1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "gsmsmssender_fuzzer.h"
17
18 #define private public
19 #define protected public
20
21 #include "addsmstoken_fuzzer.h"
22 #include "delivery_short_message_callback_stub.h"
23 #include "i_sms_service_interface.h"
24 #include "send_short_message_callback_stub.h"
25 #include "sms_service.h"
26
27 using namespace OHOS::Telephony;
28 namespace OHOS {
29 static bool g_isInited = false;
30 constexpr int32_t SLOT_NUM = 2;
31 static int32_t STATUS_COUNT = 4;
32 constexpr int32_t TYPE_NUM = 6;
33
IsServiceInited()34 bool IsServiceInited()
35 {
36 if (!g_isInited) {
37 DelayedSingleton<SmsService>::GetInstance()->OnStart();
38 if (DelayedSingleton<SmsService>::GetInstance()->GetServiceRunningState() ==
39 static_cast<int32_t>(Telephony::ServiceRunningState::STATE_RUNNING)) {
40 g_isInited = true;
41 }
42 }
43 return g_isInited;
44 }
45
OnRemoteRequest(const uint8_t * data,size_t size)46 void OnRemoteRequest(const uint8_t *data, size_t size)
47 {
48 if (!IsServiceInited()) {
49 return;
50 }
51
52 MessageParcel dataParcel;
53 if (!dataParcel.WriteInterfaceToken(SmsInterfaceStub::GetDescriptor())) {
54 TELEPHONY_LOGE("OnRemoteRequest WriteInterfaceToken is false");
55 return;
56 }
57
58 MessageParcel replyParcel;
59 MessageOption option(MessageOption::TF_SYNC);
60
61 dataParcel.WriteBuffer(data, size);
62 dataParcel.RewindRead(0);
63 uint32_t code = static_cast<uint32_t>(size);
64
65 DelayedSingleton<SmsService>::GetInstance()->OnRemoteRequest(code, dataParcel, replyParcel, option);
66 return;
67 }
68
AddSimMessage(const uint8_t * data,size_t size)69 void AddSimMessage(const uint8_t *data, size_t size)
70 {
71 if (!IsServiceInited()) {
72 return;
73 }
74
75 MessageParcel dataParcel;
76 MessageParcel replyParcel;
77 MessageOption option(MessageOption::TF_SYNC);
78
79 std::string smsc(reinterpret_cast<const char *>(data), size);
80 std::string pdu(reinterpret_cast<const char *>(data), size);
81 auto smscU16 = Str8ToStr16(smsc);
82 auto pduU16 = Str8ToStr16(pdu);
83 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
84 auto status = static_cast<ISmsServiceInterface::SimMessageStatus>(size % STATUS_COUNT);
85
86 dataParcel.WriteInt32(slotId);
87 dataParcel.WriteString16(smscU16);
88 dataParcel.WriteString16(pduU16);
89 dataParcel.WriteUint32(status);
90 dataParcel.RewindRead(0);
91 DelayedSingleton<SmsService>::GetInstance()->OnAddSimMessage(dataParcel, replyParcel, option);
92
93 std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
94 if (interfaceManager == nullptr) {
95 TELEPHONY_LOGE("interfaceManager nullptr");
96 return;
97 }
98 interfaceManager->AddSimMessage(smsc, pdu, status);
99
100 std::shared_ptr<SmsMiscManager> smsMiscManager = std::make_shared<SmsMiscManager>(slotId);
101 if (smsMiscManager == nullptr) {
102 TELEPHONY_LOGE("smsMiscManager nullptr");
103 return;
104 }
105 smsMiscManager->AddSimMessage(smsc, pdu, status);
106 }
107
HasSmsCapability(const uint8_t * data,size_t size)108 void HasSmsCapability(const uint8_t *data, size_t size)
109 {
110 if (!IsServiceInited()) {
111 return;
112 }
113
114 MessageParcel dataParcel;
115 MessageParcel replyParcel;
116 MessageOption option(MessageOption::TF_SYNC);
117
118 dataParcel.WriteBuffer(data, size);
119 dataParcel.RewindRead(0);
120 DelayedSingleton<SmsService>::GetInstance()->OnHasSmsCapability(dataParcel, replyParcel, option);
121
122 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
123 std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
124 if (interfaceManager == nullptr) {
125 TELEPHONY_LOGE("interfaceManager nullptr error");
126 return;
127 }
128 interfaceManager->HasSmsCapability();
129 }
130
SendSmsTest(const uint8_t * data,size_t size)131 void SendSmsTest(const uint8_t *data, size_t size)
132 {
133 std::function<void(std::shared_ptr<SmsSendIndexer>)> fun = nullptr;
134 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
135 auto sender = std::make_shared<GsmSmsSender>(slotId, fun);
136 sender->Init();
137
138 std::string desAddr(reinterpret_cast<const char *>(data), size);
139 std::string scAddr(reinterpret_cast<const char *>(data), size);
140 std::string text(reinterpret_cast<const char *>(data), size);
141 const sptr<ISendShortMessageCallback> sendCallback =
142 iface_cast<ISendShortMessageCallback>(new SendShortMessageCallbackStub());
143 const sptr<IDeliveryShortMessageCallback> deliveryCallback =
144 iface_cast<IDeliveryShortMessageCallback>(new DeliveryShortMessageCallbackStub());
145 sender->TextBasedSmsDelivery(desAddr, scAddr, text, sendCallback, deliveryCallback);
146 sender->DataBasedSmsDelivery(desAddr, scAddr, size, data, size, sendCallback, deliveryCallback);
147
148 std::vector<struct SplitInfo> cellsInfos;
149 struct SplitInfo cellInfo;
150 cellInfo.langId = static_cast<MSG_LANGUAGE_ID_T>(data[0]);
151 cellInfo.encodeType = static_cast<DataCodingScheme>(data[0] % TYPE_NUM);
152 cellInfo.encodeData.push_back(data[0]);
153 cellsInfos.push_back(cellInfo);
154 DataCodingScheme codingType = static_cast<DataCodingScheme>(data[0] % TYPE_NUM);
155 bool isStatusReport = (size % SLOT_NUM == 1);
156 GsmSmsMessage msg;
157 std::shared_ptr<struct SmsTpdu> tpdu =
158 msg.CreateDefaultSubmitSmsTpdu(desAddr, scAddr, text, isStatusReport, codingType);
159 sender->TextBasedSmsSplitDelivery(
160 text, text, cellsInfos, codingType, isStatusReport, tpdu, msg, sendCallback, deliveryCallback);
161 sender->SendCallbackExceptionCase(sendCallback, text);
162
163 std::shared_ptr<SmsSendIndexer> smsIndexer =
164 std::make_shared<SmsSendIndexer>(desAddr, scAddr, text, sendCallback, deliveryCallback);
165 sender->SendSmsToRil(smsIndexer);
166 sender->ResendTextDelivery(smsIndexer);
167 sender->ResendDataDelivery(smsIndexer);
168 bool isMore = (size % SLOT_NUM == 0);
169 auto encodeInfo = msg.GetSubmitEncodeInfo(text, isMore);
170 sender->SetSendIndexerInfo(smsIndexer, encodeInfo, 1);
171 sender->ResendTextDelivery(smsIndexer);
172 sender->voiceServiceState_ = static_cast<int32_t>(size);
173 sender->imsSmsCfg_ = static_cast<int32_t>(size);
174 sender->SendSmsToRil(smsIndexer);
175 sender->SetPduInfo(smsIndexer, msg, isMore);
176 }
177
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)178 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
179 {
180 if (data == nullptr || size == 0) {
181 return;
182 }
183
184 OnRemoteRequest(data, size);
185 AddSimMessage(data, size);
186 HasSmsCapability(data, size);
187 SendSmsTest(data, size);
188 }
189 } // namespace OHOS
190
191 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)192 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
193 {
194 /* Run your code on data */
195 OHOS::AddSmsTokenFuzzer token;
196 OHOS::DoSomethingInterestingWithMyAPI(data, size);
197 return 0;
198 }
199