1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "sendenvelopecmd_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <thread>
21
22 #define private public
23 #include "addcoreservicetoken_fuzzer.h"
24 #include "core_service.h"
25 #include "core_service_stub.h"
26 #include "napi_util.h"
27 #include "system_ability_definition.h"
28 #include "unistd.h"
29
30 using namespace OHOS::Telephony;
31 namespace OHOS {
32 static bool g_isInited = false;
33 constexpr int32_t SLOT_NUM = 2;
34 constexpr int32_t SLEEP_TIME_SECONDS = 10;
35
IsServiceInited()36 bool IsServiceInited()
37 {
38 if (!g_isInited) {
39 auto onStart = [] { DelayedSingleton<CoreService>::GetInstance()->OnStart(); };
40 std::thread startThread(onStart);
41 startThread.join();
42
43 sleep(SLEEP_TIME_SECONDS);
44 if (DelayedSingleton<CoreService>::GetInstance()->GetServiceRunningState() ==
45 static_cast<int32_t>(ServiceRunningState::STATE_RUNNING)) {
46 g_isInited = true;
47 }
48 }
49 return g_isInited;
50 }
51
OnRemoteRequest(const uint8_t * data,size_t size)52 void OnRemoteRequest(const uint8_t *data, size_t size)
53 {
54 if (!IsServiceInited()) {
55 return;
56 }
57
58 MessageParcel dataMessageParcel;
59 if (!dataMessageParcel.WriteInterfaceToken(CoreServiceStub::GetDescriptor())) {
60 return;
61 }
62 size_t dataSize = size - sizeof(uint32_t);
63 dataMessageParcel.WriteBuffer(data + sizeof(uint32_t), dataSize);
64 dataMessageParcel.RewindRead(0);
65 uint32_t code = static_cast<uint32_t>(size);
66 MessageParcel reply;
67 MessageOption option;
68 DelayedSingleton<CoreService>::GetInstance()->OnRemoteRequest(code, dataMessageParcel, reply, option);
69 }
70
GetUniqueDeviceId(const uint8_t * data,size_t size)71 void GetUniqueDeviceId(const uint8_t *data, size_t size)
72 {
73 if (!IsServiceInited()) {
74 return;
75 }
76
77 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
78 MessageParcel dataMessageParcel;
79 dataMessageParcel.WriteInt32(slotId);
80 size_t dataSize = size - sizeof(int32_t);
81 dataMessageParcel.WriteBuffer(data + sizeof(int32_t), dataSize);
82 dataMessageParcel.RewindRead(0);
83 MessageParcel reply;
84 DelayedSingleton<CoreService>::GetInstance()->OnGetUniqueDeviceId(dataMessageParcel, reply);
85 }
86
GetMeid(const uint8_t * data,size_t size)87 void GetMeid(const uint8_t *data, size_t size)
88 {
89 if (!IsServiceInited()) {
90 return;
91 }
92
93 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
94 MessageParcel dataMessageParcel;
95 dataMessageParcel.WriteInt32(slotId);
96 size_t dataSize = size - sizeof(int32_t);
97 dataMessageParcel.WriteBuffer(data + sizeof(int32_t), dataSize);
98 dataMessageParcel.RewindRead(0);
99 MessageParcel reply;
100 DelayedSingleton<CoreService>::GetInstance()->OnGetMeid(dataMessageParcel, reply);
101 }
102
GetOperatorNumeric(const uint8_t * data,size_t size)103 void GetOperatorNumeric(const uint8_t *data, size_t size)
104 {
105 if (!IsServiceInited()) {
106 return;
107 }
108
109 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
110 MessageParcel dataMessageParcel;
111 dataMessageParcel.WriteInt32(slotId);
112 size_t dataSize = size - sizeof(int32_t);
113 dataMessageParcel.WriteBuffer(data + sizeof(int32_t), dataSize);
114 dataMessageParcel.RewindRead(0);
115 MessageParcel reply;
116 DelayedSingleton<CoreService>::GetInstance()->OnGetOperatorNumeric(dataMessageParcel, reply);
117 }
118
GetOperatorName(const uint8_t * data,size_t size)119 void GetOperatorName(const uint8_t *data, size_t size)
120 {
121 if (!IsServiceInited()) {
122 return;
123 }
124
125 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
126 MessageParcel dataMessageParcel;
127 dataMessageParcel.WriteInt32(slotId);
128 size_t dataSize = size - sizeof(int32_t);
129 dataMessageParcel.WriteBuffer(data + sizeof(int32_t), dataSize);
130 dataMessageParcel.RewindRead(0);
131 MessageParcel reply;
132 DelayedSingleton<CoreService>::GetInstance()->OnGetOperatorName(dataMessageParcel, reply);
133 }
134
SendEnvelopeCmd(const uint8_t * data,size_t size)135 void SendEnvelopeCmd(const uint8_t *data, size_t size)
136 {
137 if (!IsServiceInited()) {
138 return;
139 }
140
141 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
142 std::string cmd(reinterpret_cast<const char *>(data), size);
143 MessageParcel dataMessageParcel;
144 dataMessageParcel.WriteInt32(slotId);
145 dataMessageParcel.WriteString(cmd);
146 dataMessageParcel.RewindRead(0);
147 MessageParcel reply;
148 DelayedSingleton<CoreService>::GetInstance()->OnSendEnvelopeCmd(dataMessageParcel, reply);
149 }
150
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)151 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
152 {
153 if (data == nullptr || size == 0) {
154 return;
155 }
156
157 OnRemoteRequest(data, size);
158 GetUniqueDeviceId(data, size);
159 GetMeid(data, size);
160 GetOperatorNumeric(data, size);
161 GetOperatorName(data, size);
162 SendEnvelopeCmd(data, size);
163 }
164 } // namespace OHOS
165
166 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)167 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
168 {
169 OHOS::AddCoreServiceTokenFuzzer token;
170 /* Run your code on data */
171 OHOS::DoSomethingInterestingWithMyAPI(data, size);
172 return 0;
173 }
174