1 /*
2  * Copyright (c) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "getcscalldata_fuzzer.h"
17 
18 #include <cstddef>
19 #include <cstdint>
20 #define private public
21 #include "addcellularcalltoken_fuzzer.h"
22 #include "cellular_call_handler.h"
23 #include "cellular_call_service.h"
24 #include "tel_ril_call_parcel.h"
25 #include "radio_event.h"
26 #include "securec.h"
27 #include "system_ability_definition.h"
28 
29 using namespace OHOS::Telephony;
30 namespace OHOS {
31 static bool g_isInited = false;
32 constexpr int32_t SLOT_NUM = 2;
33 constexpr int32_t STATE_NUM = 9;
34 
IsServiceInited()35 bool IsServiceInited()
36 {
37     if (!g_isInited) {
38         DelayedSingleton<CellularCallService>::GetInstance()->OnStart();
39     }
40     if (!g_isInited && (static_cast<int32_t>(DelayedSingleton<CellularCallService>::GetInstance()->state_) ==
41                            static_cast<int32_t>(ServiceRunningState::STATE_RUNNING))) {
42         g_isInited = true;
43     }
44     return g_isInited;
45 }
46 
GetCsCallData(std::shared_ptr<CellularCallHandler> handle,AppExecFwk::InnerEvent::Pointer event,const uint8_t * data,size_t size)47 void GetCsCallData(std::shared_ptr<CellularCallHandler> handle, AppExecFwk::InnerEvent::Pointer event,
48     const uint8_t *data, size_t size)
49 {
50     if (!IsServiceInited()) {
51         return;
52     }
53 
54     std::string number(reinterpret_cast<const char *>(data), size);
55     CallInfo info;
56     CallInfoList infoList;
57     info.number = number;
58     infoList.calls.push_back(info);
59     int32_t state = static_cast<int32_t>(size % STATE_NUM);
60     int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
61 
62     handle->GetCsCallData(event);
63     handle->GetImsCallData(event);
64     handle->GetSatelliteCallData(event);
65     handle->ImsCallStatusInfoReport(event);
66     handle->SatelliteCallStatusInfoReport(event);
67     handle->CellularCallIncomingStartTrace(state);
68     handle->GetCsCallsDataResponse(event);
69     handle->GetImsCallsDataResponse(event);
70     handle->GetSatelliteCallsDataResponse(event);
71     handle->DialResponse(event);
72     handle->DialSatelliteResponse(event);
73     handle->SendDtmfResponse(event);
74     handle->StartDtmfResponse(event);
75     handle->SimStateChangeReport(event);
76     handle->SimRecordsLoadedReport(event);
77     handle->StopDtmfResponse(event);
78     handle->SetSlotId(slotId);
79     handle->GetSlotId();
80     handle->CurrentTimeMillis();
81     handle->GetCsCallsDataRequest(event);
82     handle->GetImsCallsDataRequest(event);
83     handle->GetSatelliteCallsDataRequest(event);
84     handle->ReportCsCallsData(infoList);
85 }
86 
RegisterHandler(std::shared_ptr<CellularCallHandler> handle,AppExecFwk::InnerEvent::Pointer event,const uint8_t * data,size_t size)87 void RegisterHandler(std::shared_ptr<CellularCallHandler> handle, AppExecFwk::InnerEvent::Pointer event,
88     const uint8_t *data, size_t size)
89 {
90     if (!IsServiceInited()) {
91         return;
92     }
93 
94     std::string number(reinterpret_cast<const char *>(data), size);
95     ImsCurrentCall info;
96     ImsCurrentCallList infoList;
97     info.number = number;
98     info.name = number;
99     infoList.calls.push_back(info);
100 
101     SatelliteCurrentCall satelliteInfo;
102     SatelliteCurrentCallList satelliteInfoList;
103     satelliteInfo.number = number;
104     satelliteInfoList.calls.push_back(satelliteInfo);
105 
106     handle->RegisterHandler(event);
107     handle->SetDomainPreferenceModeResponse(event);
108     handle->GetDomainPreferenceModeResponse(event);
109     handle->SetImsSwitchStatusResponse(event);
110     handle->GetImsSwitchStatusResponse(event);
111     handle->UssdNotifyResponse(event);
112     handle->SetMuteResponse(event);
113     handle->GetMuteResponse(event);
114     handle->GetEmergencyCallListResponse(event);
115     handle->SetEmergencyCallListResponse(event);
116     handle->CallRingBackVoiceResponse(event);
117     handle->GetCallFailReasonResponse(event);
118     handle->UpdateSrvccStateReport(event);
119     handle->ReportEccChanged(event);
120     handle->SrvccStateCompleted();
121     handle->GetMMIResponse(event);
122     handle->GetCallWaitingResponse(event);
123     handle->GetClirResponse(event);
124     handle->ReportImsCallsData(infoList);
125     handle->ReportSatelliteCallsData(satelliteInfoList);
126     handle->SetClirResponse(event);
127     handle->GetClipResponse(event);
128     handle->SetCallTransferInfoResponse(event);
129     handle->GetCallRestrictionResponse(event);
130     handle->SetCallRestrictionResponse(event);
131     handle->SetBarringPasswordResponse(event);
132     handle->SendUssdResponse(event);
133     handle->SendUnlockPinPukResponse(event);
134     handle->HandleOperatorConfigChanged(event);
135     handle->UpdateRsrvccStateReport(event);
136     handle->SetVoNRSwitchStatusResponse(event);
137 }
138 
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)139 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
140 {
141     if (data == nullptr || size == 0) {
142         return;
143     }
144 
145     if (!IsServiceInited()) {
146         return;
147     }
148 
149     int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
150     RadioEvent radioEvent = static_cast<RadioEvent>(size);
151     std::shared_ptr<CellularCallHandler> handle =
152         DelayedSingleton<CellularCallService>::GetInstance()->GetHandler(slotId);
153     if (handle == nullptr) {
154         return;
155     }
156     AppExecFwk::InnerEvent::Pointer event = AppExecFwk::InnerEvent::Get(radioEvent);
157     GetCsCallData(handle, std::move(event), data, size);
158     event = AppExecFwk::InnerEvent::Get(radioEvent);
159     RegisterHandler(handle, std::move(event), data, size);
160 }
161 } // namespace OHOS
162 
163 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)164 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
165 {
166     OHOS::AddCellularCallTokenFuzzer token;
167     /* Run your code on data */
168     OHOS::DoSomethingInterestingWithMyAPI(data, size);
169     return 0;
170 }
171