1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "setgetcbconfig_fuzzer.h"
17
18 #ifdef GTEST_API_
19 #define private public
20 #endif
21
22 #include "addsmstoken_fuzzer.h"
23 #include "core_manager_inner.h"
24 #include "gsm_cb_gsm_codec.h"
25 #include "gsm_cb_umts_codec.h"
26 #include "sms_service.h"
27 #include "string_utils.h"
28
29 using namespace OHOS::Telephony;
30 namespace OHOS {
31 static bool g_isInited = false;
32 static int32_t SIM_COUNT = 2;
33 static int32_t CB_CHANNEL_DIVISOR = 2;
34 static int32_t NET_COUNT = 3;
35 constexpr int32_t SLEEP_TIME_SECONDS = 3;
36
IsServiceInited()37 bool IsServiceInited()
38 {
39 if (!g_isInited) {
40 CoreManagerInner::GetInstance().isInitAllObj_ = true;
41 DelayedSingleton<SmsService>::GetInstance()->registerToService_ = true;
42 DelayedSingleton<SmsService>::GetInstance()->WaitCoreServiceToInit();
43 DelayedSingleton<SmsService>::GetInstance()->OnStart();
44 if (DelayedSingleton<SmsService>::GetInstance()->GetServiceRunningState() ==
45 static_cast<int32_t>(Telephony::ServiceRunningState::STATE_RUNNING)) {
46 g_isInited = true;
47 }
48 }
49 return g_isInited;
50 }
51
SetCBConfigFuzz(const uint8_t * data,size_t size)52 void SetCBConfigFuzz(const uint8_t *data, size_t size)
53 {
54 if (!IsServiceInited()) {
55 return;
56 }
57
58 MessageParcel dataParcel;
59 MessageParcel replyParcel;
60 MessageOption option(MessageOption::TF_SYNC);
61
62 int32_t slotId = static_cast<int32_t>(size % SIM_COUNT);
63 bool enable = slotId == 1 ? true : false;
64 uint32_t fromMsgId = static_cast<uint32_t>(size / CB_CHANNEL_DIVISOR);
65 uint32_t toMsgId = static_cast<uint32_t>(size);
66 int32_t netType = static_cast<int32_t>(size % NET_COUNT);
67
68 dataParcel.WriteInt32(slotId);
69 dataParcel.WriteBool(enable);
70 dataParcel.WriteUint32(fromMsgId);
71 dataParcel.WriteUint32(toMsgId);
72 dataParcel.WriteUint8(netType);
73
74 dataParcel.WriteBuffer(data, size);
75 dataParcel.RewindRead(0);
76 DelayedSingleton<SmsService>::GetInstance()->OnSetCBConfig(dataParcel, replyParcel, option);
77
78 std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
79 if (interfaceManager == nullptr) {
80 TELEPHONY_LOGE("interfaceManager nullptr error");
81 return;
82 }
83 interfaceManager->InitInterfaceManager();
84 interfaceManager->SetCBConfig(enable, fromMsgId, toMsgId, netType);
85
86 std::shared_ptr<SmsMiscManager> smsMiscManager = std::make_shared<SmsMiscManager>(slotId);
87 if (smsMiscManager == nullptr) {
88 TELEPHONY_LOGE("smsMiscManager nullptr error");
89 return;
90 }
91 smsMiscManager->SetCBConfig(enable, fromMsgId, toMsgId, netType);
92 }
93
SetImsSmsConfigFuzz(const uint8_t * data,size_t size)94 void SetImsSmsConfigFuzz(const uint8_t *data, size_t size)
95 {
96 if (!IsServiceInited()) {
97 return;
98 }
99
100 MessageParcel dataParcel;
101 MessageParcel replyParcel;
102 MessageOption option(MessageOption::TF_SYNC);
103
104 int32_t slotId = static_cast<int32_t>(size % SIM_COUNT);
105 int32_t enable = slotId == 1 ? true : false;
106 dataParcel.WriteInt32(slotId);
107 dataParcel.WriteInt32(enable);
108 dataParcel.WriteBuffer(data, size);
109 dataParcel.RewindRead(0);
110 DelayedSingleton<SmsService>::GetInstance()->OnSetImsSmsConfig(dataParcel, replyParcel, option);
111
112 std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
113 if (interfaceManager == nullptr) {
114 TELEPHONY_LOGE("interfaceManager nullptr error");
115 return;
116 }
117 interfaceManager->InitInterfaceManager();
118 interfaceManager->SetImsSmsConfig(slotId, enable);
119
120 auto smsSendManager = std::make_shared<SmsSendManager>(slotId);
121 if (smsSendManager == nullptr) {
122 return;
123 }
124 smsSendManager->Init();
125 smsSendManager->SetImsSmsConfig(slotId, enable);
126 }
127
UpdataCBMessage(const uint8_t * data,size_t size)128 void UpdataCBMessage(const uint8_t *data, size_t size)
129 {
130 std::string pdu(reinterpret_cast<const char *>(data), size);
131 std::string gsmData("C00000324811006800610072006D006F006E00790020006F00730020005500"
132 "630073003200200065006E0063006F0064006500200064006100740061");
133 auto cbMessage = GsmCbCodec::CreateCbMessage(gsmData);
134 if (cbMessage == nullptr) {
135 return;
136 }
137 cbMessage->GetCbHeader();
138 cbMessage->PduAnalysis(StringUtils::HexToByteVector(pdu));
139 std::string umtsData("01a41f51101102ea3030a830ea30a230e130fc30eb914d4fe130c630b930c8000"
140 "d000a3053308c306f8a669a137528306e30e130c330bb30fc30b8306730593002"
141 "000d000aff080032003000310033002f00310031002f003252ea3000370020003"
142 "10035003a00340034ff09000d000aff0830a830ea30a25e02ff09000000000000"
143 "00000000000000000000000000000000000000000000000000000000000000000"
144 "000000000000000000022");
145 auto umtsCbMessage = GsmCbCodec::CreateCbMessage(umtsData);
146 if (umtsCbMessage == nullptr) {
147 return;
148 }
149 umtsCbMessage->GetCbHeader();
150 umtsCbMessage->PduAnalysis(StringUtils::HexToByteVector(pdu));
151 auto cbMessageByVectorInit = GsmCbCodec::CreateCbMessage(StringUtils::HexToByteVector(pdu));
152 if (cbMessageByVectorInit == nullptr) {
153 return;
154 }
155 cbMessageByVectorInit->GetCbMessageRaw();
156 cbMessageByVectorInit->IsSinglePageMsg();
157
158 auto gsmCodec = std::make_shared<GsmCbGsmCodec>(cbMessage->cbHeader_, cbMessage->cbPduBuffer_, cbMessage);
159 auto umtsCodec =
160 std::make_shared<GsmCbUmtsCodec>(umtsCbMessage->cbHeader_, umtsCbMessage->cbPduBuffer_, umtsCbMessage);
161 if (gsmCodec == nullptr || umtsCodec == nullptr) {
162 return;
163 }
164 gsmCodec->Decode2gHeader();
165 umtsCodec->Decode3gHeader();
166
167 gsmCodec->Decode2gCbMsg();
168 umtsCodec->Decode3gCbMsg();
169 umtsCodec->Decode3g7Bit();
170 umtsCodec->Decode3gUCS2();
171 gsmCodec->DecodeEtwsMsg();
172
173 std::string raw(reinterpret_cast<const char *>(data), size);
174 std::string message(reinterpret_cast<const char *>(data), size);
175 cbMessage->ConvertToUTF8(raw, message);
176 }
177
DoCBConfigWithMyAPI(const uint8_t * data,size_t size)178 void DoCBConfigWithMyAPI(const uint8_t *data, size_t size)
179 {
180 if (data == nullptr || size == 0) {
181 return;
182 }
183 SetCBConfigFuzz(data, size);
184 SetImsSmsConfigFuzz(data, size);
185 UpdataCBMessage(data, size);
186 DelayedSingleton<SmsService>::DestroyInstance();
187 sleep(SLEEP_TIME_SECONDS);
188 }
189 } // namespace OHOS
190
191 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)192 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
193 {
194 /* Run your code on data */
195 OHOS::AddSmsTokenFuzzer token;
196 OHOS::DoCBConfigWithMyAPI(data, size);
197 return 0;
198 }
199