• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2025 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "registerselfpermstatechangecallbackstub_fuzzer.h"
17 
18 #include <string>
19 #include <thread>
20 #include <vector>
21 
22 #undef private
23 #include "access_token.h"
24 #define private public
25 #include "accesstoken_id_manager.h"
26 #include "accesstoken_kit.h"
27 #include "accesstoken_manager_client.h"
28 #include "accesstoken_manager_service.h"
29 #include "fuzzer/FuzzedDataProvider.h"
30 #include "iaccess_token_manager.h"
31 #include "token_setproc.h"
32 
33 using namespace std;
34 using namespace OHOS::Security::AccessToken;
35 static uint64_t g_selfTokenId = 0;
36 static uint64_t g_mockTokenId = 0;
37 const int32_t CONSTANTS_NUMBER_TWO = 2;
38 
39 class CbCustomizeTest2 : public PermStateChangeCallbackCustomize {
40 public:
CbCustomizeTest2(const PermStateChangeScope & scopeInfo)41     explicit CbCustomizeTest2(const PermStateChangeScope &scopeInfo)
42         : PermStateChangeCallbackCustomize(scopeInfo)
43     {
44     }
45 
~CbCustomizeTest2()46     ~CbCustomizeTest2()
47     {}
48 
PermStateChangeCallback(PermStateChangeInfo & result)49     virtual void PermStateChangeCallback(PermStateChangeInfo& result)
50     {
51         ready_ = true;
52     }
53 
54     bool ready_ = false;
55 };
56 
57 namespace OHOS {
GetHapToken()58     void GetHapToken()
59     {
60         if (g_mockTokenId != 0) {
61             SetSelfTokenID(g_mockTokenId);
62             return;
63         }
64         HapInfoParams infoParams = {
65             .userID = 0,
66             .bundleName = "registerselfpermstatechangecallbackstub.fuzzer",
67             .instIndex = 0,
68             .appIDDesc = "fuzzer",
69             .apiVersion = 8
70         };
71 
72         HapPolicyParams policyParams = {
73             .apl = APL_SYSTEM_CORE,
74             .domain = "test_domain"
75         };
76 
77         AccessTokenIDEx fullTokenId = AccessTokenKit::AllocHapToken(infoParams, policyParams);
78         g_mockTokenId = fullTokenId.tokenIDEx;
79         SetSelfTokenID(g_mockTokenId);
80         AccessTokenIDManager::GetInstance().tokenIdSet_.insert(fullTokenId.tokenIdExStruct.tokenID);
81     }
82 
RegisterSelfPermStateChangeCallbackStubFuzzTest(const uint8_t * data,size_t size)83     bool RegisterSelfPermStateChangeCallbackStubFuzzTest(const uint8_t* data, size_t size)
84     {
85         if ((data == nullptr) || (size == 0)) {
86             return false;
87         }
88 
89         FuzzedDataProvider provider(data, size);
90         AccessTokenID tokenId = provider.ConsumeIntegral<AccessTokenID>();
91         std::string permissionName = provider.ConsumeRandomLengthString();
92 
93         PermStateChangeScope scopeInfo;
94         scopeInfo.permList = { permissionName };
95         scopeInfo.tokenIDs = { tokenId };
96         auto callbackPtr = std::make_shared<CbCustomizeTest2>(scopeInfo);
97 
98         PermStateChangeScopeParcel scopeParcel;
99         scopeParcel.scope = scopeInfo;
100 
101         sptr<PermissionStateChangeCallback> callback;
102         callback = new (std::nothrow) PermissionStateChangeCallback(callbackPtr);
103 
104         MessageParcel datas;
105         datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
106         if (!datas.WriteParcelable(&scopeParcel)) {
107                 return false;
108         }
109         if (!datas.WriteRemoteObject(callback->AsObject())) {
110             return false;
111         }
112 
113         uint32_t code = static_cast<uint32_t>(
114             IAccessTokenManagerIpcCode::COMMAND_REGISTER_SELF_PERM_STATE_CHANGE_CALLBACK);
115 
116         MessageParcel reply;
117         MessageOption option;
118         bool enable = ((provider.ConsumeIntegral<int32_t>() % CONSTANTS_NUMBER_TWO) == 0);
119         if (enable) {
120             GetHapToken();
121         } else {
122             SetSelfTokenID(g_selfTokenId);
123         }
124         DelayedSingleton<AccessTokenManagerService>::GetInstance()->OnRemoteRequest(code, datas, reply, option);
125 
126         code = static_cast<uint32_t>(
127             IAccessTokenManagerIpcCode::COMMAND_UN_REGISTER_SELF_PERM_STATE_CHANGE_CALLBACK);
128         MessageParcel datas2;
129         datas2.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
130         DelayedSingleton<AccessTokenManagerService>::GetInstance()->OnRemoteRequest(code, datas2, reply, option);
131 
132         return true;
133     }
134 } // namespace OHOS
135 
136 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)137 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
138 {
139     /* Run your code on data */
140     OHOS::RegisterSelfPermStateChangeCallbackStubFuzzTest(data, size);
141     return 0;
142 }
143