1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "telephonyinteraction_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #define private public
21 #include "addcalltoken_fuzzer.h"
22 #include "call_manager_service.h"
23 #include "call_status_callback_proxy.h"
24 #include "system_ability_definition.h"
25
26 using namespace OHOS::Telephony;
27 namespace OHOS {
28 static bool g_isInited = false;
29 constexpr int32_t SLOT_NUM = 2;
30 constexpr int32_t ACCOUNT_ID_NUM = 10;
31 constexpr int32_t MULTI_PARTY_NUM = 10;
32 constexpr int32_t VOICE_DOMAIN_NUM = 10;
33 std::unique_ptr<CallStatusCallback> CallStatusCallbackPtr_ = nullptr;
34
IsServiceInited()35 bool IsServiceInited()
36 {
37 if (!g_isInited) {
38 DelayedSingleton<CallManagerService>::GetInstance()->OnStart();
39 if (DelayedSingleton<CallManagerService>::GetInstance()->GetServiceRunningState() ==
40 static_cast<int32_t>(CallManagerService::ServiceRunningState::STATE_RUNNING)) {
41 g_isInited = true;
42 }
43 }
44 CallStatusCallbackPtr_ = std::make_unique<CallStatusCallback>();
45 if (CallStatusCallbackPtr_ == nullptr) {
46 g_isInited = false;
47 }
48 return g_isInited;
49 }
50
OnRemoteRequest(const uint8_t * data,size_t size)51 int32_t OnRemoteRequest(const uint8_t *data, size_t size)
52 {
53 if (!IsServiceInited()) {
54 return TELEPHONY_ERROR;
55 }
56 MessageParcel dataMessageParcel;
57 if (!dataMessageParcel.WriteInterfaceToken(CallStatusCallbackStub::GetDescriptor())) {
58 return TELEPHONY_ERR_WRITE_DESCRIPTOR_TOKEN_FAIL;
59 }
60 dataMessageParcel.RewindRead(0);
61 uint32_t code = static_cast<uint32_t>(size);
62 MessageParcel reply;
63 MessageOption option;
64 return CallStatusCallbackPtr_->OnRemoteRequest(code, dataMessageParcel, reply, option);
65 }
66
UpdateCallReportInfo(const uint8_t * data,size_t size)67 int32_t UpdateCallReportInfo(const uint8_t *data, size_t size)
68 {
69 if (!IsServiceInited()) {
70 return TELEPHONY_ERROR;
71 }
72 MessageParcel dataParcel;
73 if (!dataParcel.WriteInterfaceToken(CallStatusCallbackProxy::GetDescriptor())) {
74 return TELEPHONY_ERR_WRITE_DESCRIPTOR_TOKEN_FAIL;
75 }
76 CallReportInfo info;
77 int32_t length = sizeof(CallReportInfo);
78 info.index = static_cast<int32_t>(size);
79 info.accountId = static_cast<int32_t>(size % ACCOUNT_ID_NUM);
80 info.voiceDomain = static_cast<int32_t>(size % VOICE_DOMAIN_NUM);
81 info.mpty = static_cast<int32_t>(size % MULTI_PARTY_NUM);
82 info.callType = CallType::TYPE_ERR_CALL;
83 info.callMode = VideoStateType::TYPE_VOICE;
84 info.state = TelCallState::CALL_STATUS_UNKNOWN;
85 std::string msg(reinterpret_cast<const char *>(data), size);
86 int32_t accountLength = msg.length() > kMaxNumberLen ? kMaxNumberLen : msg.length();
87 memcpy_s(info.accountNum, kMaxNumberLen, msg.c_str(), accountLength);
88 dataParcel.WriteInt32(length);
89 dataParcel.WriteRawData((const void *)&info, length);
90 dataParcel.RewindRead(0);
91 MessageParcel reply;
92 return CallStatusCallbackPtr_->OnUpdateCallReportInfo(dataParcel, reply);
93 }
94
UpdateCallsReportInfo(const uint8_t * data,size_t size)95 int32_t UpdateCallsReportInfo(const uint8_t *data, size_t size)
96 {
97 if (!IsServiceInited()) {
98 return TELEPHONY_ERROR;
99 }
100 MessageParcel dataParcel;
101 if (!dataParcel.WriteInterfaceToken(CallStatusCallbackProxy::GetDescriptor())) {
102 return TELEPHONY_ERR_WRITE_DESCRIPTOR_TOKEN_FAIL;
103 }
104 CallReportInfo info;
105 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
106 int32_t length = sizeof(CallReportInfo);
107 int32_t vecSize = static_cast<int32_t>(size);
108 info.index = static_cast<int32_t>(size);
109 info.accountId = static_cast<int32_t>(size % ACCOUNT_ID_NUM);
110 info.voiceDomain = static_cast<int32_t>(size % VOICE_DOMAIN_NUM);
111 info.mpty = static_cast<int32_t>(size % MULTI_PARTY_NUM);
112 info.callType = CallType::TYPE_ERR_CALL;
113 info.callMode = VideoStateType::TYPE_VOICE;
114 info.state = TelCallState::CALL_STATUS_UNKNOWN;
115 std::string msg(reinterpret_cast<const char *>(data), size);
116 int32_t accountLength = msg.length() > kMaxNumberLen ? kMaxNumberLen : msg.length();
117 memcpy_s(info.accountNum, kMaxNumberLen, msg.c_str(), accountLength);
118 dataParcel.WriteInt32(vecSize);
119 dataParcel.WriteInt32(length);
120 dataParcel.WriteRawData((const void *)&info, length);
121 dataParcel.WriteInt32(slotId);
122 dataParcel.RewindRead(0);
123 MessageParcel reply;
124 return CallStatusCallbackPtr_->OnUpdateCallsReportInfo(dataParcel, reply);
125 }
126
UpdateEventReport(const uint8_t * data,size_t size)127 int32_t UpdateEventReport(const uint8_t *data, size_t size)
128 {
129 if (!IsServiceInited()) {
130 return TELEPHONY_ERROR;
131 }
132 MessageParcel dataParcel;
133 if (!dataParcel.WriteInterfaceToken(CallStatusCallbackProxy::GetDescriptor())) {
134 return TELEPHONY_ERR_WRITE_DESCRIPTOR_TOKEN_FAIL;
135 }
136 CellularCallEventInfo info;
137 int32_t length = sizeof(CellularCallEventInfo);
138 info.eventType = CellularCallEventType::EVENT_REQUEST_RESULT_TYPE;
139 info.eventId = RequestResultEventId::INVALID_REQUEST_RESULT_EVENT_ID;
140 dataParcel.WriteInt32(length);
141 dataParcel.WriteRawData((const void *)&info, length);
142 dataParcel.RewindRead(0);
143 MessageParcel reply;
144 return CallStatusCallbackPtr_->OnUpdateEventReport(dataParcel, reply);
145 }
146
UpdateGetWaitingResult(const uint8_t * data,size_t size)147 int32_t UpdateGetWaitingResult(const uint8_t *data, size_t size)
148 {
149 if (!IsServiceInited()) {
150 return TELEPHONY_ERROR;
151 }
152 MessageParcel dataParcel;
153 if (!dataParcel.WriteInterfaceToken(CallStatusCallbackProxy::GetDescriptor())) {
154 return TELEPHONY_ERR_WRITE_DESCRIPTOR_TOKEN_FAIL;
155 }
156 CallWaitResponse callWaitResponse;
157 int32_t length = sizeof(CallWaitResponse);
158 dataParcel.WriteInt32(length);
159 callWaitResponse.result = static_cast<int32_t>(size);
160 callWaitResponse.status = static_cast<int32_t>(size);
161 callWaitResponse.classCw = static_cast<int32_t>(size);
162 dataParcel.WriteRawData((const void *)&callWaitResponse, length);
163 dataParcel.RewindRead(0);
164 MessageParcel reply;
165 return CallStatusCallbackPtr_->OnUpdateGetWaitingResult(dataParcel, reply);
166 }
167
UpdateGetRestrictionResult(const uint8_t * data,size_t size)168 int32_t UpdateGetRestrictionResult(const uint8_t *data, size_t size)
169 {
170 if (!IsServiceInited()) {
171 return TELEPHONY_ERROR;
172 }
173 MessageParcel dataParcel;
174 if (!dataParcel.WriteInterfaceToken(CallStatusCallbackProxy::GetDescriptor())) {
175 return TELEPHONY_ERR_WRITE_DESCRIPTOR_TOKEN_FAIL;
176 }
177 CallRestrictionResponse callRestrictionResult;
178 int32_t length = sizeof(CallRestrictionResponse);
179 dataParcel.WriteInt32(length);
180 callRestrictionResult.result = static_cast<int32_t>(size);
181 callRestrictionResult.status = static_cast<int32_t>(size);
182 callRestrictionResult.classCw = static_cast<int32_t>(size);
183 dataParcel.WriteRawData((const void *)&callRestrictionResult, length);
184 dataParcel.RewindRead(0);
185 MessageParcel reply;
186 return CallStatusCallbackPtr_->OnUpdateGetRestrictionResult(dataParcel, reply);
187 }
188
UpdateGetTransferResult(const uint8_t * data,size_t size)189 int32_t UpdateGetTransferResult(const uint8_t *data, size_t size)
190 {
191 if (!IsServiceInited()) {
192 return TELEPHONY_ERROR;
193 }
194 MessageParcel dataParcel;
195 if (!dataParcel.WriteInterfaceToken(CallStatusCallbackProxy::GetDescriptor())) {
196 return TELEPHONY_ERR_WRITE_DESCRIPTOR_TOKEN_FAIL;
197 }
198 CallTransferResponse callTransferResponse;
199 int32_t length = sizeof(CallTransferResponse);
200 dataParcel.WriteInt32(length);
201 callTransferResponse.result = static_cast<int32_t>(size);
202 callTransferResponse.status = static_cast<int32_t>(size);
203 callTransferResponse.classx = static_cast<int32_t>(size);
204 callTransferResponse.type = static_cast<int32_t>(size);
205 std::string msg(reinterpret_cast<const char *>(data), size);
206 int32_t accountLength = msg.length() > kMaxNumberLen ? kMaxNumberLen : msg.length();
207 memcpy_s(callTransferResponse.number, kMaxNumberLen, msg.c_str(), accountLength);
208 callTransferResponse.reason = static_cast<int32_t>(size);
209 callTransferResponse.time = static_cast<int32_t>(size);
210 callTransferResponse.startHour = static_cast<int32_t>(size);
211 callTransferResponse.startMinute = static_cast<int32_t>(size);
212 callTransferResponse.endHour = static_cast<int32_t>(size);
213 callTransferResponse.endMinute = static_cast<int32_t>(size);
214 dataParcel.WriteRawData((const void *)&callTransferResponse, length);
215 dataParcel.RewindRead(0);
216 MessageParcel reply;
217 return CallStatusCallbackPtr_->OnUpdateGetTransferResult(dataParcel, reply);
218 }
219
UpdateGetCallClipResult(const uint8_t * data,size_t size)220 int32_t UpdateGetCallClipResult(const uint8_t *data, size_t size)
221 {
222 if (!IsServiceInited()) {
223 return TELEPHONY_ERROR;
224 }
225 MessageParcel dataParcel;
226 if (!dataParcel.WriteInterfaceToken(CallStatusCallbackProxy::GetDescriptor())) {
227 return TELEPHONY_ERR_WRITE_DESCRIPTOR_TOKEN_FAIL;
228 }
229 ClipResponse clipResponse;
230 int32_t length = sizeof(ClipResponse);
231 dataParcel.WriteInt32(length);
232 clipResponse.result = static_cast<int32_t>(size);
233 clipResponse.action = static_cast<int32_t>(size);
234 clipResponse.clipStat = static_cast<int32_t>(size);
235 dataParcel.WriteRawData((const void *)&clipResponse, length);
236 dataParcel.RewindRead(0);
237 MessageParcel reply;
238 return CallStatusCallbackPtr_->OnUpdateGetCallClipResult(dataParcel, reply);
239 }
240
GetImsConfigResult(const uint8_t * data,size_t size)241 int32_t GetImsConfigResult(const uint8_t *data, size_t size)
242 {
243 if (!IsServiceInited()) {
244 return TELEPHONY_ERROR;
245 }
246 MessageParcel dataParcel;
247 if (!dataParcel.WriteInterfaceToken(CallStatusCallbackProxy::GetDescriptor())) {
248 return TELEPHONY_ERR_WRITE_DESCRIPTOR_TOKEN_FAIL;
249 }
250 GetImsConfigResponse response;
251 int32_t length = sizeof(GetImsConfigResponse);
252 dataParcel.WriteInt32(length);
253 response.result = static_cast<int32_t>(size);
254 response.value = static_cast<int32_t>(size);
255 dataParcel.WriteRawData((const void *)&response, length);
256 dataParcel.RewindRead(0);
257 MessageParcel reply;
258 return CallStatusCallbackPtr_->OnGetImsConfigResult(dataParcel, reply);
259 }
260
GetImsFeatureValueResult(const uint8_t * data,size_t size)261 int32_t GetImsFeatureValueResult(const uint8_t *data, size_t size)
262 {
263 if (!IsServiceInited()) {
264 return TELEPHONY_ERROR;
265 }
266 MessageParcel dataParcel;
267 if (!dataParcel.WriteInterfaceToken(CallStatusCallbackProxy::GetDescriptor())) {
268 return TELEPHONY_ERR_WRITE_DESCRIPTOR_TOKEN_FAIL;
269 }
270 GetImsFeatureValueResponse response;
271 int32_t length = sizeof(GetImsFeatureValueResponse);
272 dataParcel.WriteInt32(length);
273 response.result = static_cast<int32_t>(size);
274 response.value = static_cast<int32_t>(size);
275 dataParcel.WriteRawData((const void *)&response, length);
276 dataParcel.RewindRead(0);
277 MessageParcel reply;
278 return CallStatusCallbackPtr_->OnGetImsFeatureValueResult(dataParcel, reply);
279 }
280
ReceiveUpdateMediaModeResponse(const uint8_t * data,size_t size)281 int32_t ReceiveUpdateMediaModeResponse(const uint8_t *data, size_t size)
282 {
283 if (!IsServiceInited()) {
284 return TELEPHONY_ERROR;
285 }
286 MessageParcel dataParcel;
287 if (!dataParcel.WriteInterfaceToken(CallStatusCallbackProxy::GetDescriptor())) {
288 return TELEPHONY_ERR_WRITE_DESCRIPTOR_TOKEN_FAIL;
289 }
290 CallMediaModeResponse response;
291 int32_t length = sizeof(CallMediaModeResponse);
292 dataParcel.WriteInt32(length);
293 response.result = static_cast<int32_t>(size);
294 std::string msg(reinterpret_cast<const char *>(data), size);
295 int32_t phoneLength = msg.length() > kMaxNumberLen ? kMaxNumberLen : msg.length();
296 memcpy_s(response.phoneNum, kMaxNumberLen, msg.c_str(), phoneLength);
297 dataParcel.WriteRawData((const void *)&response, length);
298 dataParcel.RewindRead(0);
299 MessageParcel reply;
300 return CallStatusCallbackPtr_->OnReceiveUpdateMediaModeResponse(dataParcel, reply);
301 }
302
SendMmiCodeResult(const uint8_t * data,size_t size)303 int32_t SendMmiCodeResult(const uint8_t *data, size_t size)
304 {
305 if (!IsServiceInited()) {
306 return TELEPHONY_ERROR;
307 }
308 MessageParcel dataParcel;
309 if (!dataParcel.WriteInterfaceToken(CallStatusCallbackProxy::GetDescriptor())) {
310 return TELEPHONY_ERR_WRITE_DESCRIPTOR_TOKEN_FAIL;
311 }
312 MmiCodeInfo info;
313 int32_t length = sizeof(MmiCodeInfo);
314 dataParcel.WriteInt32(length);
315 info.result = static_cast<int32_t>(size);
316 std::string msg(reinterpret_cast<const char *>(data), size);
317 int32_t msgLength = msg.length() > kMaxNumberLen ? kMaxNumberLen : msg.length();
318 memcpy_s(info.message, kMaxNumberLen, msg.c_str(), msgLength);
319 dataParcel.WriteRawData((const void *)&info, length);
320 dataParcel.RewindRead(0);
321 MessageParcel reply;
322 return CallStatusCallbackPtr_->OnSendMmiCodeResult(dataParcel, reply);
323 }
324
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)325 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
326 {
327 if (data == nullptr || size == 0) {
328 return;
329 }
330 OnRemoteRequest(data, size);
331 UpdateCallReportInfo(data, size);
332 UpdateCallsReportInfo(data, size);
333 UpdateEventReport(data, size);
334 UpdateGetWaitingResult(data, size);
335 UpdateGetRestrictionResult(data, size);
336 UpdateGetTransferResult(data, size);
337 UpdateGetCallClipResult(data, size);
338 GetImsConfigResult(data, size);
339 GetImsFeatureValueResult(data, size);
340 ReceiveUpdateMediaModeResponse(data, size);
341 SendMmiCodeResult(data, size);
342 }
343 } // namespace OHOS
344
345 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)346 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
347 {
348 OHOS::AddCallTokenFuzzer token;
349 /* Run your code on data */
350 OHOS::DoSomethingInterestingWithMyAPI(data, size);
351 return 0;
352 }
353