1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "accesstoken_kit.h"
17 #include "access_token.h"
18 #include "access_token_error.h"
19 #include "nativetoken_kit.h"
20 #include "token_setproc.h"
21 #include "fuzz_common_base.h"
22
23 extern "C" {
24 static constexpr uint32_t U32_AT_SIZE = 3;
25 static constexpr uint32_t MAX_MEMORY_SIZE = 4 * 1024 * 1024;
26
27 using namespace OHOS::Security::AccessToken;
28
GetU32Size()29 uint32_t GetU32Size()
30 {
31 return U32_AT_SIZE;
32 }
33
GetU32Data(const char * ptr)34 uint32_t GetU32Data(const char* ptr)
35 {
36 // convert fuzz input data to an integer
37 return (ptr[0] << 16) | (ptr[1] << 8) | ptr[2];
38 }
39
ParseData(const uint8_t * data,size_t size)40 char* ParseData(const uint8_t* data, size_t size)
41 {
42 if (data == nullptr) {
43 return nullptr;
44 }
45
46 if (size > MAX_MEMORY_SIZE) {
47 return nullptr;
48 }
49
50 char* ch = (char *)malloc(size + 1);
51 if (ch == nullptr) {
52 return nullptr;
53 }
54
55 (void)memset_s(ch, size + 1, 0x00, size + 1);
56 if (memcpy_s(ch, size, data, size) != EOK) {
57 free(ch);
58 ch = nullptr;
59 return nullptr;
60 }
61
62 return ch;
63 }
64
NativeTokenGet(const std::vector<std::string> & permissions)65 void NativeTokenGet(const std::vector<std::string> &permissions)
66 {
67 uint64_t tokenId;
68 size_t size = permissions.size();
69 const char **perms = new const char *[size];
70 for (size_t i = 0; i < permissions.size(); i++) {
71 perms[i] = permissions[i].c_str();
72 }
73
74 NativeTokenInfoParams infoInstance = {
75 .dcapsNum = 0,
76 .permsNum = size,
77 .aclsNum = 0,
78 .dcaps = nullptr,
79 .perms = perms,
80 .acls = nullptr,
81 .aplStr = "system_core",
82 };
83
84 infoInstance.processName = "AnsFuzzTest";
85 tokenId = GetAccessTokenId(&infoInstance);
86 SetSelfTokenID(tokenId);
87 AccessTokenKit::ReloadNativeTokenInfo();
88 delete []perms;
89 }
90
SystemHapTokenGet(const std::vector<std::string> & permissions)91 void SystemHapTokenGet(const std::vector<std::string> &permissions)
92 {
93
94 HapPolicyParams hapPolicyPrams = {
95 .apl = APL_NORMAL,
96 .domain = "test.fuzz.ans",
97 .permList = {},
98 .permStateList = {}
99 };
100
101 for (auto permission : permissions) {
102 PermissionStateFull permStateFull = {
103 .permissionName = permission,
104 .isGeneral = false,
105 .resDeviceID = {"device 1", "device 2"},
106 .grantStatus = {PermissionState::PERMISSION_GRANTED, PermissionState::PERMISSION_GRANTED},
107 .grantFlags = {1, 2}
108 };
109 PermissionDef permDef = {
110 .permissionName = permission,
111 .bundleName = "test.fuzz.ans",
112 .grantMode = 1,
113 .availableLevel = APL_NORMAL,
114 .label = "label3",
115 .labelId = 1,
116 .description = "break the door",
117 .descriptionId = 1,
118 };
119 hapPolicyPrams.permList.emplace_back(permDef);
120 hapPolicyPrams.permStateList.emplace_back(permStateFull);
121 }
122
123 HapInfoParams hapInfoParams = {
124 .userID = 100,
125 .bundleName = "test.fuzz.ans",
126 .instIndex = 0,
127 .appIDDesc = "test.fuzz.ans",
128 .apiVersion = 12,
129 .isSystemApp = true
130 };
131
132 AccessTokenIDEx tokenIdEx = {0};
133 tokenIdEx = AccessTokenKit::AllocHapToken(hapInfoParams, hapPolicyPrams);
134 SetSelfTokenID(tokenIdEx.tokenIDEx);
135 }
136 }