1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "allochaptokenstub_fuzzer.h"
17 #include <sys/types.h>
18 #include <unistd.h>
19 #include <iostream>
20 #include <string>
21 #include <thread>
22 #include <vector>
23 #include "accesstoken_fuzzdata.h"
24 #undef private
25 #include "accesstoken_manager_service.h"
26 #include "hap_info_parcel.h"
27 #include "i_accesstoken_manager.h"
28
29 using namespace std;
30 using namespace OHOS::Security::AccessToken;
31 const int CONSTANTS_NUMBER_TWO = 2;
32 static const int32_t ROOT_UID = 0;
33
34 namespace OHOS {
ConstructorParam(AccessTokenFuzzData & fuzzData,HapInfoParcel & hapInfoParcel,HapPolicyParcel & hapPolicyParcel)35 void ConstructorParam(AccessTokenFuzzData& fuzzData, HapInfoParcel& hapInfoParcel, HapPolicyParcel& hapPolicyParcel)
36 {
37 std::string permissionName = fuzzData.GenerateStochasticString();
38 std::string bundleName = fuzzData.GenerateStochasticString();
39 PermissionDef testPermDef = {
40 .permissionName = permissionName,
41 .bundleName = bundleName,
42 .grantMode = 1,
43 .availableLevel = APL_NORMAL,
44 .label = fuzzData.GenerateStochasticString(),
45 .labelId = 1,
46 .description = fuzzData.GenerateStochasticString(),
47 .descriptionId = 1};
48 PermissionStatus testState = {
49 .permissionName = permissionName,
50 .grantStatus = PermissionState::PERMISSION_GRANTED,
51 .grantFlag = 1,
52 };
53 HapInfoParams testInfoParms = {
54 .userID = 1,
55 .bundleName = bundleName,
56 .instIndex = 0,
57 .appIDDesc = fuzzData.GenerateStochasticString()};
58 PreAuthorizationInfo info1 = {
59 .permissionName = permissionName,
60 .userCancelable = true
61 };
62 HapPolicy testPolicy = {
63 .apl = APL_NORMAL,
64 .domain = fuzzData.GenerateStochasticString(),
65 .permList = {testPermDef},
66 .permStateList = {testState},
67 .aclRequestedList = {permissionName},
68 .preAuthorizationInfo = {info1}
69 };
70
71 hapInfoParcel.hapInfoParameter = testInfoParms;
72 hapPolicyParcel.hapPolicy = testPolicy;
73 }
74
AllocHapTokenStubFuzzTest(const uint8_t * data,size_t size)75 bool AllocHapTokenStubFuzzTest(const uint8_t* data, size_t size)
76 {
77 if ((data == nullptr) || (size == 0)) {
78 return false;
79 }
80
81 AccessTokenFuzzData fuzzData(data, size);
82 HapInfoParcel hapInfoParcel;
83 HapPolicyParcel hapPolicyParcel;
84 ConstructorParam(fuzzData, hapInfoParcel, hapPolicyParcel);
85
86 MessageParcel datas;
87 datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
88 if (!datas.WriteParcelable(&hapInfoParcel)) {
89 return false;
90 }
91 if (!datas.WriteParcelable(&hapPolicyParcel)) {
92 return false;
93 }
94
95 uint32_t code = static_cast<uint32_t>(
96 AccessTokenInterfaceCode::ALLOC_TOKEN_HAP);
97
98 MessageParcel reply;
99 MessageOption option;
100 bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0);
101 if (enable) {
102 setuid(CONSTANTS_NUMBER_TWO);
103 }
104 DelayedSingleton<AccessTokenManagerService>::GetInstance()->OnRemoteRequest(code, datas, reply, option);
105 setuid(ROOT_UID);
106
107 return true;
108 }
109 } // namespace OHOS
110
111 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)112 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
113 {
114 /* Run your code on data */
115 OHOS::AllocHapTokenStubFuzzTest(data, size);
116 return 0;
117 }
118