1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "setimsfeaturevalue_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #define private public
21 #include "addcellularcalltoken_fuzzer.h"
22 #include "cellular_call_service.h"
23 #include "securec.h"
24 #include "system_ability_definition.h"
25
26 using namespace OHOS::Telephony;
27 namespace OHOS {
28 static bool g_isInited = false;
29 constexpr int32_t BOOL_NUM = 2;
30 constexpr int32_t INT_NUM = 2;
31 constexpr int32_t VEDIO_STATE_NUM = 2;
32 constexpr size_t MAX_NUMBER_LEN = 99;
33
IsServiceInited()34 bool IsServiceInited()
35 {
36 DelayedSingleton<CellularCallService>::GetInstance()->OnStart();
37 if (!g_isInited && (static_cast<int32_t>(DelayedSingleton<CellularCallService>::GetInstance()->state_) ==
38 static_cast<int32_t>(ServiceRunningState::STATE_RUNNING))) {
39 g_isInited = true;
40 }
41 return g_isInited;
42 }
43
OnRemoteRequest(const uint8_t * data,size_t size)44 void OnRemoteRequest(const uint8_t *data, size_t size)
45 {
46 if (!IsServiceInited()) {
47 return;
48 }
49
50 MessageParcel dataMessageParcel;
51 if (!dataMessageParcel.WriteInterfaceToken(CellularCallStub::GetDescriptor())) {
52 return;
53 }
54 size_t dataSize = size - sizeof(uint32_t);
55 dataMessageParcel.WriteBuffer(data + sizeof(uint32_t), dataSize);
56 dataMessageParcel.RewindRead(0);
57 uint32_t code = static_cast<uint32_t>(size);
58 MessageParcel reply;
59 MessageOption option;
60 DelayedSingleton<CellularCallService>::GetInstance()->OnRemoteRequest(code, dataMessageParcel, reply, option);
61 }
62
SetDomainPreferenceMode(const uint8_t * data,size_t size)63 void SetDomainPreferenceMode(const uint8_t *data, size_t size)
64 {
65 if (!IsServiceInited()) {
66 return;
67 }
68
69 int32_t mode = static_cast<int32_t>(size);
70 MessageParcel dataMessageParcel;
71 dataMessageParcel.WriteInt32(mode);
72 size_t dataSize = size - sizeof(int32_t);
73 dataMessageParcel.WriteBuffer(data + sizeof(int32_t), dataSize);
74 dataMessageParcel.RewindRead(0);
75 MessageParcel reply;
76 DelayedSingleton<CellularCallService>::GetInstance()->OnSetDomainPreferenceModeInner(dataMessageParcel, reply);
77 }
78
GetDomainPreferenceMode(const uint8_t * data,size_t size)79 void GetDomainPreferenceMode(const uint8_t *data, size_t size)
80 {
81 if (!IsServiceInited()) {
82 return;
83 }
84
85 MessageParcel dataMessageParcel;
86 dataMessageParcel.WriteBuffer(data, size);
87 dataMessageParcel.RewindRead(0);
88 MessageParcel reply;
89 DelayedSingleton<CellularCallService>::GetInstance()->OnSetDomainPreferenceModeInner(dataMessageParcel, reply);
90 }
91
SetImsSwitchStatus(const uint8_t * data,size_t size)92 void SetImsSwitchStatus(const uint8_t *data, size_t size)
93 {
94 if (!IsServiceInited()) {
95 return;
96 }
97
98 int32_t activate = static_cast<int32_t>(size % BOOL_NUM);
99 MessageParcel dataMessageParcel;
100 dataMessageParcel.WriteBool(activate);
101 dataMessageParcel.RewindRead(0);
102 MessageParcel reply;
103 DelayedSingleton<CellularCallService>::GetInstance()->OnSetImsSwitchStatusInner(dataMessageParcel, reply);
104 }
105
GetImsSwitchStatus(const uint8_t * data,size_t size)106 void GetImsSwitchStatus(const uint8_t *data, size_t size)
107 {
108 if (!IsServiceInited()) {
109 return;
110 }
111
112 MessageParcel dataMessageParcel;
113 dataMessageParcel.WriteBuffer(data, size);
114 dataMessageParcel.RewindRead(0);
115 MessageParcel reply;
116 DelayedSingleton<CellularCallService>::GetInstance()->OnGetImsSwitchStatusInner(dataMessageParcel, reply);
117 }
118
GetImsConfig(const uint8_t * data,size_t size)119 void GetImsConfig(const uint8_t *data, size_t size)
120 {
121 if (!IsServiceInited()) {
122 return;
123 }
124
125 int32_t item = static_cast<int32_t>(size);
126 MessageParcel dataMessageParcel;
127 dataMessageParcel.WriteInt32(item);
128 size_t dataSize = size - sizeof(int32_t);
129 dataMessageParcel.WriteBuffer(data + sizeof(int32_t), dataSize);
130 dataMessageParcel.RewindRead(0);
131 MessageParcel reply;
132 DelayedSingleton<CellularCallService>::GetInstance()->OnGetImsConfigInner(dataMessageParcel, reply);
133 }
134
SetImsConfig(const uint8_t * data,size_t size)135 void SetImsConfig(const uint8_t *data, size_t size)
136 {
137 if (!IsServiceInited()) {
138 return;
139 }
140
141 int32_t item = static_cast<int32_t>(size);
142 std::string value(reinterpret_cast<const char *>(data), size);
143 MessageParcel dataMessageParcel;
144 dataMessageParcel.WriteInt32(item);
145 dataMessageParcel.WriteString(value);
146 dataMessageParcel.RewindRead(0);
147 MessageParcel reply;
148 DelayedSingleton<CellularCallService>::GetInstance()->OnSetImsConfigStringInner(dataMessageParcel, reply);
149 }
150
GetImsFeatureValue(const uint8_t * data,size_t size)151 void GetImsFeatureValue(const uint8_t *data, size_t size)
152 {
153 if (!IsServiceInited()) {
154 return;
155 }
156
157 int32_t type = static_cast<int32_t>(size);
158 MessageParcel dataMessageParcel;
159 dataMessageParcel.WriteInt32(type);
160 size_t dataSize = size - sizeof(int32_t);
161 dataMessageParcel.WriteBuffer(data + sizeof(int32_t), dataSize);
162 dataMessageParcel.RewindRead(0);
163 MessageParcel reply;
164 DelayedSingleton<CellularCallService>::GetInstance()->OnGetImsFeatureValueInner(dataMessageParcel, reply);
165 }
166
SetImsFeatureValue(const uint8_t * data,size_t size)167 void SetImsFeatureValue(const uint8_t *data, size_t size)
168 {
169 if (!IsServiceInited()) {
170 return;
171 }
172
173 int32_t type = static_cast<int32_t>(size);
174 int32_t value = static_cast<int32_t>(size);
175 MessageParcel dataMessageParcel;
176 dataMessageParcel.WriteInt32(type);
177 dataMessageParcel.WriteInt32(value);
178 size_t dataSize = size - sizeof(int32_t) * INT_NUM;
179 dataMessageParcel.WriteBuffer(data + sizeof(int32_t) * INT_NUM, dataSize);
180 dataMessageParcel.RewindRead(0);
181 MessageParcel reply;
182 DelayedSingleton<CellularCallService>::GetInstance()->OnSetImsFeatureValueInner(dataMessageParcel, reply);
183 }
184
Reject(const uint8_t * data,size_t size)185 void Reject(const uint8_t *data, size_t size)
186 {
187 if (!IsServiceInited()) {
188 return;
189 }
190
191 int32_t maxSize = static_cast<int32_t>(size);
192 int32_t slotId = static_cast<int32_t>(size % BOOL_NUM);
193 int32_t callId = static_cast<int32_t>(size);
194 int32_t accountId = static_cast<int32_t>(size);
195 int32_t videoState = static_cast<int32_t>(size % VEDIO_STATE_NUM);
196 int32_t index = static_cast<int32_t>(size);
197 std::string telNum = "000000000";
198 std::string tempNum(reinterpret_cast<const char *>(data), size);
199 if (strlen(tempNum.c_str()) <= MAX_NUMBER_LEN) {
200 telNum = tempNum;
201 }
202 size_t length = strlen(telNum.c_str()) + 1;
203 CellularCallInfo callInfo;
204 callInfo.slotId = slotId;
205 callInfo.callId = callId;
206 callInfo.accountId = accountId;
207 callInfo.videoState = videoState;
208 callInfo.index = index;
209 if (strcpy_s(callInfo.phoneNum, length, telNum.c_str()) != EOK) {
210 return;
211 }
212 MessageParcel dataMessageParcel;
213 dataMessageParcel.WriteInt32(maxSize);
214 dataMessageParcel.WriteRawData(static_cast<const void *>(&callInfo), sizeof(CellularCallInfo));
215 dataMessageParcel.RewindRead(0);
216 MessageParcel reply;
217 DelayedSingleton<CellularCallService>::GetInstance()->OnRejectInner(dataMessageParcel, reply);
218 }
219
HangUp(const uint8_t * data,size_t size)220 void HangUp(const uint8_t *data, size_t size)
221 {
222 if (!IsServiceInited()) {
223 return;
224 }
225
226 int32_t maxSize = static_cast<int32_t>(size);
227 int32_t type = static_cast<int32_t>(size);
228 int32_t slotId = static_cast<int32_t>(size % BOOL_NUM);
229 int32_t callId = static_cast<int32_t>(size);
230 int32_t accountId = static_cast<int32_t>(size);
231 int32_t videoState = static_cast<int32_t>(size % VEDIO_STATE_NUM);
232 int32_t index = static_cast<int32_t>(size);
233 std::string telNum = "000000000";
234 std::string tempNum(reinterpret_cast<const char *>(data), size);
235 if (strlen(tempNum.c_str()) <= MAX_NUMBER_LEN) {
236 telNum = tempNum;
237 }
238 size_t length = strlen(telNum.c_str()) + 1;
239 CellularCallInfo callInfo;
240 callInfo.slotId = slotId;
241 callInfo.callId = callId;
242 callInfo.accountId = accountId;
243 callInfo.videoState = videoState;
244 callInfo.index = index;
245 if (strcpy_s(callInfo.phoneNum, length, telNum.c_str()) != EOK) {
246 return;
247 }
248 MessageParcel dataMessageParcel;
249 dataMessageParcel.WriteInt32(maxSize);
250 dataMessageParcel.WriteInt32(type);
251 dataMessageParcel.WriteRawData(static_cast<const void *>(&callInfo), sizeof(CellularCallInfo));
252 dataMessageParcel.RewindRead(0);
253 MessageParcel reply;
254 DelayedSingleton<CellularCallService>::GetInstance()->OnHangUpInner(dataMessageParcel, reply);
255 }
256
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)257 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
258 {
259 if (data == nullptr || size == 0) {
260 return;
261 }
262
263 OnRemoteRequest(data, size);
264 SetDomainPreferenceMode(data, size);
265 GetDomainPreferenceMode(data, size);
266 SetImsSwitchStatus(data, size);
267 GetImsSwitchStatus(data, size);
268 GetImsConfig(data, size);
269 SetImsConfig(data, size);
270 GetImsFeatureValue(data, size);
271 SetImsFeatureValue(data, size);
272 Reject(data, size);
273 HangUp(data, size);
274 return;
275 }
276 } // namespace OHOS
277
278 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)279 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
280 {
281 OHOS::AddCellularCallTokenFuzzer token;
282 /* Run your code on data */
283 OHOS::DoSomethingInterestingWithMyAPI(data, size);
284 return 0;
285 }
286