1 /*
2 * Copyright (c) 2023-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "externalfileaccessscanfile_fuzzer.h"
16
17 #include <cstddef>
18 #include <cstdint>
19 #include <cstring>
20 #include <memory>
21
22 #include "extension_base.h"
23 #include "extension_context.h"
24 #include "message_parcel.h"
25 #include "file_access_ext_base_stub.h"
26 #include "file_access_ext_stub_impl.h"
27 #include "file_access_ext_ability.h"
28 #include "js_file_access_ext_ability.h"
29 #include "js_runtime.h"
30 #include "securec.h"
31 #include "nativetoken_kit.h"
32 #include "token_setproc.h"
33 #include "accesstoken_kit.h"
34
35 namespace OHOS {
36 using namespace std;
37 using namespace OHOS;
38 using namespace FileAccessFwk;
39 using namespace AbilityRuntime;
40
SetNativeToken()41 void SetNativeToken()
42 {
43 uint64_t tokenId;
44 const char *perms[] = {
45 "ohos.permission.FILE_ACCESS_MANAGER",
46 "ohos.permission.GET_BUNDLE_INFO_PRIVILEGED",
47 "ohos.permission.CONNECT_FILE_ACCESS_EXTENSION"
48 };
49 NativeTokenInfoParams infoInstance = {
50 .dcapsNum = 0,
51 .permsNum = 3,
52 .aclsNum = 0,
53 .dcaps = nullptr,
54 .perms = perms,
55 .acls = nullptr,
56 .aplStr = "system_core",
57 };
58
59 infoInstance.processName = "ExternalFileAccessScanFileFuzzTest";
60 tokenId = GetAccessTokenId(&infoInstance);
61 const uint64_t systemAppMask = (static_cast<uint64_t>(1) << 32);
62 tokenId |= systemAppMask;
63 SetSelfTokenID(tokenId);
64 OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
65 }
66
ExternalFileAccessScanFileFuzzTest(const uint8_t * data,size_t size)67 bool ExternalFileAccessScanFileFuzzTest(const uint8_t *data, size_t size)
68 {
69 SetNativeToken();
70 // CMD_SCANFILE
71 uint32_t code = 9;
72 MessageParcel datas;
73 datas.WriteInterfaceToken(FileAccessExtBaseStub::GetDescriptor());
74 datas.WriteBuffer(reinterpret_cast<const char*>(data), size);
75 datas.RewindRead(0);
76 MessageParcel reply;
77 MessageOption option;
78
79 auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr);
80 auto fileAccessExtAbilitySharePtr = std::shared_ptr<FileAccessExtAbility>(fileAccessExtAbility);
81
82 sptr<FileAccessExtStubImpl> fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl(
83 fileAccessExtAbilitySharePtr, nullptr));
84
85 if (fileAccessExtStubObj) {
86 fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option);
87 }
88
89 fileAccessExtAbility = nullptr;
90 fileAccessExtStubObj = nullptr;
91
92 return true;
93 }
94 } // namespace OHOS
95
96 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)97 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
98 {
99 OHOS::ExternalFileAccessScanFileFuzzTest(data, size);
100 return 0;
101 }
102