1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "medialibraryuripermissionoperations_fuzzer.h"
17
18 #include <cstdint>
19 #include <string>
20 #include <vector>
21 #include <fuzzer/FuzzedDataProvider.h>
22
23 #include "ability_context_impl.h"
24 #include "medialibrary_uripermission_operations.h"
25 #include "medialibrary_app_uri_permission_operations.h"
26 #include "datashare_predicates.h"
27 #include "media_app_uri_permission_column.h"
28 #include "media_column.h"
29 #include "media_log.h"
30 #include "medialibrary_command.h"
31 #include "medialibrary_data_manager.h"
32 #include "medialibrary_errno.h"
33 #include "medialibrary_operation.h"
34 #include "medialibrary_photo_operations.h"
35 #include "medialibrary_unistore.h"
36 #include "medialibrary_unistore_manager.h"
37 #include "medialibrary_kvstore_manager.h"
38 #include "rdb_store.h"
39 #include "rdb_utils.h"
40 #include "userfile_manager_types.h"
41 #include "values_bucket.h"
42
43 namespace OHOS {
44 using namespace std;
45 using namespace DataShare;
46 const int32_t PERMISSION_DEFAULT = -1;
47 const int32_t URI_DEFAULT = 0;
48 const int32_t BatchInsertNumber = 5;
49 static const int32_t NUM_BYTES = 1;
50 static const int32_t MAX_PERMISSION_TYPE = 6;
51 static const int32_t MAX_URI_TYPE = 2;
52 const std::string MEDIA_FILEMODE_READWRITE = "rw";
53 std::shared_ptr<Media::MediaLibraryRdbStore> g_rdbStore;
54 FuzzedDataProvider *FDP = nullptr;
55
FuzzPermissionType()56 static int FuzzPermissionType()
57 {
58 vector<int> vecPermissionType;
59 vecPermissionType.assign(Media::AppUriPermissionColumn::PERMISSION_TYPES_ALL.begin(),
60 Media::AppUriPermissionColumn::PERMISSION_TYPES_ALL.end());
61 vecPermissionType.push_back(PERMISSION_DEFAULT);
62 uint8_t data = FDP->ConsumeIntegralInRange<uint8_t>(0, MAX_PERMISSION_TYPE);
63 return vecPermissionType[data];
64 }
65
FuzzUriType()66 static int FuzzUriType()
67 {
68 vector<int> vecUriType;
69 vecUriType.assign(Media::AppUriPermissionColumn::URI_TYPES_ALL.begin(),
70 Media::AppUriPermissionColumn::URI_TYPES_ALL.end());
71 vecUriType.push_back(URI_DEFAULT);
72 uint8_t data = FDP->ConsumeIntegralInRange<uint8_t>(0, MAX_URI_TYPE);
73 return vecUriType[data];
74 }
75
HandleInsertOperationFuzzer(string appId,string photoId,int32_t permissionType,int32_t uriType)76 static void HandleInsertOperationFuzzer(string appId, string photoId, int32_t permissionType, int32_t uriType)
77 {
78 DataShareValuesBucket values;
79 values.Put(Media::AppUriPermissionColumn::APP_ID, appId);
80 values.Put(Media::AppUriPermissionColumn::FILE_ID, photoId);
81 values.Put(Media::AppUriPermissionColumn::PERMISSION_TYPE, permissionType);
82 values.Put(Media::AppUriPermissionColumn::URI_TYPE, uriType);
83 Media::MediaLibraryCommand cmd(Media::OperationObject::APP_URI_PERMISSION_INNER, Media::OperationType::CREATE,
84 Media::MediaLibraryApi::API_10);
85 NativeRdb::ValuesBucket rdbValue = RdbDataShareAdapter::RdbUtils::ToValuesBucket(values);
86 cmd.SetValueBucket(rdbValue);
87 Media::UriPermissionOperations::InsertOperation(cmd);
88 }
89
DeleteOperationFuzzer(string appId,string photoId)90 static void DeleteOperationFuzzer(string appId, string photoId)
91 {
92 DataShare::DataSharePredicates dataSharePredicate;
93 dataSharePredicate.And()->EqualTo(Media::AppUriPermissionColumn::APP_ID, appId);
94 dataSharePredicate.And()->EqualTo(Media::AppUriPermissionColumn::FILE_ID, photoId);
95 Media::MediaLibraryCommand cmd(Media::OperationObject::APP_URI_PERMISSION_INNER, Media::OperationType::DELETE,
96 Media::MediaLibraryApi::API_10);
97 cmd.SetTableName(Media::AppUriPermissionColumn::APP_URI_PERMISSION_TABLE);
98 NativeRdb::RdbPredicates rdbPredicate = RdbDataShareAdapter::RdbUtils::ToPredicates(dataSharePredicate,
99 Media::AppUriPermissionColumn::APP_URI_PERMISSION_TABLE);
100 cmd.SetDataSharePred(dataSharePredicate);
101 cmd.GetAbsRdbPredicates()->SetWhereClause(rdbPredicate.GetWhereClause());
102 cmd.GetAbsRdbPredicates()->SetWhereArgs(rdbPredicate.GetWhereArgs());
103 Media::UriPermissionOperations::DeleteOperation(cmd);
104 }
105
BatchInsertFuzzer(string appId,string photoId)106 static void BatchInsertFuzzer(string appId, string photoId)
107 {
108 vector<DataShare::DataShareValuesBucket> dataShareValues;
109 for (int32_t i = 0; i < BatchInsertNumber; i++) {
110 DataShareValuesBucket value;
111 value.Put(Media::AppUriPermissionColumn::APP_ID, appId);
112 value.Put(Media::AppUriPermissionColumn::FILE_ID, photoId);
113 value.Put(Media::AppUriPermissionColumn::PERMISSION_TYPE, FuzzPermissionType());
114 value.Put(Media::AppUriPermissionColumn::URI_TYPE, FuzzUriType());
115 value.Put(Media::AppUriPermissionColumn::SOURCE_TOKENID, FDP->ConsumeIntegral<int32_t>());
116 value.Put(Media::AppUriPermissionColumn::TARGET_TOKENID, FDP->ConsumeIntegral<int32_t>());
117 dataShareValues.push_back(value);
118 }
119 Media::MediaLibraryCommand cmd(Media::OperationObject::APP_URI_PERMISSION_INNER, Media::OperationType::CREATE,
120 Media::MediaLibraryApi::API_10);
121 Media::UriPermissionOperations::GrantUriPermission(cmd, dataShareValues);
122 }
123
HandleUriPermOperationsFuzzer()124 static void HandleUriPermOperationsFuzzer()
125 {
126 Media::OperationType operationType = FDP->ConsumeBool() ? Media::OperationType::DELETE :
127 Media::OperationType::INSERT_PERMISSION;
128 Media::MediaLibraryCommand cmd(Media::OperationObject::APP_URI_PERMISSION_INNER, operationType,
129 Media::MediaLibraryApi::API_10);
130 Media::UriPermissionOperations::HandleUriPermOperations(cmd);
131 }
132
InsertBundlePermissionFuzzer()133 static void InsertBundlePermissionFuzzer()
134 {
135 int32_t fileId = FDP->ConsumeIntegral<int32_t>();
136 std::string bundleName = FDP->ConsumeBytesAsString(NUM_BYTES);
137 std::string tableName = FDP->ConsumeBytesAsString(NUM_BYTES);
138 std::string mode;
139 Media::UriPermissionOperations::InsertBundlePermission(fileId, bundleName, mode, tableName);
140 }
141
DeleteBundlePermissionFuzzer()142 static void DeleteBundlePermissionFuzzer()
143 {
144 std::string fileId = to_string(FDP->ConsumeIntegral<uint32_t>());
145 std::string bundleName = FDP->ConsumeBytesAsString(NUM_BYTES);
146 std::string tableName = FDP->ConsumeBytesAsString(NUM_BYTES);
147 Media::UriPermissionOperations::DeleteBundlePermission(fileId, bundleName, tableName);
148 }
149
CheckUriPermissionFuzzer()150 static void CheckUriPermissionFuzzer()
151 {
152 std::string fileUri = FDP->ConsumeBytesAsString(NUM_BYTES);
153 std::string mode = FDP->ConsumeBool() ? MEDIA_FILEMODE_READWRITE : FDP->ConsumeBytesAsString(NUM_BYTES);
154 Media::UriPermissionOperations::CheckUriPermission(fileUri, mode);
155 }
156
UpdateOperationFuzzer()157 static void UpdateOperationFuzzer()
158 {
159 Media::MediaLibraryCommand cmd(Media::OperationObject::APP_URI_PERMISSION_INNER, Media::OperationType::UPDATE,
160 Media::MediaLibraryApi::API_10);
161 Media::UriPermissionOperations::UpdateOperation(cmd);
162 std::string funcName = FDP->ConsumeBytesAsString(NUM_BYTES);
163 std::shared_ptr<Media::TransactionOperations> trans = std::make_shared<Media::TransactionOperations>(funcName);
164 Media::UriPermissionOperations::UpdateOperation(cmd, trans);
165 }
166
AppUriPermissionOperationsFuzzer()167 static void AppUriPermissionOperationsFuzzer()
168 {
169 string photoId = FDP->ConsumeBytesAsString(NUM_BYTES);
170 string appId = FDP->ConsumeBytesAsString(NUM_BYTES);
171 int32_t permissionType = FuzzPermissionType();
172 int32_t uriType = FuzzUriType();
173
174 HandleInsertOperationFuzzer(appId, photoId, permissionType, uriType);
175 DeleteOperationFuzzer(appId, photoId);
176 BatchInsertFuzzer(appId, photoId);
177 HandleUriPermOperationsFuzzer();
178 InsertBundlePermissionFuzzer();
179 DeleteBundlePermissionFuzzer();
180 CheckUriPermissionFuzzer();
181 UpdateOperationFuzzer();
182 }
183
SetTables()184 void SetTables()
185 {
186 vector<string> createTableSqlList = {
187 Media::PhotoColumn::CREATE_PHOTO_TABLE,
188 Media::AppUriPermissionColumn::CREATE_APP_URI_PERMISSION_TABLE,
189 Media::AppUriSensitiveColumn::CREATE_APP_URI_SENSITIVE_TABLE,
190 };
191 for (auto &createTableSql : createTableSqlList) {
192 int32_t ret = g_rdbStore->ExecuteSql(createTableSql);
193 if (ret != NativeRdb::E_OK) {
194 MEDIA_ERR_LOG("Execute sql %{private}s failed", createTableSql.c_str());
195 return;
196 }
197 MEDIA_DEBUG_LOG("Execute sql %{private}s success", createTableSql.c_str());
198 }
199 }
200
Init()201 static void Init()
202 {
203 auto stageContext = std::make_shared<AbilityRuntime::ContextImpl>();
204 auto abilityContextImpl = std::make_shared<OHOS::AbilityRuntime::AbilityContextImpl>();
205 abilityContextImpl->SetStageContext(stageContext);
206 int32_t sceneCode = 0;
207 auto ret = Media::MediaLibraryDataManager::GetInstance()->InitMediaLibraryMgr(abilityContextImpl,
208 abilityContextImpl, sceneCode);
209 CHECK_AND_RETURN_LOG(ret == NativeRdb::E_OK, "InitMediaLibraryMgr failed, ret: %{public}d", ret);
210
211 auto rdbStore = Media::MediaLibraryUnistoreManager::GetInstance().GetRdbStore();
212 if (rdbStore == nullptr) {
213 MEDIA_ERR_LOG("rdbStore is nullptr");
214 return;
215 }
216 g_rdbStore = rdbStore;
217 SetTables();
218 }
219
ClearKvStore()220 static inline void ClearKvStore()
221 {
222 Media::MediaLibraryKvStoreManager::GetInstance().CloseAllKvStore();
223 }
224 } // namespace OHOS
225
LLVMFuzzerInitialize(int * argc,char *** argv)226 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
227 {
228 OHOS::Init();
229 return 0;
230 }
231
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)232 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
233 {
234 FuzzedDataProvider fdp(data, size);
235 OHOS::FDP = &fdp;
236 if (data == nullptr) {
237 return 0;
238 }
239 OHOS::AppUriPermissionOperationsFuzzer();
240 OHOS::ClearKvStore();
241 return 0;
242 }
243