1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "bluetoothdialcall_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #define private public
21 #include "addcalltoken_fuzzer.h"
22 #include "bluetooth_call_service.h"
23 #include "call_manager_service.h"
24 #include "message_parcel.h"
25 #include "system_ability_definition.h"
26
27 using namespace OHOS::Telephony;
28 namespace OHOS {
29 static bool g_isInited = false;
30 constexpr int32_t SLOT_NUM = 3;
31
IsServiceInited()32 bool IsServiceInited()
33 {
34 if (!g_isInited) {
35 DelayedSingleton<CallManagerService>::GetInstance()->OnStart();
36 if (DelayedSingleton<CallManagerService>::GetInstance()->GetServiceRunningState() ==
37 static_cast<int32_t>(CallManagerService::ServiceRunningState::STATE_RUNNING)) {
38 g_isInited = true;
39 }
40 }
41 return g_isInited;
42 }
43
AnswerCall(const uint8_t * data,size_t size)44 void AnswerCall(const uint8_t *data, size_t size)
45 {
46 if (!IsServiceInited()) {
47 return;
48 }
49
50 MessageParcel dataParcel;
51 dataParcel.WriteBuffer(data, size);
52 dataParcel.RewindRead(0);
53 MessageParcel reply;
54 DelayedSingleton<BluetoothCallService>::GetInstance()->OnAnswerCall(dataParcel, reply);
55 }
56
RejectCall(const uint8_t * data,size_t size)57 void RejectCall(const uint8_t *data, size_t size)
58 {
59 if (!IsServiceInited()) {
60 return;
61 }
62
63 MessageParcel dataParcel;
64 dataParcel.WriteBuffer(data, size);
65 dataParcel.RewindRead(0);
66 MessageParcel reply;
67 DelayedSingleton<BluetoothCallService>::GetInstance()->OnRejectCall(dataParcel, reply);
68 }
69
HangUpCall(const uint8_t * data,size_t size)70 void HangUpCall(const uint8_t *data, size_t size)
71 {
72 if (!IsServiceInited()) {
73 return;
74 }
75
76 MessageParcel dataParcel;
77 dataParcel.WriteBuffer(data, size);
78 dataParcel.RewindRead(0);
79 MessageParcel reply;
80 DelayedSingleton<BluetoothCallService>::GetInstance()->OnHangUpCall(dataParcel, reply);
81 }
82
GetBtCallState(const uint8_t * data,size_t size)83 void GetBtCallState(const uint8_t *data, size_t size)
84 {
85 if (!IsServiceInited()) {
86 return;
87 }
88
89 MessageParcel dataParcel;
90 dataParcel.WriteBuffer(data, size);
91 dataParcel.RewindRead(0);
92 MessageParcel reply;
93 DelayedSingleton<BluetoothCallService>::GetInstance()->OnGetBtCallState(dataParcel, reply);
94 }
95
HoldCall(const uint8_t * data,size_t size)96 void HoldCall(const uint8_t *data, size_t size)
97 {
98 if (!IsServiceInited()) {
99 return;
100 }
101
102 MessageParcel dataParcel;
103 dataParcel.WriteBuffer(data, size);
104 dataParcel.RewindRead(0);
105 MessageParcel reply;
106 DelayedSingleton<BluetoothCallService>::GetInstance()->OnHoldCall(dataParcel, reply);
107 }
108
UnHoldCall(const uint8_t * data,size_t size)109 void UnHoldCall(const uint8_t *data, size_t size)
110 {
111 if (!IsServiceInited()) {
112 return;
113 }
114
115 MessageParcel dataParcel;
116 dataParcel.WriteBuffer(data, size);
117 dataParcel.RewindRead(0);
118 MessageParcel reply;
119 DelayedSingleton<BluetoothCallService>::GetInstance()->OnUnHoldCall(dataParcel, reply);
120 }
121
SwitchCall(const uint8_t * data,size_t size)122 void SwitchCall(const uint8_t *data, size_t size)
123 {
124 if (!IsServiceInited()) {
125 return;
126 }
127
128 MessageParcel dataParcel;
129 dataParcel.WriteBuffer(data, size);
130 dataParcel.RewindRead(0);
131 MessageParcel reply;
132 DelayedSingleton<BluetoothCallService>::GetInstance()->OnSwitchCall(dataParcel, reply);
133 }
134
CombineConference(const uint8_t * data,size_t size)135 void CombineConference(const uint8_t *data, size_t size)
136 {
137 if (!IsServiceInited()) {
138 return;
139 }
140
141 MessageParcel dataParcel;
142 dataParcel.WriteBuffer(data, size);
143 dataParcel.RewindRead(0);
144 MessageParcel reply;
145 DelayedSingleton<BluetoothCallService>::GetInstance()->OnCombineConference(dataParcel, reply);
146 }
147
SeparateConference(const uint8_t * data,size_t size)148 void SeparateConference(const uint8_t *data, size_t size)
149 {
150 if (!IsServiceInited()) {
151 return;
152 }
153
154 MessageParcel dataParcel;
155 dataParcel.WriteBuffer(data, size);
156 dataParcel.RewindRead(0);
157 MessageParcel reply;
158 DelayedSingleton<BluetoothCallService>::GetInstance()->OnSeparateConference(dataParcel, reply);
159 }
160
StartDtmf(const uint8_t * data,size_t size)161 void StartDtmf(const uint8_t *data, size_t size)
162 {
163 if (!IsServiceInited()) {
164 return;
165 }
166
167 MessageParcel dataParcel;
168 dataParcel.WriteInt8(*data);
169 dataParcel.WriteBuffer(data + sizeof(char), size - sizeof(char));
170 dataParcel.RewindRead(0);
171 MessageParcel reply;
172 DelayedSingleton<BluetoothCallService>::GetInstance()->OnStartDtmf(dataParcel, reply);
173 }
174
StopDtmf(const uint8_t * data,size_t size)175 void StopDtmf(const uint8_t *data, size_t size)
176 {
177 if (!IsServiceInited()) {
178 return;
179 }
180
181 MessageParcel dataParcel;
182 dataParcel.WriteBuffer(data, size);
183 dataParcel.RewindRead(0);
184 MessageParcel reply;
185 DelayedSingleton<BluetoothCallService>::GetInstance()->OnStopDtmf(dataParcel, reply);
186 }
187
GetCurrentCallList(const uint8_t * data,size_t size)188 void GetCurrentCallList(const uint8_t *data, size_t size)
189 {
190 if (!IsServiceInited()) {
191 return;
192 }
193
194 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
195 MessageParcel dataParcel;
196 dataParcel.WriteInt32(slotId);
197 size_t dataSize = size - sizeof(int32_t);
198 dataParcel.WriteBuffer(data + sizeof(int32_t), dataSize);
199 dataParcel.RewindRead(0);
200 MessageParcel reply;
201 DelayedSingleton<BluetoothCallService>::GetInstance()->OnGetCurrentCallList(dataParcel, reply);
202 }
203
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)204 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
205 {
206 if (data == nullptr || size == 0) {
207 return;
208 }
209
210 AnswerCall(data, size);
211 RejectCall(data, size);
212 HangUpCall(data, size);
213 GetBtCallState(data, size);
214 HoldCall(data, size);
215 UnHoldCall(data, size);
216 SwitchCall(data, size);
217 CombineConference(data, size);
218 SeparateConference(data, size);
219 StartDtmf(data, size);
220 StopDtmf(data, size);
221 GetCurrentCallList(data, size);
222 }
223 } // namespace OHOS
224
225 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)226 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
227 {
228 OHOS::AddCallTokenFuzzer token;
229 /* Run your code on data */
230 OHOS::DoSomethingInterestingWithMyAPI(data, size);
231 return 0;
232 }
233