1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "registerseccompenhancestub_fuzzer.h"
17
18 #include <string>
19 #include <thread>
20 #include <vector>
21
22 #include "accesstoken_callbacks.h"
23 #include "accesstoken_fuzzdata.h"
24 #undef private
25 #include "errors.h"
26 #include "hap_token_info.h"
27 #include "i_privacy_manager.h"
28 #include "on_permission_used_record_callback_stub.h"
29 #include "permission_used_request.h"
30 #include "permission_used_request_parcel.h"
31 #include "privacy_manager_service.h"
32 #include "securec.h"
33 #include "token_sync_kit_interface.h"
34
35 using namespace std;
36 using namespace OHOS::Security::AccessToken;
37
38 namespace OHOS {
39 namespace {
40 class TokenSyncCallbackImpl : public TokenSyncKitInterface {
41 public:
42 ~TokenSyncCallbackImpl() = default;
GetRemoteHapTokenInfo(const std::string & deviceID,AccessTokenID tokenID) const43 int32_t GetRemoteHapTokenInfo(const std::string& deviceID, AccessTokenID tokenID) const override
44 {
45 return 0;
46 };
47
DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const48 int32_t DeleteRemoteHapTokenInfo(AccessTokenID tokenID) const override
49 {
50 return 0;
51 };
52
UpdateRemoteHapTokenInfo(const HapTokenInfoForSync & tokenInfo) const53 int32_t UpdateRemoteHapTokenInfo(const HapTokenInfoForSync& tokenInfo) const override
54 {
55 return 0;
56 };
57 };
58 }
59
RegisterSecCompEnhanceStubFuzzTest(const uint8_t * data,size_t size)60 bool RegisterSecCompEnhanceStubFuzzTest(const uint8_t* data, size_t size)
61 {
62 if ((data == nullptr) || (size == 0)) {
63 return false;
64 }
65
66 sptr<TokenSyncCallback> callback =
67 sptr<TokenSyncCallback>(new TokenSyncCallback(std::make_shared<TokenSyncCallbackImpl>()));
68
69 AccessTokenFuzzData fuzzData(data, size);
70
71 SecCompEnhanceData secData;
72 secData.callback = callback->AsObject();
73 secData.pid = fuzzData.GetData<int32_t>();
74 secData.token = static_cast<AccessTokenID>(fuzzData.GetData<uint32_t>());
75 secData.challenge = fuzzData.GetData<uint64_t>();
76 secData.sessionId = fuzzData.GetData<uint32_t>();
77 secData.seqNum = fuzzData.GetData<uint32_t>();
78 if (size < AES_KEY_STORAGE_LEN) {
79 return false;
80 }
81 if (memcpy_s(secData.key, AES_KEY_STORAGE_LEN, data, AES_KEY_STORAGE_LEN) != EOK) {
82 return false;
83 }
84
85 SecCompEnhanceDataParcel enhance;
86 enhance.enhanceData = secData;
87
88 MessageParcel datas;
89 datas.WriteInterfaceToken(IPrivacyManager::GetDescriptor());
90 if (!datas.WriteParcelable(&enhance)) {
91 return false;
92 }
93
94 uint32_t code = static_cast<uint32_t>(PrivacyInterfaceCode::REGISTER_SEC_COMP_ENHANCE);
95
96 MessageParcel reply;
97 MessageOption option;
98 DelayedSingleton<PrivacyManagerService>::GetInstance()->OnRemoteRequest(code, datas, reply, option);
99
100 return true;
101 }
102 } // namespace OHOS
103
104 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)105 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
106 {
107 /* Run your code on data */
108 OHOS::RegisterSecCompEnhanceStubFuzzTest(data, size);
109 return 0;
110 }
111