1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "gethaptokeninfoextstub_fuzzer.h"
17
18 #include <sys/types.h>
19 #include <unistd.h>
20 #include <string>
21 #include <thread>
22 #include <vector>
23 #include <cstdlib>
24 #undef private
25 #include "accesstoken_fuzzdata.h"
26 #include "accesstoken_manager_service.h"
27 #include "i_accesstoken_manager.h"
28 #include "permission_def_parcel.h"
29 #include "accesstoken_kit.h"
30 #include "access_token.h"
31 #include "permission_def.h"
32 #include "permission_state_full.h"
33
34 using namespace std;
35 using namespace OHOS;
36 using namespace OHOS::Security::AccessToken;
37 const int CONSTANTS_NUMBER_TWO = 2;
38 const int CONSTANTS_NUMBER_FIVE = 5;
39 static const int32_t ROOT_UID = 0;
40 static const std::string TEST_BUNDLE_NAME = "ohos";
41 static const std::string TEST_PERMISSION_NAME_ALPHA = "ohos.permission.ALPHA";
42 static const std::string TEST_PERMISSION_NAME_BETA = "ohos.permission.BETA";
43 static const int TEST_USER_ID = 0;
44 static constexpr int32_t DEFAULT_API_VERSION = 8;
45
46 namespace OHOS {
TestPreparePermStateList(HapPolicyParams & policy)47 void TestPreparePermStateList(HapPolicyParams &policy)
48 {
49 PermissionStateFull permStatAlpha = {
50 .permissionName = TEST_PERMISSION_NAME_ALPHA,
51 .isGeneral = true,
52 .resDeviceID = {"device3"},
53 .grantStatus = {PermissionState::PERMISSION_DENIED},
54 .grantFlags = {PermissionFlag::PERMISSION_USER_SET}
55 };
56 PermissionStateFull permStatBeta = {
57 .permissionName = TEST_PERMISSION_NAME_BETA,
58 .isGeneral = true,
59 .resDeviceID = {"device3"},
60 .grantStatus = {PermissionState::PERMISSION_GRANTED},
61 .grantFlags = {PermissionFlag::PERMISSION_USER_FIXED}
62 };
63
64 policy.permStateList.emplace_back(permStatAlpha);
65 policy.permStateList.emplace_back(permStatBeta);
66 }
67
TestPreparePermDefList(HapPolicyParams & policy)68 void TestPreparePermDefList(HapPolicyParams &policy)
69 {
70 PermissionDef permissionDefBeta;
71 permissionDefBeta.permissionName = TEST_PERMISSION_NAME_BETA;
72 permissionDefBeta.bundleName = TEST_BUNDLE_NAME;
73 permissionDefBeta.grantMode = GrantMode::SYSTEM_GRANT;
74 permissionDefBeta.availableLevel = APL_NORMAL;
75 permissionDefBeta.provisionEnable = false;
76 permissionDefBeta.distributedSceneEnable = false;
77
78 PermissionDef permissionDefAlpha;
79 permissionDefAlpha.permissionName = TEST_PERMISSION_NAME_ALPHA;
80 permissionDefAlpha.bundleName = TEST_BUNDLE_NAME;
81 permissionDefAlpha.grantMode = GrantMode::USER_GRANT;
82 permissionDefAlpha.availableLevel = APL_NORMAL;
83 permissionDefAlpha.provisionEnable = false;
84 permissionDefAlpha.distributedSceneEnable = false;
85
86 policy.permList.emplace_back(permissionDefBeta);
87 policy.permList.emplace_back(permissionDefAlpha);
88 }
89
SetHapTokenInfo(void)90 void SetHapTokenInfo(void)
91 {
92 HapInfoParams info = {
93 .userID = TEST_USER_ID,
94 .bundleName = TEST_BUNDLE_NAME,
95 .instIndex = 0,
96 .appIDDesc = "appIDDesc",
97 .apiVersion = DEFAULT_API_VERSION
98 };
99
100 HapPolicyParams policy = {
101 .apl = APL_NORMAL,
102 .domain = "domain"
103 };
104 TestPreparePermDefList(policy);
105 TestPreparePermStateList(policy);
106
107 AccessTokenKit::AllocHapToken(info, policy);
108 }
109
RemoveHapTokenInfo(void)110 void RemoveHapTokenInfo(void)
111 {
112 AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
113 AccessTokenKit::DeleteToken(tokenID);
114 }
115
GetHapTokenInfoStubFuzzTest(const uint8_t * data,size_t size)116 bool GetHapTokenInfoStubFuzzTest(const uint8_t* data, size_t size)
117 {
118 if ((data == nullptr) || (size == 0)) {
119 return false;
120 }
121 SetHapTokenInfo();
122 AccessTokenFuzzData fuzzData(data, size);
123 AccessTokenID tokenId = 0;
124 if (size % CONSTANTS_NUMBER_FIVE == 0) {
125 tokenId = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
126 } else {
127 tokenId = fuzzData.GetData<AccessTokenID>();
128 }
129
130 MessageParcel datas;
131 datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
132 if (!datas.WriteUint32(tokenId)) {
133 return false;
134 }
135
136 uint32_t code = static_cast<uint32_t>(
137 AccessTokenInterfaceCode::GET_HAP_TOKENINFO_EXT);
138
139 MessageParcel reply;
140 MessageOption option;
141 bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0);
142 if (enable) {
143 setuid(CONSTANTS_NUMBER_TWO);
144 }
145 DelayedSingleton<AccessTokenManagerService>::GetInstance()->OnRemoteRequest(code, datas, reply, option);
146 setuid(ROOT_UID);
147 RemoveHapTokenInfo();
148 return true;
149 }
150 }
151
152 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)153 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
154 {
155 /* Run your code on data */
156 OHOS::GetHapTokenInfoStubFuzzTest(data, size);
157 return 0;
158 }
159
160