1 /*
2 * Copyright (c) 2022-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "bluetoothdialcall_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #define private public
21 #include "addcalltoken_fuzzer.h"
22 #include "bluetooth_call_service.h"
23 #include "message_parcel.h"
24
25 using namespace OHOS::Telephony;
26 namespace OHOS {
27 constexpr int32_t SLOT_NUM = 3;
28
AnswerCall(const uint8_t * data,size_t size)29 void AnswerCall(const uint8_t *data, size_t size)
30 {
31 if (!IsServiceInited()) {
32 return;
33 }
34
35 MessageParcel messageParcel;
36 messageParcel.WriteBuffer(data, size);
37 messageParcel.RewindRead(0);
38 MessageParcel reply;
39 DelayedSingleton<BluetoothCallService>::GetInstance()->OnAnswerCall(messageParcel, reply);
40 }
41
RejectCall(const uint8_t * data,size_t size)42 void RejectCall(const uint8_t *data, size_t size)
43 {
44 if (!IsServiceInited()) {
45 return;
46 }
47
48 MessageParcel messageParcel;
49 messageParcel.WriteBuffer(data, size);
50 messageParcel.RewindRead(0);
51 MessageParcel reply;
52 DelayedSingleton<BluetoothCallService>::GetInstance()->OnRejectCall(messageParcel, reply);
53 }
54
HangUpCall(const uint8_t * data,size_t size)55 void HangUpCall(const uint8_t *data, size_t size)
56 {
57 if (!IsServiceInited()) {
58 return;
59 }
60
61 MessageParcel messageParcel;
62 messageParcel.WriteBuffer(data, size);
63 messageParcel.RewindRead(0);
64 MessageParcel reply;
65 DelayedSingleton<BluetoothCallService>::GetInstance()->OnHangUpCall(messageParcel, reply);
66 }
67
GetBtCallState(const uint8_t * data,size_t size)68 void GetBtCallState(const uint8_t *data, size_t size)
69 {
70 if (!IsServiceInited()) {
71 return;
72 }
73
74 MessageParcel messageParcel;
75 messageParcel.WriteBuffer(data, size);
76 messageParcel.RewindRead(0);
77 MessageParcel reply;
78 DelayedSingleton<BluetoothCallService>::GetInstance()->OnGetBtCallState(messageParcel, reply);
79 }
80
HoldCall(const uint8_t * data,size_t size)81 void HoldCall(const uint8_t *data, size_t size)
82 {
83 if (!IsServiceInited()) {
84 return;
85 }
86
87 MessageParcel messageParcel;
88 messageParcel.WriteBuffer(data, size);
89 messageParcel.RewindRead(0);
90 MessageParcel reply;
91 DelayedSingleton<BluetoothCallService>::GetInstance()->OnHoldCall(messageParcel, reply);
92 }
93
UnHoldCall(const uint8_t * data,size_t size)94 void UnHoldCall(const uint8_t *data, size_t size)
95 {
96 if (!IsServiceInited()) {
97 return;
98 }
99
100 MessageParcel messageParcel;
101 messageParcel.WriteBuffer(data, size);
102 messageParcel.RewindRead(0);
103 MessageParcel reply;
104 DelayedSingleton<BluetoothCallService>::GetInstance()->OnUnHoldCall(messageParcel, reply);
105 }
106
SwitchCall(const uint8_t * data,size_t size)107 void SwitchCall(const uint8_t *data, size_t size)
108 {
109 if (!IsServiceInited()) {
110 return;
111 }
112
113 MessageParcel messageParcel;
114 messageParcel.WriteBuffer(data, size);
115 messageParcel.RewindRead(0);
116 MessageParcel reply;
117 DelayedSingleton<BluetoothCallService>::GetInstance()->OnSwitchCall(messageParcel, reply);
118 }
119
CombineConference(const uint8_t * data,size_t size)120 void CombineConference(const uint8_t *data, size_t size)
121 {
122 if (!IsServiceInited()) {
123 return;
124 }
125
126 MessageParcel messageParcel;
127 messageParcel.WriteBuffer(data, size);
128 messageParcel.RewindRead(0);
129 MessageParcel reply;
130 DelayedSingleton<BluetoothCallService>::GetInstance()->OnCombineConference(messageParcel, reply);
131 }
132
SeparateConference(const uint8_t * data,size_t size)133 void SeparateConference(const uint8_t *data, size_t size)
134 {
135 if (!IsServiceInited()) {
136 return;
137 }
138
139 MessageParcel messageParcel;
140 messageParcel.WriteBuffer(data, size);
141 messageParcel.RewindRead(0);
142 MessageParcel reply;
143 DelayedSingleton<BluetoothCallService>::GetInstance()->OnSeparateConference(messageParcel, reply);
144 }
145
KickOutFromConference(const uint8_t * data,size_t size)146 void KickOutFromConference(const uint8_t *data, size_t size)
147 {
148 if (!IsServiceInited()) {
149 return;
150 }
151
152 MessageParcel messageParcel;
153 messageParcel.WriteBuffer(data, size);
154 messageParcel.RewindRead(0);
155 MessageParcel reply;
156 DelayedSingleton<BluetoothCallService>::GetInstance()->OnKickOutFromConference(messageParcel, reply);
157 }
158
StartDtmf(const uint8_t * data,size_t size)159 void StartDtmf(const uint8_t *data, size_t size)
160 {
161 if (!IsServiceInited()) {
162 return;
163 }
164
165 MessageParcel messageParcel;
166 messageParcel.WriteInt8(*data);
167 messageParcel.WriteBuffer(data, size);
168 messageParcel.RewindRead(0);
169 MessageParcel reply;
170 DelayedSingleton<BluetoothCallService>::GetInstance()->OnStartDtmf(messageParcel, reply);
171 }
172
StopDtmf(const uint8_t * data,size_t size)173 void StopDtmf(const uint8_t *data, size_t size)
174 {
175 if (!IsServiceInited()) {
176 return;
177 }
178
179 MessageParcel messageParcel;
180 messageParcel.WriteBuffer(data, size);
181 messageParcel.RewindRead(0);
182 MessageParcel reply;
183 DelayedSingleton<BluetoothCallService>::GetInstance()->OnStopDtmf(messageParcel, reply);
184 }
185
GetCurrentCallList(const uint8_t * data,size_t size)186 void GetCurrentCallList(const uint8_t *data, size_t size)
187 {
188 if (!IsServiceInited()) {
189 return;
190 }
191
192 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
193 MessageParcel messageParcel;
194 messageParcel.WriteInt32(slotId);
195 messageParcel.WriteBuffer(data, size);
196 messageParcel.RewindRead(0);
197 MessageParcel reply;
198 DelayedSingleton<BluetoothCallService>::GetInstance()->OnGetCurrentCallList(messageParcel, reply);
199 }
200
AddAudioDeviceList(const uint8_t * data,size_t size)201 void AddAudioDeviceList(const uint8_t *data, size_t size)
202 {
203 if (!IsServiceInited()) {
204 return;
205 }
206
207 MessageParcel messageParcel;
208 std::string str(reinterpret_cast<const char *>(data), size);
209 messageParcel.WriteString(str);
210 messageParcel.WriteInt32(static_cast<int32_t>(data[0]));
211 messageParcel.WriteString(str);
212 MessageParcel reply;
213 DelayedSingleton<BluetoothCallService>::GetInstance()->OnAddAudioDeviceList(messageParcel, reply);
214 }
215
RemoveAudioDeviceList(const uint8_t * data,size_t size)216 void RemoveAudioDeviceList(const uint8_t *data, size_t size)
217 {
218 if (!IsServiceInited()) {
219 return;
220 }
221
222 MessageParcel messageParcel;
223 std::string str(reinterpret_cast<const char *>(data), size);
224 messageParcel.WriteString(str);
225 messageParcel.WriteInt32(static_cast<int32_t>(data[0]));
226 MessageParcel reply;
227 DelayedSingleton<BluetoothCallService>::GetInstance()->OnRemoveAudioDeviceList(messageParcel, reply);
228 }
229
ResetNearlinkDeviceList(const uint8_t * data,size_t size)230 void ResetNearlinkDeviceList(const uint8_t *data, size_t size)
231 {
232 if (!IsServiceInited()) {
233 return;
234 }
235
236 MessageParcel messageParcel;
237 messageParcel.WriteBuffer(data, size);
238 messageParcel.RewindRead(0);
239 MessageParcel reply;
240 DelayedSingleton<BluetoothCallService>::GetInstance()->OnResetNearlinkDeviceList(messageParcel, reply);
241 }
242
ResetBtHearingAidDeviceList(const uint8_t * data,size_t size)243 void ResetBtHearingAidDeviceList(const uint8_t *data, size_t size)
244 {
245 if (!IsServiceInited()) {
246 return;
247 }
248
249 MessageParcel messageParcel;
250 messageParcel.WriteBuffer(data, size);
251 messageParcel.RewindRead(0);
252 MessageParcel reply;
253 DelayedSingleton<BluetoothCallService>::GetInstance()->OnResetBtHearingAidDeviceList(messageParcel, reply);
254 }
255
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)256 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
257 {
258 if (data == nullptr || size == 0) {
259 return;
260 }
261
262 AnswerCall(data, size);
263 RejectCall(data, size);
264 HangUpCall(data, size);
265 GetBtCallState(data, size);
266 HoldCall(data, size);
267 UnHoldCall(data, size);
268 SwitchCall(data, size);
269 CombineConference(data, size);
270 SeparateConference(data, size);
271 KickOutFromConference(data, size);
272 StartDtmf(data, size);
273 StopDtmf(data, size);
274 GetCurrentCallList(data, size);
275 AddAudioDeviceList(data, size);
276 RemoveAudioDeviceList(data, size);
277 ResetNearlinkDeviceList(data, size);
278 ResetBtHearingAidDeviceList(data, size);
279 }
280 } // namespace OHOS
281
282 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)283 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
284 {
285 OHOS::AddCallTokenFuzzer token;
286 /* Run your code on data */
287 OHOS::DoSomethingInterestingWithMyAPI(data, size);
288 return 0;
289 }
290