceFuzzTest") { + module_out_path = module_output_path_service_access_token + fuzz_config_file = "." + + sources = [ "gethaptokeninfoservice_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = access_token_include_dirs + + deps = access_token_deps + + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] + + external_deps = access_token_external_deps + + include_dirs += access_token_impl_include_dirs + + cflags_cc = access_token_cflags_cc + + sources += access_token_sources + + sources += access_token_impl_sources +} diff --git a/test/fuzztest/normalize_service/accesstoken/gethaptokeninfoservice_fuzzer/corpus/init b/test/fuzztest/normalize_service/accesstoken/gethaptokeninfoservice_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..342d76d4a087023d6e9c98d840ccfaec5e4c0491 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/gethaptokeninfoservice_fuzzer/corpus/init @@ -0,0 +1 @@ +15460020 \ No newline at end of file diff --git a/test/fuzztest/normalize_service/accesstoken/gethaptokeninfoservice_fuzzer/gethaptokeninfoservice_fuzzer.cpp b/test/fuzztest/normalize_service/accesstoken/gethaptokeninfoservice_fuzzer/gethaptokeninfoservice_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..10c79e3a8aaa9d0332aa023db7a52c84ed77a378 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/gethaptokeninfoservice_fuzzer/gethaptokeninfoservice_fuzzer.cpp @@ -0,0 +1,73 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "gethaptokeninfoservice_fuzzer.h" + +#include +#include +#include +#include +#include +#undef private +#include "accesstoken_fuzzdata.h" +#include "accesstoken_manager_service.h" +#include "iaccess_token_manager.h" +#include "permission_def_parcel.h" + +using namespace std; +using namespace OHOS; +using namespace OHOS::Security::AccessToken; +const int CONSTANTS_NUMBER_TEN = 10; +static const int32_t ROOT_UID = 0; + +namespace OHOS { + bool GetHapTokenInfoServiceFuzzTest(const uint8_t* data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + AccessTokenFuzzData fuzzData(data, size); + AccessTokenID tokenId = fuzzData.GetData(); + + MessageParcel datas; + datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + if (!datas.WriteUint32(tokenId)) { + return false; + } + + uint32_t code = static_cast( + IAccessTokenManagerIpcCode::COMMAND_GET_HAP_TOKEN_INFO); + + MessageParcel reply; + MessageOption option; + bool enable = ((size % CONSTANTS_NUMBER_TEN) == 0); + if (enable) { + setuid(CONSTANTS_NUMBER_TEN); + } + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + setuid(ROOT_UID); + + return true; + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::GetHapTokenInfoServiceFuzzTest(data, size); + return 0; +} + diff --git a/test/fuzztest/normalize_service/accesstoken/gethaptokeninfoservice_fuzzer/gethaptokeninfoservice_fuzzer.h b/test/fuzztest/normalize_service/accesstoken/gethaptokeninfoservice_fuzzer/gethaptokeninfoservice_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..cbcaa67142c89dc91af7967a2379105b847e3364 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/gethaptokeninfoservice_fuzzer/gethaptokeninfoservice_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_GETHAPTOKENINFOSERVICE_FUZZER_H +#define TEST_FUZZTEST_GETHAPTOKENINFOSERVICE_FUZZER_H + +#define FUZZ_PROJECT_NAME "gethaptokeninfoservice_fuzzer" + +#endif // TEST_FUZZTEST_GETHAPTOKENINFOSERVICE_FUZZER_H diff --git a/test/fuzztest/normalize_service/accesstoken/gethaptokeninfoservice_fuzzer/project.xml b/test/fuzztest/normalize_service/accesstoken/gethaptokeninfoservice_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..66e1dcac475475fb101b6f8670ec699e6e9696aa --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/gethaptokeninfoservice_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/normalize_service/accesstoken/getnativetokenidservice_fuzzer/BUILD.gn b/test/fuzztest/normalize_service/accesstoken/getnativetokenidservice_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..3e53da44eda132496e3e4c7878c3bb1a2a9a0ca3 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/getnativetokenidservice_fuzzer/BUILD.gn @@ -0,0 +1,50 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../access_token_service_fuzz.gni") + +ohos_fuzztest("GetNativeTokenIdServiceFuzzTest") { + module_out_path = module_output_path_service_access_token + fuzz_config_file = "." + + sources = [ "getnativetokenidservice_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = access_token_include_dirs + + deps = access_token_deps + + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] + + external_deps = access_token_external_deps + + include_dirs += access_token_impl_include_dirs + + cflags_cc = access_token_cflags_cc + + sources += access_token_sources + + sources += access_token_impl_sources +} diff --git a/test/fuzztest/normalize_service/accesstoken/getnativetokenidservice_fuzzer/corpus/init b/test/fuzztest/normalize_service/accesstoken/getnativetokenidservice_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..65af8ee8d11bf23407ea34d4de49f7cbb6a2b791 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/getnativetokenidservice_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/normalize_service/accesstoken/getnativetokenidservice_fuzzer/getnativetokenidservice_fuzzer.cpp b/test/fuzztest/normalize_service/accesstoken/getnativetokenidservice_fuzzer/getnativetokenidservice_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..c171f5b5ba75ded63b1ac6e3732dcb084b8788dd --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/getnativetokenidservice_fuzzer/getnativetokenidservice_fuzzer.cpp @@ -0,0 +1,81 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "getnativetokenidservice_fuzzer.h" + +#include +#include +#include +#include +#include +#undef private +#include "accesstoken_fuzzdata.h" +#include "accesstoken_manager_service.h" +#include "iaccess_token_manager.h" +#include "permission_def_parcel.h" + +using namespace std; +using namespace OHOS; +using namespace OHOS::Security::AccessToken; +const int CONSTANTS_NUMBER_TEN = 10; +static const int32_t ROOT_UID = 0; +static bool REAL_DATA_FLAG = true; + +namespace OHOS { + bool GetNativeTokenIdServiceFuzzTest(const uint8_t* data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + AccessTokenFuzzData fuzzData(data, size); + std::string testName(fuzzData.GenerateStochasticString()); + if (REAL_DATA_FLAG) { + testName = "accesstoken_service"; + } + + MessageParcel datas; + datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + if (!datas.WriteString(testName)) { + return false; + } + + uint32_t code = static_cast( + IAccessTokenManagerIpcCode::COMMAND_GET_NATIVE_TOKEN_ID); + + MessageParcel reply; + MessageOption option; + bool enable = ((size % CONSTANTS_NUMBER_TEN) == 0); + if (enable) { + setuid(CONSTANTS_NUMBER_TEN); + } + if (REAL_DATA_FLAG) { + setuid(ROOT_UID); + REAL_DATA_FLAG = false; + } + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + setuid(ROOT_UID); + + return true; + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::GetNativeTokenIdServiceFuzzTest(data, size); + return 0; +} + diff --git a/test/fuzztest/normalize_service/accesstoken/getnativetokenidservice_fuzzer/getnativetokenidservice_fuzzer.h b/test/fuzztest/normalize_service/accesstoken/getnativetokenidservice_fuzzer/getnativetokenidservice_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..72076eacbaaaf85eb42b11a84e25d3f6bcb370a0 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/getnativetokenidservice_fuzzer/getnativetokenidservice_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_GETNATIVETOKENIDSERVICE_FUZZER_H +#define TEST_FUZZTEST_GETNATIVETOKENIDSERVICE_FUZZER_H + +#define FUZZ_PROJECT_NAME "getnativetokenidservice_fuzzer" + +#endif // TEST_FUZZTEST_GETNATIVETOKENIDSERVICE_FUZZER_H diff --git a/test/fuzztest/normalize_service/accesstoken/getnativetokenidservice_fuzzer/project.xml b/test/fuzztest/normalize_service/accesstoken/getnativetokenidservice_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..66e1dcac475475fb101b6f8670ec699e6e9696aa --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/getnativetokenidservice_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/normalize_service/accesstoken/getnativetokeninfoservice_fuzzer/BUILD.gn b/test/fuzztest/normalize_service/accesstoken/getnativetokeninfoservice_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..6090d21917d23d49b088194329a2d0714d761ac3 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/getnativetokeninfoservice_fuzzer/BUILD.gn @@ -0,0 +1,50 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../access_token_service_fuzz.gni") + +ohos_fuzztest("GetNativeTokenInfoServiceFuzzTest") { + module_out_path = module_output_path_service_access_token + fuzz_config_file = "." + + sources = [ "getnativetokeninfoservice_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = access_token_include_dirs + + deps = access_token_deps + + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] + + external_deps = access_token_external_deps + + include_dirs += access_token_impl_include_dirs + + cflags_cc = access_token_cflags_cc + + sources += access_token_sources + + sources += access_token_impl_sources +} diff --git a/test/fuzztest/normalize_service/accesstoken/getnativetokeninfoservice_fuzzer/corpus/init b/test/fuzztest/normalize_service/accesstoken/getnativetokeninfoservice_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..65af8ee8d11bf23407ea34d4de49f7cbb6a2b791 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/getnativetokeninfoservice_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/normalize_service/accesstoken/getnativetokeninfoservice_fuzzer/getnativetokeninfoservice_fuzzer.cpp b/test/fuzztest/normalize_service/accesstoken/getnativetokeninfoservice_fuzzer/getnativetokeninfoservice_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..fe3b247bf0a540d737ff7f0a0f7feb3dda8b1e06 --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/getnativetokeninfoservice_fuzzer/getnativetokeninfoservice_fuzzer.cpp @@ -0,0 +1,78 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "getnativetokeninfoservice_fuzzer.h" + +#include +#include +#include +#include +#include +#undef private +#include "accesstoken_fuzzdata.h" +#include "accesstoken_kit.h" +#include "accesstoken_manager_service.h" +#include "iaccess_token_manager.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; +const int CONSTANTS_NUMBER_TEN = 10; +static const int32_t ROOT_UID = 0; +static bool REAL_DATA_FLAG = true; + +namespace OHOS { + bool GetNativeTokenInfoServiceFuzzTest(const uint8_t* data, size_t size) + { + if ((data == nullptr) || (size == 0)) { + return false; + } + AccessTokenFuzzData fuzzData(data, size); + AccessTokenID tokenId = fuzzData.GetData(); + if (REAL_DATA_FLAG) { + tokenId = AccessTokenKit::GetNativeTokenId("accesstoken_service"); + } + MessageParcel inData; + inData.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + if (!inData.WriteUint32(tokenId)) { + return false; + } + + uint32_t code = static_cast( + IAccessTokenManagerIpcCode::COMMAND_GET_NATIVE_TOKEN_INFO); + + MessageParcel reply; + MessageOption option; + bool enable = ((size % CONSTANTS_NUMBER_TEN) == 0); + if (enable) { + setuid(CONSTANTS_NUMBER_TEN); + } + if (REAL_DATA_FLAG) { + setuid(ROOT_UID); + REAL_DATA_FLAG = false; + } + DelayedSingleton::GetInstance()->OnRemoteRequest(code, inData, reply, option); + setuid(ROOT_UID); + + return true; + } +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::GetNativeTokenInfoServiceFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/normalize_service/accesstoken/getnativetokeninfoservice_fuzzer/getnativetokeninfoservice_fuzzer.h b/test/fuzztest/normalize_service/accesstoken/getnativetokeninfoservice_fuzzer/getnativetokeninfoservice_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..a2cd19592038f1203bf4c517c1bfc9afad03367c --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/getnativetokeninfoservice_fuzzer/getnativetokeninfoservice_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_GETNATIVETOKENINFOSERVICE_FUZZER_H +#define TEST_FUZZTEST_GETNATIVETOKENINFOSERVICE_FUZZER_H + +#define FUZZ_PROJECT_NAME "getnativetokeninfoservice_fuzzer" + +#endif // TEST_FUZZTEST_GETNATIVETOKENINFOSERVICE_FUZZER_H diff --git a/test/fuzztest/normalize_service/accesstoken/getnativetokeninfoservice_fuzzer/project.xml b/test/fuzztest/normalize_service/accesstoken/getnativetokeninfoservice_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..66e1dcac475475fb101b6f8670ec699e6e9696aa --- /dev/null +++ b/test/fuzztest/normalize_service/accesstoken/getnativetokeninfoservice_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + +