1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "callnotification_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <securec.h>
21 #define private public
22 #include "addcalltoken_fuzzer.h"
23 #include "call_data_base_helper.h"
24 #include "call_manager_service.h"
25 #include "cs_call.h"
26 #include "incoming_call_notification.h"
27 #include "incoming_call_wake_up.h"
28 #include "missed_call_notification.h"
29 #include "proximity_sensor.h"
30 #include "reject_call_sms.h"
31 #include "status_bar.h"
32 #include "system_ability_definition.h"
33 #include "wired_headset.h"
34
35 using namespace OHOS::Telephony;
36 namespace OHOS {
37 static bool g_isInited = false;
38 constexpr int32_t CALL_STATE_NUM = 8;
39 constexpr int32_t BOOL_NUM = 2;
40
IsServiceInited()41 bool IsServiceInited()
42 {
43 if (!g_isInited) {
44 DelayedSingleton<CallManagerService>::GetInstance()->OnStart();
45 if (DelayedSingleton<CallManagerService>::GetInstance()->GetServiceRunningState() ==
46 static_cast<int32_t>(CallManagerService::ServiceRunningState::STATE_RUNNING)) {
47 g_isInited = true;
48 }
49 }
50 return g_isInited;
51 }
52
IncomingCallNotificationFunc(const uint8_t * data,size_t size)53 void IncomingCallNotificationFunc(const uint8_t *data, size_t size)
54 {
55 if (!IsServiceInited()) {
56 return;
57 }
58
59 std::shared_ptr<IncomingCallNotification> notification = std::make_shared<IncomingCallNotification>();
60 DialParaInfo paraInfo;
61 sptr<CallBase> callObjectPtr = std::make_unique<CSCall>(paraInfo).release();
62 TelCallState priorState = static_cast<TelCallState>(size % CALL_STATE_NUM);
63 TelCallState nextState = static_cast<TelCallState>(size % CALL_STATE_NUM);
64 std::string message(reinterpret_cast<const char *>(data), size);
65 DisconnectedDetails details;
66
67 notification->NewCallCreated(callObjectPtr);
68 notification->CallStateUpdated(callObjectPtr, priorState, nextState);
69 notification->IncomingCallActivated(callObjectPtr);
70 notification->IncomingCallHungUp(callObjectPtr, true, message);
71 notification->CallDestroyed(details);
72 notification->PublishIncomingCallNotification(callObjectPtr);
73 notification->CancelIncomingCallNotification();
74 notification->IsFullScreen();
75 }
76
IncomingCallWakeupFunc(const uint8_t * data,size_t size)77 void IncomingCallWakeupFunc(const uint8_t *data, size_t size)
78 {
79 if (!IsServiceInited()) {
80 return;
81 }
82
83 std::shared_ptr<IncomingCallWakeup> notification = std::make_shared<IncomingCallWakeup>();
84 DialParaInfo paraInfo;
85 sptr<CallBase> callObjectPtr = std::make_unique<CSCall>(paraInfo).release();
86 TelCallState priorState = static_cast<TelCallState>(size % CALL_STATE_NUM);
87 TelCallState nextState = static_cast<TelCallState>(size % CALL_STATE_NUM);
88 std::string message(reinterpret_cast<const char *>(data), size);
89 DisconnectedDetails details;
90
91 notification->NewCallCreated(callObjectPtr);
92 notification->WakeupDevice();
93 notification->IsScreenOn();
94 notification->IsPowerAbilityExist();
95 notification->CallDestroyed(details);
96 notification->IncomingCallActivated(callObjectPtr);
97 notification->IncomingCallHungUp(callObjectPtr, true, message);
98 notification->CallStateUpdated(callObjectPtr, priorState, nextState);
99 }
100
ProximitySensorFunc(const uint8_t * data,size_t size)101 void ProximitySensorFunc(const uint8_t *data, size_t size)
102 {
103 if (!IsServiceInited()) {
104 return;
105 }
106
107 std::shared_ptr<ProximitySensor> notification = std::make_shared<ProximitySensor>();
108 DialParaInfo paraInfo;
109 sptr<CallBase> callObjectPtr = std::make_unique<CSCall>(paraInfo).release();
110 TelCallState priorState = static_cast<TelCallState>(size % CALL_STATE_NUM);
111 TelCallState nextState = static_cast<TelCallState>(size % CALL_STATE_NUM);
112 std::string message(reinterpret_cast<const char *>(data), size);
113 DisconnectedDetails details;
114
115 notification->CallDestroyed(details);
116 notification->NewCallCreated(callObjectPtr);
117 notification->IncomingCallActivated(callObjectPtr);
118 notification->IncomingCallHungUp(callObjectPtr, true, message);
119 notification->CallStateUpdated(callObjectPtr, priorState, nextState);
120 }
121
StatusBarFunc(const uint8_t * data,size_t size)122 void StatusBarFunc(const uint8_t *data, size_t size)
123 {
124 if (!IsServiceInited()) {
125 return;
126 }
127
128 std::shared_ptr<StatusBar> notification = std::make_shared<StatusBar>();
129 DialParaInfo paraInfo;
130 sptr<CallBase> callObjectPtr = std::make_unique<CSCall>(paraInfo).release();
131 TelCallState priorState = static_cast<TelCallState>(size % CALL_STATE_NUM);
132 TelCallState nextState = static_cast<TelCallState>(size % CALL_STATE_NUM);
133 std::string message(reinterpret_cast<const char *>(data), size);
134 DisconnectedDetails details;
135 int32_t isDisplayMute = static_cast<int32_t>(size % BOOL_NUM);
136
137 notification->UpdateMuteIcon(isDisplayMute);
138 notification->UpdateSpeakerphoneIcon(isDisplayMute);
139 notification->NewCallCreated(callObjectPtr);
140 notification->CallDestroyed(details);
141 notification->IncomingCallActivated(callObjectPtr);
142 notification->IncomingCallHungUp(callObjectPtr, true, message);
143 notification->CallStateUpdated(callObjectPtr, priorState, nextState);
144 }
145
WiredHeadsetHandlerFunc(const uint8_t * data,size_t size)146 void WiredHeadsetHandlerFunc(const uint8_t *data, size_t size)
147 {
148 if (!IsServiceInited()) {
149 return;
150 }
151
152 std::shared_ptr<WiredHeadset> notification = std::make_shared<WiredHeadset>();
153 DialParaInfo paraInfo;
154 sptr<CallBase> callObjectPtr = std::make_unique<CSCall>(paraInfo).release();
155 TelCallState priorState = static_cast<TelCallState>(size % CALL_STATE_NUM);
156 TelCallState nextState = static_cast<TelCallState>(size % CALL_STATE_NUM);
157 std::string message(reinterpret_cast<const char *>(data), size);
158 DisconnectedDetails details;
159
160 notification->Init();
161 notification->NewCallCreated(callObjectPtr);
162 notification->CallDestroyed(details);
163 notification->IncomingCallActivated(callObjectPtr);
164 notification->IncomingCallHungUp(callObjectPtr, true, message);
165 notification->CallStateUpdated(callObjectPtr, priorState, nextState);
166 }
167
CallDataRdbObserverFunc(const uint8_t * data,size_t size)168 void CallDataRdbObserverFunc(const uint8_t *data, size_t size)
169 {
170 if (!IsServiceInited()) {
171 return;
172 }
173
174 std::string message(reinterpret_cast<const char *>(data), size);
175 std::shared_ptr<CallDataBaseHelper> callDataBaseHelper = DelayedSingleton<CallDataBaseHelper>::GetInstance();
176 DataShare::DataShareValuesBucket values;
177 DataShare::DataSharePredicates predicates;
178 DialParaInfo paraInfo;
179 sptr<CallBase> callObjectPtr = std::make_unique<CSCall>(paraInfo).release();
180 ContactInfo contactInfo;
181 int32_t length = message.length() > CONTACT_NAME_LEN ? CONTACT_NAME_LEN : message.length();
182 if (memcpy_s(contactInfo.name, CONTACT_NAME_LEN, message.c_str(), length) != EOK) {
183 return;
184 }
185 length = message.length() > kMaxNumberLen ? kMaxNumberLen : message.length();
186 if (memcpy_s(contactInfo.number, kMaxNumberLen, message.c_str(), length) != EOK) {
187 return;
188 }
189 length = message.length() > FILE_PATH_MAX_LEN ? FILE_PATH_MAX_LEN : message.length();
190 if (memcpy_s(contactInfo.ringtonePath, FILE_PATH_MAX_LEN, message.c_str(), length) != EOK) {
191 return;
192 }
193
194 callDataBaseHelper->UnRegisterObserver();
195 callDataBaseHelper->Insert(values);
196 callDataBaseHelper->Query(contactInfo, predicates);
197 callDataBaseHelper->Delete(predicates);
198 }
199
MissedCallNotificationFunc(const uint8_t * data,size_t size)200 void MissedCallNotificationFunc(const uint8_t *data, size_t size)
201 {
202 if (!IsServiceInited()) {
203 return;
204 }
205
206 std::shared_ptr<MissedCallNotification> notification = std::make_shared<MissedCallNotification>();
207 DialParaInfo paraInfo;
208 sptr<CallBase> callObjectPtr = std::make_unique<CSCall>(paraInfo).release();
209 TelCallState priorState = static_cast<TelCallState>(size % CALL_STATE_NUM);
210 TelCallState nextState = static_cast<TelCallState>(size % CALL_STATE_NUM);
211 std::string message(reinterpret_cast<const char *>(data), size);
212 DisconnectedDetails details;
213
214 notification->NewCallCreated(callObjectPtr);
215 notification->PublishMissedCallEvent(callObjectPtr);
216 notification->PublishMissedCallNotification(callObjectPtr);
217 notification->CancelMissedCallsNotification(static_cast<int32_t>(size));
218 notification->CallDestroyed(details);
219 notification->IncomingCallActivated(callObjectPtr);
220 notification->IncomingCallHungUp(callObjectPtr, true, message);
221 notification->CallStateUpdated(callObjectPtr, priorState, nextState);
222 }
223
RejectCallSmsFunc(const uint8_t * data,size_t size)224 void RejectCallSmsFunc(const uint8_t *data, size_t size)
225 {
226 if (!IsServiceInited()) {
227 return;
228 }
229
230 std::shared_ptr<RejectCallSms> notification = std::make_shared<RejectCallSms>();
231 DialParaInfo paraInfo;
232 int32_t slotId = static_cast<int32_t>(size % 2);
233 sptr<CallBase> callObjectPtr = std::make_unique<CSCall>(paraInfo).release();
234 TelCallState priorState = static_cast<TelCallState>(size % CALL_STATE_NUM);
235 TelCallState nextState = static_cast<TelCallState>(size % CALL_STATE_NUM);
236 std::string message(reinterpret_cast<const char *>(data), size);
237 std::string desAddr(reinterpret_cast<const char *>(data), size);
238 std::u16string desAddrU16 = Str8ToStr16(desAddr);
239 std::u16string messageU16 = Str8ToStr16(message);
240 DisconnectedDetails details;
241
242 notification->NewCallCreated(callObjectPtr);
243 notification->SendMessage(slotId, desAddrU16, messageU16);
244 notification->CallDestroyed(details);
245 notification->IncomingCallActivated(callObjectPtr);
246 notification->IncomingCallHungUp(callObjectPtr, true, message);
247 notification->CallStateUpdated(callObjectPtr, priorState, nextState);
248 }
249
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)250 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
251 {
252 if (data == nullptr || size == 0) {
253 return;
254 }
255
256 IncomingCallNotificationFunc(data, size);
257 IncomingCallWakeupFunc(data, size);
258 ProximitySensorFunc(data, size);
259 StatusBarFunc(data, size);
260 WiredHeadsetHandlerFunc(data, size);
261 CallDataRdbObserverFunc(data, size);
262 MissedCallNotificationFunc(data, size);
263 RejectCallSmsFunc(data, size);
264 }
265 } // namespace OHOS
266
267 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)268 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
269 {
270 OHOS::AddCallTokenFuzzer token;
271 /* Run your code on data */
272 OHOS::DoSomethingInterestingWithMyAPI(data, size);
273 return 0;
274 }
275