1 /*
2  * Copyright (c) 2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "satellitecallback_fuzzer.h"
17 
18 #include <cstddef>
19 #include <cstdint>
20 #define private public
21 #include "addcellularcalltoken_fuzzer.h"
22 #include "cellular_call_service.h"
23 #include "satellite_call_callback_stub.h"
24 #include "satellite_call_client.h"
25 #include "satellite_call_proxy.h"
26 #include "securec.h"
27 #include "system_ability_definition.h"
28 #include "telephony_types.h"
29 
30 using namespace OHOS::Telephony;
31 namespace OHOS {
32 static bool g_isInited = false;
33 constexpr int32_t SERVICE_STATE_RUNNING = 1;
34 constexpr int32_t BOOL_NUM = 2;
35 constexpr int32_t SERIAL_NUM = 3;
36 constexpr int32_t ERROR_NUM = 15;
37 constexpr int32_t TYPE_NUM = 5;
38 
IsServiceInited()39 bool IsServiceInited()
40 {
41     auto service = DelayedSingleton<CellularCallService>::GetInstance();
42     if (service == nullptr) {
43         return g_isInited;
44     }
45     if (service->GetServiceRunningState() != SERVICE_STATE_RUNNING) {
46         service->OnStart();
47     }
48 
49     if (!g_isInited && service->GetServiceRunningState() == SERVICE_STATE_RUNNING) {
50         g_isInited = true;
51     }
52     return g_isInited;
53 }
54 
OnRemoteRequest(const uint8_t * data,size_t size,sptr<SatelliteCallCallbackStub> & stub)55 void OnRemoteRequest(const uint8_t *data, size_t size, sptr<SatelliteCallCallbackStub> &stub)
56 {
57     MessageParcel dataMessageParcel;
58     if (!dataMessageParcel.WriteInterfaceToken(SatelliteCallCallbackStub::GetDescriptor())) {
59         return;
60     }
61     int32_t slotId = ERROR_NUM;
62     dataMessageParcel.WriteInt32(slotId);
63     uint32_t code = static_cast<uint32_t>(size);
64     MessageParcel reply;
65     MessageOption option;
66     stub->OnRemoteRequest(code, dataMessageParcel, reply, option);
67 }
68 
TestSatelliteCallCallbackFunction(const uint8_t * data,size_t size,sptr<SatelliteCallCallbackStub> & stub)69 void TestSatelliteCallCallbackFunction(const uint8_t *data, size_t size, sptr<SatelliteCallCallbackStub> &stub)
70 {
71     int32_t slotId = ERROR_NUM;
72     RadioResponseInfo rilRadioResponse;
73     rilRadioResponse.flag = static_cast<int32_t>(size % BOOL_NUM);
74     rilRadioResponse.serial = static_cast<int32_t>(size % SERIAL_NUM);
75     rilRadioResponse.error = static_cast<ErrType>(size % ERROR_NUM);
76     rilRadioResponse.type = static_cast<ResponseTypes>(size % TYPE_NUM);
77     MessageParcel answerData;
78     MessageParcel answerReply;
79     answerData.WriteInt32(slotId);
80     stub->OnAnswerResponseInner(answerData, answerReply);
81 
82     MessageParcel dialData;
83     MessageParcel dialReply;
84     dialData.WriteInt32(slotId);
85     stub->OnDialResponseInner(dialData, dialReply);
86 
87     MessageParcel hangupData;
88     MessageParcel hangupReply;
89     hangupData.WriteInt32(slotId);
90     stub->OnHangUpResponseInner(hangupData, hangupReply);
91 
92     MessageParcel rejectData;
93     MessageParcel rejectReply;
94     rejectData.WriteInt32(slotId);
95     stub->OnRejectResponseInner(rejectData, rejectReply);
96 
97     MessageParcel satelliteCallsData;
98     MessageParcel satelliteCallsReply;
99     slotId = ERROR_NUM;
100     satelliteCallsData.WriteInt32(slotId);
101     satelliteCallsData.WriteRawData((const void *)&rilRadioResponse, sizeof(RadioResponseInfo));
102     stub->OnGetSatelliteCallsDataResponseInner(satelliteCallsData, satelliteCallsReply);
103 
104     MessageParcel callData;
105     MessageParcel callReply;
106     callData.WriteInt32(slotId);
107     stub->OnCallStateChangeReportInner(callData, callReply);
108 }
109 
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)110 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
111 {
112     if (data == nullptr || size == 0) {
113         return;
114     }
115 
116     if (!IsServiceInited()) {
117         return;
118     }
119 
120     sptr<SatelliteCallCallbackStub> stub = (std::make_unique<SatelliteCallCallbackStub>()).release();
121     if (stub == nullptr) {
122         return;
123     }
124 
125     OnRemoteRequest(data, size, stub);
126     TestSatelliteCallCallbackFunction(data, size, stub);
127 }
128 } // namespace OHOS
129 
130 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)131 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
132 {
133     OHOS::AddCellularCallTokenFuzzer token;
134     /* Run your code on data */
135     OHOS::DoSomethingInterestingWithMyAPI(data, size);
136     return 0;
137 }
138