diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-03-30 23:01:00 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2022-03-30 23:01:00 +0000 |
commit | 0b9ea1041910fb5e0aa747a766e1a46b6aa77703 (patch) | |
tree | b6eb478418ad4c452a1f91e515d13b375b12b981 | |
parent | 1ac8058f39555f2c39efe0e0ba7e2aef5b2d3547 (diff) | |
parent | d7dd82fb5bdba73f0abaeef9342635a4f23db999 (diff) | |
download | cts-0b9ea1041910fb5e0aa747a766e1a46b6aa77703.tar.gz |
Snap for 8385304 from d7dd82fb5bdba73f0abaeef9342635a4f23db999 to sc-qpr3-release
Change-Id: Id1b8bc9372e45f3f9428876e6cacaba9c08d2539
6 files changed, 175 insertions, 1 deletions
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39810.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39810.java new file mode 100644 index 00000000000..f9520824b26 --- /dev/null +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39810.java @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assume.assumeNoException; + +import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + +import org.junit.Test; +import org.junit.runner.RunWith; + +@RunWith(DeviceJUnit4ClassRunner.class) +public class CVE_2021_39810 extends StsExtraBusinessLogicHostTestBase { + + @AsbSecurityTest(cveBugId = 212610736) + @Test + public void testPocCVE_2021_39810() { + try { + // clearing default payment app component if already set + AdbUtils.runCommandLine("settings put secure nfc_payment_default_component null", + getDevice()); + installPackage("CVE-2021-39810.apk"); + String defaultComponent = AdbUtils.runCommandLine( + "settings get secure nfc_payment_default_component", getDevice()); + AdbUtils.runCommandLine("settings put secure nfc_payment_default_component null", + getDevice()); + assertFalse("Vulnerable to 212610736! Setting default payment app without user consent", + defaultComponent.contains("PocService")); + } catch (Exception e) { + // assumption failure if a generic exception is thrown by AdbUtils.runCommandLine() + assumeNoException(e); + } + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39810/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2021-39810/Android.bp new file mode 100644 index 00000000000..9a11e88e648 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39810/Android.bp @@ -0,0 +1,33 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +android_test_helper_app { + name: "CVE-2021-39810", + defaults: [ + "cts_support_defaults", + ], + srcs: [ + "src/**/*.java", + ], + test_suites: [ + "sts", + ], + sdk_version: "current", +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39810/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39810/AndroidManifest.xml new file mode 100644 index 00000000000..3bdc38db5c7 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39810/AndroidManifest.xml @@ -0,0 +1,37 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + package="android.security.cts.CVE_2021_39810" + android:versionCode="1" + android:versionName="1.0"> + <uses-permission android:name="android.permission.NFC"/> + <application + android:label="CVE-2021-39810" + android:supportsRtl="true"> + <service + android:name=".PocService" + android:exported="true" + android:permission="android.permission.BIND_NFC_SERVICE"> + <intent-filter> + <action android:name="android.nfc.cardemulation.action.HOST_APDU_SERVICE"/> + </intent-filter> + <meta-data android:name="android.nfc.cardemulation.host_apdu_service" + android:resource="@xml/aid_list"/> + </service> + </application> +</manifest> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39810/res/xml/aid_list.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39810/res/xml/aid_list.xml new file mode 100644 index 00000000000..89833813b98 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39810/res/xml/aid_list.xml @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<host-apdu-service xmlns:android="http://schemas.android.com/apk/res/android" + android:requireDeviceUnlock="false"> + <aid-group android:category="payment"> + <aid-filter android:name="325041592E5359532E4444463031" /> + </aid-group> +</host-apdu-service> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39810/src/android/security/cts/CVE_2021_39810/PocService.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39810/src/android/security/cts/CVE_2021_39810/PocService.java new file mode 100644 index 00000000000..e8e20851f3e --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39810/src/android/security/cts/CVE_2021_39810/PocService.java @@ -0,0 +1,29 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2021_39810; + +import android.app.Service; +import android.content.Intent; +import android.os.IBinder; + +public class PocService extends Service { + + @Override + public IBinder onBind(Intent intent) { + return null; + } +} diff --git a/tests/tests/security/src/android/security/cts/AndroidFutureTest.java b/tests/tests/security/src/android/security/cts/AndroidFutureTest.java index 1deafdde4f1..ca85b651cc6 100644 --- a/tests/tests/security/src/android/security/cts/AndroidFutureTest.java +++ b/tests/tests/security/src/android/security/cts/AndroidFutureTest.java @@ -37,7 +37,7 @@ import java.lang.reflect.Field; @RunWith(AndroidJUnit4.class) public class AndroidFutureTest extends StsExtraBusinessLogicTestCase { - @AsbSecurityTest(cveBugId = 186530450) + @AsbSecurityTest(cveBugId = 197228210) @Test public void testAndroidFutureReadThrowable() throws Exception { String filePath = "/data/system/" + System.currentTimeMillis(); |