1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "oaid_fuzzer.h"
17
18 #include <string>
19 #include <vector>
20 #include "oaid_service_stub.h"
21 #include "oaid_service.h"
22 #include "oaid_hilog_wreapper.h"
23 #include "oaid_service_ipc_interface_code.h"
24 #include "accesstoken_kit.h"
25 #include "nativetoken_kit.h"
26 #include "token_setproc.h"
27 #undef private
28
29 using namespace std;
30 using namespace OHOS::Cloud;
31
32 namespace OHOS {
33 const std::u16string OAID_INTERFACE_TOKEN = u"ohos.cloud.oaid.IOAIDService";
34 const std::string OAID_TRACKING_CONSENT_PERMISSION = "ohos.permission.APP_TRACKING_CONSENT";
35 const std::string OAID_TRUSTLIST_EXTENSION_CONFIG_PATH = "/etc/advertising/oaid/oaid_service_config_ext.json";
36
37 bool g_isGrant = false;
38
AddPermission()39 void AddPermission()
40 {
41 (void)remove(OAID_TRUSTLIST_EXTENSION_CONFIG_PATH.c_str());
42
43 if (!g_isGrant) {
44 Security::AccessToken::PermissionDef testPermDef = {
45 .permissionName = OAID_TRACKING_CONSENT_PERMISSION,
46 .bundleName = "test_oaid",
47 .grantMode = Security::AccessToken::GrantMode::USER_GRANT,
48 .availableLevel = Security::AccessToken::APL_SYSTEM_BASIC,
49 .label = "label",
50 .labelId = 1,
51 .description = "test oaid",
52 .descriptionId = 1,
53 };
54
55 Security::AccessToken::PermissionStateFull testState = {
56 .isGeneral = true,
57 .grantStatus = {Security::AccessToken::PermissionState::PERMISSION_GRANTED},
58 .permissionName = OAID_TRACKING_CONSENT_PERMISSION,
59 .grantFlags = {Security::AccessToken::PermissionFlag::PERMISSION_USER_FIXED},
60 .resDeviceID = {"local"},
61 };
62
63 Security::AccessToken::HapInfoParams testInfoParms = {
64 .userID = 1,
65 .bundleName = "test_oaid",
66 .instIndex = 0,
67 .appIDDesc = "test",
68 .isSystemApp = true
69 };
70
71 Security::AccessToken::HapPolicyParams testPolicyPrams = {
72 .apl = Security::AccessToken::APL_SYSTEM_BASIC,
73 .domain = "test.domain",
74 .permList = {testPermDef},
75 .permStateList = {testState},
76 };
77
78 auto tokenID = Security::AccessToken::AccessTokenKit::AllocHapToken(testInfoParms, testPolicyPrams);
79 SetSelfTokenID(tokenID.tokenIDEx);
80
81 g_isGrant = true;
82 }
83 }
84
OAIDFuzzTest(const uint8_t * rawData,size_t size)85 bool OAIDFuzzTest(const uint8_t* rawData, size_t size)
86 {
87 uint32_t startCode = static_cast<uint32_t>(OHOS::Cloud::OAIDInterfaceCode::GET_OAID);
88 uint32_t endCode = static_cast<uint32_t>(OHOS::Cloud::OAIDInterfaceCode::RESET_OAID);
89 for (uint32_t code = startCode; code <= endCode; code++) {
90 MessageParcel data;
91 data.WriteInterfaceToken(OAID_INTERFACE_TOKEN);
92 MessageParcel reply;
93 MessageOption option;
94 auto oaidService =
95 sptr<Cloud::OAIDService>(new (std::nothrow) Cloud::OAIDService());
96 oaidService->OnRemoteRequest(code, data, reply, option);
97 }
98
99 return true;
100 }
101 }
102
103 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)104 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
105 {
106 /* Run your code on data */
107 OHOS::AddPermission();
108 OHOS::OAIDFuzzTest(data, size);
109 return 0;
110 }
111
112