1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "user_idm_service_fuzzer.h"
17
18 #include "parcel.h"
19 #include "securec.h"
20
21 #include "iam_fuzz_test.h"
22 #include "iam_logger.h"
23 #include "user_idm_service.h"
24 #include "user_idm_callback_proxy.h"
25 #include "dummy_iam_callback_interface.h"
26
27 #undef private
28
29 using namespace std;
30 using namespace OHOS::UserIam::Common;
31
32 #define LOG_TAG "USER_AUTH_SA"
33
34 namespace OHOS {
35 namespace UserIam {
36 namespace UserAuth {
37 namespace {
38 const int CMD_LEN = 19;
39 std::u16string cmd[] = {u"-h", u"-lc", u"-ls", u"-c", u"-c [base system]", u"-s", u"-s [SA0 SA1]", u"-s [SA] -a [-h]",
40 u"-e", u"--net", u"--storage", u"-p", u"-p [pid]", u"--cpuusage [pid]", u"cified pid", u"--cpufreq", u"--mem [pid]",
41 u"--zip", u"--mem-smaps pid [-v]"};
42
43 class DummyIdmGetCredentialInfoCallback : public IdmGetCredInfoCallbackInterface {
44 public:
OnCredentialInfos(const std::vector<CredentialInfo> & credInfoList)45 void OnCredentialInfos(const std::vector<CredentialInfo> &credInfoList) override
46 {
47 IAM_LOGI("start");
48 return;
49 }
50
AsObject()51 sptr<IRemoteObject> AsObject() override
52 {
53 sptr<IRemoteObject> tmp(nullptr);
54 return tmp;
55 }
56 };
57
58 class DummyIdmGetSecureUserInfoCallback : public IdmGetSecureUserInfoCallbackInterface {
59 public:
OnSecureUserInfo(const SecUserInfo & secUserInfo)60 void OnSecureUserInfo(const SecUserInfo &secUserInfo) override
61 {
62 IAM_LOGI("start");
63 return;
64 }
65
AsObject()66 sptr<IRemoteObject> AsObject() override
67 {
68 sptr<IRemoteObject> tmp(nullptr);
69 return tmp;
70 }
71 };
72
73 class DummyIdmCallback : public IdmCallbackInterface {
74 public:
OnResult(int32_t result,const Attributes & reqRet)75 void OnResult(int32_t result, const Attributes &reqRet) override
76 {
77 IAM_LOGI("start");
78 return;
79 }
80
OnAcquireInfo(int32_t module,int32_t acquire,const Attributes & reqRet)81 void OnAcquireInfo(int32_t module, int32_t acquire, const Attributes &reqRet) override
82 {
83 IAM_LOGI("start");
84 return;
85 }
86
AsObject()87 sptr<IRemoteObject> AsObject() override
88 {
89 sptr<IRemoteObject> tmp(nullptr);
90 return tmp;
91 }
92 };
93
GetFuzzOptionalUserId(Parcel & parcel)94 int32_t GetFuzzOptionalUserId(Parcel &parcel)
95 {
96 if (parcel.ReadBool()) {
97 return parcel.ReadInt32();
98 }
99 return 0;
100 }
101
GetFuzzIdmGetCredentialInfoCallback(Parcel & parcel)102 sptr<IdmGetCredInfoCallbackInterface> GetFuzzIdmGetCredentialInfoCallback(Parcel &parcel)
103 {
104 sptr<IdmGetCredInfoCallbackInterface> tmp(nullptr);
105 if (parcel.ReadBool()) {
106 tmp = sptr<IdmGetCredInfoCallbackInterface>(new (std::nothrow) DummyIdmGetCredentialInfoCallback());
107 }
108 return tmp;
109 }
110
GetFuzzIdmGetSecureUserInfoCallback(Parcel & parcel)111 sptr<IdmGetSecureUserInfoCallbackInterface> GetFuzzIdmGetSecureUserInfoCallback(Parcel &parcel)
112 {
113 sptr<IdmGetSecureUserInfoCallbackInterface> tmp(nullptr);
114 if (parcel.ReadBool()) {
115 tmp = sptr<IdmGetSecureUserInfoCallbackInterface>(new (std::nothrow) DummyIdmGetSecureUserInfoCallback());
116 }
117 return tmp;
118 }
119
GetFuzzIdmCallback(Parcel & parcel)120 sptr<IdmCallbackInterface> GetFuzzIdmCallback(Parcel &parcel)
121 {
122 sptr<IdmCallbackInterface> tmp(nullptr);
123 if (parcel.ReadBool()) {
124 tmp = sptr<IdmCallbackInterface>(new (std::nothrow) DummyIdmCallback());
125 }
126 return tmp;
127 }
128
129 UserIdmService g_UserIdmService(SUBSYS_USERIAM_SYS_ABILITY_USERIDM, true);
130
FuzzOpenSession(Parcel & parcel)131 void FuzzOpenSession(Parcel &parcel)
132 {
133 IAM_LOGI("begin");
134 int32_t userId = GetFuzzOptionalUserId(parcel);
135 std::vector<uint8_t> challenge;
136 FillFuzzUint8Vector(parcel, challenge);
137 g_UserIdmService.OpenSession(userId, challenge);
138 IAM_LOGI("end");
139 }
140
FuzzCloseSession(Parcel & parcel)141 void FuzzCloseSession(Parcel &parcel)
142 {
143 IAM_LOGI("begin");
144 int32_t userId = GetFuzzOptionalUserId(parcel);
145 g_UserIdmService.CloseSession(userId);
146 IAM_LOGI("end");
147 }
148
FuzzGetCredentialInfo(Parcel & parcel)149 void FuzzGetCredentialInfo(Parcel &parcel)
150 {
151 IAM_LOGI("begin");
152 int32_t userId = GetFuzzOptionalUserId(parcel);
153 AuthType authType = static_cast<AuthType>(parcel.ReadUint32());
154 sptr<IdmGetCredInfoCallbackInterface> callback = GetFuzzIdmGetCredentialInfoCallback(parcel);
155 g_UserIdmService.GetCredentialInfo(userId, authType, callback);
156 IAM_LOGI("end");
157 }
158
FuzzGetSecInfo(Parcel & parcel)159 void FuzzGetSecInfo(Parcel &parcel)
160 {
161 IAM_LOGI("begin");
162 int32_t userId = GetFuzzOptionalUserId(parcel);
163 sptr<IdmGetSecureUserInfoCallbackInterface> callback = GetFuzzIdmGetSecureUserInfoCallback(parcel);
164 g_UserIdmService.GetSecInfo(userId, callback);
165 IAM_LOGI("end");
166 }
167
FuzzAddCredential(Parcel & parcel)168 void FuzzAddCredential(Parcel &parcel)
169 {
170 IAM_LOGI("begin");
171 int32_t userId = parcel.ReadInt32();
172 UserIdmInterface::CredentialPara para = {};
173 para.authType = static_cast<AuthType>(parcel.ReadInt32());
174 para.pinType = static_cast<PinSubType>(parcel.ReadInt32());
175 FillFuzzUint8Vector(parcel, para.token);
176 sptr<IdmCallbackInterface> callback = GetFuzzIdmCallback(parcel);
177 g_UserIdmService.AddCredential(userId, para, callback, false);
178 IAM_LOGI("end");
179 }
180
FuzzUpdateCredential(Parcel & parcel)181 void FuzzUpdateCredential(Parcel &parcel)
182 {
183 IAM_LOGI("begin");
184 int32_t userId = parcel.ReadInt32();
185 UserIdmInterface::CredentialPara para = {};
186 para.authType = static_cast<AuthType>(parcel.ReadInt32());
187 para.pinType = static_cast<PinSubType>(parcel.ReadInt32());
188 FillFuzzUint8Vector(parcel, para.token);
189 sptr<IdmCallbackInterface> callback = GetFuzzIdmCallback(parcel);
190 g_UserIdmService.UpdateCredential(userId, para, callback);
191 IAM_LOGI("end");
192 }
193
FuzzCancel(Parcel & parcel)194 void FuzzCancel(Parcel &parcel)
195 {
196 IAM_LOGI("begin");
197 int32_t userId = parcel.ReadInt32();
198 g_UserIdmService.Cancel(userId);
199 IAM_LOGI("end");
200 }
201
FuzzEnforceDelUser(Parcel & parcel)202 void FuzzEnforceDelUser(Parcel &parcel)
203 {
204 IAM_LOGI("begin");
205 int32_t userId = parcel.ReadInt32();
206 sptr<IdmCallbackInterface> callback = GetFuzzIdmCallback(parcel);
207 g_UserIdmService.EnforceDelUser(userId, callback);
208 IAM_LOGI("end");
209 }
210
FuzzDelUser(Parcel & parcel)211 void FuzzDelUser(Parcel &parcel)
212 {
213 IAM_LOGI("begin");
214 int32_t userId = parcel.ReadInt32();
215 std::vector<uint8_t> authToken;
216 FillFuzzUint8Vector(parcel, authToken);
217 sptr<IdmCallbackInterface> callback = GetFuzzIdmCallback(parcel);
218 g_UserIdmService.DelUser(userId, authToken, callback);
219 IAM_LOGI("end");
220 }
221
FuzzDump(Parcel & parcel)222 void FuzzDump(Parcel &parcel)
223 {
224 IAM_LOGI("FuzzDump begin");
225 std::vector<uint8_t> msg;
226 Common::FillFuzzUint8Vector(parcel, msg);
227 int32_t fd = parcel.ReadInt32();
228 std::vector<std::u16string> args;
229 for (uint32_t i = 0; i < msg.size(); i++) {
230 args.push_back(cmd[msg[i] % CMD_LEN]);
231 }
232 g_UserIdmService.Dump(fd, args);
233 IAM_LOGI("FuzzDump end");
234 }
235
DelCredential(Parcel & parcel)236 void DelCredential(Parcel &parcel)
237 {
238 IAM_LOGI("begin");
239 int32_t userId = parcel.ReadInt32();
240 uint64_t credentialId = parcel.ReadUint64();
241 std::vector<uint8_t> authToken;
242 FillFuzzUint8Vector(parcel, authToken);
243 sptr<IdmCallbackInterface> callback = GetFuzzIdmCallback(parcel);
244 g_UserIdmService.DelCredential(userId, credentialId, authToken, callback);
245 IAM_LOGI("end");
246 }
247
FuzzClearRedundancyCredential(Parcel & parcel)248 void FuzzClearRedundancyCredential(Parcel &parcel)
249 {
250 IAM_LOGI("begin");
251 sptr<IdmCallbackInterface> callback = GetFuzzIdmCallback(parcel);
252 g_UserIdmService.ClearRedundancyCredential(callback);
253 IAM_LOGI("end");
254 }
255
FuzzClearRedundancyCredentialInner(Parcel & parcel)256 void FuzzClearRedundancyCredentialInner(Parcel &parcel)
257 {
258 IAM_LOGI("begin");
259 g_UserIdmService.ClearRedundancyCredentialInner();
260 IAM_LOGI("end");
261 }
262
FuzzEnforceDelUserInner(Parcel & parcel)263 void FuzzEnforceDelUserInner(Parcel &parcel)
264 {
265 IAM_LOGI("begin");
266 int32_t userId = 100;
267 sptr<IamCallbackInterface> iamCallback = sptr<IamCallbackInterface>(new (nothrow) DummyIamCallbackInterface);
268 std::shared_ptr<ContextCallback> callbackForTrace =
269 ContextCallback::NewInstance(iamCallback, TRACE_ENFORCE_DELETE_USER);
270 std::string changeReasonTrace = parcel.ReadString();
271 g_UserIdmService.EnforceDelUserInner(userId, callbackForTrace, changeReasonTrace);
272 IAM_LOGI("end");
273 }
274
FuzzCancelCurrentEnroll(Parcel & parcel)275 void FuzzCancelCurrentEnroll(Parcel &parcel)
276 {
277 IAM_LOGI("begin");
278 g_UserIdmService.CancelCurrentEnroll();
279 g_UserIdmService.CancelCurrentEnrollIfExist();
280 IAM_LOGI("end");
281 }
282
FuzzStartEnroll(Parcel & parcel)283 void FuzzStartEnroll(Parcel &parcel)
284 {
285 IAM_LOGI("begin");
286 Enrollment::EnrollmentPara para = {};
287 sptr<IamCallbackInterface> iamCallback = sptr<IamCallbackInterface>(new (nothrow) DummyIamCallbackInterface);
288 std::shared_ptr<ContextCallback> contextCallback = ContextCallback::NewInstance(iamCallback, TRACE_ADD_CREDENTIAL);
289 Attributes extraInfo;
290 g_UserIdmService.StartEnroll(para, contextCallback, extraInfo);
291 IAM_LOGI("end");
292 }
293
FuzzCheckEnrollPermissionAndEnableStatus(Parcel & parcel)294 void FuzzCheckEnrollPermissionAndEnableStatus(Parcel &parcel)
295 {
296 IAM_LOGI("begin");
297 sptr<IamCallbackInterface> iamCallback = sptr<IamCallbackInterface>(new (nothrow) DummyIamCallbackInterface);
298 std::shared_ptr<ContextCallback> contextCallback = ContextCallback::NewInstance(iamCallback, TRACE_ADD_CREDENTIAL);
299 AuthType authType = PIN;
300 g_UserIdmService.CheckEnrollPermissionAndEnableStatus(contextCallback, authType);
301 IAM_LOGI("end");
302 }
303
304 using FuzzFunc = decltype(FuzzOpenSession);
305 FuzzFunc *g_fuzzFuncs[] = {
306 FuzzOpenSession,
307 FuzzCloseSession,
308 FuzzGetCredentialInfo,
309 FuzzGetSecInfo,
310 FuzzAddCredential,
311 FuzzUpdateCredential,
312 FuzzCancel,
313 FuzzEnforceDelUser,
314 FuzzDelUser,
315 DelCredential,
316 FuzzClearRedundancyCredential,
317 FuzzDump,
318 FuzzClearRedundancyCredentialInner,
319 FuzzEnforceDelUserInner,
320 FuzzCancelCurrentEnroll,
321 FuzzStartEnroll,
322 FuzzCheckEnrollPermissionAndEnableStatus,
323 };
324
UserIdmFuzzTest(const uint8_t * data,size_t size)325 void UserIdmFuzzTest(const uint8_t *data, size_t size)
326 {
327 Parcel parcel;
328 parcel.WriteBuffer(data, size);
329 parcel.RewindRead(0);
330 uint32_t index = parcel.ReadUint32() % (sizeof(g_fuzzFuncs) / sizeof(FuzzFunc *));
331 auto fuzzFunc = g_fuzzFuncs[index];
332 fuzzFunc(parcel);
333 return;
334 }
335 } // namespace
336 } // namespace UserAuth
337 } // namespace UserIam
338 } // namespace OHOS
339
340 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)341 extern "C" int32_t LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
342 {
343 OHOS::UserIam::UserAuth::UserIdmFuzzTest(data, size);
344 return 0;
345 }
346