1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "updateiccdiallingnumbers_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <thread>
21
22 #define private public
23 #include "addcoreservicetoken_fuzzer.h"
24 #include "core_service.h"
25 #include "napi_util.h"
26 #include "system_ability_definition.h"
27 #include "unistd.h"
28
29 using namespace OHOS::Telephony;
30 namespace OHOS {
31 static bool g_isInited = false;
32 constexpr int32_t SLOT_NUM = 2;
33 constexpr int32_t ACCEPT_TYPE = 2;
34 constexpr int32_t SIM_TYPE_NUM = 2;
35 constexpr int32_t TWO_INT_NUM = 2;
36 constexpr int32_t SLEEP_TIME_SECONDS = 10;
37
IsServiceInited()38 bool IsServiceInited()
39 {
40 if (!g_isInited) {
41 auto onStart = [] { DelayedSingleton<CoreService>::GetInstance()->OnStart(); };
42 std::thread startThread(onStart);
43 startThread.join();
44
45 sleep(SLEEP_TIME_SECONDS);
46 if (DelayedSingleton<CoreService>::GetInstance()->GetServiceRunningState() ==
47 static_cast<int32_t>(ServiceRunningState::STATE_RUNNING)) {
48 g_isInited = true;
49 }
50 }
51 return g_isInited;
52 }
53
OnRemoteRequest(const uint8_t * data,size_t size)54 void OnRemoteRequest(const uint8_t *data, size_t size)
55 {
56 if (!IsServiceInited()) {
57 return;
58 }
59
60 MessageParcel dataMessageParcel;
61 if (!dataMessageParcel.WriteInterfaceToken(CoreServiceStub::GetDescriptor())) {
62 return;
63 }
64 size_t dataSize = size - sizeof(uint32_t);
65 dataMessageParcel.WriteBuffer(data + sizeof(uint32_t), dataSize);
66 dataMessageParcel.RewindRead(0);
67 uint32_t code = static_cast<uint32_t>(size);
68 MessageParcel reply;
69 MessageOption option;
70 DelayedSingleton<CoreService>::GetInstance()->OnRemoteRequest(code, dataMessageParcel, reply, option);
71 }
72
GetOpKey(const uint8_t * data,size_t size)73 void GetOpKey(const uint8_t *data, size_t size)
74 {
75 if (!IsServiceInited()) {
76 return;
77 }
78
79 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
80 MessageParcel dataMessageParcel;
81 dataMessageParcel.WriteInt32(slotId);
82 size_t dataSize = size - sizeof(int32_t);
83 dataMessageParcel.WriteBuffer(data + sizeof(int32_t), dataSize);
84 dataMessageParcel.RewindRead(0);
85 MessageParcel reply;
86 DelayedSingleton<CoreService>::GetInstance()->OnGetOpKey(dataMessageParcel, reply);
87 }
88
GetOpKeyExt(const uint8_t * data,size_t size)89 void GetOpKeyExt(const uint8_t *data, size_t size)
90 {
91 if (!IsServiceInited()) {
92 return;
93 }
94
95 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
96 MessageParcel dataMessageParcel;
97 dataMessageParcel.WriteInt32(slotId);
98 size_t dataSize = size - sizeof(int32_t);
99 dataMessageParcel.WriteBuffer(data + sizeof(int32_t), dataSize);
100 dataMessageParcel.RewindRead(0);
101 MessageParcel reply;
102 DelayedSingleton<CoreService>::GetInstance()->OnGetOpKeyExt(dataMessageParcel, reply);
103 }
104
GetOpName(const uint8_t * data,size_t size)105 void GetOpName(const uint8_t *data, size_t size)
106 {
107 if (!IsServiceInited()) {
108 return;
109 }
110
111 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
112 MessageParcel dataMessageParcel;
113 dataMessageParcel.WriteInt32(slotId);
114 size_t dataSize = size - sizeof(int32_t);
115 dataMessageParcel.WriteBuffer(data + sizeof(int32_t), dataSize);
116 dataMessageParcel.RewindRead(0);
117 MessageParcel reply;
118 DelayedSingleton<CoreService>::GetInstance()->OnGetOpName(dataMessageParcel, reply);
119 }
120
SendCallSetupRequestResult(const uint8_t * data,size_t size)121 void SendCallSetupRequestResult(const uint8_t *data, size_t size)
122 {
123 if (!IsServiceInited()) {
124 return;
125 }
126
127 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
128 int32_t accept = static_cast<int32_t>(size % ACCEPT_TYPE);
129 MessageParcel dataMessageParcel;
130 dataMessageParcel.WriteInt32(slotId);
131 dataMessageParcel.WriteInt32(accept);
132 size_t dataSize = size - sizeof(int32_t) * TWO_INT_NUM;
133 dataMessageParcel.WriteBuffer(data + sizeof(int32_t) * TWO_INT_NUM, dataSize);
134 dataMessageParcel.RewindRead(0);
135 MessageParcel reply;
136 DelayedSingleton<CoreService>::GetInstance()->OnSendCallSetupRequestResult(dataMessageParcel, reply);
137 }
138
HasOperatorPrivileges(const uint8_t * data,size_t size)139 void HasOperatorPrivileges(const uint8_t *data, size_t size)
140 {
141 if (!IsServiceInited()) {
142 return;
143 }
144
145 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
146 MessageParcel dataMessageParcel;
147 dataMessageParcel.WriteInt32(slotId);
148 size_t dataSize = size - sizeof(int32_t);
149 dataMessageParcel.WriteBuffer(data + sizeof(int32_t), dataSize);
150 dataMessageParcel.RewindRead(0);
151 MessageParcel reply;
152 DelayedSingleton<CoreService>::GetInstance()->OnHasOperatorPrivileges(dataMessageParcel, reply);
153 }
154
GetCellInfoList(const uint8_t * data,size_t size)155 void GetCellInfoList(const uint8_t *data, size_t size)
156 {
157 if (!IsServiceInited()) {
158 return;
159 }
160
161 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
162 MessageParcel dataMessageParcel;
163 dataMessageParcel.WriteInt32(slotId);
164 size_t dataSize = size - sizeof(int32_t);
165 dataMessageParcel.WriteBuffer(data + sizeof(int32_t), dataSize);
166 dataMessageParcel.RewindRead(0);
167 MessageParcel reply;
168 DelayedSingleton<CoreService>::GetInstance()->OnGetCellInfoList(dataMessageParcel, reply);
169 }
170
UpdateIccDiallingNumbers(const uint8_t * data,size_t size)171 void UpdateIccDiallingNumbers(const uint8_t *data, size_t size)
172 {
173 if (!IsServiceInited()) {
174 return;
175 }
176
177 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
178 int32_t type = size % SIM_TYPE_NUM + 1;
179 MessageParcel dataMessageParcel;
180 dataMessageParcel.WriteInt32(slotId);
181 dataMessageParcel.WriteInt32(type);
182 size_t dataSize = size - sizeof(int32_t) * TWO_INT_NUM;
183 dataMessageParcel.WriteBuffer(data + sizeof(int32_t) * TWO_INT_NUM, dataSize);
184 dataMessageParcel.RewindRead(0);
185 MessageParcel reply;
186 DelayedSingleton<CoreService>::GetInstance()->OnUpdateIccDiallingNumbers(dataMessageParcel, reply);
187 }
188
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)189 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
190 {
191 if (data == nullptr || size == 0) {
192 return;
193 }
194
195 OnRemoteRequest(data, size);
196 GetOpKey(data, size);
197 GetOpKeyExt(data, size);
198 GetOpName(data, size);
199 SendCallSetupRequestResult(data, size);
200 HasOperatorPrivileges(data, size);
201 GetCellInfoList(data, size);
202 UpdateIccDiallingNumbers(data, size);
203 return;
204 }
205 } // namespace OHOS
206
207 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)208 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
209 {
210 OHOS::AddCoreServiceTokenFuzzer token;
211 /* Run your code on data */
212 OHOS::DoSomethingInterestingWithMyAPI(data, size);
213 return 0;
214 }
215