1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "dialcall_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #define private public
21 #include "addcalltoken_fuzzer.h"
22 #include "call_ability_callback.h"
23
24 using namespace OHOS::Telephony;
25 namespace OHOS {
26 constexpr int32_t SLOT_NUM = 2;
27 constexpr int32_t ACTIVE_NUM = 2;
28 constexpr int32_t VEDIO_STATE_NUM = 2;
29 constexpr int32_t DIAL_SCENE_NUM = 3;
30 constexpr int32_t DIAL_TYPE_NUM = 3;
31 constexpr int32_t CALL_TYPE_NUM = 3;
32 constexpr int32_t CALL_ID_NUM = 10;
33
OnRegisterVoipCallManagerCallback(const uint8_t * data,size_t size)34 void OnRegisterVoipCallManagerCallback(const uint8_t *data, size_t size)
35 {
36 if (!IsServiceInited()) {
37 return;
38 }
39 MessageParcel messageParcel;
40 std::unique_ptr<CallAbilityCallback> callbackWrap = std::make_unique<CallAbilityCallback>();
41 if (callbackWrap == nullptr) {
42 return;
43 }
44 messageParcel.WriteBuffer(data, size);
45 messageParcel.RewindRead(0);
46 MessageParcel reply;
47 DelayedSingleton<CallManagerService>::GetInstance()->OnRegisterVoipCallManagerCallback(messageParcel, reply);
48 }
49
OnRemoteRequest(const uint8_t * data,size_t size)50 void OnRemoteRequest(const uint8_t *data, size_t size)
51 {
52 if (!IsServiceInited()) {
53 return;
54 }
55
56 MessageParcel messageParcel;
57 if (!messageParcel.WriteInterfaceToken(CallManagerServiceStub::GetDescriptor())) {
58 return;
59 }
60 messageParcel.RewindRead(0);
61 uint32_t code = static_cast<uint32_t>(*data);
62 MessageParcel reply;
63 MessageOption option;
64 DelayedSingleton<CallManagerService>::GetInstance()->OnRemoteRequest(code, messageParcel, reply, option);
65 }
66
OnRegisterCallBack(const uint8_t * data,size_t size)67 int32_t OnRegisterCallBack(const uint8_t *data, size_t size)
68 {
69 if (!IsServiceInited()) {
70 return TELEPHONY_ERROR;
71 }
72 MessageParcel messageParcel;
73 std::unique_ptr<CallAbilityCallback> callbackWrap = std::make_unique<CallAbilityCallback>();
74 if (callbackWrap == nullptr) {
75 return TELEPHONY_ERR_LOCAL_PTR_NULL;
76 }
77 messageParcel.WriteRemoteObject(callbackWrap.release()->AsObject().GetRefPtr());
78 messageParcel.WriteBuffer(data, size);
79 messageParcel.RewindRead(0);
80 MessageParcel reply;
81 return DelayedSingleton<CallManagerService>::GetInstance()->OnRegisterCallBack(messageParcel, reply);
82 }
83
HasCall(const uint8_t * data,size_t size)84 bool HasCall(const uint8_t *data, size_t size)
85 {
86 if (!IsServiceInited()) {
87 return TELEPHONY_ERROR;
88 }
89 MessageParcel messageParcel;
90 messageParcel.WriteBuffer(data, size);
91 messageParcel.RewindRead(0);
92 MessageParcel reply;
93 return DelayedSingleton<CallManagerService>::GetInstance()->OnHasCall(messageParcel, reply);
94 }
95
GetCallState(const uint8_t * data,size_t size)96 int32_t GetCallState(const uint8_t *data, size_t size)
97 {
98 if (!IsServiceInited()) {
99 return TELEPHONY_ERROR;
100 }
101 MessageParcel messageParcel;
102 messageParcel.WriteBuffer(data, size);
103 messageParcel.RewindRead(0);
104 MessageParcel reply;
105 return DelayedSingleton<CallManagerService>::GetInstance()->OnGetCallState(messageParcel, reply);
106 }
107
GetCallWaiting(const uint8_t * data,size_t size)108 int32_t GetCallWaiting(const uint8_t *data, size_t size)
109 {
110 if (!IsServiceInited()) {
111 return TELEPHONY_ERROR;
112 }
113 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
114 MessageParcel messageParcel;
115 messageParcel.WriteInt32(slotId);
116 messageParcel.WriteBuffer(data, size);
117 messageParcel.RewindRead(0);
118 MessageParcel reply;
119 return DelayedSingleton<CallManagerService>::GetInstance()->OnGetCallWaiting(messageParcel, reply);
120 }
121
IsRinging(const uint8_t * data,size_t size)122 bool IsRinging(const uint8_t *data, size_t size)
123 {
124 if (!IsServiceInited()) {
125 return false;
126 }
127 MessageParcel messageParcel;
128 messageParcel.WriteBuffer(data, size);
129 messageParcel.RewindRead(0);
130 MessageParcel reply;
131 return DelayedSingleton<CallManagerService>::GetInstance()->OnIsRinging(messageParcel, reply);
132 }
133
IsInEmergencyCall(const uint8_t * data,size_t size)134 bool IsInEmergencyCall(const uint8_t *data, size_t size)
135 {
136 if (!IsServiceInited()) {
137 return false;
138 }
139 MessageParcel messageParcel;
140 messageParcel.WriteBuffer(data, size);
141 messageParcel.RewindRead(0);
142 MessageParcel reply;
143 return DelayedSingleton<CallManagerService>::GetInstance()->OnIsInEmergencyCall(messageParcel, reply);
144 }
145
DialCall(const uint8_t * data,size_t size)146 int32_t DialCall(const uint8_t *data, size_t size)
147 {
148 if (!IsServiceInited()) {
149 return TELEPHONY_ERROR;
150 }
151 std::string number(reinterpret_cast<const char *>(data), size);
152 auto numberU16 = Str8ToStr16(number);
153 int32_t accountId = static_cast<int32_t>(size % SLOT_NUM);
154 int32_t videoState = static_cast<int32_t>(size % VEDIO_STATE_NUM);
155 int32_t dialScene = static_cast<int32_t>(size % DIAL_SCENE_NUM);
156 int32_t dialType = static_cast<int32_t>(size % DIAL_TYPE_NUM);
157 int32_t callType = static_cast<int32_t>(size % CALL_TYPE_NUM);
158 MessageParcel messageParcel;
159 messageParcel.WriteString16(numberU16);
160 messageParcel.WriteInt32(accountId);
161 messageParcel.WriteInt32(videoState);
162 messageParcel.WriteInt32(dialScene);
163 messageParcel.WriteInt32(dialType);
164 messageParcel.WriteInt32(callType);
165 messageParcel.RewindRead(0);
166
167 MessageParcel reply;
168 return DelayedSingleton<CallManagerService>::GetInstance()->OnDialCall(messageParcel, reply);
169 }
170
RemoveMissedIncomingCallNotification(const uint8_t * data,size_t size)171 void RemoveMissedIncomingCallNotification(const uint8_t *data, size_t size)
172 {
173 if (!IsServiceInited()) {
174 return;
175 }
176 MessageParcel messageParcel;
177 messageParcel.WriteBuffer(data, size);
178 messageParcel.RewindRead(0);
179 MessageParcel reply;
180 DelayedSingleton<CallManagerService>::GetInstance()->OnRemoveMissedIncomingCallNotification(
181 messageParcel, reply);
182 }
183
SetCallWaiting(const uint8_t * data,size_t size)184 int32_t SetCallWaiting(const uint8_t *data, size_t size)
185 {
186 if (!IsServiceInited()) {
187 return TELEPHONY_ERROR;
188 }
189 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
190 int32_t activate = static_cast<int32_t>(*data % ACTIVE_NUM);
191 MessageParcel messageParcel;
192 messageParcel.WriteInt32(slotId);
193 messageParcel.WriteBool(activate);
194 messageParcel.RewindRead(0);
195 MessageParcel reply;
196 return DelayedSingleton<CallManagerService>::GetInstance()->OnSetCallWaiting(messageParcel, reply);
197 }
198
SetCallRestriction(const uint8_t * data,size_t size)199 int32_t SetCallRestriction(const uint8_t *data, size_t size)
200 {
201 if (!IsServiceInited()) {
202 return TELEPHONY_ERROR;
203 }
204 CallRestrictionInfo info;
205 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
206 std::string msg(reinterpret_cast<const char *>(data), size);
207 int32_t length = msg.length() > kMaxNumberLen ? kMaxNumberLen : msg.length();
208 memcpy_s(info.password, kMaxNumberLen, msg.c_str(), length);
209 MessageParcel messageParcel;
210 messageParcel.WriteInt32(slotId);
211 messageParcel.WriteRawData((const void *)&info, sizeof(CallRestrictionInfo));
212 messageParcel.RewindRead(0);
213 MessageParcel reply;
214 return DelayedSingleton<CallManagerService>::GetInstance()->OnSetCallRestriction(messageParcel, reply);
215 }
216
JoinConference(const uint8_t * data,size_t size)217 int32_t JoinConference(const uint8_t *data, size_t size)
218 {
219 if (!IsServiceInited()) {
220 return TELEPHONY_ERROR;
221 }
222 int32_t callId = static_cast<int32_t>(*data % CALL_ID_NUM);
223 std::vector<std::u16string> numberList { u"0000000000" };
224 MessageParcel messageParcel;
225 messageParcel.WriteInt32(callId);
226 messageParcel.WriteString16Vector(numberList);
227 messageParcel.RewindRead(0);
228 MessageParcel reply;
229 return DelayedSingleton<CallManagerService>::GetInstance()->OnJoinConference(messageParcel, reply);
230 }
231
StartRtt(const uint8_t * data,size_t size)232 int32_t StartRtt(const uint8_t *data, size_t size)
233 {
234 if (!IsServiceInited()) {
235 return TELEPHONY_ERROR;
236 }
237
238 int32_t callId = static_cast<int32_t>(size % CALL_ID_NUM);
239 std::string msg(reinterpret_cast<const char *>(data), size);
240 MessageParcel messageParcel;
241 messageParcel.WriteInt32(callId);
242 messageParcel.WriteString(msg);
243 messageParcel.RewindRead(0);
244 MessageParcel reply;
245 return DelayedSingleton<CallManagerService>::GetInstance()->OnStartRtt(messageParcel, reply);
246 }
247
InputDialerSpecialCode(const uint8_t * data,size_t size)248 int32_t InputDialerSpecialCode(const uint8_t *data, size_t size)
249 {
250 if (!IsServiceInited()) {
251 return TELEPHONY_ERROR;
252 }
253 std::string specialCode(reinterpret_cast<const char *>(data), size);
254 MessageParcel messageParcel;
255 messageParcel.WriteString(specialCode);
256 messageParcel.RewindRead(0);
257 MessageParcel reply;
258 return DelayedSingleton<CallManagerService>::GetInstance()->OnInputDialerSpecialCode(messageParcel, reply);
259 }
260
CancelCallUpgrade(const uint8_t * data,size_t size)261 int32_t CancelCallUpgrade(const uint8_t *data, size_t size)
262 {
263 if (!IsServiceInited()) {
264 return TELEPHONY_ERROR;
265 }
266 MessageParcel messageParcel;
267 MessageParcel replyParcel;
268 int32_t callId = static_cast<int32_t>(*data % CALL_ID_NUM);
269 messageParcel.WriteInt32(callId);
270 messageParcel.RewindRead(0);
271 return DelayedSingleton<CallManagerService>::GetInstance()->OnCancelCallUpgrade(messageParcel, replyParcel);
272 }
273
RequestCameraCapabilities(const uint8_t * data,size_t size)274 int32_t RequestCameraCapabilities(const uint8_t *data, size_t size)
275 {
276 if (!IsServiceInited()) {
277 return TELEPHONY_ERROR;
278 }
279 MessageParcel messageParcel;
280 MessageParcel replyParcel;
281 int32_t callId = static_cast<int32_t>(*data % CALL_ID_NUM);
282 messageParcel.WriteInt32(callId);
283 messageParcel.RewindRead(0);
284 return DelayedSingleton<CallManagerService>::GetInstance()->OnRequestCameraCapabilities(messageParcel, replyParcel);
285 }
286
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)287 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
288 {
289 if (data == nullptr || size == 0) {
290 return;
291 }
292 OnRegisterVoipCallManagerCallback(data, size);
293 OnRemoteRequest(data, size);
294 OnRegisterCallBack(data, size);
295 HasCall(data, size);
296 GetCallState(data, size);
297 GetCallWaiting(data, size);
298 IsRinging(data, size);
299 IsInEmergencyCall(data, size);
300 DialCall(data, size);
301 RemoveMissedIncomingCallNotification(data, size);
302 SetCallWaiting(data, size);
303 SetCallRestriction(data, size);
304 JoinConference(data, size);
305 StartRtt(data, size);
306 InputDialerSpecialCode(data, size);
307 CancelCallUpgrade(data, size);
308 RequestCameraCapabilities(data, size);
309 }
310 } // namespace OHOS
311
312 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)313 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
314 {
315 OHOS::AddCallTokenFuzzer token;
316 /* Run your code on data */
317 OHOS::DoSomethingInterestingWithMyAPI(data, size);
318 return 0;
319 }
320