1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "sendenvelopecmd_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <thread>
21
22 #define private public
23 #include "addcoreservicetoken_fuzzer.h"
24 #include "core_service.h"
25 #include "core_service_stub.h"
26 #include "napi_util.h"
27 #include "system_ability_definition.h"
28 #include "unistd.h"
29
30 using namespace OHOS::Telephony;
31 namespace OHOS {
32 static bool g_isInited = false;
33 constexpr int32_t SLOT_NUM = 2;
34 constexpr int32_t SLEEP_TIME_SECONDS = 10;
35
IsServiceInited()36 bool IsServiceInited()
37 {
38 if (!g_isInited) {
39 auto onStart = [] { DelayedSingleton<CoreService>::GetInstance()->OnStart(); };
40 std::thread startThread(onStart);
41 pthread_setname_np(startThread.native_handle(), "sendenvelopecmd_fuzzer");
42 startThread.join();
43
44 sleep(SLEEP_TIME_SECONDS);
45 if (DelayedSingleton<CoreService>::GetInstance()->GetServiceRunningState() ==
46 static_cast<int32_t>(ServiceRunningState::STATE_RUNNING)) {
47 g_isInited = true;
48 }
49 }
50 return g_isInited;
51 }
52
GetUniqueDeviceId(const uint8_t * data,size_t size)53 void GetUniqueDeviceId(const uint8_t *data, size_t size)
54 {
55 if (!IsServiceInited()) {
56 return;
57 }
58
59 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
60 MessageParcel dataMessageParcel;
61 dataMessageParcel.WriteInt32(slotId);
62 dataMessageParcel.WriteBuffer(data, size);
63 dataMessageParcel.RewindRead(0);
64 MessageParcel reply;
65 DelayedSingleton<CoreService>::GetInstance()->OnGetUniqueDeviceId(dataMessageParcel, reply);
66 }
67
GetMeid(const uint8_t * data,size_t size)68 void GetMeid(const uint8_t *data, size_t size)
69 {
70 if (!IsServiceInited()) {
71 return;
72 }
73
74 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
75 MessageParcel dataMessageParcel;
76 dataMessageParcel.WriteInt32(slotId);
77 dataMessageParcel.WriteBuffer(data, size);
78 dataMessageParcel.RewindRead(0);
79 MessageParcel reply;
80 DelayedSingleton<CoreService>::GetInstance()->OnGetMeid(dataMessageParcel, reply);
81 }
82
GetBasebandVersion(const uint8_t * data,size_t size)83 void GetBasebandVersion(const uint8_t *data, size_t size)
84 {
85 if (!IsServiceInited()) {
86 return;
87 }
88
89 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
90 MessageParcel dataMessageParcel;
91 dataMessageParcel.WriteInt32(slotId);
92 dataMessageParcel.WriteBuffer(data, size);
93 dataMessageParcel.RewindRead(0);
94 MessageParcel reply;
95 DelayedSingleton<CoreService>::GetInstance()->OnGetBasebandVersion(dataMessageParcel, reply);
96 }
97
SetNetworkCapability(const uint8_t * data,size_t size)98 void SetNetworkCapability(const uint8_t *data, size_t size)
99 {
100 if (!IsServiceInited()) {
101 return;
102 }
103 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
104 int32_t networkCapabilityType = static_cast<int32_t>(size);
105 int32_t networkCapabilityState = static_cast<int32_t>(size);
106 MessageParcel dataMessageParcel;
107 MessageParcel reply;
108 dataMessageParcel.WriteInt32(slotId);
109 dataMessageParcel.WriteInt32(networkCapabilityType);
110 dataMessageParcel.WriteInt32(networkCapabilityState);
111 int32_t error = DelayedSingleton<CoreService>::GetInstance()->OnSetNetworkCapability(dataMessageParcel, reply);
112 if (error != ERR_NONE) {
113 TELEPHONY_LOGE("SetNetworkCapability failed, error code is %{public}d \n", error);
114 }
115 }
116
GetNetworkCapability(const uint8_t * data,size_t size)117 void GetNetworkCapability(const uint8_t *data, size_t size)
118 {
119 if (!IsServiceInited()) {
120 return;
121 }
122
123 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
124 int32_t networkCapabilityType = static_cast<int32_t>(size);
125 int32_t networkCapabilityState = static_cast<int32_t>(size);
126 MessageParcel dataMessageParcel;
127 MessageParcel reply;
128 dataMessageParcel.WriteInt32(slotId);
129 dataMessageParcel.WriteInt32(networkCapabilityType);
130 dataMessageParcel.WriteInt32(networkCapabilityState);
131 int32_t error = DelayedSingleton<CoreService>::GetInstance()->OnGetNetworkCapability(dataMessageParcel, reply);
132 if (error != ERR_NONE) {
133 TELEPHONY_LOGE(
134 "GetNetworkAbilitySwitch failed, error code is %{public}d \n, networkCapabilityState is %{public}d", error,
135 networkCapabilityState);
136 }
137 }
138
GetOperatorNumeric(const uint8_t * data,size_t size)139 void GetOperatorNumeric(const uint8_t *data, size_t size)
140 {
141 if (!IsServiceInited()) {
142 return;
143 }
144
145 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
146 MessageParcel dataMessageParcel;
147 dataMessageParcel.WriteInt32(slotId);
148 dataMessageParcel.WriteBuffer(data, size);
149 dataMessageParcel.RewindRead(0);
150 MessageParcel reply;
151 DelayedSingleton<CoreService>::GetInstance()->OnGetOperatorNumeric(dataMessageParcel, reply);
152 }
153
GetOperatorName(const uint8_t * data,size_t size)154 void GetOperatorName(const uint8_t *data, size_t size)
155 {
156 if (!IsServiceInited()) {
157 return;
158 }
159
160 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
161 MessageParcel dataMessageParcel;
162 dataMessageParcel.WriteInt32(slotId);
163 dataMessageParcel.WriteBuffer(data, size);
164 dataMessageParcel.RewindRead(0);
165 MessageParcel reply;
166 DelayedSingleton<CoreService>::GetInstance()->OnGetOperatorName(dataMessageParcel, reply);
167 }
168
SendEnvelopeCmd(const uint8_t * data,size_t size)169 void SendEnvelopeCmd(const uint8_t *data, size_t size)
170 {
171 if (!IsServiceInited()) {
172 return;
173 }
174
175 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
176 std::string cmd(reinterpret_cast<const char *>(data), size);
177 MessageParcel dataMessageParcel;
178 dataMessageParcel.WriteInt32(slotId);
179 dataMessageParcel.WriteString(cmd);
180 dataMessageParcel.RewindRead(0);
181 MessageParcel reply;
182 DelayedSingleton<CoreService>::GetInstance()->OnSendEnvelopeCmd(dataMessageParcel, reply);
183 }
184
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)185 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
186 {
187 if (data == nullptr || size == 0) {
188 return;
189 }
190
191 GetUniqueDeviceId(data, size);
192 GetMeid(data, size);
193 GetBasebandVersion(data, size);
194 GetOperatorNumeric(data, size);
195 GetOperatorName(data, size);
196 SendEnvelopeCmd(data, size);
197 GetNetworkCapability(data, size);
198 SetNetworkCapability(data, size);
199 auto telRilManager = DelayedSingleton<CoreService>::GetInstance()->telRilManager_;
200 if (telRilManager == nullptr) {
201 return;
202 }
203 auto handler = telRilManager->handler_;
204 if (handler != nullptr) {
205 handler->RemoveAllEvents();
206 handler->SendEvent(0, 0, AppExecFwk::EventQueue::Priority::HIGH);
207 sleep(SLEEP_TIME_SECONDS);
208 }
209 }
210 } // namespace OHOS
211
212 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)213 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
214 {
215 OHOS::AddCoreServiceTokenFuzzer token;
216 /* Run your code on data */
217 OHOS::DoSomethingInterestingWithMyAPI(data, size);
218 return 0;
219 }
220