From dcbde069affa979971da8f2f9951bcb4d3bf1319 Mon Sep 17 00:00:00 2001 From: wuliushuan Date: Thu, 19 Jun 2025 20:57:37 +0800 Subject: [PATCH] =?UTF-8?q?FUZZ=E8=A6=86=E7=9B=96=E7=8E=87=E6=8F=90?= =?UTF-8?q?=E5=8D=87V2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wuliushuan Change-Id: I42b1b28ad5d8094e4f7668e446d0f7653e4b0012 --- ...egisterpermactivestatuscallback_fuzzer.cpp | 5 +- .../startusingpermission001_fuzzer.cpp | 15 +- test/fuzztest/services/accesstoken/BUILD.gn | 1 + .../accesstokenstubcoverage_fuzzer/BUILD.gn | 58 ++++++ .../accesstokenstubcoverage_fuzzer.cpp | 161 ++++++++++++++ .../accesstokenstubcoverage_fuzzer.h | 21 ++ .../corpus/init | 14 ++ .../project.xml | 25 +++ .../inituserpolicystub_fuzzer.cpp | 196 +++++++++++------- ...sterpermstatechangecallbackstub_fuzzer.cpp | 6 + ...selfpermstatechangecallbackstub_fuzzer.cpp | 6 + 11 files changed, 428 insertions(+), 80 deletions(-) create mode 100644 test/fuzztest/services/accesstoken/accesstokenstubcoverage_fuzzer/BUILD.gn create mode 100644 test/fuzztest/services/accesstoken/accesstokenstubcoverage_fuzzer/accesstokenstubcoverage_fuzzer.cpp create mode 100644 test/fuzztest/services/accesstoken/accesstokenstubcoverage_fuzzer/accesstokenstubcoverage_fuzzer.h create mode 100644 test/fuzztest/services/accesstoken/accesstokenstubcoverage_fuzzer/corpus/init create mode 100644 test/fuzztest/services/accesstoken/accesstokenstubcoverage_fuzzer/project.xml diff --git a/test/fuzztest/innerkits/privacy/registerpermactivestatuscallback_fuzzer/registerpermactivestatuscallback_fuzzer.cpp b/test/fuzztest/innerkits/privacy/registerpermactivestatuscallback_fuzzer/registerpermactivestatuscallback_fuzzer.cpp index 821970054..4c8b6ef44 100644 --- a/test/fuzztest/innerkits/privacy/registerpermactivestatuscallback_fuzzer/registerpermactivestatuscallback_fuzzer.cpp +++ b/test/fuzztest/innerkits/privacy/registerpermactivestatuscallback_fuzzer/registerpermactivestatuscallback_fuzzer.cpp @@ -57,8 +57,9 @@ namespace OHOS { std::vector permList = {fuzzData.GenerateStochasticString()}; auto callback = std::make_shared(permList); callback->type_ = PERM_INACTIVE; - - return PrivacyKit::RegisterPermActiveStatusCallback(callback) == 0; + (void)PrivacyKit::RegisterPermActiveStatusCallback(callback); + (void)PrivacyKit::UnRegisterPermActiveStatusCallback(callback); + return true; } } diff --git a/test/fuzztest/innerkits/privacy/startusingpermission001_fuzzer/startusingpermission001_fuzzer.cpp b/test/fuzztest/innerkits/privacy/startusingpermission001_fuzzer/startusingpermission001_fuzzer.cpp index 18630ebd6..93d0b5397 100644 --- a/test/fuzztest/innerkits/privacy/startusingpermission001_fuzzer/startusingpermission001_fuzzer.cpp +++ b/test/fuzztest/innerkits/privacy/startusingpermission001_fuzzer/startusingpermission001_fuzzer.cpp @@ -26,6 +26,9 @@ using namespace std; using namespace OHOS::Security::AccessToken; +static bool g_realTokenFlag = true; +// hap tokenID 536907816 +static constexpr AccessTokenID g_realTokenId = static_cast(536907816); class CbCustomizeTest : public StateCustomizedCbk { public: @@ -54,9 +57,17 @@ namespace OHOS { AccessTokenFuzzData fuzzData(data, size); auto callback = std::make_shared(); + if (callback == nullptr) { + return false; + } + AccessTokenID tokenID = static_cast(fuzzData.GetData()); + if (g_realTokenFlag) { + tokenID = g_realTokenId; + g_realTokenFlag = false; + } - return PrivacyKit::StartUsingPermission(static_cast(fuzzData.GetData()), - fuzzData.GenerateStochasticString(), fuzzData.GetData()) == 0; + return PrivacyKit::StartUsingPermission(tokenID, + fuzzData.GenerateStochasticString(), callback, fuzzData.GetData()) == 0; } } diff --git a/test/fuzztest/services/accesstoken/BUILD.gn b/test/fuzztest/services/accesstoken/BUILD.gn index af89fb3ed..cc218dfb2 100644 --- a/test/fuzztest/services/accesstoken/BUILD.gn +++ b/test/fuzztest/services/accesstoken/BUILD.gn @@ -16,6 +16,7 @@ group("fuzztest") { deps = [ # deps file + "accesstokenstubcoverage_fuzzer:AccessTokenStubCoverageFuzzTest", "allochaptokenstub_fuzzer:AllocHapTokenStubFuzzTest", "alloclocaltokenidstub_fuzzer:AllocLocalTokenIDStubFuzzTest", "clearusergrantedpermissionstatestub_fuzzer:ClearUserGrantedPermissionStateStubFuzzTest", diff --git a/test/fuzztest/services/accesstoken/accesstokenstubcoverage_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/accesstokenstubcoverage_fuzzer/BUILD.gn new file mode 100644 index 000000000..e4f057ee0 --- /dev/null +++ b/test/fuzztest/services/accesstoken/accesstokenstubcoverage_fuzzer/BUILD.gn @@ -0,0 +1,58 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../access_token_service_fuzz.gni") + +ohos_fuzztest("AccessTokenStubCoverageFuzzTest") { + module_out_path = module_output_path_service_access_token + fuzz_config_file = "." + + sources = [ "accesstokenstubcoverage_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = access_token_include_dirs + + deps = access_token_deps + deps += [ "${access_token_path}/interfaces/innerkits/nativetoken:libnativetoken_shared" ] + + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] + + external_deps = access_token_external_deps + + include_dirs += access_token_impl_include_dirs + + cflags_cc = access_token_cflags_cc + + if (build_variant == "user") { + cflags_cc += [ "-DATM_BUILD_VARIANT_USER_ENABLE" ] + } + + sources += access_token_sources + + sources += access_token_impl_sources + + include_dirs += + [ "${access_token_path}/interfaces/innerkits/accesstoken/src" ] +} diff --git a/test/fuzztest/services/accesstoken/accesstokenstubcoverage_fuzzer/accesstokenstubcoverage_fuzzer.cpp b/test/fuzztest/services/accesstoken/accesstokenstubcoverage_fuzzer/accesstokenstubcoverage_fuzzer.cpp new file mode 100644 index 000000000..bf4fd1519 --- /dev/null +++ b/test/fuzztest/services/accesstoken/accesstokenstubcoverage_fuzzer/accesstokenstubcoverage_fuzzer.cpp @@ -0,0 +1,161 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "accesstokenstubcoverage_fuzzer.h" + +#include +#include +#include "accesstoken_callback_stubs.h" +#include "accesstoken_kit.h" +#define private public +#include "accesstoken_manager_service.h" +#undef private +#include "iaccess_token_manager.h" +#include "token_setproc.h" +#include "token_sync_kit_interface.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; +static bool g_reload = true; +static AccessTokenID g_selfTokenId = 0; +static uint64_t g_mockTokenId = 0; +static uint32_t g_executionNum = 0; + +namespace OHOS { +class TokenSyncCallbackImpl : public TokenSyncCallbackStub { +public: + TokenSyncCallbackImpl() = default; + virtual ~TokenSyncCallbackImpl() = default; + + int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) override + { + return TokenSyncError::TOKEN_SYNC_OPENSOURCE_DEVICE; + }; + + int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) override + { + return TokenSyncError::TOKEN_SYNC_SUCCESS; + }; + + int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) override + { + return TokenSyncError::TOKEN_SYNC_SUCCESS; + }; +}; + +void RegisterTokenSyncCallback() +{ +#ifdef TOKEN_SYNC_ENABLE + if (g_mockTokenId == 0) { + g_mockTokenId = AccessTokenKit::GetNativeTokenId("token_sync_service"); + } + (void)SetSelfTokenID(g_mockTokenId); + sptr callback = new (std::nothrow) TokenSyncCallbackImpl(); + if (callback == nullptr) { + return; + } + + MessageParcel datas; + if (!datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + return; + } + if (!datas.WriteRemoteObject(callback->AsObject())) { + return; + } + uint32_t code = static_cast( + IAccessTokenManagerIpcCode::COMMAND_REGISTER_TOKEN_SYNC_CALLBACK); + + MessageParcel reply; + MessageOption option; + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); +#endif // TOKEN_SYNC_ENABLE +} + +void UnRegisterTokenSyncCallback() +{ +#ifdef TOKEN_SYNC_ENABLE + MessageParcel reply; + MessageOption option; + MessageParcel datas; + if (!datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + return; + } + DelayedSingleton::GetInstance()->OnRemoteRequest( + static_cast(IAccessTokenManagerIpcCode::COMMAND_UN_REGISTER_TOKEN_SYNC_CALLBACK), + datas, reply, option); +#endif // TOKEN_SYNC_ENABLE +} + +void GetVersion() +{ + MessageParcel reply; + MessageOption option; + MessageParcel datas; + if (!datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + return; + } + DelayedSingleton::GetInstance()->OnRemoteRequest( + static_cast(IAccessTokenManagerIpcCode::COMMAND_GET_VERSION), datas, reply, option); +} + +void ReloadNativeTokenInfo() +{ + if (!g_reload) { + return; + } +#ifndef ATM_BUILD_VARIANT_USER_ENABLE + MessageParcel reply; + MessageOption option; + MessageParcel datas; + if (!datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + return; + } + DelayedSingleton::GetInstance()->OnRemoteRequest( + static_cast(IAccessTokenManagerIpcCode::COMMAND_RELOAD_NATIVE_TOKEN_INFO), datas, reply, option); + g_reload = false; +#endif +} + +bool AccessTokenStubCoverageFuzzTest(FuzzedDataProvider &provider) +{ + if (g_selfTokenId == 0) { + g_selfTokenId = GetSelfTokenID(); + } + ReloadNativeTokenInfo(); + GetVersion(); + RegisterTokenSyncCallback(); + UnRegisterTokenSyncCallback(); + (void)SetSelfTokenID(g_selfTokenId); + if (g_executionNum < 1) { + g_executionNum++; + DelayedSingleton::GetInstance()->Initialize(); + DelayedSingleton::GetInstance()->AccessTokenServiceParamSet(); + } + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + if ((data == nullptr) || (size == 0)) { + return 0; + } + + FuzzedDataProvider provider(data, size); + OHOS::AccessTokenStubCoverageFuzzTest(provider); + return 0; +} diff --git a/test/fuzztest/services/accesstoken/accesstokenstubcoverage_fuzzer/accesstokenstubcoverage_fuzzer.h b/test/fuzztest/services/accesstoken/accesstokenstubcoverage_fuzzer/accesstokenstubcoverage_fuzzer.h new file mode 100644 index 000000000..674b3a215 --- /dev/null +++ b/test/fuzztest/services/accesstoken/accesstokenstubcoverage_fuzzer/accesstokenstubcoverage_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_ACCESSTOKENSTUBCOVERAGE_FUZZER_H +#define TEST_FUZZTEST_ACCESSTOKENSTUBCOVERAGE_FUZZER_H + +#define FUZZ_PROJECT_NAME "accesstokenstubcoverage_fuzzer" + +#endif // TEST_FUZZTEST_ACCESSTOKENSTUBCOVERAGE_FUZZER_H diff --git a/test/fuzztest/services/accesstoken/accesstokenstubcoverage_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/accesstokenstubcoverage_fuzzer/corpus/init new file mode 100644 index 000000000..3aa5d02ca --- /dev/null +++ b/test/fuzztest/services/accesstoken/accesstokenstubcoverage_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +64 \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/accesstokenstubcoverage_fuzzer/project.xml b/test/fuzztest/services/accesstoken/accesstokenstubcoverage_fuzzer/project.xml new file mode 100644 index 000000000..66e1dcac4 --- /dev/null +++ b/test/fuzztest/services/accesstoken/accesstokenstubcoverage_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.cpp b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.cpp index 1885cecac..9d2a9b91d 100644 --- a/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/inituserpolicystub_fuzzer/inituserpolicystub_fuzzer.cpp @@ -32,85 +32,129 @@ using namespace OHOS::Security::AccessToken; static AccessTokenID g_selfTokenId = 0; static uint64_t g_mockTokenId = 0; const int32_t CONSTANTS_NUMBER_TWO = 2; +static bool g_reload = true; namespace OHOS { - void GetNativeToken() - { - if (g_mockTokenId != 0) { - SetSelfTokenID(g_mockTokenId); - return; - } - const char** perms = new (std::nothrow) const char *[1]; - if (perms == nullptr) { - return; - } - - perms[0] = "ohos.permission.GET_SENSITIVE_PERMISSIONS"; - - NativeTokenInfoParams infoInstance = { - .dcapsNum = 0, - .permsNum = 1, - .aclsNum = 0, - .dcaps = nullptr, - .perms = perms, - .acls = nullptr, - .processName = "inituserpolicystub_fuzzer_test", - .aplStr = "system_core", - }; - - g_mockTokenId = GetAccessTokenId(&infoInstance); - g_selfTokenId = GetSelfTokenID(); - SetSelfTokenID(g_mockTokenId); - AccessTokenKit::ReloadNativeTokenInfo(); - delete[] perms; - } - - bool InitUserPolicyStubFuzzTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return false; - } - - AccessTokenFuzzData fuzzData(data, size); - std::string testName(fuzzData.GenerateStochasticString()); - - UserState userList; - userList.userId = fuzzData.GetData(); - userList.isActive = fuzzData.GenerateStochasticBool(); - - MessageParcel datas; - datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); - if (!datas.WriteUint32(1)) { - return false; - } - if (!datas.WriteUint32(1)) { - return false; - } - if (!datas.WriteInt32(userList.userId)) { - return false; - } - if (!datas.WriteBool(userList.isActive)) { - return false; - } - if (!datas.WriteString(testName)) { - return false; - } - - uint32_t code = static_cast( - IAccessTokenManagerIpcCode::COMMAND_INIT_USER_POLICY); - - MessageParcel reply; - MessageOption option; - bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); - if (enable) { - GetNativeToken(); - } else { - SetSelfTokenID(g_selfTokenId); - } - DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); - - return true; +void ReloadNativeTokenInfo() +{ + if (!g_reload) { + return; + } +#ifndef ATM_BUILD_VARIANT_USER_ENABLE + MessageParcel reply; + MessageOption option; + MessageParcel datas; + if (!datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + return; + } + DelayedSingleton::GetInstance()->OnRemoteRequest( + static_cast(IAccessTokenManagerIpcCode::COMMAND_RELOAD_NATIVE_TOKEN_INFO), datas, reply, option); +#endif + g_reload = false; +} +void GetNativeToken() +{ + ReloadNativeTokenInfo(); + if (g_mockTokenId != 0) { + (void)SetSelfTokenID(g_mockTokenId); + return; + } + g_selfTokenId = GetSelfTokenID(); + g_mockTokenId = AccessTokenKit::GetNativeTokenId("foundation"); + if (g_mockTokenId == 0) { + return; + } + (void)SetSelfTokenID(g_mockTokenId); +} + +void ClearUserPolicy() +{ + MessageParcel reply; + MessageOption option; + MessageParcel datas; + if (!datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + return; } + DelayedSingleton::GetInstance()->OnRemoteRequest( + static_cast(IAccessTokenManagerIpcCode::COMMAND_CLEAR_USER_POLICY), datas, reply, option); +} + +void UpdateUserPolicy(AccessTokenFuzzData &fuzzData) +{ + UserState userList; + userList.userId = fuzzData.GetData(); + userList.isActive = fuzzData.GenerateStochasticBool(); + + MessageParcel datas; + if (!datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + return; + } + if (!datas.WriteUint32(1)) { + return; + } + if (!datas.WriteInt32(userList.userId)) { + return; + } + if (!datas.WriteBool(userList.isActive)) { + return; + } + + MessageParcel reply; + MessageOption option; + DelayedSingleton::GetInstance()->OnRemoteRequest( + static_cast(IAccessTokenManagerIpcCode::COMMAND_UPDATE_USER_POLICY), datas, reply, option); +} + +bool InitUserPolicyStubFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return false; + } + + AccessTokenFuzzData fuzzData(data, size); + std::string testName(fuzzData.GenerateStochasticString()); + + UserState userList; + userList.userId = fuzzData.GetData(); + userList.isActive = fuzzData.GenerateStochasticBool(); + + MessageParcel datas; + if (!datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + return false; + } + if (!datas.WriteUint32(1)) { + return false; + } + if (!datas.WriteUint32(1)) { + return false; + } + if (!datas.WriteInt32(userList.userId)) { + return false; + } + if (!datas.WriteBool(userList.isActive)) { + return false; + } + if (!datas.WriteString(testName)) { + return false; + } + + uint32_t code = static_cast( + IAccessTokenManagerIpcCode::COMMAND_INIT_USER_POLICY); + + MessageParcel reply; + MessageOption option; + bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0); + if (enable) { + GetNativeToken(); + } else { + (void)SetSelfTokenID(g_selfTokenId); + } + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + UpdateUserPolicy(fuzzData); + ClearUserPolicy(); + + return true; +} } // namespace OHOS /* Fuzzer entry point */ diff --git a/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/registerpermstatechangecallbackstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/registerpermstatechangecallbackstub_fuzzer.cpp index b37d7b402..0bbce87b5 100644 --- a/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/registerpermstatechangecallbackstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/registerpermstatechangecallbackstub_fuzzer/registerpermstatechangecallbackstub_fuzzer.cpp @@ -83,6 +83,12 @@ namespace OHOS { MessageOption option; DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + MessageParcel datas2; + datas2.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + DelayedSingleton::GetInstance()->OnRemoteRequest( + static_cast(IAccessTokenManagerIpcCode::COMMAND_UN_REGISTER_PERM_STATE_CHANGE_CALLBACK), + datas2, reply, option); + return true; } } // namespace OHOS diff --git a/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.cpp index 4d35d90e5..b1d6293f0 100644 --- a/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.cpp +++ b/test/fuzztest/services/accesstoken/registerselfpermstatechangecallbackstub_fuzzer/registerselfpermstatechangecallbackstub_fuzzer.cpp @@ -122,6 +122,12 @@ namespace OHOS { } DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + code = static_cast( + IAccessTokenManagerIpcCode::COMMAND_UN_REGISTER_SELF_PERM_STATE_CHANGE_CALLBACK); + MessageParcel datas2; + datas2.WriteInterfaceToken(IAccessTokenManager::GetDescriptor()); + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas2, reply, option); + return true; } } // namespace OHOS -- Gitee