From 55f676066efc038ec7d12530094728d4809edd1e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B9=BE=E9=98=B3=E7=86=A0?= Date: Wed, 11 Jun 2025 10:57:17 +0000 Subject: [PATCH 1/5] =?UTF-8?q?Signed-off-by:=20=E4=B9=BE=E9=98=B3?= =?UTF-8?q?=E7=86=A0=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 乾阳熠 --- .../addparamentry_fuzzer.cpp | 68 +++++++++++++++++++ .../addparamentry_fuzzer.h | 20 ++++++ .../fuzztest/addparamentry_fuzzer/corpus/init | 16 +++++ .../fuzztest/addparamentry_fuzzer/project.xml | 25 +++++++ 4 files changed, 129 insertions(+) create mode 100644 test/fuzztest/addparamentry_fuzzer/addparamentry_fuzzer.cpp create mode 100644 test/fuzztest/addparamentry_fuzzer/addparamentry_fuzzer.h create mode 100644 test/fuzztest/addparamentry_fuzzer/corpus/init create mode 100644 test/fuzztest/addparamentry_fuzzer/project.xml diff --git a/test/fuzztest/addparamentry_fuzzer/addparamentry_fuzzer.cpp b/test/fuzztest/addparamentry_fuzzer/addparamentry_fuzzer.cpp new file mode 100644 index 000000000..b139e9cfe --- /dev/null +++ b/test/fuzztest/addparamentry_fuzzer/addparamentry_fuzzer.cpp @@ -0,0 +1,68 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "addparamentry_fuzzer.h" +#include +#include +#include "param_trie.h" +#include "param_manager.h" +#include "securec.h" + + +namespace OHOS { + bool FuzzAddParamEntry(const uint8_t* data, size_t size) + { + if (size < 2) { + return false; + } + + size_t split_pos = size / 2; + if (split_pos == 0) { + split_pos = 1; + } + + std::unique_ptr name(new char[split_pos + 1]); + if (memcpy_s(name.get(), split_pos + 1, data, split_pos) != 0) { + return false; + } + name[split_pos] = '\0'; + + size_t value_size = size - split_pos; + std::unique_ptr value(new char[value_size + 1]); + if (memcpy_s(value.get(), value_size + 1, data + split_pos, value_size) != 0) { + return false; + } + value[value_size] = '\0'; + + uint32_t index = 0; + if (memcpy_s(&index, sizeof(uint32_t), data, sizeof(uint32_t)) != 0) { + index = 0; + } + index %= 1000; + + uint8_t type = 0; + if (size > 0) { + type = data[0] % 5; + } + + return (AddParamEntry(index, type, name.get(), value.get()) == 0); + } +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + OHOS::FuzzAddParamEntry(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/addparamentry_fuzzer/addparamentry_fuzzer.h b/test/fuzztest/addparamentry_fuzzer/addparamentry_fuzzer.h new file mode 100644 index 000000000..72d69b470 --- /dev/null +++ b/test/fuzztest/addparamentry_fuzzer/addparamentry_fuzzer.h @@ -0,0 +1,20 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_ADD_PARAM_ENTRY_H +#define TEST_FUZZTEST_ADD_PARAM_ENTRY_H +#include "fuzz_utils.h" +#define FUZZ_PROJECT_NAME "addparamentry_fuzzer" +#endif \ No newline at end of file diff --git a/test/fuzztest/addparamentry_fuzzer/corpus/init b/test/fuzztest/addparamentry_fuzzer/corpus/init new file mode 100644 index 000000000..8eb5a7d6e --- /dev/null +++ b/test/fuzztest/addparamentry_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/addparamentry_fuzzer/project.xml b/test/fuzztest/addparamentry_fuzzer/project.xml new file mode 100644 index 000000000..949d03efd --- /dev/null +++ b/test/fuzztest/addparamentry_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 100 + + 30 + + 2048 + + -- Gitee From baeff63aeed8db8f079c7b87e2c04ee2338ba064 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B9=BE=E9=98=B3=E7=86=A0?= Date: Wed, 11 Jun 2025 10:58:40 +0000 Subject: [PATCH 2/5] =?UTF-8?q?Signed-off-by:=20=E4=B9=BE=E9=98=B3?= =?UTF-8?q?=E7=86=A0=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 乾阳熠 --- .../addparamsecuritynode_fuzzer.cpp | 51 +++++++++++++++++ .../addparamsecuritynode_fuzzer.h | 20 +++++++ .../addparamsecuritynode_fuzzer/corpus/init | 16 ++++++ .../addparamsecuritynode_fuzzer/project.xml | 25 ++++++++ .../addsecuritylabel_fuzzer.cpp | 57 +++++++++++++++++++ .../addsecuritylabel_fuzzer.h | 20 +++++++ .../addsecuritylabel_fuzzer/corpus/init | 16 ++++++ .../addsecuritylabel_fuzzer/project.xml | 25 ++++++++ .../checkappwatchpermission_fuzzer.cpp | 43 ++++++++++++++ .../checkappwatchpermission_fuzzer.h | 20 +++++++ .../corpus/init | 16 ++++++ .../project.xml | 25 ++++++++ .../fuzztest/initworkspace_fuzzer/corpus/init | 16 ++++++ .../initworkspace_fuzzer.cpp | 53 +++++++++++++++++ .../initworkspace_fuzzer.h | 20 +++++++ .../fuzztest/initworkspace_fuzzer/project.xml | 25 ++++++++ 16 files changed, 448 insertions(+) create mode 100644 test/fuzztest/addparamsecuritynode_fuzzer/addparamsecuritynode_fuzzer.cpp create mode 100644 test/fuzztest/addparamsecuritynode_fuzzer/addparamsecuritynode_fuzzer.h create mode 100644 test/fuzztest/addparamsecuritynode_fuzzer/corpus/init create mode 100644 test/fuzztest/addparamsecuritynode_fuzzer/project.xml create mode 100644 test/fuzztest/addsecuritylabel_fuzzer/addsecuritylabel_fuzzer.cpp create mode 100644 test/fuzztest/addsecuritylabel_fuzzer/addsecuritylabel_fuzzer.h create mode 100644 test/fuzztest/addsecuritylabel_fuzzer/corpus/init create mode 100644 test/fuzztest/addsecuritylabel_fuzzer/project.xml create mode 100644 test/fuzztest/checkappwatchpermission_fuzzer/checkappwatchpermission_fuzzer.cpp create mode 100644 test/fuzztest/checkappwatchpermission_fuzzer/checkappwatchpermission_fuzzer.h create mode 100644 test/fuzztest/checkappwatchpermission_fuzzer/corpus/init create mode 100644 test/fuzztest/checkappwatchpermission_fuzzer/project.xml create mode 100644 test/fuzztest/initworkspace_fuzzer/corpus/init create mode 100644 test/fuzztest/initworkspace_fuzzer/initworkspace_fuzzer.cpp create mode 100644 test/fuzztest/initworkspace_fuzzer/initworkspace_fuzzer.h create mode 100644 test/fuzztest/initworkspace_fuzzer/project.xml diff --git a/test/fuzztest/addparamsecuritynode_fuzzer/addparamsecuritynode_fuzzer.cpp b/test/fuzztest/addparamsecuritynode_fuzzer/addparamsecuritynode_fuzzer.cpp new file mode 100644 index 000000000..2e886fe8e --- /dev/null +++ b/test/fuzztest/addparamsecuritynode_fuzzer/addparamsecuritynode_fuzzer.cpp @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "addparamsecuritynode_fuzzer.h" +#include +#include +#include "param_trie.h" +#include "param_manager.h" + + +namespace OHOS { + bool FuzzAddParamSecurityNode(const uint8_t* data, size_t size) + { + if (size < sizeof(ParamAuditData)) { + return false; + } + + WorkSpace *workSpace = GetWorkSpace(0); + + const ParamAuditData* auditData = reinterpret_cast(data); + size_t remainingSize = size - sizeof(ParamAuditData); + + ParamAuditData safeAuditData = *auditData; + if (safeAuditData.memberNum > 0) { + size_t requiredSize = safeAuditData.memberNum * sizeof(uid_t); + if (remainingSize < requiredSize) { + safeAuditData.memberNum = remainingSize / sizeof(uid_t); + } + } + + return (AddParamSecurityNode(workSpace, &safeAuditData) == 0); + } +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + OHOS::FuzzAddParamSecurityNode(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/addparamsecuritynode_fuzzer/addparamsecuritynode_fuzzer.h b/test/fuzztest/addparamsecuritynode_fuzzer/addparamsecuritynode_fuzzer.h new file mode 100644 index 000000000..4d39bfc74 --- /dev/null +++ b/test/fuzztest/addparamsecuritynode_fuzzer/addparamsecuritynode_fuzzer.h @@ -0,0 +1,20 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_ADD_PARAM_SECURITY_NODE_H +#define TEST_FUZZTEST_ADD_PARAM_SECURITY_NODE_H +#include "fuzz_utils.h" +#define FUZZ_PROJECT_NAME "addparamsecuritynode_fuzzer" +#endif \ No newline at end of file diff --git a/test/fuzztest/addparamsecuritynode_fuzzer/corpus/init b/test/fuzztest/addparamsecuritynode_fuzzer/corpus/init new file mode 100644 index 000000000..8eb5a7d6e --- /dev/null +++ b/test/fuzztest/addparamsecuritynode_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/addparamsecuritynode_fuzzer/project.xml b/test/fuzztest/addparamsecuritynode_fuzzer/project.xml new file mode 100644 index 000000000..949d03efd --- /dev/null +++ b/test/fuzztest/addparamsecuritynode_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 100 + + 30 + + 2048 + + diff --git a/test/fuzztest/addsecuritylabel_fuzzer/addsecuritylabel_fuzzer.cpp b/test/fuzztest/addsecuritylabel_fuzzer/addsecuritylabel_fuzzer.cpp new file mode 100644 index 000000000..11266998d --- /dev/null +++ b/test/fuzztest/addsecuritylabel_fuzzer/addsecuritylabel_fuzzer.cpp @@ -0,0 +1,57 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "addsecuritylabel_fuzzer.h" +#include +#include +#include "param_trie.h" +#include "param_manager.h" +#include "securec.h" + + +namespace OHOS { + bool FuzzAddSecurityLabel(const uint8_t* data, size_t size) + { + if (size < sizeof(ParamAuditData) + 1) { + return false; + } + + ParamAuditData auditData = {}; + if (memcpy_s(&auditData, sizeof(ParamAuditData), data, sizeof(ParamAuditData)) != 0) { + return false; + } + + size_t name_len = size - sizeof(ParamAuditData); + std::unique_ptr name_buf(new char[name_len + 1]); + if (memcpy_s(name_buf.get(), name_len + 1, data + sizeof(ParamAuditData), name_len) != 0) { + return false; + } + name_buf[name_len] = '\0'; + auditData.name = name_buf.get(); + + auditData.dacData.uid = *data % 10000; + auditData.dacData.gid = *(data + 1) % 10000; + auditData.dacData.mode = *(data + 2) % 0777; + auditData.dacData.paramType = *(data + 3) % 10; + + return (AddSecurityLabel(&auditData) == 0); + } +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + OHOS::FuzzAddSecurityLabel(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/addsecuritylabel_fuzzer/addsecuritylabel_fuzzer.h b/test/fuzztest/addsecuritylabel_fuzzer/addsecuritylabel_fuzzer.h new file mode 100644 index 000000000..c5aa0d5ba --- /dev/null +++ b/test/fuzztest/addsecuritylabel_fuzzer/addsecuritylabel_fuzzer.h @@ -0,0 +1,20 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_ADD_SECURITY_LABLE_H +#define TEST_FUZZTEST_ADD_SECURITY_LABLE_H +#include "fuzz_utils.h" +#define FUZZ_PROJECT_NAME "addsecuritylabel_fuzzer" +#endif \ No newline at end of file diff --git a/test/fuzztest/addsecuritylabel_fuzzer/corpus/init b/test/fuzztest/addsecuritylabel_fuzzer/corpus/init new file mode 100644 index 000000000..8eb5a7d6e --- /dev/null +++ b/test/fuzztest/addsecuritylabel_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/addsecuritylabel_fuzzer/project.xml b/test/fuzztest/addsecuritylabel_fuzzer/project.xml new file mode 100644 index 000000000..a03232f21 --- /dev/null +++ b/test/fuzztest/addsecuritylabel_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 100 + + 30 + + 2048 + + diff --git a/test/fuzztest/checkappwatchpermission_fuzzer/checkappwatchpermission_fuzzer.cpp b/test/fuzztest/checkappwatchpermission_fuzzer/checkappwatchpermission_fuzzer.cpp new file mode 100644 index 000000000..5cb66cd21 --- /dev/null +++ b/test/fuzztest/checkappwatchpermission_fuzzer/checkappwatchpermission_fuzzer.cpp @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "checkappwatchpermission_fuzzer.h" +#include +#include +#include "init_utils.h" +#define private public +#include "watcher_manager.h" +#undef private +using namespace OHOS::init_param; + +namespace OHOS { +bool FuzzCheckAppWatchPermission(const uint8_t* data, size_t size) + { + bool result = false; + std::string str(reinterpret_cast(data), size); + std::unique_ptr watcherManager = std::make_unique(0, true); + if (watcherManager->CheckAppWatchPermission(str)) { + result = true; + }; + return result; + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::FuzzCheckAppWatchPermission(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/checkappwatchpermission_fuzzer/checkappwatchpermission_fuzzer.h b/test/fuzztest/checkappwatchpermission_fuzzer/checkappwatchpermission_fuzzer.h new file mode 100644 index 000000000..a75c318b3 --- /dev/null +++ b/test/fuzztest/checkappwatchpermission_fuzzer/checkappwatchpermission_fuzzer.h @@ -0,0 +1,20 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_CHECK_APP_WATCH_PERMISSION_FUZZER_H +#define TEST_FUZZTEST_CHECK_APP_WATCH_PERMISSION_FUZZER_H +#include "fuzz_utils.h" +#define FUZZ_PROJECT_NAME "checkappwatchpermission_fuzzer" +#endif \ No newline at end of file diff --git a/test/fuzztest/checkappwatchpermission_fuzzer/corpus/init b/test/fuzztest/checkappwatchpermission_fuzzer/corpus/init new file mode 100644 index 000000000..8eb5a7d6e --- /dev/null +++ b/test/fuzztest/checkappwatchpermission_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/checkappwatchpermission_fuzzer/project.xml b/test/fuzztest/checkappwatchpermission_fuzzer/project.xml new file mode 100644 index 000000000..9e35ed57f --- /dev/null +++ b/test/fuzztest/checkappwatchpermission_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 100 + + 30 + + 2048 + + diff --git a/test/fuzztest/initworkspace_fuzzer/corpus/init b/test/fuzztest/initworkspace_fuzzer/corpus/init new file mode 100644 index 000000000..8eb5a7d6e --- /dev/null +++ b/test/fuzztest/initworkspace_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/initworkspace_fuzzer/initworkspace_fuzzer.cpp b/test/fuzztest/initworkspace_fuzzer/initworkspace_fuzzer.cpp new file mode 100644 index 000000000..076285bfb --- /dev/null +++ b/test/fuzztest/initworkspace_fuzzer/initworkspace_fuzzer.cpp @@ -0,0 +1,53 @@ +/* + * Copyright (c) 2023 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "initworkspace_fuzzer.h" +#include +#include +#include "param_trie.h" +#include "param_manager.h" +#include "securec.h" + + +namespace OHOS { + bool FuzzInitWorkSpace(const uint8_t* data, size_t size) + { + constexpr size_t min_size = sizeof(uint32_t) * 2; + if (size < min_size) { + return false; + } + + uint32_t spaceSize = 0; + if (memcpy_s(&spaceSize, sizeof(uint32_t), data, sizeof(uint32_t)) != 0) { + return false; + } + data += sizeof(uint32_t); + size -= sizeof(uint32_t); + + int onlyRead = 0; + if (memcpy_s(&onlyRead, sizeof(int), data, sizeof(int)) != 0) { + return false; + } + WorkSpace *workSpace = GetWorkSpace(0); + + return (InitWorkSpace(workSpace, onlyRead, spaceSize) == 0); + } +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + OHOS::FuzzInitWorkSpace(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/initworkspace_fuzzer/initworkspace_fuzzer.h b/test/fuzztest/initworkspace_fuzzer/initworkspace_fuzzer.h new file mode 100644 index 000000000..19f5ca4c0 --- /dev/null +++ b/test/fuzztest/initworkspace_fuzzer/initworkspace_fuzzer.h @@ -0,0 +1,20 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_INIT_WORK_SPACE_H +#define TEST_FUZZTEST_INIT_WORK_SPACE_H +#include "fuzz_utils.h" +#define FUZZ_PROJECT_NAME "initworkspace_fuzzer" +#endif \ No newline at end of file diff --git a/test/fuzztest/initworkspace_fuzzer/project.xml b/test/fuzztest/initworkspace_fuzzer/project.xml new file mode 100644 index 000000000..949d03efd --- /dev/null +++ b/test/fuzztest/initworkspace_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 100 + + 30 + + 2048 + + -- Gitee From 36ba6e0faf086734d616433b5689faac2f4d25e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B9=BE=E9=98=B3=E7=86=A0?= Date: Wed, 11 Jun 2025 10:59:07 +0000 Subject: [PATCH 3/5] =?UTF-8?q?Signed-off-by:=20=E4=B9=BE=E9=98=B3?= =?UTF-8?q?=E7=86=A0=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 乾阳熠 --- .../mountonewithfstabfile_fuzzer/corpus/init | 16 +++++++ .../mountonewithfstabfile_fuzzer.cpp | 46 +++++++++++++++++++ .../mountonewithfstabfile_fuzzer.h | 20 ++++++++ .../mountonewithfstabfile_fuzzer/project.xml | 25 ++++++++++ test/fuzztest/onstop_fuzzer/corpus/init | 16 +++++++ test/fuzztest/onstop_fuzzer/onstop_fuzzer.cpp | 43 +++++++++++++++++ test/fuzztest/onstop_fuzzer/onstop_fuzzer.h | 20 ++++++++ test/fuzztest/onstop_fuzzer/project.xml | 25 ++++++++++ 8 files changed, 211 insertions(+) create mode 100644 test/fuzztest/mountonewithfstabfile_fuzzer/corpus/init create mode 100644 test/fuzztest/mountonewithfstabfile_fuzzer/mountonewithfstabfile_fuzzer.cpp create mode 100644 test/fuzztest/mountonewithfstabfile_fuzzer/mountonewithfstabfile_fuzzer.h create mode 100644 test/fuzztest/mountonewithfstabfile_fuzzer/project.xml create mode 100644 test/fuzztest/onstop_fuzzer/corpus/init create mode 100644 test/fuzztest/onstop_fuzzer/onstop_fuzzer.cpp create mode 100644 test/fuzztest/onstop_fuzzer/onstop_fuzzer.h create mode 100644 test/fuzztest/onstop_fuzzer/project.xml diff --git a/test/fuzztest/mountonewithfstabfile_fuzzer/corpus/init b/test/fuzztest/mountonewithfstabfile_fuzzer/corpus/init new file mode 100644 index 000000000..8eb5a7d6e --- /dev/null +++ b/test/fuzztest/mountonewithfstabfile_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/mountonewithfstabfile_fuzzer/mountonewithfstabfile_fuzzer.cpp b/test/fuzztest/mountonewithfstabfile_fuzzer/mountonewithfstabfile_fuzzer.cpp new file mode 100644 index 000000000..a95c0410a --- /dev/null +++ b/test/fuzztest/mountonewithfstabfile_fuzzer/mountonewithfstabfile_fuzzer.cpp @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "mountonewithfstabfile_fuzzer.h" +#include "securec.h" +#include +#include +#include +#include "fs_manager.h" +#include + +namespace OHOS { + bool FuzzMountOneWithFstabFile(const uint8_t* data, size_t size) { + char fstabPath[] = "/tmp/fuzz_fstab_1"; + int fd = mkstemp(fstabPath); + if (fd < 0) { + return false; + } + + std::string str(reinterpret_cast(data), size); + + int ret = MountOneWithFstabFile(fstabPath, str.c_str(), false); + unlink(fstabPath); + if (ret == 0) { + return true; + } + return false; + } +} + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + OHOS::FuzzMountOneWithFstabFile(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/mountonewithfstabfile_fuzzer/mountonewithfstabfile_fuzzer.h b/test/fuzztest/mountonewithfstabfile_fuzzer/mountonewithfstabfile_fuzzer.h new file mode 100644 index 000000000..fd3a697d3 --- /dev/null +++ b/test/fuzztest/mountonewithfstabfile_fuzzer/mountonewithfstabfile_fuzzer.h @@ -0,0 +1,20 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_MOUNT_ONE_WITH_FSTABFILE_H +#define TEST_FUZZTEST_MOUNT_ONE_WITH_FSTABFILE_H +#include "fuzz_utils.h" +#define FUZZ_PROJECT_NAME "mountoneWithfstabfile_fuzzer" +#endif \ No newline at end of file diff --git a/test/fuzztest/mountonewithfstabfile_fuzzer/project.xml b/test/fuzztest/mountonewithfstabfile_fuzzer/project.xml new file mode 100644 index 000000000..949d03efd --- /dev/null +++ b/test/fuzztest/mountonewithfstabfile_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 100 + + 30 + + 2048 + + diff --git a/test/fuzztest/onstop_fuzzer/corpus/init b/test/fuzztest/onstop_fuzzer/corpus/init new file mode 100644 index 000000000..8eb5a7d6e --- /dev/null +++ b/test/fuzztest/onstop_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/onstop_fuzzer/onstop_fuzzer.cpp b/test/fuzztest/onstop_fuzzer/onstop_fuzzer.cpp new file mode 100644 index 000000000..5acdd3f20 --- /dev/null +++ b/test/fuzztest/onstop_fuzzer/onstop_fuzzer.cpp @@ -0,0 +1,43 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "onstop_fuzzer.h" +#include +#include +#include "init_utils.h" +#define protected public +#include "watcher_manager.h" +#undef protected +using namespace OHOS::init_param; + +namespace OHOS { +bool FuzzCheckAppWatchPermission(const uint8_t* data, size_t size) + { + std::unique_ptr watcherManager = std::make_unique(0, true); + uint32_t id = static_cast(*data); + uint32_t watcherId = 0; + sptr watcher = {0}; + watcherManager->AddRemoteWatcher(id, watcherId, watcher); + watcherManager->OnStop(); + return true; + } +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + /* Run your code on data */ + OHOS::FuzzCheckAppWatchPermission(data, size); + return 0; +} \ No newline at end of file diff --git a/test/fuzztest/onstop_fuzzer/onstop_fuzzer.h b/test/fuzztest/onstop_fuzzer/onstop_fuzzer.h new file mode 100644 index 000000000..28d288f46 --- /dev/null +++ b/test/fuzztest/onstop_fuzzer/onstop_fuzzer.h @@ -0,0 +1,20 @@ +/* + * Copyright (c) 2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef TEST_FUZZTEST_ON_STOP_FUZZER_H +#define TEST_FUZZTEST_ON_STOP_FUZZER_H +#include "fuzz_utils.h" +#define FUZZ_PROJECT_NAME "onstop_fuzzer" +#endif \ No newline at end of file diff --git a/test/fuzztest/onstop_fuzzer/project.xml b/test/fuzztest/onstop_fuzzer/project.xml new file mode 100644 index 000000000..949d03efd --- /dev/null +++ b/test/fuzztest/onstop_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 100 + + 30 + + 2048 + + -- Gitee From 1a7ce85d940f49d04b4c1b9543e2070820fceb3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B9=BE=E9=98=B3=E7=86=A0?= Date: Wed, 11 Jun 2025 11:01:01 +0000 Subject: [PATCH 4/5] =?UTF-8?q?Signed-off-by:=20=E4=B9=BE=E9=98=B3?= =?UTF-8?q?=E7=86=A0=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 乾阳熠 --- .../addremotewatcher_fuzzer/addremotewatcher_fuzzer.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/fuzztest/addremotewatcher_fuzzer/addremotewatcher_fuzzer.cpp b/test/fuzztest/addremotewatcher_fuzzer/addremotewatcher_fuzzer.cpp index fff638a73..31c45160a 100644 --- a/test/fuzztest/addremotewatcher_fuzzer/addremotewatcher_fuzzer.cpp +++ b/test/fuzztest/addremotewatcher_fuzzer/addremotewatcher_fuzzer.cpp @@ -26,7 +26,8 @@ namespace OHOS { std::unique_ptr watcherManager = std::make_unique(0, true); uint32_t id = static_cast(*data); uint32_t watcherId = 0; - if (!watcherManager->AddRemoteWatcher(id, watcherId, nullptr)) { + sptr watcher = {0}; + if (!watcherManager->AddRemoteWatcher(id, watcherId, watcher)) { result = true; }; return result; -- Gitee From 46b01ad67285ca12316072d97ba8df5f57da6946 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E4=B9=BE=E9=98=B3=E7=86=A0?= Date: Wed, 11 Jun 2025 11:25:08 +0000 Subject: [PATCH 5/5] =?UTF-8?q?update=20test/fuzztest/BUILD.gn.=20Signed-o?= =?UTF-8?q?ff-by:=20=E4=B9=BE=E9=98=B3=E7=86=A0=20?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: 乾阳熠 --- test/fuzztest/BUILD.gn | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/test/fuzztest/BUILD.gn b/test/fuzztest/BUILD.gn index 94e8734c9..358d45234 100644 --- a/test/fuzztest/BUILD.gn +++ b/test/fuzztest/BUILD.gn @@ -3599,10 +3599,14 @@ group("fuzztest") { ":AclGetDiskSNFuzzTest", ":AclGetSerialFuzzTest", ":AddRemoteWatcherFuzzTest", + ":AddParamEntryFuzzTest", + ":AddParamSecurityNodeFuzzTest", + ":AddSecurityLabelFuzzTest", ":AddWatcherFuzzTest", ":BuildControlMessageFuzzTest", ":ChangeSysAttributePermissionsFuzzTest", ":CheckAndCreatFileFuzzTest", + ":CheckAppWatchPermissionFuzzTest", ":CmdClientInitFuzzTest", ":CmdServiceProcessDelClientFuzzTest", ":DecodeGidFuzzTest", @@ -3679,6 +3683,7 @@ group("fuzztest") { ":HookMgrGetStagesCntFuzzTest", ":HookMgrTraversalFuzzTest", ":IsSupportedFilesystemFuzzTest", + ":InitWorkSpaceFuzzTest", ":LoadFscryptPolicyFuzzTest", ":LoadFstabFromCommandLineFuzzTest", ":LoadParamFromCmdLineFuzzTest", @@ -3692,6 +3697,8 @@ group("fuzztest") { ":MountAllWithFstabFileFuzzTest", ":MountAllWithFstabFuzzTest", ":MountOneItemFuzzTest", + ":MountOneWithFstabFileFuzzTest", + ":OnStopFuzzTest", ":ParseFstabPerLineFuzzTest", ":ParseUeventConfigFuzzTest", ":ParseUeventdConfigFileFuzzTest", -- Gitee