1 /*
2 * Copyright (c) 2023-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "externalfileaccessgetroots_fuzzer.h"
16
17 #include <cstddef>
18 #include <cstdint>
19 #include <cstring>
20 #include <memory>
21
22 #include "extension_base.h"
23 #include "extension_context.h"
24 #include "message_parcel.h"
25 #include "file_access_ext_base_stub.h"
26 #include "file_access_ext_stub_impl.h"
27 #include "file_access_ext_ability.h"
28 #include "js_file_access_ext_ability.h"
29 #include "js_runtime.h"
30 #include "securec.h"
31 #include "nativetoken_kit.h"
32 #include "token_setproc.h"
33 #include "accesstoken_kit.h"
34
35 namespace OHOS {
36 using namespace std;
37 using namespace OHOS;
38 using namespace FileAccessFwk;
39 using namespace AbilityRuntime;
40
SetNativeToken()41 void SetNativeToken()
42 {
43 uint64_t tokenId;
44 const char *perms[] = {
45 "ohos.permission.FILE_ACCESS_MANAGER",
46 "ohos.permission.GET_BUNDLE_INFO_PRIVILEGED",
47 "ohos.permission.CONNECT_FILE_ACCESS_EXTENSION"
48 };
49 NativeTokenInfoParams infoInstance = {
50 .dcapsNum = 0,
51 .permsNum = 3,
52 .aclsNum = 0,
53 .dcaps = nullptr,
54 .perms = perms,
55 .acls = nullptr,
56 .aplStr = "system_core",
57 };
58
59 infoInstance.processName = "ExternalFileAccessGetRootsFuzzTest";
60 tokenId = GetAccessTokenId(&infoInstance);
61 const uint64_t systemAppMask = (static_cast<uint64_t>(1) << 32);
62 tokenId |= systemAppMask;
63 SetSelfTokenID(tokenId);
64 OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
65 }
66
ExternalFileInterfaceFuzzTest(const uint8_t * data,size_t size)67 bool ExternalFileInterfaceFuzzTest(const uint8_t *data, size_t size)
68 {
69 SetNativeToken();
70 auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr);
71 auto fileAccessExtAbilitySharePtr = std::shared_ptr<FileAccessExtAbility>(fileAccessExtAbility);
72 sptr<FileAccessExtStubImpl> fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl(
73 fileAccessExtAbilitySharePtr, nullptr));
74
75 if (!fileAccessExtStubObj) {
76 printf("stub handler is nullptr");
77 return false;
78 }
79
80 uint32_t codeMax = 20;
81 for (uint32_t code = 1; code < codeMax; code++) {
82 MessageParcel datas;
83 MessageParcel reply;
84 MessageOption option;
85
86 datas.WriteInterfaceToken(FileAccessExtBaseStub::GetDescriptor());
87 datas.WriteBuffer(reinterpret_cast<const char*>(data), size);
88 datas.RewindRead(0);
89 fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option);
90 }
91
92 fileAccessExtAbility = nullptr;
93 fileAccessExtStubObj = nullptr;
94 return true;
95 }
96 } // namespace OHOS
97
98 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)99 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
100 {
101 OHOS::ExternalFileInterfaceFuzzTest(data, size);
102 return 0;
103 }
104