diff --git a/test/fuzztest/BUILD.gn b/test/fuzztest/BUILD.gn index 9abe65a24547d7aaf3935384f4b394d7264719c8..24e6251a3fdfe4db4410c50d22564ac0951d89dd 100644 --- a/test/fuzztest/BUILD.gn +++ b/test/fuzztest/BUILD.gn @@ -15,7 +15,9 @@ group("user_file_service_fuzz_test") { testonly = true deps = [ - "externalfileaccess_fuzzer:ExternalFileAccessFuzzTest", + "externalfileaccesspartone_fuzzer:ExternalFileAccessPartOneFuzzTest", + "externalfileaccessparttwo_fuzzer:ExternalFileAccessPartTwoFuzzTest", + "externalfileaccesspartthree_fuzzer:ExternalFileAccessPartThreeFuzzTest", "externalfileaccessaccess_fuzzer:ExternalFileAccessAccessFuzzTest", "externalfileaccesscreatefile_fuzzer:ExternalFileAccessCreateFileFuzzTest", "externalfileaccessdelete_fuzzer:ExternalFileAccessDeleteFuzzTest", diff --git a/test/fuzztest/externalfileaccess_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccesspartone_fuzzer/BUILD.gn similarity index 97% rename from test/fuzztest/externalfileaccess_fuzzer/BUILD.gn rename to test/fuzztest/externalfileaccesspartone_fuzzer/BUILD.gn index 12012feb945594943156e2b76533acb5c71978bc..dc275ba0f828685bdcfe3cbc03f1d5abb9bd30cd 100644 --- a/test/fuzztest/externalfileaccess_fuzzer/BUILD.gn +++ b/test/fuzztest/externalfileaccesspartone_fuzzer/BUILD.gn @@ -17,10 +17,10 @@ import("//build/test.gni") import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") ##############################fuzztest########################################## -ohos_fuzztest("ExternalFileAccessFuzzTest") { +ohos_fuzztest("ExternalFileAccessPartOneFuzzTest") { module_out_path = "user_file_service/user_file_service" fuzz_config_file = - "${user_file_service_path}/test/fuzztest/externalfileaccess_fuzzer" + "${user_file_service_path}/test/fuzztest/externalfileaccesspartone_fuzzer" include_dirs = [ "${user_file_service_path}/interfaces/inner_api/file_access/include", diff --git a/test/fuzztest/externalfileaccess_fuzzer/corpus/init b/test/fuzztest/externalfileaccesspartone_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/externalfileaccess_fuzzer/corpus/init rename to test/fuzztest/externalfileaccesspartone_fuzzer/corpus/init diff --git a/test/fuzztest/externalfileaccesspartone_fuzzer/external_file_access_fuzzer.cpp b/test/fuzztest/externalfileaccesspartone_fuzzer/external_file_access_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..9a4507886b0ad44f2cfb235f4960013ca1dafeb8 --- /dev/null +++ b/test/fuzztest/externalfileaccesspartone_fuzzer/external_file_access_fuzzer.cpp @@ -0,0 +1,196 @@ +/* + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "external_file_access_fuzzer.h" + +#include +#include +#include + +#include "accesstoken_kit.h" +#include "token_setproc.h" +#include "nativetoken_kit.h" +#include "file_access_framework_errno.h" +#include "file_access_helper.h" +#include "file_info_shared_memory.h" +#include "iservice_registry.h" +#include "hilog_wrapper.h" +#include "user_file_service_token_mock.h" +namespace OHOS { +using namespace std; +using namespace OHOS; +using namespace FileAccessFwk; + +const int ABILITY_ID = 5003; +shared_ptr g_fah = nullptr; +const int UID_TRANSFORM_TMP = 20000000; +const int UID_DEFAULT = 0; +shared_ptr GetFileAccessHelper() +{ + if (g_fah != nullptr) { + return g_fah; + } + auto saManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); + if (saManager == nullptr) { + return nullptr; + } + auto remoteObj = saManager->GetSystemAbility(ABILITY_ID); + AAFwk::Want want; + vector wantVec; + setuid(UID_TRANSFORM_TMP); + int ret = FileAccessHelper::GetRegisteredFileAccessExtAbilityInfo(wantVec); + if (ret != OHOS::FileAccessFwk::ERR_OK) { + HILOG_ERROR("GetRegisteredFileAccessExtAbilityInfo failed."); + return nullptr; + } + bool sus = false; + for (size_t i = 0; i < wantVec.size(); i++) { + auto element = wantVec[i].GetElement(); + if (element.GetBundleName() == "com.ohos.UserFile.ExternalFileManager" && + element.GetAbilityName() == "FileExtensionAbility") { + want = wantVec[i]; + sus = true; + break; + } + } + if (!sus) { + HILOG_ERROR("not found bundleName."); + return nullptr; + } + vector wants {want}; + g_fah = FileAccessHelper::Creator(remoteObj, wants); + setuid(UID_DEFAULT); + if (g_fah == nullptr) { + HILOG_ERROR("creator fileAccessHelper return nullptr."); + return nullptr; + } + return g_fah; +} + +bool CreatorFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size <= 0)) { + HILOG_ERROR("parameter data is nullptr or parameter size <= 0."); + return false; + } + std::string bundleName(reinterpret_cast(data), size); + auto saManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); + if (saManager == nullptr) { + return false; + } + auto remoteObj = saManager->GetSystemAbility(ABILITY_ID); + AAFwk::Want want; + want.SetElementName(bundleName, "FileExtensionAbility"); + vector wants {want}; + setuid(UID_TRANSFORM_TMP); + shared_ptr helper = nullptr; + helper = FileAccessHelper::Creator(remoteObj, wants); + setuid(UID_DEFAULT); + if (helper == nullptr) { + HILOG_ERROR("creator return nullptr."); + return false; + } + helper->Release(); + return true; +} + +bool CheckDataAndHelper(const uint8_t* data, size_t size, shared_ptr& helper) +{ + (void)data; + helper = GetFileAccessHelper(); + if (helper == nullptr) { + HILOG_ERROR("GetFileAccessHelper return nullptr."); + return false; + } + return true; +} + +bool AccessFuzzTest(const uint8_t* data, size_t size) +{ + shared_ptr helper; + if (!CheckDataAndHelper(data, size, helper)) { + return false; + } + Uri uri(std::string(reinterpret_cast(data), size)); + bool isExist = false; + int result = helper->Access(uri, isExist); + if (isExist != true || result != OHOS::FileAccessFwk::ERR_OK) { + return false; + } + return true; +} + +bool OpenFileFuzzTest(const uint8_t* data, size_t size) +{ + shared_ptr helper; + if (!CheckDataAndHelper(data, size, helper)) { + return false; + } + Uri uri(std::string(reinterpret_cast(data), size)); + int fd = -1; + int result = 0; + result = helper->OpenFile(uri, WRITE_READ, fd); + if (result != OHOS::FileAccessFwk::ERR_OK) { + HILOG_ERROR("OpenFile failed. ret : %{public}d", result); + return false; + } + close(fd); + return true; +} + +bool MkdirFuzzTest(const uint8_t* data, size_t size) +{ + shared_ptr helper; + if (!CheckDataAndHelper(data, size, helper)) { + return false; + } + + vector info; + int result = helper->GetRoots(info); + if (result != OHOS::FileAccessFwk::ERR_OK) { + HILOG_ERROR("GetRoots failed. ret : %{public}d", result); + return false; + } + for (size_t i = 0; i < info.size(); i++) { + Uri parentUri(info[i].uri); + Uri newDirUri(""); + std::string dirName(reinterpret_cast(data), size); + result = helper->Mkdir(parentUri, dirName, newDirUri); + if (result != OHOS::FileAccessFwk::ERR_OK) { + HILOG_ERROR("Mkdir failed. ret : %{public}d", result); + return false; + } + result = helper->Delete(newDirUri); + if (result != OHOS::FileAccessFwk::ERR_OK) { + HILOG_ERROR("Delete failed. ret : %{public}d", result); + return false; + } + } + return true; +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + OHOS::UserFileServiceTokenMock tokenMock; + tokenMock.SetFileManagerToken(); + /* Run your code on data */ + OHOS::CreatorFuzzTest(data, size); + OHOS::AccessFuzzTest(data, size); + OHOS::OpenFileFuzzTest(data, size); + OHOS::MkdirFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/externalfileaccess_fuzzer/external_file_access_fuzzer.h b/test/fuzztest/externalfileaccesspartone_fuzzer/external_file_access_fuzzer.h similarity index 100% rename from test/fuzztest/externalfileaccess_fuzzer/external_file_access_fuzzer.h rename to test/fuzztest/externalfileaccesspartone_fuzzer/external_file_access_fuzzer.h diff --git a/test/fuzztest/externalfileaccess_fuzzer/project.xml b/test/fuzztest/externalfileaccesspartone_fuzzer/project.xml similarity index 100% rename from test/fuzztest/externalfileaccess_fuzzer/project.xml rename to test/fuzztest/externalfileaccesspartone_fuzzer/project.xml diff --git a/test/fuzztest/externalfileaccesspartthree_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccesspartthree_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..ecd93f1e5eb5b53cdad93ade5c9f3d5313426eb6 --- /dev/null +++ b/test/fuzztest/externalfileaccesspartthree_fuzzer/BUILD.gn @@ -0,0 +1,70 @@ +# Copyright (c) 2022-2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") + +##############################fuzztest########################################## +ohos_fuzztest("ExternalFileAccessPartThreeFuzzTest") { + module_out_path = "user_file_service/user_file_service" + fuzz_config_file = + "${user_file_service_path}/test/fuzztest/externalfileaccesspartthree_fuzzer" + + include_dirs = [ + "${user_file_service_path}/interfaces/inner_api/file_access/include", + "${user_file_service_path}/test/fuzztest/privacy_comm/include", + "${user_file_service_path}/utils", + ] + + sources = [ + "external_file_access_fuzzer.cpp", + "${user_file_service_path}/test/fuzztest/privacy_comm/src/user_file_service_token_mock.cpp", + ] + configs = [ "//build/config/compiler:exceptions" ] + + deps = [ + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_ext_base_include", + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit", + "${user_file_service_path}/services:file_access_service_base_include", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "ability_runtime:ability_context_native", + "ability_runtime:ability_manager", + "ability_runtime:app_manager", + "ability_runtime:runtime", + "ability_runtime:wantagent_innerkits", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_core", + "cJSON:cjson_static", + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_core", + "ipc:rpc", + "samgr:samgr_proxy", + "selinux_adapter:librestorecon", + ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] +} diff --git a/test/fuzztest/externalfileaccesspartthree_fuzzer/corpus/init b/test/fuzztest/externalfileaccesspartthree_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..8eb5a7d6eb6b7d71f0c70c244e5768d62bee6ac5 --- /dev/null +++ b/test/fuzztest/externalfileaccesspartthree_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/externalfileaccesspartthree_fuzzer/external_file_access_fuzzer.cpp b/test/fuzztest/externalfileaccesspartthree_fuzzer/external_file_access_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..1bae017df84d77d3720ff2eb61ad296afda01a00 --- /dev/null +++ b/test/fuzztest/externalfileaccesspartthree_fuzzer/external_file_access_fuzzer.cpp @@ -0,0 +1,183 @@ +/* + * Copyright (c) 2022-2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "external_file_access_fuzzer.h" + +#include +#include +#include + +#include "accesstoken_kit.h" +#include "token_setproc.h" +#include "nativetoken_kit.h" +#include "file_access_framework_errno.h" +#include "file_access_helper.h" +#include "file_info_shared_memory.h" +#include "iservice_registry.h" +#include "hilog_wrapper.h" +#include "user_file_service_token_mock.h" +namespace OHOS { +using namespace std; +using namespace OHOS; +using namespace FileAccessFwk; + +const int ABILITY_ID = 5003; +shared_ptr g_fah = nullptr; +const int UID_TRANSFORM_TMP = 20000000; +const int UID_DEFAULT = 0; +shared_ptr GetFileAccessHelper() +{ + if (g_fah != nullptr) { + return g_fah; + } + auto saManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); + if (saManager == nullptr) { + return nullptr; + } + auto remoteObj = saManager->GetSystemAbility(ABILITY_ID); + AAFwk::Want want; + vector wantVec; + setuid(UID_TRANSFORM_TMP); + int ret = FileAccessHelper::GetRegisteredFileAccessExtAbilityInfo(wantVec); + if (ret != OHOS::FileAccessFwk::ERR_OK) { + HILOG_ERROR("GetRegisteredFileAccessExtAbilityInfo failed."); + return nullptr; + } + bool sus = false; + for (size_t i = 0; i < wantVec.size(); i++) { + auto element = wantVec[i].GetElement(); + if (element.GetBundleName() == "com.ohos.UserFile.ExternalFileManager" && + element.GetAbilityName() == "FileExtensionAbility") { + want = wantVec[i]; + sus = true; + break; + } + } + if (!sus) { + HILOG_ERROR("not found bundleName."); + return nullptr; + } + vector wants {want}; + g_fah = FileAccessHelper::Creator(remoteObj, wants); + setuid(UID_DEFAULT); + if (g_fah == nullptr) { + HILOG_ERROR("creator fileAccessHelper return nullptr."); + return nullptr; + } + return g_fah; +} + +bool CheckDataAndHelper(const uint8_t* data, size_t size, shared_ptr& helper) +{ + (void)data; + helper = GetFileAccessHelper(); + if (helper == nullptr) { + HILOG_ERROR("GetFileAccessHelper return nullptr."); + return false; + } + return true; +} + +bool ListFileFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + HILOG_ERROR("parameter data is nullptr or parameter size <= 0."); + return false; + } + shared_ptr helper = GetFileAccessHelper(); + if (helper == nullptr) { + HILOG_ERROR("GetFileAccessHelper return nullptr."); + return false; + } + + FileInfo fileInfo; + fileInfo.uri = std::string(reinterpret_cast(data), size); + int64_t offset = 0; + SharedMemoryInfo memInfo; + int result = SharedMemoryOperation::CreateSharedMemory("FileInfo List", DEFAULT_CAPACITY_200KB, + memInfo); + if (result != OHOS::FileAccessFwk::ERR_OK) { + HILOG_ERROR("CreateSharedMemory failed. ret : %{public}d", result); + return false; + } + FileFilter filter; + result = helper->ListFile(fileInfo, offset, filter, memInfo); + SharedMemoryOperation::DestroySharedMemory(memInfo); + if (result != OHOS::FileAccessFwk::ERR_OK) { + HILOG_ERROR("ListFile failed. ret : %{public}d", result); + return false; + } + return true; +} + +bool ScanFileFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + HILOG_ERROR("parameter data is nullptr or parameter size <= 0."); + return false; + } + shared_ptr helper = GetFileAccessHelper(); + if (helper == nullptr) { + HILOG_ERROR("GetFileAccessHelper return nullptr."); + return false; + } + + FileInfo fileInfo; + fileInfo.uri = std::string(reinterpret_cast(data), size); + int64_t offset = 0; + int64_t maxCount = 1000; + std::vector fileInfoVec; + FileFilter filter; + int result = helper->ScanFile(fileInfo, offset, maxCount, filter, fileInfoVec); + if (result != OHOS::FileAccessFwk::ERR_OK) { + HILOG_ERROR("ScanFile failed. ret : %{public}d", result); + return false; + } + return true; +} + +bool GetFileInfoFromUriFuzzTest(const uint8_t* data, size_t size) +{ + if ((data == nullptr) || (size == 0)) { + HILOG_ERROR("parameter data is nullptr or parameter size <= 0."); + return false; + } + Uri uri(std::string(reinterpret_cast(data), size)); + shared_ptr helper = GetFileAccessHelper(); + if (helper == nullptr) { + HILOG_ERROR("GetFileAccessHelper return nullptr."); + return false; + } + FileInfo fileinfo; + int result = helper->GetFileInfoFromUri(uri, fileinfo); + if (result != OHOS::FileAccessFwk::ERR_OK) { + HILOG_ERROR("GetFileInfoFromUri failed. ret : %{public}d", result); + return false; + } + return true; +} +} + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) +{ + OHOS::UserFileServiceTokenMock tokenMock; + tokenMock.SetFileManagerToken(); + /* Run your code on data */ + OHOS::ListFileFuzzTest(data, size); + OHOS::ScanFileFuzzTest(data, size); + OHOS::GetFileInfoFromUriFuzzTest(data, size); + return 0; +} diff --git a/test/fuzztest/externalfileaccesspartthree_fuzzer/external_file_access_fuzzer.h b/test/fuzztest/externalfileaccesspartthree_fuzzer/external_file_access_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..9a4b9e746f87aa4ccf2a1f0ef1f026bfc97c3c11 --- /dev/null +++ b/test/fuzztest/externalfileaccesspartthree_fuzzer/external_file_access_fuzzer.h @@ -0,0 +1,23 @@ +/* + * Copyright (c) 2022-2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_FUZZER_H +#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_FUZZER_H + +#define FUZZ_PROJECT_NAME "external_file_access_fuzzer" + +#endif // FILE_ACCESS_EXTERNAL_FILE_ACCESS_FUZZER_H + diff --git a/test/fuzztest/externalfileaccesspartthree_fuzzer/project.xml b/test/fuzztest/externalfileaccesspartthree_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..6e8ad2cfde8f8bda4beb6cabbe7efd8bc3c54eec --- /dev/null +++ b/test/fuzztest/externalfileaccesspartthree_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/externalfileaccessparttwo_fuzzer/BUILD.gn b/test/fuzztest/externalfileaccessparttwo_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..42129a705e7675b57dd14770ff425c14e4885637 --- /dev/null +++ b/test/fuzztest/externalfileaccessparttwo_fuzzer/BUILD.gn @@ -0,0 +1,70 @@ +# Copyright (c) 2022-2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") + +##############################fuzztest########################################## +ohos_fuzztest("ExternalFileAccessPartTwoFuzzTest") { + module_out_path = "user_file_service/user_file_service" + fuzz_config_file = + "${user_file_service_path}/test/fuzztest/externalfileaccessparttwo_fuzzer" + + include_dirs = [ + "${user_file_service_path}/interfaces/inner_api/file_access/include", + "${user_file_service_path}/test/fuzztest/privacy_comm/include", + "${user_file_service_path}/utils", + ] + + sources = [ + "external_file_access_fuzzer.cpp", + "${user_file_service_path}/test/fuzztest/privacy_comm/src/user_file_service_token_mock.cpp", + ] + configs = [ "//build/config/compiler:exceptions" ] + + deps = [ + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_ext_base_include", + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit", + "${user_file_service_path}/services:file_access_service_base_include", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "ability_runtime:ability_context_native", + "ability_runtime:ability_manager", + "ability_runtime:app_manager", + "ability_runtime:runtime", + "ability_runtime:wantagent_innerkits", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_core", + "cJSON:cjson_static", + "c_utils:utils", + "hilog:libhilog", + "ipc:ipc_core", + "ipc:rpc", + "samgr:samgr_proxy", + "selinux_adapter:librestorecon", + ] + + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] +} diff --git a/test/fuzztest/externalfileaccessparttwo_fuzzer/corpus/init b/test/fuzztest/externalfileaccessparttwo_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..8eb5a7d6eb6b7d71f0c70c244e5768d62bee6ac5 --- /dev/null +++ b/test/fuzztest/externalfileaccessparttwo_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/externalfileaccess_fuzzer/external_file_access_fuzzer.cpp b/test/fuzztest/externalfileaccessparttwo_fuzzer/external_file_access_fuzzer.cpp similarity index 57% rename from test/fuzztest/externalfileaccess_fuzzer/external_file_access_fuzzer.cpp rename to test/fuzztest/externalfileaccessparttwo_fuzzer/external_file_access_fuzzer.cpp index 22c2c6f0423fc9a1f73d85e8cf2fa1cbf87bd2f2..d8f429f6823dbd9fe32f135079dc4e04a4e54801 100644 --- a/test/fuzztest/externalfileaccess_fuzzer/external_file_access_fuzzer.cpp +++ b/test/fuzztest/externalfileaccessparttwo_fuzzer/external_file_access_fuzzer.cpp @@ -79,33 +79,6 @@ shared_ptr GetFileAccessHelper() return g_fah; } -bool CreatorFuzzTest(const uint8_t* data, size_t size) -{ - if ((data == nullptr) || (size <= 0)) { - HILOG_ERROR("parameter data is nullptr or parameter size <= 0."); - return false; - } - std::string bundleName(reinterpret_cast(data), size); - auto saManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); - if (saManager == nullptr) { - return false; - } - auto remoteObj = saManager->GetSystemAbility(ABILITY_ID); - AAFwk::Want want; - want.SetElementName(bundleName, "FileExtensionAbility"); - vector wants {want}; - setuid(UID_TRANSFORM_TMP); - shared_ptr helper = nullptr; - helper = FileAccessHelper::Creator(remoteObj, wants); - setuid(UID_DEFAULT); - if (helper == nullptr) { - HILOG_ERROR("creator return nullptr."); - return false; - } - helper->Release(); - return true; -} - bool CheckDataAndHelper(const uint8_t* data, size_t size, shared_ptr& helper) { (void)data; @@ -117,39 +90,6 @@ bool CheckDataAndHelper(const uint8_t* data, size_t size, shared_ptr helper; - if (!CheckDataAndHelper(data, size, helper)) { - return false; - } - Uri uri(std::string(reinterpret_cast(data), size)); - bool isExist = false; - int result = helper->Access(uri, isExist); - if (isExist != true || result != OHOS::FileAccessFwk::ERR_OK) { - return false; - } - return true; -} - -bool OpenFileFuzzTest(const uint8_t* data, size_t size) -{ - shared_ptr helper; - if (!CheckDataAndHelper(data, size, helper)) { - return false; - } - Uri uri(std::string(reinterpret_cast(data), size)); - int fd = -1; - int result = 0; - result = helper->OpenFile(uri, WRITE_READ, fd); - if (result != OHOS::FileAccessFwk::ERR_OK) { - HILOG_ERROR("OpenFile failed. ret : %{public}d", result); - return false; - } - close(fd); - return true; -} - bool CreateFileFuzzTest(const uint8_t* data, size_t size) { shared_ptr helper; @@ -180,37 +120,6 @@ bool CreateFileFuzzTest(const uint8_t* data, size_t size) return true; } -bool MkdirFuzzTest(const uint8_t* data, size_t size) -{ - shared_ptr helper; - if (!CheckDataAndHelper(data, size, helper)) { - return false; - } - - vector info; - int result = helper->GetRoots(info); - if (result != OHOS::FileAccessFwk::ERR_OK) { - HILOG_ERROR("GetRoots failed. ret : %{public}d", result); - return false; - } - for (size_t i = 0; i < info.size(); i++) { - Uri parentUri(info[i].uri); - Uri newDirUri(""); - std::string dirName(reinterpret_cast(data), size); - result = helper->Mkdir(parentUri, dirName, newDirUri); - if (result != OHOS::FileAccessFwk::ERR_OK) { - HILOG_ERROR("Mkdir failed. ret : %{public}d", result); - return false; - } - result = helper->Delete(newDirUri); - if (result != OHOS::FileAccessFwk::ERR_OK) { - HILOG_ERROR("Delete failed. ret : %{public}d", result); - return false; - } - } - return true; -} - bool DeleteFuzzTest(const uint8_t* data, size_t size) { shared_ptr helper; @@ -308,86 +217,6 @@ bool RenameFuzzTest(const uint8_t* data, size_t size) } return true; } - -bool ListFileFuzzTest(const uint8_t* data, size_t size) -{ - if ((data == nullptr) || (size == 0)) { - HILOG_ERROR("parameter data is nullptr or parameter size <= 0."); - return false; - } - shared_ptr helper = GetFileAccessHelper(); - if (helper == nullptr) { - HILOG_ERROR("GetFileAccessHelper return nullptr."); - return false; - } - - FileInfo fileInfo; - fileInfo.uri = std::string(reinterpret_cast(data), size); - int64_t offset = 0; - SharedMemoryInfo memInfo; - int result = SharedMemoryOperation::CreateSharedMemory("FileInfo List", DEFAULT_CAPACITY_200KB, - memInfo); - if (result != OHOS::FileAccessFwk::ERR_OK) { - HILOG_ERROR("CreateSharedMemory failed. ret : %{public}d", result); - return false; - } - FileFilter filter; - result = helper->ListFile(fileInfo, offset, filter, memInfo); - SharedMemoryOperation::DestroySharedMemory(memInfo); - if (result != OHOS::FileAccessFwk::ERR_OK) { - HILOG_ERROR("ListFile failed. ret : %{public}d", result); - return false; - } - return true; -} - -bool ScanFileFuzzTest(const uint8_t* data, size_t size) -{ - if ((data == nullptr) || (size == 0)) { - HILOG_ERROR("parameter data is nullptr or parameter size <= 0."); - return false; - } - shared_ptr helper = GetFileAccessHelper(); - if (helper == nullptr) { - HILOG_ERROR("GetFileAccessHelper return nullptr."); - return false; - } - - FileInfo fileInfo; - fileInfo.uri = std::string(reinterpret_cast(data), size); - int64_t offset = 0; - int64_t maxCount = 1000; - std::vector fileInfoVec; - FileFilter filter; - int result = helper->ScanFile(fileInfo, offset, maxCount, filter, fileInfoVec); - if (result != OHOS::FileAccessFwk::ERR_OK) { - HILOG_ERROR("ScanFile failed. ret : %{public}d", result); - return false; - } - return true; -} - -bool GetFileInfoFromUriFuzzTest(const uint8_t* data, size_t size) -{ - if ((data == nullptr) || (size == 0)) { - HILOG_ERROR("parameter data is nullptr or parameter size <= 0."); - return false; - } - Uri uri(std::string(reinterpret_cast(data), size)); - shared_ptr helper = GetFileAccessHelper(); - if (helper == nullptr) { - HILOG_ERROR("GetFileAccessHelper return nullptr."); - return false; - } - FileInfo fileinfo; - int result = helper->GetFileInfoFromUri(uri, fileinfo); - if (result != OHOS::FileAccessFwk::ERR_OK) { - HILOG_ERROR("GetFileInfoFromUri failed. ret : %{public}d", result); - return false; - } - return true; -} - } /* Fuzzer entry point */ @@ -396,16 +225,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) OHOS::UserFileServiceTokenMock tokenMock; tokenMock.SetFileManagerToken(); /* Run your code on data */ - OHOS::CreatorFuzzTest(data, size); - OHOS::AccessFuzzTest(data, size); - OHOS::OpenFileFuzzTest(data, size); - OHOS::MkdirFuzzTest(data, size); OHOS::CreateFileFuzzTest(data, size); OHOS::DeleteFuzzTest(data, size); OHOS::MoveFuzzTest(data, size); OHOS::RenameFuzzTest(data, size); - OHOS::ListFileFuzzTest(data, size); - OHOS::ScanFileFuzzTest(data, size); - OHOS::GetFileInfoFromUriFuzzTest(data, size); return 0; } diff --git a/test/fuzztest/externalfileaccessparttwo_fuzzer/external_file_access_fuzzer.h b/test/fuzztest/externalfileaccessparttwo_fuzzer/external_file_access_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..9a4b9e746f87aa4ccf2a1f0ef1f026bfc97c3c11 --- /dev/null +++ b/test/fuzztest/externalfileaccessparttwo_fuzzer/external_file_access_fuzzer.h @@ -0,0 +1,23 @@ +/* + * Copyright (c) 2022-2024 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#ifndef FILE_ACCESS_EXTERNAL_FILE_ACCESS_FUZZER_H +#define FILE_ACCESS_EXTERNAL_FILE_ACCESS_FUZZER_H + +#define FUZZ_PROJECT_NAME "external_file_access_fuzzer" + +#endif // FILE_ACCESS_EXTERNAL_FILE_ACCESS_FUZZER_H + diff --git a/test/fuzztest/externalfileaccessparttwo_fuzzer/project.xml b/test/fuzztest/externalfileaccessparttwo_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..6e8ad2cfde8f8bda4beb6cabbe7efd8bc3c54eec --- /dev/null +++ b/test/fuzztest/externalfileaccessparttwo_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + +