1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "addsimmessage_fuzzer.h"
17
18 #define private public
19 #include "addsmstoken_fuzzer.h"
20 #include "core_manager_inner.h"
21 #include "i_sms_service_interface.h"
22 #include "sms_service.h"
23 #include "cdma_sms_message.h"
24
25 using namespace OHOS::Telephony;
26 namespace OHOS {
27 static bool g_isInited = false;
28 constexpr int32_t SLOT_NUM = 2;
29 static int32_t STATUS_COUNT = 4;
30
IsServiceInited()31 bool IsServiceInited()
32 {
33 if (!g_isInited) {
34 CoreManagerInner::GetInstance().isInitAllObj_ = true;
35 DelayedSingleton<SmsService>::GetInstance()->registerToService_ = true;
36 DelayedSingleton<SmsService>::GetInstance()->WaitCoreServiceToInit();
37 DelayedSingleton<SmsService>::GetInstance()->OnStart();
38 if (DelayedSingleton<SmsService>::GetInstance()->GetServiceRunningState() ==
39 static_cast<int32_t>(Telephony::ServiceRunningState::STATE_RUNNING)) {
40 g_isInited = true;
41 }
42 }
43 return g_isInited;
44 }
45
OnRemoteRequest(const uint8_t * data,size_t size)46 void OnRemoteRequest(const uint8_t *data, size_t size)
47 {
48 if (!IsServiceInited()) {
49 return;
50 }
51
52 MessageParcel dataParcel;
53 if (!dataParcel.WriteInterfaceToken(SmsInterfaceStub::GetDescriptor())) {
54 TELEPHONY_LOGE("OnRemoteRequest WriteInterfaceToken is false");
55 return;
56 }
57
58 MessageParcel replyParcel;
59 MessageOption option(MessageOption::TF_SYNC);
60
61 dataParcel.WriteBuffer(data, size);
62 dataParcel.RewindRead(0);
63 uint32_t code = static_cast<uint32_t>(size);
64
65 DelayedSingleton<SmsService>::GetInstance()->OnRemoteRequest(code, dataParcel, replyParcel, option);
66 return;
67 }
68
GetAllSimMessages(const uint8_t * data,size_t size)69 void GetAllSimMessages(const uint8_t *data, size_t size)
70 {
71 if (!IsServiceInited()) {
72 return;
73 }
74
75 MessageParcel dataParcel;
76 MessageParcel replyParcel;
77 MessageOption option(MessageOption::TF_SYNC);
78 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
79 dataParcel.WriteInt32(slotId);
80 dataParcel.WriteBuffer(data, size);
81 dataParcel.RewindRead(0);
82 DelayedSingleton<SmsService>::GetInstance()->OnGetAllSimMessages(dataParcel, replyParcel, option);
83
84 std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
85 if (interfaceManager == nullptr) {
86 TELEPHONY_LOGE("interfaceManager nullptr");
87 return;
88 }
89
90 interfaceManager->InitInterfaceManager();
91 std::vector<ShortMessage> message;
92 interfaceManager->GetAllSimMessages(message);
93
94 std::shared_ptr<SmsMiscManager> smsMiscManager = std::make_shared<SmsMiscManager>(slotId);
95 if (smsMiscManager == nullptr) {
96 TELEPHONY_LOGE("smsMiscManager nullptr");
97 return;
98 }
99 smsMiscManager->GetAllSimMessages(message);
100 }
101
AddSimMessage(const uint8_t * data,size_t size)102 void AddSimMessage(const uint8_t *data, size_t size)
103 {
104 if (!IsServiceInited()) {
105 return;
106 }
107
108 MessageParcel dataParcel;
109 MessageParcel replyParcel;
110 MessageOption option(MessageOption::TF_SYNC);
111
112 std::string smsc(reinterpret_cast<const char *>(data), size);
113 std::string pdu(reinterpret_cast<const char *>(data), size);
114 auto smscU16 = Str8ToStr16(smsc);
115 auto pduU16 = Str8ToStr16(pdu);
116 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
117 auto status = static_cast<ISmsServiceInterface::SimMessageStatus>(size % STATUS_COUNT);
118
119 dataParcel.WriteInt32(slotId);
120 dataParcel.WriteString16(smscU16);
121 dataParcel.WriteString16(pduU16);
122 dataParcel.WriteUint32(status);
123 dataParcel.RewindRead(0);
124 DelayedSingleton<SmsService>::GetInstance()->OnAddSimMessage(dataParcel, replyParcel, option);
125
126 std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
127 if (interfaceManager == nullptr) {
128 TELEPHONY_LOGE("interfaceManager nullptr");
129 return;
130 }
131 interfaceManager->InitInterfaceManager();
132 interfaceManager->AddSimMessage(smsc, pdu, status);
133
134 std::shared_ptr<SmsMiscManager> smsMiscManager = std::make_shared<SmsMiscManager>(slotId);
135 if (smsMiscManager == nullptr) {
136 TELEPHONY_LOGE("smsMiscManager nullptr");
137 return;
138 }
139 smsMiscManager->AddSimMessage(smsc, pdu, status);
140 }
141
DelSimMessage(const uint8_t * data,size_t size)142 void DelSimMessage(const uint8_t *data, size_t size)
143 {
144 if (!IsServiceInited()) {
145 return;
146 }
147 CdmaSmsMessage msg;
148 std::string pdu(reinterpret_cast<const char *>(data), size);
149 msg.CreateMessage(pdu);
150 MessageParcel dataParcel;
151 MessageParcel replyParcel;
152 MessageOption option(MessageOption::TF_SYNC);
153 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
154 uint32_t index = static_cast<uint32_t>(size);
155 dataParcel.WriteInt32(slotId);
156 dataParcel.WriteUint32(index);
157 dataParcel.RewindRead(0);
158 DelayedSingleton<SmsService>::GetInstance()->OnDelSimMessage(dataParcel, replyParcel, option);
159
160 std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
161 if (interfaceManager == nullptr) {
162 TELEPHONY_LOGE("interfaceManager nullptr");
163 return;
164 }
165 interfaceManager->InitInterfaceManager();
166 interfaceManager->DelSimMessage(index);
167
168 std::shared_ptr<SmsMiscManager> smsMiscManager = std::make_shared<SmsMiscManager>(slotId);
169 if (smsMiscManager == nullptr) {
170 TELEPHONY_LOGE("smsMiscManager nullptr");
171 return;
172 }
173 smsMiscManager->DelSimMessage(index);
174 }
175
HasSmsCapability(const uint8_t * data,size_t size)176 void HasSmsCapability(const uint8_t *data, size_t size)
177 {
178 if (!IsServiceInited()) {
179 return;
180 }
181
182 MessageParcel dataParcel;
183 MessageParcel replyParcel;
184 MessageOption option(MessageOption::TF_SYNC);
185
186 dataParcel.WriteBuffer(data, size);
187 dataParcel.RewindRead(0);
188 DelayedSingleton<SmsService>::GetInstance()->OnHasSmsCapability(dataParcel, replyParcel, option);
189
190 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
191 std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
192 if (interfaceManager == nullptr) {
193 TELEPHONY_LOGE("interfaceManager nullptr error");
194 return;
195 }
196 interfaceManager->InitInterfaceManager();
197 interfaceManager->HasSmsCapability();
198 }
199
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)200 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
201 {
202 if (data == nullptr || size == 0) {
203 return;
204 }
205
206 OnRemoteRequest(data, size);
207 GetAllSimMessages(data, size);
208 AddSimMessage(data, size);
209 DelSimMessage(data, size);
210 HasSmsCapability(data, size);
211 DelayedSingleton<SmsService>::DestroyInstance();
212 }
213 } // namespace OHOS
214
215 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)216 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
217 {
218 /* Run your code on data */
219 OHOS::AddSmsTokenFuzzer token;
220 OHOS::DoSomethingInterestingWithMyAPI(data, size);
221 return 0;
222 }
223