1/*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#include "setgetcbconfig_fuzzer.h"
17
18#ifdef GTEST_API_
19#define private public
20#endif
21
22#include "addsmstoken_fuzzer.h"
23#include "core_manager_inner.h"
24#include "gsm_cb_gsm_codec.h"
25#include "gsm_cb_umts_codec.h"
26#include "sms_service.h"
27#include "string_utils.h"
28
29using namespace OHOS::Telephony;
30namespace OHOS {
31static bool g_isInited = false;
32static int32_t SIM_COUNT = 2;
33static int32_t CB_CHANNEL_DIVISOR = 2;
34static int32_t NET_COUNT = 3;
35constexpr int32_t SLEEP_TIME_SECONDS = 3;
36
37bool IsServiceInited()
38{
39    if (!g_isInited) {
40        CoreManagerInner::GetInstance().isInitAllObj_ = true;
41        DelayedSingleton<SmsService>::GetInstance()->registerToService_ = true;
42        DelayedSingleton<SmsService>::GetInstance()->WaitCoreServiceToInit();
43        DelayedSingleton<SmsService>::GetInstance()->OnStart();
44        if (DelayedSingleton<SmsService>::GetInstance()->GetServiceRunningState() ==
45            static_cast<int32_t>(Telephony::ServiceRunningState::STATE_RUNNING)) {
46            g_isInited = true;
47        }
48    }
49    return g_isInited;
50}
51
52void SetCBConfigFuzz(const uint8_t *data, size_t size)
53{
54    if (!IsServiceInited()) {
55        return;
56    }
57
58    MessageParcel dataParcel;
59    MessageParcel replyParcel;
60    MessageOption option(MessageOption::TF_SYNC);
61
62    int32_t slotId = static_cast<int32_t>(size % SIM_COUNT);
63    bool enable = slotId == 1 ? true : false;
64    uint32_t fromMsgId = static_cast<uint32_t>(size / CB_CHANNEL_DIVISOR);
65    uint32_t toMsgId = static_cast<uint32_t>(size);
66    int32_t netType = static_cast<int32_t>(size % NET_COUNT);
67
68    dataParcel.WriteInt32(slotId);
69    dataParcel.WriteBool(enable);
70    dataParcel.WriteUint32(fromMsgId);
71    dataParcel.WriteUint32(toMsgId);
72    dataParcel.WriteUint8(netType);
73
74    dataParcel.WriteBuffer(data, size);
75    dataParcel.RewindRead(0);
76    DelayedSingleton<SmsService>::GetInstance()->OnSetCBConfig(dataParcel, replyParcel, option);
77
78    std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
79    if (interfaceManager == nullptr) {
80        TELEPHONY_LOGE("interfaceManager nullptr error");
81        return;
82    }
83    interfaceManager->InitInterfaceManager();
84    interfaceManager->SetCBConfig(enable, fromMsgId, toMsgId, netType);
85
86    std::shared_ptr<SmsMiscManager> smsMiscManager = std::make_shared<SmsMiscManager>(slotId);
87    if (smsMiscManager == nullptr) {
88        TELEPHONY_LOGE("smsMiscManager nullptr error");
89        return;
90    }
91    smsMiscManager->SetCBConfig(enable, fromMsgId, toMsgId, netType);
92}
93
94void SetImsSmsConfigFuzz(const uint8_t *data, size_t size)
95{
96    if (!IsServiceInited()) {
97        return;
98    }
99
100    MessageParcel dataParcel;
101    MessageParcel replyParcel;
102    MessageOption option(MessageOption::TF_SYNC);
103
104    int32_t slotId = static_cast<int32_t>(size % SIM_COUNT);
105    int32_t enable = slotId == 1 ? true : false;
106    dataParcel.WriteInt32(slotId);
107    dataParcel.WriteInt32(enable);
108    dataParcel.WriteBuffer(data, size);
109    dataParcel.RewindRead(0);
110    DelayedSingleton<SmsService>::GetInstance()->OnSetImsSmsConfig(dataParcel, replyParcel, option);
111
112    std::shared_ptr<SmsInterfaceManager> interfaceManager = std::make_shared<SmsInterfaceManager>(slotId);
113    if (interfaceManager == nullptr) {
114        TELEPHONY_LOGE("interfaceManager nullptr error");
115        return;
116    }
117    interfaceManager->InitInterfaceManager();
118    interfaceManager->SetImsSmsConfig(slotId, enable);
119
120    auto smsSendManager = std::make_shared<SmsSendManager>(slotId);
121    if (smsSendManager == nullptr) {
122        return;
123    }
124    smsSendManager->Init();
125    smsSendManager->SetImsSmsConfig(slotId, enable);
126}
127
128void UpdataCBMessage(const uint8_t *data, size_t size)
129{
130    std::string pdu(reinterpret_cast<const char *>(data), size);
131    std::string gsmData("C00000324811006800610072006D006F006E00790020006F00730020005500"
132                        "630073003200200065006E0063006F0064006500200064006100740061");
133    auto cbMessage = GsmCbCodec::CreateCbMessage(gsmData);
134    if (cbMessage == nullptr) {
135        return;
136    }
137    cbMessage->GetCbHeader();
138    cbMessage->PduAnalysis(StringUtils::HexToByteVector(pdu));
139    std::string umtsData("01a41f51101102ea3030a830ea30a230e130fc30eb914d4fe130c630b930c8000"
140                         "d000a3053308c306f8a669a137528306e30e130c330bb30fc30b8306730593002"
141                         "000d000aff080032003000310033002f00310031002f003252ea3000370020003"
142                         "10035003a00340034ff09000d000aff0830a830ea30a25e02ff09000000000000"
143                         "00000000000000000000000000000000000000000000000000000000000000000"
144                         "000000000000000000022");
145    auto umtsCbMessage = GsmCbCodec::CreateCbMessage(umtsData);
146    if (umtsCbMessage == nullptr) {
147        return;
148    }
149    umtsCbMessage->GetCbHeader();
150    umtsCbMessage->PduAnalysis(StringUtils::HexToByteVector(pdu));
151    auto cbMessageByVectorInit = GsmCbCodec::CreateCbMessage(StringUtils::HexToByteVector(pdu));
152    if (cbMessageByVectorInit == nullptr) {
153        return;
154    }
155    cbMessageByVectorInit->GetCbMessageRaw();
156    cbMessageByVectorInit->IsSinglePageMsg();
157
158    auto gsmCodec = std::make_shared<GsmCbGsmCodec>(cbMessage->cbHeader_, cbMessage->cbPduBuffer_, cbMessage);
159    auto umtsCodec =
160        std::make_shared<GsmCbUmtsCodec>(umtsCbMessage->cbHeader_, umtsCbMessage->cbPduBuffer_, umtsCbMessage);
161    if (gsmCodec == nullptr || umtsCodec == nullptr) {
162        return;
163    }
164    gsmCodec->Decode2gHeader();
165    umtsCodec->Decode3gHeader();
166
167    gsmCodec->Decode2gCbMsg();
168    umtsCodec->Decode3gCbMsg();
169    umtsCodec->Decode3g7Bit();
170    umtsCodec->Decode3gUCS2();
171    gsmCodec->DecodeEtwsMsg();
172
173    std::string raw(reinterpret_cast<const char *>(data), size);
174    std::string message(reinterpret_cast<const char *>(data), size);
175    cbMessage->ConvertToUTF8(raw, message);
176}
177
178void DoCBConfigWithMyAPI(const uint8_t *data, size_t size)
179{
180    if (data == nullptr || size == 0) {
181        return;
182    }
183    SetCBConfigFuzz(data, size);
184    SetImsSmsConfigFuzz(data, size);
185    UpdataCBMessage(data, size);
186    DelayedSingleton<SmsService>::DestroyInstance();
187    sleep(SLEEP_TIME_SECONDS);
188}
189} // namespace OHOS
190
191/* Fuzzer entry point */
192extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
193{
194    /* Run your code on data */
195    OHOS::AddSmsTokenFuzzer token;
196    OHOS::DoCBConfigWithMyAPI(data, size);
197    return 0;
198}
199