1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <securec.h>
17 #include <thread>
18
19 #include "i_net_policy_service.h"
20 #include "net_mgr_log_wrapper.h"
21 #include "net_policy_client.h"
22 #include "net_policy_constants.h"
23 #include "net_quota_policy.h"
24 #include "netmanager_base_test_security.h"
25 #define private public
26 #include "net_policy_service.h"
27 #include "net_policy_service_stub.h"
28
29 namespace OHOS {
30 namespace NetManagerStandard {
31 namespace {
32 const uint8_t *g_baseFuzzData = nullptr;
33 static constexpr uint32_t CREATE_LIMIT_ACTION_VALUE = 2;
34 static constexpr uint32_t CREATE_NET_TYPE_VALUE = 7;
35 static constexpr uint32_t CONVERT_NUMBER_TO_BOOL = 2;
36 size_t g_baseFuzzSize = 0;
37 size_t g_baseFuzzPos;
38 constexpr size_t STR_LEN = 10;
39 } // namespace
40
41 template<class T>
GetData()42 T GetData()
43 {
44 T object {};
45 size_t objectSize = sizeof(object);
46 if (g_baseFuzzData == nullptr || objectSize > g_baseFuzzSize - g_baseFuzzPos) {
47 return object;
48 }
49 errno_t ret = memcpy_s(&object, objectSize, g_baseFuzzData + g_baseFuzzPos, objectSize);
50 if (ret != EOK) {
51 return {};
52 }
53 g_baseFuzzPos += objectSize;
54 return object;
55 }
56
GetStringFromData(int strlen)57 std::string GetStringFromData(int strlen)
58 {
59 char cstr[strlen];
60 cstr[strlen - 1] = '\0';
61 for (int i = 0; i < strlen - 1; i++) {
62 cstr[i] = GetData<char>();
63 }
64 std::string str(cstr);
65 return str;
66 }
67
68 class INetPolicyCallbackTest : public IRemoteStub<INetPolicyCallback> {
69 public:
NetUidPolicyChange(uint32_t uid,uint32_t policy)70 int32_t NetUidPolicyChange(uint32_t uid, uint32_t policy)
71 {
72 return 0;
73 }
74
NetUidRuleChange(uint32_t uid,uint32_t rule)75 int32_t NetUidRuleChange(uint32_t uid, uint32_t rule)
76 {
77 return 0;
78 }
79
NetQuotaPolicyChange(const std::vector<NetQuotaPolicy> & quotaPolicies)80 int32_t NetQuotaPolicyChange(const std::vector<NetQuotaPolicy> "aPolicies)
81 {
82 return 0;
83 }
84
NetStrategySwitch(const std::string & simId,bool enable)85 int32_t NetStrategySwitch(const std::string &simId, bool enable)
86 {
87 return 0;
88 }
89
NetMeteredIfacesChange(std::vector<std::string> & ifaces)90 int32_t NetMeteredIfacesChange(std::vector<std::string> &ifaces)
91 {
92 return 0;
93 }
94
NetBackgroundPolicyChange(bool isBackgroundPolicyAllow)95 int32_t NetBackgroundPolicyChange(bool isBackgroundPolicyAllow)
96 {
97 return 0;
98 }
99 };
100
101 static bool g_isInited = false;
102
Init()103 void Init()
104 {
105 if (!g_isInited) {
106 DelayedSingleton<NetPolicyService>::GetInstance()->Init();
107 g_isInited = true;
108 }
109 }
110
OnRemoteRequest(uint32_t code,MessageParcel & data)111 int32_t OnRemoteRequest(uint32_t code, MessageParcel &data)
112 {
113 if (!g_isInited) {
114 Init();
115 }
116
117 MessageParcel reply;
118 MessageOption option;
119
120 return DelayedSingleton<NetPolicyService>::GetInstance()->OnRemoteRequest(code, data, reply, option);
121 }
122
WriteInterfaceToken(MessageParcel & data)123 bool WriteInterfaceToken(MessageParcel &data)
124 {
125 if (!data.WriteInterfaceToken(NetPolicyServiceStub::GetDescriptor())) {
126 return false;
127 }
128 return true;
129 }
130
SetPolicyByUidFuzzTest(const uint8_t * data,size_t size)131 void SetPolicyByUidFuzzTest(const uint8_t *data, size_t size)
132 {
133 if ((data == nullptr) || (size == 0)) {
134 return;
135 }
136 g_baseFuzzData = data;
137 g_baseFuzzSize = size;
138 g_baseFuzzPos = 0;
139
140 NetManagerBaseAccessToken token;
141 uint32_t uid = GetData<uint32_t>();
142 uint32_t policy = GetData<uint32_t>() % 3;
143
144 MessageParcel dataParcel;
145 if (!WriteInterfaceToken(dataParcel)) {
146 return;
147 }
148 dataParcel.WriteUint32(uid);
149 dataParcel.WriteUint32(policy);
150
151 OnRemoteRequest(static_cast<uint32_t>(PolicyInterfaceCode::CMD_NPS_SET_POLICY_BY_UID), dataParcel);
152 }
153
GetPolicyByUidFuzzTest(const uint8_t * data,size_t size)154 void GetPolicyByUidFuzzTest(const uint8_t *data, size_t size)
155 {
156 if ((data == nullptr) || (size == 0)) {
157 return;
158 }
159 g_baseFuzzData = data;
160 g_baseFuzzSize = size;
161 g_baseFuzzPos = 0;
162 NetManagerBaseAccessToken token;
163 uint32_t uid = GetData<uint32_t>();
164
165 MessageParcel dataParcel;
166 if (!WriteInterfaceToken(dataParcel)) {
167 return;
168 }
169 dataParcel.WriteUint32(uid);
170
171 OnRemoteRequest(static_cast<uint32_t>(PolicyInterfaceCode::CMD_NPS_GET_POLICY_BY_UID), dataParcel);
172 }
173
GetUidsByPolicyFuzzTest(const uint8_t * data,size_t size)174 void GetUidsByPolicyFuzzTest(const uint8_t *data, size_t size)
175 {
176 if ((data == nullptr) || (size == 0)) {
177 return;
178 }
179 NetManagerBaseAccessToken token;
180
181 MessageParcel dataParcel;
182 if (!WriteInterfaceToken(dataParcel)) {
183 return;
184 }
185 uint32_t policy = GetData<uint32_t>() % 3;
186 dataParcel.WriteUint32(policy);
187
188 OnRemoteRequest(static_cast<uint32_t>(PolicyInterfaceCode::CMD_NPS_GET_UIDS_BY_POLICY), dataParcel);
189 }
190
SetBackgroundPolicyFuzzTest(const uint8_t * data,size_t size)191 void SetBackgroundPolicyFuzzTest(const uint8_t *data, size_t size)
192 {
193 if ((data == nullptr) || (size == 0)) {
194 return;
195 }
196 g_baseFuzzData = data;
197 g_baseFuzzSize = size;
198 g_baseFuzzPos = 0;
199
200 NetManagerBaseAccessToken token;
201 bool isBackgroundPolicyAllow = GetData<uint32_t>() % CONVERT_NUMBER_TO_BOOL == 0;
202
203 MessageParcel dataParcel;
204 if (!WriteInterfaceToken(dataParcel)) {
205 return;
206 }
207 dataParcel.WriteBool(isBackgroundPolicyAllow);
208 OnRemoteRequest(static_cast<uint32_t>(PolicyInterfaceCode::CMD_NPS_SET_BACKGROUND_POLICY), dataParcel);
209 }
210
GetBackgroundPolicyByUidFuzzTest(const uint8_t * data,size_t size)211 void GetBackgroundPolicyByUidFuzzTest(const uint8_t *data, size_t size)
212 {
213 if ((data == nullptr) || (size == 0)) {
214 return;
215 }
216 g_baseFuzzData = data;
217 g_baseFuzzSize = size;
218 g_baseFuzzPos = 0;
219 NetManagerBaseAccessToken token;
220 uint32_t uid = GetData<uint32_t>();
221
222 MessageParcel dataParcel;
223 if (!WriteInterfaceToken(dataParcel)) {
224 return;
225 }
226 dataParcel.WriteUint32(uid);
227 OnRemoteRequest(static_cast<uint32_t>(PolicyInterfaceCode::CMD_NPS_GET_BACKGROUND_POLICY_BY_UID), dataParcel);
228 }
229
SetCellularPoliciesFuzzTest(const uint8_t * data,size_t size)230 void SetCellularPoliciesFuzzTest(const uint8_t *data, size_t size)
231 {
232 if ((data == nullptr) || (size == 0)) {
233 return;
234 }
235 NetManagerBaseAccessToken token;
236
237 uint32_t vectorSize = GetData<uint32_t>() % 21;
238 std::vector<NetQuotaPolicy> quotaPolicies;
239 for (uint32_t i = 0; i < vectorSize; i++) {
240 NetQuotaPolicy netQuotaPolicy;
241 netQuotaPolicy.networkmatchrule.netType = GetData<uint32_t>() % CREATE_NET_TYPE_VALUE;
242
243 netQuotaPolicy.networkmatchrule.simId = GetStringFromData(STR_LEN);
244 netQuotaPolicy.networkmatchrule.ident = GetStringFromData(STR_LEN);
245 netQuotaPolicy.quotapolicy.periodStartTime = GetData<int64_t>();
246 netQuotaPolicy.quotapolicy.periodDuration = GetStringFromData(STR_LEN);
247
248 netQuotaPolicy.quotapolicy.warningBytes = GetData<int64_t>();
249 netQuotaPolicy.quotapolicy.limitBytes = GetData<int64_t>();
250 netQuotaPolicy.quotapolicy.metered = GetData<uint32_t>() % CONVERT_NUMBER_TO_BOOL == 0;
251 netQuotaPolicy.quotapolicy.limitAction = GetData<uint32_t>() % CREATE_LIMIT_ACTION_VALUE == 0;
252
253 quotaPolicies.push_back(netQuotaPolicy);
254 }
255
256 MessageParcel dataParcel;
257 if (!WriteInterfaceToken(dataParcel)) {
258 return;
259 }
260
261 NetQuotaPolicy::Marshalling(dataParcel, quotaPolicies);
262
263 OnRemoteRequest(static_cast<uint32_t>(PolicyInterfaceCode::CMD_NPS_SET_NET_QUOTA_POLICIES), dataParcel);
264 }
265
RegisterNetPolicyCallbackFuzzTest(const uint8_t * data,size_t size)266 void RegisterNetPolicyCallbackFuzzTest(const uint8_t *data, size_t size)
267 {
268 if ((data == nullptr) || (size == 0)) {
269 return;
270 }
271 NetManagerBaseAccessToken token;
272 sptr<INetPolicyCallbackTest> callback = new (std::nothrow) INetPolicyCallbackTest();
273 if (callback == nullptr) {
274 return;
275 }
276
277 MessageParcel dataParcel;
278 if (!WriteInterfaceToken(dataParcel)) {
279 return;
280 }
281
282 dataParcel.WriteRemoteObject(callback->AsObject().GetRefPtr());
283
284 OnRemoteRequest(static_cast<uint32_t>(PolicyInterfaceCode::CMD_NPS_REGISTER_NET_POLICY_CALLBACK), dataParcel);
285 }
286
UnregisterNetPolicyCallbackFuzzTest(const uint8_t * data,size_t size)287 void UnregisterNetPolicyCallbackFuzzTest(const uint8_t *data, size_t size)
288 {
289 if ((data == nullptr) || (size == 0)) {
290 return;
291 }
292 NetManagerBaseAccessToken token;
293 sptr<INetPolicyCallbackTest> callback = new (std::nothrow) INetPolicyCallbackTest();
294 if (callback == nullptr) {
295 return;
296 }
297
298 MessageParcel dataParcel;
299 if (!WriteInterfaceToken(dataParcel)) {
300 return;
301 }
302
303 dataParcel.WriteRemoteObject(callback->AsObject().GetRefPtr());
304
305 OnRemoteRequest(static_cast<uint32_t>(PolicyInterfaceCode::CMD_NPS_UNREGISTER_NET_POLICY_CALLBACK), dataParcel);
306 }
307
GetNetQuotaPoliciesFuzzTest(const uint8_t * data,size_t size)308 void GetNetQuotaPoliciesFuzzTest(const uint8_t *data, size_t size)
309 {
310 if ((data == nullptr) || (size == 0)) {
311 return;
312 }
313 NetManagerBaseAccessToken token;
314 MessageParcel dataParcel;
315 if (!WriteInterfaceToken(dataParcel)) {
316 return;
317 }
318
319 OnRemoteRequest(static_cast<uint32_t>(PolicyInterfaceCode::CMD_NPS_GET_NET_QUOTA_POLICIES), dataParcel);
320 }
321
SetNetQuotaPoliciesFuzzTest(const uint8_t * data,size_t size)322 void SetNetQuotaPoliciesFuzzTest(const uint8_t *data, size_t size)
323 {
324 if ((data == nullptr) || (size == 0)) {
325 return;
326 }
327 NetManagerBaseAccessToken token;
328
329 uint32_t vectorSize = GetData<uint32_t>() % 21;
330 std::vector<NetQuotaPolicy> quotaPolicies;
331 for (uint32_t i = 0; i < vectorSize; i++) {
332 NetQuotaPolicy netQuotaPolicy;
333 netQuotaPolicy.networkmatchrule.netType = GetData<uint32_t>() % CREATE_NET_TYPE_VALUE;
334
335 netQuotaPolicy.networkmatchrule.simId = GetStringFromData(STR_LEN);
336 netQuotaPolicy.networkmatchrule.ident = GetStringFromData(STR_LEN);
337 netQuotaPolicy.quotapolicy.periodStartTime = GetData<int64_t>();
338 netQuotaPolicy.quotapolicy.periodDuration = GetStringFromData(STR_LEN);
339
340 netQuotaPolicy.quotapolicy.warningBytes = GetData<int64_t>();
341 netQuotaPolicy.quotapolicy.limitBytes = GetData<int64_t>();
342 netQuotaPolicy.quotapolicy.metered = GetData<uint32_t>() % CONVERT_NUMBER_TO_BOOL == 0;
343 netQuotaPolicy.quotapolicy.limitAction = GetData<uint32_t>() % CREATE_LIMIT_ACTION_VALUE == 0;
344
345 quotaPolicies.push_back(netQuotaPolicy);
346 }
347
348 MessageParcel dataParcel;
349 if (!WriteInterfaceToken(dataParcel)) {
350 return;
351 }
352 NetQuotaPolicy::Marshalling(dataParcel, quotaPolicies);
353
354 OnRemoteRequest(static_cast<uint32_t>(PolicyInterfaceCode::CMD_NPS_SET_NET_QUOTA_POLICIES), dataParcel);
355 }
356
IsUidNetAllowedFuzzTest(const uint8_t * data,size_t size)357 void IsUidNetAllowedFuzzTest(const uint8_t *data, size_t size)
358 {
359 if ((data == nullptr) || (size == 0)) {
360 return;
361 }
362 g_baseFuzzData = data;
363 g_baseFuzzSize = size;
364 g_baseFuzzPos = 0;
365 NetManagerBaseAccessToken token;
366 uint32_t uid = GetData<uint32_t>();
367 bool metered = uid % CONVERT_NUMBER_TO_BOOL == 0;
368 std::string ifaceName = GetStringFromData(STR_LEN);
369
370 MessageParcel dataParcel;
371 if (!WriteInterfaceToken(dataParcel)) {
372 return;
373 }
374
375 dataParcel.WriteUint32(uid);
376 dataParcel.WriteBool(metered);
377
378 OnRemoteRequest(static_cast<uint32_t>(PolicyInterfaceCode::CMD_NPS_IS_NET_ALLOWED_BY_METERED), dataParcel);
379
380 MessageParcel dataParcel2;
381 if (!WriteInterfaceToken(dataParcel2)) {
382 return;
383 }
384
385 dataParcel2.WriteUint32(uid);
386 dataParcel2.WriteString(ifaceName);
387
388 OnRemoteRequest(static_cast<uint32_t>(PolicyInterfaceCode::CMD_NPS_IS_NET_ALLOWED_BY_IFACE), dataParcel2);
389 }
390
ResetPoliciesFuzzTest(const uint8_t * data,size_t size)391 void ResetPoliciesFuzzTest(const uint8_t *data, size_t size)
392 {
393 if ((data == nullptr) || (size == 0)) {
394 return;
395 }
396 g_baseFuzzData = data;
397 g_baseFuzzSize = size;
398 g_baseFuzzPos = 0;
399 NetManagerBaseAccessToken token;
400 std::string simId = GetStringFromData(STR_LEN);
401
402 MessageParcel dataParcel;
403 if (!WriteInterfaceToken(dataParcel)) {
404 return;
405 }
406
407 dataParcel.WriteString(simId);
408
409 OnRemoteRequest(static_cast<uint32_t>(PolicyInterfaceCode::CMD_NPS_RESET_POLICIES), dataParcel);
410 }
411
UpdateRemindPolicyFuzzTest(const uint8_t * data,size_t size)412 void UpdateRemindPolicyFuzzTest(const uint8_t *data, size_t size)
413 {
414 if ((data == nullptr) || (size == 0)) {
415 return;
416 }
417 g_baseFuzzData = data;
418 g_baseFuzzSize = size;
419 g_baseFuzzPos = 0;
420
421 NetManagerBaseAccessToken token;
422 int32_t netType = GetData<int32_t>();
423 uint32_t remindType = GetData<uint32_t>();
424 std::string simId = GetStringFromData(STR_LEN);
425
426 MessageParcel dataParcel;
427 if (!WriteInterfaceToken(dataParcel)) {
428 return;
429 }
430
431 dataParcel.WriteInt32(netType);
432 dataParcel.WriteString(simId);
433 dataParcel.WriteUint32(remindType);
434
435 OnRemoteRequest(static_cast<uint32_t>(PolicyInterfaceCode::CMD_NPS_UPDATE_REMIND_POLICY), dataParcel);
436 }
437
SetDeviceIdleTrustlistFuzzTest(const uint8_t * data,size_t size)438 void SetDeviceIdleTrustlistFuzzTest(const uint8_t *data, size_t size)
439 {
440 if ((data == nullptr) || (size == 0)) {
441 return;
442 }
443 g_baseFuzzData = data;
444 g_baseFuzzSize = size;
445 g_baseFuzzPos = 0;
446
447 NetManagerBaseAccessToken token;
448 bool isAllowed = GetData<int32_t>() % CONVERT_NUMBER_TO_BOOL == 0;
449 std::vector<uint32_t> uids = GetData<std::vector<uint32_t>>();
450
451 MessageParcel dataParcel;
452 if (!WriteInterfaceToken(dataParcel)) {
453 return;
454 }
455
456 dataParcel.WriteUInt32Vector(uids);
457 dataParcel.WriteBool(isAllowed);
458
459 OnRemoteRequest(static_cast<uint32_t>(PolicyInterfaceCode::CMD_NPS_SET_IDLE_TRUSTLIST), dataParcel);
460 }
461
SetDeviceIdlePolicyFuzzTest(const uint8_t * data,size_t size)462 void SetDeviceIdlePolicyFuzzTest(const uint8_t *data, size_t size)
463 {
464 if ((data == nullptr) || (size == 0)) {
465 return;
466 }
467 g_baseFuzzData = data;
468 g_baseFuzzSize = size;
469 g_baseFuzzPos = 0;
470
471 NetManagerBaseAccessToken token;
472 bool enable = GetData<int32_t>() % CONVERT_NUMBER_TO_BOOL == 0;
473
474 MessageParcel dataParcel;
475 if (!WriteInterfaceToken(dataParcel)) {
476 return;
477 }
478
479 dataParcel.WriteBool(enable);
480
481 OnRemoteRequest(static_cast<uint32_t>(PolicyInterfaceCode::CMD_NPS_SET_DEVICE_IDLE_POLICY), dataParcel);
482 }
483
SetPowerSaveTrustlistFuzzTest(const uint8_t * data,size_t size)484 void SetPowerSaveTrustlistFuzzTest(const uint8_t *data, size_t size)
485 {
486 if ((data == nullptr) || (size <= 0)) {
487 return;
488 }
489 g_baseFuzzData = data;
490 g_baseFuzzSize = size;
491 g_baseFuzzPos = 0;
492
493 NetManagerBaseAccessToken token;
494
495 MessageParcel dataParcel;
496 if (!WriteInterfaceToken(dataParcel)) {
497 return;
498 }
499
500 bool isAllowed = GetData<int32_t>() % CONVERT_NUMBER_TO_BOOL == 0;
501 std::vector<uint32_t> uids = GetData<std::vector<uint32_t>>();
502 dataParcel.WriteBool(isAllowed);
503 dataParcel.WriteUInt32Vector(uids);
504
505 OnRemoteRequest(static_cast<uint32_t>(PolicyInterfaceCode::CMD_NPS_SET_POWER_SAVE_TRUSTLIST), dataParcel);
506 }
507
GetPowerSaveTrustlistFuzzTest(const uint8_t * data,size_t size)508 void GetPowerSaveTrustlistFuzzTest(const uint8_t *data, size_t size)
509 {
510 if ((data == nullptr) || (size <= 0)) {
511 return;
512 }
513 g_baseFuzzData = data;
514 g_baseFuzzSize = size;
515 g_baseFuzzPos = 0;
516
517 NetManagerBaseAccessToken token;
518
519 MessageParcel dataParcel;
520 if (!WriteInterfaceToken(dataParcel)) {
521 return;
522 }
523
524 OnRemoteRequest(static_cast<uint32_t>(PolicyInterfaceCode::CMD_NPS_GET_POWER_SAVE_TRUSTLIST), dataParcel);
525 }
526 } // namespace NetManagerStandard
527 } // namespace OHOS
528
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)529 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
530 {
531 /* Run your code on data */
532 OHOS::NetManagerStandard::SetPolicyByUidFuzzTest(data, size);
533 OHOS::NetManagerStandard::GetPolicyByUidFuzzTest(data, size);
534 OHOS::NetManagerStandard::GetUidsByPolicyFuzzTest(data, size);
535 OHOS::NetManagerStandard::GetBackgroundPolicyByUidFuzzTest(data, size);
536 OHOS::NetManagerStandard::SetCellularPoliciesFuzzTest(data, size);
537 OHOS::NetManagerStandard::RegisterNetPolicyCallbackFuzzTest(data, size);
538 OHOS::NetManagerStandard::GetNetQuotaPoliciesFuzzTest(data, size);
539 OHOS::NetManagerStandard::SetNetQuotaPoliciesFuzzTest(data, size);
540 OHOS::NetManagerStandard::IsUidNetAllowedFuzzTest(data, size);
541 OHOS::NetManagerStandard::ResetPoliciesFuzzTest(data, size);
542 OHOS::NetManagerStandard::UpdateRemindPolicyFuzzTest(data, size);
543 OHOS::NetManagerStandard::SetDeviceIdleTrustlistFuzzTest(data, size);
544 OHOS::NetManagerStandard::SetDeviceIdlePolicyFuzzTest(data, size);
545 OHOS::NetManagerStandard::SetPowerSaveTrustlistFuzzTest(data, size);
546 OHOS::NetManagerStandard::GetPowerSaveTrustlistFuzzTest(data, size);
547 OHOS::NetManagerStandard::UnregisterNetPolicyCallbackFuzzTest(data, size);
548 return 0;
549 }