1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "getcallrestriction_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #define private public
21 #include "addcellularcalltoken_fuzzer.h"
22 #include "cellular_call_service.h"
23 #include "securec.h"
24 #include "system_ability_definition.h"
25
26 using namespace OHOS::Telephony;
27 namespace OHOS {
28 static bool g_isInited = false;
29 constexpr int32_t SLOT_NUM = 2;
30 constexpr int32_t VEDIO_STATE_NUM = 2;
31 constexpr int32_t BOOL_NUM = 2;
32 constexpr size_t MAX_NUMBER_LEN = 99;
33
IsServiceInited()34 bool IsServiceInited()
35 {
36 DelayedSingleton<CellularCallService>::GetInstance()->OnStart();
37 if (!g_isInited && (static_cast<int32_t>(DelayedSingleton<CellularCallService>::GetInstance()->state_) ==
38 static_cast<int32_t>(ServiceRunningState::STATE_RUNNING))) {
39 g_isInited = true;
40 }
41 return g_isInited;
42 }
43
OnRemoteRequest(const uint8_t * data,size_t size)44 void OnRemoteRequest(const uint8_t *data, size_t size)
45 {
46 if (!IsServiceInited()) {
47 return;
48 }
49
50 MessageParcel dataMessageParcel;
51 if (!dataMessageParcel.WriteInterfaceToken(CellularCallStub::GetDescriptor())) {
52 return;
53 }
54 dataMessageParcel.WriteBuffer(data, size);
55 dataMessageParcel.RewindRead(0);
56 uint32_t code = static_cast<uint32_t>(size);
57 MessageParcel reply;
58 MessageOption option;
59 DelayedSingleton<CellularCallService>::GetInstance()->OnRemoteRequest(code, dataMessageParcel, reply, option);
60 }
61
UnRegisterCallManagerCallBack(const uint8_t * data,size_t size)62 void UnRegisterCallManagerCallBack(const uint8_t *data, size_t size)
63 {
64 if (!IsServiceInited()) {
65 return;
66 }
67
68 int32_t maxSize = static_cast<int32_t>(size);
69 MessageParcel dataMessageParcel;
70 dataMessageParcel.WriteInt32(maxSize);
71 dataMessageParcel.WriteBuffer(data, size);
72 dataMessageParcel.RewindRead(0);
73 MessageParcel reply;
74 DelayedSingleton<CellularCallService>::GetInstance()->OnUnRegisterCallBackInner(dataMessageParcel, reply);
75 }
76
IsEmergencyPhoneNumber(const uint8_t * data,size_t size)77 void IsEmergencyPhoneNumber(const uint8_t *data, size_t size)
78 {
79 if (!IsServiceInited()) {
80 return;
81 }
82
83 int32_t errorCode = static_cast<int32_t>(size);
84 std::string phoneNum(reinterpret_cast<const char *>(data), size);
85 MessageParcel dataMessageParcel;
86 dataMessageParcel.WriteInt32(errorCode);
87 dataMessageParcel.WriteString(phoneNum);
88 dataMessageParcel.RewindRead(0);
89 MessageParcel reply;
90 DelayedSingleton<CellularCallService>::GetInstance()->OnIsEmergencyPhoneNumberInner(dataMessageParcel, reply);
91 }
92
HangUpAllConnection(const uint8_t * data,size_t size)93 void HangUpAllConnection(const uint8_t *data, size_t size)
94 {
95 if (!IsServiceInited()) {
96 return;
97 }
98
99 int32_t maxSize = static_cast<int32_t>(size);
100 MessageParcel dataMessageParcel;
101 dataMessageParcel.WriteInt32(maxSize);
102 dataMessageParcel.WriteBuffer(data, size);
103 dataMessageParcel.RewindRead(0);
104 MessageParcel reply;
105 DelayedSingleton<CellularCallService>::GetInstance()->OnHangUpAllConnectionInner(dataMessageParcel, reply);
106 }
107
SetReadyToCall(const uint8_t * data,size_t size)108 void SetReadyToCall(const uint8_t *data, size_t size)
109 {
110 if (!IsServiceInited()) {
111 return;
112 }
113
114 int32_t slotId = static_cast<int32_t>(size);
115 int32_t callType = static_cast<int32_t>(size % SLOT_NUM);
116 bool isReadyToCall = static_cast<bool>(size % SLOT_NUM);
117 MessageParcel dataMessageParcel;
118 dataMessageParcel.WriteInt32(slotId);
119 dataMessageParcel.WriteInt32(callType);
120 dataMessageParcel.WriteBool(isReadyToCall);
121 dataMessageParcel.RewindRead(0);
122 MessageParcel reply;
123 DelayedSingleton<CellularCallService>::GetInstance()->OnSetReadyToCallInner(dataMessageParcel, reply);
124 }
125
StartRtt(const uint8_t * data,size_t size)126 void StartRtt(const uint8_t *data, size_t size)
127 {
128 if (!IsServiceInited()) {
129 return;
130 }
131
132 std::string msg(reinterpret_cast<const char *>(data), size);
133 MessageParcel dataMessageParcel;
134 dataMessageParcel.WriteString(msg);
135 dataMessageParcel.RewindRead(0);
136 MessageParcel reply;
137 DelayedSingleton<CellularCallService>::GetInstance()->OnStartRttInner(dataMessageParcel, reply);
138 }
139
StopRtt(const uint8_t * data,size_t size)140 void StopRtt(const uint8_t *data, size_t size)
141 {
142 if (!IsServiceInited()) {
143 return;
144 }
145
146 MessageParcel dataMessageParcel;
147 dataMessageParcel.WriteBuffer(data, size);
148 dataMessageParcel.RewindRead(0);
149 MessageParcel reply;
150 DelayedSingleton<CellularCallService>::GetInstance()->OnStopRttInner(dataMessageParcel, reply);
151 }
152
GetCallTransferInfo(const uint8_t * data,size_t size)153 void GetCallTransferInfo(const uint8_t *data, size_t size)
154 {
155 if (!IsServiceInited()) {
156 return;
157 }
158
159 int32_t type = static_cast<int32_t>(size);
160 MessageParcel dataMessageParcel;
161 dataMessageParcel.WriteInt32(type);
162 dataMessageParcel.WriteBuffer(data, size);
163 dataMessageParcel.RewindRead(0);
164 MessageParcel reply;
165 DelayedSingleton<CellularCallService>::GetInstance()->OnGetCallTransferInner(dataMessageParcel, reply);
166 }
167
GetCallWaiting(const uint8_t * data,size_t size)168 void GetCallWaiting(const uint8_t *data, size_t size)
169 {
170 if (!IsServiceInited()) {
171 return;
172 }
173
174 MessageParcel dataMessageParcel;
175 dataMessageParcel.WriteBuffer(data, size);
176 dataMessageParcel.RewindRead(0);
177 MessageParcel reply;
178 DelayedSingleton<CellularCallService>::GetInstance()->OnGetCallWaitingInner(dataMessageParcel, reply);
179 }
180
SetCallWaiting(const uint8_t * data,size_t size)181 void SetCallWaiting(const uint8_t *data, size_t size)
182 {
183 if (!IsServiceInited()) {
184 return;
185 }
186
187 int32_t activate = static_cast<int32_t>(size % BOOL_NUM);
188 MessageParcel dataMessageParcel;
189 dataMessageParcel.WriteBool(activate);
190 dataMessageParcel.RewindRead(0);
191 MessageParcel reply;
192 DelayedSingleton<CellularCallService>::GetInstance()->OnSetCallWaitingInner(dataMessageParcel, reply);
193 }
194
GetCallRestriction(const uint8_t * data,size_t size)195 void GetCallRestriction(const uint8_t *data, size_t size)
196 {
197 if (!IsServiceInited()) {
198 return;
199 }
200
201 int32_t facType = static_cast<int32_t>(size);
202 MessageParcel dataMessageParcel;
203 dataMessageParcel.WriteInt32(facType);
204 dataMessageParcel.WriteBuffer(data, size);
205 dataMessageParcel.RewindRead(0);
206 MessageParcel reply;
207 DelayedSingleton<CellularCallService>::GetInstance()->OnGetCallRestrictionInner(dataMessageParcel, reply);
208 }
209
SetCallRestrictionPassword(const uint8_t * data,size_t size)210 void SetCallRestrictionPassword(const uint8_t *data, size_t size)
211 {
212 if (!IsServiceInited()) {
213 return;
214 }
215
216 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
217 int32_t facType = static_cast<int32_t>(size);
218 MessageParcel dataMessageParcel;
219 dataMessageParcel.WriteInt32(slotId);
220 dataMessageParcel.WriteInt32(facType);
221 dataMessageParcel.WriteBuffer(data, size);
222 dataMessageParcel.RewindRead(0);
223 MessageParcel reply;
224 DelayedSingleton<CellularCallService>::GetInstance()->OnSetCallRestrictionPasswordInner(dataMessageParcel, reply);
225 }
226
Dial(const uint8_t * data,size_t size)227 void Dial(const uint8_t *data, size_t size)
228 {
229 if (!IsServiceInited()) {
230 return;
231 }
232
233 int32_t maxSize = static_cast<int32_t>(size);
234 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
235 int32_t callId = static_cast<int32_t>(size);
236 int32_t accountId = static_cast<int32_t>(size);
237 int32_t videoState = static_cast<int32_t>(size % VEDIO_STATE_NUM);
238 int32_t index = static_cast<int32_t>(size);
239 std::string telNum = "000000000";
240 std::string tempNum(reinterpret_cast<const char *>(data), size);
241 if (strlen(tempNum.c_str()) <= MAX_NUMBER_LEN) {
242 telNum = tempNum;
243 }
244 size_t length = strlen(telNum.c_str()) + 1;
245 CellularCallInfo callInfo;
246 callInfo.slotId = slotId;
247 callInfo.callId = callId;
248 callInfo.accountId = accountId;
249 callInfo.videoState = videoState;
250 callInfo.index = index;
251 if (strcpy_s(callInfo.phoneNum, length, telNum.c_str()) != EOK) {
252 return;
253 }
254 MessageParcel dataMessageParcel;
255 dataMessageParcel.WriteInt32(maxSize);
256 dataMessageParcel.WriteRawData(static_cast<const void *>(&callInfo), sizeof(CellularCallInfo));
257 dataMessageParcel.RewindRead(0);
258 MessageParcel reply;
259 DelayedSingleton<CellularCallService>::GetInstance()->OnDialInner(dataMessageParcel, reply);
260 }
261
InviteToConference(const uint8_t * data,size_t size)262 void InviteToConference(const uint8_t *data, size_t size)
263 {
264 if (!IsServiceInited()) {
265 return;
266 }
267
268 std::string number(reinterpret_cast<const char *>(data), size);
269 std::vector<std::string> numberList;
270 numberList.push_back(number);
271 MessageParcel dataMessageParcel;
272 dataMessageParcel.WriteStringVector(numberList);
273 dataMessageParcel.RewindRead(0);
274 MessageParcel reply;
275 DelayedSingleton<CellularCallService>::GetInstance()->OnInviteToConferenceInner(dataMessageParcel, reply);
276 }
277
KickOutFromConference(const uint8_t * data,size_t size)278 void KickOutFromConference(const uint8_t *data, size_t size)
279 {
280 if (!IsServiceInited()) {
281 return;
282 }
283
284 int32_t maxSize = static_cast<int32_t>(size);
285 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
286 int32_t callId = static_cast<int32_t>(size);
287 int32_t accountId = static_cast<int32_t>(size);
288 int32_t videoState = static_cast<int32_t>(size % VEDIO_STATE_NUM);
289 int32_t index = static_cast<int32_t>(size);
290 std::string telNum = "000000000";
291 std::string tempNum(reinterpret_cast<const char *>(data), size);
292 if (strlen(tempNum.c_str()) <= MAX_NUMBER_LEN) {
293 telNum = tempNum;
294 }
295 size_t length = strlen(telNum.c_str()) + 1;
296 CellularCallInfo callInfo;
297 callInfo.slotId = slotId;
298 callInfo.callId = callId;
299 callInfo.accountId = accountId;
300 callInfo.videoState = videoState;
301 callInfo.index = index;
302 if (strcpy_s(callInfo.phoneNum, length, telNum.c_str()) != EOK) {
303 return;
304 }
305 MessageParcel dataMessageParcel;
306 dataMessageParcel.WriteInt32(maxSize);
307 dataMessageParcel.WriteRawData(static_cast<const void *>(&callInfo), sizeof(CellularCallInfo));
308 dataMessageParcel.RewindRead(0);
309 MessageParcel reply;
310 DelayedSingleton<CellularCallService>::GetInstance()->OnKickOutFromConferenceInner(dataMessageParcel, reply);
311 }
312
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)313 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
314 {
315 if (data == nullptr || size == 0) {
316 return;
317 }
318
319 OnRemoteRequest(data, size);
320 UnRegisterCallManagerCallBack(data, size);
321 IsEmergencyPhoneNumber(data, size);
322 HangUpAllConnection(data, size);
323 SetReadyToCall(data, size);
324 StartRtt(data, size);
325 StopRtt(data, size);
326 GetCallTransferInfo(data, size);
327 GetCallWaiting(data, size);
328 SetCallWaiting(data, size);
329 GetCallRestriction(data, size);
330 SetCallRestrictionPassword(data, size);
331 Dial(data, size);
332 InviteToConference(data, size);
333 KickOutFromConference(data, size);
334 return;
335 }
336 } // namespace OHOS
337
338 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)339 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
340 {
341 OHOS::AddCellularCallTokenFuzzer token;
342 /* Run your code on data */
343 OHOS::DoSomethingInterestingWithMyAPI(data, size);
344 return 0;
345 }
346