• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "oaid_fuzzer.h"
17 
18 #include <string>
19 #include <vector>
20 #include "oaid_service_stub.h"
21 #include "oaid_service.h"
22 #include "oaid_hilog_wreapper.h"
23 #include "oaid_service_ipc_interface_code.h"
24 #include "accesstoken_kit.h"
25 #include "nativetoken_kit.h"
26 #include "token_setproc.h"
27 #include "bundle_mgr_helper.h"
28 #include "oaid_file_operator.h"
29 #undef private
30 
31 using namespace std;
32 using namespace OHOS::Cloud;
33 
34 namespace OHOS {
35     const std::u16string OAID_INTERFACE_TOKEN = u"ohos.cloud.oaid.IOAIDService";
36     const std::string OAID_TRACKING_CONSENT_PERMISSION = "ohos.permission.APP_TRACKING_CONSENT";
37     const std::string OAID_TRUSTLIST_EXTENSION_CONFIG_PATH = "/etc/advertising/oaid/oaid_service_config_ext.json";
38     const std::string OAID_UPDATE = "/data/service/el1/public/database/oaid_service_manager/update_check.json";
39 
40     bool g_isGrant = false;
41 
AddPermission()42     void AddPermission()
43     {
44         (void)remove(OAID_TRUSTLIST_EXTENSION_CONFIG_PATH.c_str());
45 
46         if (!g_isGrant) {
47             Security::AccessToken::PermissionDef testPermDef = {
48                 .permissionName = OAID_TRACKING_CONSENT_PERMISSION,
49                 .bundleName = "test_oaid",
50                 .grantMode = Security::AccessToken::GrantMode::USER_GRANT,
51                 .availableLevel = Security::AccessToken::APL_SYSTEM_BASIC,
52                 .label = "label",
53                 .labelId = 1,
54                 .description = "test oaid",
55                 .descriptionId = 1,
56             };
57 
58             Security::AccessToken::PermissionStateFull testState = {
59                 .isGeneral = true,
60                 .grantStatus = {Security::AccessToken::PermissionState::PERMISSION_GRANTED},
61                 .permissionName = OAID_TRACKING_CONSENT_PERMISSION,
62                 .grantFlags = {Security::AccessToken::PermissionFlag::PERMISSION_USER_FIXED},
63                 .resDeviceID = {"local"},
64             };
65 
66             Security::AccessToken::HapInfoParams testInfoParms = {
67                 .userID = 1,
68                 .bundleName = "test_oaid",
69                 .instIndex = 0,
70                 .appIDDesc = "test",
71                 .isSystemApp = true
72             };
73 
74             Security::AccessToken::HapPolicyParams testPolicyPrams = {
75                 .apl = Security::AccessToken::APL_SYSTEM_BASIC,
76                 .domain = "test.domain",
77                 .permList = {testPermDef},
78                 .permStateList = {testState},
79             };
80 
81             auto tokenID = Security::AccessToken::AccessTokenKit::AllocHapToken(testInfoParms, testPolicyPrams);
82             SetSelfTokenID(tokenID.tokenIDEx);
83 
84             g_isGrant = true;
85         }
86     }
87 
OAIDFuzzTest(const uint8_t * rawData,size_t size)88     bool OAIDFuzzTest(const uint8_t* rawData, size_t size)
89     {
90         uint32_t startCode = static_cast<uint32_t>(OHOS::Cloud::OAIDInterfaceCode::GET_OAID);
91         uint32_t endCode = static_cast<uint32_t>(OHOS::Cloud::OAIDInterfaceCode::REGISTER_CONTROL_CONFIG_OBSERVER) + 1;
92         for (uint32_t code = startCode; code <= endCode; code++) {
93             MessageParcel data;
94             data.WriteInterfaceToken(OAID_INTERFACE_TOKEN);
95             MessageParcel reply;
96             MessageOption option;
97             auto oaidService =
98                 sptr<Cloud::OAIDService>(new (std::nothrow) Cloud::OAIDService());
99             oaidService->OnRemoteRequest(code, data, reply, option);
100         }
101         // BundleMgrHelper test
102         std::vector<AppExecFwk::BundleInfo> bundleInfos;
103         AppExecFwk::BundleInfo bundleInfo;
104         bundleInfos.push_back(bundleInfo);
105         BundleMgrHelper::GetInstance()->GetBundleInfosV9ByReqPermission(bundleInfos, -1);
106         AppExecFwk::ApplicationInfo applicationInfo;
107         BundleMgrHelper::GetInstance()->GetApplicationInfoV9WithPermission("", -1, applicationInfo);
108         BundleMgrHelper::GetInstance()->ClearBundleMgrHelper();
109         // OAIDFileOperator test
110         OAIDFileOperator::IsFileExsit(OAID_UPDATE);
111         std::string destContent = "test";
112         OAIDFileOperator::OpenAndReadFile(OAID_UPDATE, destContent);
113         OAIDFileOperator::ClearFile(OAID_UPDATE);
114         return true;
115     }
116 }
117 
118 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)119 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
120 {
121     /* Run your code on data */
122     OHOS::AddPermission();
123     OHOS::OAIDFuzzTest(data, size);
124     return 0;
125 }
126