/* * Copyright (c) 2023 Huawei Device Co., Ltd. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "gsmsmssender_fuzzer.h" #define private public #define protected public #include "addsmstoken_fuzzer.h" #include "core_manager_inner.h" #include "delivery_short_message_callback_stub.h" #include "i_sms_service_interface.h" #include "send_short_message_callback_stub.h" #include "sms_service.h" using namespace OHOS::Telephony; namespace OHOS { static bool g_isInited = false; constexpr int32_t SLOT_NUM = 2; static int32_t STATUS_COUNT = 4; constexpr int32_t TYPE_NUM = 6; constexpr int32_t SLEEP_TIME_SECONDS = 2; bool IsServiceInited() { if (!g_isInited) { CoreManagerInner::GetInstance().isInitAllObj_ = true; DelayedSingleton::GetInstance()->registerToService_ = true; DelayedSingleton::GetInstance()->WaitCoreServiceToInit(); DelayedSingleton::GetInstance()->OnStart(); if (DelayedSingleton::GetInstance()->GetServiceRunningState() == static_cast(Telephony::ServiceRunningState::STATE_RUNNING)) { g_isInited = true; } } return g_isInited; } void OnRemoteRequest(const uint8_t *data, size_t size) { if (!IsServiceInited()) { return; } MessageParcel dataParcel; if (!dataParcel.WriteInterfaceToken(SmsInterfaceStub::GetDescriptor())) { TELEPHONY_LOGE("OnRemoteRequest WriteInterfaceToken is false"); return; } MessageParcel replyParcel; MessageOption option(MessageOption::TF_SYNC); dataParcel.WriteBuffer(data, size); dataParcel.RewindRead(0); uint32_t code = static_cast(size); DelayedSingleton::GetInstance()->OnRemoteRequest(code, dataParcel, replyParcel, option); return; } void AddSimMessage(const uint8_t *data, size_t size) { if (!IsServiceInited()) { return; } MessageParcel dataParcel; MessageParcel replyParcel; MessageOption option(MessageOption::TF_SYNC); std::string smsc(reinterpret_cast(data), size); std::string pdu(reinterpret_cast(data), size); auto smscU16 = Str8ToStr16(smsc); auto pduU16 = Str8ToStr16(pdu); int32_t slotId = static_cast(size % SLOT_NUM); auto status = static_cast(size % STATUS_COUNT); dataParcel.WriteInt32(slotId); dataParcel.WriteString16(smscU16); dataParcel.WriteString16(pduU16); dataParcel.WriteUint32(status); dataParcel.RewindRead(0); DelayedSingleton::GetInstance()->OnAddSimMessage(dataParcel, replyParcel, option); std::shared_ptr interfaceManager = std::make_shared(slotId); if (interfaceManager == nullptr) { TELEPHONY_LOGE("interfaceManager nullptr"); return; } interfaceManager->InitInterfaceManager(); interfaceManager->AddSimMessage(smsc, pdu, status); std::shared_ptr smsMiscManager = std::make_shared(slotId); if (smsMiscManager == nullptr) { TELEPHONY_LOGE("smsMiscManager nullptr"); return; } smsMiscManager->AddSimMessage(smsc, pdu, status); } void HasSmsCapability(const uint8_t *data, size_t size) { if (!IsServiceInited()) { return; } MessageParcel dataParcel; MessageParcel replyParcel; MessageOption option(MessageOption::TF_SYNC); dataParcel.WriteBuffer(data, size); dataParcel.RewindRead(0); DelayedSingleton::GetInstance()->OnHasSmsCapability(dataParcel, replyParcel, option); int32_t slotId = static_cast(size % SLOT_NUM); std::shared_ptr interfaceManager = std::make_shared(slotId); if (interfaceManager == nullptr) { TELEPHONY_LOGE("interfaceManager nullptr error"); return; } interfaceManager->InitInterfaceManager(); interfaceManager->HasSmsCapability(); } void SendSmsTest(const uint8_t *data, size_t size) { std::function)> fun = nullptr; int32_t slotId = static_cast(size % SLOT_NUM); auto sender = std::make_shared(slotId, fun); sender->Init(); std::string desAddr(reinterpret_cast(data), size); std::string scAddr(reinterpret_cast(data), size); std::string text(reinterpret_cast(data), size); const sptr sendCallback = iface_cast(new SendShortMessageCallbackStub()); const sptr deliveryCallback = iface_cast(new DeliveryShortMessageCallbackStub()); sender->TextBasedSmsDelivery(desAddr, scAddr, text, sendCallback, deliveryCallback); sender->DataBasedSmsDelivery(desAddr, scAddr, size, data, size, sendCallback, deliveryCallback); std::vector cellsInfos; struct SplitInfo cellInfo; cellInfo.langId = static_cast(data[0]); cellInfo.encodeType = static_cast(data[0] % TYPE_NUM); cellInfo.encodeData.push_back(data[0]); cellsInfos.push_back(cellInfo); DataCodingScheme codingType = static_cast(data[0] % TYPE_NUM); bool isStatusReport = (size % SLOT_NUM == 1); GsmSmsMessage msg; std::shared_ptr tpdu = msg.CreateDefaultSubmitSmsTpdu(desAddr, scAddr, text, isStatusReport, codingType); sender->TextBasedSmsSplitDelivery( text, text, cellsInfos, codingType, isStatusReport, tpdu, msg, sendCallback, deliveryCallback); sender->SendCallbackExceptionCase(sendCallback, text); std::shared_ptr smsIndexer = std::make_shared(desAddr, scAddr, text, sendCallback, deliveryCallback); sender->SendSmsToRil(smsIndexer); sender->ResendTextDelivery(smsIndexer); sender->ResendDataDelivery(smsIndexer); bool isMore = (size % SLOT_NUM == 0); auto encodeInfo = msg.GetSubmitEncodeInfo(text, isMore); sender->SetSendIndexerInfo(smsIndexer, encodeInfo, 1); sender->ResendTextDelivery(smsIndexer); sender->voiceServiceState_ = static_cast(size); sender->imsSmsCfg_ = static_cast(size); sender->SendSmsToRil(smsIndexer); sender->SetPduInfo(smsIndexer, msg, isMore); } void SendSmsTest2(const uint8_t *data, size_t size) { std::function)> fun = nullptr; int32_t slotId = static_cast(size % SLOT_NUM); auto sender = std::make_shared(slotId, fun); sender->Init(); sender->RegisterSatelliteCallback(); sender->UnregisterSatelliteCallback(); std::string desAddr(reinterpret_cast(data), size); std::string scAddr(reinterpret_cast(data), size); std::string text(reinterpret_cast(data), size); const sptr sendCallback = iface_cast(new SendShortMessageCallbackStub()); const sptr deliveryCallback = iface_cast(new DeliveryShortMessageCallbackStub()); GsmSimMessageParam smsData; std::string pdu(reinterpret_cast(data), size); smsData.refId = static_cast(size); smsData.smscPdu = pdu; smsData.pdu = pdu; std::shared_ptr smsIndexer = std::make_shared(desAddr, scAddr, text, sendCallback, deliveryCallback); sender->SendCsSms(smsIndexer, smsData); sender->SendSatelliteSms(smsIndexer, smsData); sender->SendImsSms(smsIndexer, smsData); bool isSupported; sender->IsImsSmsSupported(slotId, isSupported); InnerEvent::Pointer event = InnerEvent::Get(static_cast(size)); sender->StatusReportAnalysis(event); event = InnerEvent::Get(static_cast(size)); sender->StatusReportGetImsSms(event); } void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size) { if (data == nullptr || size == 0) { return; } OnRemoteRequest(data, size); AddSimMessage(data, size); HasSmsCapability(data, size); SendSmsTest(data, size); SendSmsTest2(data, size); DelayedSingleton::GetInstance()->Init(); DelayedSingleton::GetInstance()->UnInit(); DelayedSingleton::DestroyInstance(); sleep(SLEEP_TIME_SECONDS); DelayedSingleton::DestroyInstance(); } } // namespace OHOS /* Fuzzer entry point */ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { /* Run your code on data */ OHOS::AddSmsTokenFuzzer token; OHOS::DoSomethingInterestingWithMyAPI(data, size); return 0; }