1e1c44949Sopenharmony_ci/* 2e1c44949Sopenharmony_ci * Copyright (c) 2022 Huawei Device Co., Ltd. 3e1c44949Sopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 4e1c44949Sopenharmony_ci * you may not use this file except in compliance with the License. 5e1c44949Sopenharmony_ci * You may obtain a copy of the License at 6e1c44949Sopenharmony_ci * 7e1c44949Sopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 8e1c44949Sopenharmony_ci * 9e1c44949Sopenharmony_ci * Unless required by applicable law or agreed to in writing, software 10e1c44949Sopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 11e1c44949Sopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12e1c44949Sopenharmony_ci * See the License for the specific language governing permissions and 13e1c44949Sopenharmony_ci * limitations under the License. 14e1c44949Sopenharmony_ci */ 15e1c44949Sopenharmony_ci 16e1c44949Sopenharmony_ci#include "callmanagerservicestub_fuzzer.h" 17e1c44949Sopenharmony_ci 18e1c44949Sopenharmony_ci#include <cstddef> 19e1c44949Sopenharmony_ci#include <cstdint> 20e1c44949Sopenharmony_ci#include <fuzzer/FuzzedDataProvider.h> 21e1c44949Sopenharmony_ci#define private public 22e1c44949Sopenharmony_ci#include "addcalltoken_fuzzer.h" 23e1c44949Sopenharmony_ci#include "call_manager_service_stub.h" 24e1c44949Sopenharmony_ci#include "call_ability_callback.h" 25e1c44949Sopenharmony_ci#include "surface_utils.h" 26e1c44949Sopenharmony_ci 27e1c44949Sopenharmony_ciusing namespace OHOS::Telephony; 28e1c44949Sopenharmony_cinamespace OHOS { 29e1c44949Sopenharmony_ciconstexpr int32_t SLOT_NUM = 2; 30e1c44949Sopenharmony_ciconstexpr int32_t ACTIVE_NUM = 2; 31e1c44949Sopenharmony_ciconstexpr int32_t VEDIO_STATE_NUM = 2; 32e1c44949Sopenharmony_ciconstexpr int32_t DIAL_SCENE_NUM = 3; 33e1c44949Sopenharmony_ciconstexpr int32_t DIAL_TYPE_NUM = 3; 34e1c44949Sopenharmony_ciconstexpr int32_t CALL_TYPE_NUM = 3; 35e1c44949Sopenharmony_ciconstexpr int32_t CALL_ID_NUM = 10; 36e1c44949Sopenharmony_ciconstexpr int32_t AUDIO_DEVICE_NUM = 6; 37e1c44949Sopenharmony_ci 38e1c44949Sopenharmony_civoid OnRegisterVoipCallManagerCallback(const uint8_t *data, size_t size) 39e1c44949Sopenharmony_ci{ 40e1c44949Sopenharmony_ci if (!IsServiceInited()) { 41e1c44949Sopenharmony_ci return; 42e1c44949Sopenharmony_ci } 43e1c44949Sopenharmony_ci MessageParcel dataMessageParcel; 44e1c44949Sopenharmony_ci std::unique_ptr<CallAbilityCallback> callbackWrap = std::make_unique<CallAbilityCallback>(); 45e1c44949Sopenharmony_ci if (callbackWrap == nullptr) { 46e1c44949Sopenharmony_ci return; 47e1c44949Sopenharmony_ci } 48e1c44949Sopenharmony_ci dataMessageParcel.WriteRemoteObject(callbackWrap.release()->AsObject().GetRefPtr()); 49e1c44949Sopenharmony_ci MessageParcel reply; 50e1c44949Sopenharmony_ci DelayedSingleton<CallManagerService>::GetInstance()->OnRegisterVoipCallManagerCallback(dataMessageParcel, reply); 51e1c44949Sopenharmony_ci} 52e1c44949Sopenharmony_ci 53e1c44949Sopenharmony_civoid OnUnRegisterVoipCallManagerCallback(const uint8_t *data, size_t size) 54e1c44949Sopenharmony_ci{ 55e1c44949Sopenharmony_ci if (!IsServiceInited()) { 56e1c44949Sopenharmony_ci return; 57e1c44949Sopenharmony_ci } 58e1c44949Sopenharmony_ci MessageParcel dataMessageParcel; 59e1c44949Sopenharmony_ci MessageParcel reply; 60e1c44949Sopenharmony_ci DelayedSingleton<CallManagerService>::GetInstance()->OnUnRegisterVoipCallManagerCallback(dataMessageParcel, reply); 61e1c44949Sopenharmony_ci} 62e1c44949Sopenharmony_ci 63e1c44949Sopenharmony_ciint32_t GetProxyObjectPtr(const uint8_t *data, size_t size) 64e1c44949Sopenharmony_ci{ 65e1c44949Sopenharmony_ci if (!IsServiceInited()) { 66e1c44949Sopenharmony_ci return TELEPHONY_ERROR; 67e1c44949Sopenharmony_ci } 68e1c44949Sopenharmony_ci int32_t type = static_cast<int32_t>(size); 69e1c44949Sopenharmony_ci MessageParcel dataParcel; 70e1c44949Sopenharmony_ci dataParcel.WriteInt32(type); 71e1c44949Sopenharmony_ci MessageParcel reply; 72e1c44949Sopenharmony_ci return DelayedSingleton<CallManagerService>::GetInstance()->OnGetProxyObjectPtr(dataParcel, reply); 73e1c44949Sopenharmony_ci} 74e1c44949Sopenharmony_ci 75e1c44949Sopenharmony_ciint32_t SetVoIPCallState(const uint8_t *data, size_t size) 76e1c44949Sopenharmony_ci{ 77e1c44949Sopenharmony_ci if (!IsServiceInited()) { 78e1c44949Sopenharmony_ci return TELEPHONY_ERROR; 79e1c44949Sopenharmony_ci } 80e1c44949Sopenharmony_ci int32_t state = static_cast<int32_t>(size % SLOT_NUM); 81e1c44949Sopenharmony_ci MessageParcel dataParcel; 82e1c44949Sopenharmony_ci dataParcel.WriteInt32(state); 83e1c44949Sopenharmony_ci MessageParcel reply; 84e1c44949Sopenharmony_ci return DelayedSingleton<CallManagerService>::GetInstance()->OnSetVoIPCallState(dataParcel, reply); 85e1c44949Sopenharmony_ci} 86e1c44949Sopenharmony_ci 87e1c44949Sopenharmony_ciint32_t ReportAudioDeviceInfo(const uint8_t *data, size_t size) 88e1c44949Sopenharmony_ci{ 89e1c44949Sopenharmony_ci if (!IsServiceInited()) { 90e1c44949Sopenharmony_ci return TELEPHONY_ERROR; 91e1c44949Sopenharmony_ci } 92e1c44949Sopenharmony_ci MessageParcel dataParcel; 93e1c44949Sopenharmony_ci MessageParcel reply; 94e1c44949Sopenharmony_ci return DelayedSingleton<CallManagerService>::GetInstance()->OnReportAudioDeviceInfo(dataParcel, reply); 95e1c44949Sopenharmony_ci} 96e1c44949Sopenharmony_ci 97e1c44949Sopenharmony_ciint32_t PostDialProceed(const uint8_t *data, size_t size) 98e1c44949Sopenharmony_ci{ 99e1c44949Sopenharmony_ci if (!IsServiceInited()) { 100e1c44949Sopenharmony_ci return TELEPHONY_ERROR; 101e1c44949Sopenharmony_ci } 102e1c44949Sopenharmony_ci MessageParcel dataParcel; 103e1c44949Sopenharmony_ci MessageParcel reply; 104e1c44949Sopenharmony_ci int32_t callId = static_cast<int32_t>(size % CALL_ID_NUM); 105e1c44949Sopenharmony_ci int32_t activate = static_cast<int32_t>(size % ACTIVE_NUM); 106e1c44949Sopenharmony_ci dataParcel.WriteInt32(callId); 107e1c44949Sopenharmony_ci dataParcel.WriteBool(activate); 108e1c44949Sopenharmony_ci return DelayedSingleton<CallManagerService>::GetInstance()->OnPostDialProceed(dataParcel, reply); 109e1c44949Sopenharmony_ci} 110e1c44949Sopenharmony_ci 111e1c44949Sopenharmony_ciint32_t GetVoIPCallState(const uint8_t *data, size_t size) 112e1c44949Sopenharmony_ci{ 113e1c44949Sopenharmony_ci if (!IsServiceInited()) { 114e1c44949Sopenharmony_ci return TELEPHONY_ERROR; 115e1c44949Sopenharmony_ci } 116e1c44949Sopenharmony_ci MessageParcel dataParcel; 117e1c44949Sopenharmony_ci MessageParcel reply; 118e1c44949Sopenharmony_ci return DelayedSingleton<CallManagerService>::GetInstance()->OnGetVoIPCallState(dataParcel, reply); 119e1c44949Sopenharmony_ci} 120e1c44949Sopenharmony_ci 121e1c44949Sopenharmony_ciint32_t CanSetCallTransferTime(const uint8_t *data, size_t size) 122e1c44949Sopenharmony_ci{ 123e1c44949Sopenharmony_ci if (!IsServiceInited()) { 124e1c44949Sopenharmony_ci return TELEPHONY_ERROR; 125e1c44949Sopenharmony_ci } 126e1c44949Sopenharmony_ci 127e1c44949Sopenharmony_ci int32_t slotId = static_cast<int32_t>(size % SLOT_NUM); 128e1c44949Sopenharmony_ci MessageParcel dataMessageParcel; 129e1c44949Sopenharmony_ci CallTransferInfo info; 130e1c44949Sopenharmony_ci (void)memcpy_s(info.transferNum, kMaxNumberLen, reinterpret_cast<const char *>(data), size); 131e1c44949Sopenharmony_ci info.settingType = CallTransferSettingType::CALL_TRANSFER_ENABLE; 132e1c44949Sopenharmony_ci info.type = CallTransferType::TRANSFER_TYPE_BUSY; 133e1c44949Sopenharmony_ci int32_t activate = static_cast<int32_t>(size % ACTIVE_NUM); 134e1c44949Sopenharmony_ci dataMessageParcel.WriteInt32(slotId); 135e1c44949Sopenharmony_ci dataMessageParcel.WriteBool(activate); 136e1c44949Sopenharmony_ci dataMessageParcel.WriteRawData((const void *)&info, sizeof(CallTransferInfo)); 137e1c44949Sopenharmony_ci dataMessageParcel.RewindRead(0); 138e1c44949Sopenharmony_ci MessageParcel reply; 139e1c44949Sopenharmony_ci return DelayedSingleton<CallManagerService>::GetInstance()->OnCanSetCallTransferTime(dataMessageParcel, reply); 140e1c44949Sopenharmony_ci} 141e1c44949Sopenharmony_ci 142e1c44949Sopenharmony_ciint32_t ObserverOnCallDetailsChange(const uint8_t *data, size_t size) 143e1c44949Sopenharmony_ci{ 144e1c44949Sopenharmony_ci if (!IsServiceInited()) { 145e1c44949Sopenharmony_ci return TELEPHONY_ERROR; 146e1c44949Sopenharmony_ci } 147e1c44949Sopenharmony_ci 148e1c44949Sopenharmony_ci MessageParcel dataMessageParcel; 149e1c44949Sopenharmony_ci MessageParcel reply; 150e1c44949Sopenharmony_ci return DelayedSingleton<CallManagerService>::GetInstance()->OnObserverOnCallDetailsChange(dataMessageParcel, reply); 151e1c44949Sopenharmony_ci} 152e1c44949Sopenharmony_ci 153e1c44949Sopenharmony_ciint32_t SetVoNRState(const uint8_t *data, size_t size) 154e1c44949Sopenharmony_ci{ 155e1c44949Sopenharmony_ci if (!IsServiceInited()) { 156e1c44949Sopenharmony_ci return TELEPHONY_ERROR; 157e1c44949Sopenharmony_ci } 158e1c44949Sopenharmony_ci int32_t slotId = static_cast<int32_t>(size % SLOT_NUM); 159e1c44949Sopenharmony_ci int32_t state = static_cast<int32_t>(size % SLOT_NUM); 160e1c44949Sopenharmony_ci MessageParcel dataParcel; 161e1c44949Sopenharmony_ci dataParcel.WriteInt32(slotId); 162e1c44949Sopenharmony_ci dataParcel.WriteInt32(state); 163e1c44949Sopenharmony_ci MessageParcel reply; 164e1c44949Sopenharmony_ci return DelayedSingleton<CallManagerService>::GetInstance()->OnSetVoNRState(dataParcel, reply); 165e1c44949Sopenharmony_ci} 166e1c44949Sopenharmony_ci 167e1c44949Sopenharmony_ciint32_t KickOutFromConference(const uint8_t *data, size_t size) 168e1c44949Sopenharmony_ci{ 169e1c44949Sopenharmony_ci if (!IsServiceInited()) { 170e1c44949Sopenharmony_ci return TELEPHONY_ERROR; 171e1c44949Sopenharmony_ci } 172e1c44949Sopenharmony_ci int32_t callId = static_cast<int32_t>(size); 173e1c44949Sopenharmony_ci MessageParcel dataParcel; 174e1c44949Sopenharmony_ci dataParcel.WriteInt32(callId); 175e1c44949Sopenharmony_ci MessageParcel reply; 176e1c44949Sopenharmony_ci return DelayedSingleton<CallManagerService>::GetInstance()->OnKickOutFromConference(dataParcel, reply); 177e1c44949Sopenharmony_ci} 178e1c44949Sopenharmony_ci 179e1c44949Sopenharmony_ciint32_t SetCallRestrictionPassword(const uint8_t *data, size_t size) 180e1c44949Sopenharmony_ci{ 181e1c44949Sopenharmony_ci if (!IsServiceInited()) { 182e1c44949Sopenharmony_ci return TELEPHONY_ERROR; 183e1c44949Sopenharmony_ci } 184e1c44949Sopenharmony_ci int32_t slotId = static_cast<int32_t>(size % SLOT_NUM); 185e1c44949Sopenharmony_ci MessageParcel dataParcel; 186e1c44949Sopenharmony_ci dataParcel.WriteInt32(slotId); 187e1c44949Sopenharmony_ci dataParcel.WriteInt32(static_cast<int32_t>(size)); 188e1c44949Sopenharmony_ci dataParcel.WriteBuffer(data, size); 189e1c44949Sopenharmony_ci dataParcel.RewindRead(0); 190e1c44949Sopenharmony_ci MessageParcel reply; 191e1c44949Sopenharmony_ci return DelayedSingleton<CallManagerService>::GetInstance()->OnSetCallRestrictionPassword(dataParcel, reply); 192e1c44949Sopenharmony_ci} 193e1c44949Sopenharmony_ci 194e1c44949Sopenharmony_civoid doFuzzCallManagerService(const uint8_t *data, size_t size) 195e1c44949Sopenharmony_ci{ 196e1c44949Sopenharmony_ci auto callManagerService = DelayedSingleton<CallManagerService>::GetInstance(); 197e1c44949Sopenharmony_ci callManagerService->OnStart(); 198e1c44949Sopenharmony_ci FuzzedDataProvider fdp(data, size); 199e1c44949Sopenharmony_ci uint32_t code = fdp.ConsumeIntegralInRange<uint32_t>(0, 72); 200e1c44949Sopenharmony_ci if (fdp.remaining_bytes() == 0) { 201e1c44949Sopenharmony_ci return; 202e1c44949Sopenharmony_ci } 203e1c44949Sopenharmony_ci std::u16string service_token = u"OHOS.Telephony.ICallManagerService"; 204e1c44949Sopenharmony_ci MessageOption option; 205e1c44949Sopenharmony_ci MessageParcel dataParcel; 206e1c44949Sopenharmony_ci MessageParcel replyParcel; 207e1c44949Sopenharmony_ci std::vector<uint8_t> subData = 208e1c44949Sopenharmony_ci fdp.ConsumeBytes<uint8_t>(fdp.ConsumeIntegralInRange<size_t>(0, fdp.remaining_bytes())); 209e1c44949Sopenharmony_ci dataParcel.WriteInterfaceToken(service_token); 210e1c44949Sopenharmony_ci dataParcel.WriteBuffer(subData.data(), subData.size()); 211e1c44949Sopenharmony_ci callManagerService->OnRemoteRequest(code, dataParcel, replyParcel, option); 212e1c44949Sopenharmony_ci} 213e1c44949Sopenharmony_ci 214e1c44949Sopenharmony_ciint32_t RegisterBluetoothCallManagerCallbackPtr(const uint8_t *data, size_t size) 215e1c44949Sopenharmony_ci{ 216e1c44949Sopenharmony_ci if (!IsServiceInited()) { 217e1c44949Sopenharmony_ci return TELEPHONY_ERROR; 218e1c44949Sopenharmony_ci } 219e1c44949Sopenharmony_ci std::string str = ""; 220e1c44949Sopenharmony_ci MessageParcel dataParcel; 221e1c44949Sopenharmony_ci dataParcel.WriteString(str); 222e1c44949Sopenharmony_ci MessageParcel reply; 223e1c44949Sopenharmony_ci return DelayedSingleton<CallManagerService>::GetInstance()->OnRegisterBluetoothCallManagerCallbackPtr( 224e1c44949Sopenharmony_ci dataParcel, reply); 225e1c44949Sopenharmony_ci} 226e1c44949Sopenharmony_ci 227e1c44949Sopenharmony_civoid DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size) 228e1c44949Sopenharmony_ci{ 229e1c44949Sopenharmony_ci if (data == nullptr || size == 0) { 230e1c44949Sopenharmony_ci return; 231e1c44949Sopenharmony_ci } 232e1c44949Sopenharmony_ci OnRegisterVoipCallManagerCallback(data, size); 233e1c44949Sopenharmony_ci CanSetCallTransferTime(data, size); 234e1c44949Sopenharmony_ci ObserverOnCallDetailsChange(data, size); 235e1c44949Sopenharmony_ci SetVoNRState(data, size); 236e1c44949Sopenharmony_ci KickOutFromConference(data, size); 237e1c44949Sopenharmony_ci SetCallRestrictionPassword(data, size); 238e1c44949Sopenharmony_ci GetVoIPCallState(data, size); 239e1c44949Sopenharmony_ci SetVoIPCallState(data, size); 240e1c44949Sopenharmony_ci GetProxyObjectPtr(data, size); 241e1c44949Sopenharmony_ci ReportAudioDeviceInfo(data, size); 242e1c44949Sopenharmony_ci PostDialProceed(data, size); 243e1c44949Sopenharmony_ci OnUnRegisterVoipCallManagerCallback(data, size); 244e1c44949Sopenharmony_ci doFuzzCallManagerService(data, size); 245e1c44949Sopenharmony_ci RegisterBluetoothCallManagerCallbackPtr(data, size); 246e1c44949Sopenharmony_ci} 247e1c44949Sopenharmony_ci} // namespace OHOS 248e1c44949Sopenharmony_ci 249e1c44949Sopenharmony_ci/* Fuzzer entry point */ 250e1c44949Sopenharmony_ciextern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) 251e1c44949Sopenharmony_ci{ 252e1c44949Sopenharmony_ci OHOS::AddCallTokenFuzzer token; 253e1c44949Sopenharmony_ci /* Run your code on data */ 254e1c44949Sopenharmony_ci OHOS::DoSomethingInterestingWithMyAPI(data, size); 255e1c44949Sopenharmony_ci return 0; 256e1c44949Sopenharmony_ci} 257