1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "registercallmanagercallback_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #define private public
21 #include "addcellularcalltoken_fuzzer.h"
22 #include "cellular_call_register.h"
23 #include "cellular_call_service.h"
24 #include "hril_call_parcel.h"
25 #include "radio_event.h"
26 #include "securec.h"
27 #include "system_ability_definition.h"
28
29 using namespace OHOS::Telephony;
30 namespace OHOS {
31 static bool g_isInited = false;
32 constexpr int32_t SLOT_NUM = 2;
33 constexpr int32_t BOOL_NUM = 2;
34 constexpr int32_t CALL_STATE_NUM = 8;
35 constexpr int32_t EVENT_ID_NUM = 20;
36
IsServiceInited()37 bool IsServiceInited()
38 {
39 DelayedSingleton<CellularCallService>::GetInstance()->OnStart();
40 if (!g_isInited && (static_cast<int32_t>(DelayedSingleton<CellularCallService>::GetInstance()->state_) ==
41 static_cast<int32_t>(ServiceRunningState::STATE_RUNNING))) {
42 g_isInited = true;
43 }
44 return g_isInited;
45 }
46
ReportCallsInfo(const uint8_t * data,size_t size)47 void ReportCallsInfo(const uint8_t *data, size_t size)
48 {
49 if (!IsServiceInited()) {
50 return;
51 }
52
53 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance();
54 CallsReportInfo callsReportInfo;
55 callsReportInfo.slotId = static_cast<int32_t>(size % SLOT_NUM);
56 CallReportInfo callReportInfo;
57 std::string number(reinterpret_cast<const char *>(data), size);
58 int32_t length = number.length() > kMaxNumberLen ? kMaxNumberLen : number.length();
59 if (memcpy_s(callReportInfo.accountNum, kMaxNumberLen, number.c_str(), length) != EOK) {
60 return;
61 }
62 sptr<ICallStatusCallback> callback = nullptr;
63 TelCallState callState = static_cast<TelCallState>(size % CALL_STATE_NUM);
64 CellularCallEventInfo info;
65 info.eventType = CellularCallEventType::EVENT_REQUEST_RESULT_TYPE;
66 info.eventId = static_cast<RequestResultEventId>(size % EVENT_ID_NUM);
67 CallWaitResponse response;
68 response.classCw = static_cast<int32_t>(size);
69 response.result = static_cast<int32_t>(size % BOOL_NUM);
70 response.status = static_cast<int32_t>(size % BOOL_NUM);
71 int32_t result = static_cast<int32_t>(size % BOOL_NUM);
72 CallRestrictionResponse callRestrictionResponse;
73 callRestrictionResponse.classCw = static_cast<int32_t>(size);
74 callRestrictionResponse.result = static_cast<int32_t>(size % BOOL_NUM);
75 callRestrictionResponse.status = static_cast<int32_t>(size % BOOL_NUM);
76
77 cellularCallRegister->ReportCallsInfo(callsReportInfo);
78 cellularCallRegister->RegisterCallManagerCallBack(callback);
79 cellularCallRegister->ReportSingleCallInfo(callReportInfo, callState);
80 cellularCallRegister->UnRegisterCallManagerCallBack();
81 cellularCallRegister->ReportEventResultInfo(info);
82 cellularCallRegister->ReportGetWaitingResult(response);
83 cellularCallRegister->ReportSetWaitingResult(result);
84 cellularCallRegister->ReportGetRestrictionResult(callRestrictionResponse);
85 cellularCallRegister->ReportSetBarringPasswordResult(result);
86 }
87
ReportSetRestrictionResult(const uint8_t * data,size_t size)88 void ReportSetRestrictionResult(const uint8_t *data, size_t size)
89 {
90 if (!IsServiceInited()) {
91 return;
92 }
93
94 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance();
95 int32_t result = static_cast<int32_t>(size % BOOL_NUM);
96 CallTransferResponse callTransferResponse;
97 callTransferResponse.result = static_cast<int32_t>(size);
98 callTransferResponse.status = static_cast<int32_t>(size);
99 callTransferResponse.classx = static_cast<int32_t>(size);
100 callTransferResponse.type = static_cast<int32_t>(size);
101 callTransferResponse.time = static_cast<int32_t>(size);
102 callTransferResponse.reason = static_cast<int32_t>(size);
103 std::string number(reinterpret_cast<const char *>(data), size);
104 int32_t length = number.length() > kMaxNumberLen ? kMaxNumberLen : number.length();
105 if (memcpy_s(callTransferResponse.number, kMaxNumberLen, number.c_str(), length) != EOK) {
106 return;
107 }
108 ClipResponse clipResponse;
109 clipResponse.action = static_cast<int32_t>(size);
110 clipResponse.result = static_cast<int32_t>(size);
111 clipResponse.clipStat = static_cast<int32_t>(size);
112 ClirResponse clirResponse;
113 clirResponse.clirStat = static_cast<int32_t>(size);
114 clirResponse.action = static_cast<int32_t>(size);
115 clirResponse.result = static_cast<int32_t>(size);
116 GetImsConfigResponse getImsConfigResponse;
117 getImsConfigResponse.result = static_cast<int32_t>(size);
118 getImsConfigResponse.value = static_cast<int32_t>(size);
119
120 cellularCallRegister->ReportSetRestrictionResult(result);
121 cellularCallRegister->ReportGetTransferResult(callTransferResponse);
122 cellularCallRegister->ReportSetTransferResult(result);
123 cellularCallRegister->ReportGetClipResult(clipResponse);
124 cellularCallRegister->ReportGetClirResult(clirResponse);
125 cellularCallRegister->ReportSetClirResult(result);
126 cellularCallRegister->ReportGetImsConfigResult(getImsConfigResponse);
127 cellularCallRegister->ReportSetImsConfigResult(result);
128 cellularCallRegister->ReportSetImsFeatureResult(result);
129 }
130
ReportSetImsConfigResult(const uint8_t * data,size_t size)131 void ReportSetImsConfigResult(const uint8_t *data, size_t size)
132 {
133 if (!IsServiceInited()) {
134 return;
135 }
136
137 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance();
138 int32_t result = static_cast<int32_t>(size % BOOL_NUM);
139 GetImsFeatureValueResponse getImsFeatureValueResponse;
140 getImsFeatureValueResponse.result = static_cast<int32_t>(size);
141 getImsFeatureValueResponse.value = static_cast<int32_t>(size);
142 GetLteEnhanceModeResponse getLteEnhanceModeResponse;
143 getLteEnhanceModeResponse.result = static_cast<int32_t>(size);
144 getLteEnhanceModeResponse.value = static_cast<int32_t>(size);
145 DisconnectedDetails details;
146 std::string number(reinterpret_cast<const char *>(data), size);
147 details.message = number;
148 details.reason = static_cast<DisconnectedReason>(size);
149 MuteControlResponse muteControlResponse;
150 muteControlResponse.result = static_cast<int32_t>(size);
151 muteControlResponse.value = static_cast<int32_t>(size);
152 SetEccListResponse setEccListResponse;
153 setEccListResponse.result = static_cast<int32_t>(size);
154 setEccListResponse.value = static_cast<int32_t>(size);
155 MmiCodeInfo mmiCodeInfo;
156 mmiCodeInfo.result = static_cast<int32_t>(size);
157 int32_t length = number.length() > kMaxNumberLen ? kMaxNumberLen : number.length();
158 if (memcpy_s(mmiCodeInfo.message, kMaxNumberLen, number.c_str(), length) != EOK) {
159 return;
160 }
161
162 cellularCallRegister->ReportGetImsFeatureResult(getImsFeatureValueResponse);
163 cellularCallRegister->ReportCallRingBackResult(result);
164 cellularCallRegister->ReportCallFailReason(details);
165 cellularCallRegister->ReportGetMuteResult(muteControlResponse);
166 cellularCallRegister->ReportSetMuteResult(muteControlResponse);
167 cellularCallRegister->ReportInviteToConferenceResult(result);
168 cellularCallRegister->ReportGetCallDataResult(result);
169 cellularCallRegister->ReportStartDtmfResult(result);
170 cellularCallRegister->ReportStopDtmfResult(result);
171 cellularCallRegister->ReportStartRttResult(result);
172 cellularCallRegister->ReportStopRttResult(result);
173 cellularCallRegister->ReportSendUssdResult(result);
174 cellularCallRegister->ReportMmiCodeResult(mmiCodeInfo);
175 cellularCallRegister->ReportSetEmergencyCallListResponse(setEccListResponse);
176 cellularCallRegister->IsCallManagerCallBackRegistered();
177 }
178
ReportUpdateCallMediaMode(const uint8_t * data,size_t size)179 void ReportUpdateCallMediaMode(const uint8_t *data, size_t size)
180 {
181 if (!IsServiceInited()) {
182 return;
183 }
184
185 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance();
186 ImsCallModeReceiveInfo reportCallModeInfo;
187 reportCallModeInfo.callIndex = static_cast<int32_t>(size);
188 reportCallModeInfo.result = static_cast<ImsCallModeRequestResult>(size);
189 reportCallModeInfo.callType = static_cast<ImsCallType>(static_cast<int32_t>(size % BOOL_NUM));
190 cellularCallRegister->ReceiveUpdateCallMediaModeRequest(reportCallModeInfo);
191 cellularCallRegister->ReceiveUpdateCallMediaModeResponse(reportCallModeInfo);
192 }
193
ReportCallSessionEventChanged(const uint8_t * data,size_t size)194 void ReportCallSessionEventChanged(const uint8_t *data, size_t size)
195 {
196 if (!IsServiceInited()) {
197 return;
198 }
199
200 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance();
201 ImsCallSessionEventInfo reportCallSessionInfo;
202 reportCallSessionInfo.callIndex = static_cast<int32_t>(size);
203 reportCallSessionInfo.eventType = static_cast<VideoCallEventType>(static_cast<int32_t>(size % BOOL_NUM));
204 cellularCallRegister->HandleCallSessionEventChanged(reportCallSessionInfo);
205 }
206
ReportPeerDimensionsChanged(const uint8_t * data,size_t size)207 void ReportPeerDimensionsChanged(const uint8_t *data, size_t size)
208 {
209 if (!IsServiceInited()) {
210 return;
211 }
212
213 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance();
214 ImsCallPeerDimensionsInfo reportCallPeerDimensionsInfo;
215 reportCallPeerDimensionsInfo.callIndex = static_cast<int32_t>(size);
216 reportCallPeerDimensionsInfo.width = static_cast<int32_t>(size);
217 reportCallPeerDimensionsInfo.height = static_cast<int32_t>(size);
218 cellularCallRegister->HandlePeerDimensionsChanged(reportCallPeerDimensionsInfo);
219 }
220
ReportCallDataUsageChanged(const uint8_t * data,size_t size)221 void ReportCallDataUsageChanged(const uint8_t *data, size_t size)
222 {
223 if (!IsServiceInited()) {
224 return;
225 }
226
227 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance();
228 ImsCallDataUsageInfo reportCallDataUsageInfo;
229 reportCallDataUsageInfo.callIndex = static_cast<int32_t>(size);
230 reportCallDataUsageInfo.dataUsage = static_cast<int64_t>(size);
231 cellularCallRegister->HandleCallDataUsageChanged(reportCallDataUsageInfo);
232 }
233
ReportCameraCapabilitiesChanged(const uint8_t * data,size_t size)234 void ReportCameraCapabilitiesChanged(const uint8_t *data, size_t size)
235 {
236 if (!IsServiceInited()) {
237 return;
238 }
239
240 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance();
241 CameraCapabilitiesInfo reportCameraCapabilitiesInfo;
242 reportCameraCapabilitiesInfo.callIndex = static_cast<int32_t>(size);
243 reportCameraCapabilitiesInfo.width = static_cast<int32_t>(size);
244 reportCameraCapabilitiesInfo.height = static_cast<int32_t>(size);
245 cellularCallRegister->HandleCameraCapabilitiesChanged(reportCameraCapabilitiesInfo);
246 }
247
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)248 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
249 {
250 if (data == nullptr || size == 0) {
251 return;
252 }
253
254 ReportCallsInfo(data, size);
255 ReportSetRestrictionResult(data, size);
256 ReportSetImsConfigResult(data, size);
257 ReportUpdateCallMediaMode(data, size);
258 ReportCallSessionEventChanged(data, size);
259 ReportPeerDimensionsChanged(data, size);
260 ReportCallDataUsageChanged(data, size);
261 ReportCameraCapabilitiesChanged(data, size);
262 }
263 } // namespace OHOS
264
265 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)266 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
267 {
268 OHOS::AddCellularCallTokenFuzzer token;
269 /* Run your code on data */
270 OHOS::DoSomethingInterestingWithMyAPI(data, size);
271 return 0;
272 }
273