1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "imsclient_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #define private public
21 #include "addcellularcalltoken_fuzzer.h"
22 #include "cellular_call_service.h"
23 #include "ims_call_client.h"
24 #include "ims_call_proxy.h"
25 #include "securec.h"
26 #include "system_ability_definition.h"
27
28 using namespace OHOS::Telephony;
29 namespace OHOS {
30 static bool g_isInited = false;
31 constexpr int32_t SERVICE_STATE_RUNNING = 1;
32
IsServiceInited()33 bool IsServiceInited()
34 {
35 auto service = DelayedSingleton<CellularCallService>::GetInstance();
36 if (service == nullptr) {
37 return g_isInited;
38 }
39 if (service->GetServiceRunningState() != SERVICE_STATE_RUNNING) {
40 service->OnStart();
41 }
42 if (!g_isInited && service->GetServiceRunningState() == SERVICE_STATE_RUNNING) {
43 g_isInited = true;
44 }
45 return g_isInited;
46 }
47
TestImsCallClientWithCallInfo(const uint8_t * data,size_t size,const std::shared_ptr<ImsCallClient> & imsCallClient)48 void TestImsCallClientWithCallInfo(
49 const uint8_t *data, size_t size, const std::shared_ptr<ImsCallClient> &imsCallClient)
50 {
51 ImsCallInfo callInfo;
52 if (memset_s(&callInfo, sizeof(struct ImsCallInfo), 0x00, sizeof(struct ImsCallInfo)) != EOK) {
53 return;
54 }
55 size_t length = std::min(static_cast<size_t>(sizeof(callInfo.phoneNum) - 1), size);
56 std::string number(reinterpret_cast<const char *>(data), length);
57 int32_t mode = static_cast<int32_t>(size % 2);
58 int32_t slotId = static_cast<int32_t>(size % 2);
59 int32_t videoState = static_cast<int32_t>(size % 3);
60 int32_t index = static_cast<int32_t>(size % 3);
61 const char *cDtmfCode = number.c_str();
62 if (strcpy_s(callInfo.phoneNum, sizeof(callInfo.phoneNum), number.c_str()) != EOK) {
63 return;
64 }
65 callInfo.slotId = slotId;
66 callInfo.videoState = videoState;
67 callInfo.index = index;
68 std::vector<std::string> numberList;
69 numberList.push_back(number);
70 imsCallClient->Dial(callInfo, static_cast<CLIRMode>(mode));
71 imsCallClient->HangUp(callInfo);
72 imsCallClient->Answer(callInfo);
73 imsCallClient->Reject(callInfo);
74 imsCallClient->RejectWithReason(callInfo, ImsRejectReason::USER_DECLINE);
75 imsCallClient->UpdateImsCallMode(callInfo, static_cast<ImsCallMode>(mode));
76 imsCallClient->InviteToConference(slotId, numberList);
77 imsCallClient->KickOutFromConference(slotId, numberList);
78 imsCallClient->StartDtmf(slotId, *cDtmfCode, index);
79 imsCallClient->SendDtmf(slotId, *cDtmfCode, index);
80 imsCallClient->StopDtmf(slotId, index);
81 imsCallClient->StartRtt(slotId, number);
82 imsCallClient->StopRtt(slotId);
83 imsCallClient->SetDomainPreferenceMode(slotId, mode);
84 imsCallClient->GetDomainPreferenceMode(slotId);
85 imsCallClient->SetImsSwitchStatus(slotId, mode);
86 imsCallClient->GetImsSwitchStatus(slotId);
87 imsCallClient->SetMute(slotId, mode);
88 imsCallClient->GetMute(slotId);
89 }
90
TestImsCallClientWithSlotAndType(const uint8_t * data,size_t size,const std::shared_ptr<ImsCallClient> & imsCallClient)91 void TestImsCallClientWithSlotAndType(
92 const uint8_t *data, size_t size, const std::shared_ptr<ImsCallClient> &imsCallClient)
93 {
94 int32_t slotId = static_cast<int32_t>(size % 2);
95 int32_t callType = static_cast<int32_t>(size % 2);
96 std::string info(reinterpret_cast<const char *>(data), size);
97 int32_t x = static_cast<int32_t>(size % 3);
98 int32_t y = static_cast<int32_t>(size % 3);
99 int32_t z = static_cast<int32_t>(size % 4);
100 int32_t width = static_cast<int32_t>(size % 4);
101 int32_t height = static_cast<int32_t>(size % 5);
102 int32_t callingUid = static_cast<int32_t>(size % 5);
103 int32_t callingPid = static_cast<int32_t>(size % 6);
104 int32_t mode = static_cast<int32_t>(size % 6);
105 imsCallClient->HoldCall(slotId, callType);
106 imsCallClient->UnHoldCall(slotId, callType);
107 imsCallClient->SwitchCall(slotId, callType);
108 imsCallClient->CombineConference(slotId);
109 imsCallClient->GetImsCallsDataRequest(slotId, callType);
110 imsCallClient->GetLastCallFailReason(slotId);
111 imsCallClient->CtrlCamera(Str8ToStr16(info), callingUid, callingPid);
112 imsCallClient->SetPreviewWindow(x, y, z, width, height);
113 imsCallClient->SetDisplayWindow(x, y, z, width, height);
114 imsCallClient->SetPauseImage(Str8ToStr16(info));
115 imsCallClient->SetDeviceDirection(mode);
116 imsCallClient->SetCameraZoom(mode);
117 ImsCapabilityList imsCapabilityList;
118 ImsCapability capbility;
119 capbility.enable = mode;
120 capbility.imsCapabilityType = static_cast<ImsCapabilityType>(callType);
121 capbility.imsRadioTech = static_cast<ImsRegTech>(callType);
122 imsCapabilityList.imsCapabilities.push_back(capbility);
123 imsCallClient->UpdateImsCapabilities(slotId, imsCapabilityList);
124 }
125
TestImsCallClientWithSettingFunction(const uint8_t * data,size_t size,const std::shared_ptr<ImsCallClient> & imsCallClient)126 void TestImsCallClientWithSettingFunction(
127 const uint8_t *data, size_t size, const std::shared_ptr<ImsCallClient> &imsCallClient)
128 {
129 CallTransferInfo transferInfo;
130 if (memset_s(&transferInfo, sizeof(struct CallTransferInfo), 0x00, sizeof(struct CallTransferInfo)) != EOK) {
131 return;
132 }
133 size_t length = std::min(static_cast<size_t>(sizeof(transferInfo.transferNum) - 1), size);
134 std::string number(reinterpret_cast<const char *>(data), length);
135 int32_t mode = static_cast<int32_t>(size % 2);
136 int32_t slotId = static_cast<int32_t>(size % 2);
137 int32_t item = static_cast<int32_t>(size % 3);
138 int32_t value = static_cast<int32_t>(size % 4);
139 int32_t type = static_cast<int32_t>(size % 4);
140 imsCallClient->SetImsConfig(static_cast<ImsConfigItem>(item), number);
141 imsCallClient->SetImsConfig(static_cast<ImsConfigItem>(item), value);
142 imsCallClient->GetImsConfig(static_cast<ImsConfigItem>(item));
143 imsCallClient->SetImsFeatureValue(static_cast<FeatureType>(type), value);
144 imsCallClient->GetImsFeatureValue(static_cast<FeatureType>(type), value);
145 imsCallClient->SetClip(slotId, mode);
146 imsCallClient->GetClip(slotId);
147 imsCallClient->SetClir(slotId, mode);
148 imsCallClient->GetClir(slotId);
149 imsCallClient->SetCallWaiting(slotId, mode, type);
150 imsCallClient->GetCallWaiting(slotId);
151 imsCallClient->SetColr(slotId, mode);
152 imsCallClient->GetColr(slotId);
153 imsCallClient->SetColp(slotId, mode);
154 imsCallClient->GetColp(slotId);
155 if (strcpy_s(transferInfo.transferNum, sizeof(transferInfo.transferNum), number.c_str()) != EOK) {
156 return;
157 }
158 transferInfo.settingType = static_cast<CallTransferSettingType>(type);
159 transferInfo.type = static_cast<CallTransferType>(type);
160 imsCallClient->SetCallTransfer(slotId, type, mode, number, type);
161 imsCallClient->GetCallTransfer(slotId, type);
162 imsCallClient->SetCallRestriction(slotId, number, mode, number);
163 imsCallClient->GetCallRestriction(slotId, number);
164 }
165
TestImsCallProxyWithCallInfo(const uint8_t * data,size_t size,const sptr<ImsCallInterface> & proxy)166 void TestImsCallProxyWithCallInfo(const uint8_t *data, size_t size, const sptr<ImsCallInterface> &proxy)
167 {
168 ImsCallInfo callInfo;
169 if (memset_s(&callInfo, sizeof(struct ImsCallInfo), 0x00, sizeof(struct ImsCallInfo)) != EOK) {
170 return;
171 }
172 size_t length = std::min(static_cast<size_t>(sizeof(callInfo.phoneNum) - 1), size);
173 std::string number(reinterpret_cast<const char *>(data), length);
174 int32_t mode = static_cast<int32_t>(size % 2);
175 int32_t slotId = static_cast<int32_t>(size % 2);
176 int32_t videoState = static_cast<int32_t>(size % 3);
177 int32_t index = static_cast<int32_t>(size % 3);
178 const char *cDtmfCode = number.c_str();
179 if (strcpy_s(callInfo.phoneNum, sizeof(callInfo.phoneNum), number.c_str()) != EOK) {
180 return;
181 }
182 callInfo.slotId = slotId;
183 callInfo.videoState = videoState;
184 callInfo.index = index;
185 std::vector<std::string> numberList;
186 numberList.push_back(number);
187 proxy->Dial(callInfo, static_cast<CLIRMode>(mode));
188 proxy->HangUp(callInfo);
189 proxy->Answer(callInfo);
190 proxy->RejectWithReason(callInfo, ImsRejectReason::USER_DECLINE);
191 proxy->UpdateImsCallMode(callInfo, static_cast<ImsCallMode>(mode));
192 proxy->InviteToConference(slotId, numberList);
193 proxy->KickOutFromConference(slotId, numberList);
194 proxy->StartDtmf(slotId, *cDtmfCode, index);
195 proxy->SendDtmf(slotId, *cDtmfCode, index);
196 proxy->StopDtmf(slotId, index);
197 proxy->StartRtt(slotId, number);
198 proxy->StopRtt(slotId);
199 proxy->SetDomainPreferenceMode(slotId, mode);
200 proxy->GetDomainPreferenceMode(slotId);
201 proxy->SetImsSwitchStatus(slotId, mode);
202 proxy->GetImsSwitchStatus(slotId);
203 proxy->SetMute(slotId, mode);
204 proxy->GetMute(slotId);
205 }
206
TestImsCallProxyWithSlotAndType(const uint8_t * data,size_t size,const sptr<ImsCallInterface> & proxy)207 void TestImsCallProxyWithSlotAndType(const uint8_t *data, size_t size, const sptr<ImsCallInterface> &proxy)
208 {
209 int32_t slotId = static_cast<int32_t>(size % 2);
210 int32_t callType = static_cast<int32_t>(size % 2);
211 std::string info(reinterpret_cast<const char *>(data), size);
212 int32_t x = static_cast<int32_t>(size % 3);
213 int32_t y = static_cast<int32_t>(size % 3);
214 int32_t z = static_cast<int32_t>(size % 4);
215 int32_t width = static_cast<int32_t>(size % 4);
216 int32_t height = static_cast<int32_t>(size % 5);
217 int32_t callingUid = static_cast<int32_t>(size % 5);
218 int32_t callingPid = static_cast<int32_t>(size % 6);
219 int32_t mode = static_cast<int32_t>(size % 6);
220 proxy->HoldCall(slotId, callType);
221 proxy->UnHoldCall(slotId, callType);
222 proxy->SwitchCall(slotId, callType);
223 proxy->CombineConference(slotId);
224 proxy->GetImsCallsDataRequest(slotId, callType);
225 proxy->GetLastCallFailReason(slotId);
226 proxy->CtrlCamera(Str8ToStr16(info), callingUid, callingPid);
227 proxy->SetPreviewWindow(x, y, z, width, height);
228 proxy->SetDisplayWindow(x, y, z, width, height);
229 proxy->SetPauseImage(Str8ToStr16(info));
230 proxy->SetDeviceDirection(mode);
231 proxy->SetCameraZoom(mode);
232 ImsCapabilityList imsCapabilityList;
233 ImsCapability capbility;
234 capbility.enable = mode;
235 capbility.imsCapabilityType = static_cast<ImsCapabilityType>(callType);
236 capbility.imsRadioTech = static_cast<ImsRegTech>(callType);
237 imsCapabilityList.imsCapabilities.push_back(capbility);
238 proxy->UpdateImsCapabilities(slotId, imsCapabilityList);
239 }
240
TestImsCallProxyWithSettingFunction(const uint8_t * data,size_t size,const sptr<ImsCallInterface> & proxy)241 void TestImsCallProxyWithSettingFunction(const uint8_t *data, size_t size, const sptr<ImsCallInterface> &proxy)
242 {
243 CallTransferInfo transferInfo;
244 if (memset_s(&transferInfo, sizeof(struct CallTransferInfo), 0x00, sizeof(struct CallTransferInfo)) != EOK) {
245 return;
246 }
247 size_t length = std::min(static_cast<size_t>(sizeof(transferInfo.transferNum) - 1), size);
248 std::string number(reinterpret_cast<const char *>(data), length);
249 int32_t mode = static_cast<int32_t>(size % 2);
250 int32_t slotId = static_cast<int32_t>(size % 2);
251 int32_t item = static_cast<int32_t>(size % 3);
252 int32_t value = static_cast<int32_t>(size % 4);
253 int32_t type = static_cast<int32_t>(size % 4);
254 proxy->SetImsConfig(static_cast<ImsConfigItem>(item), number);
255 proxy->SetImsConfig(static_cast<ImsConfigItem>(item), value);
256 proxy->GetImsConfig(static_cast<ImsConfigItem>(item));
257 proxy->SetImsFeatureValue(static_cast<FeatureType>(type), value);
258 proxy->GetImsFeatureValue(static_cast<FeatureType>(type), value);
259 proxy->SetClip(slotId, mode);
260 proxy->GetClip(slotId);
261 proxy->SetClir(slotId, mode);
262 proxy->GetClir(slotId);
263 proxy->SetCallWaiting(slotId, mode, type);
264 proxy->GetCallWaiting(slotId);
265 proxy->SetColr(slotId, mode);
266 proxy->GetColr(slotId);
267 proxy->SetColp(slotId, mode);
268 proxy->GetColp(slotId);
269 if (strcpy_s(transferInfo.transferNum, sizeof(transferInfo.transferNum), number.c_str()) != EOK) {
270 return;
271 }
272 transferInfo.settingType = static_cast<CallTransferSettingType>(type);
273 transferInfo.type = static_cast<CallTransferType>(type);
274 proxy->SetCallTransfer(slotId, type, mode, number, type);
275 proxy->GetCallTransfer(slotId, type);
276 proxy->SetCallRestriction(slotId, number, mode, number);
277 proxy->GetCallRestriction(slotId, number);
278 }
279
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)280 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
281 {
282 if (data == nullptr || size == 0) {
283 return;
284 }
285 auto imsCallClient = DelayedSingleton<ImsCallClient>::GetInstance();
286 if (imsCallClient == nullptr) {
287 return;
288 }
289 if (!IsServiceInited()) {
290 return;
291 }
292 TestImsCallClientWithCallInfo(data, size, imsCallClient);
293 TestImsCallClientWithSlotAndType(data, size, imsCallClient);
294 TestImsCallClientWithSettingFunction(data, size, imsCallClient);
295
296 auto managerPtr = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
297 if (managerPtr == nullptr) {
298 return;
299 }
300 auto remoteObjectPtr = managerPtr->CheckSystemAbility(TELEPHONY_IMS_SYS_ABILITY_ID);
301 if (remoteObjectPtr == nullptr) {
302 return;
303 }
304 sptr<ImsCallInterface> proxy = iface_cast<ImsCallInterface>(remoteObjectPtr);
305 if (proxy == nullptr) {
306 return;
307 }
308 TestImsCallProxyWithCallInfo(data, size, proxy);
309 TestImsCallProxyWithSlotAndType(data, size, proxy);
310 TestImsCallProxyWithSettingFunction(data, size, proxy);
311 proxy.clear();
312 proxy = nullptr;
313 }
314 } // namespace OHOS
315
316 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)317 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
318 {
319 OHOS::AddCellularCallTokenFuzzer token;
320 /* Run your code on data */
321 OHOS::DoSomethingInterestingWithMyAPI(data, size);
322 return 0;
323 }
324