!1024 fuzz覆盖率提升

Merge pull request !1024 from 陈伟健/master

test/fuzztest/executors/userauthexecutor_fuzzer/BUILD.gn

@@ -33,6 +33,7 @@ ohos_fuzztest("UserAuthExecutorFuzzTest") {
     "../../../../frameworks/native/executors/include/listener",
     "../../../../common/utils",
     "../../../../common/logs",
+    "../../../../interfaces/inner_api/iam_executor",
   ]
 
   sources = [

test/fuzztest/executors/userauthexecutor_fuzzer/user_auth_executor_fuzzer.cpp

@@ -24,6 +24,8 @@
 #include "iam_logger.h"
 #include "iam_ptr.h"
 #include "iam_executor_iauth_executor_hdi.h"
+#include "framework_executor_callback.h"
+#include "collect_command.h"
 
 #undef private
 
@@ -296,6 +298,34 @@ void FuzzExecutorGetDescription(std::shared_ptr<Parcel> parcel)
     IAM_LOGI("end");
 }
 
+void FuzzExecutorUnregisterExecutorCallback(std::shared_ptr<Parcel> parcel)
+{
+    IAM_LOGI("begin");
+    g_executor->UnregisterExecutorCallback();
+    IAM_LOGI("end");
+}
+
+void FuzzExecutorRespondCallbackOnDisconnect(std::shared_ptr<Parcel> parcel)
+{
+    IAM_LOGI("begin");
+    g_executor->RespondCallbackOnDisconnect();
+    IAM_LOGI("end");
+}
+
+void FuzzExecutorGetAuthType(std::shared_ptr<Parcel> parcel)
+{
+    IAM_LOGI("begin");
+    g_executor->GetAuthType();
+    IAM_LOGI("end");
+}
+
+void FuzzExecutorGetExecutorRole(std::shared_ptr<Parcel> parcel)
+{
+    IAM_LOGI("begin");
+    g_executor->GetExecutorRole();
+    IAM_LOGI("end");
+}
+
 void FillIExecutorMessenger(std::shared_ptr<Parcel> parcel, shared_ptr<ExecutorMessenger> &messenger)
 {
     bool fillNull = parcel->ReadBool();
@@ -326,6 +356,19 @@ void FillIAttributes(std::shared_ptr<Parcel> parcel, Attributes &attributes)
     attributes.SetUint32Value(Attributes::ATTR_SCHEDULE_MODE, parcel->ReadUint32());
 }
 
+void FuzzExecutorCommand(std::shared_ptr<Parcel> parcel)
+{
+    IAM_LOGI("begin");
+    uint64_t scheduleId = parcel->ReadUint64();
+    Attributes properties;
+    FillIAttributes(parcel, properties);
+    std::shared_ptr<IAsyncCommand> command =
+        Common::MakeShared<CollectCommand>(g_executor, scheduleId, properties, g_executorMessenger);
+    g_executor->AddCommand(command);
+    g_executor->RemoveCommand(command);
+    IAM_LOGI("end");
+}
+
 void FuzzFrameworkOnMessengerReady(std::shared_ptr<Parcel> parcel)
 {
     IAM_LOGI("begin");
@@ -413,6 +456,85 @@ void FuzzTriggerCallback(std::shared_ptr<Parcel> parcel)
     IAM_LOGI("end");
 }
 
+std::shared_ptr<FrameworkExecutorCallback> g_frameworkExecutorCallback =
+    UserIam::Common::MakeShared<FrameworkExecutorCallback>(g_executor);
+
+void FuzzOnSendData(std::shared_ptr<Parcel> parcel)
+{
+    IAM_LOGI("begin");
+    uint64_t scheduleId = parcel->ReadUint64();
+    Attributes data;
+    FillIAttributes(parcel, data);
+    g_frameworkExecutorCallback->OnSendData(scheduleId, data);
+    IAM_LOGI("end");
+}
+
+void FuzzProcessAuthCommand(std::shared_ptr<Parcel> parcel)
+{
+    IAM_LOGI("begin");
+    uint64_t scheduleId = parcel->ReadUint64();
+    Attributes properties;
+    FillIAttributes(parcel, properties);
+    g_frameworkExecutorCallback->ProcessAuthCommand(scheduleId, properties);
+    IAM_LOGI("end");
+}
+
+void FuzzProcessIdentifyCommand(std::shared_ptr<Parcel> parcel)
+{
+    IAM_LOGI("begin");
+    uint64_t scheduleId = parcel->ReadUint64();
+    Attributes properties;
+    FillIAttributes(parcel, properties);
+    g_frameworkExecutorCallback->ProcessIdentifyCommand(scheduleId, properties);
+    IAM_LOGI("end");
+}
+
+void FuzzProcessTemplateCommand(std::shared_ptr<Parcel> parcel)
+{
+    IAM_LOGI("begin");
+    Attributes properties;
+    FillIAttributes(parcel, properties);
+    g_frameworkExecutorCallback->ProcessDeleteTemplateCommand(properties);
+    g_frameworkExecutorCallback->ProcessSetCachedTemplates(properties);
+    IAM_LOGI("end");
+}
+
+void FuzzProcessNotifyExecutorReady(std::shared_ptr<Parcel> parcel)
+{
+    IAM_LOGI("begin");
+    Attributes properties;
+    FillIAttributes(parcel, properties);
+    g_frameworkExecutorCallback->ProcessNotifyExecutorReady(properties);
+    IAM_LOGI("end");
+}
+
+void FuzzProcessGetPropertyCommand(std::shared_ptr<Parcel> parcel)
+{
+    IAM_LOGI("begin");
+    std::shared_ptr<Attributes> conditions = UserIam::Common::MakeShared<Attributes>();
+    std::shared_ptr<Attributes> values = UserIam::Common::MakeShared<Attributes>();
+    g_frameworkExecutorCallback->ProcessGetPropertyCommand(conditions, values);
+    IAM_LOGI("end");
+}
+
+void FuzzFillPropertyToAttribute(std::shared_ptr<Parcel> parcel)
+{
+    IAM_LOGI("begin");
+    std::vector<Attributes::AttributeKey> keyList = {
+        Attributes::ATTR_PIN_SUB_TYPE,
+        Attributes::ATTR_FREEZING_TIME,
+        Attributes::ATTR_REMAIN_TIMES,
+        Attributes::ATTR_ENROLL_PROGRESS,
+        Attributes::ATTR_SENSOR_INFO,
+        Attributes::ATTR_NEXT_FAIL_LOCKOUT_DURATION,
+        Attributes::ATTR_ROOT
+    };
+    Property property  = {};
+    std::shared_ptr<Attributes> values = UserIam::Common::MakeShared<Attributes>();
+    g_frameworkExecutorCallback->FillPropertyToAttribute(keyList, property, values);
+    IAM_LOGI("end");
+}
+
 using FuzzFunc = decltype(FuzzFrameworkOnGetProperty);
 FuzzFunc *g_fuzzFuncs[] = {
     FuzzExecutorResetExecutor,
@@ -421,12 +543,24 @@ FuzzFunc *g_fuzzFuncs[] = {
     FuzzExecutorOnFrameworkReady,
     FuzzExecutorGetExecutorHdi,
     FuzzExecutorGetDescription,
+    FuzzExecutorUnregisterExecutorCallback,
+    FuzzExecutorRespondCallbackOnDisconnect,
+    FuzzExecutorGetAuthType,
+    FuzzExecutorGetExecutorRole,
+    FuzzExecutorCommand,
     FuzzFrameworkOnMessengerReady,
     FuzzFrameworkOnBeginExecute,
     FuzzFrameworkOnEndExecute,
     FuzzFrameworkOnSetProperty,
     FuzzFrameworkOnGetProperty,
     FuzzTriggerCallback,
+    FuzzOnSendData,
+    FuzzProcessAuthCommand,
+    FuzzProcessIdentifyCommand,
+    FuzzProcessTemplateCommand,
+    FuzzProcessNotifyExecutorReady,
+    FuzzProcessGetPropertyCommand,
+    FuzzFillPropertyToAttribute,
 };
 
 void UserAuthExecutorFuzzTest(const uint8_t *data, size_t size)

test/fuzztest/services/BUILD.gn

@@ -25,6 +25,7 @@ group("iam_services_fuzztest") {
     "core/remoteexecutorstub_fuzzer:RemoteExecutorStubFuzzTest",
     "servicecore_fuzzer:ServiceCoreFuzzTest",
     "softbus_fuzzer:SoftBusFuzzTest",
+    "templatecachemanager_fuzzer:TemplateCacheManagerFuzzTest",
     "userauthservice_fuzzer:UserAuthServiceFuzzTest",
     "userauthstub_fuzzer:UserAuthStubFuzzTest",
     "useridmservice_fuzzer:UserIdmServiceFuzzTest",

test/fuzztest/services/coauthservice_fuzzer/co_auth_service_fuzzer.cpp

@@ -194,6 +194,21 @@ void FuzzDump(Parcel &parcel)
     IAM_LOGI("FuzzDump end");
 }
 
+void FuzzNotifyFwkReady(Parcel &parcel)
+{
+    IAM_LOGI("FuzzNotifyFwkReady begin");
+    g_coAuthService.NotifyFwkReady();
+    IAM_LOGI("FuzzNotifyFwkReady end");
+}
+
+void FuzzUnRegisterAccessTokenListener(Parcel &parcel)
+{
+    IAM_LOGI("FuzzNotifyFwkReady begin");
+    g_coAuthService.RegisterAccessTokenListener();
+    g_coAuthService.UnRegisterAccessTokenListener();
+    IAM_LOGI("FuzzNotifyFwkReady end");
+}
+
 using FuzzFunc = decltype(FuzzRegister);
 FuzzFunc *g_fuzzFuncs[] = {
     FuzzRegister,
@@ -201,6 +216,8 @@ FuzzFunc *g_fuzzFuncs[] = {
     FuzzFinish,
     FuzzDump,
     FuzzOther,
+    FuzzNotifyFwkReady,
+    FuzzUnRegisterAccessTokenListener,
 };
 
 void CoAuthFuzzTest(const uint8_t *data, size_t size)

test/fuzztest/services/templatecachemanager_fuzzer/BUILD.gn

@@ -0,0 +1,68 @@
+# Copyright (c) 2024 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/config/features.gni")
+import("//build/test.gni")
+
+ohos_fuzztest("TemplateCacheManagerFuzzTest") {
+  branch_protector_ret = "pac_ret"
+  module_out_path = "user_auth_framework/user_auth"
+  fuzz_config_file = "../templatecachemanager_fuzzer"
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+    "-Dprivate=public",
+    "-Dprotected=public",
+  ]
+  include_dirs = [
+    "../../../../services/base/inc",
+    "../../../../services/core/inc",
+    "../../../../services/core/src",
+    "../../../../services/context/inc",
+    "../../../../services/ipc/inc",
+    "../../../../services/remote_connect/inc",
+    "../../../../frameworks/native/ipc/inc",
+    "../../../../frameworks/native/ipc/common_defines",
+    "../../../../common/utils",
+    "../../../../common/logs",
+    "../../dummy",
+  ]
+
+  sources = [ "template_cache_manager_fuzzer.cpp" ]
+
+  deps = [
+    "../../common_fuzzer:attributes_fuzzer",
+    "../../common_fuzzer:iam_test_fuzzer",
+    "../../common_fuzzer:userauth_services_ipc_fuzzer",
+  ]
+
+  external_deps = [
+    "ability_runtime:ability_context_native",
+    "ability_runtime:abilitykit_native",
+    "ability_runtime:app_manager",
+    "ability_runtime:extension_manager",
+    "c_utils:utils",
+    "drivers_interface_user_auth:libuser_auth_proxy_2.0",
+    "eventhandler:libeventhandler",
+    "hdf_core:libhdi",
+    "hilog:libhilog",
+    "ipc:ipc_single",
+    "safwk:system_ability_fwk",
+    "samgr:samgr_proxy",
+  ]
+
+  subsystem_name = "useriam"
+  part_name = "user_auth_framework"
+}

test/fuzztest/services/templatecachemanager_fuzzer/corpus/init

@@ -0,0 +1,14 @@
+# Copyright (c) 2024 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FUZZ

test/fuzztest/services/templatecachemanager_fuzzer/project.xml

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2024 Huawei Device Co., Ltd.
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>

test/fuzztest/services/templatecachemanager_fuzzer/template_cache_manager_fuzzer.cpp

@@ -0,0 +1,89 @@
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "template_cache_manager_fuzzer.h"
+
+#include <cinttypes>
+#include <cstddef>
+#include <cstdint>
+
+#include "parcel.h"
+
+#include "iam_common_defines.h"
+#include "iam_fuzz_test.h"
+#include "iam_logger.h"
+#include "template_cache_manager.h"
+
+#undef private
+
+#ifdef LOG_LABEL
+#undef LOG_LABEL
+#endif
+#define LOG_TAG "USER_AUTH_SA"
+
+using namespace std;
+using namespace OHOS::UserIam::Common;
+using namespace OHOS::UserIam::UserAuth;
+
+namespace OHOS {
+namespace UserIam {
+namespace UserAuth {
+namespace {
+
+TemplateCacheManager g_templateCacheManger;
+
+void FuzzUpdateTemplateCache(Parcel &parcel)
+{
+    IAM_LOGI("begin");
+    AuthType authType = PIN;
+    g_templateCacheManger.UpdateTemplateCache(authType);
+    IAM_LOGI("end");
+}
+
+void FuzzProcessUserIdChange(Parcel &parcel)
+{
+    IAM_LOGI("begin");
+    int newUserId = 200;
+    g_templateCacheManger.ProcessUserIdChange(newUserId);
+    IAM_LOGI("end");
+}
+
+using FuzzFunc = decltype(FuzzUpdateTemplateCache);
+FuzzFunc *g_fuzzFuncs[] = {
+    FuzzUpdateTemplateCache,
+    FuzzProcessUserIdChange,
+};
+
+void TemplateCacheManagerFuzzTest(const uint8_t *data, size_t size)
+{
+    Parcel parcel;
+    parcel.WriteBuffer(data, size);
+    parcel.RewindRead(0);
+    uint32_t index = parcel.ReadUint32() % (sizeof(g_fuzzFuncs)) / sizeof(FuzzFunc *);
+    auto fuzzFunc = g_fuzzFuncs[index];
+    fuzzFunc(parcel);
+    return;
+}
+} // namespace
+} // namespace UserAuth
+} // namespace UserIam
+} // namespace OHOS
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
+{
+    OHOS::UserIam::UserAuth::TemplateCacheManagerFuzzTest(data, size);
+    return 0;
+}

test/fuzztest/services/templatecachemanager_fuzzer/template_cache_manager_fuzzer.h

@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2024 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TEMPLATE_CACHE_MANAGER_FUZZER_H
+#define TEMPLATE_CACHE_MANAGER_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "TemplateCacheManagerFuzzTest"
+
+#endif // TEMPLATE_CACHE_MANAGER_FUZZER_H

test/fuzztest/services/useridmservice_fuzzer/BUILD.gn

@@ -24,6 +24,8 @@ ohos_fuzztest("UserIdmServiceFuzzTest") {
     "-O0",
     "-Wno-unused-variable",
     "-fno-omit-frame-pointer",
+    "-Dprivate=public",
+    "-Dprotected=public",
   ]
 
   include_dirs = [
@@ -37,6 +39,7 @@ ohos_fuzztest("UserIdmServiceFuzzTest") {
     "../../../../frameworks/native/ipc/common_defines",
     "../../../../common/utils",
     "../../../../common/logs",
+    "../../dummy/",
   ]
 
   sources = [ "user_idm_service_fuzzer.cpp" ]

test/fuzztest/services/useridmservice_fuzzer/user_idm_service_fuzzer.cpp

@@ -21,6 +21,8 @@
 #include "iam_fuzz_test.h"
 #include "iam_logger.h"
 #include "user_idm_service.h"
+#include "user_idm_callback_proxy.h"
+#include "dummy_iam_callback_interface.h"
 
 #undef private
 
@@ -251,6 +253,54 @@ void FuzzClearRedundancyCredential(Parcel &parcel)
     IAM_LOGI("end");
 }
 
+void FuzzClearRedundancyCredentialInner(Parcel &parcel)
+{
+    IAM_LOGI("begin");
+    g_UserIdmService.ClearRedundancyCredentialInner();
+    IAM_LOGI("end");
+}
+
+void FuzzEnforceDelUserInner(Parcel &parcel)
+{
+    IAM_LOGI("begin");
+    int32_t userId = 100;
+    sptr<IamCallbackInterface> iamCallback = sptr<IamCallbackInterface>(new (nothrow) DummyIamCallbackInterface);
+    std::shared_ptr<ContextCallback> callbackForTrace =
+        ContextCallback::NewInstance(iamCallback, TRACE_ENFORCE_DELETE_USER);
+    std::string changeReasonTrace = parcel.ReadString();
+    g_UserIdmService.EnforceDelUserInner(userId, callbackForTrace, changeReasonTrace);
+    IAM_LOGI("end");
+}
+
+void FuzzCancelCurrentEnroll(Parcel &parcel)
+{
+    IAM_LOGI("begin");
+    g_UserIdmService.CancelCurrentEnroll();
+    g_UserIdmService.CancelCurrentEnrollIfExist();
+    IAM_LOGI("end");
+}
+
+void FuzzStartEnroll(Parcel &parcel)
+{
+    IAM_LOGI("begin");
+    Enrollment::EnrollmentPara para = {};
+    sptr<IamCallbackInterface> iamCallback = sptr<IamCallbackInterface>(new (nothrow) DummyIamCallbackInterface);
+    std::shared_ptr<ContextCallback> contextCallback = ContextCallback::NewInstance(iamCallback, TRACE_ADD_CREDENTIAL);
+    Attributes extraInfo;
+    g_UserIdmService.StartEnroll(para, contextCallback, extraInfo);
+    IAM_LOGI("end");
+}
+
+void FuzzCheckEnrollPermissionAndEnableStatus(Parcel &parcel)
+{
+    IAM_LOGI("begin");
+    sptr<IamCallbackInterface> iamCallback = sptr<IamCallbackInterface>(new (nothrow) DummyIamCallbackInterface);
+    std::shared_ptr<ContextCallback> contextCallback = ContextCallback::NewInstance(iamCallback, TRACE_ADD_CREDENTIAL);
+    AuthType authType = PIN;
+    g_UserIdmService.CheckEnrollPermissionAndEnableStatus(contextCallback, authType);
+    IAM_LOGI("end");
+}
+
 using FuzzFunc = decltype(FuzzOpenSession);
 FuzzFunc *g_fuzzFuncs[] = {
     FuzzOpenSession,
@@ -265,6 +315,11 @@ FuzzFunc *g_fuzzFuncs[] = {
     DelCredential,
     FuzzClearRedundancyCredential,
     FuzzDump,
+    FuzzClearRedundancyCredentialInner,
+    FuzzEnforceDelUserInner,
+    FuzzCancelCurrentEnroll,
+    FuzzStartEnroll,
+    FuzzCheckEnrollPermissionAndEnableStatus,
 };
 
 void UserIdmFuzzTest(const uint8_t *data, size_t size)