1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "dialcall_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #define private public
21 #include "addcalltoken_fuzzer.h"
22 #include "call_ability_callback.h"
23
24 using namespace OHOS::Telephony;
25 namespace OHOS {
26 constexpr int32_t SLOT_NUM = 2;
27 constexpr int32_t ACTIVE_NUM = 2;
28 constexpr int32_t VEDIO_STATE_NUM = 2;
29 constexpr int32_t DIAL_SCENE_NUM = 3;
30 constexpr int32_t DIAL_TYPE_NUM = 3;
31 constexpr int32_t CALL_TYPE_NUM = 3;
32 constexpr int32_t CALL_ID_NUM = 10;
33
OnRegisterVoipCallManagerCallback(const uint8_t * data,size_t size)34 void OnRegisterVoipCallManagerCallback(const uint8_t *data, size_t size)
35 {
36 if (!IsServiceInited()) {
37 return;
38 }
39 MessageParcel dataMessageParcel;
40 std::unique_ptr<CallAbilityCallback> callbackWrap = std::make_unique<CallAbilityCallback>();
41 if (callbackWrap == nullptr) {
42 return;
43 }
44 dataMessageParcel.WriteRemoteObject(callbackWrap.release()->AsObject().GetRefPtr());
45 MessageParcel reply;
46 DelayedSingleton<CallManagerService>::GetInstance()->OnRegisterVoipCallManagerCallback(dataMessageParcel, reply);
47 }
48
OnRemoteRequest(const uint8_t * data,size_t size)49 void OnRemoteRequest(const uint8_t *data, size_t size)
50 {
51 if (!IsServiceInited()) {
52 return;
53 }
54
55 MessageParcel dataMessageParcel;
56 if (!dataMessageParcel.WriteInterfaceToken(CallManagerServiceStub::GetDescriptor())) {
57 return;
58 }
59 dataMessageParcel.RewindRead(0);
60 uint32_t code = static_cast<uint32_t>(size);
61 MessageParcel reply;
62 MessageOption option;
63 DelayedSingleton<CallManagerService>::GetInstance()->OnRemoteRequest(code, dataMessageParcel, reply, option);
64 }
65
OnRegisterCallBack(const uint8_t * data,size_t size)66 int32_t OnRegisterCallBack(const uint8_t *data, size_t size)
67 {
68 if (!IsServiceInited()) {
69 return TELEPHONY_ERROR;
70 }
71 MessageParcel dataMessageParcel;
72 std::unique_ptr<CallAbilityCallback> callbackWrap = std::make_unique<CallAbilityCallback>();
73 if (callbackWrap == nullptr) {
74 return TELEPHONY_ERR_LOCAL_PTR_NULL;
75 }
76 dataMessageParcel.WriteRemoteObject(callbackWrap.release()->AsObject().GetRefPtr());
77 MessageParcel reply;
78 return DelayedSingleton<CallManagerService>::GetInstance()->OnRegisterCallBack(dataMessageParcel, reply);
79 }
80
HasCall(const uint8_t * data,size_t size)81 bool HasCall(const uint8_t *data, size_t size)
82 {
83 if (!IsServiceInited()) {
84 return TELEPHONY_ERROR;
85 }
86 MessageParcel dataParcel;
87 dataParcel.WriteBuffer(data, size);
88 dataParcel.RewindRead(0);
89 MessageParcel reply;
90 return DelayedSingleton<CallManagerService>::GetInstance()->OnHasCall(dataParcel, reply);
91 }
92
GetCallState(const uint8_t * data,size_t size)93 int32_t GetCallState(const uint8_t *data, size_t size)
94 {
95 if (!IsServiceInited()) {
96 return TELEPHONY_ERROR;
97 }
98 MessageParcel dataParcel;
99 dataParcel.WriteBuffer(data, size);
100 dataParcel.RewindRead(0);
101 MessageParcel reply;
102 return DelayedSingleton<CallManagerService>::GetInstance()->OnGetCallState(dataParcel, reply);
103 }
104
GetCallWaiting(const uint8_t * data,size_t size)105 int32_t GetCallWaiting(const uint8_t *data, size_t size)
106 {
107 if (!IsServiceInited()) {
108 return TELEPHONY_ERROR;
109 }
110 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
111 MessageParcel dataParcel;
112 dataParcel.WriteInt32(slotId);
113 dataParcel.WriteBuffer(data, size);
114 dataParcel.RewindRead(0);
115 MessageParcel reply;
116 return DelayedSingleton<CallManagerService>::GetInstance()->OnGetCallWaiting(dataParcel, reply);
117 }
118
IsRinging(const uint8_t * data,size_t size)119 bool IsRinging(const uint8_t *data, size_t size)
120 {
121 if (!IsServiceInited()) {
122 return false;
123 }
124 MessageParcel dataParcel;
125 dataParcel.WriteBuffer(data, size);
126 dataParcel.RewindRead(0);
127 MessageParcel reply;
128 return DelayedSingleton<CallManagerService>::GetInstance()->OnIsRinging(dataParcel, reply);
129 }
130
IsInEmergencyCall(const uint8_t * data,size_t size)131 bool IsInEmergencyCall(const uint8_t *data, size_t size)
132 {
133 if (!IsServiceInited()) {
134 return false;
135 }
136 MessageParcel dataParcel;
137 dataParcel.WriteBuffer(data, size);
138 dataParcel.RewindRead(0);
139 MessageParcel reply;
140 return DelayedSingleton<CallManagerService>::GetInstance()->OnIsInEmergencyCall(dataParcel, reply);
141 }
142
DialCall(const uint8_t * data,size_t size)143 int32_t DialCall(const uint8_t *data, size_t size)
144 {
145 if (!IsServiceInited()) {
146 return TELEPHONY_ERROR;
147 }
148 std::string number(reinterpret_cast<const char *>(data), size);
149 auto numberU16 = Str8ToStr16(number);
150 int32_t accountId = static_cast<int32_t>(size % SLOT_NUM);
151 int32_t videoState = static_cast<int32_t>(size % VEDIO_STATE_NUM);
152 int32_t dialScene = static_cast<int32_t>(size % DIAL_SCENE_NUM);
153 int32_t dialType = static_cast<int32_t>(size % DIAL_TYPE_NUM);
154 int32_t callType = static_cast<int32_t>(size % CALL_TYPE_NUM);
155 MessageParcel dataParcel;
156 dataParcel.WriteString16(numberU16);
157 dataParcel.WriteInt32(accountId);
158 dataParcel.WriteInt32(videoState);
159 dataParcel.WriteInt32(dialScene);
160 dataParcel.WriteInt32(dialType);
161 dataParcel.WriteInt32(callType);
162 dataParcel.RewindRead(0);
163
164 MessageParcel reply;
165 return DelayedSingleton<CallManagerService>::GetInstance()->OnDialCall(dataParcel, reply);
166 }
167
RemoveMissedIncomingCallNotification(const uint8_t * data,size_t size)168 void RemoveMissedIncomingCallNotification(const uint8_t *data, size_t size)
169 {
170 if (!IsServiceInited()) {
171 return;
172 }
173 MessageParcel dataMessageParcel;
174 dataMessageParcel.WriteBuffer(data, size);
175 dataMessageParcel.RewindRead(0);
176 MessageParcel reply;
177 DelayedSingleton<CallManagerService>::GetInstance()->OnRemoveMissedIncomingCallNotification(
178 dataMessageParcel, reply);
179 }
180
SetCallWaiting(const uint8_t * data,size_t size)181 int32_t SetCallWaiting(const uint8_t *data, size_t size)
182 {
183 if (!IsServiceInited()) {
184 return TELEPHONY_ERROR;
185 }
186 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
187 int32_t activate = static_cast<int32_t>(size % ACTIVE_NUM);
188 MessageParcel dataParcel;
189 dataParcel.WriteInt32(slotId);
190 dataParcel.WriteBool(activate);
191 dataParcel.RewindRead(0);
192 MessageParcel reply;
193 return DelayedSingleton<CallManagerService>::GetInstance()->OnSetCallWaiting(dataParcel, reply);
194 }
195
SetCallRestriction(const uint8_t * data,size_t size)196 int32_t SetCallRestriction(const uint8_t *data, size_t size)
197 {
198 if (!IsServiceInited()) {
199 return TELEPHONY_ERROR;
200 }
201 CallRestrictionInfo info;
202 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
203 std::string msg(reinterpret_cast<const char *>(data), size);
204 int32_t length = msg.length() > kMaxNumberLen ? kMaxNumberLen : msg.length();
205 memcpy_s(info.password, kMaxNumberLen, msg.c_str(), length);
206 MessageParcel dataParcel;
207 dataParcel.WriteInt32(slotId);
208 dataParcel.WriteRawData((const void *)&info, sizeof(CallRestrictionInfo));
209 dataParcel.RewindRead(0);
210 MessageParcel reply;
211 return DelayedSingleton<CallManagerService>::GetInstance()->OnSetCallRestriction(dataParcel, reply);
212 }
213
JoinConference(const uint8_t * data,size_t size)214 int32_t JoinConference(const uint8_t *data, size_t size)
215 {
216 if (!IsServiceInited()) {
217 return TELEPHONY_ERROR;
218 }
219 int32_t callId = static_cast<int32_t>(size % CALL_ID_NUM);
220 std::vector<std::u16string> numberList { u"0000000000" };
221 MessageParcel dataParcel;
222 dataParcel.WriteInt32(callId);
223 dataParcel.WriteString16Vector(numberList);
224 dataParcel.RewindRead(0);
225 MessageParcel reply;
226 return DelayedSingleton<CallManagerService>::GetInstance()->OnJoinConference(dataParcel, reply);
227 }
228
StartRtt(const uint8_t * data,size_t size)229 int32_t StartRtt(const uint8_t *data, size_t size)
230 {
231 if (!IsServiceInited()) {
232 return TELEPHONY_ERROR;
233 }
234
235 int32_t callId = static_cast<int32_t>(size % CALL_ID_NUM);
236 std::string msg(reinterpret_cast<const char *>(data), size);
237 MessageParcel dataParcel;
238 dataParcel.WriteInt32(callId);
239 dataParcel.WriteString(msg);
240 dataParcel.RewindRead(0);
241 MessageParcel reply;
242 return DelayedSingleton<CallManagerService>::GetInstance()->OnStartRtt(dataParcel, reply);
243 }
244
InputDialerSpecialCode(const uint8_t * data,size_t size)245 int32_t InputDialerSpecialCode(const uint8_t *data, size_t size)
246 {
247 if (!IsServiceInited()) {
248 return TELEPHONY_ERROR;
249 }
250 std::string specialCode(reinterpret_cast<const char *>(data), size);
251 MessageParcel dataParcel;
252 dataParcel.WriteString(specialCode);
253 dataParcel.RewindRead(0);
254 MessageParcel reply;
255 return DelayedSingleton<CallManagerService>::GetInstance()->OnInputDialerSpecialCode(dataParcel, reply);
256 }
257
CancelCallUpgrade(const uint8_t * data,size_t size)258 int32_t CancelCallUpgrade(const uint8_t *data, size_t size)
259 {
260 if (!IsServiceInited()) {
261 return TELEPHONY_ERROR;
262 }
263 MessageParcel dataParcel;
264 MessageParcel replyParcel;
265 int32_t callId = static_cast<int32_t>(size % CALL_ID_NUM);
266 dataParcel.WriteInt32(callId);
267 dataParcel.RewindRead(0);
268 return DelayedSingleton<CallManagerService>::GetInstance()->OnCancelCallUpgrade(dataParcel, replyParcel);
269 }
270
RequestCameraCapabilities(const uint8_t * data,size_t size)271 int32_t RequestCameraCapabilities(const uint8_t *data, size_t size)
272 {
273 if (!IsServiceInited()) {
274 return TELEPHONY_ERROR;
275 }
276 MessageParcel dataParcel;
277 MessageParcel replyParcel;
278 int32_t callId = static_cast<int32_t>(size % CALL_ID_NUM);
279 dataParcel.WriteInt32(callId);
280 dataParcel.RewindRead(0);
281 return DelayedSingleton<CallManagerService>::GetInstance()->OnRequestCameraCapabilities(dataParcel, replyParcel);
282 }
283
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)284 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
285 {
286 if (data == nullptr || size == 0) {
287 return;
288 }
289 OnRegisterVoipCallManagerCallback(data, size);
290 OnRemoteRequest(data, size);
291 OnRegisterCallBack(data, size);
292 HasCall(data, size);
293 GetCallState(data, size);
294 GetCallWaiting(data, size);
295 IsRinging(data, size);
296 IsInEmergencyCall(data, size);
297 DialCall(data, size);
298 RemoveMissedIncomingCallNotification(data, size);
299 SetCallWaiting(data, size);
300 SetCallRestriction(data, size);
301 JoinConference(data, size);
302 StartRtt(data, size);
303 InputDialerSpecialCode(data, size);
304 CancelCallUpgrade(data, size);
305 RequestCameraCapabilities(data, size);
306 }
307 } // namespace OHOS
308
309 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)310 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
311 {
312 OHOS::AddCallTokenFuzzer token;
313 /* Run your code on data */
314 OHOS::DoSomethingInterestingWithMyAPI(data, size);
315 return 0;
316 }
317