1/* 2 * Copyright (c) 2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16#include "sendmessagedata_fuzzer.h" 17 18#define private public 19#include "addsmstoken_fuzzer.h" 20#include "core_manager_inner.h" 21#include "delivery_short_message_callback_stub.h" 22#include "send_short_message_callback_stub.h" 23#include "sms_service.h" 24 25using namespace OHOS::Telephony; 26namespace OHOS { 27static bool g_isInited = false; 28constexpr int32_t SLOT_NUM = 2; 29static int32_t MAX_PORT = 65535; 30constexpr int32_t SLEEP_TIME_SECONDS = 2; 31 32bool IsServiceInited() 33{ 34 if (!g_isInited) { 35 CoreManagerInner::GetInstance().isInitAllObj_ = true; 36 DelayedSingleton<SmsService>::GetInstance()->registerToService_ = true; 37 DelayedSingleton<SmsService>::GetInstance()->WaitCoreServiceToInit(); 38 DelayedSingleton<SmsService>::GetInstance()->OnStart(); 39 if (DelayedSingleton<SmsService>::GetInstance()->GetServiceRunningState() == 40 static_cast<int32_t>(Telephony::ServiceRunningState::STATE_RUNNING)) { 41 g_isInited = true; 42 } 43 } 44 return g_isInited; 45} 46 47void SendSmsDataRequest(const uint8_t *data, size_t size) 48{ 49 if (!IsServiceInited()) { 50 return; 51 } 52 53 MessageParcel dataParcel; 54 MessageParcel replyParcel; 55 MessageOption option(MessageOption::TF_SYNC); 56 57 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM); 58 auto desAddrU16 = Str8ToStr16("123456"); 59 auto scAddrU16 = Str8ToStr16("123456"); 60 uint16_t port = static_cast<uint16_t>(size % MAX_PORT); 61 62 std::unique_ptr<SendShortMessageCallbackStub> sendCallback = std::make_unique<SendShortMessageCallbackStub>(); 63 std::unique_ptr<DeliveryShortMessageCallbackStub> deliveryCallback = 64 std::make_unique<DeliveryShortMessageCallbackStub>(); 65 66 dataParcel.WriteInt32(slotId); 67 dataParcel.WriteString16(desAddrU16); 68 dataParcel.WriteString16(scAddrU16); 69 dataParcel.WriteInt16(port); 70 if (sendCallback != nullptr) { 71 dataParcel.WriteRemoteObject(sendCallback.release()->AsObject().GetRefPtr()); 72 } 73 if (deliveryCallback != nullptr) { 74 dataParcel.WriteRemoteObject(deliveryCallback.release()->AsObject().GetRefPtr()); 75 } 76 dataParcel.WriteInt16(size); 77 dataParcel.WriteRawData(data, size); 78 dataParcel.RewindRead(0); 79 80 DelayedSingleton<SmsService>::GetInstance()->OnSendSmsDataRequest(dataParcel, replyParcel, option); 81} 82 83void GetAllSimMessages(const uint8_t *data, size_t size) 84{ 85 if (!IsServiceInited()) { 86 return; 87 } 88 89 MessageParcel dataParcel; 90 MessageParcel replyParcel; 91 MessageOption option(MessageOption::TF_SYNC); 92 93 dataParcel.WriteBuffer(data, size); 94 dataParcel.RewindRead(0); 95 DelayedSingleton<SmsService>::GetInstance()->OnGetAllSimMessages(dataParcel, replyParcel, option); 96 return; 97} 98 99void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size) 100{ 101 if (data == nullptr || size == 0) { 102 return; 103 } 104 105 SendSmsDataRequest(data, size); 106 GetAllSimMessages(data, size); 107 DelayedSingleton<ImsSmsClient>::GetInstance()->UnInit(); 108 DelayedSingleton<ImsSmsClient>::DestroyInstance(); 109 sleep(SLEEP_TIME_SECONDS); 110 DelayedSingleton<SmsService>::DestroyInstance(); 111} 112} // namespace OHOS 113 114/* Fuzzer entry point */ 115extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) 116{ 117 /* Run your code on data */ 118 OHOS::AddSmsTokenFuzzer token; 119 OHOS::DoSomethingInterestingWithMyAPI(data, size); 120 return 0; 121} 122