1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "call_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #define private public
21 #include "addcalltoken_fuzzer.h"
22 #include "call_manager_service.h"
23 #include "cs_call.h"
24 #include "ims_call.h"
25 #include "ott_call.h"
26 #include "system_ability_definition.h"
27
28 using namespace OHOS::Telephony;
29 namespace OHOS {
30 static bool g_isInited = false;
31 constexpr int32_t SLOT_NUM = 2;
32 constexpr int32_t BOOL_NUM = 2;
33 constexpr int32_t DIAL_TYPE = 3;
34 constexpr int32_t CALL_TYPE_NUM = 4;
35 constexpr int32_t VIDIO_TYPE_NUM = 2;
36 constexpr int32_t TEL_CALL_STATE_NUM = 9;
37 constexpr int32_t TEL_CONFERENCE_STATE_NUM = 4;
38 constexpr int32_t CALL_RUNNING_STATE_NUM = 8;
39 constexpr int32_t CALL_ENDED_TYPE_NUM = 4;
40 constexpr int32_t CALL_ANSWER_TYPE_NUM = 3;
41 constexpr int32_t INVALID_CALL_ID = -1;
42
IsServiceInited()43 bool IsServiceInited()
44 {
45 if (!g_isInited) {
46 DelayedSingleton<CallManagerService>::GetInstance()->OnStart();
47 if (DelayedSingleton<CallManagerService>::GetInstance()->GetServiceRunningState() ==
48 static_cast<int32_t>(CallManagerService::ServiceRunningState::STATE_RUNNING)) {
49 g_isInited = true;
50 }
51 }
52 return g_isInited;
53 }
54
CSCallFunc(const uint8_t * data,size_t size)55 void CSCallFunc(const uint8_t *data, size_t size)
56 {
57 if (!IsServiceInited()) {
58 return;
59 }
60
61 DialParaInfo paraInfo;
62 paraInfo.dialType = static_cast<DialType>(size % DIAL_TYPE);
63 paraInfo.callType = static_cast<CallType>(size % CALL_TYPE_NUM);
64 paraInfo.videoState = static_cast<VideoStateType>(size % VIDIO_TYPE_NUM);
65 paraInfo.callState = static_cast<TelCallState>(size % TEL_CALL_STATE_NUM);
66 sptr<CallBase> callObjectPtr = std::make_unique<CSCall>(paraInfo).release();
67 int32_t videoState = static_cast<int32_t>(size % VIDIO_TYPE_NUM);
68 int32_t mute = static_cast<int32_t>(size % BOOL_NUM);
69 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
70 TelCallState nextState = static_cast<TelCallState>(size % TEL_CALL_STATE_NUM);
71 TelConferenceState telConferenceState = static_cast<TelConferenceState>(size % TEL_CONFERENCE_STATE_NUM);
72 VideoStateType mediaType = static_cast<VideoStateType>(size % VIDIO_TYPE_NUM);
73 PolicyFlag flag = static_cast<PolicyFlag>(size);
74
75 callObjectPtr->AnswerCall(videoState);
76 callObjectPtr->SetMute(mute, slotId);
77 callObjectPtr->StartDtmf(static_cast<char>(*data));
78 callObjectPtr->StopDtmf();
79 callObjectPtr->GetSlotId();
80 callObjectPtr->DialCallBase();
81 callObjectPtr->IncomingCallBase();
82 callObjectPtr->AnswerCallBase();
83 callObjectPtr->RejectCallBase();
84 callObjectPtr->GetCallID();
85 callObjectPtr->GetCallType();
86 callObjectPtr->GetCallRunningState();
87 callObjectPtr->SetTelCallState(nextState);
88 callObjectPtr->GetTelCallState();
89 callObjectPtr->SetTelConferenceState(telConferenceState);
90 callObjectPtr->GetTelConferenceState();
91 callObjectPtr->GetVideoStateType();
92 callObjectPtr->SetVideoStateType(mediaType);
93 callObjectPtr->SetPolicyFlag(flag);
94 callObjectPtr->GetPolicyFlag();
95 }
96
DialingProcess(const uint8_t * data,size_t size)97 void DialingProcess(const uint8_t *data, size_t size)
98 {
99 if (!IsServiceInited()) {
100 return;
101 }
102
103 DialParaInfo paraInfo;
104 paraInfo.dialType = static_cast<DialType>(size % DIAL_TYPE);
105 paraInfo.callType = static_cast<CallType>(size % CALL_TYPE_NUM);
106 paraInfo.videoState = static_cast<VideoStateType>(size % VIDIO_TYPE_NUM);
107 paraInfo.callState = static_cast<TelCallState>(size % TEL_CALL_STATE_NUM);
108 sptr<CallBase> callObjectPtr = std::make_unique<CSCall>(paraInfo).release();
109
110 callObjectPtr->StartDtmf(static_cast<char>(*data));
111 callObjectPtr->RejectCall();
112 callObjectPtr->HangUpCall();
113 callObjectPtr->HoldCall();
114 callObjectPtr->UnHoldCall();
115 callObjectPtr->SwitchCall();
116 callObjectPtr->DialingProcess();
117 callObjectPtr->CombineConference(); // merge calls
118 callObjectPtr->SeparateConference();
119 callObjectPtr->CanCombineConference();
120 callObjectPtr->CanSeparateConference();
121 callObjectPtr->LaunchConference();
122 callObjectPtr->ExitConference();
123 callObjectPtr->HoldConference();
124 int32_t mainCallId = INVALID_CALL_ID;
125 callObjectPtr->GetMainCallId(mainCallId);
126 std::vector<std::u16string> subCallIdList;
127 callObjectPtr->GetSubCallIdList(subCallIdList);
128 std::vector<std::u16string> callIdList;
129 callObjectPtr->GetCallIdListForConference(callIdList);
130 callObjectPtr->IsSupportConferenceable();
131 callObjectPtr->GetEmergencyState();
132 }
133
GetCallerInfo(const uint8_t * data,size_t size)134 void GetCallerInfo(const uint8_t *data, size_t size)
135 {
136 if (!IsServiceInited()) {
137 return;
138 }
139
140 DialParaInfo paraInfo;
141 paraInfo.dialType = static_cast<DialType>(size % DIAL_TYPE);
142 paraInfo.callType = static_cast<CallType>(size % CALL_TYPE_NUM);
143 paraInfo.videoState = static_cast<VideoStateType>(size % VIDIO_TYPE_NUM);
144 paraInfo.callState = static_cast<TelCallState>(size % TEL_CALL_STATE_NUM);
145 sptr<CallBase> callObjectPtr = std::make_unique<CSCall>(paraInfo).release();
146 ContactInfo contactInfo;
147 CallRunningState callRunningState = static_cast<CallRunningState>(size % CALL_RUNNING_STATE_NUM);
148 bool speakerphoneOn = static_cast<bool>(size % BOOL_NUM);
149 std::string phoneNumber(reinterpret_cast<const char *>(data), size);
150 int32_t callId = static_cast<int32_t>(size);
151 CallEndedType callEndedType = static_cast<CallEndedType>(size % CALL_ENDED_TYPE_NUM);
152 CallAnswerType answerType = static_cast<CallAnswerType>(size % CALL_ANSWER_TYPE_NUM);
153 int64_t startTime = static_cast<int64_t>(size);
154 time_t callBeginTime = static_cast<time_t>(size);
155 time_t callEndTime = static_cast<time_t>(size);
156 time_t ringBeginTime = static_cast<time_t>(size);
157 time_t ringEndTime = static_cast<time_t>(size);
158 callObjectPtr->GetCallerInfo();
159 callObjectPtr->SetCallerInfo(contactInfo);
160 callObjectPtr->SetCallRunningState(callRunningState);
161 callObjectPtr->SetStartTime(startTime);
162 callObjectPtr->SetCallBeginTime(callBeginTime);
163 callObjectPtr->SetCallEndTime(callEndTime);
164 callObjectPtr->SetRingBeginTime(ringBeginTime);
165 callObjectPtr->SetRingEndTime(ringEndTime);
166 callObjectPtr->SetAnswerType(answerType);
167 callObjectPtr->GetCallEndedType();
168 callObjectPtr->SetCallEndedType(callEndedType);
169 callObjectPtr->SetCallId(callId);
170 callObjectPtr->IsSpeakerphoneEnabled();
171 callObjectPtr->IsCurrentRinging();
172 callObjectPtr->GetAccountNumber();
173 callObjectPtr->SetSpeakerphoneOn(speakerphoneOn);
174 callObjectPtr->IsSpeakerphoneOn();
175 callObjectPtr->SetAudio();
176 callObjectPtr->CheckVoicemailNumber(phoneNumber);
177 callObjectPtr->IsAliveState();
178 }
179
IMSCallFunc(const uint8_t * data,size_t size)180 void IMSCallFunc(const uint8_t *data, size_t size)
181 {
182 if (!IsServiceInited()) {
183 return;
184 }
185
186 DialParaInfo paraInfo;
187 paraInfo.dialType = static_cast<DialType>(size % DIAL_TYPE);
188 paraInfo.callType = static_cast<CallType>(size % CALL_TYPE_NUM);
189 paraInfo.videoState = static_cast<VideoStateType>(size % VIDIO_TYPE_NUM);
190 paraInfo.callState = static_cast<TelCallState>(size % TEL_CALL_STATE_NUM);
191 sptr<IMSCall> callObjectPtr = std::make_unique<IMSCall>(paraInfo).release();
192 int32_t videoState = static_cast<int32_t>(size % VIDIO_TYPE_NUM);
193 int32_t mute = static_cast<int32_t>(size % BOOL_NUM);
194 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
195 std::string msg(reinterpret_cast<const char *>(data), size);
196 std::u16string msgU16 = Str8ToStr16(msg);
197 CallMediaModeResponse response;
198 response.result = static_cast<int32_t>(size % BOOL_NUM);
199 int32_t length = msg.length() > kMaxNumberLen ? kMaxNumberLen : msg.length();
200 if (memcpy_s(response.phoneNum, kMaxNumberLen, msg.c_str(), length) != EOK) {
201 return;
202 }
203
204 callObjectPtr->InitVideoCall();
205 callObjectPtr->DialingProcess();
206 callObjectPtr->AnswerCall(videoState);
207 callObjectPtr->RejectCall();
208 callObjectPtr->HangUpCall();
209 callObjectPtr->HoldCall();
210 callObjectPtr->UnHoldCall();
211 callObjectPtr->SwitchCall();
212 callObjectPtr->CombineConference();
213 callObjectPtr->SeparateConference();
214 callObjectPtr->CanCombineConference();
215 callObjectPtr->CanSeparateConference();
216 callObjectPtr->LaunchConference();
217 callObjectPtr->ExitConference();
218 callObjectPtr->HoldConference();
219 int32_t mainCallId = INVALID_CALL_ID;
220 callObjectPtr->GetMainCallId(mainCallId);
221 std::vector<std::u16string> subCallIdList;
222 callObjectPtr->GetSubCallIdList(subCallIdList);
223 std::vector<std::u16string> callIdList;
224 callObjectPtr->GetCallIdListForConference(callIdList);
225 callObjectPtr->IsSupportConferenceable();
226 callObjectPtr->StartRtt(msgU16);
227 callObjectPtr->StopRtt();
228 callObjectPtr->SetMute(mute, slotId);
229 callObjectPtr->AcceptVideoCall();
230 callObjectPtr->RefuseVideoCall();
231 callObjectPtr->IsSupportVideoCall();
232 }
233
OttCallFunc(const uint8_t * data,size_t size)234 void OttCallFunc(const uint8_t *data, size_t size)
235 {
236 if (!IsServiceInited()) {
237 return;
238 }
239
240 DialParaInfo paraInfo;
241 paraInfo.dialType = static_cast<DialType>(size % DIAL_TYPE);
242 paraInfo.callType = static_cast<CallType>(size % CALL_TYPE_NUM);
243 paraInfo.videoState = static_cast<VideoStateType>(size % VIDIO_TYPE_NUM);
244 paraInfo.callState = static_cast<TelCallState>(size % TEL_CALL_STATE_NUM);
245 sptr<OTTCall> callObjectPtr = std::make_unique<OTTCall>(paraInfo).release();
246 int32_t videoState = static_cast<int32_t>(size % VIDIO_TYPE_NUM);
247 int32_t mute = static_cast<int32_t>(size % BOOL_NUM);
248 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
249 std::string msg(reinterpret_cast<const char *>(data), size);
250 CallMediaModeResponse response;
251 response.result = static_cast<int32_t>(size % BOOL_NUM);
252 int32_t length = msg.length() > kMaxNumberLen ? kMaxNumberLen : msg.length();
253 if (memcpy_s(response.phoneNum, kMaxNumberLen, msg.c_str(), length) != EOK) {
254 return;
255 }
256
257 callObjectPtr->DialingProcess();
258 callObjectPtr->AnswerCall(videoState);
259 callObjectPtr->RejectCall();
260 callObjectPtr->HangUpCall();
261 callObjectPtr->HoldCall();
262 callObjectPtr->UnHoldCall();
263 callObjectPtr->SwitchCall();
264 callObjectPtr->GetEmergencyState();
265 callObjectPtr->StopDtmf();
266 callObjectPtr->GetSlotId();
267 callObjectPtr->CombineConference();
268 callObjectPtr->SeparateConference();
269 callObjectPtr->CanCombineConference();
270 callObjectPtr->CanSeparateConference();
271 callObjectPtr->LaunchConference();
272 callObjectPtr->ExitConference();
273 callObjectPtr->HoldConference();
274 int32_t mainCallId = INVALID_CALL_ID;
275 callObjectPtr->GetMainCallId(mainCallId);
276 std::vector<std::u16string> subCallIdList;
277 callObjectPtr->GetSubCallIdList(subCallIdList);
278 std::vector<std::u16string> callIdList;
279 callObjectPtr->GetCallIdListForConference(callIdList);
280 callObjectPtr->IsSupportConferenceable();
281 callObjectPtr->ReceiveUpdateCallMediaModeResponse(response);
282 callObjectPtr->SetMute(mute, slotId);
283 }
284
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)285 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
286 {
287 if (data == nullptr || size == 0) {
288 return;
289 }
290
291 CSCallFunc(data, size);
292 DialingProcess(data, size);
293 GetCallerInfo(data, size);
294 IMSCallFunc(data, size);
295 OttCallFunc(data, size);
296 }
297 } // namespace OHOS
298
299 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)300 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
301 {
302 OHOS::AddCallTokenFuzzer token;
303 /* Run your code on data */
304 OHOS::DoSomethingInterestingWithMyAPI(data, size);
305 return 0;
306 }
307