From 45ba544c4b0186fe7403dd24183796b05afd193c Mon Sep 17 00:00:00 2001 From: wu-liushuan Date: Thu, 26 Jun 2025 14:38:53 +0800 Subject: [PATCH] =?UTF-8?q?FUZZ=E8=A6=86=E7=9B=96=E7=8E=87=E6=8F=90?= =?UTF-8?q?=E5=8D=8720250628?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: wu-liushuan Change-Id: Ia8f788fc8ad4c1d69c7dde2a22d9dc80cd01b2af --- test/fuzztest/innerkits/privacy/BUILD.gn | 3 +- .../addpermissionusedrecord_fuzzer.cpp | 29 ++--- .../getpermissionusedrecords_fuzzer/BUILD.gn | 4 +- .../getpermissionusedrecords_fuzzer.cpp | 58 +++++---- .../BUILD.gn | 5 +- ...egisterpermactivestatuscallback_fuzzer.cpp | 36 +++--- .../sethapwithfgreminder_fuzzer/BUILD.gn | 42 ++++++ .../sethapwithfgreminder_fuzzer/corpus/init | 14 ++ .../sethapwithfgreminder_fuzzer/project.xml | 25 ++++ .../sethapwithfgreminder_fuzzer.cpp | 41 ++++++ .../sethapwithfgreminder_fuzzer.h | 21 +++ .../BUILD.gn | 5 +- ...tartusingpermissioncallbackstub_fuzzer.cpp | 122 +++++++++++------- .../startusingpermissionstub_fuzzer/BUILD.gn | 5 +- .../startusingpermissionstub_fuzzer.cpp | 91 +++++++++---- 15 files changed, 369 insertions(+), 132 deletions(-) create mode 100644 test/fuzztest/innerkits/privacy/sethapwithfgreminder_fuzzer/BUILD.gn create mode 100644 test/fuzztest/innerkits/privacy/sethapwithfgreminder_fuzzer/corpus/init create mode 100644 test/fuzztest/innerkits/privacy/sethapwithfgreminder_fuzzer/project.xml create mode 100644 test/fuzztest/innerkits/privacy/sethapwithfgreminder_fuzzer/sethapwithfgreminder_fuzzer.cpp create mode 100644 test/fuzztest/innerkits/privacy/sethapwithfgreminder_fuzzer/sethapwithfgreminder_fuzzer.h diff --git a/test/fuzztest/innerkits/privacy/BUILD.gn b/test/fuzztest/innerkits/privacy/BUILD.gn index 8d25a97a4..b7f4aa215 100644 --- a/test/fuzztest/innerkits/privacy/BUILD.gn +++ b/test/fuzztest/innerkits/privacy/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2022-2024 Huawei Device Co., Ltd. +# Copyright (c) 2022-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -25,6 +25,7 @@ group("fuzztest") { "isallowedusingpermission_fuzzer:IsAllowedUsingPermissionFuzzTest", "registerpermactivestatuscallback_fuzzer:RegisterPermActiveStatusCallbackFuzzTest", "removepermissionusedrecords_fuzzer:RemovePermissionUsedRecordsFuzzTest", + "sethapwithfgreminder_fuzzer:SetHapWithFGReminderFuzzTest", "setmutepolicy_fuzzer:SetMutePolicyFuzzTest", "setpermissionusedrecordtogglestatus_fuzzer:SetPermissionUsedRecordToggleStatusFuzzTest", "startusingpermission001_fuzzer:StartUsingPermission001FuzzTest", diff --git a/test/fuzztest/innerkits/privacy/addpermissionusedrecord_fuzzer/addpermissionusedrecord_fuzzer.cpp b/test/fuzztest/innerkits/privacy/addpermissionusedrecord_fuzzer/addpermissionusedrecord_fuzzer.cpp index 4de8f5dd0..40d59866f 100644 --- a/test/fuzztest/innerkits/privacy/addpermissionusedrecord_fuzzer/addpermissionusedrecord_fuzzer.cpp +++ b/test/fuzztest/innerkits/privacy/addpermissionusedrecord_fuzzer/addpermissionusedrecord_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -15,30 +15,23 @@ #include "addpermissionusedrecord_fuzzer.h" -#include -#include -#include -#include - #include "fuzzer/FuzzedDataProvider.h" -#undef private #include "privacy_kit.h" -using namespace std; using namespace OHOS::Security::AccessToken; namespace OHOS { - bool AddPermissionUsedRecordFuzzTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return false; - } - - FuzzedDataProvider provider(data, size); - return PrivacyKit::AddPermissionUsedRecord(provider.ConsumeIntegral(), - provider.ConsumeRandomLengthString(), provider.ConsumeIntegral(), - provider.ConsumeIntegral(), provider.ConsumeBool()) == 0; +bool AddPermissionUsedRecordFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return false; } + + FuzzedDataProvider provider(data, size); + return PrivacyKit::AddPermissionUsedRecord(provider.ConsumeIntegral(), + provider.ConsumeRandomLengthString(), provider.ConsumeIntegral(), + provider.ConsumeIntegral(), provider.ConsumeBool()) == 0; +} } /* Fuzzer entry point */ diff --git a/test/fuzztest/innerkits/privacy/getpermissionusedrecords_fuzzer/BUILD.gn b/test/fuzztest/innerkits/privacy/getpermissionusedrecords_fuzzer/BUILD.gn index 944df99b9..4ba905d1b 100644 --- a/test/fuzztest/innerkits/privacy/getpermissionusedrecords_fuzzer/BUILD.gn +++ b/test/fuzztest/innerkits/privacy/getpermissionusedrecords_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2022-2023 Huawei Device Co., Ltd. +# Copyright (c) 2022-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -21,6 +21,8 @@ ohos_fuzztest("GetPermissionUsedRecordsFuzzTest") { include_dirs = [ "${access_token_path}/interfaces/innerkits/accesstoken/include", "${access_token_path}/test/fuzztest/common", + "${access_token_path}/frameworks/common/include", + "${access_token_path}/interfaces/innerkits/privacy/src", ] cflags = [ "-g", diff --git a/test/fuzztest/innerkits/privacy/getpermissionusedrecords_fuzzer/getpermissionusedrecords_fuzzer.cpp b/test/fuzztest/innerkits/privacy/getpermissionusedrecords_fuzzer/getpermissionusedrecords_fuzzer.cpp index 0db2ddeba..7dd83f546 100644 --- a/test/fuzztest/innerkits/privacy/getpermissionusedrecords_fuzzer/getpermissionusedrecords_fuzzer.cpp +++ b/test/fuzztest/innerkits/privacy/getpermissionusedrecords_fuzzer/getpermissionusedrecords_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2024 Huawei Device Co., Ltd. + * Copyright (c) 2024-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,35 +21,47 @@ #include #include "fuzzer/FuzzedDataProvider.h" -#undef private +#include "on_permission_used_record_callback_stub.h" #include "privacy_kit.h" using namespace std; using namespace OHOS::Security::AccessToken; +class TestCallBack : public OnPermissionUsedRecordCallbackStub { +public: + TestCallBack() = default; + virtual ~TestCallBack() = default; + + void OnQueried(OHOS::ErrCode code, PermissionUsedResult& result) + {} +}; + namespace OHOS { - bool GetPermissionUsedRecordsFuzzTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return false; - } - - FuzzedDataProvider provider(data, size); - PermissionUsedRequest request = { - .tokenId = provider.ConsumeIntegral(), - .isRemote = provider.ConsumeBool(), - .deviceId = provider.ConsumeRandomLengthString(), - .bundleName = provider.ConsumeRandomLengthString(), - .permissionList = {provider.ConsumeRandomLengthString()}, - .beginTimeMillis = provider.ConsumeIntegral(), - .endTimeMillis = provider.ConsumeIntegral(), - .flag = static_cast(provider.ConsumeIntegralInRange( - 0, static_cast(PermissionUsageFlag::FLAG_PERMISSION_USAGE_SUMMARY_IN_SCREEN_UNLOCKED))) - }; - - PermissionUsedResult res; - return PrivacyKit::GetPermissionUsedRecords(request, res) == 0; +bool GetPermissionUsedRecordsFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return false; } + + FuzzedDataProvider provider(data, size); + PermissionUsedRequest request = { + .tokenId = provider.ConsumeIntegral(), + .isRemote = provider.ConsumeBool(), + .deviceId = provider.ConsumeRandomLengthString(), + .bundleName = provider.ConsumeRandomLengthString(), + .permissionList = {provider.ConsumeRandomLengthString()}, + .beginTimeMillis = provider.ConsumeIntegral(), + .endTimeMillis = provider.ConsumeIntegral(), + .flag = static_cast(provider.ConsumeIntegralInRange( + 0, static_cast(PermissionUsageFlag::FLAG_PERMISSION_USAGE_SUMMARY_IN_SCREEN_UNLOCKED))) + }; + + sptr callback(new (std::nothrow) TestCallBack()); + (void)PrivacyKit::GetPermissionUsedRecords(request, callback); + + PermissionUsedResult res; + return PrivacyKit::GetPermissionUsedRecords(request, res) == 0; +} } /* Fuzzer entry point */ diff --git a/test/fuzztest/innerkits/privacy/registerpermactivestatuscallback_fuzzer/BUILD.gn b/test/fuzztest/innerkits/privacy/registerpermactivestatuscallback_fuzzer/BUILD.gn index f5d76f26c..9ca547f61 100644 --- a/test/fuzztest/innerkits/privacy/registerpermactivestatuscallback_fuzzer/BUILD.gn +++ b/test/fuzztest/innerkits/privacy/registerpermactivestatuscallback_fuzzer/BUILD.gn @@ -1,4 +1,4 @@ -# Copyright (c) 2022-2023 Huawei Device Co., Ltd. +# Copyright (c) 2022-2025 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at @@ -20,7 +20,10 @@ ohos_fuzztest("RegisterPermActiveStatusCallbackFuzzTest") { fuzz_config_file = "." include_dirs = [ + "${access_token_path}/frameworks/privacy/include", "${access_token_path}/interfaces/innerkits/accesstoken/include", + "${access_token_path}/interfaces/innerkits/privacy/src", + "${access_token_path}/services/common/proxy_death/include", "${access_token_path}/test/fuzztest/common", ] cflags = [ diff --git a/test/fuzztest/innerkits/privacy/registerpermactivestatuscallback_fuzzer/registerpermactivestatuscallback_fuzzer.cpp b/test/fuzztest/innerkits/privacy/registerpermactivestatuscallback_fuzzer/registerpermactivestatuscallback_fuzzer.cpp index f3b9ad439..85fd46d6e 100644 --- a/test/fuzztest/innerkits/privacy/registerpermactivestatuscallback_fuzzer/registerpermactivestatuscallback_fuzzer.cpp +++ b/test/fuzztest/innerkits/privacy/registerpermactivestatuscallback_fuzzer/registerpermactivestatuscallback_fuzzer.cpp @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022 Huawei Device Co., Ltd. + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -21,8 +21,11 @@ #include #include "fuzzer/FuzzedDataProvider.h" -#undef private +#include "perm_active_status_change_callback.h" #include "privacy_kit.h" +#define private public +#include "privacy_manager_client.h" +#undef private using namespace std; using namespace OHOS::Security::AccessToken; @@ -46,20 +49,23 @@ public: }; namespace OHOS { - bool RegisterPermActiveStatusCallbackFuzzTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return false; - } - - FuzzedDataProvider provider(data, size); - std::vector permList = {provider.ConsumeRandomLengthString()}; - auto callback = std::make_shared(permList); - callback->type_ = PERM_INACTIVE; - (void)PrivacyKit::RegisterPermActiveStatusCallback(callback); - (void)PrivacyKit::UnRegisterPermActiveStatusCallback(callback); - return true; +bool RegisterPermActiveStatusCallbackFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return false; } + + FuzzedDataProvider provider(data, size); + std::vector permList = {provider.ConsumeRandomLengthString()}; + auto callback = std::make_shared(permList); + callback->type_ = PERM_INACTIVE; + (void)PrivacyKit::RegisterPermActiveStatusCallback(callback); + (void)PrivacyKit::UnRegisterPermActiveStatusCallback(callback); + auto callbackWrap = new (std::nothrow) PermActiveStatusChangeCallback(callback); + PrivacyManagerClient::GetInstance().activeCbkMap_[callback] = callbackWrap; + (void)PrivacyKit::UnRegisterPermActiveStatusCallback(callback); + return true; +} } /* Fuzzer entry point */ diff --git a/test/fuzztest/innerkits/privacy/sethapwithfgreminder_fuzzer/BUILD.gn b/test/fuzztest/innerkits/privacy/sethapwithfgreminder_fuzzer/BUILD.gn new file mode 100644 index 000000000..16bfce886 --- /dev/null +++ b/test/fuzztest/innerkits/privacy/sethapwithfgreminder_fuzzer/BUILD.gn @@ -0,0 +1,42 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") + +ohos_fuzztest("SetHapWithFGReminderFuzzTest") { + module_out_path = module_output_path_interface_privacy + fuzz_config_file = "." + include_dirs = [ + "${access_token_path}/interfaces/innerkits/accesstoken/include", + "${access_token_path}/test/fuzztest/common", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ "sethapwithfgreminder_fuzzer.cpp" ] + + deps = [ "${access_token_path}/interfaces/innerkits/privacy:libprivacy_sdk" ] + + configs = [ "${access_token_path}/config:coverage_flags" ] + + external_deps = [ + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_core", + ] +} diff --git a/test/fuzztest/innerkits/privacy/sethapwithfgreminder_fuzzer/corpus/init b/test/fuzztest/innerkits/privacy/sethapwithfgreminder_fuzzer/corpus/init new file mode 100644 index 000000000..5769eb4e9 --- /dev/null +++ b/test/fuzztest/innerkits/privacy/sethapwithfgreminder_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +020021DA0000 \ No newline at end of file diff --git a/test/fuzztest/innerkits/privacy/sethapwithfgreminder_fuzzer/project.xml b/test/fuzztest/innerkits/privacy/sethapwithfgreminder_fuzzer/project.xml new file mode 100644 index 000000000..66e1dcac4 --- /dev/null +++ b/test/fuzztest/innerkits/privacy/sethapwithfgreminder_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/innerkits/privacy/sethapwithfgreminder_fuzzer/sethapwithfgreminder_fuzzer.cpp b/test/fuzztest/innerkits/privacy/sethapwithfgreminder_fuzzer/sethapwithfgreminder_fuzzer.cpp new file mode 100644 index 000000000..a35851728 --- /dev/null +++ b/test/fuzztest/innerkits/privacy/sethapwithfgreminder_fuzzer/sethapwithfgreminder_fuzzer.cpp @@ -0,0 +1,41 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "sethapwithfgreminder_fuzzer.h" + +#include "fuzzer/FuzzedDataProvider.h" +#include "privacy_kit.h" + +using namespace OHOS::Security::AccessToken; + +namespace OHOS { +bool SetHapWithFGReminderFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return false; + } + + FuzzedDataProvider provider(data, size); + return PrivacyKit::SetHapWithFGReminder(provider.ConsumeIntegral(), provider.ConsumeBool()) == 0; +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::SetHapWithFGReminderFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/innerkits/privacy/sethapwithfgreminder_fuzzer/sethapwithfgreminder_fuzzer.h b/test/fuzztest/innerkits/privacy/sethapwithfgreminder_fuzzer/sethapwithfgreminder_fuzzer.h new file mode 100644 index 000000000..6841776d3 --- /dev/null +++ b/test/fuzztest/innerkits/privacy/sethapwithfgreminder_fuzzer/sethapwithfgreminder_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_SETHAPWITHFGREMINDER_FUZZER_H +#define TEST_FUZZTEST_SETHAPWITHFGREMINDER_FUZZER_H + +#define FUZZ_PROJECT_NAME "sethapwithfgreminder_fuzzer" + +#endif // TEST_FUZZTEST_SETHAPWITHFGREMINDER_FUZZER_H diff --git a/test/fuzztest/services/privacy/startusingpermissioncallbackstub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/startusingpermissioncallbackstub_fuzzer/BUILD.gn index e61cf194d..bafaf7970 100644 --- a/test/fuzztest/services/privacy/startusingpermissioncallbackstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/startusingpermissioncallbackstub_fuzzer/BUILD.gn @@ -20,7 +20,10 @@ ohos_fuzztest("StartUsingPermissionCallbackStubFuzzTest") { module_out_path = module_output_path_service_privacy fuzz_config_file = "." - sources = [ "startusingpermissioncallbackstub_fuzzer.cpp" ] + sources = [ + "${access_token_path}/services/common/proxy_death/src/proxy_death_callback_stub.cpp", + "startusingpermissioncallbackstub_fuzzer.cpp", + ] cflags = [ "-g", diff --git a/test/fuzztest/services/privacy/startusingpermissioncallbackstub_fuzzer/startusingpermissioncallbackstub_fuzzer.cpp b/test/fuzztest/services/privacy/startusingpermissioncallbackstub_fuzzer/startusingpermissioncallbackstub_fuzzer.cpp index 936bc0aad..71d1cd2ad 100644 --- a/test/fuzztest/services/privacy/startusingpermissioncallbackstub_fuzzer/startusingpermissioncallbackstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/startusingpermissioncallbackstub_fuzzer/startusingpermissioncallbackstub_fuzzer.cpp @@ -15,19 +15,18 @@ #include "startusingpermissioncallbackstub_fuzzer.h" -#include -#include -#include - -#undef private +#include "constant.h" #include "fuzzer/FuzzedDataProvider.h" #include "iprivacy_manager.h" +#include "permission_used_type.h" +#include "proxy_death_callback_stub.h" #include "state_change_callback.h" #include "state_customized_cbk.h" #include "privacy_manager_service.h" using namespace std; using namespace OHOS::Security::AccessToken; +static int32_t g_permSize = static_cast(Constant::PERMISSION_OPCODE_MAP.size()); class CbCustomizeTest : public StateCustomizedCbk { public: @@ -47,46 +46,81 @@ public: }; namespace OHOS { - bool StartUsingPermissionCallbackStubFuzzTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return false; - } - - FuzzedDataProvider provider(data, size); - - sptr callbackWrap = nullptr; - auto callback = std::make_shared(); - callbackWrap = new (std::nothrow) StateChangeCallback(callback); - - MessageParcel datas; - datas.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); - if (!datas.WriteUint32(provider.ConsumeIntegral())) { - return false; - } - if (!datas.WriteString(provider.ConsumeRandomLengthString())) { - return false; - } - if (!datas.WriteInt32(provider.ConsumeIntegral())) { - return false; - } - uint32_t type = static_cast(provider.ConsumeIntegralInRange( - 0, static_cast(PermissionUsedType::PERM_USED_TYPE_BUTT))); - if (!datas.WriteUint32(type)) { - return false; - } - if (!datas.WriteRemoteObject(callbackWrap->AsObject())) { - return false; - } - - uint32_t code = static_cast(IPrivacyManagerIpcCode::COMMAND_START_USING_PERMISSION_CALLBACK); - - MessageParcel reply; - MessageOption option; - DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); - - return true; +void StartUsingPermissionCallbackStub(AccessTokenID tokenID, int32_t pid, const std::string& permissionName) +{ + MessageParcel data; + if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { + return; + } + + PermissionUsedTypeInfoParcel infoParcel; + infoParcel.info.tokenId = tokenID; + infoParcel.info.pid = pid; + infoParcel.info.permissionName = permissionName; + infoParcel.info.type = NORMAL_TYPE; + + auto anonyStub = sptr::MakeSptr(); + if (!data.WriteParcelable(&infoParcel)) { + return; + } + + sptr callbackWrap = nullptr; + auto callback = std::make_shared(); + callbackWrap = new (std::nothrow) StateChangeCallback(callback); + if (!data.WriteRemoteObject(callbackWrap->AsObject())) { + return; + } + + if (!data.WriteRemoteObject(anonyStub)) { + return; } + + MessageParcel reply; + MessageOption option(MessageOption::TF_SYNC); + DelayedSingleton::GetInstance()->OnRemoteRequest( + static_cast(IPrivacyManagerIpcCode::COMMAND_START_USING_PERMISSION_CALLBACK), data, reply, option); +} + +void StopUsingPermissionStub(AccessTokenID tokenID, int32_t pid, const std::string& permissionName) +{ + MessageParcel datas; + if (!datas.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { + return; + } + if (!datas.WriteUint32(tokenID)) { + return; + } + if (!datas.WriteInt32(pid)) { + return; + } + if (!datas.WriteString(permissionName)) { + return; + } + + MessageParcel reply; + MessageOption option(MessageOption::TF_SYNC); + DelayedSingleton::GetInstance()->OnRemoteRequest( + static_cast(IPrivacyManagerIpcCode::COMMAND_STOP_USING_PERMISSION), datas, reply, option); +} + +bool StartUsingPermissionCallbackStubFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return false; + } + + FuzzedDataProvider provider(data, size); + AccessTokenID tokenID = provider.ConsumeIntegral(); + int32_t pid = provider.ConsumeIntegral(); + std::string permissionName; + int32_t opCode = provider.ConsumeIntegral() % g_permSize; + Constant::TransferOpcodeToPermission(opCode, permissionName); + + StartUsingPermissionCallbackStub(tokenID, pid, permissionName); + StopUsingPermissionStub(tokenID, pid, permissionName); + + return true; +} } // namespace OHOS /* Fuzzer entry point */ diff --git a/test/fuzztest/services/privacy/startusingpermissionstub_fuzzer/BUILD.gn b/test/fuzztest/services/privacy/startusingpermissionstub_fuzzer/BUILD.gn index ed318f6e2..2cfd99945 100644 --- a/test/fuzztest/services/privacy/startusingpermissionstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/privacy/startusingpermissionstub_fuzzer/BUILD.gn @@ -20,7 +20,10 @@ ohos_fuzztest("StartUsingPermissionStubFuzzTest") { module_out_path = module_output_path_service_privacy fuzz_config_file = "." - sources = [ "startusingpermissionstub_fuzzer.cpp" ] + sources = [ + "${access_token_path}/services/common/proxy_death/src/proxy_death_callback_stub.cpp", + "startusingpermissionstub_fuzzer.cpp", + ] cflags = [ "-g", diff --git a/test/fuzztest/services/privacy/startusingpermissionstub_fuzzer/startusingpermissionstub_fuzzer.cpp b/test/fuzztest/services/privacy/startusingpermissionstub_fuzzer/startusingpermissionstub_fuzzer.cpp index 2e09748d1..658295ce4 100644 --- a/test/fuzztest/services/privacy/startusingpermissionstub_fuzzer/startusingpermissionstub_fuzzer.cpp +++ b/test/fuzztest/services/privacy/startusingpermissionstub_fuzzer/startusingpermissionstub_fuzzer.cpp @@ -15,47 +15,84 @@ #include "startusingpermissionstub_fuzzer.h" -#include -#include -#include - -#undef private +#include "constant.h" #include "fuzzer/FuzzedDataProvider.h" #include "iprivacy_manager.h" +#include "permission_used_type.h" #include "privacy_manager_service.h" +#include "proxy_death_callback_stub.h" using namespace std; using namespace OHOS::Security::AccessToken; +static int32_t g_permSize = static_cast(Constant::PERMISSION_OPCODE_MAP.size()); namespace OHOS { - bool StartUsingPermissionStubFuzzTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return false; - } +void StartUsingPermissionStub(AccessTokenID tokenID, int32_t pid, const std::string& permissionName) +{ + MessageParcel data; + if (!data.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { + return; + } - FuzzedDataProvider provider(data, size); + PermissionUsedTypeInfoParcel infoParcel; + infoParcel.info.tokenId = tokenID; + infoParcel.info.pid = pid; + infoParcel.info.permissionName = permissionName; + infoParcel.info.type = NORMAL_TYPE; - MessageParcel datas; - datas.WriteInterfaceToken(IPrivacyManager::GetDescriptor()); - if (!datas.WriteUint32(provider.ConsumeIntegral())) { - return false; - } - if (!datas.WriteString(provider.ConsumeRandomLengthString())) { - return false; - } - if (!datas.WriteInt32(provider.ConsumeIntegral())) { - return false; - } + auto anonyStub = sptr::MakeSptr(); + if (!data.WriteParcelable(&infoParcel)) { + return; + } + if (!data.WriteRemoteObject(anonyStub)) { + return; + } - uint32_t code = static_cast(IPrivacyManagerIpcCode::COMMAND_START_USING_PERMISSION); + MessageParcel reply; + MessageOption option(MessageOption::TF_SYNC); + DelayedSingleton::GetInstance()->OnRemoteRequest( + static_cast(IPrivacyManagerIpcCode::COMMAND_START_USING_PERMISSION), data, reply, option); +} - MessageParcel reply; - MessageOption option; - DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); +void StopUsingPermissionStub(AccessTokenID tokenID, int32_t pid, const std::string& permissionName) +{ + MessageParcel datas; + if (!datas.WriteInterfaceToken(IPrivacyManager::GetDescriptor())) { + return; + } + if (!datas.WriteUint32(tokenID)) { + return; + } + if (!datas.WriteInt32(pid)) { + return; + } + if (!datas.WriteString(permissionName)) { + return; + } + + MessageParcel reply; + MessageOption option(MessageOption::TF_SYNC); + DelayedSingleton::GetInstance()->OnRemoteRequest( + static_cast(IPrivacyManagerIpcCode::COMMAND_STOP_USING_PERMISSION), datas, reply, option); +} - return true; +bool StartUsingPermissionStubFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return false; } + + FuzzedDataProvider provider(data, size); + AccessTokenID tokenID = provider.ConsumeIntegral(); + int32_t pid = provider.ConsumeIntegral(); + std::string permissionName; + int32_t opCode = provider.ConsumeIntegral() % g_permSize; + Constant::TransferOpcodeToPermission(opCode, permissionName); + + StartUsingPermissionStub(tokenID, pid, permissionName); + StopUsingPermissionStub(tokenID, pid, permissionName); + return true; +} } // namespace OHOS /* Fuzzer entry point */ -- Gitee