1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "set_browser_policies_plugin_fuzzer.h"
17
18 #include <system_ability_definition.h>
19
20 #include "cJSON.h"
21 #include "common_fuzzer.h"
22 #include "edm_ipc_interface_code.h"
23 #include "handle_policy_data.h"
24 #include "ienterprise_device_mgr.h"
25 #include "func_code.h"
26 #include "message_parcel.h"
27 #include "utils.h"
28 #define private public
29 #include "set_browser_policies_plugin.h"
30 #undef private
31
32 namespace OHOS {
33 namespace EDM {
34 constexpr size_t MIN_SIZE = 16;
35 constexpr size_t WITHOUT_USERID = 0;
36 constexpr int32_t HAS_ADMIN = 0;
37 constexpr int32_t WITHOUT_ADMIN = 1;
38
SetParcelContent(MessageParcel & parcel,uint32_t operateType,const uint8_t * data,size_t size,AppExecFwk::ElementName admin)39 void SetParcelContent(MessageParcel &parcel, uint32_t operateType,
40 const uint8_t* data, size_t size, AppExecFwk::ElementName admin)
41 {
42 parcel.WriteInterfaceToken(IEnterpriseDeviceMgrIdl::GetDescriptor());
43 parcel.WriteInt32(WITHOUT_USERID);
44 if (operateType) {
45 parcel.WriteParcelable(&admin);
46 bool isSetAll = CommonFuzzer::GetU32Data(data) % BINARY_DECISION_DIVISOR;
47 int32_t pos = 0;
48 int32_t stringSize = size / 3;
49 std::string appId(CommonFuzzer::GetString(data, pos, stringSize, size));
50 std::string policies(CommonFuzzer::GetString(data, pos, stringSize, size));
51 if (isSetAll) {
52 std::vector<std::string> appIds;
53 std::vector<std::string> policiesList;
54 appIds.push_back(appId);
55 policiesList.push_back(policies);
56 parcel.WriteStringVector(appIds);
57 parcel.WriteStringVector(policiesList);
58 } else {
59 parcel.WriteString("");
60 std::string policyName(CommonFuzzer::GetString(data, pos, stringSize, size));
61 std::vector<std::string> params;
62 params.push_back(appId);
63 params.push_back(policyName);
64 params.push_back(policies);
65 parcel.WriteStringVector(params);
66 }
67 } else {
68 parcel.WriteString("");
69 bool hasAdmin = CommonFuzzer::GetU32Data(data) % BINARY_DECISION_DIVISOR;
70 if (hasAdmin) {
71 parcel.WriteInt32(HAS_ADMIN);
72 parcel.WriteParcelable(&admin);
73 } else {
74 parcel.WriteInt32(WITHOUT_ADMIN);
75 }
76 std::string appId(reinterpret_cast<const char*>(data), size);
77 parcel.WriteString(appId);
78 }
79 }
80
81 // Fuzzer entry point.
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)82 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
83 {
84 if (data == nullptr) {
85 return 0;
86 }
87 if (size < MIN_SIZE) {
88 return 0;
89 }
90 int32_t pos = 0;
91 int32_t stringSize = (size - pos) / 6;
92 for (uint32_t operateType = static_cast<uint32_t>(FuncOperateType::GET);
93 operateType <= static_cast<uint32_t>(FuncOperateType::REMOVE); operateType++) {
94 uint32_t code = EdmInterfaceCode::SET_BROWSER_POLICIES;
95 code = POLICY_FUNC_CODE(operateType, code);
96
97 AppExecFwk::ElementName admin;
98 admin.SetBundleName(CommonFuzzer::GetString(data, pos, stringSize, size));
99 admin.SetAbilityName(CommonFuzzer::GetString(data, pos, stringSize, size));
100 MessageParcel parcel;
101 SetParcelContent(parcel, operateType, data, size, admin);
102
103 CommonFuzzer::OnRemoteRequestFuzzerTest(code, data, size, parcel);
104 }
105
106 SetBrowserPoliciesPlugin plugin;
107 std::string fuzzString(reinterpret_cast<const char*>(data), size);
108 cJSON* currentPolicies = cJSON_Parse(fuzzString.c_str());
109 cJSON* mergePolicies = cJSON_Parse(fuzzString.c_str());
110 HandlePolicyData handlePolicyData;
111 handlePolicyData.policyData = fuzzString;
112 handlePolicyData.mergePolicyData = fuzzString;
113 handlePolicyData.isChanged = CommonFuzzer::GetU32Data(data) % 2;
114 plugin.UpdateCurrentAndMergePolicy(currentPolicies, mergePolicies, handlePolicyData);
115 std::string appId = fuzzString;
116 std::string policyValue = fuzzString;
117 plugin.SetRootPolicy(currentPolicies, mergePolicies, appId, policyValue);
118 std::string policyName = fuzzString;
119 plugin.SetPolicy(currentPolicies, mergePolicies, appId, policyName, policyValue);
120 plugin.SetPolicyValue(currentPolicies, policyName, policyValue);
121 std::uint32_t funcCode = CommonFuzzer::GetU32Data(data);
122 std::string adminName = fuzzString;
123 bool isGlobalChanged = CommonFuzzer::GetU32Data(data) % 2;
124 int32_t userId = CommonFuzzer::GetU32Data(data);
125 plugin.OnHandlePolicyDone(funcCode, adminName, isGlobalChanged, userId);
126 plugin.NotifyBrowserPolicyChanged();
127 std::unordered_map<std::string, std::string> adminValues = { {fuzzString, fuzzString} };
128 std::string policyData = fuzzString;
129 plugin.MergeBrowserPolicy(adminValues, policyData);
130 std::string policy = "{}";
131 cJSON* root = cJSON_Parse(policy.c_str());
132 std::string policyString = fuzzString;
133 plugin.AddBrowserPoliciesToRoot(root, policyString);
134 std::string str = "{\"policy\":{}, \"adminPolicy\": {\"policy1\": \"value1\", \"policy2\": {\"aaa\": true}}}";
135 cJSON* adminPolicy = cJSON_Parse(str.c_str());
136 plugin.AddBrowserPolicyToRoot(root, adminPolicy);
137
138 return 0;
139 }
140 } // namespace EDM
141 } // namespace OHOS