From 480b5c14a51da5a773319b7a59e19adca95c1b6c Mon Sep 17 00:00:00 2001
From: wu-liushuan <wuliushuan.30044128@h-partners.com>
Date: Thu, 3 Jul 2025 20:54:13 +0800
Subject: [PATCH] =?UTF-8?q?fuzz=E7=BB=86=E7=B2=92=E5=BA=A6=E5=B1=8F?=
 =?UTF-8?q?=E8=94=BD20250703?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: wu-liushuan <wuliushuan.30044128@h-partners.com>
Change-Id: Iab0a8989dca438f8a517975533f41e18bd239344
---
 frameworks/common/BUILD.gn                    |  6 +++++
 .../common/src/accesstoken_common_log.cpp     |  6 +++++
 frameworks/common/src/data_validator.cpp      |  6 +++++
 frameworks/common/src/time_util.cpp           |  6 +++++
 interfaces/innerkits/accesstoken/BUILD.gn     |  3 +++
 .../accesstoken/src/accesstoken_callbacks.cpp | 12 ++++++++++
 interfaces/innerkits/nativetoken/BUILD.gn     |  6 +++++
 .../innerkits/nativetoken/src/nativetoken.c   | 12 ++++++++++
 interfaces/innerkits/privacy/BUILD.gn         |  3 +++
 .../privacy/src/privacy_manager_client.cpp    | 18 ++++++++++++++
 interfaces/innerkits/token_setproc/BUILD.gn   |  6 +++++
 .../token_setproc/src/perm_setproc.cpp        |  6 +++++
 .../token_setproc/src/token_setproc.c         |  6 +++++
 services/accesstokenmanager/BUILD.gn          |  4 ++++
 .../callback/accesstoken_callback_proxys.cpp  | 12 ++++++++++
 .../main/cpp/src/dfx/hisysevent_adapter.cpp   |  6 +++++
 .../src/permission/permission_validator.cpp   | 18 ++++++++++++++
 .../src/permission/short_grant_manager.cpp    | 12 ++++++++++
 .../service/accesstoken_manager_service.cpp   | 18 ++++++++++++++
 services/common/BUILD.gn                      |  3 +++
 .../src/app_manager_access_client.cpp         | 24 +++++++++++++++++++
 services/privacymanager/BUILD.gn              |  4 ++++
 .../src/service/privacy_manager_service.cpp   | 24 +++++++++++++++++++
 .../accesstoken/access_token_service_fuzz.gni |  4 ++++
 .../accesstoken/access_token_service_fuzz.gni |  4 ++++
 .../services/privacy/privacy_service_fuzz.gni |  4 ++++
 26 files changed, 233 insertions(+)

diff --git a/frameworks/common/BUILD.gn b/frameworks/common/BUILD.gn
index 41fcfa310..b87867b38 100644
--- a/frameworks/common/BUILD.gn
+++ b/frameworks/common/BUILD.gn
@@ -79,6 +79,9 @@ ohos_static_library("accesstoken_static_log") {
   ]
 
   cflags_cc = [ "-DHILOG_ENABLE" ]
+  if (use_libfuzzer) {
+    cflags_cc += [ "-DFUZZ_TEST" ]
+  }
 }
 
 ohos_shared_library("accesstoken_common_cxx") {
@@ -128,4 +131,7 @@ ohos_shared_library("accesstoken_common_cxx") {
   ]
 
   cflags_cc = [ "-DHILOG_ENABLE" ]
+  if (use_libfuzzer) {
+    cflags_cc += [ "-DFUZZ_TEST" ]
+  }
 }
diff --git a/frameworks/common/src/accesstoken_common_log.cpp b/frameworks/common/src/accesstoken_common_log.cpp
index 47f6fa8e8..5ac9e486d 100644
--- a/frameworks/common/src/accesstoken_common_log.cpp
+++ b/frameworks/common/src/accesstoken_common_log.cpp
@@ -47,6 +47,9 @@ void ClearThreadErrorMsg(void)
     g_msgLen = 0;
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 void AppendThreadErrMsg(unsigned int domain, const char *tag,
     const uint8_t *buff, uint32_t buffLen)
 {
@@ -62,6 +65,9 @@ void AppendThreadErrMsg(unsigned int domain, const char *tag,
     }
     g_msgLen += buffLen;
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 static bool ReplaceSubstring(unsigned int domain, const char *tag,
     const char *format, char result[MAX_ERROR_MESSAGE_LEN])
diff --git a/frameworks/common/src/data_validator.cpp b/frameworks/common/src/data_validator.cpp
index 329636c47..023edd999 100644
--- a/frameworks/common/src/data_validator.cpp
+++ b/frameworks/common/src/data_validator.cpp
@@ -34,6 +34,9 @@ bool DataValidator::IsBundleNameValid(const std::string& bundleName)
     return ret;
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 bool DataValidator::IsLabelValid(const std::string& label)
 {
     bool ret = (label.length() <= MAX_LENGTH);
@@ -51,6 +54,9 @@ bool DataValidator::IsDescValid(const std::string& desc)
     }
     return ret;
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 bool DataValidator::IsPermissionNameValid(const std::string& permissionName)
 {
diff --git a/frameworks/common/src/time_util.cpp b/frameworks/common/src/time_util.cpp
index 6f8f7a0ed..6699c4fac 100644
--- a/frameworks/common/src/time_util.cpp
+++ b/frameworks/common/src/time_util.cpp
@@ -31,6 +31,9 @@ int64_t TimeUtil::GetCurrentTimestamp()
     return timestamp;
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 bool TimeUtil::IsTimeStampsSameMinute(int64_t timeStamp1, int64_t timeStamp2)
 {
     struct tm t1 = {0};
@@ -43,6 +46,9 @@ bool TimeUtil::IsTimeStampsSameMinute(int64_t timeStamp1, int64_t timeStamp2)
 
     return t1.tm_min == t2.tm_min;
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 } // namespace AccessToken
 } // namespace Security
 } // namespace OHOS
diff --git a/interfaces/innerkits/accesstoken/BUILD.gn b/interfaces/innerkits/accesstoken/BUILD.gn
index e330621df..ac3b1cd51 100644
--- a/interfaces/innerkits/accesstoken/BUILD.gn
+++ b/interfaces/innerkits/accesstoken/BUILD.gn
@@ -96,6 +96,9 @@ if (is_standard_system) {
     if (security_component_enhance_enable == true) {
       cflags_cc += [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ]
     }
+    if (use_libfuzzer) {
+      cflags_cc += [ "-DFUZZ_TEST" ]
+    }
   }
 }
 
diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_callbacks.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_callbacks.cpp
index b9c4372ec..48dddd2b7 100644
--- a/interfaces/innerkits/accesstoken/src/accesstoken_callbacks.cpp
+++ b/interfaces/innerkits/accesstoken/src/accesstoken_callbacks.cpp
@@ -30,6 +30,9 @@ PermissionStateChangeCallback::PermissionStateChangeCallback(
 PermissionStateChangeCallback::~PermissionStateChangeCallback()
 {}
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 void PermissionStateChangeCallback::PermStateChangeCallback(PermStateChangeInfo& result)
 {
     if (customizedCallback_ == nullptr) {
@@ -42,6 +45,9 @@ void PermissionStateChangeCallback::PermStateChangeCallback(PermStateChangeInfo&
 
 void PermissionStateChangeCallback::Stop()
 {}
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 #ifdef TOKEN_SYNC_ENABLE
 TokenSyncCallback::TokenSyncCallback(const std::shared_ptr<TokenSyncKitInterface>& tokenSyncCallback)
@@ -51,6 +57,9 @@ TokenSyncCallback::TokenSyncCallback(const std::shared_ptr<TokenSyncKitInterface
 TokenSyncCallback::~TokenSyncCallback()
 {}
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 int32_t TokenSyncCallback::GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID)
 {
     if (tokenSyncCallback_ == nullptr) {
@@ -77,6 +86,9 @@ int32_t TokenSyncCallback::UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& t
     }
     return tokenSyncCallback_->UpdateRemoteHapTokenInfo(tokenInfo);
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 #endif // TOKEN_SYNC_ENABLE
 } // namespace AccessToken
 } // namespace Security
diff --git a/interfaces/innerkits/nativetoken/BUILD.gn b/interfaces/innerkits/nativetoken/BUILD.gn
index 1caeae894..0e85fd3b7 100644
--- a/interfaces/innerkits/nativetoken/BUILD.gn
+++ b/interfaces/innerkits/nativetoken/BUILD.gn
@@ -52,6 +52,9 @@ if (is_standard_system) {
       external_deps += [ "selinux_adapter:librestorecon" ]
       cflags += [ "-DWITH_SELINUX" ]
     }
+    if (use_libfuzzer) {
+      cflags += [ "-DFUZZ_TEST" ]
+    }
   }
 
   ohos_shared_library("libnativetoken_shared") {
@@ -87,5 +90,8 @@ if (is_standard_system) {
       external_deps += [ "selinux_adapter:librestorecon" ]
       cflags += [ "-DWITH_SELINUX" ]
     }
+    if (use_libfuzzer) {
+      cflags += [ "-DFUZZ_TEST" ]
+    }
   }
 }
diff --git a/interfaces/innerkits/nativetoken/src/nativetoken.c b/interfaces/innerkits/nativetoken/src/nativetoken.c
index 093694088..76d387cab 100644
--- a/interfaces/innerkits/nativetoken/src/nativetoken.c
+++ b/interfaces/innerkits/nativetoken/src/nativetoken.c
@@ -136,6 +136,9 @@ static int32_t GetNativeTokenFromJson(cJSON *cjsonItem, NativeTokenList *tokenNo
     return ATRET_SUCCESS;
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 static void FreeTokenNode(NativeTokenList **node)
 {
     if (node == NULL || *node == NULL) {
@@ -177,6 +180,9 @@ static void FreeTokenList(void)
     }
     g_tokenListHead->next = NULL;
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 static int32_t GetTokenList(const cJSON *object)
 {
@@ -241,6 +247,9 @@ static int32_t ParseTokenInfo(void)
     return ret;
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 static int32_t ClearOrCreateCfgFile(void)
 {
     int32_t fd = open(TOKEN_ID_CFG_FILE_PATH, O_RDWR | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR | S_IRGRP);
@@ -269,6 +278,9 @@ static int32_t ClearOrCreateCfgFile(void)
 
     return ATRET_SUCCESS;
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 int32_t AtlibInit(void)
 {
diff --git a/interfaces/innerkits/privacy/BUILD.gn b/interfaces/innerkits/privacy/BUILD.gn
index d1ae53460..4c4273335 100644
--- a/interfaces/innerkits/privacy/BUILD.gn
+++ b/interfaces/innerkits/privacy/BUILD.gn
@@ -85,5 +85,8 @@ if (is_standard_system) {
       "-DHILOG_ENABLE",
       "-DDEBUG_API_PERFORMANCE",
     ]
+    if (use_libfuzzer) {
+      cflags_cc += [ "-DFUZZ_TEST" ]
+    }
   }
 }
diff --git a/interfaces/innerkits/privacy/src/privacy_manager_client.cpp b/interfaces/innerkits/privacy/src/privacy_manager_client.cpp
index 252571abf..ef3d1a02b 100644
--- a/interfaces/innerkits/privacy/src/privacy_manager_client.cpp
+++ b/interfaces/innerkits/privacy/src/privacy_manager_client.cpp
@@ -47,12 +47,18 @@ PrivacyManagerClient& PrivacyManagerClient::GetInstance()
 PrivacyManagerClient::PrivacyManagerClient()
 {}
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 PrivacyManagerClient::~PrivacyManagerClient()
 {
     LOGE(PRI_DOMAIN, PRI_TAG, "~PrivacyManagerClient");
     std::lock_guard<std::mutex> lock(proxyMutex_);
     ReleaseProxy();
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 static int32_t ConvertResult(int32_t ret)
 {
@@ -423,12 +429,18 @@ void PrivacyManagerClient::InitProxy()
     }
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 void PrivacyManagerClient::OnRemoteDiedHandle()
 {
     std::lock_guard<std::mutex> lock(proxyMutex_);
     ReleaseProxy();
     InitProxy();
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 sptr<IPrivacyManager> PrivacyManagerClient::GetProxy()
 {
@@ -439,6 +451,9 @@ sptr<IPrivacyManager> PrivacyManagerClient::GetProxy()
     return proxy_;
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 void PrivacyManagerClient::ReleaseProxy()
 {
     if (proxy_ != nullptr && serviceDeathObserver_ != nullptr) {
@@ -447,6 +462,9 @@ void PrivacyManagerClient::ReleaseProxy()
     proxy_ = nullptr;
     serviceDeathObserver_ = nullptr;
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 sptr<ProxyDeathCallBackStub> PrivacyManagerClient::GetAnonyStub()
 {
diff --git a/interfaces/innerkits/token_setproc/BUILD.gn b/interfaces/innerkits/token_setproc/BUILD.gn
index 0b0d7d83a..180e923d6 100644
--- a/interfaces/innerkits/token_setproc/BUILD.gn
+++ b/interfaces/innerkits/token_setproc/BUILD.gn
@@ -32,6 +32,9 @@ if (is_standard_system) {
     include_dirs = [ "src" ]
 
     sources = [ "src/token_setproc.c" ]
+    if (use_libfuzzer) {
+      cflags = [ "-DFUZZ_TEST" ]
+    }
   }
 
   ohos_shared_library("libtokensetproc_shared") {
@@ -52,6 +55,9 @@ if (is_standard_system) {
     include_dirs = [ "src" ]
 
     sources = [ "src/token_setproc.c" ]
+    if (use_libfuzzer) {
+      cflags = [ "-DFUZZ_TEST" ]
+    }
   }
 
   ohos_static_library("libperm_setproc") {
diff --git a/interfaces/innerkits/token_setproc/src/perm_setproc.cpp b/interfaces/innerkits/token_setproc/src/perm_setproc.cpp
index 0aeea7f00..01d5b1633 100644
--- a/interfaces/innerkits/token_setproc/src/perm_setproc.cpp
+++ b/interfaces/innerkits/token_setproc/src/perm_setproc.cpp
@@ -101,6 +101,9 @@ int32_t RemovePermissionFromKernel(uint32_t tokenID)
     return ACCESS_TOKEN_OK;
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 int32_t SetPermissionToKernel(uint32_t tokenID, int32_t opCode, bool status)
 {
     struct IoctlSetGetPermData data = {
@@ -122,6 +125,9 @@ int32_t SetPermissionToKernel(uint32_t tokenID, int32_t opCode, bool status)
 
     return ACCESS_TOKEN_OK;
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 int32_t GetPermissionFromKernel(uint32_t tokenID, int32_t opCode, bool& isGranted)
 {
diff --git a/interfaces/innerkits/token_setproc/src/token_setproc.c b/interfaces/innerkits/token_setproc/src/token_setproc.c
index a5620d1de..e14cf1134 100644
--- a/interfaces/innerkits/token_setproc/src/token_setproc.c
+++ b/interfaces/innerkits/token_setproc/src/token_setproc.c
@@ -71,6 +71,9 @@ int SetSelfTokenID(uint64_t tokenID)
     return ACCESS_TOKEN_OK;
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 uint64_t GetFirstCallerTokenID(void)
 {
     uint64_t token = INVAL_TOKEN_ID;
@@ -88,6 +91,9 @@ uint64_t GetFirstCallerTokenID(void)
     fdsan_close_with_tag(fd, SET_PROC_FD_TAG);
     return token;
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 int SetFirstCallerTokenID(uint64_t tokenID)
 {
diff --git a/services/accesstokenmanager/BUILD.gn b/services/accesstokenmanager/BUILD.gn
index 7c610f064..ca6ae10b3 100644
--- a/services/accesstokenmanager/BUILD.gn
+++ b/services/accesstokenmanager/BUILD.gn
@@ -199,5 +199,9 @@ if (is_standard_system) {
     if ("${target_platform}" == "watch" || "${target_platform}" == "wearable") {
       cflags_cc += [ "-DDYNAMIC_CLOSE_LIBS" ]
     }
+
+    if (use_libfuzzer) {
+      cflags_cc += [ "-DFUZZ_TEST" ]
+    }
   }
 }
diff --git a/services/accesstokenmanager/main/cpp/src/callback/accesstoken_callback_proxys.cpp b/services/accesstokenmanager/main/cpp/src/callback/accesstoken_callback_proxys.cpp
index 7addfb80f..121df383a 100644
--- a/services/accesstokenmanager/main/cpp/src/callback/accesstoken_callback_proxys.cpp
+++ b/services/accesstokenmanager/main/cpp/src/callback/accesstoken_callback_proxys.cpp
@@ -36,6 +36,9 @@ PermissionStateChangeCallbackProxy::PermissionStateChangeCallbackProxy(const spt
 PermissionStateChangeCallbackProxy::~PermissionStateChangeCallbackProxy()
 {}
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 void PermissionStateChangeCallbackProxy::PermStateChangeCallback(PermStateChangeInfo& result)
 {
     MessageParcel data;
@@ -67,6 +70,9 @@ void PermissionStateChangeCallbackProxy::PermStateChangeCallback(PermStateChange
 
     LOGI(ATM_DOMAIN, ATM_TAG, "SendRequest success");
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 #ifdef TOKEN_SYNC_ENABLE
 TokenSyncCallbackProxy::TokenSyncCallbackProxy(const sptr<IRemoteObject>& impl)
@@ -76,6 +82,9 @@ TokenSyncCallbackProxy::TokenSyncCallbackProxy(const sptr<IRemoteObject>& impl)
 TokenSyncCallbackProxy::~TokenSyncCallbackProxy()
 {}
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 int32_t TokenSyncCallbackProxy::GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID)
 {
     MessageParcel data;
@@ -177,6 +186,9 @@ int32_t TokenSyncCallbackProxy::UpdateRemoteHapTokenInfo(const HapTokenInfoForSy
     LOGI(ATM_DOMAIN, ATM_TAG, "Get result from callback, data = %{public}d", result);
     return result;
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 #endif // TOKEN_SYNC_ENABLE
 } // namespace AccessToken
 } // namespace Security
diff --git a/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp b/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp
index f13756be4..1ef18e189 100644
--- a/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp
+++ b/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp
@@ -51,6 +51,9 @@ void ReportSysEventServiceStart(const AccessTokenDfxInfo& info)
     }
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 void ReportSysEventServiceStartError(SceneCode scene, const std::string& errMsg, int32_t errCode)
 {
     int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "ACCESSTOKEN_SERVICE_START_ERROR",
@@ -59,6 +62,9 @@ void ReportSysEventServiceStartError(SceneCode scene, const std::string& errMsg,
         LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write hisysevent write, ret %{public}d.", ret);
     }
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 void ReportSysCommonEventError(int32_t ipcCode, int32_t errCode)
 {
diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp
index 941fafe1f..7be446082 100644
--- a/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp
+++ b/services/accesstokenmanager/main/cpp/src/permission/permission_validator.cpp
@@ -25,10 +25,16 @@ namespace OHOS {
 namespace Security {
 namespace AccessToken {
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 bool PermissionValidator::IsGrantModeValid(int grantMode)
 {
     return grantMode == GrantMode::SYSTEM_GRANT || grantMode == GrantMode::USER_GRANT;
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 bool PermissionValidator::IsGrantStatusValid(int grantStatus)
 {
@@ -55,6 +61,9 @@ bool PermissionValidator::IsToggleStatusValid(const uint32_t status)
     return DataValidator::IsToggleStatusValid(status);
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 bool PermissionValidator::IsPermissionDefValid(const PermissionDef& permDef)
 {
     if (!DataValidator::IsLabelValid(permDef.label)) {
@@ -87,6 +96,9 @@ bool PermissionValidator::IsPermissionDefValid(const PermissionDef& permDef)
     }
     return true;
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 bool PermissionValidator::IsPermissionAvailable(ATokenTypeEnum tokenType, const std::string& permissionName)
 {
@@ -113,6 +125,9 @@ bool PermissionValidator::IsPermissionStateValid(const PermissionStatus& permSta
     return true;
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 void PermissionValidator::FilterInvalidPermissionDef(
     const std::vector<PermissionDef>& permList, std::vector<PermissionDef>& result)
 {
@@ -126,6 +141,9 @@ void PermissionValidator::FilterInvalidPermissionDef(
         result.emplace_back(*it);
     }
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 void PermissionValidator::FilterInvalidPermissionState(ATokenTypeEnum tokenType, bool doPermAvailableCheck,
     const std::vector<PermissionStatus>& permList, std::vector<PermissionStatus>& result)
diff --git a/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp
index 66554b8e7..82d701e2b 100644
--- a/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp
+++ b/services/accesstokenmanager/main/cpp/src/permission/short_grant_manager.cpp
@@ -49,6 +49,9 @@ ShortGrantManager& ShortGrantManager::GetInstance()
     return *instance;
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 void ShortPermAppManagerDeathCallback::NotifyAppManagerDeath()
 {
     LOGI(ATM_DOMAIN, ATM_TAG, "ShortGrantManager AppManagerDeath called");
@@ -89,6 +92,9 @@ ShortGrantManager::~ShortGrantManager()
 {
     UnRegisterAppStopListener();
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 #ifdef EVENTHANDLER_ENABLE
 void ShortGrantManager::InitEventHandler()
@@ -184,6 +190,9 @@ int ShortGrantManager::RefreshPermission(AccessTokenID tokenID, const std::strin
     return RET_SUCCESS;
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 void ShortGrantManager::ClearShortPermissionData(AccessTokenID tokenID, const std::string& permission)
 {
     std::unique_lock<std::mutex> lck(shortGrantDataMutex_);
@@ -314,6 +323,9 @@ void ShortGrantManager::UnRegisterAppStopListener()
         appStopCallBack_= nullptr;
     }
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 ShortGrantManager::ShortGrantManager() : maxTime_(DEFAULT_MAX_TIME_MILLISECONDS)
 {}
diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp
index b4a333560..a54c6f936 100644
--- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp
+++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp
@@ -111,6 +111,9 @@ AccessTokenManagerService::~AccessTokenManagerService()
     LOGI(ATM_DOMAIN, ATM_TAG, "~AccessTokenManagerService()");
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 void AccessTokenManagerService::OnStart()
 {
     if (state_ == ServiceRunningState::STATE_RUNNING) {
@@ -159,6 +162,9 @@ void AccessTokenManagerService::OnRemoveSystemAbility(int32_t systemAbilityId, c
         return;
     }
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 int32_t AccessTokenManagerService::GetPermissionUsedType(
     AccessTokenID tokenID, const std::string& permissionName, int32_t& permUsedType)
@@ -1252,6 +1258,9 @@ int32_t AccessTokenManagerService::ClearUserPolicy()
     return AccessTokenInfoManager::GetInstance().ClearUserPolicy();
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 int AccessTokenManagerService::Dump(int fd, const std::vector<std::u16string>& args)
 {
     if (fd < 0) {
@@ -1286,6 +1295,9 @@ int AccessTokenManagerService::Dump(int fd, const std::vector<std::u16string>& a
     }
     return ERR_OK;
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 void AccessTokenManagerService::AccessTokenServiceParamSet() const
 {
@@ -1302,6 +1314,9 @@ void AccessTokenManagerService::AccessTokenServiceParamSet() const
     }
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 void AccessTokenManagerService::SetFlagIfNeed(const AccessTokenServiceConfig& atConfig,
     int32_t& cancelTime, uint32_t& parseConfigFlag)
 {
@@ -1336,6 +1351,9 @@ void AccessTokenManagerService::SetFlagIfNeed(const AccessTokenServiceConfig& at
         parseConfigFlag |= 0x1 << BITMAP_INDEX_6;
     }
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 void AccessTokenManagerService::GetConfigValue(uint32_t& parseConfigFlag)
 {
diff --git a/services/common/BUILD.gn b/services/common/BUILD.gn
index 08003e2a9..4f44d3a8a 100644
--- a/services/common/BUILD.gn
+++ b/services/common/BUILD.gn
@@ -90,6 +90,9 @@ ohos_static_library("accesstoken_service_common") {
       cflags_cc += [ "-DCONFIG_USE_JEMALLOC_DFX_INTF" ]
     }
   }
+  if (use_libfuzzer) {
+    cflags_cc += [ "-DFUZZ_TEST" ]
+  }
 }
 
 group("accesstoken_common") {
diff --git a/services/common/app_manager/src/app_manager_access_client.cpp b/services/common/app_manager/src/app_manager_access_client.cpp
index 374f3e86d..92fcbe7f8 100644
--- a/services/common/app_manager/src/app_manager_access_client.cpp
+++ b/services/common/app_manager/src/app_manager_access_client.cpp
@@ -45,11 +45,17 @@ AppManagerAccessClient& AppManagerAccessClient::GetInstance()
 AppManagerAccessClient::AppManagerAccessClient()
 {}
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 AppManagerAccessClient::~AppManagerAccessClient()
 {
     std::lock_guard<std::mutex> lock(proxyMutex_);
     ReleaseProxy();
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 int32_t AppManagerAccessClient::RegisterApplicationStateObserver(const sptr<IApplicationStateObserver>& observer)
 {
@@ -90,6 +96,9 @@ int32_t AppManagerAccessClient::RegisterApplicationStateObserver(const sptr<IApp
     return reply.ReadInt32();
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 int32_t AppManagerAccessClient::UnregisterApplicationStateObserver(const sptr<IApplicationStateObserver> &observer)
 {
     if (observer == nullptr) {
@@ -157,6 +166,9 @@ int32_t AppManagerAccessClient::GetForegroundApplications(std::vector<AppStateDa
     }
     return reply.ReadInt32();
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 void AppManagerAccessClient::InitProxy()
 {
@@ -180,6 +192,9 @@ void AppManagerAccessClient::InitProxy()
     proxy_ = appManagerSa;
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 void AppManagerAccessClient::RegisterDeathCallback(const std::shared_ptr<AppManagerDeathCallback>& callback)
 {
     std::lock_guard<std::mutex> lock(deathCallbackMutex_);
@@ -206,6 +221,9 @@ void AppManagerAccessClient::OnRemoteDiedHandle()
         ReleaseProxy();
     }
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 sptr<IRemoteObject> AppManagerAccessClient::GetProxy()
 {
@@ -216,6 +234,9 @@ sptr<IRemoteObject> AppManagerAccessClient::GetProxy()
     return proxy_;
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 void AppManagerAccessClient::ReleaseProxy()
 {
     if (proxy_ != nullptr && serviceDeathObserver_ != nullptr) {
@@ -230,6 +251,9 @@ void AppManagerAccessClient::AppMgrDeathRecipient::OnRemoteDied(const wptr<IRemo
     LOGI(ATM_DOMAIN, ATM_TAG, "%{public}s called", __func__);
     AppManagerAccessClient::GetInstance().OnRemoteDiedHandle();
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 } // namespace AccessToken
 } // namespace Security
 } // namespace OHOS
diff --git a/services/privacymanager/BUILD.gn b/services/privacymanager/BUILD.gn
index 3918d3409..a59940e98 100644
--- a/services/privacymanager/BUILD.gn
+++ b/services/privacymanager/BUILD.gn
@@ -263,5 +263,9 @@ if (is_standard_system && ability_base_enable == true) {
       include_dirs +=
           [ "${access_token_path}/services/common/ability_manager/include" ]
     }
+
+    if (use_libfuzzer) {
+      cflags_cc += [ "-DFUZZ_TEST" ]
+    }
   }
 }
diff --git a/services/privacymanager/src/service/privacy_manager_service.cpp b/services/privacymanager/src/service/privacy_manager_service.cpp
index d9902374e..6e99c41d0 100644
--- a/services/privacymanager/src/service/privacy_manager_service.cpp
+++ b/services/privacymanager/src/service/privacy_manager_service.cpp
@@ -67,6 +67,9 @@ PrivacyManagerService::~PrivacyManagerService()
 #endif //COMMON_EVENT_SERVICE_ENABLE
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 void PrivacyManagerService::OnStart()
 {
     if (state_ == ServiceRunningState::STATE_RUNNING) {
@@ -96,6 +99,9 @@ void PrivacyManagerService::OnStop()
     LOGI(PRI_DOMAIN, PRI_TAG, "Stop service");
     state_ = ServiceRunningState::STATE_NOT_START;
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 int32_t PrivacyManagerService::AddPermissionUsedRecord(const AddPermParamInfoParcel& infoParcel)
 {
@@ -147,6 +153,9 @@ int32_t PrivacyManagerService::GetPermissionUsedRecordToggleStatus(int32_t userI
     return PermissionRecordManager::GetInstance().GetPermissionUsedRecordToggleStatus(userID, status);
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 std::shared_ptr<ProxyDeathHandler> PrivacyManagerService::GetProxyDeathHandler()
 {
     std::lock_guard<std::mutex> lock(deathHandlerMutex_);
@@ -189,6 +198,9 @@ void PrivacyManagerService::ReleaseDeathStub(int32_t callerPid)
     }
     handler->ReleaseProxyByParam(param);
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 int32_t PrivacyManagerService::StartUsingPermission(
     const PermissionUsedTypeInfoParcel &infoParcel, const sptr<IRemoteObject>& anonyStub)
@@ -325,6 +337,9 @@ int32_t PrivacyManagerService::RegisterPermActiveStatusCallback(
         IPCSkeleton::GetCallingTokenID(), permList, callback);
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 int32_t PrivacyManagerService::ResponseDumpCommand(int32_t fd, const std::vector<std::u16string>& args)
 {
     if (args.size() < 2) { // 2 :need two args 0:command 1:tokenId
@@ -391,6 +406,9 @@ int32_t PrivacyManagerService::Dump(int32_t fd, const std::vector<std::u16string
     }
     return ret;
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 int32_t PrivacyManagerService::UnRegisterPermActiveStatusCallback(const sptr<IRemoteObject>& callback)
 {
@@ -483,6 +501,9 @@ int32_t PrivacyManagerService::GetPermissionUsedTypeInfos(const AccessTokenID to
     return RET_SUCCESS;
 }
 
+#ifdef FUZZ_TEST
+// LCOV_EXCL_START
+#endif
 void PrivacyManagerService::OnAddSystemAbility(int32_t systemAbilityId, const std::string& deviceId)
 {
     LOGI(PRI_DOMAIN, PRI_TAG, "saId is %{public}d", systemAbilityId);
@@ -515,6 +536,9 @@ bool PrivacyManagerService::Initialize()
     ReportPrivacyUserData();
     return true;
 }
+#ifdef FUZZ_TEST
+// LCOV_EXCL_STOP
+#endif
 
 bool PrivacyManagerService::IsPrivilegedCalling() const
 {
diff --git a/test/fuzztest/normalize_service/accesstoken/access_token_service_fuzz.gni b/test/fuzztest/normalize_service/accesstoken/access_token_service_fuzz.gni
index 1fcbd5d35..e5e32d945 100644
--- a/test/fuzztest/normalize_service/accesstoken/access_token_service_fuzz.gni
+++ b/test/fuzztest/normalize_service/accesstoken/access_token_service_fuzz.gni
@@ -179,3 +179,7 @@ if (memory_manager_enable == true) {
   access_token_cflags_cc += [ "-DMEMORY_MANAGER_ENABLE" ]
   access_token_external_deps += [ "memmgr:memmgrclient" ]
 }
+
+if (use_libfuzzer) {
+  access_token_cflags_cc += [ "-DFUZZ_TEST" ]
+}
diff --git a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni
index 97dd8f273..0f08cbfd7 100644
--- a/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni
+++ b/test/fuzztest/services/accesstoken/access_token_service_fuzz.gni
@@ -179,3 +179,7 @@ if (memory_manager_enable == true) {
   access_token_cflags_cc += [ "-DMEMORY_MANAGER_ENABLE" ]
   access_token_external_deps += [ "memmgr:memmgrclient" ]
 }
+
+if (use_libfuzzer) {
+  access_token_cflags_cc += [ "-DFUZZ_TEST" ]
+}
diff --git a/test/fuzztest/services/privacy/privacy_service_fuzz.gni b/test/fuzztest/services/privacy/privacy_service_fuzz.gni
index f833e8657..bb076181a 100644
--- a/test/fuzztest/services/privacy/privacy_service_fuzz.gni
+++ b/test/fuzztest/services/privacy/privacy_service_fuzz.gni
@@ -149,3 +149,7 @@ if (camera_framework_enable) {
   privacy_cflags_cc += [ "-DCAMERA_FRAMEWORK_ENABLE" ]
   privacy_external_deps += [ "camera_framework:camera_framework" ]
 }
+
+if (use_libfuzzer) {
+  privacy_cflags_cc += [ "-DFUZZ_TEST" ]
+}
-- 
Gitee