1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "telephonystateregistry_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #define private public
21 #define protected public
22 #include "addstateregistrytoken_fuzzer.h"
23 #include "if_system_ability_manager.h"
24 #include "iservice_registry.h"
25 #include "securec.h"
26 #include "system_ability_definition.h"
27 #include "telephony_observer.h"
28 #include "telephony_state_registry_service.h"
29 #include "telephony_state_registry_stub.h"
30
31 using namespace OHOS::Telephony;
32 namespace OHOS {
33 static bool g_isInited = false;
34 constexpr int32_t BOOL_NUM = 2;
35 constexpr int32_t SLOT_NUM = 2;
36 constexpr int32_t ROAMING_NUM = 4;
37 constexpr int32_t REG_NUM = 6;
38 constexpr int32_t CELL_NUM = 7;
39 constexpr int32_t SIGNAL_NUM = 6;
40 constexpr int32_t SIGNAL_PLUS = 1;
41 constexpr int32_t NR_NUM = 7;
42 constexpr int32_t RADIO_NUM = 13;
43
IsServiceInited()44 bool IsServiceInited()
45 {
46 if (!g_isInited) {
47 DelayedSingleton<TelephonyStateRegistryService>::GetInstance()->OnStart();
48 if (DelayedSingleton<TelephonyStateRegistryService>::GetInstance()->GetServiceRunningState() ==
49 static_cast<int32_t>(ServiceRunningState::STATE_RUNNING)) {
50 g_isInited = true;
51 }
52 }
53 return g_isInited;
54 }
55
OnRemoteRequest(const uint8_t * data,size_t size)56 void OnRemoteRequest(const uint8_t *data, size_t size)
57 {
58 if (!IsServiceInited()) {
59 return;
60 }
61 MessageParcel dataMessageParcel;
62 if (!dataMessageParcel.WriteInterfaceToken(TelephonyStateRegistryStub::GetDescriptor())) {
63 return;
64 }
65 dataMessageParcel.WriteBuffer(data, size);
66 dataMessageParcel.RewindRead(0);
67 uint32_t code = static_cast<uint32_t>(size);
68 MessageParcel reply;
69 MessageOption option;
70 DelayedSingleton<TelephonyStateRegistryService>::GetInstance()->OnRemoteRequest(
71 code, dataMessageParcel, reply, option);
72 }
73
CreateGsmCellInfo(std::unique_ptr<GsmCellInformation> & cell,const uint8_t * data,size_t size)74 void CreateGsmCellInfo(std::unique_ptr<GsmCellInformation> &cell, const uint8_t *data, size_t size)
75 {
76 if (cell == nullptr) {
77 return;
78 }
79 cell->lac_ = static_cast<int32_t>(size);
80 cell->bsic_ = static_cast<int32_t>(size);
81 cell->arfcn_ = static_cast<int32_t>(size);
82 std::string mcc(reinterpret_cast<const char *>(data), size);
83 cell->mcc_ = mcc;
84 std::string mnc(reinterpret_cast<const char *>(data), size);
85 cell->mnc_ = mnc;
86 cell->cellId_ = static_cast<int32_t>(size);
87 cell->timeStamp_ = static_cast<uint64_t>(size);
88 cell->signalIntensity_ = static_cast<int32_t>(size);
89 cell->signalLevel_ = static_cast<int32_t>(size);
90 cell->isCamped_ = static_cast<int32_t>(size % BOOL_NUM);
91 }
92
CreateLteCellInfo(std::unique_ptr<LteCellInformation> & cell,const uint8_t * data,size_t size)93 void CreateLteCellInfo(std::unique_ptr<LteCellInformation> &cell, const uint8_t *data, size_t size)
94 {
95 if (cell == nullptr) {
96 return;
97 }
98 cell->pci_ = static_cast<int32_t>(size);
99 cell->tac_ = static_cast<int32_t>(size);
100 cell->earfcn_ = static_cast<int32_t>(size);
101 std::string mcc(reinterpret_cast<const char *>(data), size);
102 cell->mcc_ = mcc;
103 std::string mnc(reinterpret_cast<const char *>(data), size);
104 cell->mnc_ = mnc;
105 cell->cellId_ = static_cast<int32_t>(size);
106 cell->timeStamp_ = static_cast<uint64_t>(size);
107 cell->signalIntensity_ = static_cast<int32_t>(size);
108 cell->signalLevel_ = static_cast<int32_t>(size);
109 cell->isCamped_ = static_cast<int32_t>(size % BOOL_NUM);
110 }
111
UpdateCellInfo(const uint8_t * data,size_t size)112 void UpdateCellInfo(const uint8_t *data, size_t size)
113 {
114 if (!IsServiceInited()) {
115 return;
116 }
117 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
118 int32_t loopSize = static_cast<int32_t>(size);
119 MessageParcel dataMessageParcel;
120 dataMessageParcel.WriteInt32(slotId);
121 dataMessageParcel.WriteInt32(loopSize);
122 for (int32_t i = 0; i < loopSize; i++) {
123 CellInformation::CellType type = static_cast<CellInformation::CellType>(size % CELL_NUM);
124 if (type == CellInformation::CellType::CELL_TYPE_GSM) {
125 std::unique_ptr<GsmCellInformation> cell = std::make_unique<GsmCellInformation>();
126 if (cell == nullptr) {
127 return;
128 }
129 CreateGsmCellInfo(cell, data, size);
130 cell->Marshalling(dataMessageParcel);
131 }
132 if (type == CellInformation::CellType::CELL_TYPE_LTE) {
133 std::unique_ptr<LteCellInformation> cell = std::make_unique<LteCellInformation>();
134 if (cell == nullptr) {
135 return;
136 }
137 CreateLteCellInfo(cell, data, size);
138 cell->Marshalling(dataMessageParcel);
139 }
140 }
141 dataMessageParcel.RewindRead(0);
142 MessageParcel reply;
143 DelayedSingleton<TelephonyStateRegistryService>::GetInstance()->OnUpdateCellInfo(dataMessageParcel, reply);
144 }
145
UpdateCallState(const uint8_t * data,size_t size)146 void UpdateCallState(const uint8_t *data, size_t size)
147 {
148 if (!IsServiceInited()) {
149 return;
150 }
151 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
152 int32_t callState = static_cast<int32_t>(size);
153 std::string phoneNumber(reinterpret_cast<const char *>(data), size);
154 MessageParcel dataMessageParcel;
155 dataMessageParcel.WriteInt32(slotId);
156 dataMessageParcel.WriteInt32(callState);
157 dataMessageParcel.WriteString16(Str8ToStr16(phoneNumber));
158 dataMessageParcel.RewindRead(0);
159 MessageParcel reply;
160 DelayedSingleton<TelephonyStateRegistryService>::GetInstance()->OnUpdateCallState(dataMessageParcel, reply);
161 }
162
UpdateCallStateForSlotId(const uint8_t * data,size_t size)163 void UpdateCallStateForSlotId(const uint8_t *data, size_t size)
164 {
165 if (!IsServiceInited()) {
166 return;
167 }
168 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
169 int32_t callId = static_cast<int32_t>(size);
170 int32_t callState = static_cast<int32_t>(size);
171 std::string incomingNumber(reinterpret_cast<const char *>(data), size);
172 MessageParcel dataMessageParcel;
173 dataMessageParcel.WriteInt32(slotId);
174 dataMessageParcel.WriteInt32(callId);
175 dataMessageParcel.WriteInt32(callState);
176 dataMessageParcel.WriteString16(Str8ToStr16(incomingNumber));
177 dataMessageParcel.RewindRead(0);
178 MessageParcel reply;
179 DelayedSingleton<TelephonyStateRegistryService>::GetInstance()->OnUpdateCallStateForSlotId(
180 dataMessageParcel, reply);
181 }
182
CreateGsmSignalInfo(std::unique_ptr<GsmSignalInformation> & signal,const uint8_t * data,size_t size)183 void CreateGsmSignalInfo(std::unique_ptr<GsmSignalInformation> &signal, const uint8_t *data, size_t size)
184 {
185 if (signal == nullptr) {
186 return;
187 }
188 signal->signalBar_ = static_cast<int32_t>(size);
189 signal->gsmRxlev_ = static_cast<int32_t>(size);
190 signal->gsmBer_ = static_cast<int32_t>(size);
191 }
192
CreateCDMASignalInfo(std::unique_ptr<CdmaSignalInformation> & signal,const uint8_t * data,size_t size)193 void CreateCDMASignalInfo(std::unique_ptr<CdmaSignalInformation> &signal, const uint8_t *data, size_t size)
194 {
195 if (signal == nullptr) {
196 return;
197 }
198 signal->signalBar_ = static_cast<int32_t>(size);
199 signal->cdmaRssi_ = static_cast<int32_t>(size);
200 signal->cdmaEcno_ = static_cast<int32_t>(size);
201 }
202
CreateLTESignalInfo(std::unique_ptr<LteSignalInformation> & signal,const uint8_t * data,size_t size)203 void CreateLTESignalInfo(std::unique_ptr<LteSignalInformation> &signal, const uint8_t *data, size_t size)
204 {
205 if (signal == nullptr) {
206 return;
207 }
208 signal->signalBar_ = static_cast<int32_t>(size);
209 signal->rxlev_ = static_cast<int32_t>(size);
210 signal->lteRsrp_ = static_cast<int32_t>(size);
211 signal->lteRsrq_ = static_cast<int32_t>(size);
212 signal->lteSnr_ = static_cast<int32_t>(size);
213 }
214
CreateWCDMASignalInfo(std::unique_ptr<WcdmaSignalInformation> & signal,const uint8_t * data,size_t size)215 void CreateWCDMASignalInfo(std::unique_ptr<WcdmaSignalInformation> &signal, const uint8_t *data, size_t size)
216 {
217 if (signal == nullptr) {
218 return;
219 }
220 signal->signalBar_ = static_cast<int32_t>(size);
221 signal->wcdmaRxlev_ = static_cast<int32_t>(size);
222 signal->wcdmaRscp_ = static_cast<int32_t>(size);
223 signal->wcdmaEcio_ = static_cast<int32_t>(size);
224 signal->wcdmaBer_ = static_cast<int32_t>(size);
225 }
226
CreateNRSignalInfo(std::unique_ptr<NrSignalInformation> & signal,const uint8_t * data,size_t size)227 void CreateNRSignalInfo(std::unique_ptr<NrSignalInformation> &signal, const uint8_t *data, size_t size)
228 {
229 if (signal == nullptr) {
230 return;
231 }
232 signal->signalBar_ = static_cast<int32_t>(size);
233 signal->nrRsrp_ = static_cast<int32_t>(size);
234 signal->nrRsrq_ = static_cast<int32_t>(size);
235 signal->nrSinr_ = static_cast<int32_t>(size);
236 }
237
UpdateLteNrSignalInfo(const uint8_t * data,size_t size,MessageParcel & dataMessageParcel,SignalInformation::NetworkType type)238 void UpdateLteNrSignalInfo(const uint8_t *data, size_t size, MessageParcel &dataMessageParcel,
239 SignalInformation::NetworkType type)
240 {
241 if (type == SignalInformation::NetworkType::LTE) {
242 std::unique_ptr<LteSignalInformation> signal = std::make_unique<LteSignalInformation>();
243 if (signal == nullptr) {
244 return;
245 }
246 CreateLTESignalInfo(signal, data, size);
247 signal->Marshalling(dataMessageParcel);
248 }
249 if (type == SignalInformation::NetworkType::NR) {
250 std::unique_ptr<NrSignalInformation> signal = std::make_unique<NrSignalInformation>();
251 if (signal == nullptr) {
252 return;
253 }
254 CreateNRSignalInfo(signal, data, size);
255 signal->Marshalling(dataMessageParcel);
256 }
257 }
258
UpdateSignalInfo(const uint8_t * data,size_t size)259 void UpdateSignalInfo(const uint8_t *data, size_t size)
260 {
261 if (!IsServiceInited()) {
262 return;
263 }
264 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
265 int32_t loopSize = static_cast<int32_t>(size);
266 MessageParcel dataMessageParcel;
267 dataMessageParcel.WriteInt32(slotId);
268 dataMessageParcel.WriteInt32(loopSize);
269 for (int32_t i = 0; i < loopSize; i++) {
270 SignalInformation::NetworkType type =
271 static_cast<SignalInformation::NetworkType>(size % SIGNAL_NUM + SIGNAL_PLUS);
272 if (type == SignalInformation::NetworkType::GSM) {
273 std::unique_ptr<GsmSignalInformation> signal = std::make_unique<GsmSignalInformation>();
274 if (signal == nullptr) {
275 return;
276 }
277 CreateGsmSignalInfo(signal, data, size);
278 signal->Marshalling(dataMessageParcel);
279 }
280 if (type == SignalInformation::NetworkType::CDMA) {
281 std::unique_ptr<CdmaSignalInformation> signal = std::make_unique<CdmaSignalInformation>();
282 if (signal == nullptr) {
283 return;
284 }
285 CreateCDMASignalInfo(signal, data, size);
286 signal->Marshalling(dataMessageParcel);
287 }
288 if (type == SignalInformation::NetworkType::LTE || type == SignalInformation::NetworkType::NR) {
289 UpdateLteNrSignalInfo(data, size, dataMessageParcel, type);
290 }
291 if (type == SignalInformation::NetworkType::WCDMA) {
292 std::unique_ptr<WcdmaSignalInformation> signal = std::make_unique<WcdmaSignalInformation>();
293 if (signal == nullptr) {
294 return;
295 }
296 CreateWCDMASignalInfo(signal, data, size);
297 signal->Marshalling(dataMessageParcel);
298 }
299 }
300 dataMessageParcel.RewindRead(0);
301 MessageParcel reply;
302 DelayedSingleton<TelephonyStateRegistryService>::GetInstance()->OnUpdateSignalInfo(dataMessageParcel, reply);
303 }
304
UpdateNetworkState(const uint8_t * data,size_t size)305 void UpdateNetworkState(const uint8_t *data, size_t size)
306 {
307 if (!IsServiceInited()) {
308 return;
309 }
310 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
311 MessageParcel dataMessageParcel;
312 dataMessageParcel.WriteInt32(slotId);
313 auto networkState = std::make_unique<NetworkState>();
314 if (networkState == nullptr) {
315 return;
316 }
317 networkState->isEmergency_ = static_cast<int32_t>(size % BOOL_NUM);
318 std::string mOperatorNumeric(reinterpret_cast<const char *>(data), size);
319 std::string mFullName(reinterpret_cast<const char *>(data), size);
320 std::string mShortName(reinterpret_cast<const char *>(data), size);
321 networkState->psOperatorInfo_.operatorNumeric = mOperatorNumeric;
322 networkState->psOperatorInfo_.fullName = mFullName;
323 networkState->psOperatorInfo_.shortName = mShortName;
324 networkState->csOperatorInfo_.operatorNumeric = mOperatorNumeric;
325 networkState->csOperatorInfo_.fullName = mFullName;
326 networkState->csOperatorInfo_.shortName = mShortName;
327 networkState->csRoaming_ = static_cast<RoamingType>(size % ROAMING_NUM);
328 networkState->psRoaming_ = static_cast<RoamingType>(size % ROAMING_NUM);
329 networkState->psRegStatus_ = static_cast<RegServiceState>(size % REG_NUM);
330 networkState->csRegStatus_ = static_cast<RegServiceState>(size % REG_NUM);
331 networkState->psRadioTech_ = static_cast<RadioTech>(size % RADIO_NUM);
332 networkState->lastPsRadioTech_ = static_cast<RadioTech>(size % RADIO_NUM);
333 networkState->lastCfgTech_ = static_cast<RadioTech>(size % RADIO_NUM);
334 networkState->csRadioTech_ = static_cast<RadioTech>(size % RADIO_NUM);
335 networkState->cfgTech_ = static_cast<RadioTech>(size % RADIO_NUM);
336 networkState->nrState_ = static_cast<NrState>(size % NR_NUM);
337 networkState->Marshalling(dataMessageParcel);
338 dataMessageParcel.RewindRead(0);
339 MessageParcel reply;
340 DelayedSingleton<TelephonyStateRegistryService>::GetInstance()->OnUpdateNetworkState(dataMessageParcel, reply);
341 }
342
UpdateCellularDataConnectState(const uint8_t * data,size_t size)343 void UpdateCellularDataConnectState(const uint8_t *data, size_t size)
344 {
345 if (!IsServiceInited()) {
346 return;
347 }
348 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
349 int32_t dataState = static_cast<int32_t>(size);
350 int32_t networkType = static_cast<int32_t>(size);
351 MessageParcel dataMessageParcel;
352 dataMessageParcel.WriteInt32(slotId);
353 dataMessageParcel.WriteInt32(dataState);
354 dataMessageParcel.WriteInt32(networkType);
355 dataMessageParcel.RewindRead(0);
356 MessageParcel reply;
357 DelayedSingleton<TelephonyStateRegistryService>::GetInstance()->OnUpdateCellularDataConnectState(
358 dataMessageParcel, reply);
359 }
360
UpdateCellularDataFlow(const uint8_t * data,size_t size)361 void UpdateCellularDataFlow(const uint8_t *data, size_t size)
362 {
363 if (!IsServiceInited()) {
364 return;
365 }
366 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
367 int32_t flowData = static_cast<int32_t>(size);
368 MessageParcel dataMessageParcel;
369 dataMessageParcel.WriteInt32(slotId);
370 dataMessageParcel.WriteInt32(flowData);
371 dataMessageParcel.RewindRead(0);
372 MessageParcel reply;
373 DelayedSingleton<TelephonyStateRegistryService>::GetInstance()->OnUpdateCellularDataFlow(dataMessageParcel, reply);
374 }
375
UpdateCfuIndicator(const uint8_t * data,size_t size)376 void UpdateCfuIndicator(const uint8_t *data, size_t size)
377 {
378 if (!IsServiceInited()) {
379 return;
380 }
381 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
382 bool cfuResult = static_cast<bool>(size % BOOL_NUM);
383 MessageParcel dataMessageParcel;
384 dataMessageParcel.WriteInt32(slotId);
385 dataMessageParcel.WriteBool(cfuResult);
386 dataMessageParcel.RewindRead(0);
387 MessageParcel reply;
388 DelayedSingleton<TelephonyStateRegistryService>::GetInstance()->OnUpdateCfuIndicator(dataMessageParcel, reply);
389 }
390
UpdateVoiceMailMsgIndicator(const uint8_t * data,size_t size)391 void UpdateVoiceMailMsgIndicator(const uint8_t *data, size_t size)
392 {
393 if (!IsServiceInited()) {
394 return;
395 }
396 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
397 bool voiceMailMsgResult = static_cast<bool>(size % BOOL_NUM);
398 MessageParcel dataMessageParcel;
399 dataMessageParcel.WriteInt32(slotId);
400 dataMessageParcel.WriteBool(voiceMailMsgResult);
401 dataMessageParcel.RewindRead(0);
402 MessageParcel reply;
403 DelayedSingleton<TelephonyStateRegistryService>::GetInstance()->OnUpdateVoiceMailMsgIndicator(
404 dataMessageParcel, reply);
405 }
406
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)407 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
408 {
409 if (data == nullptr || size == 0) {
410 return;
411 }
412 OnRemoteRequest(data, size);
413 UpdateCellInfo(data, size);
414 UpdateCallState(data, size);
415 UpdateCallStateForSlotId(data, size);
416 UpdateSignalInfo(data, size);
417 UpdateNetworkState(data, size);
418 UpdateCellularDataConnectState(data, size);
419 UpdateCellularDataFlow(data, size);
420 UpdateCfuIndicator(data, size);
421 UpdateVoiceMailMsgIndicator(data, size);
422 return;
423 }
424 } // namespace OHOS
425
426 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)427 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
428 {
429 OHOS::AddStateRegistryTokenFuzzer token;
430 /* Run your code on data */
431 OHOS::DoSomethingInterestingWithMyAPI(data, size);
432 return 0;
433 }
434
435