1 /*
2 * Copyright (c) 2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "telephonyobserver_fuzzer.h"
16
17 #include <cstddef>
18 #include <cstdint>
19 #include "addstateregistrytoken_fuzzer.h"
20 #include <fuzzer/FuzzedDataProvider.h>
21 #define private public
22 #include "securec.h"
23 #include "system_ability_definition.h"
24 #include "telephony_observer.h"
25 #include "telephony_observer_broker.h"
26 #include "telephony_state_manager.h"
27 #include "telephony_state_registry_service.h"
28
29 using namespace OHOS::Telephony;
30 namespace OHOS {
31 static bool g_isInited = false;
32 constexpr int32_t ROAMING_NUM = 4;
33 constexpr int32_t REG_NUM = 6;
34 constexpr int32_t NR_NUM = 7;
35 constexpr int32_t RADIO_NUM = 13;
36 constexpr int32_t MIN_SLOT_ID = -1;
37 constexpr int32_t MAX_SLOT_ID = 4;
38 TelephonyObserver telephonyObserver;
39
GetRandomInt(int min,int max,const uint8_t * data,size_t size)40 int32_t GetRandomInt(int min, int max, const uint8_t *data, size_t size)
41 {
42 FuzzedDataProvider fdp(data, size);
43 return fdp.ConsumeIntegralInRange<int32_t>(min, max);
44 }
45
IsServiceInited()46 bool IsServiceInited()
47 {
48 if (!g_isInited) {
49 DelayedSingleton<TelephonyStateRegistryService>::GetInstance()->OnStart();
50 if (DelayedSingleton<TelephonyStateRegistryService>::GetInstance()->GetServiceRunningState() ==
51 static_cast<int32_t>(ServiceRunningState::STATE_RUNNING)) {
52 g_isInited = true;
53 }
54 }
55 return g_isInited;
56 }
57
OnRemoteRequest(const uint8_t * data,size_t size)58 void OnRemoteRequest(const uint8_t *data, size_t size)
59 {
60 if (!IsServiceInited()) {
61 return;
62 }
63 MessageParcel dataMessageParcel;
64 if (!dataMessageParcel.WriteInterfaceToken(TelephonyObserver::GetDescriptor())) {
65 return;
66 }
67 dataMessageParcel.WriteBuffer(data, size);
68 dataMessageParcel.RewindRead(0);
69 int32_t maxCode = static_cast<int32_t>(TelephonyObserver::ObserverBrokerCode::ON_ICC_ACCOUNT_UPDATED) + 1;
70 uint32_t code = static_cast<uint32_t>(GetRandomInt(0, maxCode, data, size));
71 MessageParcel reply;
72 MessageOption option;
73 telephonyObserver.OnRemoteRequest(code, dataMessageParcel, reply, option);
74 }
75
CallStateUpdatedInner(const uint8_t * data,size_t size)76 void CallStateUpdatedInner(const uint8_t *data, size_t size)
77 {
78 if (!IsServiceInited()) {
79 return;
80 }
81 int32_t slotId = GetRandomInt(MIN_SLOT_ID, MAX_SLOT_ID, data, size);
82 int32_t maxState = static_cast<int32_t>(Telephony::CallStatus::CALL_STATUS_ANSWERED) + 1;
83 int32_t callState = GetRandomInt(-1, maxState, data, size);
84 std::string phoneNumber(reinterpret_cast<const char *>(data), size);
85 MessageParcel dataMessageParcel;
86 dataMessageParcel.WriteInt32(slotId);
87 dataMessageParcel.WriteInt32(callState);
88 dataMessageParcel.WriteString16(Str8ToStr16(phoneNumber));
89 dataMessageParcel.RewindRead(0);
90 MessageParcel reply;
91 telephonyObserver.OnCallStateUpdatedInner(dataMessageParcel, reply);
92 }
93
SignalInfoUpdatedInner(const uint8_t * data,size_t size)94 void SignalInfoUpdatedInner(const uint8_t *data, size_t size)
95 {
96 if (!IsServiceInited()) {
97 return;
98 }
99 int32_t slotId = GetRandomInt(MIN_SLOT_ID, MAX_SLOT_ID, data, size);
100 MessageParcel dataMessageParcel;
101 dataMessageParcel.WriteInt32(slotId);
102 dataMessageParcel.RewindRead(0);
103 MessageParcel reply;
104 telephonyObserver.OnSignalInfoUpdatedInner(dataMessageParcel, reply);
105 }
106
NetworkStateUpdatedInner(const uint8_t * data,size_t size)107 void NetworkStateUpdatedInner(const uint8_t *data, size_t size)
108 {
109 if (!IsServiceInited()) {
110 return;
111 }
112 int32_t slotId = GetRandomInt(MIN_SLOT_ID, MAX_SLOT_ID, data, size);
113 MessageParcel dataMessageParcel;
114 dataMessageParcel.WriteInt32(slotId);
115 auto networkState = std::make_shared<NetworkState>();
116 if (networkState == nullptr) {
117 return;
118 }
119 networkState->isEmergency_ = GetRandomInt(0, 1, data, size);
120 std::string mOperatorNumeric(reinterpret_cast<const char *>(data), size);
121 std::string mFullName(reinterpret_cast<const char *>(data), size);
122 std::string mShortName(reinterpret_cast<const char *>(data), size);
123 networkState->psOperatorInfo_.operatorNumeric = mOperatorNumeric;
124 networkState->psOperatorInfo_.fullName = mFullName;
125 networkState->psOperatorInfo_.shortName = mShortName;
126 networkState->csOperatorInfo_.operatorNumeric = mOperatorNumeric;
127 networkState->csOperatorInfo_.fullName = mFullName;
128 networkState->csOperatorInfo_.shortName = mShortName;
129 networkState->csRoaming_ = static_cast<RoamingType>(GetRandomInt(0, ROAMING_NUM, data, size));
130 networkState->psRoaming_ = static_cast<RoamingType>(GetRandomInt(0, ROAMING_NUM, data, size));
131 networkState->psRegStatus_ = static_cast<RegServiceState>(GetRandomInt(0, REG_NUM, data, size));
132 networkState->csRegStatus_ = static_cast<RegServiceState>(GetRandomInt(0, REG_NUM, data, size));
133 networkState->psRadioTech_ = static_cast<RadioTech>(GetRandomInt(0, RADIO_NUM, data, size));
134 networkState->lastPsRadioTech_ = static_cast<RadioTech>(GetRandomInt(0, RADIO_NUM, data, size));
135 networkState->lastCfgTech_ = static_cast<RadioTech>(GetRandomInt(0, RADIO_NUM, data, size));
136 networkState->csRadioTech_ = static_cast<RadioTech>(GetRandomInt(0, RADIO_NUM, data, size));
137 networkState->cfgTech_ = static_cast<RadioTech>(GetRandomInt(0, RADIO_NUM, data, size));
138 networkState->nrState_ = static_cast<NrState>(GetRandomInt(0, NR_NUM, data, size));
139 networkState->Marshalling(dataMessageParcel);
140 dataMessageParcel.RewindRead(0);
141 MessageParcel reply;
142 telephonyObserver.OnNetworkStateUpdatedInner(dataMessageParcel, reply);
143 }
144
CellInfoUpdatedInner(const uint8_t * data,size_t size)145 void CellInfoUpdatedInner(const uint8_t *data, size_t size)
146 {
147 if (!IsServiceInited()) {
148 return;
149 }
150 int32_t slotId = GetRandomInt(MIN_SLOT_ID, MAX_SLOT_ID, data, size);
151 MessageParcel dataMessageParcel;
152 dataMessageParcel.WriteInt32(slotId);
153 dataMessageParcel.RewindRead(0);
154 MessageParcel reply;
155 telephonyObserver.OnCellInfoUpdatedInner(dataMessageParcel, reply);
156 }
157
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)158 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
159 {
160 if (data == nullptr || size == 0) {
161 return;
162 }
163 OnRemoteRequest(data, size);
164 CallStateUpdatedInner(data, size);
165 SignalInfoUpdatedInner(data, size);
166 NetworkStateUpdatedInner(data, size);
167 CellInfoUpdatedInner(data, size);
168 return;
169 }
170 } // namespace OHOS
171
172 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)173 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
174 {
175 OHOS::AddStateRegistryTokenFuzzer token;
176 /* Run your code on data */
177 OHOS::DoSomethingInterestingWithMyAPI(data, size);
178 return 0;
179 }
180