1/*
2 * Copyright (c) 2022 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 *     http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16#include "callmanagerservicestub_fuzzer.h"
17
18#include <cstddef>
19#include <cstdint>
20#include <fuzzer/FuzzedDataProvider.h>
21#define private public
22#include "addcalltoken_fuzzer.h"
23#include "call_manager_service_stub.h"
24#include "call_ability_callback.h"
25#include "surface_utils.h"
26
27using namespace OHOS::Telephony;
28namespace OHOS {
29constexpr int32_t SLOT_NUM = 2;
30constexpr int32_t ACTIVE_NUM = 2;
31constexpr int32_t VEDIO_STATE_NUM = 2;
32constexpr int32_t DIAL_SCENE_NUM = 3;
33constexpr int32_t DIAL_TYPE_NUM = 3;
34constexpr int32_t CALL_TYPE_NUM = 3;
35constexpr int32_t CALL_ID_NUM = 10;
36constexpr int32_t AUDIO_DEVICE_NUM = 6;
37
38void OnRegisterVoipCallManagerCallback(const uint8_t *data, size_t size)
39{
40    if (!IsServiceInited()) {
41        return;
42    }
43    MessageParcel dataMessageParcel;
44    std::unique_ptr<CallAbilityCallback> callbackWrap = std::make_unique<CallAbilityCallback>();
45    if (callbackWrap == nullptr) {
46        return;
47    }
48    dataMessageParcel.WriteRemoteObject(callbackWrap.release()->AsObject().GetRefPtr());
49    MessageParcel reply;
50    DelayedSingleton<CallManagerService>::GetInstance()->OnRegisterVoipCallManagerCallback(dataMessageParcel, reply);
51}
52
53void OnUnRegisterVoipCallManagerCallback(const uint8_t *data, size_t size)
54{
55    if (!IsServiceInited()) {
56        return;
57    }
58    MessageParcel dataMessageParcel;
59    MessageParcel reply;
60    DelayedSingleton<CallManagerService>::GetInstance()->OnUnRegisterVoipCallManagerCallback(dataMessageParcel, reply);
61}
62
63int32_t GetProxyObjectPtr(const uint8_t *data, size_t size)
64{
65    if (!IsServiceInited()) {
66        return TELEPHONY_ERROR;
67    }
68    int32_t type = static_cast<int32_t>(size);
69    MessageParcel dataParcel;
70    dataParcel.WriteInt32(type);
71    MessageParcel reply;
72    return DelayedSingleton<CallManagerService>::GetInstance()->OnGetProxyObjectPtr(dataParcel, reply);
73}
74
75int32_t SetVoIPCallState(const uint8_t *data, size_t size)
76{
77    if (!IsServiceInited()) {
78        return TELEPHONY_ERROR;
79    }
80    int32_t state = static_cast<int32_t>(size % SLOT_NUM);
81    MessageParcel dataParcel;
82    dataParcel.WriteInt32(state);
83    MessageParcel reply;
84    return DelayedSingleton<CallManagerService>::GetInstance()->OnSetVoIPCallState(dataParcel, reply);
85}
86
87int32_t ReportAudioDeviceInfo(const uint8_t *data, size_t size)
88{
89    if (!IsServiceInited()) {
90        return TELEPHONY_ERROR;
91    }
92    MessageParcel dataParcel;
93    MessageParcel reply;
94    return  DelayedSingleton<CallManagerService>::GetInstance()->OnReportAudioDeviceInfo(dataParcel, reply);
95}
96
97int32_t PostDialProceed(const uint8_t *data, size_t size)
98{
99    if (!IsServiceInited()) {
100        return TELEPHONY_ERROR;
101    }
102    MessageParcel dataParcel;
103    MessageParcel reply;
104    int32_t callId = static_cast<int32_t>(size % CALL_ID_NUM);
105    int32_t activate = static_cast<int32_t>(size % ACTIVE_NUM);
106    dataParcel.WriteInt32(callId);
107    dataParcel.WriteBool(activate);
108    return DelayedSingleton<CallManagerService>::GetInstance()->OnPostDialProceed(dataParcel, reply);
109}
110
111int32_t GetVoIPCallState(const uint8_t *data, size_t size)
112{
113    if (!IsServiceInited()) {
114        return TELEPHONY_ERROR;
115    }
116    MessageParcel dataParcel;
117    MessageParcel reply;
118    return DelayedSingleton<CallManagerService>::GetInstance()->OnGetVoIPCallState(dataParcel, reply);
119}
120
121int32_t CanSetCallTransferTime(const uint8_t *data, size_t size)
122{
123    if (!IsServiceInited()) {
124        return TELEPHONY_ERROR;
125    }
126
127    int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
128    MessageParcel dataMessageParcel;
129    CallTransferInfo info;
130    (void)memcpy_s(info.transferNum, kMaxNumberLen, reinterpret_cast<const char *>(data), size);
131    info.settingType = CallTransferSettingType::CALL_TRANSFER_ENABLE;
132    info.type = CallTransferType::TRANSFER_TYPE_BUSY;
133    int32_t activate = static_cast<int32_t>(size % ACTIVE_NUM);
134    dataMessageParcel.WriteInt32(slotId);
135    dataMessageParcel.WriteBool(activate);
136    dataMessageParcel.WriteRawData((const void *)&info, sizeof(CallTransferInfo));
137    dataMessageParcel.RewindRead(0);
138    MessageParcel reply;
139    return DelayedSingleton<CallManagerService>::GetInstance()->OnCanSetCallTransferTime(dataMessageParcel, reply);
140}
141
142int32_t ObserverOnCallDetailsChange(const uint8_t *data, size_t size)
143{
144    if (!IsServiceInited()) {
145        return TELEPHONY_ERROR;
146    }
147
148    MessageParcel dataMessageParcel;
149    MessageParcel reply;
150    return DelayedSingleton<CallManagerService>::GetInstance()->OnObserverOnCallDetailsChange(dataMessageParcel, reply);
151}
152
153int32_t SetVoNRState(const uint8_t *data, size_t size)
154{
155    if (!IsServiceInited()) {
156        return TELEPHONY_ERROR;
157    }
158    int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
159    int32_t state = static_cast<int32_t>(size % SLOT_NUM);
160    MessageParcel dataParcel;
161    dataParcel.WriteInt32(slotId);
162    dataParcel.WriteInt32(state);
163    MessageParcel reply;
164    return DelayedSingleton<CallManagerService>::GetInstance()->OnSetVoNRState(dataParcel, reply);
165}
166
167int32_t KickOutFromConference(const uint8_t *data, size_t size)
168{
169    if (!IsServiceInited()) {
170        return TELEPHONY_ERROR;
171    }
172    int32_t callId = static_cast<int32_t>(size);
173    MessageParcel dataParcel;
174    dataParcel.WriteInt32(callId);
175    MessageParcel reply;
176    return DelayedSingleton<CallManagerService>::GetInstance()->OnKickOutFromConference(dataParcel, reply);
177}
178
179int32_t SetCallRestrictionPassword(const uint8_t *data, size_t size)
180{
181    if (!IsServiceInited()) {
182        return TELEPHONY_ERROR;
183    }
184    int32_t slotId = static_cast<int32_t>(size % SLOT_NUM);
185    MessageParcel dataParcel;
186    dataParcel.WriteInt32(slotId);
187    dataParcel.WriteInt32(static_cast<int32_t>(size));
188    dataParcel.WriteBuffer(data, size);
189    dataParcel.RewindRead(0);
190    MessageParcel reply;
191    return DelayedSingleton<CallManagerService>::GetInstance()->OnSetCallRestrictionPassword(dataParcel, reply);
192}
193
194void doFuzzCallManagerService(const uint8_t *data, size_t size)
195{
196    auto callManagerService = DelayedSingleton<CallManagerService>::GetInstance();
197    callManagerService->OnStart();
198    FuzzedDataProvider fdp(data, size);
199    uint32_t code = fdp.ConsumeIntegralInRange<uint32_t>(0, 72);
200    if (fdp.remaining_bytes() == 0) {
201        return;
202    }
203    std::u16string service_token = u"OHOS.Telephony.ICallManagerService";
204    MessageOption option;
205    MessageParcel dataParcel;
206    MessageParcel replyParcel;
207    std::vector<uint8_t> subData =
208        fdp.ConsumeBytes<uint8_t>(fdp.ConsumeIntegralInRange<size_t>(0, fdp.remaining_bytes()));
209    dataParcel.WriteInterfaceToken(service_token);
210    dataParcel.WriteBuffer(subData.data(), subData.size());
211    callManagerService->OnRemoteRequest(code, dataParcel, replyParcel, option);
212}
213
214int32_t RegisterBluetoothCallManagerCallbackPtr(const uint8_t *data, size_t size)
215{
216    if (!IsServiceInited()) {
217        return TELEPHONY_ERROR;
218    }
219    std::string str = "";
220    MessageParcel dataParcel;
221    dataParcel.WriteString(str);
222    MessageParcel reply;
223    return DelayedSingleton<CallManagerService>::GetInstance()->OnRegisterBluetoothCallManagerCallbackPtr(
224        dataParcel, reply);
225}
226
227void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size)
228{
229    if (data == nullptr || size == 0) {
230        return;
231    }
232    OnRegisterVoipCallManagerCallback(data, size);
233    CanSetCallTransferTime(data, size);
234    ObserverOnCallDetailsChange(data, size);
235    SetVoNRState(data, size);
236    KickOutFromConference(data, size);
237    SetCallRestrictionPassword(data, size);
238    GetVoIPCallState(data, size);
239    SetVoIPCallState(data, size);
240    GetProxyObjectPtr(data, size);
241    ReportAudioDeviceInfo(data, size);
242    PostDialProceed(data, size);
243    OnUnRegisterVoipCallManagerCallback(data, size);
244    doFuzzCallManagerService(data, size);
245    RegisterBluetoothCallManagerCallbackPtr(data, size);
246}
247} // namespace OHOS
248
249/* Fuzzer entry point */
250extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
251{
252    OHOS::AddCallTokenFuzzer token;
253    /* Run your code on data */
254    OHOS::DoSomethingInterestingWithMyAPI(data, size);
255    return 0;
256}
257