1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "registercallmanagercallback_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #define private public
21 #include "addcellularcalltoken_fuzzer.h"
22 #include "cellular_call_register.h"
23 #include "cellular_call_service.h"
24 #include "tel_ril_call_parcel.h"
25 #include "radio_event.h"
26 #include "securec.h"
27 #include "system_ability_definition.h"
28
29 using namespace OHOS::Telephony;
30 namespace OHOS {
31 static bool g_isInited = false;
32 constexpr int32_t SLOT_NUM = 2;
33 constexpr int32_t BOOL_NUM = 2;
34 constexpr int32_t CALL_STATE_NUM = 8;
35 constexpr int32_t EVENT_ID_NUM = 20;
36
IsServiceInited()37 bool IsServiceInited()
38 {
39 if (!g_isInited) {
40 DelayedSingleton<CellularCallService>::GetInstance()->OnStart();
41 }
42 if (!g_isInited && (static_cast<int32_t>(DelayedSingleton<CellularCallService>::GetInstance()->state_) ==
43 static_cast<int32_t>(ServiceRunningState::STATE_RUNNING))) {
44 g_isInited = true;
45 }
46 return g_isInited;
47 }
48
ReportCallsInfo(const uint8_t * data,size_t size)49 void ReportCallsInfo(const uint8_t *data, size_t size)
50 {
51 if (!IsServiceInited()) {
52 return;
53 }
54
55 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance();
56 CallsReportInfo callsReportInfo;
57 callsReportInfo.slotId = static_cast<int32_t>(size % SLOT_NUM);
58 CallReportInfo callReportInfo;
59 std::string number(reinterpret_cast<const char *>(data), size);
60 int32_t length = number.length() > kMaxNumberLen ? kMaxNumberLen : number.length();
61 if (memcpy_s(callReportInfo.accountNum, kMaxNumberLen, number.c_str(), length) != EOK) {
62 return;
63 }
64 sptr<ICallStatusCallback> callback = nullptr;
65 TelCallState callState = static_cast<TelCallState>(size % CALL_STATE_NUM);
66 CellularCallEventInfo info;
67 info.eventType = CellularCallEventType::EVENT_REQUEST_RESULT_TYPE;
68 info.eventId = static_cast<RequestResultEventId>(size % EVENT_ID_NUM);
69 CallWaitResponse response;
70 response.classCw = static_cast<int32_t>(size);
71 response.result = static_cast<int32_t>(size % BOOL_NUM);
72 response.status = static_cast<int32_t>(size % BOOL_NUM);
73 int32_t result = static_cast<int32_t>(size % BOOL_NUM);
74 CallRestrictionResponse callRestrictionResponse;
75 callRestrictionResponse.classCw = static_cast<int32_t>(size);
76 callRestrictionResponse.result = static_cast<int32_t>(size % BOOL_NUM);
77 callRestrictionResponse.status = static_cast<int32_t>(size % BOOL_NUM);
78
79 cellularCallRegister->ReportCallsInfo(callsReportInfo);
80 cellularCallRegister->RegisterCallManagerCallBack(callback);
81 cellularCallRegister->ReportSingleCallInfo(callReportInfo, callState);
82 cellularCallRegister->UnRegisterCallManagerCallBack();
83 cellularCallRegister->ReportEventResultInfo(info);
84 cellularCallRegister->ReportGetWaitingResult(response);
85 cellularCallRegister->ReportSetWaitingResult(result);
86 cellularCallRegister->ReportGetRestrictionResult(callRestrictionResponse);
87 cellularCallRegister->ReportSetBarringPasswordResult(result);
88 }
89
ReportSetRestrictionResult(const uint8_t * data,size_t size)90 void ReportSetRestrictionResult(const uint8_t *data, size_t size)
91 {
92 if (!IsServiceInited()) {
93 return;
94 }
95
96 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance();
97 int32_t result = static_cast<int32_t>(size % BOOL_NUM);
98 CallTransferResponse callTransferResponse;
99 callTransferResponse.result = static_cast<int32_t>(size);
100 callTransferResponse.status = static_cast<int32_t>(size);
101 callTransferResponse.classx = static_cast<int32_t>(size);
102 callTransferResponse.type = static_cast<int32_t>(size);
103 callTransferResponse.time = static_cast<int32_t>(size);
104 callTransferResponse.reason = static_cast<int32_t>(size);
105 std::string number(reinterpret_cast<const char *>(data), size);
106 int32_t length = number.length() > kMaxNumberLen ? kMaxNumberLen : number.length();
107 if (memcpy_s(callTransferResponse.number, kMaxNumberLen, number.c_str(), length) != EOK) {
108 return;
109 }
110 ClipResponse clipResponse;
111 clipResponse.action = static_cast<int32_t>(size);
112 clipResponse.result = static_cast<int32_t>(size);
113 clipResponse.clipStat = static_cast<int32_t>(size);
114 ClirResponse clirResponse;
115 clirResponse.clirStat = static_cast<int32_t>(size);
116 clirResponse.action = static_cast<int32_t>(size);
117 clirResponse.result = static_cast<int32_t>(size);
118 GetImsConfigResponse getImsConfigResponse;
119 getImsConfigResponse.result = static_cast<int32_t>(size);
120 getImsConfigResponse.value = static_cast<int32_t>(size);
121
122 cellularCallRegister->ReportSetRestrictionResult(result);
123 cellularCallRegister->ReportGetTransferResult(callTransferResponse);
124 cellularCallRegister->ReportSetTransferResult(result);
125 cellularCallRegister->ReportGetClipResult(clipResponse);
126 cellularCallRegister->ReportGetClirResult(clirResponse);
127 cellularCallRegister->ReportSetClirResult(result);
128 cellularCallRegister->ReportGetImsConfigResult(getImsConfigResponse);
129 cellularCallRegister->ReportSetImsConfigResult(result);
130 cellularCallRegister->ReportSetImsFeatureResult(result);
131 }
132
ReportSetImsConfigResult(const uint8_t * data,size_t size)133 void ReportSetImsConfigResult(const uint8_t *data, size_t size)
134 {
135 if (!IsServiceInited()) {
136 return;
137 }
138
139 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance();
140 int32_t result = static_cast<int32_t>(size % BOOL_NUM);
141 GetImsFeatureValueResponse getImsFeatureValueResponse;
142 getImsFeatureValueResponse.result = static_cast<int32_t>(size);
143 getImsFeatureValueResponse.value = static_cast<int32_t>(size);
144 GetLteEnhanceModeResponse getLteEnhanceModeResponse;
145 getLteEnhanceModeResponse.result = static_cast<int32_t>(size);
146 getLteEnhanceModeResponse.value = static_cast<int32_t>(size);
147 DisconnectedDetails details;
148 std::string number(reinterpret_cast<const char *>(data), size);
149 details.message = number;
150 details.reason = static_cast<DisconnectedReason>(size);
151 MuteControlResponse muteControlResponse;
152 muteControlResponse.result = static_cast<int32_t>(size);
153 muteControlResponse.value = static_cast<int32_t>(size);
154 SetEccListResponse setEccListResponse;
155 setEccListResponse.result = static_cast<int32_t>(size);
156 setEccListResponse.value = static_cast<int32_t>(size);
157 MmiCodeInfo mmiCodeInfo;
158 mmiCodeInfo.result = static_cast<int32_t>(size);
159 int32_t length = number.length() > kMaxNumberLen ? kMaxNumberLen : number.length();
160 if (memcpy_s(mmiCodeInfo.message, kMaxNumberLen, number.c_str(), length) != EOK) {
161 return;
162 }
163
164 cellularCallRegister->ReportGetImsFeatureResult(getImsFeatureValueResponse);
165 cellularCallRegister->ReportCallRingBackResult(result);
166 cellularCallRegister->ReportCallFailReason(details);
167 cellularCallRegister->ReportGetMuteResult(muteControlResponse);
168 cellularCallRegister->ReportSetMuteResult(muteControlResponse);
169 cellularCallRegister->ReportInviteToConferenceResult(result);
170 cellularCallRegister->ReportGetCallDataResult(result);
171 cellularCallRegister->ReportStartDtmfResult(result);
172 cellularCallRegister->ReportStopDtmfResult(result);
173 cellularCallRegister->ReportStartRttResult(result);
174 cellularCallRegister->ReportStopRttResult(result);
175 cellularCallRegister->ReportSendUssdResult(result);
176 cellularCallRegister->ReportMmiCodeResult(mmiCodeInfo);
177 cellularCallRegister->ReportSetEmergencyCallListResponse(setEccListResponse);
178 cellularCallRegister->IsCallManagerCallBackRegistered();
179 }
180
ReportUpdateCallMediaMode(const uint8_t * data,size_t size)181 void ReportUpdateCallMediaMode(const uint8_t *data, size_t size)
182 {
183 if (!IsServiceInited()) {
184 return;
185 }
186
187 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance();
188 ImsCallModeReceiveInfo reportCallModeInfo;
189 reportCallModeInfo.callIndex = static_cast<int32_t>(size);
190 reportCallModeInfo.result = static_cast<ImsCallModeRequestResult>(size);
191 reportCallModeInfo.callType = static_cast<ImsCallType>(static_cast<int32_t>(size % BOOL_NUM));
192 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
193 cellularCallRegister->ReceiveUpdateCallMediaModeRequest(slotId, reportCallModeInfo);
194 cellularCallRegister->ReceiveUpdateCallMediaModeResponse(slotId, reportCallModeInfo);
195 }
196
ReportCallSessionEventChanged(const uint8_t * data,size_t size)197 void ReportCallSessionEventChanged(const uint8_t *data, size_t size)
198 {
199 if (!IsServiceInited()) {
200 return;
201 }
202
203 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance();
204 ImsCallSessionEventInfo reportCallSessionInfo;
205 reportCallSessionInfo.callIndex = static_cast<int32_t>(size);
206 reportCallSessionInfo.eventType = static_cast<VideoCallEventType>(static_cast<int32_t>(size % BOOL_NUM));
207 cellularCallRegister->HandleCallSessionEventChanged(reportCallSessionInfo);
208 }
209
ReportPeerDimensionsChanged(const uint8_t * data,size_t size)210 void ReportPeerDimensionsChanged(const uint8_t *data, size_t size)
211 {
212 if (!IsServiceInited()) {
213 return;
214 }
215
216 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance();
217 ImsCallPeerDimensionsInfo reportCallPeerDimensionsInfo;
218 reportCallPeerDimensionsInfo.callIndex = static_cast<int32_t>(size);
219 reportCallPeerDimensionsInfo.width = static_cast<int32_t>(size);
220 reportCallPeerDimensionsInfo.height = static_cast<int32_t>(size);
221 cellularCallRegister->HandlePeerDimensionsChanged(reportCallPeerDimensionsInfo);
222 }
223
ReportCallDataUsageChanged(const uint8_t * data,size_t size)224 void ReportCallDataUsageChanged(const uint8_t *data, size_t size)
225 {
226 if (!IsServiceInited()) {
227 return;
228 }
229
230 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance();
231 ImsCallDataUsageInfo reportCallDataUsageInfo;
232 reportCallDataUsageInfo.callIndex = static_cast<int32_t>(size);
233 reportCallDataUsageInfo.dataUsage = static_cast<int64_t>(size);
234 cellularCallRegister->HandleCallDataUsageChanged(reportCallDataUsageInfo);
235 }
236
ReportCameraCapabilitiesChanged(const uint8_t * data,size_t size)237 void ReportCameraCapabilitiesChanged(const uint8_t *data, size_t size)
238 {
239 if (!IsServiceInited()) {
240 return;
241 }
242
243 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance();
244 CameraCapabilitiesInfo reportCameraCapabilitiesInfo;
245 reportCameraCapabilitiesInfo.callIndex = static_cast<int32_t>(size);
246 reportCameraCapabilitiesInfo.width = static_cast<int32_t>(size);
247 reportCameraCapabilitiesInfo.height = static_cast<int32_t>(size);
248 cellularCallRegister->HandleCameraCapabilitiesChanged(reportCameraCapabilitiesInfo);
249 }
250
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)251 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
252 {
253 if (data == nullptr || size == 0) {
254 return;
255 }
256
257 ReportCallsInfo(data, size);
258 ReportSetRestrictionResult(data, size);
259 ReportSetImsConfigResult(data, size);
260 ReportUpdateCallMediaMode(data, size);
261 ReportCallSessionEventChanged(data, size);
262 ReportPeerDimensionsChanged(data, size);
263 ReportCallDataUsageChanged(data, size);
264 ReportCameraCapabilitiesChanged(data, size);
265 }
266 } // namespace OHOS
267
268 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)269 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
270 {
271 OHOS::AddCellularCallTokenFuzzer token;
272 /* Run your code on data */
273 OHOS::DoSomethingInterestingWithMyAPI(data, size);
274 return 0;
275 }
276