1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "callmanagerservicestub_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #include <fuzzer/FuzzedDataProvider.h>
21 #define private public
22 #include "addcalltoken_fuzzer.h"
23 #include "call_manager_service_stub.h"
24 #include "call_ability_callback.h"
25 #include "surface_utils.h"
26
27 using namespace OHOS::Telephony;
28 namespace OHOS {
29 constexpr int32_t SLOT_NUM = 2;
30 constexpr int32_t ACTIVE_NUM = 2;
31 constexpr int32_t VEDIO_STATE_NUM = 2;
32 constexpr int32_t DIAL_SCENE_NUM = 3;
33 constexpr int32_t DIAL_TYPE_NUM = 3;
34 constexpr int32_t CALL_TYPE_NUM = 3;
35 constexpr int32_t CALL_ID_NUM = 10;
36 constexpr int32_t AUDIO_DEVICE_NUM = 6;
37
OnRegisterVoipCallManagerCallback(const uint8_t * data,size_t size)38 void OnRegisterVoipCallManagerCallback(const uint8_t *data, size_t size)
39 {
40 if (!IsServiceInited()) {
41 return;
42 }
43 MessageParcel dataMessageParcel;
44 std::unique_ptr<CallAbilityCallback> callbackWrap = std::make_unique<CallAbilityCallback>();
45 if (callbackWrap == nullptr) {
46 return;
47 }
48 dataMessageParcel.WriteRemoteObject(callbackWrap.release()->AsObject().GetRefPtr());
49 MessageParcel reply;
50 DelayedSingleton<CallManagerService>::GetInstance()->OnRegisterVoipCallManagerCallback(dataMessageParcel, reply);
51 }
52
OnUnRegisterVoipCallManagerCallback(const uint8_t * data,size_t size)53 void OnUnRegisterVoipCallManagerCallback(const uint8_t *data, size_t size)
54 {
55 if (!IsServiceInited()) {
56 return;
57 }
58 MessageParcel dataMessageParcel;
59 MessageParcel reply;
60 DelayedSingleton<CallManagerService>::GetInstance()->OnUnRegisterVoipCallManagerCallback(dataMessageParcel, reply);
61 }
62
GetProxyObjectPtr(const uint8_t * data,size_t size)63 int32_t GetProxyObjectPtr(const uint8_t *data, size_t size)
64 {
65 if (!IsServiceInited()) {
66 return TELEPHONY_ERROR;
67 }
68 int32_t type = static_cast<int32_t>(size);
69 MessageParcel dataParcel;
70 dataParcel.WriteInt32(type);
71 MessageParcel reply;
72 return DelayedSingleton<CallManagerService>::GetInstance()->OnGetProxyObjectPtr(dataParcel, reply);
73 }
74
SetVoIPCallState(const uint8_t * data,size_t size)75 int32_t SetVoIPCallState(const uint8_t *data, size_t size)
76 {
77 if (!IsServiceInited()) {
78 return TELEPHONY_ERROR;
79 }
80 int32_t state = static_cast<int32_t>(size % SLOT_NUM);
81 MessageParcel dataParcel;
82 dataParcel.WriteInt32(state);
83 MessageParcel reply;
84 return DelayedSingleton<CallManagerService>::GetInstance()->OnSetVoIPCallState(dataParcel, reply);
85 }
86
ReportAudioDeviceInfo(const uint8_t * data,size_t size)87 int32_t ReportAudioDeviceInfo(const uint8_t *data, size_t size)
88 {
89 if (!IsServiceInited()) {
90 return TELEPHONY_ERROR;
91 }
92 MessageParcel dataParcel;
93 MessageParcel reply;
94 return DelayedSingleton<CallManagerService>::GetInstance()->OnReportAudioDeviceInfo(dataParcel, reply);
95 }
96
PostDialProceed(const uint8_t * data,size_t size)97 int32_t PostDialProceed(const uint8_t *data, size_t size)
98 {
99 if (!IsServiceInited()) {
100 return TELEPHONY_ERROR;
101 }
102 MessageParcel dataParcel;
103 MessageParcel reply;
104 int32_t callId = static_cast<int32_t>(size % CALL_ID_NUM);
105 int32_t activate = static_cast<int32_t>(size % ACTIVE_NUM);
106 dataParcel.WriteInt32(callId);
107 dataParcel.WriteBool(activate);
108 return DelayedSingleton<CallManagerService>::GetInstance()->OnPostDialProceed(dataParcel, reply);
109 }
110
GetVoIPCallState(const uint8_t * data,size_t size)111 int32_t GetVoIPCallState(const uint8_t *data, size_t size)
112 {
113 if (!IsServiceInited()) {
114 return TELEPHONY_ERROR;
115 }
116 MessageParcel dataParcel;
117 MessageParcel reply;
118 return DelayedSingleton<CallManagerService>::GetInstance()->OnGetVoIPCallState(dataParcel, reply);
119 }
120
CanSetCallTransferTime(const uint8_t * data,size_t size)121 int32_t CanSetCallTransferTime(const uint8_t *data, size_t size)
122 {
123 if (!IsServiceInited()) {
124 return TELEPHONY_ERROR;
125 }
126
127 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
128 MessageParcel dataMessageParcel;
129 CallTransferInfo info;
130 (void)memcpy_s(info.transferNum, kMaxNumberLen, reinterpret_cast<const char *>(data), size);
131 info.settingType = CallTransferSettingType::CALL_TRANSFER_ENABLE;
132 info.type = CallTransferType::TRANSFER_TYPE_BUSY;
133 int32_t activate = static_cast<int32_t>(size % ACTIVE_NUM);
134 dataMessageParcel.WriteInt32(slotId);
135 dataMessageParcel.WriteBool(activate);
136 dataMessageParcel.WriteRawData((const void *)&info, sizeof(CallTransferInfo));
137 dataMessageParcel.RewindRead(0);
138 MessageParcel reply;
139 return DelayedSingleton<CallManagerService>::GetInstance()->OnCanSetCallTransferTime(dataMessageParcel, reply);
140 }
141
ObserverOnCallDetailsChange(const uint8_t * data,size_t size)142 int32_t ObserverOnCallDetailsChange(const uint8_t *data, size_t size)
143 {
144 if (!IsServiceInited()) {
145 return TELEPHONY_ERROR;
146 }
147
148 MessageParcel dataMessageParcel;
149 MessageParcel reply;
150 return DelayedSingleton<CallManagerService>::GetInstance()->OnObserverOnCallDetailsChange(dataMessageParcel, reply);
151 }
152
SetVoNRState(const uint8_t * data,size_t size)153 int32_t SetVoNRState(const uint8_t *data, size_t size)
154 {
155 if (!IsServiceInited()) {
156 return TELEPHONY_ERROR;
157 }
158 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
159 int32_t state = static_cast<int32_t>(size % SLOT_NUM);
160 MessageParcel dataParcel;
161 dataParcel.WriteInt32(slotId);
162 dataParcel.WriteInt32(state);
163 MessageParcel reply;
164 return DelayedSingleton<CallManagerService>::GetInstance()->OnSetVoNRState(dataParcel, reply);
165 }
166
KickOutFromConference(const uint8_t * data,size_t size)167 int32_t KickOutFromConference(const uint8_t *data, size_t size)
168 {
169 if (!IsServiceInited()) {
170 return TELEPHONY_ERROR;
171 }
172 int32_t callId = static_cast<int32_t>(size);
173 MessageParcel dataParcel;
174 dataParcel.WriteInt32(callId);
175 MessageParcel reply;
176 return DelayedSingleton<CallManagerService>::GetInstance()->OnKickOutFromConference(dataParcel, reply);
177 }
178
SetCallRestrictionPassword(const uint8_t * data,size_t size)179 int32_t SetCallRestrictionPassword(const uint8_t *data, size_t size)
180 {
181 if (!IsServiceInited()) {
182 return TELEPHONY_ERROR;
183 }
184 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
185 MessageParcel dataParcel;
186 dataParcel.WriteInt32(slotId);
187 dataParcel.WriteInt32(static_cast<int32_t>(size));
188 dataParcel.WriteBuffer(data, size);
189 dataParcel.RewindRead(0);
190 MessageParcel reply;
191 return DelayedSingleton<CallManagerService>::GetInstance()->OnSetCallRestrictionPassword(dataParcel, reply);
192 }
193
DoFuzzCallManagerService(const uint8_t * data,size_t size)194 void DoFuzzCallManagerService(const uint8_t *data, size_t size)
195 {
196 auto callManagerService = DelayedSingleton<CallManagerService>::GetInstance();
197 callManagerService->OnStart();
198 FuzzedDataProvider fdp(data, size);
199 uint32_t code = fdp.ConsumeIntegralInRange<uint32_t>(0, 72);
200 if (fdp.remaining_bytes() == 0) {
201 return;
202 }
203 std::u16string service_token = u"OHOS.Telephony.ICallManagerService";
204 MessageOption option;
205 MessageParcel dataParcel;
206 MessageParcel replyParcel;
207 std::vector<uint8_t> subData =
208 fdp.ConsumeBytes<uint8_t>(fdp.ConsumeIntegralInRange<size_t>(0, fdp.remaining_bytes()));
209 dataParcel.WriteInterfaceToken(service_token);
210 dataParcel.WriteBuffer(subData.data(), subData.size());
211 callManagerService->OnRemoteRequest(code, dataParcel, replyParcel, option);
212 }
213
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)214 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
215 {
216 if (data == nullptr || size == 0) {
217 return;
218 }
219 OnRegisterVoipCallManagerCallback(data, size);
220 CanSetCallTransferTime(data, size);
221 ObserverOnCallDetailsChange(data, size);
222 SetVoNRState(data, size);
223 KickOutFromConference(data, size);
224 SetCallRestrictionPassword(data, size);
225 GetVoIPCallState(data, size);
226 SetVoIPCallState(data, size);
227 GetProxyObjectPtr(data, size);
228 ReportAudioDeviceInfo(data, size);
229 PostDialProceed(data, size);
230 OnUnRegisterVoipCallManagerCallback(data, size);
231 DoFuzzCallManagerService(data, size);
232 }
233 } // namespace OHOS
234
235 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)236 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
237 {
238 OHOS::AddCallTokenFuzzer token;
239 /* Run your code on data */
240 OHOS::DoSomethingInterestingWithMyAPI(data, size);
241 return 0;
242 }
243