1/*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#include "gsmsmssender_fuzzer.h"
17
18#define private public
19#define protected public
20
21#include "addsmstoken_fuzzer.h"
22#include "core_manager_inner.h"
23#include "delivery_short_message_callback_stub.h"
24#include "i_sms_service_interface.h"
25#include "send_short_message_callback_stub.h"
26#include "sms_service.h"
27
28using namespace OHOS::Telephony;
29namespace OHOS {
30static bool g_isInited = false;
31constexpr int32_t SLOT_NUM = 2;
32static int32_t STATUS_COUNT = 4;
33constexpr int32_t TYPE_NUM = 6;
34constexpr int32_t SLEEP_TIME_SECONDS = 2;
35
36bool IsServiceInited()
37{
38    if (!g_isInited) {
39        CoreManagerInner::GetInstance().isInitAllObj_ = true;
40        DelayedSingleton<SmsService>::GetInstance()->registerToService_ = true;
41        DelayedSingleton<SmsService>::GetInstance()->WaitCoreServiceToInit();
42        DelayedSingleton<SmsService>::GetInstance()->OnStart();
43        if (DelayedSingleton<SmsService>::GetInstance()->GetServiceRunningState() ==
44            static_cast<int32_t>(Telephony::ServiceRunningState::STATE_RUNNING)) {
45            g_isInited = true;
46        }
47    }
48    return g_isInited;
49}
50
51void OnRemoteRequest(const uint8_t *data, size_t size)
52{
53    if (!IsServiceInited()) {
54        return;
55    }
56
57    MessageParcel dataParcel;
58    if (!dataParcel.WriteInterfaceToken(SmsInterfaceStub::GetDescriptor())) {
59        TELEPHONY_LOGE("OnRemoteRequest WriteInterfaceToken is false");
60        return;
61    }
62
63    MessageParcel replyParcel;
64    MessageOption option(MessageOption::TF_SYNC);
65
66    dataParcel.WriteBuffer(data, size);
67    dataParcel.RewindRead(0);
68    uint32_t code = static_cast<uint32_t>(size);
69
70    DelayedSingleton<SmsService>::GetInstance()->OnRemoteRequest(code, dataParcel, replyParcel, option);
71    return;
72}
73
74void AddSimMessage(const uint8_t *data, size_t size)
75{
76    if (!IsServiceInited()) {
77        return;
78    }
79
80    MessageParcel dataParcel;
81    MessageParcel replyParcel;
82    MessageOption option(MessageOption::TF_SYNC);
83
84    std::string smsc(reinterpret_cast<const char *>(data), size);
85    std::string pdu(reinterpret_cast<const char *>(data), size);
86    auto smscU16 = Str8ToStr16(smsc);
87    auto pduU16 = Str8ToStr16(pdu);
88    int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
89    auto status = static_cast<ISmsServiceInterface::SimMessageStatus>(size % STATUS_COUNT);
90
91    dataParcel.WriteInt32(slotId);
92    dataParcel.WriteString16(smscU16);
93    dataParcel.WriteString16(pduU16);
94    dataParcel.WriteUint32(status);
95    dataParcel.RewindRead(0);
96    DelayedSingleton<SmsService>::GetInstance()->OnAddSimMessage(dataParcel, replyParcel, option);
97
98    std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
99    if (interfaceManager == nullptr) {
100        TELEPHONY_LOGE("interfaceManager nullptr");
101        return;
102    }
103    interfaceManager->InitInterfaceManager();
104    interfaceManager->AddSimMessage(smsc, pdu, status);
105
106    std::shared_ptr<SmsMiscManager> smsMiscManager = std::make_shared<SmsMiscManager>(slotId);
107    if (smsMiscManager == nullptr) {
108        TELEPHONY_LOGE("smsMiscManager nullptr");
109        return;
110    }
111    smsMiscManager->AddSimMessage(smsc, pdu, status);
112}
113
114void HasSmsCapability(const uint8_t *data, size_t size)
115{
116    if (!IsServiceInited()) {
117        return;
118    }
119
120    MessageParcel dataParcel;
121    MessageParcel replyParcel;
122    MessageOption option(MessageOption::TF_SYNC);
123
124    dataParcel.WriteBuffer(data, size);
125    dataParcel.RewindRead(0);
126    DelayedSingleton<SmsService>::GetInstance()->OnHasSmsCapability(dataParcel, replyParcel, option);
127
128    int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
129    std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
130    if (interfaceManager == nullptr) {
131        TELEPHONY_LOGE("interfaceManager nullptr error");
132        return;
133    }
134    interfaceManager->InitInterfaceManager();
135    interfaceManager->HasSmsCapability();
136}
137
138void SendSmsTest(const uint8_t *data, size_t size)
139{
140    std::function<void(std::shared_ptr<SmsSendIndexer>)> fun = nullptr;
141    int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
142    auto sender = std::make_shared<GsmSmsSender>(slotId, fun);
143    sender->Init();
144
145    std::string desAddr(reinterpret_cast<const char *>(data), size);
146    std::string scAddr(reinterpret_cast<const char *>(data), size);
147    std::string text(reinterpret_cast<const char *>(data), size);
148    const sptr<ISendShortMessageCallback> sendCallback =
149        iface_cast<ISendShortMessageCallback>(new SendShortMessageCallbackStub());
150    const sptr<IDeliveryShortMessageCallback> deliveryCallback =
151        iface_cast<IDeliveryShortMessageCallback>(new DeliveryShortMessageCallbackStub());
152    uint16_t dataBaseId = 1;
153    sender->TextBasedSmsDelivery(desAddr, scAddr, text, sendCallback, deliveryCallback, dataBaseId);
154    sender->DataBasedSmsDelivery(desAddr, scAddr, size, data, size, sendCallback, deliveryCallback);
155
156    std::vector<struct SplitInfo> cellsInfos;
157    struct SplitInfo cellInfo;
158    cellInfo.langId = static_cast<MSG_LANGUAGE_ID_T>(data[0]);
159    cellInfo.encodeType = static_cast<DataCodingScheme>(data[0] % TYPE_NUM);
160    cellInfo.encodeData.push_back(data[0]);
161    cellsInfos.push_back(cellInfo);
162    DataCodingScheme codingType = static_cast<DataCodingScheme>(data[0] % TYPE_NUM);
163    bool isStatusReport = (size % SLOT_NUM == 1);
164    GsmSmsMessage msg;
165    std::shared_ptr<struct SmsTpdu> tpdu =
166        msg.CreateDefaultSubmitSmsTpdu(desAddr, scAddr, text, isStatusReport, codingType);
167    sender->TextBasedSmsSplitDelivery(
168        text, text, cellsInfos, codingType, isStatusReport, tpdu, msg, sendCallback, deliveryCallback, dataBaseId);
169    sender->SendCallbackExceptionCase(sendCallback, text);
170
171    std::shared_ptr<SmsSendIndexer> smsIndexer =
172        std::make_shared<SmsSendIndexer>(desAddr, scAddr, text, sendCallback, deliveryCallback);
173    sender->SendSmsToRil(smsIndexer);
174    sender->ResendTextDelivery(smsIndexer);
175    sender->ResendDataDelivery(smsIndexer);
176    bool isMore = (size % SLOT_NUM == 0);
177    auto encodeInfo = msg.GetSubmitEncodeInfo(text, isMore);
178    sender->SetSendIndexerInfo(smsIndexer, encodeInfo, 1);
179    sender->ResendTextDelivery(smsIndexer);
180    sender->voiceServiceState_ = static_cast<int32_t>(size);
181    sender->imsSmsCfg_ = static_cast<int32_t>(size);
182    sender->SendSmsToRil(smsIndexer);
183    sender->SetPduInfo(smsIndexer, msg, isMore);
184}
185
186void SendSmsTest2(const uint8_t *data, size_t size)
187{
188    std::function<void(std::shared_ptr<SmsSendIndexer>)> fun = nullptr;
189    int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
190    auto sender = std::make_shared<GsmSmsSender>(slotId, fun);
191    sender->Init();
192    sender->RegisterSatelliteCallback();
193    sender->UnregisterSatelliteCallback();
194    std::string desAddr(reinterpret_cast<const char *>(data), size);
195    std::string scAddr(reinterpret_cast<const char *>(data), size);
196    std::string text(reinterpret_cast<const char *>(data), size);
197    const sptr<ISendShortMessageCallback> sendCallback =
198        iface_cast<ISendShortMessageCallback>(new SendShortMessageCallbackStub());
199    const sptr<IDeliveryShortMessageCallback> deliveryCallback =
200        iface_cast<IDeliveryShortMessageCallback>(new DeliveryShortMessageCallbackStub());
201    GsmSimMessageParam smsData;
202    std::string pdu(reinterpret_cast<const char *>(data), size);
203    smsData.refId = static_cast<int64_t>(size);
204    smsData.smscPdu = pdu;
205    smsData.pdu = pdu;
206    std::shared_ptr<SmsSendIndexer> smsIndexer =
207        std::make_shared<SmsSendIndexer>(desAddr, scAddr, text, sendCallback, deliveryCallback);
208    sender->SendCsSms(smsIndexer, smsData);
209    sender->SendSatelliteSms(smsIndexer, smsData);
210    sender->SendImsSms(smsIndexer, smsData);
211    bool isSupported;
212    sender->IsImsSmsSupported(slotId, isSupported);
213    InnerEvent::Pointer event = InnerEvent::Get(static_cast<int32_t>(size));
214    sender->StatusReportAnalysis(event);
215    event = InnerEvent::Get(static_cast<int32_t>(size));
216    sender->StatusReportGetImsSms(event);
217}
218
219void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
220{
221    if (data == nullptr || size == 0) {
222        return;
223    }
224
225    OnRemoteRequest(data, size);
226    AddSimMessage(data, size);
227    HasSmsCapability(data, size);
228    SendSmsTest(data, size);
229    SendSmsTest2(data, size);
230    DelayedSingleton<ImsSmsClient>::GetInstance()->Init();
231    DelayedSingleton<ImsSmsClient>::GetInstance()->UnInit();
232    DelayedSingleton<ImsSmsClient>::DestroyInstance();
233    sleep(SLEEP_TIME_SECONDS);
234    DelayedSingleton<SmsService>::DestroyInstance();
235}
236} // namespace OHOS
237
238/* Fuzzer entry point */
239extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
240{
241    /* Run your code on data */
242    OHOS::AddSmsTokenFuzzer token;
243    OHOS::DoSomethingInterestingWithMyAPI(data, size);
244    return 0;
245}
246