1/* 2 * Copyright (c) 2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16#include "createsmsmessage_fuzzer.h" 17 18#define private public 19 20#include "addsmstoken_fuzzer.h" 21#include "core_manager_inner.h" 22#include "sms_service.h" 23 24using namespace OHOS::Telephony; 25namespace OHOS { 26static bool g_isInited = false; 27constexpr int32_t SLOT_NUM = 2; 28 29bool IsServiceInited() 30{ 31 if (!g_isInited) { 32 CoreManagerInner::GetInstance().isInitAllObj_ = true; 33 DelayedSingleton<SmsService>::GetInstance()->registerToService_ = true; 34 DelayedSingleton<SmsService>::GetInstance()->WaitCoreServiceToInit(); 35 DelayedSingleton<SmsService>::GetInstance()->OnStart(); 36 if (DelayedSingleton<SmsService>::GetInstance()->GetServiceRunningState() == 37 static_cast<int32_t>(Telephony::ServiceRunningState::STATE_RUNNING)) { 38 g_isInited = true; 39 } 40 } 41 return g_isInited; 42} 43 44void GetDefaultSmsSlotId(const uint8_t *data, size_t size) 45{ 46 if (!IsServiceInited()) { 47 return; 48 } 49 50 MessageParcel dataParcel; 51 MessageParcel replyParcel; 52 MessageOption option(MessageOption::TF_SYNC); 53 dataParcel.WriteBuffer(data, size); 54 dataParcel.RewindRead(0); 55 DelayedSingleton<SmsService>::GetInstance()->OnGetDefaultSmsSlotId(dataParcel, replyParcel, option); 56 return; 57} 58 59void OnGetDefaultSmsSimId(const uint8_t *data, size_t size) 60{ 61 if (!IsServiceInited()) { 62 return; 63 } 64 65 MessageParcel dataParcel; 66 MessageParcel replyParcel; 67 MessageOption option(MessageOption::TF_SYNC); 68 dataParcel.WriteBuffer(data, size); 69 dataParcel.RewindRead(0); 70 DelayedSingleton<SmsService>::GetInstance()->OnGetDefaultSmsSlotId(dataParcel, replyParcel, option); 71 return; 72} 73 74void SetDefaultSmsSlotId(const uint8_t *data, size_t size) 75{ 76 if (!IsServiceInited()) { 77 return; 78 } 79 80 MessageParcel dataParcel; 81 MessageParcel replyParcel; 82 MessageOption option(MessageOption::TF_SYNC); 83 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM); 84 dataParcel.WriteInt32(slotId); 85 dataParcel.WriteBuffer(data, size); 86 dataParcel.RewindRead(0); 87 DelayedSingleton<SmsService>::GetInstance()->OnSetDefaultSmsSlotId(dataParcel, replyParcel, option); 88 return; 89} 90 91void CreateSmsMessage(const uint8_t *data, size_t size) 92{ 93 if (!IsServiceInited()) { 94 return; 95 } 96 MessageParcel dataParcel; 97 MessageParcel replyParcel; 98 MessageOption option(MessageOption::TF_SYNC); 99 std::string pdu(reinterpret_cast<const char *>(data), size); 100 dataParcel.WriteString(pdu); 101 dataParcel.WriteString("3gpp"); 102 DelayedSingleton<SmsService>::GetInstance()->OnCreateMessage(dataParcel, replyParcel, option); 103} 104 105void CreateCbMessage(const uint8_t *data, size_t size) 106{ 107 if (!IsServiceInited()) { 108 return; 109 } 110 std::string strPdu(reinterpret_cast<const char *>(data), size); 111 GsmCbCodec::CreateCbMessage(strPdu); 112} 113 114void SendMms(const uint8_t *data, size_t size) 115{ 116 if (!IsServiceInited()) { 117 return; 118 } 119 MessageParcel dataParcel; 120 MessageParcel replyParcel; 121 MessageOption option(MessageOption::TF_SYNC); 122 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM); 123 std::string mmsc(reinterpret_cast<const char *>(data), size); 124 auto mmscU16 = Str8ToStr16(mmsc); 125 std::string mmsData(reinterpret_cast<const char *>(data), size); 126 auto mmsDataU16 = Str8ToStr16(mmsData); 127 std::string ua(reinterpret_cast<const char *>(data), size); 128 auto uaU16 = Str8ToStr16(ua); 129 std::string uaprof(reinterpret_cast<const char *>(data), size); 130 auto uaprofU16 = Str8ToStr16(uaprof); 131 dataParcel.WriteInt32(slotId); 132 dataParcel.WriteString16(mmscU16); 133 dataParcel.WriteString16(mmsDataU16); 134 dataParcel.WriteString16(uaU16); 135 dataParcel.WriteString16(uaprofU16); 136 dataParcel.RewindRead(0); 137 DelayedSingleton<SmsService>::GetInstance()->OnSendMms(dataParcel, replyParcel, option); 138} 139 140void DownloadMms(const uint8_t *data, size_t size) 141{ 142 if (!IsServiceInited()) { 143 return; 144 } 145 MessageParcel dataParcel; 146 MessageParcel replyParcel; 147 MessageOption option(MessageOption::TF_SYNC); 148 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM); 149 std::string mmsc(reinterpret_cast<const char *>(data), size); 150 auto mmscU16 = Str8ToStr16(mmsc); 151 std::string mmsData(reinterpret_cast<const char *>(data), size); 152 auto mmsDataU16 = Str8ToStr16(mmsData); 153 std::string ua(reinterpret_cast<const char *>(data), size); 154 auto uaU16 = Str8ToStr16(ua); 155 std::string uaprof(reinterpret_cast<const char *>(data), size); 156 auto uaprofU16 = Str8ToStr16(uaprof); 157 dataParcel.WriteInt32(slotId); 158 dataParcel.WriteString16(mmscU16); 159 dataParcel.WriteString16(mmsDataU16); 160 dataParcel.WriteString16(uaU16); 161 dataParcel.WriteString16(uaprofU16); 162 dataParcel.RewindRead(0); 163 DelayedSingleton<SmsService>::GetInstance()->OnDownloadMms(dataParcel, replyParcel, option); 164} 165 166void DoCreateMessageMyAPI(const uint8_t *data, size_t size) 167{ 168 if (data == nullptr || size == 0) { 169 return; 170 } 171 GetDefaultSmsSlotId(data, size); 172 OnGetDefaultSmsSimId(data, size); 173 SetDefaultSmsSlotId(data, size); 174 CreateSmsMessage(data, size); 175 CreateCbMessage(data, size); 176 SendMms(data, size); 177 DownloadMms(data, size); 178 DelayedSingleton<SmsService>::DestroyInstance(); 179} 180} // namespace OHOS 181 182/* Fuzzer entry point */ 183extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 184{ 185 /* Run your code on data */ 186 OHOS::AddSmsTokenFuzzer token; 187 OHOS::DoCreateMessageMyAPI(data, size); 188 return 0; 189} 190