• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "inithaptoken_fuzzer.h"
17 
18 #include <string>
19 
20 #include "accesstoken_kit.h"
21 #include "fuzzer/FuzzedDataProvider.h"
22 
23 using namespace std;
24 using namespace OHOS::Security::AccessToken;
25 
26 namespace OHOS {
InitHapInfoParams(const std::string & bundleName,FuzzedDataProvider & provider,HapInfoParams & param)27     void InitHapInfoParams(const std::string& bundleName, FuzzedDataProvider& provider, HapInfoParams &param)
28     {
29         param.userID = provider.ConsumeIntegral<int32_t>();
30         param.bundleName = bundleName;
31         param.instIndex = provider.ConsumeIntegral<int32_t>();
32         param.dlpType = static_cast<int32_t>(
33             provider.ConsumeIntegralInRange<uint32_t>(0, static_cast<uint32_t>(HapDlpType::BUTT_DLP_TYPE)));
34         param.appIDDesc = provider.ConsumeRandomLengthString();
35         param.apiVersion = provider.ConsumeIntegral<int32_t>();
36         param.isSystemApp = provider.ConsumeBool();
37         param.appDistributionType = provider.ConsumeRandomLengthString();
38         param.isRestore = provider.ConsumeBool();
39         param.tokenID = provider.ConsumeIntegral<AccessTokenID>();
40         param.isAtomicService = provider.ConsumeBool();
41     }
42 
InitHapPolicy(const std::string & permissionName,const std::string & bundleName,FuzzedDataProvider & provider,HapPolicyParams & policy)43     void InitHapPolicy(const std::string& permissionName, const std::string& bundleName, FuzzedDataProvider& provider,
44         HapPolicyParams& policy)
45     {
46         PermissionDef def = {
47             .permissionName = permissionName,
48             .bundleName = bundleName,
49             .grantMode = static_cast<int32_t>(
50                 provider.ConsumeIntegralInRange<uint32_t>(0, static_cast<uint32_t>(GrantMode::SYSTEM_GRANT))),
51             .availableLevel = static_cast<ATokenAplEnum>(
52                 provider.ConsumeIntegralInRange<uint32_t>(0, static_cast<uint32_t>(ATokenAplEnum::APL_ENUM_BUTT))),
53             .provisionEnable = provider.ConsumeBool(),
54             .distributedSceneEnable = provider.ConsumeBool(),
55             .label = provider.ConsumeRandomLengthString(),
56             .labelId = provider.ConsumeIntegral<int32_t>(),
57             .description = provider.ConsumeRandomLengthString(),
58             .descriptionId = provider.ConsumeIntegral<int32_t>(),
59             .availableType = static_cast<ATokenAvailableTypeEnum>(provider.ConsumeIntegralInRange<uint32_t>(
60                 0, static_cast<uint32_t>(ATokenAvailableTypeEnum::AVAILABLE_TYPE_BUTT))),
61             .isKernelEffect = provider.ConsumeBool(),
62             .hasValue = provider.ConsumeBool(),
63         };
64 
65         PermissionStateFull state = {
66             .permissionName = permissionName,
67             .isGeneral = provider.ConsumeBool(),
68             .resDeviceID = {provider.ConsumeRandomLengthString()},
69             .grantStatus = {static_cast<int32_t>(provider.ConsumeIntegralInRange<uint32_t>(
70                 0, static_cast<uint32_t>(PermissionState::PERMISSION_GRANTED)))},
71             .grantFlags = {provider.ConsumeIntegralInRange<uint32_t>(
72                 0, static_cast<uint32_t>(PermissionFlag::PERMISSION_ALLOW_THIS_TIME))},
73         };
74 
75         PreAuthorizationInfo info = {
76             .permissionName = permissionName,
77             .userCancelable = provider.ConsumeBool(),
78         };
79 
80         policy.apl = static_cast<ATokenAplEnum>(
81             provider.ConsumeIntegralInRange<uint32_t>(0, static_cast<uint32_t>(ATokenAplEnum::APL_ENUM_BUTT)));
82         policy.domain = provider.ConsumeRandomLengthString();
83         policy.permList = { def };
84         policy.permStateList = { state };
85         policy.aclRequestedList = {provider.ConsumeRandomLengthString()};
86         policy.preAuthorizationInfo = { info };
87         policy.checkIgnore = static_cast<HapPolicyCheckIgnore>(provider.ConsumeIntegralInRange<uint32_t>(
88             0, static_cast<uint32_t>(HapPolicyCheckIgnore::ACL_IGNORE_CHECK)));
89         policy.aclExtendedMap = {std::make_pair<std::string, std::string>(provider.ConsumeRandomLengthString(),
90             provider.ConsumeRandomLengthString())};
91     }
92 
InitHapTokenFuzzTest(const uint8_t * data,size_t size)93     bool InitHapTokenFuzzTest(const uint8_t* data, size_t size)
94     {
95         if ((data == nullptr) || (size == 0)) {
96             return false;
97         }
98 
99         FuzzedDataProvider provider(data, size);
100         std::string permissionName = provider.ConsumeRandomLengthString();
101         std::string bundleName = provider.ConsumeRandomLengthString();
102 
103         HapInfoParams param;
104         InitHapInfoParams(bundleName, provider, param);
105 
106         HapPolicyParams policy;
107         InitHapPolicy(permissionName, bundleName, provider, policy);
108 
109         AccessTokenIDEx tokenIdEx = {0};
110         return AccessTokenKit::InitHapToken(param, policy, tokenIdEx) == 0;
111     }
112 }
113 
114 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)115 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
116 {
117     /* Run your code on data */
118     OHOS::InitHapTokenFuzzTest(data, size);
119     return 0;
120 }
121