1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "getcscalldata_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #define private public
21 #include "addcellularcalltoken_fuzzer.h"
22 #include "cellular_call_service.h"
23 #include "hril_call_parcel.h"
24 #include "radio_event.h"
25 #include "securec.h"
26 #include "system_ability_definition.h"
27
28 using namespace OHOS::Telephony;
29 namespace OHOS {
30 static bool g_isInited = false;
31 constexpr int32_t SLOT_NUM = 2;
32 constexpr int32_t STATE_NUM = 9;
33
IsServiceInited()34 bool IsServiceInited()
35 {
36 DelayedSingleton<CellularCallService>::GetInstance()->OnStart();
37 if (!g_isInited && (static_cast<int32_t>(DelayedSingleton<CellularCallService>::GetInstance()->state_) ==
38 static_cast<int32_t>(ServiceRunningState::STATE_RUNNING))) {
39 g_isInited = true;
40 }
41 return g_isInited;
42 }
43
GetCsCallData(std::shared_ptr<CellularCallHandler> handle,AppExecFwk::InnerEvent::Pointer event,const uint8_t * data,size_t size)44 void GetCsCallData(std::shared_ptr<CellularCallHandler> handle, AppExecFwk::InnerEvent::Pointer event,
45 const uint8_t *data, size_t size)
46 {
47 if (!IsServiceInited()) {
48 return;
49 }
50
51 std::string number(reinterpret_cast<const char *>(data), size);
52 CallInfo info;
53 CallInfoList infoList;
54 info.number = number;
55 infoList.calls.push_back(info);
56 int32_t state = static_cast<int32_t>(size % STATE_NUM);
57 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
58
59 handle->GetCsCallData(event);
60 handle->GetImsCallData(event);
61 handle->CellularCallIncomingStartTrace(state);
62 handle->GetCsCallsDataResponse(event);
63 handle->GetImsCallsDataResponse(event);
64 handle->DialResponse(event);
65 handle->SendDtmfResponse(event);
66 handle->StartDtmfResponse(event);
67 handle->SimStateChangeReport(event);
68 handle->SimRecordsLoadedReport(event);
69 handle->StopDtmfResponse(event);
70 handle->SetSlotId(slotId);
71 handle->GetSlotId();
72 handle->CurrentTimeMillis();
73 handle->IsCanRequestCallsData();
74 handle->GetCsCallsDataRequest(event);
75 handle->GetImsCallsDataRequest(event);
76 handle->ReportCsCallsData(infoList);
77 }
78
RegisterHandler(std::shared_ptr<CellularCallHandler> handle,AppExecFwk::InnerEvent::Pointer event,const uint8_t * data,size_t size)79 void RegisterHandler(std::shared_ptr<CellularCallHandler> handle, AppExecFwk::InnerEvent::Pointer event,
80 const uint8_t *data, size_t size)
81 {
82 if (!IsServiceInited()) {
83 return;
84 }
85
86 std::string number(reinterpret_cast<const char *>(data), size);
87 ImsCurrentCall info;
88 ImsCurrentCallList infoList;
89 info.number = number;
90 infoList.calls.push_back(info);
91
92 handle->RegisterHandler(event);
93 handle->SetDomainPreferenceModeResponse(event);
94 handle->GetDomainPreferenceModeResponse(event);
95 handle->SetImsSwitchStatusResponse(event);
96 handle->GetImsSwitchStatusResponse(event);
97 handle->ImsCallStatusInfoReport(event);
98 handle->UssdNotifyResponse(event);
99 handle->SetMuteResponse(event);
100 handle->GetMuteResponse(event);
101 handle->GetEmergencyCallListResponse(event);
102 handle->SetEmergencyCallListResponse(event);
103 handle->CallRingBackVoiceResponse(event);
104 handle->GetCallFailReasonResponse(event);
105 handle->UpdateSrvccStateReport(event);
106 handle->ReportEccChanged(event);
107 handle->SrvccStateCompleted();
108 handle->GetMMIResponse(event);
109 handle->GetCallWaitingResponse(event);
110 handle->GetClirResponse(event);
111 handle->ReportImsCallsData(infoList);
112 handle->SetClirResponse(event);
113 handle->GetClipResponse(event);
114 handle->SetCallTransferInfoResponse(event);
115 handle->GetCallRestrictionResponse(event);
116 handle->SetCallRestrictionResponse(event);
117 handle->SendUssdResponse(event);
118 handle->SendUnlockPinPukResponse(event);
119 handle->HandleOperatorConfigChanged(event);
120 handle->UpdateRsrvccStateReport(event);
121 }
122
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)123 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
124 {
125 if (data == nullptr || size == 0) {
126 return;
127 }
128
129 if (!IsServiceInited()) {
130 return;
131 }
132
133 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
134 RadioEvent radioEvent = static_cast<RadioEvent>(size);
135 std::shared_ptr<CellularCallHandler> handle =
136 DelayedSingleton<CellularCallService>::GetInstance()->GetHandler(slotId);
137 if (handle == nullptr) {
138 return;
139 }
140 AppExecFwk::InnerEvent::Pointer event = AppExecFwk::InnerEvent::Get(radioEvent);
141 GetCsCallData(handle, std::move(event), data, size);
142 event = AppExecFwk::InnerEvent::Get(radioEvent);
143 RegisterHandler(handle, std::move(event), data, size);
144 }
145 } // namespace OHOS
146
147 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)148 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
149 {
150 OHOS::AddCellularCallTokenFuzzer token;
151 /* Run your code on data */
152 OHOS::DoSomethingInterestingWithMyAPI(data, size);
153 return 0;
154 }
155