1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "simauthentication_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <thread>
21
22 #define private public
23 #include "addcoreservicetoken_fuzzer.h"
24 #include "core_service.h"
25 #include "napi_util.h"
26 #include "sim_file.h"
27 #include "system_ability_definition.h"
28 #include "tel_event_handler.h"
29 #include "unistd.h"
30 #include "sim_file_parse.h"
31 #include "tel_ril_manager.h"
32
33 using namespace OHOS::Telephony;
34 namespace OHOS {
35 static bool g_isInited = false;
36 constexpr int32_t SLOT_NUM = 2;
37 constexpr int32_t TYPE_NUM = 2;
38 constexpr int32_t SIM_AUTH_EAP_SIM_TYPE = 128;
39 constexpr int32_t SIM_AUTH_EAP_AKA_TYPE = 129;
40 bool g_flag = false;
41
IsServiceInited()42 bool IsServiceInited()
43 {
44 if (!g_isInited) {
45 DelayedSingleton<CoreService>::GetInstance()->OnStart();
46 if (DelayedSingleton<CoreService>::GetInstance()->GetServiceRunningState() ==
47 static_cast<int32_t>(ServiceRunningState::STATE_RUNNING)) {
48 g_isInited = true;
49 }
50 }
51 return g_isInited;
52 }
53
GetSimTelephoneNumber(const uint8_t * data,size_t size)54 void GetSimTelephoneNumber(const uint8_t *data, size_t size)
55 {
56 if (!IsServiceInited()) {
57 return;
58 }
59
60 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
61 MessageParcel dataMessageParcel;
62 dataMessageParcel.WriteInt32(slotId);
63 dataMessageParcel.WriteBuffer(data, size);
64 dataMessageParcel.RewindRead(0);
65 MessageParcel reply;
66 DelayedSingleton<CoreService>::GetInstance()->OnGetSimPhoneNumber(dataMessageParcel, reply);
67 }
68
GetVoiceMailIdentifier(const uint8_t * data,size_t size)69 void GetVoiceMailIdentifier(const uint8_t *data, size_t size)
70 {
71 if (!IsServiceInited()) {
72 return;
73 }
74
75 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
76 MessageParcel dataMessageParcel;
77 dataMessageParcel.WriteInt32(slotId);
78 dataMessageParcel.WriteBuffer(data, size);
79 dataMessageParcel.RewindRead(0);
80 MessageParcel reply;
81 DelayedSingleton<CoreService>::GetInstance()->OnGetVoiceMailInfor(dataMessageParcel, reply);
82 }
83
GetVoiceMailNumber(const uint8_t * data,size_t size)84 void GetVoiceMailNumber(const uint8_t *data, size_t size)
85 {
86 if (!IsServiceInited()) {
87 return;
88 }
89
90 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
91 MessageParcel dataMessageParcel;
92 dataMessageParcel.WriteInt32(slotId);
93 dataMessageParcel.WriteBuffer(data, size);
94 dataMessageParcel.RewindRead(0);
95 MessageParcel reply;
96 DelayedSingleton<CoreService>::GetInstance()->OnGetVoiceMailNumber(dataMessageParcel, reply);
97 }
98
QueryIccDiallingNumbers(const uint8_t * data,size_t size)99 void QueryIccDiallingNumbers(const uint8_t *data, size_t size)
100 {
101 if (!IsServiceInited()) {
102 return;
103 }
104
105 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
106 MessageParcel dataMessageParcel;
107 dataMessageParcel.WriteInt32(slotId);
108 dataMessageParcel.WriteInt32(static_cast<int32_t>(*data % TYPE_NUM));
109 dataMessageParcel.WriteBuffer(data, size);
110 dataMessageParcel.RewindRead(0);
111 MessageParcel reply;
112 DelayedSingleton<CoreService>::GetInstance()->OnDiallingNumbersGet(dataMessageParcel, reply);
113 }
114
SimAuthentication(const uint8_t * data,size_t size)115 void SimAuthentication(const uint8_t *data, size_t size)
116 {
117 if (!IsServiceInited()) {
118 return;
119 }
120
121 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
122 std::string authData(reinterpret_cast<const char *>(data), size);
123 MessageParcel dataMessageParcel;
124 dataMessageParcel.WriteInt32(slotId);
125 int32_t authType = static_cast<int32_t>(*data % TYPE_NUM);
126 if (authType) {
127 dataMessageParcel.WriteInt32(SIM_AUTH_EAP_AKA_TYPE);
128 } else {
129 dataMessageParcel.WriteInt32(SIM_AUTH_EAP_SIM_TYPE);
130 }
131 dataMessageParcel.WriteString(authData);
132 dataMessageParcel.RewindRead(0);
133 MessageParcel reply;
134 DelayedSingleton<CoreService>::GetInstance()->OnSimAuthentication(dataMessageParcel, reply);
135 }
136
ParseOpl5g(const uint8_t * data,size_t size)137 void ParseOpl5g(const uint8_t *data, size_t size)
138 {
139 if (!IsServiceInited()) {
140 return;
141 }
142
143 if (g_flag) {
144 return;
145 }
146 g_flag = true;
147
148 std::shared_ptr<TelRilManager> telRilManager = std::make_shared<TelRilManager>();
149 std::shared_ptr<Telephony::SimStateManager> simStateManager = std::make_shared<SimStateManager>(telRilManager);
150 std::shared_ptr<SimFile> simFile = std::make_shared<SimFile>(simStateManager);
151 std::string fileData(reinterpret_cast<const char *>(data), size);
152 std::vector<std::string> records;
153 records.push_back(fileData);
154 simFile->simFileParse_->ParseOpl5g(records, *simFile);
155 }
156
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)157 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
158 {
159 if (data == nullptr || size == 0) {
160 return;
161 }
162
163 GetSimTelephoneNumber(data, size);
164 GetVoiceMailIdentifier(data, size);
165 GetVoiceMailNumber(data, size);
166 QueryIccDiallingNumbers(data, size);
167 SimAuthentication(data, size);
168 ParseOpl5g(data, size);
169 auto telRilManager = std::static_pointer_cast<TelRilManager>(
170 DelayedSingleton<CoreService>::GetInstance()->telRilManager_);
171 if (telRilManager == nullptr || telRilManager->handler_ == nullptr) {
172 return;
173 }
174 telRilManager->handler_->ClearFfrt(false);
175 telRilManager->handler_->queue_ = nullptr;
176 return;
177 }
178 } // namespace OHOS
179
180 /* Fuzzer entry point */
LLVMFuzzerInitialize(int * argc,char *** argv)181 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
182 {
183 OHOS::AddCoreServiceTokenFuzzer token;
184 return 0;
185 }
186
187 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)188 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
189 {
190 /* Run your code on data */
191 OHOS::DoSomethingInterestingWithMyAPI(data, size);
192 OHOS::DelayedSingleton<CoreService>::DestroyInstance();
193 return 0;
194 }
195