1/* 2 * Copyright (c) 2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16#include "sendmessage_fuzzer.h" 17 18#define private public 19 20#include "addsmstoken_fuzzer.h" 21#include "core_manager_inner.h" 22#include "delivery_short_message_callback_stub.h" 23#include "send_short_message_callback_stub.h" 24#include "sms_service.h" 25 26using namespace OHOS::Telephony; 27namespace OHOS { 28static bool g_isInited = false; 29constexpr int32_t SLOT_NUM = 2; 30constexpr int32_t SLEEP_TIME_SECONDS = 2; 31 32bool IsServiceInited() 33{ 34 if (!g_isInited) { 35 CoreManagerInner::GetInstance().isInitAllObj_ = true; 36 DelayedSingleton<SmsService>::GetInstance()->registerToService_ = true; 37 DelayedSingleton<SmsService>::GetInstance()->WaitCoreServiceToInit(); 38 DelayedSingleton<SmsService>::GetInstance()->OnStart(); 39 if (DelayedSingleton<SmsService>::GetInstance()->GetServiceRunningState() == 40 static_cast<int32_t>(Telephony::ServiceRunningState::STATE_RUNNING)) { 41 g_isInited = true; 42 } 43 } 44 return g_isInited; 45} 46 47void SendSmsTextRequest(const uint8_t *data, size_t size) 48{ 49 if (!IsServiceInited()) { 50 return; 51 } 52 53 MessageParcel dataParcel; 54 MessageParcel replyParcel; 55 MessageOption option(MessageOption::TF_SYNC); 56 57 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM); 58 std::string text(reinterpret_cast<const char *>(data), size); 59 auto desAddrU16 = Str8ToStr16("123456"); 60 auto scAddrU16 = Str8ToStr16("123456"); 61 auto textU16 = Str8ToStr16(text); 62 63 std::unique_ptr<SendShortMessageCallbackStub> sendCallback = std::make_unique<SendShortMessageCallbackStub>(); 64 std::unique_ptr<DeliveryShortMessageCallbackStub> deliveryCallback = 65 std::make_unique<DeliveryShortMessageCallbackStub>(); 66 67 dataParcel.WriteInt32(slotId); 68 dataParcel.WriteString16(desAddrU16); 69 dataParcel.WriteString16(scAddrU16); 70 dataParcel.WriteString16(textU16); 71 if (sendCallback != nullptr) { 72 dataParcel.WriteRemoteObject(sendCallback.release()->AsObject().GetRefPtr()); 73 } 74 if (deliveryCallback != nullptr) { 75 dataParcel.WriteRemoteObject(deliveryCallback.release()->AsObject().GetRefPtr()); 76 } 77 dataParcel.RewindRead(0); 78 79 DelayedSingleton<SmsService>::GetInstance()->OnSendSmsTextRequest(dataParcel, replyParcel, option); 80} 81 82void GetDefaultSmsSlotId(const uint8_t *data, size_t size) 83{ 84 if (!IsServiceInited()) { 85 return; 86 } 87 88 MessageParcel dataParcel; 89 MessageParcel replyParcel; 90 MessageOption option(MessageOption::TF_SYNC); 91 92 dataParcel.WriteBuffer(data, size); 93 dataParcel.RewindRead(0); 94 DelayedSingleton<SmsService>::GetInstance()->OnGetDefaultSmsSlotId(dataParcel, replyParcel, option); 95 return; 96} 97 98void SmsServiceInterfaceTest(const uint8_t *data, size_t size) 99{ 100 if (!IsServiceInited()) { 101 return; 102 } 103 uint16_t id = 0; 104 int32_t fd = static_cast<int32_t>(data[0]); 105 auto service = DelayedSingleton<SmsService>::GetInstance(); 106 std::vector<std::u16string> args; 107 service->Dump(-1, args); 108 service->Dump(fd, args); 109 std::string argsStr(reinterpret_cast<const char *>(data), size); 110 std::u16string argsStrU16 = StringUtils::ToUtf16(argsStr); 111 args.push_back(argsStrU16); 112 service->Dump(fd, args); 113 service->GetBindTime(); 114 115 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM); 116 service->InsertSessionAndDetail(slotId, argsStr, argsStr, id); 117 uint16_t num = static_cast<uint16_t>(size); 118 service->QuerySessionByTelephone(argsStr, num, num); 119 service->InsertSmsMmsInfo(slotId, num, argsStr, argsStr, id); 120 bool value = slotId == 0 ? true : false; 121 service->InsertSession(value, num, argsStr, argsStr); 122 service->IsImsSmsSupported(slotId, value); 123 service->GetImsShortMessageFormat(argsStrU16); 124 service->HasSmsCapability(); 125 service->SetSmscAddr(slotId, argsStrU16); 126 service->TrimSmscAddr(argsStr); 127 service->GetSmscAddr(slotId, argsStrU16); 128 uint32_t index = static_cast<uint32_t>(size); 129 service->CheckSimMessageIndexValid(slotId, index); 130 service->SetImsSmsConfig(slotId, value); 131 service->SetDefaultSmsSlotId(slotId); 132 service->GetDefaultSmsSlotId(); 133 int32_t simId; 134 service->GetDefaultSmsSimId(simId); 135 service->GetServiceRunningState(); 136 service->GetEndTime(); 137 service->ValidDestinationAddress(argsStr); 138 service->GetSpendTime(); 139 service->GetBase64Encode(argsStr, argsStr); 140 service->GetBase64Decode(argsStr, argsStr); 141 service->GetEncodeStringFunc(argsStr, index, index, argsStr); 142 int64_t timeStamp = 0; 143 service->SendMms(slotId, argsStrU16, argsStrU16, argsStrU16, argsStrU16, timeStamp); 144 service->DownloadMms(slotId, argsStrU16, argsStrU16, argsStrU16, argsStrU16); 145} 146 147void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size) 148{ 149 if (data == nullptr || size == 0) { 150 return; 151 } 152 153 SendSmsTextRequest(data, size); 154 GetDefaultSmsSlotId(data, size); 155 SmsServiceInterfaceTest(data, size); 156 DelayedSingleton<ImsSmsClient>::GetInstance()->UnInit(); 157 DelayedSingleton<ImsSmsClient>::DestroyInstance(); 158 sleep(SLEEP_TIME_SECONDS); 159 DelayedSingleton<SmsService>::DestroyInstance(); 160} 161} // namespace OHOS 162 163/* Fuzzer entry point */ 164extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) 165{ 166 /* Run your code on data */ 167 OHOS::AddSmsTokenFuzzer token; 168 OHOS::DoSomethingInterestingWithMyAPI(data, size); 169 return 0; 170} 171