1/*
2 * Copyright (C) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *    http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#include "devslinfoadpt_fuzzer.h"
17
18#include <cstddef>
19#include <cstdint>
20
21#include "file_ex.h"
22#include "securec.h"
23#include "parameter.h"
24#include "nativetoken_kit.h"
25#include "token_setproc.h"
26#include "accesstoken_kit.h"
27
28#include "dev_slinfo_adpt.h"
29#include "dev_slinfo_mgr.h"
30
31namespace OHOS {
32static bool g_isForcingFuzz3 = false;
33
34static uint8_t g_udidInvalid[MAX_UDID_LENGTH + 1] = "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF";
35
36struct DeviceSecurityInfo {
37    uint32_t magicNum {0};
38    uint32_t result {0};
39    uint32_t level {0};
40};
41
42extern "C" {
43    extern void OnApiDeviceSecInfoCallback(const DeviceIdentify *identify, struct DeviceSecurityInfo *info);
44}
45
46static void NativeTokenGetFuzz3(void)
47{
48    uint64_t tokenId3;
49    const char **permsFuzz3 = new const char *[1];
50    permsFuzz3[0] = "ohos.permission.DISTRIBUTED_DATASYNC";
51    NativeTokenInfoParams infoInstanceFuzz1 = {
52        .dcapsNum = 0,
53        .permsNum = 1,
54        .aclsNum = 0,
55        .dcaps = nullptr,
56        .perms = permsFuzz3,
57        .acls = nullptr,
58        .aplStr = "system_basic",
59    };
60
61    infoInstanceFuzz1.processName = "DevSLMgrTest";
62    tokenId3 = GetAccessTokenId(&infoInstanceFuzz1);
63    SetSelfTokenID(tokenId3);
64    OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo();
65    delete[] permsFuzz3;
66}
67
68static void BeginFuzzCase3(void)
69{
70    std::string isEnforcing;
71    OHOS::LoadStringFromFile("/sys/fs/selinux/enforce", isEnforcing);
72    if (isEnforcing.compare("1") == 0) {
73        g_isForcingFuzz3 = true;
74        OHOS::SaveStringToFile("/sys/fs/selinux/enforce", "0");
75    }
76    NativeTokenGetFuzz3();
77}
78
79static void EndFuzzCase3(void)
80{
81    if (g_isForcingFuzz3) {
82        OHOS::SaveStringToFile("/sys/fs/selinux/enforce", "1");
83    }
84}
85
86static int32_t GetLocalUdidFuzz3(DEVSLQueryParams *queryParams)
87{
88    char udid[MAX_UDID_LENGTH + 1] = {0};
89    int32_t ret = GetDevUdid(udid, MAX_UDID_LENGTH + 1);
90    if (ret != DEVSL_SUCCESS) {
91        return DEVSL_ERROR;
92    }
93
94    (void)memcpy_s(queryParams->udid, MAX_UDID_LENGTH, udid, MAX_UDID_LENGTH);
95    queryParams->udidLen = MAX_UDID_LENGTH;
96    return ret;
97}
98
99void FuzzDoDevSlinfoAdpt(const uint8_t* data, size_t size)
100{
101    if (data == nullptr || size <= MAX_UDID_LENGTH) {
102        return;
103    }
104    OnApiDeviceSecInfoCallback(nullptr, nullptr);
105    (void)GetDeviceSecLevelByUdidAsync(nullptr, 0);
106
107    DEVSLQueryParams queryParams;
108    (void)memset_s(&queryParams, sizeof(DEVSLQueryParams), 0, sizeof(DEVSLQueryParams));
109    queryParams.udidLen = MAX_UDID_LENGTH;
110    (void)memcpy_s(queryParams.udid, MAX_UDID_LENGTH, data, MAX_UDID_LENGTH);
111    BeginFuzzCase3();
112    uint32_t levelInfo = 0;
113    int32_t devLevel = 0;
114    DeviceIdentify devId;
115    DeviceSecurityInfo devInfo;
116    (void)DATASL_OnStart();
117
118    do {
119        int32_t ret = GetLocalUdidFuzz3(&queryParams);
120        if (ret != DEVSL_SUCCESS) {
121            break;
122        }
123        ret = GetDeviceSecLevelByUdid(static_cast<const uint8_t *>(g_udidInvalid), MAX_UDID_LENGTH + 1, &devLevel);
124        if (ret == DEVSL_SUCCESS) {
125            break;
126        }
127        (void)GetDeviceSecLevelByUdid(static_cast<const uint8_t *>(queryParams.udid), queryParams.udidLen, &devLevel);
128        (void)DATASL_GetHighestSecLevel(&queryParams, &levelInfo);
129
130        (void)memset_s(&devId, sizeof(devId), 0, sizeof(devId));
131        (void)memcpy_s(devId.identity, MAX_UDID_LENGTH, queryParams.udid, queryParams.udidLen);
132        devId.length = queryParams.udidLen;
133
134        OnApiDeviceSecInfoCallback(&devId, nullptr);
135        OnApiDeviceSecInfoCallback(&devId, &devInfo);
136    } while (0);
137    DATASL_OnStop();
138    EndFuzzCase3();
139}
140}
141
142/* Fuzzer entry point */
143extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
144{
145    /* Run your code on data */
146    OHOS::FuzzDoDevSlinfoAdpt(data, size);
147    return 0;
148}