• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "updatehaptoken_fuzzer.h"
17 
18 #include <string>
19 
20 #include "accesstoken_kit.h"
21 #include "fuzzer/FuzzedDataProvider.h"
22 
23 using namespace std;
24 using namespace OHOS::Security::AccessToken;
25 
26 namespace OHOS {
InitHapPolicy(FuzzedDataProvider & provider,HapPolicyParams & policy)27     void InitHapPolicy(FuzzedDataProvider& provider, HapPolicyParams& policy)
28     {
29         std::string permissionName = provider.ConsumeRandomLengthString();
30         PermissionDef def = {
31             .permissionName = permissionName,
32             .bundleName = provider.ConsumeRandomLengthString(),
33             .grantMode = static_cast<int32_t>(
34                 provider.ConsumeIntegralInRange<uint32_t>(0, static_cast<uint32_t>(GrantMode::SYSTEM_GRANT))),
35             .availableLevel = static_cast<ATokenAplEnum>(
36                 provider.ConsumeIntegralInRange<uint32_t>(0, static_cast<uint32_t>(ATokenAplEnum::APL_ENUM_BUTT))),
37             .provisionEnable = provider.ConsumeBool(),
38             .distributedSceneEnable = provider.ConsumeBool(),
39             .label = provider.ConsumeRandomLengthString(),
40             .labelId = provider.ConsumeIntegral<int32_t>(),
41             .description = provider.ConsumeRandomLengthString(),
42             .descriptionId = provider.ConsumeIntegral<int32_t>(),
43             .availableType = static_cast<ATokenAvailableTypeEnum>(provider.ConsumeIntegralInRange<uint32_t>(
44                 0, static_cast<uint32_t>(ATokenAvailableTypeEnum::AVAILABLE_TYPE_BUTT))),
45             .isKernelEffect = provider.ConsumeBool(),
46             .hasValue = provider.ConsumeBool(),
47         };
48 
49         PermissionStateFull state = {
50             .permissionName = permissionName,
51             .isGeneral = provider.ConsumeBool(),
52             .resDeviceID = {provider.ConsumeRandomLengthString()},
53             .grantStatus = {static_cast<int32_t>(provider.ConsumeIntegralInRange<uint32_t>(
54                 0, static_cast<uint32_t>(PermissionState::PERMISSION_GRANTED)))},
55             .grantFlags = {provider.ConsumeIntegralInRange<uint32_t>(
56                 0, static_cast<uint32_t>(PermissionFlag::PERMISSION_ALLOW_THIS_TIME))},
57         };
58 
59         PreAuthorizationInfo info = {
60             .permissionName = permissionName,
61             .userCancelable = provider.ConsumeBool(),
62         };
63 
64         policy.apl = static_cast<ATokenAplEnum>(
65             provider.ConsumeIntegralInRange<uint32_t>(0, static_cast<uint32_t>(ATokenAplEnum::APL_ENUM_BUTT)));
66         policy.domain = provider.ConsumeRandomLengthString();
67         policy.permList = { def };
68         policy.permStateList = { state };
69         policy.aclRequestedList = {provider.ConsumeRandomLengthString()};
70         policy.preAuthorizationInfo = { info };
71         policy.checkIgnore = static_cast<HapPolicyCheckIgnore>(provider.ConsumeIntegralInRange<uint32_t>(
72             0, static_cast<uint32_t>(HapPolicyCheckIgnore::ACL_IGNORE_CHECK)));
73         policy.aclExtendedMap = {std::make_pair<std::string, std::string>(provider.ConsumeRandomLengthString(),
74             provider.ConsumeRandomLengthString())};
75     }
76 
UpdateHapTokenFuzzTest(const uint8_t * data,size_t size)77     bool UpdateHapTokenFuzzTest(const uint8_t* data, size_t size)
78     {
79         if ((data == nullptr) || (size == 0)) {
80             return false;
81         }
82 
83         FuzzedDataProvider provider(data, size);
84         AccessTokenIDEx tokenIDex = {
85             .tokenIdExStruct.tokenID = provider.ConsumeIntegral<AccessTokenID>(),
86             .tokenIdExStruct.tokenAttr = provider.ConsumeIntegral<uint32_t>(),
87         };
88 
89         UpdateHapInfoParams info = {
90             .appIDDesc = provider.ConsumeRandomLengthString(),
91             .apiVersion = provider.ConsumeIntegral<int32_t>(),
92             .isSystemApp = provider.ConsumeBool(),
93             .appDistributionType = provider.ConsumeRandomLengthString(),
94             .isAtomicService = provider.ConsumeBool(),
95             .dataRefresh = provider.ConsumeBool(),
96         };
97 
98         HapPolicyParams policy;
99         InitHapPolicy(provider, policy);
100 
101         return AccessTokenKit::UpdateHapToken(tokenIDex, info, policy) == RET_SUCCESS;
102     }
103 }
104 
105 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)106 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
107 {
108     /* Run your code on data */
109     OHOS::UpdateHapTokenFuzzTest(data, size);
110     return 0;
111 }
112