1d95e75fdSopenharmony_ci/* 2d95e75fdSopenharmony_ci * Copyright (c) 2022 Huawei Device Co., Ltd. 3d95e75fdSopenharmony_ci * Licensed under the Apache License, Version 2.0 (the "License"); 4d95e75fdSopenharmony_ci * you may not use this file except in compliance with the License. 5d95e75fdSopenharmony_ci * You may obtain a copy of the License at 6d95e75fdSopenharmony_ci * 7d95e75fdSopenharmony_ci * http://www.apache.org/licenses/LICENSE-2.0 8d95e75fdSopenharmony_ci * 9d95e75fdSopenharmony_ci * Unless required by applicable law or agreed to in writing, software 10d95e75fdSopenharmony_ci * distributed under the License is distributed on an "AS IS" BASIS, 11d95e75fdSopenharmony_ci * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12d95e75fdSopenharmony_ci * See the License for the specific language governing permissions and 13d95e75fdSopenharmony_ci * limitations under the License. 14d95e75fdSopenharmony_ci */ 15d95e75fdSopenharmony_ci 16d95e75fdSopenharmony_ci#include "registercallmanagercallback_fuzzer.h" 17d95e75fdSopenharmony_ci 18d95e75fdSopenharmony_ci#include <cstddef> 19d95e75fdSopenharmony_ci#include <cstdint> 20d95e75fdSopenharmony_ci#define private public 21d95e75fdSopenharmony_ci#include "addcellularcalltoken_fuzzer.h" 22d95e75fdSopenharmony_ci#include "cellular_call_register.h" 23d95e75fdSopenharmony_ci#include "cellular_call_service.h" 24d95e75fdSopenharmony_ci#include "tel_ril_call_parcel.h" 25d95e75fdSopenharmony_ci#include "radio_event.h" 26d95e75fdSopenharmony_ci#include "securec.h" 27d95e75fdSopenharmony_ci#include "system_ability_definition.h" 28d95e75fdSopenharmony_ci 29d95e75fdSopenharmony_ciusing namespace OHOS::Telephony; 30d95e75fdSopenharmony_cinamespace OHOS { 31d95e75fdSopenharmony_cistatic bool g_isInited = false; 32d95e75fdSopenharmony_ciconstexpr int32_t SLOT_NUM = 2; 33d95e75fdSopenharmony_ciconstexpr int32_t BOOL_NUM = 2; 34d95e75fdSopenharmony_ciconstexpr int32_t CALL_STATE_NUM = 8; 35d95e75fdSopenharmony_ciconstexpr int32_t EVENT_ID_NUM = 20; 36d95e75fdSopenharmony_ci 37d95e75fdSopenharmony_cibool IsServiceInited() 38d95e75fdSopenharmony_ci{ 39d95e75fdSopenharmony_ci if (!g_isInited) { 40d95e75fdSopenharmony_ci DelayedSingleton<CellularCallService>::GetInstance()->OnStart(); 41d95e75fdSopenharmony_ci } 42d95e75fdSopenharmony_ci if (!g_isInited && (static_cast<int32_t>(DelayedSingleton<CellularCallService>::GetInstance()->state_) == 43d95e75fdSopenharmony_ci static_cast<int32_t>(ServiceRunningState::STATE_RUNNING))) { 44d95e75fdSopenharmony_ci g_isInited = true; 45d95e75fdSopenharmony_ci } 46d95e75fdSopenharmony_ci return g_isInited; 47d95e75fdSopenharmony_ci} 48d95e75fdSopenharmony_ci 49d95e75fdSopenharmony_civoid ReportCallsInfo(const uint8_t *data, size_t size) 50d95e75fdSopenharmony_ci{ 51d95e75fdSopenharmony_ci if (!IsServiceInited()) { 52d95e75fdSopenharmony_ci return; 53d95e75fdSopenharmony_ci } 54d95e75fdSopenharmony_ci 55d95e75fdSopenharmony_ci std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance(); 56d95e75fdSopenharmony_ci CallsReportInfo callsReportInfo; 57d95e75fdSopenharmony_ci callsReportInfo.slotId = static_cast<int32_t>(size % SLOT_NUM); 58d95e75fdSopenharmony_ci CallReportInfo callReportInfo; 59d95e75fdSopenharmony_ci std::string number(reinterpret_cast<const char *>(data), size); 60d95e75fdSopenharmony_ci int32_t length = number.length() > kMaxNumberLen ? kMaxNumberLen : number.length(); 61d95e75fdSopenharmony_ci if (memcpy_s(callReportInfo.accountNum, kMaxNumberLen, number.c_str(), length) != EOK) { 62d95e75fdSopenharmony_ci return; 63d95e75fdSopenharmony_ci } 64d95e75fdSopenharmony_ci sptr<ICallStatusCallback> callback = nullptr; 65d95e75fdSopenharmony_ci TelCallState callState = static_cast<TelCallState>(size % CALL_STATE_NUM); 66d95e75fdSopenharmony_ci CellularCallEventInfo info; 67d95e75fdSopenharmony_ci info.eventType = CellularCallEventType::EVENT_REQUEST_RESULT_TYPE; 68d95e75fdSopenharmony_ci info.eventId = static_cast<RequestResultEventId>(size % EVENT_ID_NUM); 69d95e75fdSopenharmony_ci CallWaitResponse response; 70d95e75fdSopenharmony_ci response.classCw = static_cast<int32_t>(size); 71d95e75fdSopenharmony_ci response.result = static_cast<int32_t>(size % BOOL_NUM); 72d95e75fdSopenharmony_ci response.status = static_cast<int32_t>(size % BOOL_NUM); 73d95e75fdSopenharmony_ci int32_t result = static_cast<int32_t>(size % BOOL_NUM); 74d95e75fdSopenharmony_ci CallRestrictionResponse callRestrictionResponse; 75d95e75fdSopenharmony_ci callRestrictionResponse.classCw = static_cast<int32_t>(size); 76d95e75fdSopenharmony_ci callRestrictionResponse.result = static_cast<int32_t>(size % BOOL_NUM); 77d95e75fdSopenharmony_ci callRestrictionResponse.status = static_cast<int32_t>(size % BOOL_NUM); 78d95e75fdSopenharmony_ci 79d95e75fdSopenharmony_ci cellularCallRegister->ReportCallsInfo(callsReportInfo); 80d95e75fdSopenharmony_ci cellularCallRegister->RegisterCallManagerCallBack(callback); 81d95e75fdSopenharmony_ci cellularCallRegister->ReportSingleCallInfo(callReportInfo, callState); 82d95e75fdSopenharmony_ci cellularCallRegister->UnRegisterCallManagerCallBack(); 83d95e75fdSopenharmony_ci cellularCallRegister->ReportEventResultInfo(info); 84d95e75fdSopenharmony_ci cellularCallRegister->ReportGetWaitingResult(response); 85d95e75fdSopenharmony_ci cellularCallRegister->ReportSetWaitingResult(result); 86d95e75fdSopenharmony_ci cellularCallRegister->ReportGetRestrictionResult(callRestrictionResponse); 87d95e75fdSopenharmony_ci cellularCallRegister->ReportSetBarringPasswordResult(result); 88d95e75fdSopenharmony_ci} 89d95e75fdSopenharmony_ci 90d95e75fdSopenharmony_civoid ReportSetRestrictionResult(const uint8_t *data, size_t size) 91d95e75fdSopenharmony_ci{ 92d95e75fdSopenharmony_ci if (!IsServiceInited()) { 93d95e75fdSopenharmony_ci return; 94d95e75fdSopenharmony_ci } 95d95e75fdSopenharmony_ci 96d95e75fdSopenharmony_ci std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance(); 97d95e75fdSopenharmony_ci int32_t result = static_cast<int32_t>(size % BOOL_NUM); 98d95e75fdSopenharmony_ci CallTransferResponse callTransferResponse; 99d95e75fdSopenharmony_ci callTransferResponse.result = static_cast<int32_t>(size); 100d95e75fdSopenharmony_ci callTransferResponse.status = static_cast<int32_t>(size); 101d95e75fdSopenharmony_ci callTransferResponse.classx = static_cast<int32_t>(size); 102d95e75fdSopenharmony_ci callTransferResponse.type = static_cast<int32_t>(size); 103d95e75fdSopenharmony_ci callTransferResponse.time = static_cast<int32_t>(size); 104d95e75fdSopenharmony_ci callTransferResponse.reason = static_cast<int32_t>(size); 105d95e75fdSopenharmony_ci std::string number(reinterpret_cast<const char *>(data), size); 106d95e75fdSopenharmony_ci int32_t length = number.length() > kMaxNumberLen ? kMaxNumberLen : number.length(); 107d95e75fdSopenharmony_ci if (memcpy_s(callTransferResponse.number, kMaxNumberLen, number.c_str(), length) != EOK) { 108d95e75fdSopenharmony_ci return; 109d95e75fdSopenharmony_ci } 110d95e75fdSopenharmony_ci ClipResponse clipResponse; 111d95e75fdSopenharmony_ci clipResponse.action = static_cast<int32_t>(size); 112d95e75fdSopenharmony_ci clipResponse.result = static_cast<int32_t>(size); 113d95e75fdSopenharmony_ci clipResponse.clipStat = static_cast<int32_t>(size); 114d95e75fdSopenharmony_ci ClirResponse clirResponse; 115d95e75fdSopenharmony_ci clirResponse.clirStat = static_cast<int32_t>(size); 116d95e75fdSopenharmony_ci clirResponse.action = static_cast<int32_t>(size); 117d95e75fdSopenharmony_ci clirResponse.result = static_cast<int32_t>(size); 118d95e75fdSopenharmony_ci GetImsConfigResponse getImsConfigResponse; 119d95e75fdSopenharmony_ci getImsConfigResponse.result = static_cast<int32_t>(size); 120d95e75fdSopenharmony_ci getImsConfigResponse.value = static_cast<int32_t>(size); 121d95e75fdSopenharmony_ci 122d95e75fdSopenharmony_ci cellularCallRegister->ReportSetRestrictionResult(result); 123d95e75fdSopenharmony_ci cellularCallRegister->ReportGetTransferResult(callTransferResponse); 124d95e75fdSopenharmony_ci cellularCallRegister->ReportSetTransferResult(result); 125d95e75fdSopenharmony_ci cellularCallRegister->ReportGetClipResult(clipResponse); 126d95e75fdSopenharmony_ci cellularCallRegister->ReportGetClirResult(clirResponse); 127d95e75fdSopenharmony_ci cellularCallRegister->ReportSetClirResult(result); 128d95e75fdSopenharmony_ci cellularCallRegister->ReportGetImsConfigResult(getImsConfigResponse); 129d95e75fdSopenharmony_ci cellularCallRegister->ReportSetImsConfigResult(result); 130d95e75fdSopenharmony_ci cellularCallRegister->ReportSetImsFeatureResult(result); 131d95e75fdSopenharmony_ci} 132d95e75fdSopenharmony_ci 133d95e75fdSopenharmony_civoid ReportSetImsConfigResult(const uint8_t *data, size_t size) 134d95e75fdSopenharmony_ci{ 135d95e75fdSopenharmony_ci if (!IsServiceInited()) { 136d95e75fdSopenharmony_ci return; 137d95e75fdSopenharmony_ci } 138d95e75fdSopenharmony_ci 139d95e75fdSopenharmony_ci std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance(); 140d95e75fdSopenharmony_ci int32_t result = static_cast<int32_t>(size % BOOL_NUM); 141d95e75fdSopenharmony_ci GetImsFeatureValueResponse getImsFeatureValueResponse; 142d95e75fdSopenharmony_ci getImsFeatureValueResponse.result = static_cast<int32_t>(size); 143d95e75fdSopenharmony_ci getImsFeatureValueResponse.value = static_cast<int32_t>(size); 144d95e75fdSopenharmony_ci GetLteEnhanceModeResponse getLteEnhanceModeResponse; 145d95e75fdSopenharmony_ci getLteEnhanceModeResponse.result = static_cast<int32_t>(size); 146d95e75fdSopenharmony_ci getLteEnhanceModeResponse.value = static_cast<int32_t>(size); 147d95e75fdSopenharmony_ci DisconnectedDetails details; 148d95e75fdSopenharmony_ci std::string number(reinterpret_cast<const char *>(data), size); 149d95e75fdSopenharmony_ci details.message = number; 150d95e75fdSopenharmony_ci details.reason = static_cast<DisconnectedReason>(size); 151d95e75fdSopenharmony_ci MuteControlResponse muteControlResponse; 152d95e75fdSopenharmony_ci muteControlResponse.result = static_cast<int32_t>(size); 153d95e75fdSopenharmony_ci muteControlResponse.value = static_cast<int32_t>(size); 154d95e75fdSopenharmony_ci SetEccListResponse setEccListResponse; 155d95e75fdSopenharmony_ci setEccListResponse.result = static_cast<int32_t>(size); 156d95e75fdSopenharmony_ci setEccListResponse.value = static_cast<int32_t>(size); 157d95e75fdSopenharmony_ci MmiCodeInfo mmiCodeInfo; 158d95e75fdSopenharmony_ci mmiCodeInfo.result = static_cast<int32_t>(size); 159d95e75fdSopenharmony_ci int32_t length = number.length() > kMaxNumberLen ? kMaxNumberLen : number.length(); 160d95e75fdSopenharmony_ci if (memcpy_s(mmiCodeInfo.message, kMaxNumberLen, number.c_str(), length) != EOK) { 161d95e75fdSopenharmony_ci return; 162d95e75fdSopenharmony_ci } 163d95e75fdSopenharmony_ci 164d95e75fdSopenharmony_ci cellularCallRegister->ReportGetImsFeatureResult(getImsFeatureValueResponse); 165d95e75fdSopenharmony_ci cellularCallRegister->ReportCallRingBackResult(result); 166d95e75fdSopenharmony_ci cellularCallRegister->ReportCallFailReason(details); 167d95e75fdSopenharmony_ci cellularCallRegister->ReportGetMuteResult(muteControlResponse); 168d95e75fdSopenharmony_ci cellularCallRegister->ReportSetMuteResult(muteControlResponse); 169d95e75fdSopenharmony_ci cellularCallRegister->ReportInviteToConferenceResult(result); 170d95e75fdSopenharmony_ci cellularCallRegister->ReportGetCallDataResult(result); 171d95e75fdSopenharmony_ci cellularCallRegister->ReportStartDtmfResult(result); 172d95e75fdSopenharmony_ci cellularCallRegister->ReportStopDtmfResult(result); 173d95e75fdSopenharmony_ci cellularCallRegister->ReportStartRttResult(result); 174d95e75fdSopenharmony_ci cellularCallRegister->ReportStopRttResult(result); 175d95e75fdSopenharmony_ci cellularCallRegister->ReportSendUssdResult(result); 176d95e75fdSopenharmony_ci cellularCallRegister->ReportMmiCodeResult(mmiCodeInfo); 177d95e75fdSopenharmony_ci cellularCallRegister->ReportSetEmergencyCallListResponse(setEccListResponse); 178d95e75fdSopenharmony_ci cellularCallRegister->IsCallManagerCallBackRegistered(); 179d95e75fdSopenharmony_ci} 180d95e75fdSopenharmony_ci 181d95e75fdSopenharmony_civoid ReportUpdateCallMediaMode(const uint8_t *data, size_t size) 182d95e75fdSopenharmony_ci{ 183d95e75fdSopenharmony_ci if (!IsServiceInited()) { 184d95e75fdSopenharmony_ci return; 185d95e75fdSopenharmony_ci } 186d95e75fdSopenharmony_ci 187d95e75fdSopenharmony_ci std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance(); 188d95e75fdSopenharmony_ci ImsCallModeReceiveInfo reportCallModeInfo; 189d95e75fdSopenharmony_ci reportCallModeInfo.callIndex = static_cast<int32_t>(size); 190d95e75fdSopenharmony_ci reportCallModeInfo.result = static_cast<ImsCallModeRequestResult>(size); 191d95e75fdSopenharmony_ci reportCallModeInfo.callType = static_cast<ImsCallType>(static_cast<int32_t>(size % BOOL_NUM)); 192d95e75fdSopenharmony_ci int32_t slotId = static_cast<int32_t>(size % SLOT_NUM); 193d95e75fdSopenharmony_ci cellularCallRegister->ReceiveUpdateCallMediaModeRequest(slotId, reportCallModeInfo); 194d95e75fdSopenharmony_ci cellularCallRegister->ReceiveUpdateCallMediaModeResponse(slotId, reportCallModeInfo); 195d95e75fdSopenharmony_ci} 196d95e75fdSopenharmony_ci 197d95e75fdSopenharmony_civoid ReportCallSessionEventChanged(const uint8_t *data, size_t size) 198d95e75fdSopenharmony_ci{ 199d95e75fdSopenharmony_ci if (!IsServiceInited()) { 200d95e75fdSopenharmony_ci return; 201d95e75fdSopenharmony_ci } 202d95e75fdSopenharmony_ci 203d95e75fdSopenharmony_ci std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance(); 204d95e75fdSopenharmony_ci ImsCallSessionEventInfo reportCallSessionInfo; 205d95e75fdSopenharmony_ci reportCallSessionInfo.callIndex = static_cast<int32_t>(size); 206d95e75fdSopenharmony_ci reportCallSessionInfo.eventType = static_cast<VideoCallEventType>(static_cast<int32_t>(size % BOOL_NUM)); 207d95e75fdSopenharmony_ci cellularCallRegister->HandleCallSessionEventChanged(reportCallSessionInfo); 208d95e75fdSopenharmony_ci} 209d95e75fdSopenharmony_ci 210d95e75fdSopenharmony_civoid ReportPeerDimensionsChanged(const uint8_t *data, size_t size) 211d95e75fdSopenharmony_ci{ 212d95e75fdSopenharmony_ci if (!IsServiceInited()) { 213d95e75fdSopenharmony_ci return; 214d95e75fdSopenharmony_ci } 215d95e75fdSopenharmony_ci 216d95e75fdSopenharmony_ci std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance(); 217d95e75fdSopenharmony_ci ImsCallPeerDimensionsInfo reportCallPeerDimensionsInfo; 218d95e75fdSopenharmony_ci reportCallPeerDimensionsInfo.callIndex = static_cast<int32_t>(size); 219d95e75fdSopenharmony_ci reportCallPeerDimensionsInfo.width = static_cast<int32_t>(size); 220d95e75fdSopenharmony_ci reportCallPeerDimensionsInfo.height = static_cast<int32_t>(size); 221d95e75fdSopenharmony_ci cellularCallRegister->HandlePeerDimensionsChanged(reportCallPeerDimensionsInfo); 222d95e75fdSopenharmony_ci} 223d95e75fdSopenharmony_ci 224d95e75fdSopenharmony_civoid ReportCallDataUsageChanged(const uint8_t *data, size_t size) 225d95e75fdSopenharmony_ci{ 226d95e75fdSopenharmony_ci if (!IsServiceInited()) { 227d95e75fdSopenharmony_ci return; 228d95e75fdSopenharmony_ci } 229d95e75fdSopenharmony_ci 230d95e75fdSopenharmony_ci std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance(); 231d95e75fdSopenharmony_ci ImsCallDataUsageInfo reportCallDataUsageInfo; 232d95e75fdSopenharmony_ci reportCallDataUsageInfo.callIndex = static_cast<int32_t>(size); 233d95e75fdSopenharmony_ci reportCallDataUsageInfo.dataUsage = static_cast<int64_t>(size); 234d95e75fdSopenharmony_ci cellularCallRegister->HandleCallDataUsageChanged(reportCallDataUsageInfo); 235d95e75fdSopenharmony_ci} 236d95e75fdSopenharmony_ci 237d95e75fdSopenharmony_civoid ReportCameraCapabilitiesChanged(const uint8_t *data, size_t size) 238d95e75fdSopenharmony_ci{ 239d95e75fdSopenharmony_ci if (!IsServiceInited()) { 240d95e75fdSopenharmony_ci return; 241d95e75fdSopenharmony_ci } 242d95e75fdSopenharmony_ci 243d95e75fdSopenharmony_ci std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance(); 244d95e75fdSopenharmony_ci CameraCapabilitiesInfo reportCameraCapabilitiesInfo; 245d95e75fdSopenharmony_ci reportCameraCapabilitiesInfo.callIndex = static_cast<int32_t>(size); 246d95e75fdSopenharmony_ci reportCameraCapabilitiesInfo.width = static_cast<int32_t>(size); 247d95e75fdSopenharmony_ci reportCameraCapabilitiesInfo.height = static_cast<int32_t>(size); 248d95e75fdSopenharmony_ci cellularCallRegister->HandleCameraCapabilitiesChanged(reportCameraCapabilitiesInfo); 249d95e75fdSopenharmony_ci} 250d95e75fdSopenharmony_ci 251d95e75fdSopenharmony_civoid DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size) 252d95e75fdSopenharmony_ci{ 253d95e75fdSopenharmony_ci if (data == nullptr || size == 0) { 254d95e75fdSopenharmony_ci return; 255d95e75fdSopenharmony_ci } 256d95e75fdSopenharmony_ci 257d95e75fdSopenharmony_ci ReportCallsInfo(data, size); 258d95e75fdSopenharmony_ci ReportSetRestrictionResult(data, size); 259d95e75fdSopenharmony_ci ReportSetImsConfigResult(data, size); 260d95e75fdSopenharmony_ci ReportUpdateCallMediaMode(data, size); 261d95e75fdSopenharmony_ci ReportCallSessionEventChanged(data, size); 262d95e75fdSopenharmony_ci ReportPeerDimensionsChanged(data, size); 263d95e75fdSopenharmony_ci ReportCallDataUsageChanged(data, size); 264d95e75fdSopenharmony_ci ReportCameraCapabilitiesChanged(data, size); 265d95e75fdSopenharmony_ci} 266d95e75fdSopenharmony_ci} // namespace OHOS 267d95e75fdSopenharmony_ci 268d95e75fdSopenharmony_ci/* Fuzzer entry point */ 269d95e75fdSopenharmony_ciextern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 270d95e75fdSopenharmony_ci{ 271d95e75fdSopenharmony_ci OHOS::AddCellularCallTokenFuzzer token; 272d95e75fdSopenharmony_ci /* Run your code on data */ 273d95e75fdSopenharmony_ci OHOS::DoSomethingInterestingWithMyAPI(data, size); 274d95e75fdSopenharmony_ci return 0; 275d95e75fdSopenharmony_ci} 276