1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "externalfileaccessdelete_fuzzer.h"
16
17 #include <cstddef>
18 #include <cstdint>
19 #include <cstring>
20 #include <memory>
21
22 #include "extension_base.h"
23 #include "extension_context.h"
24 #include "message_parcel.h"
25 #include "file_access_ext_stub.h"
26 #include "file_access_ext_stub_impl.h"
27 #include "file_access_ext_ability.h"
28 #include "js_file_access_ext_ability.h"
29 #include "js_runtime.h"
30 #include "securec.h"
31 #include "nativetoken_kit.h"
32 #include "token_setproc.h"
33 #include "accesstoken_kit.h"
34
35 namespace OHOS {
36 using namespace std;
37 using namespace OHOS;
38 using namespace FileAccessFwk;
39 using namespace AbilityRuntime;
40 constexpr size_t FOO_MAX_LEN = 1024;
41 constexpr size_t U32_AT_SIZE = 4;
42
43
44 enum {
45 TOKEN_INDEX_ONE = 0,
46 };
47
SetNativeToken()48 void SetNativeToken()
49 {
50 uint64_t tokenId;
51 const char *perms[] = {
52 "ohos.permission.FILE_ACCESS_MANAGER",
53 "ohos.permission.GET_BUNDLE_INFO_PRIVILEGED",
54 "ohos.permission.CONNECT_FILE_ACCESS_EXTENSION"
55 };
56 NativeTokenInfoParams infoInstance = {
57 .dcapsNum = 0,
58 .permsNum = 3,
59 .aclsNum = 0,
60 .dcaps = nullptr,
61 .perms = perms,
62 .acls = nullptr,
63 .aplStr = "system_core",
64 };
65
66 infoInstance.processName = "ExternalFileAccessDeleteFuzzTest";
67 tokenId = GetAccessTokenId(&infoInstance);
68 const uint64_t systemAppMask = (static_cast<uint64_t>(1) << 32);
69 tokenId |= systemAppMask;
70 SetSelfTokenID(tokenId);
71 OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
72 }
73
ExternalFileAccessDeleteFuzzTest(std::unique_ptr<char[]> data,size_t size)74 bool ExternalFileAccessDeleteFuzzTest(std::unique_ptr<char[]> data, size_t size)
75 {
76 SetNativeToken();
77 // CMD_DELETE
78 uint32_t code = 4;
79 MessageParcel datas;
80 datas.WriteInterfaceToken(FileAccessExtStub::GetDescriptor());
81 datas.WriteBuffer(data.get(), size);
82 datas.RewindRead(0);
83 MessageParcel reply;
84 MessageOption option;
85
86 auto fileAccessExtAbility = FileAccessExtAbility::Create(nullptr);
87 auto fileAccessExtAbilitySharePtr = std::shared_ptr<FileAccessExtAbility>(fileAccessExtAbility);
88
89 sptr<FileAccessExtStubImpl> fileAccessExtStubObj(new (std::nothrow) FileAccessExtStubImpl(
90 fileAccessExtAbilitySharePtr, nullptr));
91
92 if (fileAccessExtStubObj) {
93 fileAccessExtStubObj->OnRemoteRequest(code, datas, reply, option);
94 }
95
96 fileAccessExtAbility = nullptr;
97 fileAccessExtStubObj = nullptr;
98
99 return true;
100 }
101 } // namespace OHOS
102
103 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)104 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
105 {
106 /* Run your code on data */
107 if (data == nullptr) {
108 return 0;
109 }
110
111 /* Validate the length of size */
112 if (size < OHOS::U32_AT_SIZE || size > OHOS::FOO_MAX_LEN) {
113 return 0;
114 }
115
116 auto str = std::make_unique<char[]>(size + 1);
117 (void)memset_s(str.get(), size + 1, 0x00, size + 1);
118 if (memcpy_s(str.get(), size, data, size) != EOK) {
119 return 0;
120 }
121
122 OHOS::ExternalFileAccessDeleteFuzzTest(move(str), size);
123 return 0;
124 }
125