1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "bluetoothdialcall_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #define private public
21 #include "addcalltoken_fuzzer.h"
22 #include "bluetooth_call_service.h"
23 #include "call_manager_service.h"
24 #include "message_parcel.h"
25 #include "system_ability_definition.h"
26
27 using namespace OHOS::Telephony;
28 namespace OHOS {
29 static bool g_isInited = false;
30 constexpr int32_t SLOT_NUM = 3;
31
IsServiceInited()32 bool IsServiceInited()
33 {
34 if (!g_isInited) {
35 DelayedSingleton<CallManagerService>::GetInstance()->OnStart();
36 if (DelayedSingleton<CallManagerService>::GetInstance()->GetServiceRunningState() ==
37 static_cast<int32_t>(CallManagerService::ServiceRunningState::STATE_RUNNING)) {
38 g_isInited = true;
39 }
40 }
41 return g_isInited;
42 }
43
AnswerCall(const uint8_t * data,size_t size)44 void AnswerCall(const uint8_t *data, size_t size)
45 {
46 if (!IsServiceInited()) {
47 return;
48 }
49
50 MessageParcel dataParcel;
51 dataParcel.WriteBuffer(data, size);
52 dataParcel.RewindRead(0);
53 MessageParcel reply;
54 DelayedSingleton<BluetoothCallService>::GetInstance()->OnAnswerCall(dataParcel, reply);
55 }
56
RejectCall(const uint8_t * data,size_t size)57 void RejectCall(const uint8_t *data, size_t size)
58 {
59 if (!IsServiceInited()) {
60 return;
61 }
62
63 MessageParcel dataParcel;
64 dataParcel.WriteBuffer(data, size);
65 dataParcel.RewindRead(0);
66 MessageParcel reply;
67 DelayedSingleton<BluetoothCallService>::GetInstance()->OnRejectCall(dataParcel, reply);
68 }
69
HangUpCall(const uint8_t * data,size_t size)70 void HangUpCall(const uint8_t *data, size_t size)
71 {
72 if (!IsServiceInited()) {
73 return;
74 }
75
76 MessageParcel dataParcel;
77 dataParcel.WriteBuffer(data, size);
78 dataParcel.RewindRead(0);
79 MessageParcel reply;
80 DelayedSingleton<BluetoothCallService>::GetInstance()->OnHangUpCall(dataParcel, reply);
81 }
82
GetBtCallState(const uint8_t * data,size_t size)83 void GetBtCallState(const uint8_t *data, size_t size)
84 {
85 if (!IsServiceInited()) {
86 return;
87 }
88
89 MessageParcel dataParcel;
90 dataParcel.WriteBuffer(data, size);
91 dataParcel.RewindRead(0);
92 MessageParcel reply;
93 DelayedSingleton<BluetoothCallService>::GetInstance()->OnGetBtCallState(dataParcel, reply);
94 }
95
HoldCall(const uint8_t * data,size_t size)96 void HoldCall(const uint8_t *data, size_t size)
97 {
98 if (!IsServiceInited()) {
99 return;
100 }
101
102 MessageParcel dataParcel;
103 dataParcel.WriteBuffer(data, size);
104 dataParcel.RewindRead(0);
105 MessageParcel reply;
106 DelayedSingleton<BluetoothCallService>::GetInstance()->OnHoldCall(dataParcel, reply);
107 }
108
UnHoldCall(const uint8_t * data,size_t size)109 void UnHoldCall(const uint8_t *data, size_t size)
110 {
111 if (!IsServiceInited()) {
112 return;
113 }
114
115 MessageParcel dataParcel;
116 dataParcel.WriteBuffer(data, size);
117 dataParcel.RewindRead(0);
118 MessageParcel reply;
119 DelayedSingleton<BluetoothCallService>::GetInstance()->OnUnHoldCall(dataParcel, reply);
120 }
121
SwitchCall(const uint8_t * data,size_t size)122 void SwitchCall(const uint8_t *data, size_t size)
123 {
124 if (!IsServiceInited()) {
125 return;
126 }
127
128 MessageParcel dataParcel;
129 dataParcel.WriteBuffer(data, size);
130 dataParcel.RewindRead(0);
131 MessageParcel reply;
132 DelayedSingleton<BluetoothCallService>::GetInstance()->OnSwitchCall(dataParcel, reply);
133 }
134
CombineConference(const uint8_t * data,size_t size)135 void CombineConference(const uint8_t *data, size_t size)
136 {
137 if (!IsServiceInited()) {
138 return;
139 }
140
141 MessageParcel dataParcel;
142 dataParcel.WriteBuffer(data, size);
143 dataParcel.RewindRead(0);
144 MessageParcel reply;
145 DelayedSingleton<BluetoothCallService>::GetInstance()->OnCombineConference(dataParcel, reply);
146 }
147
SeparateConference(const uint8_t * data,size_t size)148 void SeparateConference(const uint8_t *data, size_t size)
149 {
150 if (!IsServiceInited()) {
151 return;
152 }
153
154 MessageParcel dataParcel;
155 dataParcel.WriteBuffer(data, size);
156 dataParcel.RewindRead(0);
157 MessageParcel reply;
158 DelayedSingleton<BluetoothCallService>::GetInstance()->OnSeparateConference(dataParcel, reply);
159 }
160
KickOutFromConference(const uint8_t * data,size_t size)161 void KickOutFromConference(const uint8_t *data, size_t size)
162 {
163 if (!IsServiceInited()) {
164 return;
165 }
166
167 MessageParcel dataParcel;
168 dataParcel.WriteBuffer(data, size);
169 dataParcel.RewindRead(0);
170 MessageParcel reply;
171 DelayedSingleton<BluetoothCallService>::GetInstance()->OnKickOutFromConference(dataParcel, reply);
172 }
173
StartDtmf(const uint8_t * data,size_t size)174 void StartDtmf(const uint8_t *data, size_t size)
175 {
176 if (!IsServiceInited()) {
177 return;
178 }
179
180 MessageParcel dataParcel;
181 dataParcel.WriteInt8(*data);
182 dataParcel.WriteBuffer(data, size);
183 dataParcel.RewindRead(0);
184 MessageParcel reply;
185 DelayedSingleton<BluetoothCallService>::GetInstance()->OnStartDtmf(dataParcel, reply);
186 }
187
StopDtmf(const uint8_t * data,size_t size)188 void StopDtmf(const uint8_t *data, size_t size)
189 {
190 if (!IsServiceInited()) {
191 return;
192 }
193
194 MessageParcel dataParcel;
195 dataParcel.WriteBuffer(data, size);
196 dataParcel.RewindRead(0);
197 MessageParcel reply;
198 DelayedSingleton<BluetoothCallService>::GetInstance()->OnStopDtmf(dataParcel, reply);
199 }
200
GetCurrentCallList(const uint8_t * data,size_t size)201 void GetCurrentCallList(const uint8_t *data, size_t size)
202 {
203 if (!IsServiceInited()) {
204 return;
205 }
206
207 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
208 MessageParcel dataParcel;
209 dataParcel.WriteInt32(slotId);
210 dataParcel.WriteBuffer(data, size);
211 dataParcel.RewindRead(0);
212 MessageParcel reply;
213 DelayedSingleton<BluetoothCallService>::GetInstance()->OnGetCurrentCallList(dataParcel, reply);
214 }
215
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)216 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
217 {
218 if (data == nullptr || size == 0) {
219 return;
220 }
221
222 AnswerCall(data, size);
223 RejectCall(data, size);
224 HangUpCall(data, size);
225 GetBtCallState(data, size);
226 HoldCall(data, size);
227 UnHoldCall(data, size);
228 SwitchCall(data, size);
229 CombineConference(data, size);
230 SeparateConference(data, size);
231 KickOutFromConference(data, size);
232 StartDtmf(data, size);
233 StopDtmf(data, size);
234 GetCurrentCallList(data, size);
235 }
236 } // namespace OHOS
237
238 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)239 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
240 {
241 OHOS::AddCallTokenFuzzer token;
242 /* Run your code on data */
243 OHOS::DoSomethingInterestingWithMyAPI(data, size);
244 return 0;
245 }
246