1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "sendterminalresponsecmd_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <thread>
21
22 #define private public
23 #include "addcoreservicetoken_fuzzer.h"
24 #include "core_service.h"
25 #include "napi_util.h"
26 #include "system_ability_definition.h"
27 #include "tel_event_handler.h"
28 #include "unistd.h"
29
30 using namespace OHOS::Telephony;
31 namespace OHOS {
32 static bool g_isInited = false;
33 constexpr int32_t SLOT_NUM = 2;
34
IsServiceInited()35 bool IsServiceInited()
36 {
37 if (!g_isInited) {
38 DelayedSingleton<CoreService>::GetInstance()->OnStart();
39 if (DelayedSingleton<CoreService>::GetInstance()->GetServiceRunningState() ==
40 static_cast<int32_t>(ServiceRunningState::STATE_RUNNING)) {
41 g_isInited = true;
42 }
43 }
44 return g_isInited;
45 }
46
GetNetworkState(const uint8_t * data,size_t size)47 void GetNetworkState(const uint8_t *data, size_t size)
48 {
49 if (!IsServiceInited()) {
50 return;
51 }
52
53 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
54 MessageParcel dataMessageParcel;
55 dataMessageParcel.WriteInt32(slotId);
56 dataMessageParcel.WriteBuffer(data, size);
57 dataMessageParcel.RewindRead(0);
58 MessageParcel reply;
59 DelayedSingleton<CoreService>::GetInstance()->OnGetNetworkState(dataMessageParcel, reply);
60 }
61
GetImei(const uint8_t * data,size_t size)62 void GetImei(const uint8_t *data, size_t size)
63 {
64 if (!IsServiceInited()) {
65 return;
66 }
67
68 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
69 MessageParcel dataMessageParcel;
70 dataMessageParcel.WriteInt32(slotId);
71 dataMessageParcel.WriteBuffer(data, size);
72 dataMessageParcel.RewindRead(0);
73 MessageParcel reply;
74 DelayedSingleton<CoreService>::GetInstance()->OnGetImei(dataMessageParcel, reply);
75 }
76
GetImeiSv(const uint8_t * data,size_t size)77 void GetImeiSv(const uint8_t *data, size_t size)
78 {
79 if (!IsServiceInited()) {
80 return;
81 }
82
83 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
84 MessageParcel dataMessageParcel;
85 dataMessageParcel.WriteInt32(slotId);
86 dataMessageParcel.WriteBuffer(data, size);
87 dataMessageParcel.RewindRead(0);
88 MessageParcel reply;
89 DelayedSingleton<CoreService>::GetInstance()->OnGetImeiSv(dataMessageParcel, reply);
90 }
91
GetSimOperatorNumeric(const uint8_t * data,size_t size)92 void GetSimOperatorNumeric(const uint8_t *data, size_t size)
93 {
94 if (!IsServiceInited()) {
95 return;
96 }
97
98 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
99 MessageParcel dataMessageParcel;
100 dataMessageParcel.WriteInt32(slotId);
101 dataMessageParcel.WriteBuffer(data, size);
102 dataMessageParcel.RewindRead(0);
103 MessageParcel reply;
104 DelayedSingleton<CoreService>::GetInstance()->OnGetSimOperatorNumeric(dataMessageParcel, reply);
105 }
106
GetISOCountryCodeForSim(const uint8_t * data,size_t size)107 void GetISOCountryCodeForSim(const uint8_t *data, size_t size)
108 {
109 if (!IsServiceInited()) {
110 return;
111 }
112
113 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
114 MessageParcel dataMessageParcel;
115 dataMessageParcel.WriteInt32(slotId);
116 dataMessageParcel.WriteBuffer(data, size);
117 dataMessageParcel.RewindRead(0);
118 MessageParcel reply;
119 DelayedSingleton<CoreService>::GetInstance()->OnGetISOCountryCodeForSim(dataMessageParcel, reply);
120 }
121
SendTerminalResponseCmd(const uint8_t * data,size_t size)122 void SendTerminalResponseCmd(const uint8_t *data, size_t size)
123 {
124 if (!IsServiceInited()) {
125 return;
126 }
127
128 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
129 std::string cmd(reinterpret_cast<const char *>(data), size);
130 MessageParcel dataMessageParcel;
131 dataMessageParcel.WriteInt32(slotId);
132 dataMessageParcel.WriteString(cmd);
133 dataMessageParcel.RewindRead(0);
134 MessageParcel reply;
135 DelayedSingleton<CoreService>::GetInstance()->OnSendTerminalResponseCmd(dataMessageParcel, reply);
136 }
137
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)138 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
139 {
140 if (data == nullptr || size == 0) {
141 return;
142 }
143
144 GetNetworkState(data, size);
145 GetImei(data, size);
146 GetImeiSv(data, size);
147 GetNetworkState(data, size);
148 GetISOCountryCodeForSim(data, size);
149 SendTerminalResponseCmd(data, size);
150 auto telRilManager = DelayedSingleton<CoreService>::GetInstance()->telRilManager_;
151 if (telRilManager == nullptr || telRilManager->handler_ == nullptr) {
152 return;
153 }
154 telRilManager->handler_->ClearFfrt(false);
155 telRilManager->handler_->queue_ = nullptr;
156 return;
157 }
158 } // namespace OHOS
159
160 /* Fuzzer entry point */
LLVMFuzzerInitialize(int * argc,char *** argv)161 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
162 {
163 OHOS::AddCoreServiceTokenFuzzer token;
164 return 0;
165 }
166
167 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)168 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
169 {
170 /* Run your code on data */
171 OHOS::DoSomethingInterestingWithMyAPI(data, size);
172 OHOS::DelayedSingleton<CoreService>::DestroyInstance();
173 return 0;
174 }
175