diff --git a/services/common/app_manager/src/app_status_change_callback.cpp b/services/common/app_manager/src/app_status_change_callback.cpp index a87ced615882fd0cb4d50dfd6214c469f865c627..564aacf52ef4c167e30babe0d46a2a7ba0f2b73b 100644 --- a/services/common/app_manager/src/app_status_change_callback.cpp +++ b/services/common/app_manager/src/app_status_change_callback.cpp @@ -70,8 +70,7 @@ int32_t ApplicationStateObserverStub::OnRemoteRequest( case IApplicationStateObserver::Message::TRANSACT_ON_PAGE_HIDE: case IApplicationStateObserver::Message::TRANSACT_ON_WINDOW_SHOW: case IApplicationStateObserver::Message::TRANSACT_ON_WINDOW_HIDDEN: - case IApplicationStateObserver::Message::TRANSACT_ON_PROCESS_BINDINGRELATION_CHANGED: - { + case IApplicationStateObserver::Message::TRANSACT_ON_PROCESS_BINDINGRELATION_CHANGED: { return NO_ERROR; } default: { diff --git a/test/fuzztest/innerkits/accesstoken/BUILD.gn b/test/fuzztest/innerkits/accesstoken/BUILD.gn index 4f799c5aac3e8d2d7d400e7f604645a8ba02c6c4..af0cdfed914285dea3858c2e7e7339e9dcd3c59e 100644 --- a/test/fuzztest/innerkits/accesstoken/BUILD.gn +++ b/test/fuzztest/innerkits/accesstoken/BUILD.gn @@ -56,13 +56,13 @@ group("fuzztest") { "revokeusergrantedpermission_fuzzer:RevokeUserGrantedPermissionFuzzTest", "setpermdialogcap_fuzzer:SetPermDialogCapFuzzTest", "setpermissionrequesttogglestatus_fuzzer:SetPermissionRequestToggleStatusFuzzTest", + "setpermissionstatuswithpolicy_fuzzer:SetPermissionStatusWithPolicyFuzzTest", "setremotehaptokeninfo_fuzzer:SetRemoteHapTokenInfoFuzzTest", "unregisterpermstatechangecallback_fuzzer:UnRegisterPermStateChangeCallbackFuzzTest", "updatehaptoken_fuzzer:UpdateHapTokenFuzzTest", "verifyaccesstoken001_fuzzer:VerifyAccessToken001FuzzTest", "verifyaccesstoken_fuzzer:VerifyAccessTokenFuzzTest", "verifyaccesstokenwithlist_fuzzer:VerifyAccessTokenWithListFuzzTest", - "setpermissionstatuswithpolicy_fuzzer:SetPermissionStatusWithPolicyFuzzTest", ] if (security_component_enhance_enable) { deps += [ diff --git a/test/fuzztest/innerkits/accesstoken/dumptokeninfo_fuzzer/dumptokeninfo_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/dumptokeninfo_fuzzer/dumptokeninfo_fuzzer.cpp index 9087de6ad26c04e52a1200c1dcf6c1601879406c..a98394fd4ae29659d5bd827794e78f7d4526f45a 100644 --- a/test/fuzztest/innerkits/accesstoken/dumptokeninfo_fuzzer/dumptokeninfo_fuzzer.cpp +++ b/test/fuzztest/innerkits/accesstoken/dumptokeninfo_fuzzer/dumptokeninfo_fuzzer.cpp @@ -15,35 +15,45 @@ #include "dumptokeninfo_fuzzer.h" -#include -#include #include #include -#undef private +#include "access_token.h" #include "accesstoken_kit.h" #include "fuzzer/FuzzedDataProvider.h" using namespace std; using namespace OHOS::Security::AccessToken; +static const vector TYPE_LIST = { + DEFAULT_OPER, + DUMP_TOKEN, + DUMP_RECORD, + DUMP_TYPE, + DUMP_PERM, + PERM_GRANT, + PERM_REVOKE +}; namespace OHOS { - bool DumpTokenInfoFuzzTest(const uint8_t* data, size_t size) - { - if ((data == nullptr) || (size == 0)) { - return false; - } - - FuzzedDataProvider provider(data, size); - AtmToolsParamInfo info = { - .tokenId = provider.ConsumeIntegral(), - }; - - std::string dumpInfo; - AccessTokenKit::DumpTokenInfo(info, dumpInfo); - - return true; +bool DumpTokenInfoFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return false; } + + FuzzedDataProvider provider(data, size); + uint32_t typeIndex = provider.ConsumeIntegral() % static_cast(TYPE_LIST.size()); + OptType type = TYPE_LIST[typeIndex]; + AtmToolsParamInfo info = { + .type = type, + .tokenId = provider.ConsumeIntegral(), + }; + + std::string dumpInfo; + AccessTokenKit::DumpTokenInfo(info, dumpInfo); + + return true; +} } /* Fuzzer entry point */ diff --git a/test/fuzztest/innerkits/accesstoken/registertokensynccallback_fuzzer/registertokensynccallback_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/registertokensynccallback_fuzzer/registertokensynccallback_fuzzer.cpp index c6c53cccc360e8bd489908f55a188768d0d019fe..b60b38c74d7d604319fc03957d3fef9f53a444a9 100644 --- a/test/fuzztest/innerkits/accesstoken/registertokensynccallback_fuzzer/registertokensynccallback_fuzzer.cpp +++ b/test/fuzztest/innerkits/accesstoken/registertokensynccallback_fuzzer/registertokensynccallback_fuzzer.cpp @@ -24,8 +24,7 @@ using namespace std; using namespace OHOS::Security::AccessToken; #ifdef TOKEN_SYNC_ENABLE static constexpr int32_t NUMBER_TWO = 2; -#endif // TOKEN_SYNC_ENABLE - +#endif namespace { class TokenSyncCallback : public TokenSyncKitInterface { public: diff --git a/test/fuzztest/services/accesstoken/BUILD.gn b/test/fuzztest/services/accesstoken/BUILD.gn index e8f7fef4c83435273f7d8d67c14e0a17ea7fbb00..c396cac2793b1b0ed636ff40a4debdbd51e606a5 100644 --- a/test/fuzztest/services/accesstoken/BUILD.gn +++ b/test/fuzztest/services/accesstoken/BUILD.gn @@ -54,6 +54,7 @@ group("fuzztest") { "revokepermissionstub_fuzzer:RevokePermissionStubFuzzTest", "setpermdialogcap_fuzzer:SetPermDialogCapFuzzTest", "setpermissionrequesttogglestatusstub_fuzzer:SetPermissionRequestToggleStatusStubFuzzTest", + "setpermissionstatuswithpolicystub_fuzzer:SetPermissionStatusWithPolicyStubFuzzTest", "setremotehaptokeninfostub_fuzzer:SetRemoteHapTokenInfoStubFuzzTest", "updatehaptokenstub_fuzzer:UpdateHapTokenStubFuzzTest", "updateuserpolicystub_fuzzer:UpdateUserPolicyStubFuzzTest", diff --git a/test/fuzztest/services/accesstoken/istoastshownneededstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/istoastshownneededstub_fuzzer/BUILD.gn index c35d0c5a6f6522eaea8bf05d33587730d9e8a7c8..f8d411f318dc2e0406b9ef7a7d013b9020beefa6 100644 --- a/test/fuzztest/services/accesstoken/istoastshownneededstub_fuzzer/BUILD.gn +++ b/test/fuzztest/services/accesstoken/istoastshownneededstub_fuzzer/BUILD.gn @@ -42,4 +42,8 @@ ohos_fuzztest("IsToastShownNeededStubFuzzTest") { cflags_cc = access_token_cflags_cc sources += access_token_sources + if (security_component_enhance_enable == true) { + cflags_cc += [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] + sources += [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/seccomp/sec_comp_enhance_agent.cpp" ] + } } diff --git a/test/fuzztest/services/accesstoken/setpermissionstatuswithpolicystub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/setpermissionstatuswithpolicystub_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..19d9919e893d3d8fe16e8aa1b316f52cf9352a35 --- /dev/null +++ b/test/fuzztest/services/accesstoken/setpermissionstatuswithpolicystub_fuzzer/BUILD.gn @@ -0,0 +1,50 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//build/config/features.gni") +import("//build/test.gni") +import("../../../../../access_token.gni") +import("../access_token_service_fuzz.gni") + +ohos_fuzztest("SetPermissionStatusWithPolicyStubFuzzTest") { + module_out_path = module_output_path_service_access_token + fuzz_config_file = "." + + sources = [ "setpermissionstatuswithpolicystub_fuzzer.cpp" ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + + include_dirs = access_token_include_dirs + + deps = access_token_deps + + configs = [ + "${access_token_path}/config:coverage_flags", + "${access_token_path}/services/accesstokenmanager/idl:access_token_manager_gen_config", + ] + + external_deps = access_token_external_deps + + cflags_cc = access_token_cflags_cc + + sources += access_token_sources + if (security_component_enhance_enable == true) { + cflags_cc += [ "-DSECURITY_COMPONENT_ENHANCE_ENABLE" ] + sources += [ "${access_token_path}/services/accesstokenmanager/main/cpp/src/seccomp/sec_comp_enhance_agent.cpp" ] + } +} diff --git a/test/fuzztest/services/accesstoken/setpermissionstatuswithpolicystub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/setpermissionstatuswithpolicystub_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..65af8ee8d11bf23407ea34d4de49f7cbb6a2b791 --- /dev/null +++ b/test/fuzztest/services/accesstoken/setpermissionstatuswithpolicystub_fuzzer/corpus/init @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/services/accesstoken/setpermissionstatuswithpolicystub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/setpermissionstatuswithpolicystub_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..66e1dcac475475fb101b6f8670ec699e6e9696aa --- /dev/null +++ b/test/fuzztest/services/accesstoken/setpermissionstatuswithpolicystub_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/services/accesstoken/setpermissionstatuswithpolicystub_fuzzer/setpermissionstatuswithpolicystub_fuzzer.cpp b/test/fuzztest/services/accesstoken/setpermissionstatuswithpolicystub_fuzzer/setpermissionstatuswithpolicystub_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..abab4357af5ba6ac54e5f39d16d521058f8776f8 --- /dev/null +++ b/test/fuzztest/services/accesstoken/setpermissionstatuswithpolicystub_fuzzer/setpermissionstatuswithpolicystub_fuzzer.cpp @@ -0,0 +1,81 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "setpermissionstatuswithpolicystub_fuzzer.h" + +#include + +#include "access_token.h" +#include "accesstoken_manager_service.h" +#include "fuzzer/FuzzedDataProvider.h" +#include "iaccess_token_manager.h" + +using namespace std; +using namespace OHOS::Security::AccessToken; + +const int CONSTANTS_NUMBER_ONE = 1; +const int CONSTANTS_NUMBER_TEN = 10; +const uint32_t MAX_PERMISSION_LIST_SIZE = 1024; +static const int32_t ROOT_UID = 0; + +namespace OHOS { +bool SetPermissionStatusWithPolicyStubFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + return false; + } + + FuzzedDataProvider provider(data, size); + AccessTokenID tokenId = provider.ConsumeIntegral(); + uint32_t permListSize = + provider.ConsumeIntegralInRange(CONSTANTS_NUMBER_ONE, MAX_PERMISSION_LIST_SIZE); + std::vector permissionList; + for (size_t i = 0; i < permListSize; i++) { + std::string permission = provider.ConsumeRandomLengthString(); + if (!permission.empty()) { + permissionList.push_back(permission); + } + } + uint32_t flag = static_cast(TypePermissionFlag::PERMISSION_FIXED_BY_ADMIN_POLICY); + int32_t status = TypePermissionState::PERMISSION_DENIED; + MessageParcel datas; + if (!datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) { + return false; + } + if (!datas.WriteUint32(tokenId) || !datas.WriteStringVector(permissionList) || + !datas.WriteUint32(status) || !datas.WriteInt32(flag)) { + return false; + } + + uint32_t code = static_cast(IAccessTokenManagerIpcCode::COMMAND_SET_PERMISSION_STATUS_WITH_POLICY); + + MessageParcel reply; + MessageOption option; + if (((provider.ConsumeIntegral() % CONSTANTS_NUMBER_TEN) == 0)) { + setuid(CONSTANTS_NUMBER_TEN); + } + DelayedSingleton::GetInstance()->OnRemoteRequest(code, datas, reply, option); + setuid(ROOT_UID); + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::SetPermissionStatusWithPolicyStubFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/services/accesstoken/setpermissionstatuswithpolicystub_fuzzer/setpermissionstatuswithpolicystub_fuzzer.h b/test/fuzztest/services/accesstoken/setpermissionstatuswithpolicystub_fuzzer/setpermissionstatuswithpolicystub_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..100e7a29246df149a5d4a5f4e283f98bf7dcd96e --- /dev/null +++ b/test/fuzztest/services/accesstoken/setpermissionstatuswithpolicystub_fuzzer/setpermissionstatuswithpolicystub_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_SETPERMISSIONSTATUSWITHPOLICYSTUB_FUZZER_H +#define TEST_FUZZTEST_SETPERMISSIONSTATUSWITHPOLICYSTUB_FUZZER_H + +#define FUZZ_PROJECT_NAME "setpermissionstatuswithpolicystub_fuzzer" + +#endif // TEST_FUZZTEST_SETPERMISSIONSTATUSWITHPOLICYSTUB_FUZZER_H