1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "simauthentication_fuzzer.h"
17 
18 #include <cstddef>
19 #include <cstdint>
20 #include <thread>
21 
22 #define private public
23 #include "addcoreservicetoken_fuzzer.h"
24 #include "core_service.h"
25 #include "napi_util.h"
26 #include "sim_file.h"
27 #include "system_ability_definition.h"
28 #include "tel_event_handler.h"
29 #include "unistd.h"
30 
31 using namespace OHOS::Telephony;
32 namespace OHOS {
33 static bool g_isInited = false;
34 constexpr int32_t SLOT_NUM = 2;
35 constexpr int32_t TYPE_NUM = 2;
36 constexpr int32_t SIM_AUTH_EAP_SIM_TYPE = 128;
37 constexpr int32_t SIM_AUTH_EAP_AKA_TYPE = 129;
38 bool g_flag = false;
39 
IsServiceInited()40 bool IsServiceInited()
41 {
42     if (!g_isInited) {
43         DelayedSingleton<CoreService>::GetInstance()->OnStart();
44         if (DelayedSingleton<CoreService>::GetInstance()->GetServiceRunningState() ==
45             static_cast<int32_t>(ServiceRunningState::STATE_RUNNING)) {
46             g_isInited = true;
47         }
48     }
49     return g_isInited;
50 }
51 
GetSimTelephoneNumber(const uint8_t * data,size_t size)52 void GetSimTelephoneNumber(const uint8_t *data, size_t size)
53 {
54     if (!IsServiceInited()) {
55         return;
56     }
57 
58     int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
59     MessageParcel dataMessageParcel;
60     dataMessageParcel.WriteInt32(slotId);
61     dataMessageParcel.WriteBuffer(data, size);
62     dataMessageParcel.RewindRead(0);
63     MessageParcel reply;
64     DelayedSingleton<CoreService>::GetInstance()->OnGetSimPhoneNumber(dataMessageParcel, reply);
65 }
66 
GetVoiceMailIdentifier(const uint8_t * data,size_t size)67 void GetVoiceMailIdentifier(const uint8_t *data, size_t size)
68 {
69     if (!IsServiceInited()) {
70         return;
71     }
72 
73     int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
74     MessageParcel dataMessageParcel;
75     dataMessageParcel.WriteInt32(slotId);
76     dataMessageParcel.WriteBuffer(data, size);
77     dataMessageParcel.RewindRead(0);
78     MessageParcel reply;
79     DelayedSingleton<CoreService>::GetInstance()->OnGetVoiceMailInfor(dataMessageParcel, reply);
80 }
81 
GetVoiceMailNumber(const uint8_t * data,size_t size)82 void GetVoiceMailNumber(const uint8_t *data, size_t size)
83 {
84     if (!IsServiceInited()) {
85         return;
86     }
87 
88     int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
89     MessageParcel dataMessageParcel;
90     dataMessageParcel.WriteInt32(slotId);
91     dataMessageParcel.WriteBuffer(data, size);
92     dataMessageParcel.RewindRead(0);
93     MessageParcel reply;
94     DelayedSingleton<CoreService>::GetInstance()->OnGetVoiceMailNumber(dataMessageParcel, reply);
95 }
96 
QueryIccDiallingNumbers(const uint8_t * data,size_t size)97 void QueryIccDiallingNumbers(const uint8_t *data, size_t size)
98 {
99     if (!IsServiceInited()) {
100         return;
101     }
102 
103     int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
104     MessageParcel dataMessageParcel;
105     dataMessageParcel.WriteInt32(slotId);
106     dataMessageParcel.WriteInt32(static_cast<int32_t>(*data % TYPE_NUM));
107     dataMessageParcel.WriteBuffer(data, size);
108     dataMessageParcel.RewindRead(0);
109     MessageParcel reply;
110     DelayedSingleton<CoreService>::GetInstance()->OnDiallingNumbersGet(dataMessageParcel, reply);
111 }
112 
SimAuthentication(const uint8_t * data,size_t size)113 void SimAuthentication(const uint8_t *data, size_t size)
114 {
115     if (!IsServiceInited()) {
116         return;
117     }
118 
119     int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
120     std::string authData(reinterpret_cast<const char *>(data), size);
121     MessageParcel dataMessageParcel;
122     dataMessageParcel.WriteInt32(slotId);
123     int32_t authType = static_cast<int32_t>(*data % TYPE_NUM);
124     if (authType) {
125         dataMessageParcel.WriteInt32(SIM_AUTH_EAP_AKA_TYPE);
126     } else {
127         dataMessageParcel.WriteInt32(SIM_AUTH_EAP_SIM_TYPE);
128     }
129     dataMessageParcel.WriteString(authData);
130     dataMessageParcel.RewindRead(0);
131     MessageParcel reply;
132     DelayedSingleton<CoreService>::GetInstance()->OnSimAuthentication(dataMessageParcel, reply);
133 }
134 
ParseOpl5g(const uint8_t * data,size_t size)135 void ParseOpl5g(const uint8_t *data, size_t size)
136 {
137     if (!IsServiceInited()) {
138         return;
139     }
140 
141     if (g_flag) {
142         return;
143     }
144     g_flag = true;
145 
146     std::shared_ptr<TelRilManager> telRilManager = std::make_shared<TelRilManager>();
147     std::shared_ptr<Telephony::SimStateManager> simStateManager = std::make_shared<SimStateManager>(telRilManager);
148     std::shared_ptr<SimFile> simFile = std::make_shared<SimFile>(simStateManager);
149     std::string fileData(reinterpret_cast<const char *>(data), size);
150     std::vector<std::string> records;
151     records.push_back(fileData);
152     simFile->ParseOpl5g(records);
153 }
154 
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)155 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
156 {
157     if (data == nullptr || size == 0) {
158         return;
159     }
160 
161     GetSimTelephoneNumber(data, size);
162     GetVoiceMailIdentifier(data, size);
163     GetVoiceMailNumber(data, size);
164     QueryIccDiallingNumbers(data, size);
165     SimAuthentication(data, size);
166     ParseOpl5g(data, size);
167     auto telRilManager = DelayedSingleton<CoreService>::GetInstance()->telRilManager_;
168     if (telRilManager == nullptr || telRilManager->handler_ == nullptr) {
169         return;
170     }
171     telRilManager->handler_->ClearFfrt(false);
172     telRilManager->handler_->queue_ = nullptr;
173     return;
174 }
175 } // namespace OHOS
176 
177 /* Fuzzer entry point */
LLVMFuzzerInitialize(int * argc,char *** argv)178 extern "C" int LLVMFuzzerInitialize(int *argc, char ***argv)
179 {
180     OHOS::AddCoreServiceTokenFuzzer token;
181     return 0;
182 }
183 
184 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)185 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
186 {
187     /* Run your code on data */
188     OHOS::DoSomethingInterestingWithMyAPI(data, size);
189     OHOS::DelayedSingleton<CoreService>::DestroyInstance();
190     return 0;
191 }
192