• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2025 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "updateuserpolicystub_fuzzer.h"
17 
18 #include <string>
19 #include <thread>
20 #include <vector>
21 #undef private
22 #include "access_token.h"
23 #include "accesstoken_fuzzdata.h"
24 #include "accesstoken_kit.h"
25 #include "accesstoken_manager_service.h"
26 #include "i_accesstoken_manager.h"
27 #include "nativetoken_kit.h"
28 #include "token_setproc.h"
29 
30 using namespace std;
31 using namespace OHOS::Security::AccessToken;
32 static AccessTokenID g_selfTokenId = 0;
33 static uint64_t g_mockTokenId = 0;
34 const int32_t CONSTANTS_NUMBER_TWO = 2;
35 
36 namespace OHOS {
GetNativeToken()37     void GetNativeToken()
38     {
39         if (g_mockTokenId != 0) {
40             SetSelfTokenID(g_mockTokenId);
41             return;
42         }
43         const char **perms = new const char *[1];
44         perms[0] = "ohos.permission.GET_SENSITIVE_PERMISSIONS";
45 
46         NativeTokenInfoParams infoInstance = {
47             .dcapsNum = 0,
48             .permsNum = 1,
49             .aclsNum = 0,
50             .dcaps = nullptr,
51             .perms = perms,
52             .acls = nullptr,
53             .processName = "updateuserpolicystub_fuzzer_test",
54             .aplStr = "system_core",
55         };
56 
57         g_mockTokenId = GetAccessTokenId(&infoInstance);
58         g_selfTokenId = GetSelfTokenID();
59         SetSelfTokenID(g_mockTokenId);
60         AccessTokenKit::ReloadNativeTokenInfo();
61         delete[] perms;
62     }
UpdateUserPolicyStubFuzzTest(const uint8_t * data,size_t size)63     bool UpdateUserPolicyStubFuzzTest(const uint8_t* data, size_t size)
64     {
65         if ((data == nullptr) || (size == 0)) {
66             return false;
67         }
68 
69         AccessTokenFuzzData fuzzData(data, size);
70 
71         UserState userList;
72         userList.userId = fuzzData.GetData<int32_t>();
73         userList.isActive = fuzzData.GenerateStochasticBool();
74 
75         MessageParcel datas;
76         datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
77         if (!datas.WriteUint32(1)) {
78             return false;
79         }
80         if (!datas.WriteInt32(userList.userId)) {
81             return false;
82         }
83         if (!datas.WriteBool(userList.isActive)) {
84             return false;
85         }
86 
87         uint32_t code = static_cast<uint32_t>(
88             AccessTokenInterfaceCode::UPDATE_USER_POLICY);
89 
90         MessageParcel reply;
91         MessageOption option;
92         bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0);
93         if (enable) {
94             GetNativeToken();
95         } else {
96             SetSelfTokenID(g_selfTokenId);
97         }
98         DelayedSingleton<AccessTokenManagerService>::GetInstance()->OnRemoteRequest(code, datas, reply, option);
99 
100         return true;
101     }
102 } // namespace OHOS
103 
104 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)105 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
106 {
107     /* Run your code on data */
108     OHOS::UpdateUserPolicyStubFuzzTest(data, size);
109     return 0;
110 }
111