1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "setgetcbconfig_fuzzer.h"
17
18 #define private public
19
20 #include "addsmstoken_fuzzer.h"
21 #include "gsm_cb_gsm_codec.h"
22 #include "gsm_cb_umts_codec.h"
23 #include "sms_service.h"
24 #include "string_utils.h"
25
26 using namespace OHOS::Telephony;
27 namespace OHOS {
28 static bool g_isInited = false;
29 static int32_t SIM_COUNT = 2;
30 static int32_t CB_CHANNEL_DIVISOR = 2;
31 static int32_t NET_COUNT = 3;
32
IsServiceInited()33 bool IsServiceInited()
34 {
35 if (!g_isInited) {
36 DelayedSingleton<SmsService>::GetInstance()->OnStart();
37 if (DelayedSingleton<SmsService>::GetInstance()->GetServiceRunningState() ==
38 static_cast<int32_t>(Telephony::ServiceRunningState::STATE_RUNNING)) {
39 g_isInited = true;
40 }
41 }
42 return g_isInited;
43 }
44
SetCBConfigFuzz(const uint8_t * data,size_t size)45 void SetCBConfigFuzz(const uint8_t *data, size_t size)
46 {
47 if (!IsServiceInited()) {
48 return;
49 }
50
51 MessageParcel dataParcel;
52 MessageParcel replyParcel;
53 MessageOption option(MessageOption::TF_SYNC);
54
55 int32_t slotId = static_cast<int32_t>(size % SIM_COUNT);
56 bool enable = slotId == 1 ? true : false;
57 uint32_t fromMsgId = static_cast<uint32_t>(size / CB_CHANNEL_DIVISOR);
58 uint32_t toMsgId = static_cast<uint32_t>(size);
59 int32_t netType = static_cast<int32_t>(size % NET_COUNT);
60
61 dataParcel.WriteInt32(slotId);
62 dataParcel.WriteBool(enable);
63 dataParcel.WriteUint32(fromMsgId);
64 dataParcel.WriteUint32(toMsgId);
65 dataParcel.WriteUint8(netType);
66
67 dataParcel.WriteBuffer(data, size);
68 dataParcel.RewindRead(0);
69 DelayedSingleton<SmsService>::GetInstance()->OnSetCBConfig(dataParcel, replyParcel, option);
70
71 std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
72 if (interfaceManager == nullptr) {
73 TELEPHONY_LOGE("interfaceManager nullptr error");
74 return;
75 }
76 interfaceManager->SetCBConfig(enable, fromMsgId, toMsgId, netType);
77
78 auto smsMiscRunner = AppExecFwk::EventRunner::Create("SmsMiscRunner");
79 if (smsMiscRunner == nullptr) {
80 TELEPHONY_LOGE("failed to create SmsMiscRunner");
81 return;
82 }
83 std::shared_ptr<SmsMiscManager> smsMiscManager = std::make_shared<SmsMiscManager>(smsMiscRunner, slotId);
84 if (smsMiscManager == nullptr) {
85 TELEPHONY_LOGE("smsMiscManager nullptr error");
86 return;
87 }
88 smsMiscManager->SetCBConfig(enable, fromMsgId, toMsgId, netType);
89 }
90
SetImsSmsConfigFuzz(const uint8_t * data,size_t size)91 void SetImsSmsConfigFuzz(const uint8_t *data, size_t size)
92 {
93 if (!IsServiceInited()) {
94 return;
95 }
96
97 MessageParcel dataParcel;
98 MessageParcel replyParcel;
99 MessageOption option(MessageOption::TF_SYNC);
100
101 int32_t slotId = static_cast<int32_t>(size % SIM_COUNT);
102 int32_t enable = slotId == 1 ? true : false;
103 dataParcel.WriteInt32(slotId);
104 dataParcel.WriteInt32(enable);
105 dataParcel.WriteBuffer(data, size);
106 dataParcel.RewindRead(0);
107 DelayedSingleton<SmsService>::GetInstance()->OnSetImsSmsConfig(dataParcel, replyParcel, option);
108
109 std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
110 if (interfaceManager == nullptr) {
111 TELEPHONY_LOGE("interfaceManager nullptr error");
112 return;
113 }
114 interfaceManager->SetImsSmsConfig(slotId, enable);
115
116 auto smsSendManager = std::make_shared<SmsSendManager>(slotId);
117 if (smsSendManager == nullptr) {
118 return;
119 }
120 smsSendManager->SetImsSmsConfig(slotId, enable);
121 }
122
UpdataCBMessage(const uint8_t * data,size_t size)123 void UpdataCBMessage(const uint8_t *data, size_t size)
124 {
125 std::string pdu(reinterpret_cast<const char *>(data), size);
126 auto cbMessage = GsmCbCodec::CreateCbMessage(pdu);
127 if (cbMessage == nullptr) {
128 return;
129 }
130 cbMessage->GetCbHeader();
131 auto cbMessageByVectorInit = GsmCbCodec::CreateCbMessage(StringUtils::HexToByteVector(pdu));
132 if (cbMessageByVectorInit == nullptr) {
133 return;
134 }
135 cbMessageByVectorInit->GetCbMessageRaw();
136 cbMessageByVectorInit->IsSinglePageMsg();
137
138 cbMessage->PduAnalysis(StringUtils::HexToByteVector(pdu));
139
140 auto gsmCodec = std::make_shared<GsmCbGsmCodec>(cbMessage->cbHeader_, cbMessage->cbPduBuffer_, cbMessage);
141 auto umtsCodec = std::make_shared<GsmCbUmtsCodec>(cbMessage->cbHeader_, cbMessage->cbPduBuffer_, cbMessage);
142 if (gsmCodec == nullptr || umtsCodec == nullptr) {
143 return;
144 }
145 gsmCodec->Decode2gHeader();
146 umtsCodec->Decode3gHeader();
147
148 gsmCodec->Decode2gCbMsg();
149 umtsCodec->Decode3gCbMsg();
150 umtsCodec->Decode3g7Bit();
151 umtsCodec->Decode3gUCS2();
152 gsmCodec->DecodeEtwsMsg();
153
154 std::string raw(reinterpret_cast<const char *>(data), size);
155 std::string message(reinterpret_cast<const char *>(data), size);
156 cbMessage->ConvertToUTF8(raw, message);
157 }
158
DoCBConfigWithMyAPI(const uint8_t * data,size_t size)159 void DoCBConfigWithMyAPI(const uint8_t *data, size_t size)
160 {
161 if (data == nullptr || size == 0) {
162 return;
163 }
164 SetCBConfigFuzz(data, size);
165 SetImsSmsConfigFuzz(data, size);
166 UpdataCBMessage(data, size);
167 }
168 } // namespace OHOS
169
170 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)171 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
172 {
173 /* Run your code on data */
174 OHOS::AddSmsTokenFuzzer token;
175 OHOS::DoCBConfigWithMyAPI(data, size);
176 return 0;
177 }
178