1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "ethernet_client_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <iosfwd>
21 #include <memory>
22 #include <new>
23 #include <securec.h>
24 #include <string>
25
26 #include "accesstoken_kit.h"
27 #include "refbase.h"
28 #include "singleton.h"
29 #include "token_setproc.h"
30
31 #include "dev_interface_state.h"
32 #define private public
33 #include "ethernet_client.h"
34 #include "ethernet_service.h"
35 #include "interface_configuration.h"
36 #include "interface_state_callback_stub.h"
37
38 namespace OHOS {
39 namespace NetManagerStandard {
40 namespace {
41 const uint8_t *g_baseFuzzData = nullptr;
42 static constexpr uint32_t CREATE_BOOL_TYPE_VALUE = 2;
43 size_t g_baseFuzzSize = 0;
44 size_t g_baseFuzzPos;
45 constexpr size_t IFACE_LEN = 5;
46
47 using namespace Security::AccessToken;
48 using Security::AccessToken::AccessTokenID;
49 HapInfoParams testInfoParms = {.userID = 1,
50 .bundleName = "ethernet_client_fuzzer",
51 .instIndex = 0,
52 .appIDDesc = "test",
53 .isSystemApp = true};
54
55 PermissionDef testPermDef = {.permissionName = "ohos.permission.GET_NETWORK_INFO",
56 .bundleName = "ethernet_client_fuzzer",
57 .grantMode = 1,
58 .availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC,
59 .label = "label",
60 .labelId = 1,
61 .description = "Test ethernet maneger network info",
62 .descriptionId = 1};
63
64 PermissionDef testInternetPermDef = {.permissionName = "ohos.permission.CONNECTIVITY_INTERNAL",
65 .bundleName = "net_conn_client_fuzzer",
66 .grantMode = 1,
67 .availableLevel = OHOS::Security::AccessToken::ATokenAplEnum::APL_SYSTEM_BASIC,
68 .label = "label",
69 .labelId = 1,
70 .description = "Test ethernet connectivity internet",
71 .descriptionId = 1};
72
73 PermissionStateFull testState = {.permissionName = "ohos.permission.GET_NETWORK_INFO",
74 .isGeneral = true,
75 .resDeviceID = {"local"},
76 .grantStatus = {PermissionState::PERMISSION_GRANTED},
77 .grantFlags = {2}};
78
79 PermissionStateFull testInternetState = {.permissionName = "ohos.permission.CONNECTIVITY_INTERNAL",
80 .isGeneral = true,
81 .resDeviceID = {"local"},
82 .grantStatus = {PermissionState::PERMISSION_GRANTED},
83 .grantFlags = {2}};
84
85 HapPolicyParams testPolicyPrams = {.apl = APL_SYSTEM_BASIC,
86 .domain = "test.domain",
87 .permList = {testPermDef},
88 .permStateList = {testState}};
89
90 HapPolicyParams testInternetPolicyPrams = {.apl = APL_SYSTEM_BASIC,
91 .domain = "test.domain",
92 .permList = {testPermDef, testInternetPermDef},
93 .permStateList = {testState, testInternetState}};
94 } // namespace
95
GetData()96 template <class T> T GetData()
97 {
98 T object{};
99 size_t objectSize = sizeof(object);
100 if (g_baseFuzzData == nullptr || objectSize > g_baseFuzzSize - g_baseFuzzPos) {
101 return object;
102 }
103 errno_t ret = memcpy_s(&object, objectSize, g_baseFuzzData + g_baseFuzzPos, objectSize);
104 if (ret != EOK) {
105 return {};
106 }
107 g_baseFuzzPos += objectSize;
108 return object;
109 }
110 class AccessToken {
111 public:
AccessToken()112 AccessToken()
113 {
114 currentID_ = GetSelfTokenID();
115 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(testInfoParms, testPolicyPrams);
116 accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
117 SetSelfTokenID(tokenIdEx.tokenIDEx);
118 }
~AccessToken()119 ~AccessToken()
120 {
121 AccessTokenKit::DeleteToken(accessID_);
122 SetSelfTokenID(currentID_);
123 }
124
125 private:
126 AccessTokenID currentID_ = 0;
127 AccessTokenID accessID_ = 0;
128 };
129
130 class AccessTokenInternetInfo {
131 public:
AccessTokenInternetInfo()132 AccessTokenInternetInfo()
133 {
134 currentID_ = GetSelfTokenID();
135 AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(testInfoParms, testInternetPolicyPrams);
136 accessID_ = tokenIdEx.tokenIdExStruct.tokenID;
137 SetSelfTokenID(accessID_);
138 }
~AccessTokenInternetInfo()139 ~AccessTokenInternetInfo()
140 {
141 AccessTokenKit::DeleteToken(accessID_);
142 SetSelfTokenID(currentID_);
143 }
144
145 private:
146 AccessTokenID currentID_ = 0;
147 AccessTokenID accessID_ = 0;
148 };
149
150 class MonitorInterfaceStateCallback : public InterfaceStateCallbackStub {
151 public:
OnInterfaceAdded(const std::string & ifName)152 int32_t OnInterfaceAdded(const std::string &ifName) override
153 {
154 return 0;
155 }
156
OnInterfaceRemoved(const std::string & ifName)157 int32_t OnInterfaceRemoved(const std::string &ifName) override
158 {
159 return 0;
160 }
161
OnInterfaceChanged(const std::string & ifName,bool up)162 int32_t OnInterfaceChanged(const std::string &ifName, bool up) override
163 {
164 return 0;
165 }
166 };
167
GetStringFromData(int strlen)168 std::string GetStringFromData(int strlen)
169 {
170 char cstr[strlen];
171 cstr[strlen - 1] = '\0';
172 for (int i = 0; i < strlen - 1; i++) {
173 cstr[i] = GetData<char>();
174 }
175 std::string str(cstr);
176 return str;
177 }
178
179 static bool g_isInited = false;
180
Init()181 void Init()
182 {
183 if (!g_isInited) {
184 DelayedSingleton<EthernetService>::GetInstance()->Init();
185 g_isInited = true;
186 }
187 }
188
WriteInterfaceToken(MessageParcel & data)189 bool WriteInterfaceToken(MessageParcel &data)
190 {
191 if (!data.WriteInterfaceToken(EthernetServiceStub::GetDescriptor())) {
192 return false;
193 }
194 return true;
195 }
196
OnRemoteRequest(uint32_t code,MessageParcel & data)197 int32_t OnRemoteRequest(uint32_t code, MessageParcel &data)
198 {
199 if (!g_isInited) {
200 Init();
201 }
202
203 MessageParcel reply;
204 MessageOption option;
205 return DelayedSingleton<EthernetService>::GetInstance()->OnRemoteRequest(code, data, reply, option);
206 }
207
SetIfaceConfigFuzzTest(const uint8_t * data,size_t size)208 void SetIfaceConfigFuzzTest(const uint8_t *data, size_t size)
209 {
210 if ((data == nullptr) || (size == 0)) {
211 return;
212 }
213 g_baseFuzzData = data;
214 g_baseFuzzSize = size;
215 g_baseFuzzPos = 0;
216 AccessToken token;
217 AccessTokenInternetInfo tokenInfo;
218
219 MessageParcel parcel;
220 WriteInterfaceToken(parcel);
221 std::string iface = GetStringFromData(IFACE_LEN);
222 if (!parcel.WriteString(iface)) {
223 return;
224 }
225 auto ic = std::make_unique<InterfaceConfiguration>();
226 if (!ic->Marshalling(parcel)) {
227 return;
228 }
229 OnRemoteRequest(static_cast<uint32_t>(EthernetInterfaceCode::CMD_SET_IF_CFG), parcel);
230 }
231
GetIfaceConfigFuzzTest(const uint8_t * data,size_t size)232 void GetIfaceConfigFuzzTest(const uint8_t *data, size_t size)
233 {
234 if ((data == nullptr) || (size == 0)) {
235 return;
236 }
237 g_baseFuzzData = data;
238 g_baseFuzzSize = size;
239 g_baseFuzzPos = 0;
240 AccessToken token;
241 AccessTokenInternetInfo tokenInfo;
242 MessageParcel parcel;
243 std::string iface = GetStringFromData(IFACE_LEN);
244 WriteInterfaceToken(parcel);
245 if (!parcel.WriteString(iface)) {
246 return;
247 }
248 OnRemoteRequest(static_cast<uint32_t>(EthernetInterfaceCode::CMD_GET_IF_CFG), parcel);
249 }
250
IsIfaceActiveFuzzTest(const uint8_t * data,size_t size)251 void IsIfaceActiveFuzzTest(const uint8_t *data, size_t size)
252 {
253 if ((data == nullptr) || (size == 0)) {
254 return;
255 }
256 g_baseFuzzData = data;
257 g_baseFuzzSize = size;
258 g_baseFuzzPos = 0;
259 AccessToken token;
260 AccessTokenInternetInfo tokenInfo;
261 MessageParcel parcel;
262 std::string iface = GetStringFromData(IFACE_LEN);
263 WriteInterfaceToken(parcel);
264 if (!parcel.WriteString(iface)) {
265 return;
266 }
267 OnRemoteRequest(static_cast<uint32_t>(EthernetInterfaceCode::CMD_IS_ACTIVATE), parcel);
268 }
269
GetAllActiveIfacesFuzzTest(const uint8_t * data,size_t size)270 void GetAllActiveIfacesFuzzTest(const uint8_t *data, size_t size)
271 {
272 if ((data == nullptr) || (size == 0)) {
273 return;
274 }
275 AccessToken token;
276 AccessTokenInternetInfo tokenInfo;
277 MessageParcel parcel;
278 WriteInterfaceToken(parcel);
279 OnRemoteRequest(static_cast<uint32_t>(EthernetInterfaceCode::CMD_GET_ACTIVATE_INTERFACE), parcel);
280 }
281
ResetFactoryFuzzTest(const uint8_t * data,size_t size)282 void ResetFactoryFuzzTest(const uint8_t *data, size_t size)
283 {
284 if ((data == nullptr) || (size == 0)) {
285 return;
286 }
287 AccessToken token;
288 AccessTokenInternetInfo tokenInfo;
289 MessageParcel parcel;
290 WriteInterfaceToken(parcel);
291 OnRemoteRequest(static_cast<uint32_t>(EthernetInterfaceCode::CMD_RESET_FACTORY), parcel);
292 }
293
UnregisterIfacesStateChangedFuzzTest(const uint8_t * data,size_t size)294 void UnregisterIfacesStateChangedFuzzTest(const uint8_t *data, size_t size)
295 {
296 if ((data == nullptr) || (size == 0)) {
297 return;
298 }
299 AccessToken token;
300 AccessTokenInternetInfo tokenInfo;
301 g_baseFuzzData = data;
302 g_baseFuzzSize = size;
303 g_baseFuzzPos = 0;
304 sptr<InterfaceStateCallback> interfaceCallback = new (std::nothrow) MonitorInterfaceStateCallback();
305 DelayedSingleton<EthernetClient>::GetInstance()->RegisterIfacesStateChanged(interfaceCallback);
306 DelayedSingleton<EthernetClient>::GetInstance()->UnregisterIfacesStateChanged(interfaceCallback);
307 }
308
SetInterfaceUpFuzzTest(const uint8_t * data,size_t size)309 void SetInterfaceUpFuzzTest(const uint8_t *data, size_t size)
310 {
311 if ((data == nullptr) || (size == 0)) {
312 return;
313 }
314 AccessToken token;
315 AccessTokenInternetInfo tokenInfo;
316 g_baseFuzzData = data;
317 g_baseFuzzSize = size;
318 g_baseFuzzPos = 0;
319 MessageParcel parcel;
320 std::string iface = GetStringFromData(IFACE_LEN);
321 WriteInterfaceToken(parcel);
322 if (!parcel.WriteString(iface)) {
323 return;
324 }
325 OnRemoteRequest(static_cast<uint32_t>(EthernetInterfaceCode::CMD_SET_INTERFACE_UP), parcel);
326 }
327
SetInterfaceDownFuzzTest(const uint8_t * data,size_t size)328 void SetInterfaceDownFuzzTest(const uint8_t *data, size_t size)
329 {
330 if ((data == nullptr) || (size == 0)) {
331 return;
332 }
333 AccessToken token;
334 AccessTokenInternetInfo tokenInfo;
335 g_baseFuzzData = data;
336 g_baseFuzzSize = size;
337 g_baseFuzzPos = 0;
338 MessageParcel parcel;
339 std::string iface = GetStringFromData(IFACE_LEN);
340 WriteInterfaceToken(parcel);
341 if (!parcel.WriteString(iface)) {
342 return;
343 }
344 OnRemoteRequest(static_cast<uint32_t>(EthernetInterfaceCode::CMD_SET_INTERFACE_DOWN), parcel);
345 }
346
GetInterfaceConfigFuzzTest(const uint8_t * data,size_t size)347 void GetInterfaceConfigFuzzTest(const uint8_t *data, size_t size)
348 {
349 if ((data == nullptr) || (size == 0)) {
350 return;
351 }
352 AccessToken token;
353 AccessTokenInternetInfo tokenInfo;
354 g_baseFuzzData = data;
355 g_baseFuzzSize = size;
356 g_baseFuzzPos = 0;
357 MessageParcel parcel;
358 std::string iface = GetStringFromData(IFACE_LEN);
359 WriteInterfaceToken(parcel);
360 if (!parcel.WriteString(iface)) {
361 return;
362 }
363 OnRemoteRequest(static_cast<uint32_t>(EthernetInterfaceCode::CMD_GET_INTERFACE_CONFIG), parcel);
364 }
365
SetInterfaceConfigFuzzTest(const uint8_t * data,size_t size)366 void SetInterfaceConfigFuzzTest(const uint8_t *data, size_t size)
367 {
368 if ((data == nullptr) || (size == 0)) {
369 return;
370 }
371 AccessToken token;
372 AccessTokenInternetInfo tokenInfo;
373 g_baseFuzzData = data;
374 g_baseFuzzSize = size;
375 g_baseFuzzPos = 0;
376 MessageParcel parcel;
377 std::string randStr = GetStringFromData(IFACE_LEN);
378 WriteInterfaceToken(parcel);
379 if (!parcel.WriteString(randStr)) {
380 return;
381 }
382 if (!parcel.WriteString(randStr)) {
383 return;
384 }
385 if (!parcel.WriteString(randStr)) {
386 return;
387 }
388 if (!parcel.WriteString(randStr)) {
389 return;
390 }
391 if (!parcel.WriteInt32(GetData<int32_t>())) {
392 return;
393 }
394 if (!parcel.WriteInt32(1)) {
395 return;
396 }
397 if (!parcel.WriteString(randStr)) {
398 return;
399 }
400 OnRemoteRequest(static_cast<uint32_t>(EthernetInterfaceCode::CMD_SET_INTERFACE_CONFIG), parcel);
401 }
402
EthernetServiceCommonFuzzTest(const uint8_t * data,size_t size)403 void EthernetServiceCommonFuzzTest(const uint8_t *data, size_t size)
404 {
405 if ((data == nullptr) || (size == 0)) {
406 return;
407 }
408 g_baseFuzzData = data;
409 g_baseFuzzSize = size;
410 g_baseFuzzPos = 0;
411
412 auto ethernetServiceCommon = std::make_unique<EthernetServiceCommon>();
413
414 ethernetServiceCommon->ResetEthernetFactory();
415 }
416
EthernetManagementFuzzTest(const uint8_t * data,size_t size)417 void EthernetManagementFuzzTest(const uint8_t *data, size_t size)
418 {
419 if ((data == nullptr) || (size == 0)) {
420 return;
421 }
422 g_baseFuzzData = data;
423 g_baseFuzzSize = size;
424 g_baseFuzzPos = 0;
425
426 auto ethernetManagement = std::make_unique<EthernetManagement>();
427 EthernetDhcpCallback::DhcpResult dhcpResult;
428 ethernetManagement->UpdateDevInterfaceLinkInfo(dhcpResult);
429
430 std::string dev = GetStringFromData(IFACE_LEN);
431 bool up = GetData<uint32_t>() % CREATE_BOOL_TYPE_VALUE == 0;
432 ethernetManagement->UpdateInterfaceState(dev, up);
433
434 std::string iface = GetStringFromData(IFACE_LEN);
435 sptr<InterfaceConfiguration> cfg;
436 ethernetManagement->UpdateDevInterfaceCfg(iface, cfg);
437
438 sptr<InterfaceConfiguration> ifaceConfig;
439 ethernetManagement->GetDevInterfaceCfg(iface, ifaceConfig);
440
441 int32_t activeStatus = 0;
442 ethernetManagement->IsIfaceActive(iface, activeStatus);
443
444 std::vector<std::string> result;
445 ethernetManagement->GetAllActiveIfaces(result);
446
447 ethernetManagement->ResetFactory();
448 std::string devName = GetStringFromData(IFACE_LEN);
449 ethernetManagement->DevInterfaceAdd(devName);
450 ethernetManagement->DevInterfaceRemove(devName);
451 }
452
EthernetDhcpControllerFuzzTest(const uint8_t * data,size_t size)453 void EthernetDhcpControllerFuzzTest(const uint8_t *data, size_t size)
454 {
455 if ((data == nullptr) || (size == 0)) {
456 return;
457 }
458 g_baseFuzzData = data;
459 g_baseFuzzSize = size;
460 g_baseFuzzPos = 0;
461
462 auto ethernetDhcpController = std::make_unique<EthernetDhcpController>();
463
464 sptr<EthernetDhcpCallback> callback;
465 ethernetDhcpController->RegisterDhcpCallback(callback);
466
467 std::string iface = GetStringFromData(IFACE_LEN);
468 bool bIpv6 = GetData<uint32_t>() % CREATE_BOOL_TYPE_VALUE == 0;
469 ethernetDhcpController->StartDhcpClient(iface, bIpv6);
470
471 ethernetDhcpController->StopDhcpClient(iface, bIpv6);
472 }
473 } // namespace NetManagerStandard
474 } // namespace OHOS
475
476 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)477 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
478 {
479 /* Run your code on data */
480 OHOS::NetManagerStandard::SetIfaceConfigFuzzTest(data, size);
481 OHOS::NetManagerStandard::GetIfaceConfigFuzzTest(data, size);
482 OHOS::NetManagerStandard::IsIfaceActiveFuzzTest(data, size);
483 OHOS::NetManagerStandard::GetAllActiveIfacesFuzzTest(data, size);
484 OHOS::NetManagerStandard::ResetFactoryFuzzTest(data, size);
485 OHOS::NetManagerStandard::UnregisterIfacesStateChangedFuzzTest(data, size);
486 OHOS::NetManagerStandard::SetInterfaceUpFuzzTest(data, size);
487 OHOS::NetManagerStandard::SetInterfaceDownFuzzTest(data, size);
488 OHOS::NetManagerStandard::GetInterfaceConfigFuzzTest(data, size);
489 OHOS::NetManagerStandard::SetInterfaceConfigFuzzTest(data, size);
490 OHOS::NetManagerStandard::EthernetServiceCommonFuzzTest(data, size);
491 OHOS::NetManagerStandard::EthernetManagementFuzzTest(data, size);
492 OHOS::NetManagerStandard::EthernetDhcpControllerFuzzTest(data, size);
493 return 0;
494 }
495