1/* 2 * Copyright (c) 2022 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16#include "registercallmanagercallback_fuzzer.h" 17 18#include <cstddef> 19#include <cstdint> 20#define private public 21#include "addcellularcalltoken_fuzzer.h" 22#include "cellular_call_register.h" 23#include "cellular_call_service.h" 24#include "tel_ril_call_parcel.h" 25#include "radio_event.h" 26#include "securec.h" 27#include "system_ability_definition.h" 28 29using namespace OHOS::Telephony; 30namespace OHOS { 31static bool g_isInited = false; 32constexpr int32_t SLOT_NUM = 2; 33constexpr int32_t BOOL_NUM = 2; 34constexpr int32_t CALL_STATE_NUM = 8; 35constexpr int32_t EVENT_ID_NUM = 20; 36 37bool IsServiceInited() 38{ 39 if (!g_isInited) { 40 DelayedSingleton<CellularCallService>::GetInstance()->OnStart(); 41 } 42 if (!g_isInited && (static_cast<int32_t>(DelayedSingleton<CellularCallService>::GetInstance()->state_) == 43 static_cast<int32_t>(ServiceRunningState::STATE_RUNNING))) { 44 g_isInited = true; 45 } 46 return g_isInited; 47} 48 49void ReportCallsInfo(const uint8_t *data, size_t size) 50{ 51 if (!IsServiceInited()) { 52 return; 53 } 54 55 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance(); 56 CallsReportInfo callsReportInfo; 57 callsReportInfo.slotId = static_cast<int32_t>(size % SLOT_NUM); 58 CallReportInfo callReportInfo; 59 std::string number(reinterpret_cast<const char *>(data), size); 60 int32_t length = number.length() > kMaxNumberLen ? kMaxNumberLen : number.length(); 61 if (memcpy_s(callReportInfo.accountNum, kMaxNumberLen, number.c_str(), length) != EOK) { 62 return; 63 } 64 sptr<ICallStatusCallback> callback = nullptr; 65 TelCallState callState = static_cast<TelCallState>(size % CALL_STATE_NUM); 66 CellularCallEventInfo info; 67 info.eventType = CellularCallEventType::EVENT_REQUEST_RESULT_TYPE; 68 info.eventId = static_cast<RequestResultEventId>(size % EVENT_ID_NUM); 69 CallWaitResponse response; 70 response.classCw = static_cast<int32_t>(size); 71 response.result = static_cast<int32_t>(size % BOOL_NUM); 72 response.status = static_cast<int32_t>(size % BOOL_NUM); 73 int32_t result = static_cast<int32_t>(size % BOOL_NUM); 74 CallRestrictionResponse callRestrictionResponse; 75 callRestrictionResponse.classCw = static_cast<int32_t>(size); 76 callRestrictionResponse.result = static_cast<int32_t>(size % BOOL_NUM); 77 callRestrictionResponse.status = static_cast<int32_t>(size % BOOL_NUM); 78 79 cellularCallRegister->ReportCallsInfo(callsReportInfo); 80 cellularCallRegister->RegisterCallManagerCallBack(callback); 81 cellularCallRegister->ReportSingleCallInfo(callReportInfo, callState); 82 cellularCallRegister->UnRegisterCallManagerCallBack(); 83 cellularCallRegister->ReportEventResultInfo(info); 84 cellularCallRegister->ReportGetWaitingResult(response); 85 cellularCallRegister->ReportSetWaitingResult(result); 86 cellularCallRegister->ReportGetRestrictionResult(callRestrictionResponse); 87 cellularCallRegister->ReportSetBarringPasswordResult(result); 88} 89 90void ReportSetRestrictionResult(const uint8_t *data, size_t size) 91{ 92 if (!IsServiceInited()) { 93 return; 94 } 95 96 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance(); 97 int32_t result = static_cast<int32_t>(size % BOOL_NUM); 98 CallTransferResponse callTransferResponse; 99 callTransferResponse.result = static_cast<int32_t>(size); 100 callTransferResponse.status = static_cast<int32_t>(size); 101 callTransferResponse.classx = static_cast<int32_t>(size); 102 callTransferResponse.type = static_cast<int32_t>(size); 103 callTransferResponse.time = static_cast<int32_t>(size); 104 callTransferResponse.reason = static_cast<int32_t>(size); 105 std::string number(reinterpret_cast<const char *>(data), size); 106 int32_t length = number.length() > kMaxNumberLen ? kMaxNumberLen : number.length(); 107 if (memcpy_s(callTransferResponse.number, kMaxNumberLen, number.c_str(), length) != EOK) { 108 return; 109 } 110 ClipResponse clipResponse; 111 clipResponse.action = static_cast<int32_t>(size); 112 clipResponse.result = static_cast<int32_t>(size); 113 clipResponse.clipStat = static_cast<int32_t>(size); 114 ClirResponse clirResponse; 115 clirResponse.clirStat = static_cast<int32_t>(size); 116 clirResponse.action = static_cast<int32_t>(size); 117 clirResponse.result = static_cast<int32_t>(size); 118 GetImsConfigResponse getImsConfigResponse; 119 getImsConfigResponse.result = static_cast<int32_t>(size); 120 getImsConfigResponse.value = static_cast<int32_t>(size); 121 122 cellularCallRegister->ReportSetRestrictionResult(result); 123 cellularCallRegister->ReportGetTransferResult(callTransferResponse); 124 cellularCallRegister->ReportSetTransferResult(result); 125 cellularCallRegister->ReportGetClipResult(clipResponse); 126 cellularCallRegister->ReportGetClirResult(clirResponse); 127 cellularCallRegister->ReportSetClirResult(result); 128 cellularCallRegister->ReportGetImsConfigResult(getImsConfigResponse); 129 cellularCallRegister->ReportSetImsConfigResult(result); 130 cellularCallRegister->ReportSetImsFeatureResult(result); 131} 132 133void ReportSetImsConfigResult(const uint8_t *data, size_t size) 134{ 135 if (!IsServiceInited()) { 136 return; 137 } 138 139 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance(); 140 int32_t result = static_cast<int32_t>(size % BOOL_NUM); 141 GetImsFeatureValueResponse getImsFeatureValueResponse; 142 getImsFeatureValueResponse.result = static_cast<int32_t>(size); 143 getImsFeatureValueResponse.value = static_cast<int32_t>(size); 144 GetLteEnhanceModeResponse getLteEnhanceModeResponse; 145 getLteEnhanceModeResponse.result = static_cast<int32_t>(size); 146 getLteEnhanceModeResponse.value = static_cast<int32_t>(size); 147 DisconnectedDetails details; 148 std::string number(reinterpret_cast<const char *>(data), size); 149 details.message = number; 150 details.reason = static_cast<DisconnectedReason>(size); 151 MuteControlResponse muteControlResponse; 152 muteControlResponse.result = static_cast<int32_t>(size); 153 muteControlResponse.value = static_cast<int32_t>(size); 154 SetEccListResponse setEccListResponse; 155 setEccListResponse.result = static_cast<int32_t>(size); 156 setEccListResponse.value = static_cast<int32_t>(size); 157 MmiCodeInfo mmiCodeInfo; 158 mmiCodeInfo.result = static_cast<int32_t>(size); 159 int32_t length = number.length() > kMaxNumberLen ? kMaxNumberLen : number.length(); 160 if (memcpy_s(mmiCodeInfo.message, kMaxNumberLen, number.c_str(), length) != EOK) { 161 return; 162 } 163 164 cellularCallRegister->ReportGetImsFeatureResult(getImsFeatureValueResponse); 165 cellularCallRegister->ReportCallRingBackResult(result); 166 cellularCallRegister->ReportCallFailReason(details); 167 cellularCallRegister->ReportGetMuteResult(muteControlResponse); 168 cellularCallRegister->ReportSetMuteResult(muteControlResponse); 169 cellularCallRegister->ReportInviteToConferenceResult(result); 170 cellularCallRegister->ReportGetCallDataResult(result); 171 cellularCallRegister->ReportStartDtmfResult(result); 172 cellularCallRegister->ReportStopDtmfResult(result); 173 cellularCallRegister->ReportStartRttResult(result); 174 cellularCallRegister->ReportStopRttResult(result); 175 cellularCallRegister->ReportSendUssdResult(result); 176 cellularCallRegister->ReportMmiCodeResult(mmiCodeInfo); 177 cellularCallRegister->ReportSetEmergencyCallListResponse(setEccListResponse); 178 cellularCallRegister->IsCallManagerCallBackRegistered(); 179} 180 181void ReportUpdateCallMediaMode(const uint8_t *data, size_t size) 182{ 183 if (!IsServiceInited()) { 184 return; 185 } 186 187 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance(); 188 ImsCallModeReceiveInfo reportCallModeInfo; 189 reportCallModeInfo.callIndex = static_cast<int32_t>(size); 190 reportCallModeInfo.result = static_cast<ImsCallModeRequestResult>(size); 191 reportCallModeInfo.callType = static_cast<ImsCallType>(static_cast<int32_t>(size % BOOL_NUM)); 192 int32_t slotId = static_cast<int32_t>(size % SLOT_NUM); 193 cellularCallRegister->ReceiveUpdateCallMediaModeRequest(slotId, reportCallModeInfo); 194 cellularCallRegister->ReceiveUpdateCallMediaModeResponse(slotId, reportCallModeInfo); 195} 196 197void ReportCallSessionEventChanged(const uint8_t *data, size_t size) 198{ 199 if (!IsServiceInited()) { 200 return; 201 } 202 203 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance(); 204 ImsCallSessionEventInfo reportCallSessionInfo; 205 reportCallSessionInfo.callIndex = static_cast<int32_t>(size); 206 reportCallSessionInfo.eventType = static_cast<VideoCallEventType>(static_cast<int32_t>(size % BOOL_NUM)); 207 cellularCallRegister->HandleCallSessionEventChanged(reportCallSessionInfo); 208} 209 210void ReportPeerDimensionsChanged(const uint8_t *data, size_t size) 211{ 212 if (!IsServiceInited()) { 213 return; 214 } 215 216 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance(); 217 ImsCallPeerDimensionsInfo reportCallPeerDimensionsInfo; 218 reportCallPeerDimensionsInfo.callIndex = static_cast<int32_t>(size); 219 reportCallPeerDimensionsInfo.width = static_cast<int32_t>(size); 220 reportCallPeerDimensionsInfo.height = static_cast<int32_t>(size); 221 cellularCallRegister->HandlePeerDimensionsChanged(reportCallPeerDimensionsInfo); 222} 223 224void ReportCallDataUsageChanged(const uint8_t *data, size_t size) 225{ 226 if (!IsServiceInited()) { 227 return; 228 } 229 230 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance(); 231 ImsCallDataUsageInfo reportCallDataUsageInfo; 232 reportCallDataUsageInfo.callIndex = static_cast<int32_t>(size); 233 reportCallDataUsageInfo.dataUsage = static_cast<int64_t>(size); 234 cellularCallRegister->HandleCallDataUsageChanged(reportCallDataUsageInfo); 235} 236 237void ReportCameraCapabilitiesChanged(const uint8_t *data, size_t size) 238{ 239 if (!IsServiceInited()) { 240 return; 241 } 242 243 std::shared_ptr<CellularCallRegister> cellularCallRegister = DelayedSingleton<CellularCallRegister>::GetInstance(); 244 CameraCapabilitiesInfo reportCameraCapabilitiesInfo; 245 reportCameraCapabilitiesInfo.callIndex = static_cast<int32_t>(size); 246 reportCameraCapabilitiesInfo.width = static_cast<int32_t>(size); 247 reportCameraCapabilitiesInfo.height = static_cast<int32_t>(size); 248 cellularCallRegister->HandleCameraCapabilitiesChanged(reportCameraCapabilitiesInfo); 249} 250 251void DoSomethingInterestingWithMyAPI(const uint8_t *data, size_t size) 252{ 253 if (data == nullptr || size == 0) { 254 return; 255 } 256 257 ReportCallsInfo(data, size); 258 ReportSetRestrictionResult(data, size); 259 ReportSetImsConfigResult(data, size); 260 ReportUpdateCallMediaMode(data, size); 261 ReportCallSessionEventChanged(data, size); 262 ReportPeerDimensionsChanged(data, size); 263 ReportCallDataUsageChanged(data, size); 264 ReportCameraCapabilitiesChanged(data, size); 265} 266} // namespace OHOS 267 268/* Fuzzer entry point */ 269extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) 270{ 271 OHOS::AddCellularCallTokenFuzzer token; 272 /* Run your code on data */ 273 OHOS::DoSomethingInterestingWithMyAPI(data, size); 274 return 0; 275} 276