1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "callmanagerservicestub_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <fuzzer/FuzzedDataProvider.h>
21 #define private public
22 #include "addcalltoken_fuzzer.h"
23 #include "call_manager_service_stub.h"
24 #include "call_ability_callback.h"
25 #include "surface_utils.h"
26
27 using namespace OHOS::Telephony;
28 namespace OHOS {
29 constexpr int32_t SLOT_NUM = 2;
30 constexpr int32_t ACTIVE_NUM = 2;
31 constexpr int32_t VEDIO_STATE_NUM = 2;
32 constexpr int32_t DIAL_SCENE_NUM = 3;
33 constexpr int32_t DIAL_TYPE_NUM = 3;
34 constexpr int32_t CALL_TYPE_NUM = 3;
35 constexpr int32_t CALL_ID_NUM = 10;
36 constexpr int32_t AUDIO_DEVICE_NUM = 6;
37
OnRegisterVoipCallManagerCallback(const uint8_t * data,size_t size)38 void OnRegisterVoipCallManagerCallback(const uint8_t *data, size_t size)
39 {
40 if (!IsServiceInited()) {
41 return;
42 }
43 MessageParcel messageParcel;
44 std::unique_ptr<CallAbilityCallback> callbackWrap = std::make_unique<CallAbilityCallback>();
45 if (callbackWrap == nullptr) {
46 return;
47 }
48 messageParcel.WriteBuffer(data, size);
49 messageParcel.RewindRead(0);
50 MessageParcel reply;
51 DelayedSingleton<CallManagerService>::GetInstance()->OnRegisterVoipCallManagerCallback(messageParcel, reply);
52 }
53
OnUnRegisterVoipCallManagerCallback(const uint8_t * data,size_t size)54 void OnUnRegisterVoipCallManagerCallback(const uint8_t *data, size_t size)
55 {
56 if (!IsServiceInited()) {
57 return;
58 }
59 MessageParcel messageParcel;
60 messageParcel.WriteBuffer(data, size);
61 messageParcel.RewindRead(0);
62 MessageParcel reply;
63 DelayedSingleton<CallManagerService>::GetInstance()->OnUnRegisterVoipCallManagerCallback(messageParcel, reply);
64 }
65
GetProxyObjectPtr(const uint8_t * data,size_t size)66 int32_t GetProxyObjectPtr(const uint8_t *data, size_t size)
67 {
68 if (!IsServiceInited()) {
69 return TELEPHONY_ERROR;
70 }
71 int32_t type = static_cast<int32_t>(*data);
72 MessageParcel messageParcel;
73 messageParcel.WriteInt32(type);
74 MessageParcel reply;
75 return DelayedSingleton<CallManagerService>::GetInstance()->OnGetProxyObjectPtr(messageParcel, reply);
76 }
77
SetVoIPCallState(const uint8_t * data,size_t size)78 int32_t SetVoIPCallState(const uint8_t *data, size_t size)
79 {
80 if (!IsServiceInited()) {
81 return TELEPHONY_ERROR;
82 }
83 int32_t state = static_cast<int32_t>(*data % SLOT_NUM);
84 MessageParcel messageParcel;
85 messageParcel.WriteInt32(state);
86 MessageParcel reply;
87 return DelayedSingleton<CallManagerService>::GetInstance()->OnSetVoIPCallState(messageParcel, reply);
88 }
89
ReportAudioDeviceInfo(const uint8_t * data,size_t size)90 int32_t ReportAudioDeviceInfo(const uint8_t *data, size_t size)
91 {
92 if (!IsServiceInited()) {
93 return TELEPHONY_ERROR;
94 }
95 MessageParcel messageParcel;
96 messageParcel.WriteBuffer(data, size);
97 messageParcel.RewindRead(0);
98 MessageParcel reply;
99 return DelayedSingleton<CallManagerService>::GetInstance()->OnReportAudioDeviceInfo(messageParcel, reply);
100 }
101
PostDialProceed(const uint8_t * data,size_t size)102 int32_t PostDialProceed(const uint8_t *data, size_t size)
103 {
104 if (!IsServiceInited()) {
105 return TELEPHONY_ERROR;
106 }
107 MessageParcel messageParcel;
108 MessageParcel reply;
109 int32_t callId = static_cast<int32_t>(*data % CALL_ID_NUM);
110 int32_t activate = static_cast<int32_t>(*data % ACTIVE_NUM);
111 messageParcel.WriteInt32(callId);
112 messageParcel.WriteBool(activate);
113 return DelayedSingleton<CallManagerService>::GetInstance()->OnPostDialProceed(messageParcel, reply);
114 }
115
GetVoIPCallState(const uint8_t * data,size_t size)116 int32_t GetVoIPCallState(const uint8_t *data, size_t size)
117 {
118 if (!IsServiceInited()) {
119 return TELEPHONY_ERROR;
120 }
121 MessageParcel messageParcel;
122 messageParcel.WriteBuffer(data, size);
123 messageParcel.RewindRead(0);
124 MessageParcel reply;
125 return DelayedSingleton<CallManagerService>::GetInstance()->OnGetVoIPCallState(messageParcel, reply);
126 }
127
CanSetCallTransferTime(const uint8_t * data,size_t size)128 int32_t CanSetCallTransferTime(const uint8_t *data, size_t size)
129 {
130 if (!IsServiceInited()) {
131 return TELEPHONY_ERROR;
132 }
133
134 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
135 MessageParcel messageParcel;
136 CallTransferInfo info;
137 (void)memcpy_s(info.transferNum, kMaxNumberLen, reinterpret_cast<const char *>(data), size);
138 info.settingType = CallTransferSettingType::CALL_TRANSFER_ENABLE;
139 info.type = CallTransferType::TRANSFER_TYPE_BUSY;
140 int32_t activate = static_cast<int32_t>(size % ACTIVE_NUM);
141 messageParcel.WriteInt32(slotId);
142 messageParcel.WriteBool(activate);
143 messageParcel.WriteRawData((const void *)&info, sizeof(CallTransferInfo));
144 messageParcel.RewindRead(0);
145 MessageParcel reply;
146 return DelayedSingleton<CallManagerService>::GetInstance()->OnCanSetCallTransferTime(messageParcel, reply);
147 }
148
ObserverOnCallDetailsChange(const uint8_t * data,size_t size)149 int32_t ObserverOnCallDetailsChange(const uint8_t *data, size_t size)
150 {
151 if (!IsServiceInited()) {
152 return TELEPHONY_ERROR;
153 }
154
155 MessageParcel messageParcel;
156 messageParcel.WriteBuffer(data, size);
157 messageParcel.RewindRead(0);
158 MessageParcel reply;
159 return DelayedSingleton<CallManagerService>::GetInstance()->OnObserverOnCallDetailsChange(messageParcel, reply);
160 }
161
SetVoNRState(const uint8_t * data,size_t size)162 int32_t SetVoNRState(const uint8_t *data, size_t size)
163 {
164 if (!IsServiceInited()) {
165 return TELEPHONY_ERROR;
166 }
167 int32_t slotId = static_cast<int32_t>(*data % SLOT_NUM);
168 int32_t state = static_cast<int32_t>(*data % SLOT_NUM);
169 MessageParcel messageParcel;
170 messageParcel.WriteInt32(slotId);
171 messageParcel.WriteInt32(state);
172 MessageParcel reply;
173 return DelayedSingleton<CallManagerService>::GetInstance()->OnSetVoNRState(messageParcel, reply);
174 }
175
KickOutFromConference(const uint8_t * data,size_t size)176 int32_t KickOutFromConference(const uint8_t *data, size_t size)
177 {
178 if (!IsServiceInited()) {
179 return TELEPHONY_ERROR;
180 }
181 int32_t callId = static_cast<int32_t>(*data);
182 MessageParcel messageParcel;
183 messageParcel.WriteInt32(callId);
184 MessageParcel reply;
185 return DelayedSingleton<CallManagerService>::GetInstance()->OnKickOutFromConference(messageParcel, reply);
186 }
187
SetCallRestrictionPassword(const uint8_t * data,size_t size)188 int32_t SetCallRestrictionPassword(const uint8_t *data, size_t size)
189 {
190 if (!IsServiceInited()) {
191 return TELEPHONY_ERROR;
192 }
193 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
194 MessageParcel messageParcel;
195 messageParcel.WriteInt32(slotId);
196 messageParcel.WriteInt32(static_cast<int32_t>(size));
197 messageParcel.WriteBuffer(data, size);
198 messageParcel.RewindRead(0);
199 MessageParcel reply;
200 return DelayedSingleton<CallManagerService>::GetInstance()->OnSetCallRestrictionPassword(messageParcel, reply);
201 }
202
DoFuzzCallManagerService(const uint8_t * data,size_t size)203 void DoFuzzCallManagerService(const uint8_t *data, size_t size)
204 {
205 auto callManagerService = DelayedSingleton<CallManagerService>::GetInstance();
206 callManagerService->OnStart();
207 FuzzedDataProvider fdp(data, size);
208 uint32_t code = fdp.ConsumeIntegralInRange<uint32_t>(0, 72);
209 if (fdp.remaining_bytes() == 0) {
210 return;
211 }
212 std::u16string service_token = u"OHOS.Telephony.ICallManagerService";
213 MessageOption option;
214 MessageParcel messageParcel;
215 MessageParcel replyParcel;
216 std::vector<uint8_t> subData =
217 fdp.ConsumeBytes<uint8_t>(fdp.ConsumeIntegralInRange<size_t>(0, fdp.remaining_bytes()));
218 messageParcel.WriteInterfaceToken(service_token);
219 messageParcel.WriteBuffer(subData.data(), subData.size());
220 callManagerService->OnRemoteRequest(code, messageParcel, replyParcel, option);
221 }
222
RegisterBluetoothCallManagerCallbackPtr(const uint8_t * data,size_t size)223 int32_t RegisterBluetoothCallManagerCallbackPtr(const uint8_t *data, size_t size)
224 {
225 if (!IsServiceInited()) {
226 return TELEPHONY_ERROR;
227 }
228 std::string str = "";
229 MessageParcel messageParcel;
230 messageParcel.WriteString(str);
231 messageParcel.WriteBuffer(data, size);
232 messageParcel.RewindRead(0);
233 MessageParcel reply;
234 return DelayedSingleton<CallManagerService>::GetInstance()->OnRegisterBluetoothCallManagerCallbackPtr(
235 messageParcel, reply);
236 }
237
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)238 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
239 {
240 if (data == nullptr || size == 0) {
241 return;
242 }
243 OnRegisterVoipCallManagerCallback(data, size);
244 CanSetCallTransferTime(data, size);
245 ObserverOnCallDetailsChange(data, size);
246 SetVoNRState(data, size);
247 KickOutFromConference(data, size);
248 SetCallRestrictionPassword(data, size);
249 GetVoIPCallState(data, size);
250 SetVoIPCallState(data, size);
251 GetProxyObjectPtr(data, size);
252 ReportAudioDeviceInfo(data, size);
253 PostDialProceed(data, size);
254 OnUnRegisterVoipCallManagerCallback(data, size);
255 DoFuzzCallManagerService(data, size);
256 RegisterBluetoothCallManagerCallbackPtr(data, size);
257 }
258 } // namespace OHOS
259
260 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)261 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
262 {
263 OHOS::AddCallTokenFuzzer token;
264 /* Run your code on data */
265 OHOS::DoSomethingInterestingWithMyAPI(data, size);
266 return 0;
267 }
268