diff options
author | TreeHugger Robot <treehugger-gerrit@google.com> | 2022-04-11 10:50:09 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2022-04-11 10:50:09 +0000 |
commit | 132379c86698ef07b7e2188b4d7f39d5db9fb416 (patch) | |
tree | d8a5dfab9a7b3a61d00fe7268ecd177babde20a5 | |
parent | b7e127880ff97ed88e9f3131199dd6b06ffa1dd4 (diff) | |
parent | 08ad0ca063197849c0b119ac89a3775009cb54b1 (diff) | |
download | cts-132379c86698ef07b7e2188b4d7f39d5db9fb416.tar.gz |
Merge "CTS test for Android Security b/153995334" into qt-dev am: fcd8ef14d1 am: 29eb0b332b am: d2f918c467 am: 08ad0ca063
Original change: https://googleplex-android-review.googlesource.com/c/platform/cts/+/17397447
Change-Id: Ia9acc1bbe6854219bee66f9ae715f776c8640919
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
4 files changed, 165 insertions, 0 deletions
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0448.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0448.java new file mode 100644 index 00000000000..27e202cf759 --- /dev/null +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_0448.java @@ -0,0 +1,52 @@ +/** + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts; + +import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.tradefed.device.ITestDevice; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; + +@RunWith(DeviceJUnit4ClassRunner.class) +public class CVE_2020_0448 extends StsExtraBusinessLogicHostTestBase { + + static final String TEST_APP = "CVE-2020-0448.apk"; + static final String TEST_PKG = "android.security.cts.CVE_2020_0448"; + static final String TEST_CLASS = TEST_PKG + "." + "DeviceTest"; + + /** + * b/153995334 + */ + @AsbSecurityTest(cveBugId = 153995334) + @Test + public void testPocCVE_2020_0448() throws Exception { + ITestDevice device = getDevice(); + uninstallPackage(device, TEST_PKG); + + AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device); + + installPackage(TEST_APP); + Assert.assertTrue(runDeviceTests(TEST_PKG, TEST_CLASS, "testCVE_2020_0448")); + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2020-0448/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2020-0448/Android.bp new file mode 100644 index 00000000000..bbf8e6f81e6 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2020-0448/Android.bp @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +android_test_helper_app { + name: "CVE-2020-0448", + defaults: [ + "cts_support_defaults", + ], + srcs: [ + "src/**/*.java", + ], + test_suites: [ + "sts", + ], + static_libs: [ + "androidx.test.core", + "androidx.test.rules", + ], +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2020-0448/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2020-0448/AndroidManifest.xml new file mode 100644 index 00000000000..af715b6a64b --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2020-0448/AndroidManifest.xml @@ -0,0 +1,24 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + package="android.security.cts.CVE_2020_0448" + android:versionCode="1" + android:versionName="1.0"> + <instrumentation + android:name="androidx.test.runner.AndroidJUnitRunner" + android:targetPackage="android.security.cts.CVE_2020_0448" /> +</manifest> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2020-0448/src/android/security/cts/CVE_2020_0448/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2020-0448/src/android/security/cts/CVE_2020_0448/DeviceTest.java new file mode 100644 index 00000000000..46dc3e93844 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2020-0448/src/android/security/cts/CVE_2020_0448/DeviceTest.java @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2020_0448; + +import static androidx.test.core.app.ApplicationProvider.getApplicationContext; +import static org.junit.Assert.fail; +import static org.junit.Assume.assumeNoException; +import static org.junit.Assume.assumeNotNull; + +import android.content.Context; + +import androidx.test.runner.AndroidJUnit4; + +import org.junit.Test; +import org.junit.runner.RunWith; + +import android.telecom.TelecomManager; + +@RunWith(AndroidJUnit4.class) +public class DeviceTest { + + @Test + public void testCVE_2020_0448() { + Context context = getApplicationContext(); + assumeNotNull(context); + final TelecomManager manager = context.getSystemService(TelecomManager.class); + assumeNotNull(manager); + try { + manager.getPhoneAccountsForPackage(); + } catch (Exception e) { + if (e instanceof SecurityException) { + return; + } + assumeNoException(e); + } + fail("Vulnerable to b/153995334"); + } +} |