1 /*
2 * Copyright (c) 2023-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "gethaptokeninfoextstub_fuzzer.h"
17
18 #include <sys/types.h>
19 #include <unistd.h>
20 #include <string>
21 #include <thread>
22 #include <vector>
23 #include <cstdlib>
24 #undef private
25 #include "accesstoken_fuzzdata.h"
26 #include "accesstoken_manager_service.h"
27 #include "fuzzer/FuzzedDataProvider.h"
28 #include "iaccess_token_manager.h"
29 #include "permission_def_parcel.h"
30 #include "accesstoken_kit.h"
31 #include "access_token.h"
32 #include "permission_def.h"
33 #include "permission_state_full.h"
34
35 using namespace std;
36 using namespace OHOS;
37 using namespace OHOS::Security::AccessToken;
38 const int CONSTANTS_NUMBER_TWO = 2;
39 const int CONSTANTS_NUMBER_FIVE = 5;
40 static const int32_t ROOT_UID = 0;
41 static const std::string TEST_BUNDLE_NAME = "ohos";
42 static const std::string TEST_PERMISSION_NAME_ALPHA = "ohos.permission.ALPHA";
43 static const std::string TEST_PERMISSION_NAME_BETA = "ohos.permission.BETA";
44 static const int TEST_USER_ID = 0;
45 static constexpr int32_t DEFAULT_API_VERSION = 8;
46
47 namespace OHOS {
TestPreparePermStateList(HapPolicyParams & policy)48 void TestPreparePermStateList(HapPolicyParams &policy)
49 {
50 PermissionStateFull permStatAlpha = {
51 .permissionName = TEST_PERMISSION_NAME_ALPHA,
52 .isGeneral = true,
53 .resDeviceID = {"device3"},
54 .grantStatus = {PermissionState::PERMISSION_DENIED},
55 .grantFlags = {PermissionFlag::PERMISSION_USER_SET}
56 };
57 PermissionStateFull permStatBeta = {
58 .permissionName = TEST_PERMISSION_NAME_BETA,
59 .isGeneral = true,
60 .resDeviceID = {"device3"},
61 .grantStatus = {PermissionState::PERMISSION_GRANTED},
62 .grantFlags = {PermissionFlag::PERMISSION_USER_FIXED}
63 };
64
65 policy.permStateList.emplace_back(permStatAlpha);
66 policy.permStateList.emplace_back(permStatBeta);
67 }
68
TestPreparePermDefList(HapPolicyParams & policy)69 void TestPreparePermDefList(HapPolicyParams &policy)
70 {
71 PermissionDef permissionDefBeta;
72 permissionDefBeta.permissionName = TEST_PERMISSION_NAME_BETA;
73 permissionDefBeta.bundleName = TEST_BUNDLE_NAME;
74 permissionDefBeta.grantMode = GrantMode::SYSTEM_GRANT;
75 permissionDefBeta.availableLevel = APL_NORMAL;
76 permissionDefBeta.provisionEnable = false;
77 permissionDefBeta.distributedSceneEnable = false;
78
79 PermissionDef permissionDefAlpha;
80 permissionDefAlpha.permissionName = TEST_PERMISSION_NAME_ALPHA;
81 permissionDefAlpha.bundleName = TEST_BUNDLE_NAME;
82 permissionDefAlpha.grantMode = GrantMode::USER_GRANT;
83 permissionDefAlpha.availableLevel = APL_NORMAL;
84 permissionDefAlpha.provisionEnable = false;
85 permissionDefAlpha.distributedSceneEnable = false;
86
87 policy.permList.emplace_back(permissionDefBeta);
88 policy.permList.emplace_back(permissionDefAlpha);
89 }
90
SetHapTokenInfo(void)91 void SetHapTokenInfo(void)
92 {
93 HapInfoParams info = {
94 .userID = TEST_USER_ID,
95 .bundleName = TEST_BUNDLE_NAME,
96 .instIndex = 0,
97 .appIDDesc = "appIDDesc",
98 .apiVersion = DEFAULT_API_VERSION
99 };
100
101 HapPolicyParams policy = {
102 .apl = APL_NORMAL,
103 .domain = "domain"
104 };
105 TestPreparePermDefList(policy);
106 TestPreparePermStateList(policy);
107
108 AccessTokenKit::AllocHapToken(info, policy);
109 }
110
RemoveHapTokenInfo(void)111 void RemoveHapTokenInfo(void)
112 {
113 AccessTokenID tokenID = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
114 AccessTokenKit::DeleteToken(tokenID);
115 }
116
GetHapTokenInfoStubFuzzTest(const uint8_t * data,size_t size)117 bool GetHapTokenInfoStubFuzzTest(const uint8_t* data, size_t size)
118 {
119 if ((data == nullptr) || (size == 0)) {
120 return false;
121 }
122 SetHapTokenInfo();
123 AccessTokenFuzzData fuzzData(data, size);
124 AccessTokenID tokenId = 0;
125 FuzzedDataProvider provider(data, size);
126 if ((provider.ConsumeIntegral<int32_t>() % CONSTANTS_NUMBER_FIVE) == 0) {
127 tokenId = AccessTokenKit::GetHapTokenID(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
128 } else {
129 tokenId = fuzzData.GetData<AccessTokenID>();
130 }
131
132 MessageParcel datas;
133 datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
134 if (!datas.WriteUint32(tokenId)) {
135 return false;
136 }
137
138 uint32_t code = static_cast<uint32_t>(
139 IAccessTokenManagerIpcCode::COMMAND_GET_HAP_TOKEN_INFO_EXTENSION);
140
141 MessageParcel reply;
142 MessageOption option;
143 bool enable = ((provider.ConsumeIntegral<int32_t>() % CONSTANTS_NUMBER_TWO) == 0);
144 if (enable) {
145 setuid(CONSTANTS_NUMBER_TWO);
146 }
147 DelayedSingleton<AccessTokenManagerService>::GetInstance()->OnRemoteRequest(code, datas, reply, option);
148 setuid(ROOT_UID);
149 RemoveHapTokenInfo();
150 return true;
151 }
152 }
153
154 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)155 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
156 {
157 /* Run your code on data */
158 OHOS::GetHapTokenInfoStubFuzzTest(data, size);
159 return 0;
160 }
161
162