1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "createsmsmessage_fuzzer.h"
17 
18 #define private public
19 
20 #include "addsmstoken_fuzzer.h"
21 #include "core_manager_inner.h"
22 #include "sms_service.h"
23 
24 using namespace OHOS::Telephony;
25 namespace OHOS {
26 static bool g_isInited = false;
27 constexpr int32_t SLOT_NUM = 2;
28 
IsServiceInited()29 bool IsServiceInited()
30 {
31     if (!g_isInited) {
32         CoreManagerInner::GetInstance().isInitAllObj_ = true;
33         DelayedSingleton<SmsService>::GetInstance()->registerToService_ = true;
34         DelayedSingleton<SmsService>::GetInstance()->WaitCoreServiceToInit();
35         DelayedSingleton<SmsService>::GetInstance()->OnStart();
36         if (DelayedSingleton<SmsService>::GetInstance()->GetServiceRunningState() ==
37             static_cast<int32_t>(Telephony::ServiceRunningState::STATE_RUNNING)) {
38             g_isInited = true;
39         }
40     }
41     return g_isInited;
42 }
43 
GetDefaultSmsSlotId(const uint8_t * data,size_t size)44 void GetDefaultSmsSlotId(const uint8_t *data, size_t size)
45 {
46     if (!IsServiceInited()) {
47         return;
48     }
49 
50     MessageParcel dataParcel;
51     MessageParcel replyParcel;
52     MessageOption option(MessageOption::TF_SYNC);
53     dataParcel.WriteBuffer(data, size);
54     dataParcel.RewindRead(0);
55     DelayedSingleton<SmsService>::GetInstance()->OnGetDefaultSmsSlotId(dataParcel, replyParcel, option);
56     return;
57 }
58 
OnGetDefaultSmsSimId(const uint8_t * data,size_t size)59 void OnGetDefaultSmsSimId(const uint8_t *data, size_t size)
60 {
61     if (!IsServiceInited()) {
62         return;
63     }
64 
65     MessageParcel dataParcel;
66     MessageParcel replyParcel;
67     MessageOption option(MessageOption::TF_SYNC);
68     dataParcel.WriteBuffer(data, size);
69     dataParcel.RewindRead(0);
70     DelayedSingleton<SmsService>::GetInstance()->OnGetDefaultSmsSlotId(dataParcel, replyParcel, option);
71     return;
72 }
73 
SetDefaultSmsSlotId(const uint8_t * data,size_t size)74 void SetDefaultSmsSlotId(const uint8_t *data, size_t size)
75 {
76     if (!IsServiceInited()) {
77         return;
78     }
79 
80     MessageParcel dataParcel;
81     MessageParcel replyParcel;
82     MessageOption option(MessageOption::TF_SYNC);
83     int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
84     dataParcel.WriteInt32(slotId);
85     dataParcel.WriteBuffer(data, size);
86     dataParcel.RewindRead(0);
87     DelayedSingleton<SmsService>::GetInstance()->OnSetDefaultSmsSlotId(dataParcel, replyParcel, option);
88     return;
89 }
90 
CreateSmsMessage(const uint8_t * data,size_t size)91 void CreateSmsMessage(const uint8_t *data, size_t size)
92 {
93     if (!IsServiceInited()) {
94         return;
95     }
96     MessageParcel dataParcel;
97     MessageParcel replyParcel;
98     MessageOption option(MessageOption::TF_SYNC);
99     std::string pdu(reinterpret_cast<const char *>(data), size);
100     dataParcel.WriteString(pdu);
101     dataParcel.WriteString("3gpp");
102     DelayedSingleton<SmsService>::GetInstance()->OnCreateMessage(dataParcel, replyParcel, option);
103 }
104 
CreateCbMessage(const uint8_t * data,size_t size)105 void CreateCbMessage(const uint8_t *data, size_t size)
106 {
107     if (!IsServiceInited()) {
108         return;
109     }
110     std::string strPdu(reinterpret_cast<const char *>(data), size);
111     GsmCbCodec::CreateCbMessage(strPdu);
112 }
113 
SendMms(const uint8_t * data,size_t size)114 void SendMms(const uint8_t *data, size_t size)
115 {
116     if (!IsServiceInited()) {
117         return;
118     }
119     MessageParcel dataParcel;
120     MessageParcel replyParcel;
121     MessageOption option(MessageOption::TF_SYNC);
122     int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
123     std::string mmsc(reinterpret_cast<const char *>(data), size);
124     auto mmscU16 = Str8ToStr16(mmsc);
125     std::string mmsData(reinterpret_cast<const char *>(data), size);
126     auto mmsDataU16 = Str8ToStr16(mmsData);
127     std::string ua(reinterpret_cast<const char *>(data), size);
128     auto uaU16 = Str8ToStr16(ua);
129     std::string uaprof(reinterpret_cast<const char *>(data), size);
130     auto uaprofU16 = Str8ToStr16(uaprof);
131     dataParcel.WriteInt32(slotId);
132     dataParcel.WriteString16(mmscU16);
133     dataParcel.WriteString16(mmsDataU16);
134     dataParcel.WriteString16(uaU16);
135     dataParcel.WriteString16(uaprofU16);
136     dataParcel.RewindRead(0);
137     DelayedSingleton<SmsService>::GetInstance()->OnSendMms(dataParcel, replyParcel, option);
138 }
139 
DownloadMms(const uint8_t * data,size_t size)140 void DownloadMms(const uint8_t *data, size_t size)
141 {
142     if (!IsServiceInited()) {
143         return;
144     }
145     MessageParcel dataParcel;
146     MessageParcel replyParcel;
147     MessageOption option(MessageOption::TF_SYNC);
148     int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
149     std::string mmsc(reinterpret_cast<const char *>(data), size);
150     auto mmscU16 = Str8ToStr16(mmsc);
151     std::string mmsData(reinterpret_cast<const char *>(data), size);
152     auto mmsDataU16 = Str8ToStr16(mmsData);
153     std::string ua(reinterpret_cast<const char *>(data), size);
154     auto uaU16 = Str8ToStr16(ua);
155     std::string uaprof(reinterpret_cast<const char *>(data), size);
156     auto uaprofU16 = Str8ToStr16(uaprof);
157     dataParcel.WriteInt32(slotId);
158     dataParcel.WriteString16(mmscU16);
159     dataParcel.WriteString16(mmsDataU16);
160     dataParcel.WriteString16(uaU16);
161     dataParcel.WriteString16(uaprofU16);
162     dataParcel.RewindRead(0);
163     DelayedSingleton<SmsService>::GetInstance()->OnDownloadMms(dataParcel, replyParcel, option);
164 }
165 
DoCreateMessageMyAPI(const uint8_t * data,size_t size)166 void DoCreateMessageMyAPI(const uint8_t *data, size_t size)
167 {
168     if (data == nullptr || size == 0) {
169         return;
170     }
171     GetDefaultSmsSlotId(data, size);
172     OnGetDefaultSmsSimId(data, size);
173     SetDefaultSmsSlotId(data, size);
174     CreateSmsMessage(data, size);
175     CreateCbMessage(data, size);
176     SendMms(data, size);
177     DownloadMms(data, size);
178     DelayedSingleton<SmsService>::DestroyInstance();
179 }
180 } // namespace OHOS
181 
182 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)183 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
184 {
185     /* Run your code on data */
186     OHOS::AddSmsTokenFuzzer token;
187     OHOS::DoCreateMessageMyAPI(data, size);
188     return 0;
189 }
190