diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-12-02 13:29:12 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-12-02 13:29:12 +0000 |
commit | c89798cdadc0d18dc3fc1e498b4a9362383969c6 (patch) | |
tree | af7b907458187e4ea58d6c5ee0894ef30ccec08e | |
parent | b8c67399e56856dbcbb783a06de45270b2ff0922 (diff) | |
parent | d9a6b3a69688224a4c650b4533a674319ef81ee7 (diff) | |
download | cts-c89798cdadc0d18dc3fc1e498b4a9362383969c6.tar.gz |
Snap for 9362339 from d9a6b3a69688224a4c650b4533a674319ef81ee7 to mainline-adservices-releaseaml_ads_331511020aml_ads_331418080
Change-Id: I8411d7b2610e6ae31a04b4d5bafe9e4271a7cb28
-rw-r--r-- | tests/PhotoPicker/src/android/photopicker/cts/RemoteVideoPreviewTest.java | 4 | ||||
-rw-r--r-- | tests/tests/security/res/raw/cve_2022_33234.mkv | bin | 0 -> 38048 bytes | |||
-rw-r--r-- | tests/tests/security/src/android/security/cts/CVE_2022_20482.java | 107 | ||||
-rw-r--r-- | tests/tests/security/src/android/security/cts/StagefrightTest.java | 6 |
4 files changed, 117 insertions, 0 deletions
diff --git a/tests/PhotoPicker/src/android/photopicker/cts/RemoteVideoPreviewTest.java b/tests/PhotoPicker/src/android/photopicker/cts/RemoteVideoPreviewTest.java index 7f4f7a62d9f..10142e81ed2 100644 --- a/tests/PhotoPicker/src/android/photopicker/cts/RemoteVideoPreviewTest.java +++ b/tests/PhotoPicker/src/android/photopicker/cts/RemoteVideoPreviewTest.java @@ -52,6 +52,7 @@ import androidx.test.uiautomator.UiSelector; import org.junit.After; import org.junit.Before; +import org.junit.Ignore; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.InOrder; @@ -111,6 +112,7 @@ public class RemoteVideoPreviewTest extends PhotoPickerBaseTest { } @Test + @Ignore("Re-enable once b/223224727 is fixed") public void testBasicVideoPreview() throws Exception { initCloudProviderWithVideo(Arrays.asList(Pair.create(null, CLOUD_ID1))); @@ -143,6 +145,7 @@ public class RemoteVideoPreviewTest extends PhotoPickerBaseTest { } @Test + @Ignore("Re-enable once b/223224727 is fixed") public void testSwipeAdjacentVideoPreview() throws Exception { initCloudProviderWithVideo( Arrays.asList(Pair.create(null, CLOUD_ID1), Pair.create(null, CLOUD_ID2))); @@ -176,6 +179,7 @@ public class RemoteVideoPreviewTest extends PhotoPickerBaseTest { } @Test + @Ignore("Re-enable once b/223224727 is fixed") public void testSwipeImageVideoPreview() throws Exception { initCloudProviderWithImage(Arrays.asList(Pair.create(null, CLOUD_ID1))); initCloudProviderWithVideo(Arrays.asList(Pair.create(null, CLOUD_ID2))); diff --git a/tests/tests/security/res/raw/cve_2022_33234.mkv b/tests/tests/security/res/raw/cve_2022_33234.mkv Binary files differnew file mode 100644 index 00000000000..752e3cd749b --- /dev/null +++ b/tests/tests/security/res/raw/cve_2022_33234.mkv diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20482.java b/tests/tests/security/src/android/security/cts/CVE_2022_20482.java new file mode 100644 index 00000000000..a0df88cdffe --- /dev/null +++ b/tests/tests/security/src/android/security/cts/CVE_2022_20482.java @@ -0,0 +1,107 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts; + +import static androidx.test.core.app.ApplicationProvider.getApplicationContext; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assume.assumeNoException; + +import android.app.NotificationChannel; +import android.app.NotificationManager; +import android.content.Context; +import android.platform.test.annotations.AsbSecurityTest; + +import androidx.test.runner.AndroidJUnit4; + +import com.android.sts.common.util.StsExtraBusinessLogicTestCase; + +import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.ArrayList; + +@RunWith(AndroidJUnit4.class) +public class CVE_2022_20482 extends StsExtraBusinessLogicTestCase { + + /** + * b/240422263 + * Vulnerable library : services.jar + * Vulnerable module : Not applicable + * Is Play managed : No + */ + @AsbSecurityTest(cveBugId = 240422263) + @Test + public void testPocCVE_2022_20482() { + final int notificationChannelLimit = 10000; // 2 * NOTIFICATION_CHANNEL_COUNT_LIMIT + final String notificationChannelId = "NotificationChannelId"; + final String notificationChannelName = "NotificationChannelName"; + boolean isVulnerable = true; + int notificationChannelCount = 0; + NotificationManager notificationManager = null; + ArrayList<String> notificationChannelIds = new ArrayList<>(); + try { + Context context = getApplicationContext(); + notificationManager = context.getSystemService(NotificationManager.class); + + // Store total number of notification channels present before test run + notificationChannelCount = notificationManager.getNotificationChannels().size(); + + // Create 'notificationChannelLimit' notification channels + for (int i = 0; i < notificationChannelLimit; ++i) { + String uniqueNotificationChannelId = notificationChannelId + i; + NotificationChannel notificationChannel = + new NotificationChannel(uniqueNotificationChannelId, + notificationChannelName, NotificationManager.IMPORTANCE_DEFAULT); + + // Create notification channel + notificationManager.createNotificationChannel(notificationChannel); + + // Add notification channel id in list(for deleting notification channel later) + notificationChannelIds.add(uniqueNotificationChannelId); + } + } catch (Exception e) { + isVulnerable = false; + if (!(e instanceof IllegalStateException) + || !e.getMessage().contains("Limit exceed; cannot create more channels")) { + assumeNoException("Unexpected exception occurred!", e); + } + } finally { + try { + // Retrieve total number of notification channels added by test so that the + // test fails only if all notification channels from test were added successfully + notificationChannelCount = notificationManager.getNotificationChannels().size() + - notificationChannelCount; + boolean flagAllNotificationChannelsAdded = + notificationChannelCount == notificationChannelLimit; + + // Delete notification channels created earlier + for (String id : notificationChannelIds) { + notificationManager.deleteNotificationChannel(id); + } + + // Fail if all notification channels from test were added successfully without + // any occurrence of IllegalStateException + assertFalse( + "Device is vulnerable to b/240422263! Permanent denial of service" + + " possible via NotificationManager#createNotificationChannel", + isVulnerable && flagAllNotificationChannelsAdded); + } catch (Exception ignoredException) { + } + } + } +} diff --git a/tests/tests/security/src/android/security/cts/StagefrightTest.java b/tests/tests/security/src/android/security/cts/StagefrightTest.java index 9fd10146c1c..4facc062759 100644 --- a/tests/tests/security/src/android/security/cts/StagefrightTest.java +++ b/tests/tests/security/src/android/security/cts/StagefrightTest.java @@ -1811,6 +1811,12 @@ public class StagefrightTest extends StsExtraBusinessLogicTestCase { before any existing test methods ***********************************************************/ @Test + @AsbSecurityTest(cveBugId = 240971780) + public void testStagefright_cve_2022_33234() throws Exception { + doStagefrightTest(R.raw.cve_2022_33234); + } + + @Test @AsbSecurityTest(cveBugId = 235102508) public void testStagefright_cve_2022_25669() throws Exception { doStagefrightTest(R.raw.cve_2022_25669); |