1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "devauth_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20
21 #include "access_token.h"
22 #include "accesstoken_kit.h"
23 #include "access_token_error.h"
24 #include "hc_log.h"
25 #include "ipc_adapt.h"
26 #include "ipc_callback_stub.h"
27 #include "ipc_dev_auth_stub.h"
28 #include "ipc_sdk_defines.h"
29 #include "ipc_service_common.h"
30 #include "ipc_service_lite.h"
31 #include "message_parcel.h"
32 #include "nativetoken_kit.h"
33 #include "securec.h"
34 #include "token_setproc.h"
35
36 namespace OHOS {
37 const std::u16string DEV_AUTH_SERVICE_INTERFACE_TOKEN = u"deviceauth.IMethodsIpcCall";
38
NativeTokenSet(const char * procName)39 static void NativeTokenSet(const char *procName)
40 {
41 const char *acls[] = {"ACCESS_IDS"};
42 const char *perms[] = {
43 "ohos.permission.PLACE_CALL",
44 "ohos.permission.ACCESS_IDS"
45 };
46 uint64_t tokenId;
47 NativeTokenInfoParams infoInstance = {
48 .dcapsNum = 0,
49 .permsNum = 2,
50 .aclsNum = 1,
51 .dcaps = NULL,
52 .perms = perms,
53 .acls = acls,
54 .processName = procName,
55 .aplStr = "system_core",
56 };
57 tokenId = GetAccessTokenId(&infoInstance);
58 SetSelfTokenID(tokenId);
59 Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
60 }
61
FuzzDoRegCallback(const uint8_t * data,size_t size)62 bool FuzzDoRegCallback(const uint8_t* data, size_t size)
63 {
64 (void)InitDeviceAuthService();
65 (void)MainRescInit();
66 ServiceDevAuth *serviceObj = new(std::nothrow) ServiceDevAuth();
67 if (serviceObj == nullptr) {
68 return false;
69 }
70 sptr<ServiceDevAuth> sptrObj = serviceObj;
71 uintptr_t serviceCtx = reinterpret_cast<uintptr_t>(serviceObj);
72 (void)AddMethodMap(serviceCtx);
73 for (int32_t i = IPC_CALL_ID_REG_CB; i <= IPC_CALL_ID_GET_PSEUDONYM_ID; i++) {
74 if (i == IPC_CALL_ID_AUTH_DEVICE || i == IPC_CALL_ID_GA_PROC_DATA || i == IPC_CALL_GA_CANCEL_REQUEST) {
75 NativeTokenSet("softbus_server");
76 } else if (i == IPC_CALL_ID_GET_PK_INFO_LIST) {
77 NativeTokenSet("dslm_service");
78 } else {
79 NativeTokenSet("device_manager");
80 }
81 MessageParcel datas;
82 datas.WriteInterfaceToken(DEV_AUTH_SERVICE_INTERFACE_TOKEN);
83 datas.WriteInt32(i);
84 datas.WriteInt32(size + sizeof(int32_t));
85 datas.WriteInt32(0);
86 datas.WriteInt32(size);
87 datas.WriteBuffer(data, size);
88 datas.RewindRead(0);
89 MessageParcel reply;
90 MessageOption option;
91 (void)serviceObj->OnRemoteRequest(1, datas, reply, option);
92 }
93 DestroyDeviceAuthService();
94 return true;
95 }
96 }
97
98 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)99 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
100 {
101 /* Run your code on data */
102 OHOS::FuzzDoRegCallback(data, size);
103 return 0;
104 }
105
106