14a616216Sopenharmony_ci/* 24a616216Sopenharmony_ci * Copyright (C) 2024 Huawei Device Co., Ltd. 34a616216Sopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 44a616216Sopenharmony_ci * you may not use this file except in compliance with the License. 54a616216Sopenharmony_ci * You may obtain a copy of the License at 64a616216Sopenharmony_ci * 74a616216Sopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 84a616216Sopenharmony_ci * 94a616216Sopenharmony_ci * Unless required by applicable law or agreed to in writing, software 104a616216Sopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 114a616216Sopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 124a616216Sopenharmony_ci * See the License for the specific language governing permissions and 134a616216Sopenharmony_ci * limitations under the License. 144a616216Sopenharmony_ci */ 154a616216Sopenharmony_ci 164a616216Sopenharmony_ci#include "gethighestseclevel_fuzzer.h" 174a616216Sopenharmony_ci 184a616216Sopenharmony_ci#include <cstddef> 194a616216Sopenharmony_ci#include <cstdint> 204a616216Sopenharmony_ci 214a616216Sopenharmony_ci#include "file_ex.h" 224a616216Sopenharmony_ci#include "securec.h" 234a616216Sopenharmony_ci#include "parameter.h" 244a616216Sopenharmony_ci#include "nativetoken_kit.h" 254a616216Sopenharmony_ci#include "token_setproc.h" 264a616216Sopenharmony_ci#include "accesstoken_kit.h" 274a616216Sopenharmony_ci 284a616216Sopenharmony_ci#include "dev_slinfo_mgr.h" 294a616216Sopenharmony_ci 304a616216Sopenharmony_cinamespace OHOS { 314a616216Sopenharmony_cistatic bool g_isForcingFuzz2 = false; 324a616216Sopenharmony_ci 334a616216Sopenharmony_cistatic void NativeTokenGetFuzz2(void) 344a616216Sopenharmony_ci{ 354a616216Sopenharmony_ci uint64_t tokenId2; 364a616216Sopenharmony_ci const char **permsFuzz2 = new const char *[1]; 374a616216Sopenharmony_ci permsFuzz2[0] = "ohos.permission.DISTRIBUTED_DATASYNC"; 384a616216Sopenharmony_ci NativeTokenInfoParams infoInstanceFuzz1 = { 394a616216Sopenharmony_ci .dcapsNum = 0, 404a616216Sopenharmony_ci .permsNum = 1, 414a616216Sopenharmony_ci .aclsNum = 0, 424a616216Sopenharmony_ci .dcaps = nullptr, 434a616216Sopenharmony_ci .perms = permsFuzz2, 444a616216Sopenharmony_ci .acls = nullptr, 454a616216Sopenharmony_ci .aplStr = "system_basic", 464a616216Sopenharmony_ci }; 474a616216Sopenharmony_ci 484a616216Sopenharmony_ci infoInstanceFuzz1.processName = "DevSLMgrTest"; 494a616216Sopenharmony_ci tokenId2 = GetAccessTokenId(&infoInstanceFuzz1); 504a616216Sopenharmony_ci SetSelfTokenID(tokenId2); 514a616216Sopenharmony_ci OHOS::Security::AccessToken::AccessTokenKit::ReloadNativeTokenInfo(); 524a616216Sopenharmony_ci delete[] permsFuzz2; 534a616216Sopenharmony_ci} 544a616216Sopenharmony_ci 554a616216Sopenharmony_cistatic void BeginFuzzCase2(void) 564a616216Sopenharmony_ci{ 574a616216Sopenharmony_ci std::string isEnforcing; 584a616216Sopenharmony_ci OHOS::LoadStringFromFile("/sys/fs/selinux/enforce", isEnforcing); 594a616216Sopenharmony_ci if (isEnforcing.compare("1") == 0) { 604a616216Sopenharmony_ci g_isForcingFuzz2 = true; 614a616216Sopenharmony_ci OHOS::SaveStringToFile("/sys/fs/selinux/enforce", "0"); 624a616216Sopenharmony_ci } 634a616216Sopenharmony_ci NativeTokenGetFuzz2(); 644a616216Sopenharmony_ci} 654a616216Sopenharmony_ci 664a616216Sopenharmony_cistatic void EndFuzzCase2(void) 674a616216Sopenharmony_ci{ 684a616216Sopenharmony_ci if (g_isForcingFuzz2) { 694a616216Sopenharmony_ci OHOS::SaveStringToFile("/sys/fs/selinux/enforce", "1"); 704a616216Sopenharmony_ci } 714a616216Sopenharmony_ci} 724a616216Sopenharmony_ci 734a616216Sopenharmony_cistatic int32_t GetLocalUdidFuzz2(DEVSLQueryParams *queryParams) 744a616216Sopenharmony_ci{ 754a616216Sopenharmony_ci char udid[MAX_UDID_LENGTH + 1] = {0}; 764a616216Sopenharmony_ci int32_t ret = GetDevUdid(udid, MAX_UDID_LENGTH + 1); 774a616216Sopenharmony_ci if (ret != DEVSL_SUCCESS) { 784a616216Sopenharmony_ci return DEVSL_ERROR; 794a616216Sopenharmony_ci } 804a616216Sopenharmony_ci 814a616216Sopenharmony_ci (void)memcpy_s(queryParams->udid, MAX_UDID_LENGTH, udid, MAX_UDID_LENGTH); 824a616216Sopenharmony_ci queryParams->udidLen = MAX_UDID_LENGTH; 834a616216Sopenharmony_ci return ret; 844a616216Sopenharmony_ci} 854a616216Sopenharmony_ci 864a616216Sopenharmony_civoid FuzzDoGetHighestSecLevel(const uint8_t *data, size_t size) 874a616216Sopenharmony_ci{ 884a616216Sopenharmony_ci if (data == nullptr || size <= MAX_UDID_LENGTH) { 894a616216Sopenharmony_ci return; 904a616216Sopenharmony_ci } 914a616216Sopenharmony_ci 924a616216Sopenharmony_ci uint32_t levelInfo = 0; 934a616216Sopenharmony_ci DEVSLQueryParams queryParams; 944a616216Sopenharmony_ci (void)memset_s(&queryParams, sizeof(DEVSLQueryParams), 0, sizeof(DEVSLQueryParams)); 954a616216Sopenharmony_ci queryParams.udidLen = MAX_UDID_LENGTH; 964a616216Sopenharmony_ci (void)memcpy_s(queryParams.udid, MAX_UDID_LENGTH, data, MAX_UDID_LENGTH); 974a616216Sopenharmony_ci BeginFuzzCase2(); 984a616216Sopenharmony_ci (void)DATASL_OnStart(); 994a616216Sopenharmony_ci (void)DATASL_GetHighestSecLevel(&queryParams, &levelInfo); 1004a616216Sopenharmony_ci (void)DATASL_GetHighestSecLevel(nullptr, &levelInfo); 1014a616216Sopenharmony_ci (void)DATASL_GetHighestSecLevel(&queryParams, nullptr); 1024a616216Sopenharmony_ci 1034a616216Sopenharmony_ci (void)GetLocalUdidFuzz2(&queryParams); 1044a616216Sopenharmony_ci 1054a616216Sopenharmony_ci (void)DATASL_GetHighestSecLevel(&queryParams, &levelInfo); 1064a616216Sopenharmony_ci DATASL_OnStop(); 1074a616216Sopenharmony_ci EndFuzzCase2(); 1084a616216Sopenharmony_ci} 1094a616216Sopenharmony_ci} 1104a616216Sopenharmony_ci 1114a616216Sopenharmony_ci/* Fuzzer entry point */ 1124a616216Sopenharmony_ciextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 1134a616216Sopenharmony_ci{ 1144a616216Sopenharmony_ci /* Run your code on data */ 1154a616216Sopenharmony_ci OHOS::FuzzDoGetHighestSecLevel(data, size); 1164a616216Sopenharmony_ci return 0; 1174a616216Sopenharmony_ci}