1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "medialibraryappurisensitiveoperations_fuzzer.h"
17
18 #include <cstdint>
19 #include <string>
20 #include <vector>
21 #include <fuzzer/FuzzedDataProvider.h>
22
23 #include "ability_context_impl.h"
24 #include "medialibrary_app_uri_permission_operations.h"
25 #include "medialibrary_app_uri_sensitive_operations.h"
26 #include "datashare_predicates.h"
27 #include "media_app_uri_permission_column.h"
28 #include "media_app_uri_sensitive_column.h"
29 #include "media_column.h"
30 #include "media_log.h"
31 #include "medialibrary_command.h"
32 #include "medialibrary_data_manager.h"
33 #include "medialibrary_errno.h"
34 #include "medialibrary_operation.h"
35 #include "medialibrary_photo_operations.h"
36 #include "medialibrary_unistore.h"
37 #include "medialibrary_unistore_manager.h"
38 #include "medialibrary_kvstore_manager.h"
39 #include "rdb_store.h"
40 #include "rdb_utils.h"
41 #include "userfile_manager_types.h"
42 #include "values_bucket.h"
43
44 namespace OHOS {
45 using namespace std;
46 using namespace DataShare;
47 const int32_t PERMISSION_DEFAULT = -1;
48 const int32_t SENSITIVE_DEFAULT = -1;
49 const int32_t URI_DEFAULT = 0;
50 const int32_t BatchInsertNumber = 5;
51 static const int32_t NUM_BYTES = 1;
52 static const int32_t MAX_PERMISSION_TYPE = 6;
53 static const int32_t MAX_URI_TYPE = 2;
54 static const int32_t MAX_SENSITIVE_TYPE = 4;
55 std::shared_ptr<Media::MediaLibraryRdbStore> g_rdbStore;
56 FuzzedDataProvider *FDP = nullptr;
57
FuzzPermissionType()58 static int FuzzPermissionType()
59 {
60 vector<int> vecPermissionType;
61 vecPermissionType.assign(Media::AppUriPermissionColumn::PERMISSION_TYPES_ALL.begin(),
62 Media::AppUriPermissionColumn::PERMISSION_TYPES_ALL.end());
63 vecPermissionType.push_back(PERMISSION_DEFAULT);
64 uint8_t data = FDP->ConsumeIntegralInRange<uint8_t>(0, MAX_PERMISSION_TYPE);
65 return vecPermissionType[data];
66 }
67
FuzzUriType()68 static int FuzzUriType()
69 {
70 vector<int> vecUriType;
71 vecUriType.assign(Media::AppUriSensitiveColumn::URI_TYPES_ALL.begin(),
72 Media::AppUriSensitiveColumn::URI_TYPES_ALL.end());
73 vecUriType.push_back(URI_DEFAULT);
74 uint8_t data = FDP->ConsumeIntegralInRange<uint8_t>(0, MAX_URI_TYPE);
75 return vecUriType[data];
76 }
77
FuzzHideSensitiveType()78 static int FuzzHideSensitiveType()
79 {
80 vector<int> vecHideSensitiveType;
81 vecHideSensitiveType.assign(Media::AppUriSensitiveColumn::SENSITIVE_TYPES_ALL.begin(),
82 Media::AppUriSensitiveColumn::SENSITIVE_TYPES_ALL.end());
83 vecHideSensitiveType.push_back(SENSITIVE_DEFAULT);
84 uint8_t data = FDP->ConsumeIntegralInRange<uint8_t>(0, MAX_SENSITIVE_TYPE);
85 return vecHideSensitiveType[data];
86 }
87
HandleInsertOperationFuzzer(string appId,string photoId,int32_t sensitiveType,int32_t permissionType,int32_t uriType)88 static void HandleInsertOperationFuzzer(string appId, string photoId, int32_t sensitiveType, int32_t permissionType,
89 int32_t uriType)
90 {
91 DataShareValuesBucket values;
92 values.Put(Media::AppUriSensitiveColumn::APP_ID, appId);
93 values.Put(Media::AppUriSensitiveColumn::FILE_ID, photoId);
94 values.Put(Media::AppUriSensitiveColumn::HIDE_SENSITIVE_TYPE, sensitiveType);
95 values.Put(Media::AppUriPermissionColumn::PERMISSION_TYPE, permissionType);
96 values.Put(Media::AppUriSensitiveColumn::URI_TYPE, uriType);
97
98 Media::MediaLibraryCommand cmd(Media::OperationObject::MEDIA_APP_URI_PERMISSION, Media::OperationType::CREATE,
99 Media::MediaLibraryApi::API_10);
100 NativeRdb::ValuesBucket rdbValue = RdbDataShareAdapter::RdbUtils::ToValuesBucket(values);
101 cmd.SetValueBucket(rdbValue);
102 Media::MediaLibraryAppUriSensitiveOperations::HandleInsertOperation(cmd);
103 }
104
DeleteOperationFuzzer(string appId,string photoId)105 static void DeleteOperationFuzzer(string appId, string photoId)
106 {
107 DataSharePredicates predicates;
108 predicates.And()->EqualTo(Media::AppUriSensitiveColumn::APP_ID, appId);
109 predicates.And()->EqualTo(Media::AppUriSensitiveColumn::FILE_ID, photoId);
110 NativeRdb::RdbPredicates rdbPredicate = RdbDataShareAdapter::RdbUtils::ToPredicates(predicates,
111 Media::AppUriSensitiveColumn::APP_URI_SENSITIVE_TABLE);
112 Media::MediaLibraryAppUriSensitiveOperations::DeleteOperation(rdbPredicate);
113 }
114
BatchInsertFuzzer()115 static void BatchInsertFuzzer()
116 {
117 vector<DataShare::DataShareValuesBucket> dataShareValues;
118 for (int32_t i = 0; i < BatchInsertNumber; i++) {
119 DataShareValuesBucket value;
120 string photoId = FDP->ConsumeBytesAsString(NUM_BYTES);
121 value.Put(Media::AppUriSensitiveColumn::APP_ID, FDP->ConsumeBytesAsString(NUM_BYTES));
122 value.Put(Media::AppUriSensitiveColumn::FILE_ID, photoId);
123 value.Put(Media::AppUriSensitiveColumn::HIDE_SENSITIVE_TYPE, FuzzHideSensitiveType());
124 value.Put(Media::AppUriPermissionColumn::PERMISSION_TYPE, FuzzPermissionType());
125 value.Put(Media::AppUriSensitiveColumn::URI_TYPE, FuzzUriType());
126 dataShareValues.push_back(value);
127 }
128 Media::MediaLibraryCommand cmd(Media::OperationObject::MEDIA_APP_URI_PERMISSION, Media::OperationType::CREATE,
129 Media::MediaLibraryApi::API_10);
130 Media::MediaLibraryAppUriSensitiveOperations::BatchInsert(cmd, dataShareValues);
131 }
132
BeForceSensitiveFuzzer()133 static void BeForceSensitiveFuzzer()
134 {
135 vector<DataShare::DataShareValuesBucket> dataShareValues;
136 for (int32_t i = 0; i < BatchInsertNumber; i++) {
137 DataShareValuesBucket value;
138 string photoId = FDP->ConsumeBytesAsString(NUM_BYTES);
139 value.Put(Media::AppUriSensitiveColumn::APP_ID, FDP->ConsumeBytesAsString(NUM_BYTES));
140 value.Put(Media::AppUriSensitiveColumn::FILE_ID, photoId);
141 value.Put(Media::AppUriSensitiveColumn::HIDE_SENSITIVE_TYPE, FuzzHideSensitiveType());
142 value.Put(Media::AppUriPermissionColumn::PERMISSION_TYPE, FuzzPermissionType());
143 value.Put(Media::AppUriSensitiveColumn::URI_TYPE, FuzzUriType());
144 value.Put(Media::AppUriSensitiveColumn::IS_FORCE_SENSITIVE, FDP->ConsumeIntegral<int32_t>());
145 dataShareValues.push_back(value);
146 }
147 Media::MediaLibraryCommand cmd(Media::OperationObject::MEDIA_APP_URI_PERMISSION, Media::OperationType::CREATE,
148 Media::MediaLibraryApi::API_10);
149 Media::MediaLibraryAppUriSensitiveOperations::BeForceSensitive(cmd, dataShareValues);
150 }
151
AppUriSensitiveOperationsFuzzer()152 static void AppUriSensitiveOperationsFuzzer()
153 {
154 string photoId = FDP->ConsumeBytesAsString(NUM_BYTES);
155 string appId = FDP->ConsumeBytesAsString(NUM_BYTES);
156 int32_t sensitiveType = FuzzHideSensitiveType();
157 int32_t permissionType = FuzzPermissionType();
158 int32_t uriType = FuzzUriType();
159
160 HandleInsertOperationFuzzer(appId, photoId, sensitiveType, permissionType, uriType);
161 sensitiveType = FuzzHideSensitiveType();
162 HandleInsertOperationFuzzer(appId, photoId, sensitiveType, permissionType, uriType);
163 DeleteOperationFuzzer(appId, photoId);
164 BatchInsertFuzzer();
165 BeForceSensitiveFuzzer();
166 }
167
SetTables()168 void SetTables()
169 {
170 vector<string> createTableSqlList = {
171 Media::PhotoColumn::CREATE_PHOTO_TABLE,
172 Media::AppUriPermissionColumn::CREATE_APP_URI_PERMISSION_TABLE,
173 Media::AppUriSensitiveColumn::CREATE_APP_URI_SENSITIVE_TABLE,
174 };
175 for (auto &createTableSql : createTableSqlList) {
176 int32_t ret = g_rdbStore->ExecuteSql(createTableSql);
177 if (ret != NativeRdb::E_OK) {
178 MEDIA_ERR_LOG("Execute sql %{private}s failed", createTableSql.c_str());
179 return;
180 }
181 MEDIA_DEBUG_LOG("Execute sql %{private}s success", createTableSql.c_str());
182 }
183 }
184
Init()185 static void Init()
186 {
187 auto stageContext = std::make_shared<AbilityRuntime::ContextImpl>();
188 auto abilityContextImpl = std::make_shared<OHOS::AbilityRuntime::AbilityContextImpl>();
189 abilityContextImpl->SetStageContext(stageContext);
190 int32_t sceneCode = 0;
191 auto ret = Media::MediaLibraryDataManager::GetInstance()->InitMediaLibraryMgr(abilityContextImpl,
192 abilityContextImpl, sceneCode);
193 CHECK_AND_RETURN_LOG(ret == NativeRdb::E_OK, "InitMediaLibraryMgr failed, ret: %{public}d", ret);
194
195 auto rdbStore = Media::MediaLibraryUnistoreManager::GetInstance().GetRdbStore();
196 if (rdbStore == nullptr) {
197 MEDIA_ERR_LOG("rdbStore is nullptr");
198 return;
199 }
200 g_rdbStore = rdbStore;
201 SetTables();
202 }
203
ClearKvStore()204 static inline void ClearKvStore()
205 {
206 Media::MediaLibraryKvStoreManager::GetInstance().CloseAllKvStore();
207 }
208 } // namespace OHOS
209
LLVMFuzzerInitialize(int * argc,char *** argv)210 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
211 {
212 OHOS::Init();
213 return 0;
214 }
215
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)216 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
217 {
218 FuzzedDataProvider fdp(data, size);
219 OHOS::FDP = &fdp;
220 if (data == nullptr) {
221 return 0;
222 }
223 OHOS::AppUriSensitiveOperationsFuzzer();
224 OHOS::ClearKvStore();
225 return 0;
226 }
227