1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "sendenvelopecmd_fuzzer.h"
17 
18 #include <cstddef>
19 #include <cstdint>
20 #include <thread>
21 
22 #define private public
23 #include "addcoreservicetoken_fuzzer.h"
24 #include "core_service.h"
25 #include "core_service_stub.h"
26 #include "napi_util.h"
27 #include "system_ability_definition.h"
28 #include "tel_event_handler.h"
29 #include "unistd.h"
30 
31 using namespace OHOS::Telephony;
32 namespace OHOS {
33 static bool g_isInited = false;
34 constexpr int32_t SLOT_NUM = 2;
35 constexpr int32_t SLEEP_TIME_SECONDS = 3;
36 constexpr int32_t NETWORK_CAPABILITY_TYPE = 2;
37 constexpr int32_t NETWORK_CAPABILITY_STATE = 2;
38 
IsServiceInited()39 bool IsServiceInited()
40 {
41     if (!g_isInited) {
42         DelayedSingleton<CoreService>::GetInstance()->OnStart();
43         if (DelayedSingleton<CoreService>::GetInstance()->GetServiceRunningState() ==
44             static_cast<int32_t>(ServiceRunningState::STATE_RUNNING)) {
45             g_isInited = true;
46         }
47     }
48     return g_isInited;
49 }
50 
GetUniqueDeviceId(const uint8_t * data,size_t size)51 void GetUniqueDeviceId(const uint8_t *data, size_t size)
52 {
53     if (!IsServiceInited()) {
54         return;
55     }
56 
57     int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
58     MessageParcel dataMessageParcel;
59     dataMessageParcel.WriteInt32(slotId);
60     dataMessageParcel.WriteBuffer(data, size);
61     dataMessageParcel.RewindRead(0);
62     MessageParcel reply;
63     DelayedSingleton<CoreService>::GetInstance()->OnGetUniqueDeviceId(dataMessageParcel, reply);
64 }
65 
GetMeid(const uint8_t * data,size_t size)66 void GetMeid(const uint8_t *data, size_t size)
67 {
68     if (!IsServiceInited()) {
69         return;
70     }
71 
72     int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
73     MessageParcel dataMessageParcel;
74     dataMessageParcel.WriteInt32(slotId);
75     dataMessageParcel.WriteBuffer(data, size);
76     dataMessageParcel.RewindRead(0);
77     MessageParcel reply;
78     DelayedSingleton<CoreService>::GetInstance()->OnGetMeid(dataMessageParcel, reply);
79 }
80 
GetBasebandVersion(const uint8_t * data,size_t size)81 void GetBasebandVersion(const uint8_t *data, size_t size)
82 {
83     if (!IsServiceInited()) {
84         return;
85     }
86 
87     int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
88     MessageParcel dataMessageParcel;
89     dataMessageParcel.WriteInt32(slotId);
90     dataMessageParcel.WriteBuffer(data, size);
91     dataMessageParcel.RewindRead(0);
92     MessageParcel reply;
93     DelayedSingleton<CoreService>::GetInstance()->OnGetBasebandVersion(dataMessageParcel, reply);
94 }
95 
SetNetworkCapability(const uint8_t * data,size_t size)96 void SetNetworkCapability(const uint8_t *data, size_t size)
97 {
98     if (!IsServiceInited()) {
99         return;
100     }
101     int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
102     int32_t networkCapabilityType = static_cast<int32_t>(*data % NETWORK_CAPABILITY_TYPE);
103     int32_t networkCapabilityState = static_cast<int32_t>(*data % NETWORK_CAPABILITY_STATE);
104     MessageParcel dataMessageParcel;
105     MessageParcel reply;
106     dataMessageParcel.WriteInt32(slotId);
107     dataMessageParcel.WriteInt32(networkCapabilityType);
108     dataMessageParcel.WriteInt32(networkCapabilityState);
109     int32_t error = DelayedSingleton<CoreService>::GetInstance()->OnSetNetworkCapability(dataMessageParcel, reply);
110     if (error != ERR_NONE) {
111         TELEPHONY_LOGE("SetNetworkCapability failed, error code is %{public}d \n", error);
112     }
113 }
114 
GetNetworkCapability(const uint8_t * data,size_t size)115 void GetNetworkCapability(const uint8_t *data, size_t size)
116 {
117     if (!IsServiceInited()) {
118         return;
119     }
120 
121     int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
122     int32_t networkCapabilityType = static_cast<int32_t>(*data % NETWORK_CAPABILITY_TYPE);
123     int32_t networkCapabilityState = static_cast<int32_t>(*data % NETWORK_CAPABILITY_STATE);
124     MessageParcel dataMessageParcel;
125     MessageParcel reply;
126     dataMessageParcel.WriteInt32(slotId);
127     dataMessageParcel.WriteInt32(networkCapabilityType);
128     dataMessageParcel.WriteInt32(networkCapabilityState);
129     int32_t error = DelayedSingleton<CoreService>::GetInstance()->OnGetNetworkCapability(dataMessageParcel, reply);
130     if (error != ERR_NONE) {
131         TELEPHONY_LOGE(
132             "GetNetworkAbilitySwitch failed, error code is %{public}d \n, networkCapabilityState is %{public}d", error,
133             networkCapabilityState);
134     }
135 }
136 
GetOperatorNumeric(const uint8_t * data,size_t size)137 void GetOperatorNumeric(const uint8_t *data, size_t size)
138 {
139     if (!IsServiceInited()) {
140         return;
141     }
142 
143     int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
144     MessageParcel dataMessageParcel;
145     dataMessageParcel.WriteInt32(slotId);
146     dataMessageParcel.WriteBuffer(data, size);
147     dataMessageParcel.RewindRead(0);
148     MessageParcel reply;
149     DelayedSingleton<CoreService>::GetInstance()->OnGetOperatorNumeric(dataMessageParcel, reply);
150 }
151 
GetResidentNetworkNumeric(const uint8_t * data,size_t size)152 void GetResidentNetworkNumeric(const uint8_t *data, size_t size)
153 {
154     if (!IsServiceInited()) {
155         return;
156     }
157 
158     int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
159     MessageParcel dataMessageParcel;
160     dataMessageParcel.WriteInt32(slotId);
161     dataMessageParcel.WriteBuffer(data, size);
162     dataMessageParcel.RewindRead(0);
163     MessageParcel reply;
164     DelayedSingleton<CoreService>::GetInstance()->OnGetResidentNetworkNumeric(dataMessageParcel, reply);
165 }
166 
GetOperatorName(const uint8_t * data,size_t size)167 void GetOperatorName(const uint8_t *data, size_t size)
168 {
169     if (!IsServiceInited()) {
170         return;
171     }
172 
173     int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
174     MessageParcel dataMessageParcel;
175     dataMessageParcel.WriteInt32(slotId);
176     dataMessageParcel.WriteBuffer(data, size);
177     dataMessageParcel.RewindRead(0);
178     MessageParcel reply;
179     DelayedSingleton<CoreService>::GetInstance()->OnGetOperatorName(dataMessageParcel, reply);
180 }
181 
SendEnvelopeCmd(const uint8_t * data,size_t size)182 void SendEnvelopeCmd(const uint8_t *data, size_t size)
183 {
184     if (!IsServiceInited()) {
185         return;
186     }
187 
188     int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
189     std::string cmd(reinterpret_cast<const char *>(data), size);
190     MessageParcel dataMessageParcel;
191     dataMessageParcel.WriteInt32(slotId);
192     dataMessageParcel.WriteString(cmd);
193     dataMessageParcel.RewindRead(0);
194     MessageParcel reply;
195     DelayedSingleton<CoreService>::GetInstance()->OnSendEnvelopeCmd(dataMessageParcel, reply);
196 }
197 
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)198 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
199 {
200     if (data == nullptr || size == 0) {
201         return;
202     }
203 
204     GetUniqueDeviceId(data, size);
205     GetMeid(data, size);
206     GetBasebandVersion(data, size);
207     GetOperatorNumeric(data, size);
208     GetOperatorName(data, size);
209     SendEnvelopeCmd(data, size);
210     GetNetworkCapability(data, size);
211     SetNetworkCapability(data, size);
212     GetResidentNetworkNumeric(data, size);
213     auto telRilManager = DelayedSingleton<CoreService>::GetInstance()->telRilManager_;
214     if (telRilManager == nullptr || telRilManager->handler_ == nullptr) {
215         return;
216     }
217     auto handler = telRilManager->handler_;
218     if (handler != nullptr) {
219         handler->RemoveAllEvents();
220         handler->SendEvent(0, 0, AppExecFwk::EventQueue::Priority::HIGH);
221         sleep(SLEEP_TIME_SECONDS);
222     }
223     telRilManager->handler_->ClearFfrt(false);
224     telRilManager->handler_->queue_ = nullptr;
225     return;
226 }
227 } // namespace OHOS
228 
229 /* Fuzzer entry point */
LLVMFuzzerInitialize(int * argc,char *** argv)230 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
231 {
232     OHOS::AddCoreServiceTokenFuzzer token;
233     return 0;
234 }
235 
236 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)237 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
238 {
239     /* Run your code on data */
240     OHOS::DoSomethingInterestingWithMyAPI(data, size);
241     OHOS::DelayedSingleton<CoreService>::DestroyInstance();
242     return 0;
243 }
244