diff options
author | Hall Liu <hallliu@google.com> | 2019-11-08 17:25:33 -0800 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2019-11-08 17:25:33 -0800 |
commit | c290f08377fcc999ba9e9719567cc1cbc8537b9a (patch) | |
tree | 52663fa1814fcc5258cd6846cf45ecd40dd47aa3 | |
parent | 6a9ce27e32ec8642732aac712a750d84f5fe93f3 (diff) | |
parent | 7fdb221eebffa80c1879e0a52c8e905aec04862a (diff) | |
download | cts-c290f08377fcc999ba9e9719567cc1cbc8537b9a.tar.gz |
Merge changes from topic "tp-master-security"
am: 7fdb221eeb
Change-Id: I197de96e9aa99d27847f32aade8f2f0d8913c880
-rw-r--r-- | tests/tests/telephonyprovider/src/android/telephonyprovider/cts/TelephonyProviderTest.java | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/tests/tests/telephonyprovider/src/android/telephonyprovider/cts/TelephonyProviderTest.java b/tests/tests/telephonyprovider/src/android/telephonyprovider/cts/TelephonyProviderTest.java index f79439b65c2..79337916ac4 100644 --- a/tests/tests/telephonyprovider/src/android/telephonyprovider/cts/TelephonyProviderTest.java +++ b/tests/tests/telephonyprovider/src/android/telephonyprovider/cts/TelephonyProviderTest.java @@ -41,14 +41,20 @@ public class TelephonyProviderTest extends InstrumentationTestCase { // In JB MR1 access to the TelephonyProvider's Carriers table was clamped down and would // throw a SecurityException when queried. That was fixed in JB MR2. Verify that 3rd parties // can access the APN info the carriers table, after JB MR1. + + // However, in R, a security bug was discovered that let apps read the password by querying + // multiple times and matching passwords against a regex in the query. Due to this hole, we're + // locking down the API and no longer allowing the exception. Accordingly, the behavior of this + // test is now reversed and we expect a SecurityException to be thrown. public void testAccessToApns() { try { String selection = Carriers.CURRENT + " IS NOT NULL"; String[] selectionArgs = null; Cursor cursor = mContentResolver.query(Carriers.CONTENT_URI, APN_PROJECTION, selection, selectionArgs, null); + fail("No SecurityException thrown"); } catch (SecurityException e) { - fail("No access to current APN"); + // expected } } } |