• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2023-2025 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "authuserstub_fuzzer.h"
17 
18 #include <string>
19 #include <vector>
20 #include "access_token.h"
21 #include "access_token_error.h"
22 #include "accesstoken_kit.h"
23 #include "account_iam_callback_service.h"
24 #include "account_iam_client.h"
25 #include "account_iam_service.h"
26 #include "account_log_wrapper.h"
27 #include "fuzz_data.h"
28 #include "nativetoken_kit.h"
29 #include "token_setproc.h"
30 
31 using namespace std;
32 using namespace OHOS::AccountSA;
33 using namespace OHOS::Security::AccessToken;
34 namespace OHOS {
35 const std::u16string IAMACCOUNT_TOKEN = u"ohos.accountfwk.IAccountIAM";
36 
37 class MockIDMCallback : public OHOS::AccountSA::IDMCallback {
38 public:
~MockIDMCallback()39     virtual ~MockIDMCallback()
40     {
41     }
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)42     void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo) override
43     {
44         return;
45     }
OnResult(int32_t result,const Attributes & extraInfo)46     void OnResult(int32_t result, const Attributes &extraInfo) override
47     {
48         return;
49     }
50 };
51 
SetRemoteAuthParam(MessageParcel & data,FuzzData & random)52 void SetRemoteAuthParam(MessageParcel &data, FuzzData &random)
53 {
54     bool hasParam = random.GenerateBool();
55     if (!data.WriteBool(hasParam) || !hasParam) {
56         return;
57     }
58     hasParam = random.GenerateBool();
59     if (!data.WriteBool(hasParam)) {
60         return;
61     }
62     if (hasParam) {
63         std::string verifierNetworkId = random.GenerateString();
64         if (!data.WriteString(verifierNetworkId)) {
65             return;
66         }
67     }
68     hasParam = random.GenerateBool();
69     if (!data.WriteBool(hasParam)) {
70         return;
71     }
72     if (hasParam) {
73         std::string networkId = random.GenerateString();
74         if (!data.WriteString(networkId)) {
75             return;
76         }
77     }
78     hasParam = random.GenerateBool();
79     if (!data.WriteBool(hasParam)) {
80         return;
81     }
82     if (hasParam) {
83         uint32_t tokenId = random.GetData<uint32_t>();
84         if (!data.WriteUint32(tokenId)) {
85             return;
86         }
87     }
88 }
89 
AuthUserStubFuzzTest(const uint8_t * data,size_t size)90 bool AuthUserStubFuzzTest(const uint8_t *data, size_t size)
91 {
92     if ((data == nullptr) || (size == 0)) {
93         return false;
94     }
95     FuzzData fuzzData(data, size);
96     AuthParam authParam;
97     int32_t userId = fuzzData.GetData<int32_t>();
98     authParam.userId = userId;
99     authParam.challenge = {fuzzData.GetData<uint8_t>()};
100     authParam.authType = static_cast<AuthType>(fuzzData.GenerateEnmu(IAMAuthType::TYPE_END));
101     authParam.authTrustLevel = fuzzData.GenerateEnmu(AuthTrustLevel::ATL4);
102     authParam.authIntent = fuzzData.GenerateEnmu(AuthIntent::ABANDONED_PIN_AUTH);
103     RemoteAuthParam remoteAuthParam = { fuzzData.GenerateString(), fuzzData.GenerateString(),
104         fuzzData.GetData<uint32_t>() };
105     authParam.remoteAuthParam = remoteAuthParam;
106     std::shared_ptr<IDMCallback> ptr = make_shared<MockIDMCallback>();
107     sptr<IIDMCallback> callback = new (std::nothrow) IDMCallbackService(userId, ptr);
108     MessageParcel dataTemp;
109     if (!dataTemp.WriteInterfaceToken(IAMACCOUNT_TOKEN)) {
110         return false;
111     }
112     if (fuzzData.GenerateBool()) {
113         if (!dataTemp.WriteParcelable(&authParam)) {
114             return false;
115         }
116     }
117     if (fuzzData.GenerateBool()) {
118         if (!dataTemp.WriteRemoteObject(callback->AsObject())) {
119             return false;
120         }
121     }
122     SetRemoteAuthParam(dataTemp, fuzzData);
123     MessageParcel reply;
124     MessageOption option;
125     uint32_t code = static_cast<uint32_t>(IAccountIAMIpcCode::COMMAND_AUTH_USER);
126     auto iamAccountManagerService = std::make_shared<AccountIAMService>();
127     iamAccountManagerService->OnRemoteRequest(code, dataTemp, reply, option);
128 
129     return true;
130 }
131 } // namespace OHOS
132 
NativeTokenGet()133 void NativeTokenGet()
134 {
135     uint64_t tokenId;
136     const char **perms = new const char *[1];
137     perms[0] = "ohos.permission.ACCESS_USER_AUTH_INTERNAL";
138     NativeTokenInfoParams infoInstance = {
139         .dcapsNum = 0,
140         .permsNum = 1,
141         .aclsNum = 0,
142         .perms = perms,
143         .acls = nullptr,
144         .aplStr = "system_core",
145     };
146     infoInstance.processName = "AUTH_USER";
147     tokenId = GetAccessTokenId(&infoInstance);
148     SetSelfTokenID(tokenId);
149     AccessTokenKit::ReloadNativeTokenInfo();
150     delete [] perms;
151 }
152 
153 /* Fuzzer entry point */
LLVMFuzzerInitialize(int * argc,char *** argv)154 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
155 {
156     NativeTokenGet();
157     return 0;
158 }
159 
160 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)161 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
162 {
163     /* Run your code on data */
164     OHOS::AuthUserStubFuzzTest(data, size);
165     return 0;
166 }
167