1 /*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "setimsfeaturevalue_fuzzer.h"
17
18 #include <cstddef>
19 #include <cstdint>
20 #define private public
21 #include "addcellularcalltoken_fuzzer.h"
22 #include "cellular_call_service.h"
23 #include "securec.h"
24 #include "system_ability_definition.h"
25
26 using namespace OHOS::Telephony;
27 namespace OHOS {
28 static bool g_isInited = false;
29 constexpr int32_t BOOL_NUM = 2;
30 constexpr int32_t INT_NUM = 2;
31 constexpr int32_t VEDIO_STATE_NUM = 2;
32 constexpr int32_t OFFSET_SIZE = 11;
33 constexpr size_t MAX_NUMBER_LEN = 99;
34 constexpr int32_t IMS_CONFIG_ITEM_NUM = 2;
35 constexpr int32_t FEATURE_TYPE_NUM = 3;
36 constexpr int32_t MAX_SIZE = 10;
37
IsServiceInited()38 bool IsServiceInited()
39 {
40 if (!g_isInited) {
41 DelayedSingleton<CellularCallService>::GetInstance()->OnStart();
42 }
43 if (!g_isInited && (static_cast<int32_t>(DelayedSingleton<CellularCallService>::GetInstance()->state_) ==
44 static_cast<int32_t>(ServiceRunningState::STATE_RUNNING))) {
45 g_isInited = true;
46 }
47 return g_isInited;
48 }
49
OnRemoteRequest(const uint8_t * data,size_t size)50 void OnRemoteRequest(const uint8_t *data, size_t size)
51 {
52 if (!IsServiceInited()) {
53 return;
54 }
55
56 MessageParcel dataMessageParcel;
57 if (!dataMessageParcel.WriteInterfaceToken(CellularCallStub::GetDescriptor())) {
58 return;
59 }
60 int32_t maxSize = static_cast<int32_t>(size) + OFFSET_SIZE;
61 dataMessageParcel.WriteInt32(maxSize);
62 dataMessageParcel.WriteBuffer(data, size);
63 dataMessageParcel.RewindRead(0);
64 uint32_t code = static_cast<uint32_t>(size);
65 MessageParcel reply;
66 MessageOption option;
67 DelayedSingleton<CellularCallService>::GetInstance()->OnRemoteRequest(code, dataMessageParcel, reply, option);
68 }
69
SetDomainPreferenceMode(const uint8_t * data,size_t size)70 void SetDomainPreferenceMode(const uint8_t *data, size_t size)
71 {
72 if (!IsServiceInited()) {
73 return;
74 }
75
76 int32_t mode = static_cast<int32_t>(size);
77 MessageParcel dataMessageParcel;
78 dataMessageParcel.WriteInt32(mode);
79 dataMessageParcel.WriteBuffer(data, size);
80 dataMessageParcel.RewindRead(0);
81 MessageParcel reply;
82 DelayedSingleton<CellularCallService>::GetInstance()->OnSetDomainPreferenceModeInner(dataMessageParcel, reply);
83 }
84
GetDomainPreferenceMode(const uint8_t * data,size_t size)85 void GetDomainPreferenceMode(const uint8_t *data, size_t size)
86 {
87 if (!IsServiceInited()) {
88 return;
89 }
90
91 MessageParcel dataMessageParcel;
92 dataMessageParcel.WriteBuffer(data, size);
93 dataMessageParcel.RewindRead(0);
94 MessageParcel reply;
95 DelayedSingleton<CellularCallService>::GetInstance()->OnSetDomainPreferenceModeInner(dataMessageParcel, reply);
96 }
97
SetImsSwitchStatus(const uint8_t * data,size_t size)98 void SetImsSwitchStatus(const uint8_t *data, size_t size)
99 {
100 if (!IsServiceInited()) {
101 return;
102 }
103
104 int32_t activate = static_cast<int32_t>(size % BOOL_NUM);
105 MessageParcel dataMessageParcel;
106 dataMessageParcel.WriteBool(activate);
107 dataMessageParcel.RewindRead(0);
108 MessageParcel reply;
109 DelayedSingleton<CellularCallService>::GetInstance()->OnSetImsSwitchStatusInner(dataMessageParcel, reply);
110 }
111
GetImsSwitchStatus(const uint8_t * data,size_t size)112 void GetImsSwitchStatus(const uint8_t *data, size_t size)
113 {
114 if (!IsServiceInited()) {
115 return;
116 }
117
118 MessageParcel dataMessageParcel;
119 dataMessageParcel.WriteBuffer(data, size);
120 dataMessageParcel.RewindRead(0);
121 MessageParcel reply;
122 DelayedSingleton<CellularCallService>::GetInstance()->OnGetImsSwitchStatusInner(dataMessageParcel, reply);
123 }
124
SetVoNRSwitchStatus(const uint8_t * data,size_t size)125 void SetVoNRSwitchStatus(const uint8_t *data, size_t size)
126 {
127 if (!IsServiceInited()) {
128 return;
129 }
130
131 int32_t state = static_cast<int32_t>(size % INT_NUM);
132 MessageParcel dataMessageParcel;
133 dataMessageParcel.WriteInt32(state);
134 dataMessageParcel.RewindRead(0);
135 MessageParcel reply;
136 DelayedSingleton<CellularCallService>::GetInstance()->OnSetVoNRStateInner(dataMessageParcel, reply);
137 }
138
GetVoNRSwitchStatus(const uint8_t * data,size_t size)139 void GetVoNRSwitchStatus(const uint8_t *data, size_t size)
140 {
141 if (!IsServiceInited()) {
142 return;
143 }
144
145 MessageParcel dataMessageParcel;
146 dataMessageParcel.WriteBuffer(data, size);
147 dataMessageParcel.RewindRead(0);
148 MessageParcel reply;
149 DelayedSingleton<CellularCallService>::GetInstance()->OnGetVoNRStateInner(dataMessageParcel, reply);
150 }
151
GetImsConfig(const uint8_t * data,size_t size)152 void GetImsConfig(const uint8_t *data, size_t size)
153 {
154 if (!IsServiceInited()) {
155 return;
156 }
157
158 int32_t slotId = static_cast<int32_t>(size % BOOL_NUM);
159 int32_t item = static_cast<int32_t>(size % IMS_CONFIG_ITEM_NUM);
160 MessageParcel dataMessageParcel;
161 dataMessageParcel.WriteInt32(MAX_SIZE);
162 dataMessageParcel.WriteInt32(slotId);
163 dataMessageParcel.WriteInt32(item);
164 dataMessageParcel.WriteBuffer(data, size);
165 dataMessageParcel.RewindRead(0);
166 MessageParcel reply;
167 DelayedSingleton<CellularCallService>::GetInstance()->OnGetImsConfigInner(dataMessageParcel, reply);
168 }
169
SetImsConfig(const uint8_t * data,size_t size)170 void SetImsConfig(const uint8_t *data, size_t size)
171 {
172 if (!IsServiceInited()) {
173 return;
174 }
175
176 int32_t slotId = static_cast<int32_t>(size % BOOL_NUM);
177 int32_t item = static_cast<int32_t>(size % IMS_CONFIG_ITEM_NUM);
178 std::string value(reinterpret_cast<const char *>(data), size);
179 MessageParcel dataMessageParcel;
180 dataMessageParcel.WriteInt32(MAX_SIZE);
181 dataMessageParcel.WriteInt32(slotId);
182 dataMessageParcel.WriteInt32(item);
183 dataMessageParcel.WriteString(value);
184 dataMessageParcel.RewindRead(0);
185 MessageParcel reply;
186 DelayedSingleton<CellularCallService>::GetInstance()->OnSetImsConfigStringInner(dataMessageParcel, reply);
187 }
188
GetImsFeatureValue(const uint8_t * data,size_t size)189 void GetImsFeatureValue(const uint8_t *data, size_t size)
190 {
191 if (!IsServiceInited()) {
192 return;
193 }
194
195 int32_t slotId = static_cast<int32_t>(size % BOOL_NUM);
196 int32_t type = static_cast<int32_t>(size % FEATURE_TYPE_NUM);
197 MessageParcel dataMessageParcel;
198 dataMessageParcel.WriteInt32(MAX_SIZE);
199 dataMessageParcel.WriteInt32(slotId);
200 dataMessageParcel.WriteInt32(type);
201 dataMessageParcel.WriteBuffer(data, size);
202 dataMessageParcel.RewindRead(0);
203 MessageParcel reply;
204 DelayedSingleton<CellularCallService>::GetInstance()->OnGetImsFeatureValueInner(dataMessageParcel, reply);
205 }
206
SetImsFeatureValue(const uint8_t * data,size_t size)207 void SetImsFeatureValue(const uint8_t *data, size_t size)
208 {
209 if (!IsServiceInited()) {
210 return;
211 }
212
213 int32_t slotId = static_cast<int32_t>(size % BOOL_NUM);
214 int32_t type = static_cast<int32_t>(size % FEATURE_TYPE_NUM);
215 int32_t value = static_cast<int32_t>(size);
216 MessageParcel dataMessageParcel;
217 dataMessageParcel.WriteInt32(MAX_SIZE);
218 dataMessageParcel.WriteInt32(slotId);
219 dataMessageParcel.WriteInt32(type);
220 dataMessageParcel.WriteInt32(value);
221 dataMessageParcel.WriteBuffer(data, size);
222 dataMessageParcel.RewindRead(0);
223 MessageParcel reply;
224 DelayedSingleton<CellularCallService>::GetInstance()->OnSetImsFeatureValueInner(dataMessageParcel, reply);
225 }
226
Reject(const uint8_t * data,size_t size)227 void Reject(const uint8_t *data, size_t size)
228 {
229 if (!IsServiceInited()) {
230 return;
231 }
232
233 int32_t maxSize = static_cast<int32_t>(size);
234 int32_t slotId = static_cast<int32_t>(size % BOOL_NUM);
235 int32_t callId = static_cast<int32_t>(size);
236 int32_t accountId = static_cast<int32_t>(size);
237 int32_t videoState = static_cast<int32_t>(size % VEDIO_STATE_NUM);
238 int32_t index = static_cast<int32_t>(size);
239 std::string telNum = "000000000";
240 std::string tempNum(reinterpret_cast<const char *>(data), size);
241 if (strlen(tempNum.c_str()) <= MAX_NUMBER_LEN) {
242 telNum = tempNum;
243 }
244 size_t length = strlen(telNum.c_str()) + 1;
245 CellularCallInfo callInfo;
246 callInfo.slotId = slotId;
247 callInfo.callId = callId;
248 callInfo.accountId = accountId;
249 callInfo.videoState = videoState;
250 callInfo.index = index;
251 if (strcpy_s(callInfo.phoneNum, length, telNum.c_str()) != EOK) {
252 return;
253 }
254 MessageParcel dataMessageParcel;
255 dataMessageParcel.WriteInt32(maxSize);
256 dataMessageParcel.WriteRawData(static_cast<const void *>(&callInfo), sizeof(CellularCallInfo));
257 dataMessageParcel.RewindRead(0);
258 MessageParcel reply;
259 DelayedSingleton<CellularCallService>::GetInstance()->OnRejectInner(dataMessageParcel, reply);
260 }
261
HangUp(const uint8_t * data,size_t size)262 void HangUp(const uint8_t *data, size_t size)
263 {
264 if (!IsServiceInited()) {
265 return;
266 }
267
268 int32_t maxSize = static_cast<int32_t>(size);
269 int32_t type = static_cast<int32_t>(size);
270 int32_t slotId = static_cast<int32_t>(size % BOOL_NUM);
271 int32_t callId = static_cast<int32_t>(size);
272 int32_t accountId = static_cast<int32_t>(size);
273 int32_t videoState = static_cast<int32_t>(size % VEDIO_STATE_NUM);
274 int32_t index = static_cast<int32_t>(size);
275 std::string telNum = "000000000";
276 std::string tempNum(reinterpret_cast<const char *>(data), size);
277 if (strlen(tempNum.c_str()) <= MAX_NUMBER_LEN) {
278 telNum = tempNum;
279 }
280 size_t length = strlen(telNum.c_str()) + 1;
281 CellularCallInfo callInfo;
282 callInfo.slotId = slotId;
283 callInfo.callId = callId;
284 callInfo.accountId = accountId;
285 callInfo.videoState = videoState;
286 callInfo.index = index;
287 if (strcpy_s(callInfo.phoneNum, length, telNum.c_str()) != EOK) {
288 return;
289 }
290 MessageParcel dataMessageParcel;
291 dataMessageParcel.WriteInt32(maxSize);
292 dataMessageParcel.WriteInt32(type);
293 dataMessageParcel.WriteRawData(static_cast<const void *>(&callInfo), sizeof(CellularCallInfo));
294 dataMessageParcel.RewindRead(0);
295 MessageParcel reply;
296 DelayedSingleton<CellularCallService>::GetInstance()->OnHangUpInner(dataMessageParcel, reply);
297 }
298
DoSomethingInterestingWithMyAPI(const uint8_t * data,size_t size)299 void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
300 {
301 if (data == nullptr || size == 0) {
302 return;
303 }
304
305 OnRemoteRequest(data, size);
306 SetDomainPreferenceMode(data, size);
307 GetDomainPreferenceMode(data, size);
308 SetImsSwitchStatus(data, size);
309 GetImsSwitchStatus(data, size);
310 GetImsConfig(data, size);
311 SetImsConfig(data, size);
312 GetImsFeatureValue(data, size);
313 SetImsFeatureValue(data, size);
314 Reject(data, size);
315 HangUp(data, size);
316 SetVoNRSwitchStatus(data, size);
317 GetVoNRSwitchStatus(data, size);
318 return;
319 }
320 } // namespace OHOS
321
322 /* Fuzzer entry point */
LLVMFuzzerTestOneInput(const uint8_t * data,size_t size)323 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
324 {
325 OHOS::AddCellularCallTokenFuzzer token;
326 /* Run your code on data */
327 OHOS::DoSomethingInterestingWithMyAPI(data, size);
328 return 0;
329 }
330