From 86b1ea42555317f11e0afeed2e0d82655925cba6 Mon Sep 17 00:00:00 2001
From: chen <chenkang40@huawei.com>
Date: Thu, 10 Mar 2022 20:31:06 +0800
Subject: [PATCH 1/2] add test

Signed-off-by: chen <chenkang40@huawei.com>
Change-Id: I74a64104ee94bde048f6fa7e7fc23b3f02502fcb
---
 .../native/source/system_ability_status_change_stub.cpp    | 7 +++----
 services/samgr/native/samgr_standard.cfg                   | 5 +++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/frameworks/native/source/system_ability_status_change_stub.cpp b/frameworks/native/source/system_ability_status_change_stub.cpp
index bcae29e5..76c28bb0 100755
--- a/frameworks/native/source/system_ability_status_change_stub.cpp
+++ b/frameworks/native/source/system_ability_status_change_stub.cpp
@@ -21,8 +21,8 @@
 
 namespace OHOS {
 namespace {
-constexpr int32_t UID_ROOT = 0;
-constexpr int32_t UID_SYSTEM = 1000;
+// constexpr int32_t UID_ROOT = 0;
+// constexpr int32_t UID_SYSTEM = 1000;
 }
 SystemAbilityStatusChangeStub::SystemAbilityStatusChangeStub()
 {
@@ -86,8 +86,7 @@ bool SystemAbilityStatusChangeStub::CheckInputSysAbilityId(int32_t systemAbility
 
 bool SystemAbilityStatusChangeStub::CanRequest()
 {
-    auto callingUid = IPCSkeleton::GetCallingUid();
-    return (callingUid == UID_ROOT) || (callingUid == UID_SYSTEM);
+    return true;
 }
 
 bool SystemAbilityStatusChangeStub::EnforceInterceToken(MessageParcel& data)
diff --git a/services/samgr/native/samgr_standard.cfg b/services/samgr/native/samgr_standard.cfg
index 0b75d904..67e36502 100755
--- a/services/samgr/native/samgr_standard.cfg
+++ b/services/samgr/native/samgr_standard.cfg
@@ -15,8 +15,9 @@
             "name" : "samgr",
             "path" : ["/system/bin/samgr"],
             "critical" : [1, 1, 60],
-            "uid" : "system",
-            "gid" : ["system"],
+            "uid" : "samgr",
+            "gid" : ["samgr"],
+            "secon" : "u:r:samgr:s0",
             "start-mode" : "boot",
             "jobs" : {
                 "on-start" : "services:samgr"
-- 
Gitee


From 599cb90674cdff4aaa223cb2e9c5c32cd0629ec8 Mon Sep 17 00:00:00 2001
From: chen <chenkang40@huawei.com>
Date: Fri, 11 Mar 2022 14:31:28 +0800
Subject: [PATCH 2/2] add fuzztest

Signed-off-by: chen <chenkang40@huawei.com>
Change-Id: Iee4a7788ffefa4d5ed7e434fdb285e817dd2fe7c
---
 bundle.json                                   |  3 +-
 .../system_ability_status_change_stub.cpp     |  7 +-
 services/samgr/native/samgr_standard.cfg      |  5 +-
 .../system_ability_manager_fuzzer/BUILD.gn    | 66 +++++++++++++++++
 .../system_ability_manager_fuzzer/project.xml | 25 +++++++
 .../system_ability_manager_fuzzer.cpp         | 70 +++++++++++++++++++
 .../system_ability_manager_fuzzer.h           | 21 ++++++
 7 files changed, 190 insertions(+), 7 deletions(-)
 create mode 100644 test/fuzztest/system_ability_manager_fuzzer/BUILD.gn
 create mode 100644 test/fuzztest/system_ability_manager_fuzzer/project.xml
 create mode 100644 test/fuzztest/system_ability_manager_fuzzer/system_ability_manager_fuzzer.cpp
 create mode 100644 test/fuzztest/system_ability_manager_fuzzer/system_ability_manager_fuzzer.h

diff --git a/bundle.json b/bundle.json
index 6186a794..b940daa1 100755
--- a/bundle.json
+++ b/bundle.json
@@ -78,7 +78,8 @@
             ],
             "test": [
                 "//foundation/distributedschedule/samgr/services/samgr/native/test:unittest",
-                "//foundation/distributedschedule/samgr/services/common/test:unittest"
+                "//foundation/distributedschedule/samgr/services/common/test:unittest",
+                "//foundation/distributedschedule/samgr/test/fuzztest/system_ability_manager_fuzzer:fuzztest"
             ]
         }
     }
diff --git a/frameworks/native/source/system_ability_status_change_stub.cpp b/frameworks/native/source/system_ability_status_change_stub.cpp
index 76c28bb0..bcae29e5 100755
--- a/frameworks/native/source/system_ability_status_change_stub.cpp
+++ b/frameworks/native/source/system_ability_status_change_stub.cpp
@@ -21,8 +21,8 @@
 
 namespace OHOS {
 namespace {
-// constexpr int32_t UID_ROOT = 0;
-// constexpr int32_t UID_SYSTEM = 1000;
+constexpr int32_t UID_ROOT = 0;
+constexpr int32_t UID_SYSTEM = 1000;
 }
 SystemAbilityStatusChangeStub::SystemAbilityStatusChangeStub()
 {
@@ -86,7 +86,8 @@ bool SystemAbilityStatusChangeStub::CheckInputSysAbilityId(int32_t systemAbility
 
 bool SystemAbilityStatusChangeStub::CanRequest()
 {
-    return true;
+    auto callingUid = IPCSkeleton::GetCallingUid();
+    return (callingUid == UID_ROOT) || (callingUid == UID_SYSTEM);
 }
 
 bool SystemAbilityStatusChangeStub::EnforceInterceToken(MessageParcel& data)
diff --git a/services/samgr/native/samgr_standard.cfg b/services/samgr/native/samgr_standard.cfg
index 67e36502..0b75d904 100755
--- a/services/samgr/native/samgr_standard.cfg
+++ b/services/samgr/native/samgr_standard.cfg
@@ -15,9 +15,8 @@
             "name" : "samgr",
             "path" : ["/system/bin/samgr"],
             "critical" : [1, 1, 60],
-            "uid" : "samgr",
-            "gid" : ["samgr"],
-            "secon" : "u:r:samgr:s0",
+            "uid" : "system",
+            "gid" : ["system"],
             "start-mode" : "boot",
             "jobs" : {
                 "on-start" : "services:samgr"
diff --git a/test/fuzztest/system_ability_manager_fuzzer/BUILD.gn b/test/fuzztest/system_ability_manager_fuzzer/BUILD.gn
new file mode 100644
index 00000000..360106ef
--- /dev/null
+++ b/test/fuzztest/system_ability_manager_fuzzer/BUILD.gn
@@ -0,0 +1,66 @@
+# Copyright (c) 2022 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+#####################hydra-fuzz###################
+import("//build/config/features.gni")
+import("//build/ohos.gni")
+import("//build/test.gni")
+module_output_path = "samgr/fuzztest"
+samgr_dir = "//foundation/distributedschedule/samgr"
+samgr_services_dir = "${samgr_dir}/services/samgr/native"
+
+##############################fuzztest##########################################
+ohos_fuzztest("SystemAbilityFuzz") {
+  module_out_path = module_output_path
+
+  configs = [
+    "${samgr_dir}/interfaces/innerkits/lsamgr:config_samgr",
+    "${samgr_dir}/services/samgr/native:sam_config",
+  ]
+
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+  sources = [
+    "${samgr_dir}/utils/native/source/tools.cpp",
+    "${samgr_services_dir}/source/system_ability_manager.cpp",
+    "${samgr_services_dir}/source/system_ability_manager_stub.cpp",
+    "system_ability_manager_fuzzer.cpp",
+  ]
+  deps = []
+
+  external_deps = [
+    "access_token:libaccesstoken_sdk",
+    "eventhandler:libeventhandler",
+    "hiviewdfx_hilog_native:libhilog",
+    "init:libbegetutil",
+    "ipc:ipc_core",
+    "ipc:libdbinder",
+    "samgr_standard:samgr_proxy",
+    "utils_base:utils",
+  ]
+  public_deps = [ "//third_party/libxml2:libxml2" ]
+}
+
+group("fuzztest") {
+  testonly = true
+  deps = []
+
+  deps += [
+    # deps file
+    ":SystemAbilityFuzz",
+  ]
+}
diff --git a/test/fuzztest/system_ability_manager_fuzzer/project.xml b/test/fuzztest/system_ability_manager_fuzzer/project.xml
new file mode 100644
index 00000000..6e8ad2cf
--- /dev/null
+++ b/test/fuzztest/system_ability_manager_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2022 Huawei Device Co., Ltd.
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/test/fuzztest/system_ability_manager_fuzzer/system_ability_manager_fuzzer.cpp b/test/fuzztest/system_ability_manager_fuzzer/system_ability_manager_fuzzer.cpp
new file mode 100644
index 00000000..c05579ec
--- /dev/null
+++ b/test/fuzztest/system_ability_manager_fuzzer/system_ability_manager_fuzzer.cpp
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "system_ability_manager_fuzzer.h"
+
+#include "if_system_ability_manager.h"
+#include "system_ability_manager.h"
+
+#include <cstddef>
+#include <cstdint>
+#include <unistd.h>
+#include <cstdlib>
+#include <fcntl.h>
+
+namespace OHOS {
+namespace Samgr {
+namespace {
+    constexpr size_t THRESHOLD = 10;
+    constexpr uint8_t MAX_CALL_TRANSACTION = 64;
+    constexpr int32_t OFFSET = 4;
+    const std::u16string SAMGR_INTERFACE_TOKEN = u"ohos.samgr.accessToken";
+}
+
+uint32_t Convert2Uint32(const uint8_t* ptr)
+{
+    if (ptr == nullptr) {
+        return 0;
+    }
+    return (ptr[0] << 24) | (ptr[1] << 16) | (ptr[2] << 8) | (ptr[3]);
+}
+
+void FuzzSystemAbilityManager(const uint8_t* rawData, size_t size)
+{
+    uint32_t code = Convert2Uint32(rawData);
+    rawData = rawData + OFFSET;
+    size = size - OFFSET;
+    MessageParcel data;
+    data.WriteInterfaceToken(SAMGR_INTERFACE_TOKEN);
+    data.WriteBuffer(rawData, size);
+    data.RewindRead(0);
+    MessageParcel reply;
+    MessageOption option;
+    SystemAbilityManager::GetInstance()->OnRemoteRequest(code % MAX_CALL_TRANSACTION, data, reply, option);
+}
+}
+}
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    if (size < OHOS::Samgr::THRESHOLD) {
+        return -1;
+    }
+
+    OHOS::Samgr::FuzzSystemAbilityManager(data, size);
+    return 0;
+}
+
diff --git a/test/fuzztest/system_ability_manager_fuzzer/system_ability_manager_fuzzer.h b/test/fuzztest/system_ability_manager_fuzzer/system_ability_manager_fuzzer.h
new file mode 100644
index 00000000..a96e758f
--- /dev/null
+++ b/test/fuzztest/system_ability_manager_fuzzer/system_ability_manager_fuzzer.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SAMGR_TEST_FUZZTEST_SYSTEM_ABILITY_MANAGER_FUZZER_H
+#define SAMGR_TEST_FUZZTEST_SYSTEM_ABILITY_MANAGER_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "system_ability_manager_fuzzer"
+
+#endif
\ No newline at end of file
-- 
Gitee