diff --git a/test/fuzztest/BUILD.gn b/test/fuzztest/BUILD.gn index 9abe65a24547d7aaf3935384f4b394d7264719c8..e74dabdd84daba1419969a38d3d8d0537712f6d6 100644 --- a/test/fuzztest/BUILD.gn +++ b/test/fuzztest/BUILD.gn @@ -28,7 +28,12 @@ group("user_file_service_fuzz_test") { "externalfileaccessopenfile_fuzzer:ExternalFileAccessOpenFileFuzzTest", "externalfileaccessrename_fuzzer:ExternalFileAccessRenameFuzzTest", "externalfileaccessscanfile_fuzzer:ExternalFileAccessScanFileFuzzTest", - "fileaccessextbaseproxy_fuzzer:FileAccessExtBaseProxyFuzzTest", + "fileaccessextcreatefile_fuzzer:FileAccessExtCreateFileFuzzTest", + "fileaccessextdelete_fuzzer:FileAccessExtDeleteFuzzTest", + "fileaccessextcopy_fuzzer:FileAccessExtCopyFuzzTest", + "fileaccessextcopyfile_fuzzer:FileAccessExtCopyFileFuzzTest", + "fileaccessextgetfileinfo_fuzzer:FileAccessExtGetFileInfoFuzzTest", + "fileaccessextaccess_fuzzer:FileAccessExtAccessFuzzTest", "fileaccessextconnection_fuzzer:FileAccessExtConnectionFuzzTest", "fileaccessservicebaseproxy_fuzzer:FileAccessServiceBaseProxyFuzzTest", "fileinfosharedmemory_fuzzer:FileInfoSharedMemoryFuzzTest", diff --git a/test/fuzztest/fileaccessextbaseproxy_fuzzer/BUILD.gn b/test/fuzztest/fileaccessextaccess_fuzzer/BUILD.gn similarity index 93% rename from test/fuzztest/fileaccessextbaseproxy_fuzzer/BUILD.gn rename to test/fuzztest/fileaccessextaccess_fuzzer/BUILD.gn index efdebe29015999faaf1f65ac48c96941072560d3..5560bf9a6e07e80ae5be6d2e4edf5e39489979e8 100644 --- a/test/fuzztest/fileaccessextbaseproxy_fuzzer/BUILD.gn +++ b/test/fuzztest/fileaccessextaccess_fuzzer/BUILD.gn @@ -15,10 +15,10 @@ import("//build/config/features.gni") import("//build/test.gni") import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") -ohos_fuzztest("FileAccessExtBaseProxyFuzzTest") { +ohos_fuzztest("FileAccessExtAccessFuzzTest") { module_out_path = "user_file_service/user_file_service" fuzz_config_file = - "${user_file_service_path}/test/fuzztest/fileaccessextbaseproxy_fuzzer" + "${user_file_service_path}/test/fuzztest/fileaccessextaccess_fuzzer" include_dirs = [ "${user_file_service_path}/interfaces/inner_api/file_access/include", "${user_file_service_path}/test/fuzztest/privacy_comm/include", @@ -31,7 +31,7 @@ ohos_fuzztest("FileAccessExtBaseProxyFuzzTest") { "-fno-omit-frame-pointer", ] sources = [ - "fileaccessextbaseproxy_fuzzer.cpp", + "fileaccessextaccess_fuzzer.cpp", "${user_file_service_path}/test/fuzztest/privacy_comm/src/user_file_service_token_mock.cpp" ] diff --git a/test/fuzztest/fileaccessextbaseproxy_fuzzer/corpus/init b/test/fuzztest/fileaccessextaccess_fuzzer/corpus/init similarity index 100% rename from test/fuzztest/fileaccessextbaseproxy_fuzzer/corpus/init rename to test/fuzztest/fileaccessextaccess_fuzzer/corpus/init diff --git a/test/fuzztest/fileaccessextaccess_fuzzer/fileaccessextaccess_fuzzer.cpp b/test/fuzztest/fileaccessextaccess_fuzzer/fileaccessextaccess_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..27180862003d0e0e688c774ba147ba9641f80fe3 --- /dev/null +++ b/test/fuzztest/fileaccessextaccess_fuzzer/fileaccessextaccess_fuzzer.cpp @@ -0,0 +1,117 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "fileaccessextaccess_fuzzer.h" + +#include +#include + +#include "accesstoken_kit.h" +#include "file_access_helper.h" +#include "file_access_ext_base_proxy.h" +#include "file_info_shared_memory.h" +#include "iservice_registry.h" +#include "token_setproc.h" +#include "nativetoken_kit.h" + +#include "user_file_service_token_mock.h" + +namespace OHOS { +using namespace std; +using namespace FileAccessFwk; + +const int ABILITY_ID = 5003; +shared_ptr g_fah = nullptr; +const int UID_TRANSFORM_TMP = 20000000; +const int UID_DEFAULT = 0; + +template +T TypeCast(const uint8_t *data, int *pos = nullptr) +{ + if (pos) { + *pos += sizeof(T); + } + return *(reinterpret_cast(data)); +} + +shared_ptr GetFileAccessHelper() +{ + if (g_fah != nullptr) { + return g_fah; + } + auto saManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); + if (saManager == nullptr) { + return nullptr; + } + auto remoteObj = saManager->GetSystemAbility(ABILITY_ID); + AAFwk::Want want; + vector wantVec; + setuid(UID_TRANSFORM_TMP); + int ret = FileAccessHelper::GetRegisteredFileAccessExtAbilityInfo(wantVec); + if (ret != OHOS::FileAccessFwk::ERR_OK) { + printf("GetRegisteredFileAccessExtAbilityInfo failed."); + return nullptr; + } + bool sus = false; + for (size_t i = 0; i < wantVec.size(); i++) { + auto element = wantVec[i].GetElement(); + if (element.GetBundleName() == "com.ohos.UserFile.ExternalFileManager" && + element.GetAbilityName() == "FileExtensionAbility") { + want = wantVec[i]; + sus = true; + break; + } + } + if (!sus) { + printf("not found bundleName."); + return nullptr; + } + vector wants {want}; + g_fah = FileAccessHelper::Creator(remoteObj, wants); + setuid(UID_DEFAULT); + if (g_fah == nullptr) { + printf("creator fileAccessHelper return nullptr."); + return nullptr; + } + return g_fah; +} + +bool AccessFuzzTest(sptr proxy, const uint8_t *data, size_t size) +{ + Urie uri(string(reinterpret_cast(data), size)); + bool isExist = false; + proxy->Access(uri, isExist); + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + OHOS::UserFileServiceTokenMock tokenMock; + tokenMock.SetFileManagerToken(); + auto helper = OHOS::GetFileAccessHelper(); + if (helper == nullptr) { + printf("helper is nullptr."); + return false; + } + auto proxy = helper->GetProxyByBundleName(OHOS::EXTERNAL_BNUDLE_NAME); + if (proxy == nullptr) { + printf("get proxy failed."); + return 0; + } + + OHOS::AccessFuzzTest(proxy, data, size); + return 0; +} diff --git a/test/fuzztest/fileaccessextbaseproxy_fuzzer/fileaccessextbaseproxy_fuzzer.h b/test/fuzztest/fileaccessextaccess_fuzzer/fileaccessextaccess_fuzzer.h similarity index 81% rename from test/fuzztest/fileaccessextbaseproxy_fuzzer/fileaccessextbaseproxy_fuzzer.h rename to test/fuzztest/fileaccessextaccess_fuzzer/fileaccessextaccess_fuzzer.h index 5be5cb286e373c180f4146ec66c85b4228f79941..741eb720961bfdeab3d8f3257e25662b9769468d 100644 --- a/test/fuzztest/fileaccessextbaseproxy_fuzzer/fileaccessextbaseproxy_fuzzer.h +++ b/test/fuzztest/fileaccessextaccess_fuzzer/fileaccessextaccess_fuzzer.h @@ -13,9 +13,9 @@ * limitations under the License. */ -#ifndef FILE_ACCESS_EXTBASEPROXY_FUZZER_H -#define FILE_ACCESS_EXTBASEPROXY_FUZZER_H +#ifndef FILE_ACCESS_EXTACCESS_FUZZER_H +#define FILE_ACCESS_EXTACCESS_FUZZER_H -#define FUZZ_PROJECT_NAME "fileaccessextbaseproxy_fuzzer" +#define FUZZ_PROJECT_NAME "fileaccessextaccesss_fuzzer" #endif \ No newline at end of file diff --git a/test/fuzztest/fileaccessextbaseproxy_fuzzer/project.xml b/test/fuzztest/fileaccessextaccess_fuzzer/project.xml similarity index 100% rename from test/fuzztest/fileaccessextbaseproxy_fuzzer/project.xml rename to test/fuzztest/fileaccessextaccess_fuzzer/project.xml diff --git a/test/fuzztest/fileaccessextconnection_fuzzer/fileaccessextconnection_fuzzer.cpp b/test/fuzztest/fileaccessextconnection_fuzzer/fileaccessextconnection_fuzzer.cpp index dd12d6755152bf7e072368615feea7d3f38cb7bf..36a498523e583226a0fac01393581a10158cecc8 100644 --- a/test/fuzztest/fileaccessextconnection_fuzzer/fileaccessextconnection_fuzzer.cpp +++ b/test/fuzztest/fileaccessextconnection_fuzzer/fileaccessextconnection_fuzzer.cpp @@ -43,18 +43,6 @@ bool OnAbilityDisconnectDoneFuzzTest(sptr conn, const u return true; } -bool IsExtAbilityConnectedFuzzTest(sptr conn) -{ - conn->IsExtAbilityConnected(); - return true; -} - -bool GetFileExtProxyFuzzTest(sptr conn) -{ - conn->GetFileExtProxy(); - return true; -} - bool ConnectFileExtAbility(sptr conn, const uint8_t *data, size_t size) { int len = size >> 1; @@ -65,12 +53,6 @@ bool ConnectFileExtAbility(sptr conn, const uint8_t *da conn->ConnectFileExtAbility(want, remoteObject); return true; } - -bool DisconnectFileExtAbility(sptr conn) -{ - conn->DisconnectFileExtAbility(); - return true; -} } // namespace OHOS /* Fuzzer entry point */ @@ -83,10 +65,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) OHOS::OnAbilityConnectDoneFuzzTest(conn, data, size); OHOS::OnAbilityDisconnectDoneFuzzTest(conn, data, size); - OHOS::IsExtAbilityConnectedFuzzTest(conn); - OHOS::GetFileExtProxyFuzzTest(conn); OHOS::ConnectFileExtAbility(conn, data, size); - OHOS::DisconnectFileExtAbility(conn); - return 0; } diff --git a/test/fuzztest/fileaccessextcopy_fuzzer/BUILD.gn b/test/fuzztest/fileaccessextcopy_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..a40118a9b4244c122b233ca18e70123d7e5db05d --- /dev/null +++ b/test/fuzztest/fileaccessextcopy_fuzzer/BUILD.gn @@ -0,0 +1,68 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") +ohos_fuzztest("FileAccessExtCopyFuzzTest") { + module_out_path = "user_file_service/user_file_service" + fuzz_config_file = + "${user_file_service_path}/test/fuzztest/fileaccessextcopy_fuzzer" + include_dirs = [ + "${user_file_service_path}/interfaces/inner_api/file_access/include", + "${user_file_service_path}/test/fuzztest/privacy_comm/include", + "${user_file_service_path}/utils", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ + "fileaccessextcopy_fuzzer.cpp", + "${user_file_service_path}/test/fuzztest/privacy_comm/src/user_file_service_token_mock.cpp" + ] + + deps = [ + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_ext_base_include", + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit", + "${user_file_service_path}/services:file_access_service", + "${user_file_service_path}/services:file_access_service_base_include", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "ability_runtime:ability_context_native", + "ability_runtime:ability_manager", + "ability_runtime:app_manager", + "ability_runtime:runtime", + "ability_runtime:wantagent_innerkits", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_core", + "cJSON:cjson_static", + "c_utils:utils", + "hilog:libhilog", + "hitrace:hitrace_meter", + "ipc:ipc_core", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", + "selinux_adapter:librestorecon", + ] + + defines = [ "private=public" ] +} diff --git a/test/fuzztest/fileaccessextcopy_fuzzer/corpus/init b/test/fuzztest/fileaccessextcopy_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/fileaccessextcopy_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/fileaccessextbaseproxy_fuzzer/fileaccessextbaseproxy_fuzzer.cpp b/test/fuzztest/fileaccessextcopy_fuzzer/fileaccessextcopy_fuzzer.cpp similarity index 30% rename from test/fuzztest/fileaccessextbaseproxy_fuzzer/fileaccessextbaseproxy_fuzzer.cpp rename to test/fuzztest/fileaccessextcopy_fuzzer/fileaccessextcopy_fuzzer.cpp index 58e66d32be9e6b956c688badbf06b43ef175b20f..ab945c48d2434165d3fd20bbde346ce54ce64955 100644 --- a/test/fuzztest/fileaccessextbaseproxy_fuzzer/fileaccessextbaseproxy_fuzzer.cpp +++ b/test/fuzztest/fileaccessextcopy_fuzzer/fileaccessextcopy_fuzzer.cpp @@ -12,7 +12,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#include "fileaccessextbaseproxy_fuzzer.h" +#include "fileaccessextcopy_fuzzer.h" #include #include @@ -87,57 +87,6 @@ shared_ptr GetFileAccessHelper() return g_fah; } -bool OpenFileFuzzTest(sptr proxy, const uint8_t *data, size_t size) -{ - if (data == nullptr || size < sizeof(int32_t) + sizeof(int)) { - return true; - } - - int pos = 0; - int32_t flags = TypeCast(data, &pos); - int fd = TypeCast(data + pos, &pos); - Urie uri(string(reinterpret_cast(data + pos), size - sizeof(int32_t) - sizeof(int))); - proxy->OpenFile(uri, flags, fd); - return true; -} - -bool CreateFileFuzzTest(sptr proxy, const uint8_t *data, size_t size) -{ - int len = size / 3; - Urie parent(string(reinterpret_cast(data), len)); - string displayName(string(reinterpret_cast(data + len), len)); - Urie newFile(string(reinterpret_cast(data + len + len), len)); - proxy->CreateFile(parent, displayName, newFile); - return true; -} - -bool MkdirFuzzTest(sptr proxy, const uint8_t *data, size_t size) -{ - int len = size / 3; - Urie parent(string(reinterpret_cast(data), len)); - string displayName(string(reinterpret_cast(data + len), len)); - Urie newFile(string(reinterpret_cast(data + len + len), len)); - proxy->Mkdir(parent, displayName, newFile); - return true; -} - -bool DeleteFuzzTest(sptr proxy, const uint8_t *data, size_t size) -{ - Urie sourceFile(string(reinterpret_cast(data), size)); - proxy->Delete(sourceFile); - return true; -} - -bool MoveFuzzTest(sptr proxy, const uint8_t *data, size_t size) -{ - int len = size / 3; - Urie sourceFile(string(reinterpret_cast(data), len)); - string targetParent(string(reinterpret_cast(data + len), len)); - Urie newFile(string(reinterpret_cast(data + len + len), len)); - proxy->Move(sourceFile, targetParent, newFile); - return true; -} - bool CopyFuzzTest(sptr proxy, const uint8_t *data, size_t size) { if (data == nullptr || size < sizeof(bool)) { @@ -155,192 +104,6 @@ bool CopyFuzzTest(sptr proxy, const uint8_t *data, size_t si proxy->Copy(sourceUri, destUri, copyResult, retCode, force); return true; } - -bool CopyFileFuzzTest(sptr proxy, const uint8_t *data, size_t size) -{ - int len = size / 3; - Urie sourceUri(string(reinterpret_cast(data), len)); - Urie destUri(string(reinterpret_cast(data + len), len)); - string fileName(string(reinterpret_cast(data + len + len), len)); - Urie newFileUri; - proxy->CopyFile(sourceUri, destUri, fileName, newFileUri); - return true; -} - -bool RenameFuzzTest(sptr proxy, const uint8_t *data, size_t size) -{ - int len = size / 2; - Urie sourceFile(string(reinterpret_cast(data), len)); - string displayName(string(reinterpret_cast(data + len), len)); - Urie newFile; - proxy->Rename(sourceFile, displayName, newFile); - return true; -} - -bool ListFileFuzzTest(sptr proxy, const uint8_t *data, size_t size) -{ - if (data == nullptr || size < sizeof(int64_t)) { - return true; - } - - int pos = 0; - int64_t offset = TypeCast(data, &pos); - - FileInfo fileInfo; - fileInfo.uri = std::string(reinterpret_cast(data + pos), size - pos); - SharedMemoryInfo memInfo; - int result = SharedMemoryOperation::CreateSharedMemory("FileInfo List", DEFAULT_CAPACITY_200KB, memInfo); - if (result != OHOS::FileAccessFwk::ERR_OK) { - printf("CreateSharedMemory failed. ret : %d", result); - return false; - } - FileFilter filter; - proxy->ListFile(fileInfo, offset, filter, memInfo); - SharedMemoryOperation::DestroySharedMemory(memInfo); - return true; -} - -bool ScanFileFuzzTest(sptr proxy, const uint8_t *data, size_t size) -{ - if (data == nullptr || size < sizeof(int64_t) + sizeof(int64_t)) { - return true; - } - - int pos = 0; - int64_t offset = TypeCast(data, &pos); - int64_t maxCount = TypeCast(data + pos, &pos); - - FileInfo fileInfo; - fileInfo.uri = std::string(reinterpret_cast(data + pos), size - pos); - std::vector fileInfoVec; - FileFilter filter; - proxy->ScanFile(fileInfo, offset, maxCount, filter, fileInfoVec); - return true; -} - -bool QueryFuzzTest(sptr proxy, const uint8_t *data, size_t size) -{ - int len = size / 4; - Urie uri(string(reinterpret_cast(data), len)); - vector columns { - string(reinterpret_cast(data + len), len), - string(reinterpret_cast(data + len + len), len), - string(reinterpret_cast(data + len + len + len), len) - }; - vector results; - proxy->Query(uri, columns, results); - return true; -} - -bool GetFileInfoFromUriFuzzTest(sptr proxy, const uint8_t *data, size_t size) -{ - Urie selectFile(string(reinterpret_cast(data), size)); - FileInfo fileInfo; - proxy->GetFileInfoFromUri(selectFile, fileInfo); - return true; -} - -bool GetRootsFuzzTest(sptr proxy, const uint8_t *data, size_t size) -{ - (void)data; - vector rootInfoVec; - proxy->GetRoots(rootInfoVec); - return true; -} - -bool AccessFuzzTest(sptr proxy, const uint8_t *data, size_t size) -{ - Urie uri(string(reinterpret_cast(data), size)); - bool isExist = false; - proxy->Access(uri, isExist); - return true; -} - -bool StartWatcherFuzzTest(sptr proxy, const uint8_t *data, size_t size) -{ - Urie uri(string(reinterpret_cast(data), size)); - proxy->StartWatcher(uri); - return true; -} - -bool StopWatcherFuzzTest(sptr proxy, const uint8_t *data, size_t size) -{ - Urie uri(string(reinterpret_cast(data), size)); - proxy->StopWatcher(uri); - return true; -} - -bool MoveItemFuzzTest(sptr proxy, const uint8_t *data, size_t size) -{ - if (data == nullptr || size < sizeof(bool)) { - return true; - } - - vector moveResult; - int32_t retCode = 0; - int pos = 0; - bool force = TypeCast(data, &pos); - int len = (size - pos) / 2; - Urie sourceFile(string(reinterpret_cast(data + pos), len)); - Urie targetParent(string(reinterpret_cast(data + pos + len), len)); - - proxy->MoveItem(sourceFile, targetParent, moveResult, retCode, force); - return true; -} - -bool MoveFileFuzzTest(sptr proxy, const uint8_t *data, size_t size) -{ - int len = size / 3; - Urie sourceFile(string(reinterpret_cast(data), len)); - Urie targetParent(string(reinterpret_cast(data + len), len)); - string fileName(string(reinterpret_cast(data + len + len), len)); - Urie newFile; - proxy->MoveFile(sourceFile, targetParent, fileName, newFile); - return true; -} - -bool UrieFuzzTest(const uint8_t *data, size_t size) -{ - int len = size / 2; - Urie uri(string(reinterpret_cast(data), len)); - Urie other(string(reinterpret_cast(data + len), len)); - - uri.uriString_ = string(reinterpret_cast(data), len); - uri.GetScheme(); - uri.GetSchemeSpecificPart(); - uri.GetAuthority(); - uri.GetHost(); - uri.GetPort(); - uri.GetUserInfo(); - uri.GetQuery(); - uri.GetPath(); - uri.GetFragment(); - uri.IsHierarchical(); - uri.IsAbsolute(); - uri.IsRelative(); - uri.ToString(); - uri.CheckScheme(); - uri.ParseScheme(); - uri.ParseSsp(); - uri.ParseAuthority(); - uri.ParseUserInfo(); - uri.ParseHost(); - uri.ParsePort(); - uri.ParsePath(); - uri.ParsePath(NOT_FOUND); - uri.ParseQuery(); - uri.ParseFragment(); - uri.FindSchemeSeparator(); - uri.FindFragmentSeparator(); - uri.Equals(other); - uri.CompareTo(other); - vector segments; - uri.GetPathSegments(segments); - Parcel parcel; - uri.Marshalling(parcel); - uri.Unmarshalling(parcel); - return (uri == other); -} } // namespace OHOS /* Fuzzer entry point */ @@ -359,25 +122,6 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) return 0; } - OHOS::OpenFileFuzzTest(proxy, data, size); - OHOS::CreateFileFuzzTest(proxy, data, size); - OHOS::MkdirFuzzTest(proxy, data, size); - OHOS::DeleteFuzzTest(proxy, data, size); - OHOS::MoveFuzzTest(proxy, data, size); OHOS::CopyFuzzTest(proxy, data, size); - OHOS::CopyFileFuzzTest(proxy, data, size); - OHOS::RenameFuzzTest(proxy, data, size); - OHOS::ListFileFuzzTest(proxy, data, size); - OHOS::ScanFileFuzzTest(proxy, data, size); - OHOS::QueryFuzzTest(proxy, data, size); - OHOS::GetFileInfoFromUriFuzzTest(proxy, data, size); - OHOS::GetRootsFuzzTest(proxy, data, size); - OHOS::AccessFuzzTest(proxy, data, size); - OHOS::StartWatcherFuzzTest(proxy, data, size); - OHOS::StopWatcherFuzzTest(proxy, data, size); - OHOS::MoveItemFuzzTest(proxy, data, size); - OHOS::MoveFileFuzzTest(proxy, data, size); - - OHOS::UrieFuzzTest(data, size); return 0; } diff --git a/test/fuzztest/fileaccessextcopy_fuzzer/fileaccessextcopy_fuzzer.h b/test/fuzztest/fileaccessextcopy_fuzzer/fileaccessextcopy_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..e22bf146a5538e9d388fde75de6b36a441f2bfb8 --- /dev/null +++ b/test/fuzztest/fileaccessextcopy_fuzzer/fileaccessextcopy_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_ACCESS_EXTCOPY_FUZZER_H +#define FILE_ACCESS_EXTCOPY_FUZZER_H + +#define FUZZ_PROJECT_NAME "fileaccessextcopy_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/fileaccessextcopy_fuzzer/project.xml b/test/fuzztest/fileaccessextcopy_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..8cd958170c96fc8fbad21fc1becdb23a91a9cd26 --- /dev/null +++ b/test/fuzztest/fileaccessextcopy_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/fileaccessextcopyfile_fuzzer/BUILD.gn b/test/fuzztest/fileaccessextcopyfile_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..c6d58e1a68ed642c5140054164a14108b201043c --- /dev/null +++ b/test/fuzztest/fileaccessextcopyfile_fuzzer/BUILD.gn @@ -0,0 +1,68 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") +ohos_fuzztest("FileAccessExtCopyFileFuzzTest") { + module_out_path = "user_file_service/user_file_service" + fuzz_config_file = + "${user_file_service_path}/test/fuzztest/fileaccessextcopyfile_fuzzer" + include_dirs = [ + "${user_file_service_path}/interfaces/inner_api/file_access/include", + "${user_file_service_path}/test/fuzztest/privacy_comm/include", + "${user_file_service_path}/utils", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ + "fileaccessextcopyfile_fuzzer.cpp", + "${user_file_service_path}/test/fuzztest/privacy_comm/src/user_file_service_token_mock.cpp" + ] + + deps = [ + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_ext_base_include", + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit", + "${user_file_service_path}/services:file_access_service", + "${user_file_service_path}/services:file_access_service_base_include", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "ability_runtime:ability_context_native", + "ability_runtime:ability_manager", + "ability_runtime:app_manager", + "ability_runtime:runtime", + "ability_runtime:wantagent_innerkits", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_core", + "cJSON:cjson_static", + "c_utils:utils", + "hilog:libhilog", + "hitrace:hitrace_meter", + "ipc:ipc_core", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", + "selinux_adapter:librestorecon", + ] + + defines = [ "private=public" ] +} diff --git a/test/fuzztest/fileaccessextcopyfile_fuzzer/corpus/init b/test/fuzztest/fileaccessextcopyfile_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/fileaccessextcopyfile_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/fileaccessextcopyfile_fuzzer/fileaccessextcopyfile_fuzzer.cpp b/test/fuzztest/fileaccessextcopyfile_fuzzer/fileaccessextcopyfile_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..59537cb624583c4e7c0897c2d62f326b11f3aee7 --- /dev/null +++ b/test/fuzztest/fileaccessextcopyfile_fuzzer/fileaccessextcopyfile_fuzzer.cpp @@ -0,0 +1,120 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "fileaccessextcopyfile_fuzzer.h" + +#include +#include + +#include "accesstoken_kit.h" +#include "file_access_helper.h" +#include "file_access_ext_base_proxy.h" +#include "file_info_shared_memory.h" +#include "iservice_registry.h" +#include "token_setproc.h" +#include "nativetoken_kit.h" + +#include "user_file_service_token_mock.h" + +namespace OHOS { +using namespace std; +using namespace FileAccessFwk; + +const int ABILITY_ID = 5003; +shared_ptr g_fah = nullptr; +const int UID_TRANSFORM_TMP = 20000000; +const int UID_DEFAULT = 0; + +template +T TypeCast(const uint8_t *data, int *pos = nullptr) +{ + if (pos) { + *pos += sizeof(T); + } + return *(reinterpret_cast(data)); +} + +shared_ptr GetFileAccessHelper() +{ + if (g_fah != nullptr) { + return g_fah; + } + auto saManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); + if (saManager == nullptr) { + return nullptr; + } + auto remoteObj = saManager->GetSystemAbility(ABILITY_ID); + AAFwk::Want want; + vector wantVec; + setuid(UID_TRANSFORM_TMP); + int ret = FileAccessHelper::GetRegisteredFileAccessExtAbilityInfo(wantVec); + if (ret != OHOS::FileAccessFwk::ERR_OK) { + printf("GetRegisteredFileAccessExtAbilityInfo failed."); + return nullptr; + } + bool sus = false; + for (size_t i = 0; i < wantVec.size(); i++) { + auto element = wantVec[i].GetElement(); + if (element.GetBundleName() == "com.ohos.UserFile.ExternalFileManager" && + element.GetAbilityName() == "FileExtensionAbility") { + want = wantVec[i]; + sus = true; + break; + } + } + if (!sus) { + printf("not found bundleName."); + return nullptr; + } + vector wants {want}; + g_fah = FileAccessHelper::Creator(remoteObj, wants); + setuid(UID_DEFAULT); + if (g_fah == nullptr) { + printf("creator fileAccessHelper return nullptr."); + return nullptr; + } + return g_fah; +} + +bool CopyFileFuzzTest(sptr proxy, const uint8_t *data, size_t size) +{ + int len = size / 3; + Urie sourceUri(string(reinterpret_cast(data), len)); + Urie destUri(string(reinterpret_cast(data + len), len)); + string fileName(string(reinterpret_cast(data + len + len), len)); + Urie newFileUri; + proxy->CopyFile(sourceUri, destUri, fileName, newFileUri); + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + OHOS::UserFileServiceTokenMock tokenMock; + tokenMock.SetFileManagerToken(); + auto helper = OHOS::GetFileAccessHelper(); + if (helper == nullptr) { + printf("helper is nullptr."); + return false; + } + auto proxy = helper->GetProxyByBundleName(OHOS::EXTERNAL_BNUDLE_NAME); + if (proxy == nullptr) { + printf("get proxy failed."); + return 0; + } + + OHOS::CopyFileFuzzTest(proxy, data, size); + return 0; +} diff --git a/test/fuzztest/fileaccessextcopyfile_fuzzer/fileaccessextcopyfile_fuzzer.h b/test/fuzztest/fileaccessextcopyfile_fuzzer/fileaccessextcopyfile_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..d9743639f9f7cb48000a79d427affb1202364bbe --- /dev/null +++ b/test/fuzztest/fileaccessextcopyfile_fuzzer/fileaccessextcopyfile_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_ACCESS_EXTCOPYFILE_FUZZER_H +#define FILE_ACCESS_EXTCOPYFILE_FUZZER_H + +#define FUZZ_PROJECT_NAME "fileaccessextcopyfile_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/fileaccessextcopyfile_fuzzer/project.xml b/test/fuzztest/fileaccessextcopyfile_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..8cd958170c96fc8fbad21fc1becdb23a91a9cd26 --- /dev/null +++ b/test/fuzztest/fileaccessextcopyfile_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/fileaccessextcreatefile_fuzzer/BUILD.gn b/test/fuzztest/fileaccessextcreatefile_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..0381bcd985d20a8ff682b52fa1a8536d9459764a --- /dev/null +++ b/test/fuzztest/fileaccessextcreatefile_fuzzer/BUILD.gn @@ -0,0 +1,68 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") +ohos_fuzztest("FileAccessExtCreateFileFuzzTest") { + module_out_path = "user_file_service/user_file_service" + fuzz_config_file = + "${user_file_service_path}/test/fuzztest/fileaccessextcreatefile_fuzzer" + include_dirs = [ + "${user_file_service_path}/interfaces/inner_api/file_access/include", + "${user_file_service_path}/test/fuzztest/privacy_comm/include", + "${user_file_service_path}/utils", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ + "fileaccessextcreatefile_fuzzer.cpp", + "${user_file_service_path}/test/fuzztest/privacy_comm/src/user_file_service_token_mock.cpp" + ] + + deps = [ + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_ext_base_include", + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit", + "${user_file_service_path}/services:file_access_service", + "${user_file_service_path}/services:file_access_service_base_include", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "ability_runtime:ability_context_native", + "ability_runtime:ability_manager", + "ability_runtime:app_manager", + "ability_runtime:runtime", + "ability_runtime:wantagent_innerkits", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_core", + "cJSON:cjson_static", + "c_utils:utils", + "hilog:libhilog", + "hitrace:hitrace_meter", + "ipc:ipc_core", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", + "selinux_adapter:librestorecon", + ] + + defines = [ "private=public" ] +} diff --git a/test/fuzztest/fileaccessextcreatefile_fuzzer/corpus/init b/test/fuzztest/fileaccessextcreatefile_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/fileaccessextcreatefile_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/fileaccessextcreatefile_fuzzer/fileaccessextcreatefile_fuzzer.cpp b/test/fuzztest/fileaccessextcreatefile_fuzzer/fileaccessextcreatefile_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..f6b03ec41522d5acd19465dcf798bb6317db1798 --- /dev/null +++ b/test/fuzztest/fileaccessextcreatefile_fuzzer/fileaccessextcreatefile_fuzzer.cpp @@ -0,0 +1,119 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "fileaccessextcreatefile_fuzzer.h" + +#include +#include + +#include "accesstoken_kit.h" +#include "file_access_helper.h" +#include "file_access_ext_base_proxy.h" +#include "file_info_shared_memory.h" +#include "iservice_registry.h" +#include "token_setproc.h" +#include "nativetoken_kit.h" + +#include "user_file_service_token_mock.h" + +namespace OHOS { +using namespace std; +using namespace FileAccessFwk; + +const int ABILITY_ID = 5003; +shared_ptr g_fah = nullptr; +const int UID_TRANSFORM_TMP = 20000000; +const int UID_DEFAULT = 0; + +template +T TypeCast(const uint8_t *data, int *pos = nullptr) +{ + if (pos) { + *pos += sizeof(T); + } + return *(reinterpret_cast(data)); +} + +shared_ptr GetFileAccessHelper() +{ + if (g_fah != nullptr) { + return g_fah; + } + auto saManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); + if (saManager == nullptr) { + return nullptr; + } + auto remoteObj = saManager->GetSystemAbility(ABILITY_ID); + AAFwk::Want want; + vector wantVec; + setuid(UID_TRANSFORM_TMP); + int ret = FileAccessHelper::GetRegisteredFileAccessExtAbilityInfo(wantVec); + if (ret != OHOS::FileAccessFwk::ERR_OK) { + printf("GetRegisteredFileAccessExtAbilityInfo failed."); + return nullptr; + } + bool sus = false; + for (size_t i = 0; i < wantVec.size(); i++) { + auto element = wantVec[i].GetElement(); + if (element.GetBundleName() == "com.ohos.UserFile.ExternalFileManager" && + element.GetAbilityName() == "FileExtensionAbility") { + want = wantVec[i]; + sus = true; + break; + } + } + if (!sus) { + printf("not found bundleName."); + return nullptr; + } + vector wants {want}; + g_fah = FileAccessHelper::Creator(remoteObj, wants); + setuid(UID_DEFAULT); + if (g_fah == nullptr) { + printf("creator fileAccessHelper return nullptr."); + return nullptr; + } + return g_fah; +} + +bool CreateFileFuzzTest(sptr proxy, const uint8_t *data, size_t size) +{ + int len = size / 3; + Urie parent(string(reinterpret_cast(data), len)); + string displayName(string(reinterpret_cast(data + len), len)); + Urie newFile(string(reinterpret_cast(data + len + len), len)); + proxy->CreateFile(parent, displayName, newFile); + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + OHOS::UserFileServiceTokenMock tokenMock; + tokenMock.SetFileManagerToken(); + auto helper = OHOS::GetFileAccessHelper(); + if (helper == nullptr) { + printf("helper is nullptr."); + return false; + } + auto proxy = helper->GetProxyByBundleName(OHOS::EXTERNAL_BNUDLE_NAME); + if (proxy == nullptr) { + printf("get proxy failed."); + return 0; + } + + OHOS::CreateFileFuzzTest(proxy, data, size); + return 0; +} diff --git a/test/fuzztest/fileaccessextcreatefile_fuzzer/fileaccessextcreatefile_fuzzer.h b/test/fuzztest/fileaccessextcreatefile_fuzzer/fileaccessextcreatefile_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..a3c2a606f15aba99098d053fd264b1c5c83c1501 --- /dev/null +++ b/test/fuzztest/fileaccessextcreatefile_fuzzer/fileaccessextcreatefile_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_ACCESS_EXTCREATEFILE_FUZZER_H +#define FILE_ACCESS_EXTCREATEFILE_FUZZER_H + +#define FUZZ_PROJECT_NAME "fileaccessextcreatefile_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/fileaccessextcreatefile_fuzzer/project.xml b/test/fuzztest/fileaccessextcreatefile_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..8cd958170c96fc8fbad21fc1becdb23a91a9cd26 --- /dev/null +++ b/test/fuzztest/fileaccessextcreatefile_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/fileaccessextdelete_fuzzer/BUILD.gn b/test/fuzztest/fileaccessextdelete_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..7014c11623359a2107e86607d3502a79959e2871 --- /dev/null +++ b/test/fuzztest/fileaccessextdelete_fuzzer/BUILD.gn @@ -0,0 +1,68 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") +ohos_fuzztest("FileAccessExtDeleteFuzzTest") { + module_out_path = "user_file_service/user_file_service" + fuzz_config_file = + "${user_file_service_path}/test/fuzztest/fileaccessextdelete_fuzzer" + include_dirs = [ + "${user_file_service_path}/interfaces/inner_api/file_access/include", + "${user_file_service_path}/test/fuzztest/privacy_comm/include", + "${user_file_service_path}/utils", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ + "fileaccessextdelete_fuzzer.cpp", + "${user_file_service_path}/test/fuzztest/privacy_comm/src/user_file_service_token_mock.cpp" + ] + + deps = [ + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_ext_base_include", + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit", + "${user_file_service_path}/services:file_access_service", + "${user_file_service_path}/services:file_access_service_base_include", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "ability_runtime:ability_context_native", + "ability_runtime:ability_manager", + "ability_runtime:app_manager", + "ability_runtime:runtime", + "ability_runtime:wantagent_innerkits", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_core", + "cJSON:cjson_static", + "c_utils:utils", + "hilog:libhilog", + "hitrace:hitrace_meter", + "ipc:ipc_core", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", + "selinux_adapter:librestorecon", + ] + + defines = [ "private=public" ] +} diff --git a/test/fuzztest/fileaccessextdelete_fuzzer/corpus/init b/test/fuzztest/fileaccessextdelete_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/fileaccessextdelete_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/fileaccessextdelete_fuzzer/fileaccessextdelete_fuzzer.cpp b/test/fuzztest/fileaccessextdelete_fuzzer/fileaccessextdelete_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..17caee1ed1bae2799a1cb20bed35a869196a6cc7 --- /dev/null +++ b/test/fuzztest/fileaccessextdelete_fuzzer/fileaccessextdelete_fuzzer.cpp @@ -0,0 +1,116 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "fileaccessextdelete_fuzzer.h" + +#include +#include + +#include "accesstoken_kit.h" +#include "file_access_helper.h" +#include "file_access_ext_base_proxy.h" +#include "file_info_shared_memory.h" +#include "iservice_registry.h" +#include "token_setproc.h" +#include "nativetoken_kit.h" + +#include "user_file_service_token_mock.h" + +namespace OHOS { +using namespace std; +using namespace FileAccessFwk; + +const int ABILITY_ID = 5003; +shared_ptr g_fah = nullptr; +const int UID_TRANSFORM_TMP = 20000000; +const int UID_DEFAULT = 0; + +template +T TypeCast(const uint8_t *data, int *pos = nullptr) +{ + if (pos) { + *pos += sizeof(T); + } + return *(reinterpret_cast(data)); +} + +shared_ptr GetFileAccessHelper() +{ + if (g_fah != nullptr) { + return g_fah; + } + auto saManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); + if (saManager == nullptr) { + return nullptr; + } + auto remoteObj = saManager->GetSystemAbility(ABILITY_ID); + AAFwk::Want want; + vector wantVec; + setuid(UID_TRANSFORM_TMP); + int ret = FileAccessHelper::GetRegisteredFileAccessExtAbilityInfo(wantVec); + if (ret != OHOS::FileAccessFwk::ERR_OK) { + printf("GetRegisteredFileAccessExtAbilityInfo failed."); + return nullptr; + } + bool sus = false; + for (size_t i = 0; i < wantVec.size(); i++) { + auto element = wantVec[i].GetElement(); + if (element.GetBundleName() == "com.ohos.UserFile.ExternalFileManager" && + element.GetAbilityName() == "FileExtensionAbility") { + want = wantVec[i]; + sus = true; + break; + } + } + if (!sus) { + printf("not found bundleName."); + return nullptr; + } + vector wants {want}; + g_fah = FileAccessHelper::Creator(remoteObj, wants); + setuid(UID_DEFAULT); + if (g_fah == nullptr) { + printf("creator fileAccessHelper return nullptr."); + return nullptr; + } + return g_fah; +} + +bool DeleteFuzzTest(sptr proxy, const uint8_t *data, size_t size) +{ + Urie sourceFile(string(reinterpret_cast(data), size)); + proxy->Delete(sourceFile); + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + OHOS::UserFileServiceTokenMock tokenMock; + tokenMock.SetFileManagerToken(); + auto helper = OHOS::GetFileAccessHelper(); + if (helper == nullptr) { + printf("helper is nullptr."); + return false; + } + auto proxy = helper->GetProxyByBundleName(OHOS::EXTERNAL_BNUDLE_NAME); + if (proxy == nullptr) { + printf("get proxy failed."); + return 0; + } + + OHOS::DeleteFuzzTest(proxy, data, size); + return 0; +} diff --git a/test/fuzztest/fileaccessextdelete_fuzzer/fileaccessextdelete_fuzzer.h b/test/fuzztest/fileaccessextdelete_fuzzer/fileaccessextdelete_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..4ae8b3e8e6e1168fa34fc3cc71c7be1eeb15f5dd --- /dev/null +++ b/test/fuzztest/fileaccessextdelete_fuzzer/fileaccessextdelete_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_ACCESS_EXTDELETE_FUZZER_H +#define FILE_ACCESS_EXTDELETE_FUZZER_H + +#define FUZZ_PROJECT_NAME "fileaccessextdelete_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/fileaccessextdelete_fuzzer/project.xml b/test/fuzztest/fileaccessextdelete_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..8cd958170c96fc8fbad21fc1becdb23a91a9cd26 --- /dev/null +++ b/test/fuzztest/fileaccessextdelete_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + + diff --git a/test/fuzztest/fileaccessextgetfileinfo_fuzzer/BUILD.gn b/test/fuzztest/fileaccessextgetfileinfo_fuzzer/BUILD.gn new file mode 100644 index 0000000000000000000000000000000000000000..d65205058cd24f5268e4c09c024fab6b1e5cf57d --- /dev/null +++ b/test/fuzztest/fileaccessextgetfileinfo_fuzzer/BUILD.gn @@ -0,0 +1,68 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +#####################hydra-fuzz################### +import("//build/config/features.gni") +import("//build/test.gni") +import("//foundation/filemanagement/user_file_service/filemanagement_aafwk.gni") +ohos_fuzztest("FileAccessExtGetFileInfoFuzzTest") { + module_out_path = "user_file_service/user_file_service" + fuzz_config_file = + "${user_file_service_path}/test/fuzztest/fileaccessextgetfileinfo_fuzzer" + include_dirs = [ + "${user_file_service_path}/interfaces/inner_api/file_access/include", + "${user_file_service_path}/test/fuzztest/privacy_comm/include", + "${user_file_service_path}/utils", + ] + cflags = [ + "-g", + "-O0", + "-Wno-unused-variable", + "-fno-omit-frame-pointer", + ] + sources = [ + "fileaccessextgetfileinfo_fuzzer.cpp", + "${user_file_service_path}/test/fuzztest/privacy_comm/src/user_file_service_token_mock.cpp" + ] + + deps = [ + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_ext_base_include", + "${user_file_service_path}/interfaces/inner_api/file_access:file_access_extension_ability_kit", + "${user_file_service_path}/services:file_access_service", + "${user_file_service_path}/services:file_access_service_base_include", + ] + + external_deps = [ + "ability_base:want", + "ability_base:zuri", + "ability_runtime:ability_context_native", + "ability_runtime:ability_manager", + "ability_runtime:app_manager", + "ability_runtime:runtime", + "ability_runtime:wantagent_innerkits", + "access_token:libaccesstoken_sdk", + "access_token:libnativetoken", + "access_token:libtoken_setproc", + "bundle_framework:appexecfwk_core", + "cJSON:cjson_static", + "c_utils:utils", + "hilog:libhilog", + "hitrace:hitrace_meter", + "ipc:ipc_core", + "safwk:system_ability_fwk", + "samgr:samgr_proxy", + "selinux_adapter:librestorecon", + ] + + defines = [ "private=public" ] +} diff --git a/test/fuzztest/fileaccessextgetfileinfo_fuzzer/corpus/init b/test/fuzztest/fileaccessextgetfileinfo_fuzzer/corpus/init new file mode 100644 index 0000000000000000000000000000000000000000..7ade8a0faafeaedba7241e7d4a97b8e1f9691932 --- /dev/null +++ b/test/fuzztest/fileaccessextgetfileinfo_fuzzer/corpus/init @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +FUZZ \ No newline at end of file diff --git a/test/fuzztest/fileaccessextgetfileinfo_fuzzer/fileaccessextgetfileinfo_fuzzer.cpp b/test/fuzztest/fileaccessextgetfileinfo_fuzzer/fileaccessextgetfileinfo_fuzzer.cpp new file mode 100644 index 0000000000000000000000000000000000000000..4a32fc94458767855ce766c42b0979f866565fc8 --- /dev/null +++ b/test/fuzztest/fileaccessextgetfileinfo_fuzzer/fileaccessextgetfileinfo_fuzzer.cpp @@ -0,0 +1,117 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include "fileaccessextgetfileinfo_fuzzer.h" + +#include +#include + +#include "accesstoken_kit.h" +#include "file_access_helper.h" +#include "file_access_ext_base_proxy.h" +#include "file_info_shared_memory.h" +#include "iservice_registry.h" +#include "token_setproc.h" +#include "nativetoken_kit.h" + +#include "user_file_service_token_mock.h" + +namespace OHOS { +using namespace std; +using namespace FileAccessFwk; + +const int ABILITY_ID = 5003; +shared_ptr g_fah = nullptr; +const int UID_TRANSFORM_TMP = 20000000; +const int UID_DEFAULT = 0; + +template +T TypeCast(const uint8_t *data, int *pos = nullptr) +{ + if (pos) { + *pos += sizeof(T); + } + return *(reinterpret_cast(data)); +} + +shared_ptr GetFileAccessHelper() +{ + if (g_fah != nullptr) { + return g_fah; + } + auto saManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); + if (saManager == nullptr) { + return nullptr; + } + auto remoteObj = saManager->GetSystemAbility(ABILITY_ID); + AAFwk::Want want; + vector wantVec; + setuid(UID_TRANSFORM_TMP); + int ret = FileAccessHelper::GetRegisteredFileAccessExtAbilityInfo(wantVec); + if (ret != OHOS::FileAccessFwk::ERR_OK) { + printf("GetRegisteredFileAccessExtAbilityInfo failed."); + return nullptr; + } + bool sus = false; + for (size_t i = 0; i < wantVec.size(); i++) { + auto element = wantVec[i].GetElement(); + if (element.GetBundleName() == "com.ohos.UserFile.ExternalFileManager" && + element.GetAbilityName() == "FileExtensionAbility") { + want = wantVec[i]; + sus = true; + break; + } + } + if (!sus) { + printf("not found bundleName."); + return nullptr; + } + vector wants {want}; + g_fah = FileAccessHelper::Creator(remoteObj, wants); + setuid(UID_DEFAULT); + if (g_fah == nullptr) { + printf("creator fileAccessHelper return nullptr."); + return nullptr; + } + return g_fah; +} + +bool GetFileInfoFromUriFuzzTest(sptr proxy, const uint8_t *data, size_t size) +{ + Urie selectFile(string(reinterpret_cast(data), size)); + FileInfo fileInfo; + proxy->GetFileInfoFromUri(selectFile, fileInfo); + return true; +} +} // namespace OHOS + +/* Fuzzer entry point */ +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) +{ + OHOS::UserFileServiceTokenMock tokenMock; + tokenMock.SetFileManagerToken(); + auto helper = OHOS::GetFileAccessHelper(); + if (helper == nullptr) { + printf("helper is nullptr."); + return false; + } + auto proxy = helper->GetProxyByBundleName(OHOS::EXTERNAL_BNUDLE_NAME); + if (proxy == nullptr) { + printf("get proxy failed."); + return 0; + } + + OHOS::GetFileInfoFromUriFuzzTest(proxy, data, size); + return 0; +} diff --git a/test/fuzztest/fileaccessextgetfileinfo_fuzzer/fileaccessextgetfileinfo_fuzzer.h b/test/fuzztest/fileaccessextgetfileinfo_fuzzer/fileaccessextgetfileinfo_fuzzer.h new file mode 100644 index 0000000000000000000000000000000000000000..0b97f6d22a387eaeebdbbac5279b5559734f5d6f --- /dev/null +++ b/test/fuzztest/fileaccessextgetfileinfo_fuzzer/fileaccessextgetfileinfo_fuzzer.h @@ -0,0 +1,21 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FILE_ACCESS_EXTGETFILEINFO_FUZZER_H +#define FILE_ACCESS_EXTGETFILEINFO_FUZZER_H + +#define FUZZ_PROJECT_NAME "fileaccessextgetfileinfo_fuzzer" + +#endif \ No newline at end of file diff --git a/test/fuzztest/fileaccessextgetfileinfo_fuzzer/project.xml b/test/fuzztest/fileaccessextgetfileinfo_fuzzer/project.xml new file mode 100644 index 0000000000000000000000000000000000000000..8cd958170c96fc8fbad21fc1becdb23a91a9cd26 --- /dev/null +++ b/test/fuzztest/fileaccessextgetfileinfo_fuzzer/project.xml @@ -0,0 +1,25 @@ + + + + + + 1000 + + 300 + + 4096 + +