1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "accesstokenstubcoverage_fuzzer.h"
17
18 #include <fuzzer/FuzzedDataProvider.h>
19 #include <string>
20 #include "accesstoken_callback_stubs.h"
21 #include "accesstoken_kit.h"
22 #define private public
23 #include "accesstoken_manager_service.h"
24 #undef private
25 #include "iaccess_token_manager.h"
26 #include "token_setproc.h"
27 #include "token_sync_kit_interface.h"
28
29 using namespace std;
30 using namespace OHOS::Security::AccessToken;
31 static bool g_reload = true;
32 static AccessTokenID g_selfTokenId = 0;
33 static uint64_t g_mockTokenId = 0;
34 static uint32_t g_executionNum = 0;
35
36 namespace OHOS {
37 class TokenSyncCallbackImpl : public TokenSyncCallbackStub {
38 public:
39 TokenSyncCallbackImpl() = default;
40 virtual ~TokenSyncCallbackImpl() = default;
41
GetRemoteHapTokenInfo(const std::string & deviceID,AccessTokenID tokenID)42 int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) override
43 {
44 return TokenSyncError::TOKEN_SYNC_OPENSOURCE_DEVICE;
45 };
46
DeleteRemoteHapTokenInfo(AccessTokenID tokenID)47 int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) override
48 {
49 return TokenSyncError::TOKEN_SYNC_SUCCESS;
50 };
51
UpdateRemoteHapTokenInfo(const HapTokenInfoForSync & tokenInfo)52 int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) override
53 {
54 return TokenSyncError::TOKEN_SYNC_SUCCESS;
55 };
56 };
57
RegisterTokenSyncCallback()58 void RegisterTokenSyncCallback()
59 {
60 #ifdef TOKEN_SYNC_ENABLE
61 if (g_mockTokenId == 0) {
62 g_mockTokenId = AccessTokenKit::GetNativeTokenId("token_sync_service");
63 }
64 (void)SetSelfTokenID(g_mockTokenId);
65 sptr<TokenSyncCallbackImpl> callback = new (std::nothrow) TokenSyncCallbackImpl();
66 if (callback == nullptr) {
67 return;
68 }
69
70 MessageParcel datas;
71 if (!datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) {
72 return;
73 }
74 if (!datas.WriteRemoteObject(callback->AsObject())) {
75 return;
76 }
77 uint32_t code = static_cast<uint32_t>(
78 IAccessTokenManagerIpcCode::COMMAND_REGISTER_TOKEN_SYNC_CALLBACK);
79
80 MessageParcel reply;
81 MessageOption option;
82 DelayedSingleton<AccessTokenManagerService>::GetInstance()->OnRemoteRequest(code, datas, reply, option);
83 #endif // TOKEN_SYNC_ENABLE
84 }
85
UnRegisterTokenSyncCallback()86 void UnRegisterTokenSyncCallback()
87 {
88 #ifdef TOKEN_SYNC_ENABLE
89 MessageParcel reply;
90 MessageOption option;
91 MessageParcel datas;
92 if (!datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) {
93 return;
94 }
95 DelayedSingleton<AccessTokenManagerService>::GetInstance()->OnRemoteRequest(
96 static_cast<uint32_t>(IAccessTokenManagerIpcCode::COMMAND_UN_REGISTER_TOKEN_SYNC_CALLBACK),
97 datas, reply, option);
98 #endif // TOKEN_SYNC_ENABLE
99 }
100
GetVersion()101 void GetVersion()
102 {
103 MessageParcel reply;
104 MessageOption option;
105 MessageParcel datas;
106 if (!datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) {
107 return;
108 }
109 DelayedSingleton<AccessTokenManagerService>::GetInstance()->OnRemoteRequest(
110 static_cast<uint32_t>(IAccessTokenManagerIpcCode::COMMAND_GET_VERSION), datas, reply, option);
111 }
112
ReloadNativeTokenInfo()113 void ReloadNativeTokenInfo()
114 {
115 if (!g_reload) {
116 return;
117 }
118 #ifndef ATM_BUILD_VARIANT_USER_ENABLE
119 MessageParcel reply;
120 MessageOption option;
121 MessageParcel datas;
122 if (!datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) {
123 return;
124 }
125 DelayedSingleton<AccessTokenManagerService>::GetInstance()->OnRemoteRequest(
126 static_cast<uint32_t>(IAccessTokenManagerIpcCode::COMMAND_RELOAD_NATIVE_TOKEN_INFO), datas, reply, option);
127 g_reload = false;
128 #endif
129 }
130
GetPermissionManagerInfo()131 void GetPermissionManagerInfo()
132 {
133 MessageParcel data;
134 MessageParcel reply;
135 MessageOption option(MessageOption::TF_SYNC);
136
137 if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) {
138 return;
139 }
140 DelayedSingleton<AccessTokenManagerService>::GetInstance()->OnRemoteRequest(
141 static_cast<uint32_t>(IAccessTokenManagerIpcCode::COMMAND_GET_PERMISSION_MANAGER_INFO), data, reply, option);
142 }
143
AccessTokenStubCoverageFuzzTest(FuzzedDataProvider & provider)144 bool AccessTokenStubCoverageFuzzTest(FuzzedDataProvider &provider)
145 {
146 if (g_selfTokenId == 0) {
147 g_selfTokenId = GetSelfTokenID();
148 }
149 ReloadNativeTokenInfo();
150 GetVersion();
151 RegisterTokenSyncCallback();
152 UnRegisterTokenSyncCallback();
153 GetPermissionManagerInfo();
154 (void)SetSelfTokenID(g_selfTokenId);
155 if (g_executionNum < 1) {
156 g_executionNum++;
157 DelayedSingleton<AccessTokenManagerService>::GetInstance()->Initialize();
158 DelayedSingleton<AccessTokenManagerService>::GetInstance()->AccessTokenServiceParamSet();
159 }
160 return true;
161 }
162 } // namespace OHOS
163
164 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)165 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
166 {
167 /* Run your code on data */
168 if ((data == nullptr) || (size == 0)) {
169 return 0;
170 }
171
172 FuzzedDataProvider provider(data, size);
173 OHOS::AccessTokenStubCoverageFuzzTest(provider);
174 return 0;
175 }
176