1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "grantpermissionstub_fuzzer.h"
17 
18 #include <sys/types.h>
19 #include <unistd.h>
20 #include <string>
21 #include <thread>
22 #include <vector>
23 #undef private
24 #include "access_token.h"
25 #include "accesstoken_fuzzdata.h"
26 #include "accesstoken_info_manager.h"
27 #include "accesstoken_kit.h"
28 #include "accesstoken_manager_service.h"
29 #include "i_accesstoken_manager.h"
30 #include "token_setproc.h"
31 
32 using namespace std;
33 using namespace OHOS::Security::AccessToken;
34 static HapInfoParams g_InfoParms = {
35     .userID = 1,
36     .bundleName = "GrantPermissionStubFuzzTest",
37     .instIndex = 0,
38     .appIDDesc = "test.bundle",
39     .isSystemApp = false
40 };
41 static HapPolicyParams g_PolicyPrams = {
42     .apl = APL_NORMAL,
43     .domain = "test.domain",
44     .permList = {},
45     .permStateList = {}
46 };
47 const int CONSTANTS_NUMBER_TWO = 2;
48 const int CONSTANTS_NUMBER_THREE = 3;
49 static const int32_t ROOT_UID = 0;
50 
51 namespace OHOS {
GrantPermissionStubFuzzTest(const uint8_t * data,size_t size)52     bool GrantPermissionStubFuzzTest(const uint8_t* data, size_t size)
53     {
54         if ((data == nullptr) || (size == 0)) {
55             return false;
56         }
57         AccessTokenFuzzData fuzzData(data, size);
58         AccessTokenID tokenId = fuzzData.GetData<AccessTokenID>();
59         std::string testName(fuzzData.GenerateRandomString());
60         MessageParcel datas;
61         datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
62         if (!datas.WriteUint32(tokenId) || !datas.WriteString(testName) ||
63             !datas.WriteInt32(PERMISSION_USER_SET)) {
64             return false;
65         }
66 
67         uint32_t code = static_cast<uint32_t>(
68             AccessTokenInterfaceCode::GRANT_PERMISSION);
69 
70         MessageParcel reply;
71         MessageOption option;
72         AccessTokenID tokenIdHap;
73         bool enable2 = ((size % CONSTANTS_NUMBER_THREE) == 0);
74         if (enable2) {
75             AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_InfoParms, g_PolicyPrams);
76             tokenIdHap = tokenIdEx.tokenIDEx;
77             SetSelfTokenID(tokenIdHap);
78             AccessTokenInfoManager::GetInstance().Init();
79         }
80         bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0);
81         if (enable) {
82             setuid(CONSTANTS_NUMBER_TWO);
83         }
84         DelayedSingleton<AccessTokenManagerService>::GetInstance()->OnRemoteRequest(code, datas, reply, option);
85         setuid(ROOT_UID);
86         if (enable2) {
87             AccessTokenKit::DeleteToken(tokenIdHap);
88             AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd");
89             SetSelfTokenID(hdcd);
90         }
91 
92         return true;
93     }
94 } // namespace OHOS
95 
96 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)97 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
98 {
99     /* Run your code on data */
100     OHOS::GrantPermissionStubFuzzTest(data, size);
101     return 0;
102 }
103