diff options
author | Varun Praveen Goyal <varun.goyal@ittiam.com> | 2022-06-17 21:07:50 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2022-06-17 21:07:50 +0000 |
commit | 6b23b25f04a25e51b304ff09429ec78c2a4af07e (patch) | |
tree | 1760f32d9699cde8ec89575082d737c309c2520a | |
parent | d4306920c43422ad47aee1c1f5df11a9fd08ea00 (diff) | |
parent | 5076de2811ff0c726fcb08e7583388f3d8a809b0 (diff) | |
download | cts-6b23b25f04a25e51b304ff09429ec78c2a4af07e.tar.gz |
CTS test for Android Security b/228315522 am: 35f75a622f am: d2b70624f5 am: 7e2e2ef6e5 am: 828d6d8771 am: c79e578f3a am: 5076de2811
Original change: https://googleplex-android-review.googlesource.com/c/platform/cts/+/18871682
Change-Id: I66861f417cdc56f864589e73da547b83c6c6abb8
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
7 files changed, 320 insertions, 0 deletions
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20349.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20349.java new file mode 100644 index 00000000000..c4f52254d66 --- /dev/null +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20349.java @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts; + +import static org.junit.Assume.assumeNoException; + +import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.tradefed.device.ITestDevice; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + +import org.junit.Test; +import org.junit.runner.RunWith; + +@RunWith(DeviceJUnit4ClassRunner.class) +public class CVE_2022_20349 extends StsExtraBusinessLogicHostTestBase { + static final String TEST_PKG = "android.security.cts.CVE_2022_20349"; + public static final String TEST_DEVICE_ADMIN_RECEIVER = ".PocDeviceAdminReceiver"; + + @AsbSecurityTest(cveBugId = 228315522) + @Test + public void testPocCVE_2022_20349() throws Exception { + try { + ITestDevice device = getDevice(); + + /* Wake up the screen */ + AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device); + AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device); + + /* Install the test application */ + installPackage("CVE-2022-20349.apk"); + + /* Set Device Admin Component */ + AdbUtils.runCommandLine( + "dpm set-device-owner '" + TEST_PKG + "/" + TEST_DEVICE_ADMIN_RECEIVER + "'", + device); + + /* Run the test "testBluetoothScanningDisallowed" */ + runDeviceTests(TEST_PKG, TEST_PKG + ".DeviceTest", "testBluetoothScanningDisallowed"); + } catch (Exception e) { + assumeNoException(e); + } + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/Android.bp new file mode 100644 index 00000000000..2accd9e4dc7 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/Android.bp @@ -0,0 +1,39 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +android_test_helper_app { + name: "CVE-2022-20349", + defaults: [ + "cts_support_defaults", + ], + srcs: [ + "src/**/*.java", + ], + test_suites: [ + "sts", + ], + static_libs: [ + "androidx.test.core", + "androidx.test.rules", + "androidx.test.uiautomator_uiautomator", + ], + sdk_version: "current", +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/AndroidManifest.xml new file mode 100644 index 00000000000..a59d1d14fd4 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/AndroidManifest.xml @@ -0,0 +1,35 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + package="android.security.cts.CVE_2022_20349" + android:versionCode="1" + android:versionName="1.0"> + <application> + <receiver android:name=".PocDeviceAdminReceiver" + android:permission="android.permission.BIND_DEVICE_ADMIN" + android:exported="true"> + <meta-data android:name="android.app.device_admin" + android:resource="@xml/device_policies" /> + <intent-filter> + <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" /> + </intent-filter> + </receiver> + </application> + + <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner" + android:targetPackage="android.security.cts.CVE_2022_20349" /> +</manifest> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/res/values/strings.xml new file mode 100644 index 00000000000..78fc6ccef47 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/res/values/strings.xml @@ -0,0 +1,26 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<resources> + <string name="btScanningPattern">.*bluetooth scanning.*</string> + <string name="btScanningTimedOut">Timed out waiting on the text \'Bluetooth scanning\' to appear + </string> + <string name="failMsg">Device is vulnerable to b/228315522 !!</string> + <string name="locationIntentAction">android.settings.LOCATION_SCANNING_SETTINGS</string> + <string name="resBtScanning">android:id/title</string> + <string name="setUserRestrictionFailed">Failed to set user restriction + UserManager.DISALLOW_CONFIG_LOCATION</string> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/res/xml/device_policies.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/res/xml/device_policies.xml new file mode 100644 index 00000000000..65ce601d65f --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/res/xml/device_policies.xml @@ -0,0 +1,20 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<device-admin xmlns:android="http://schemas.android.com/apk/res/android"> + <uses-policies> + </uses-policies> +</device-admin> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/src/android/security/cts/CVE_2022_20349/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/src/android/security/cts/CVE_2022_20349/DeviceTest.java new file mode 100644 index 00000000000..b5083e9671f --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/src/android/security/cts/CVE_2022_20349/DeviceTest.java @@ -0,0 +1,118 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2022_20349; + +import static androidx.test.core.app.ApplicationProvider.getApplicationContext; +import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assume.assumeNoException; +import static org.junit.Assume.assumeTrue; + +import android.app.admin.DevicePolicyManager; +import android.content.ComponentName; +import android.content.Context; +import android.content.Intent; +import android.os.UserManager; + +import androidx.test.runner.AndroidJUnit4; +import androidx.test.uiautomator.By; +import androidx.test.uiautomator.UiDevice; +import androidx.test.uiautomator.UiObject2; +import androidx.test.uiautomator.Until; + +import org.junit.After; +import org.junit.Test; +import org.junit.runner.RunWith; + +import java.util.regex.Pattern; + +@RunWith(AndroidJUnit4.class) +public class DeviceTest { + Context mContext; + UiDevice mDevice; + DevicePolicyManager mDevicePolicyManager; + ComponentName mComponentName; + static final String USER_RESTRICTION = UserManager.DISALLOW_CONFIG_LOCATION; + static final int UI_TIMEOUT_MS = 5000; + + String getStringRes(int key) { + return mContext.getResources().getString(key); + } + + int getIntegerRes(int key) { + return mContext.getResources().getInteger(key); + } + + @After + public void tearDown() { + try { + /* Return to home screen after test */ + mDevice.pressHome(); + + /* + * Clear user restriction "DISALLOW_CONFIG_LOCATION" set by the test and also clear the + * app as device owner. + */ + mDevicePolicyManager.clearUserRestriction(mComponentName, USER_RESTRICTION); + mDevicePolicyManager.clearDeviceOwnerApp(mContext.getPackageName()); + } catch (Exception e) { + // ignore the exception as the test is already complete + } + } + + @Test + public void testBluetoothScanningDisallowed() { + try { + mDevice = UiDevice.getInstance(getInstrumentation()); + mContext = getApplicationContext(); + mDevicePolicyManager = + mContext.getSystemService(DevicePolicyManager.class); + mComponentName = + new ComponentName(PocDeviceAdminReceiver.class.getPackage().getName(), + PocDeviceAdminReceiver.class.getName()); + mDevicePolicyManager.addUserRestriction(mComponentName, USER_RESTRICTION); + UserManager userManager = mContext.getSystemService(UserManager.class); + assumeTrue(getStringRes(R.string.setUserRestrictionFailed), + userManager.getUserRestrictions().getBoolean(USER_RESTRICTION)); + + /* Start the window that contains option to toggle "Bluetooth scanning" on/off */ + Intent intent = new Intent(getStringRes(R.string.locationIntentAction)); + intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); + mContext.startActivity(intent); + + /* Wait for the window that contains option to toggle "Bluetooth scanning" */ + Pattern btScanningPattern = Pattern.compile(getStringRes(R.string.btScanningPattern), + Pattern.CASE_INSENSITIVE); + boolean btScanningFound = mDevice.wait( + Until.hasObject( + By.text(btScanningPattern).res(getStringRes(R.string.resBtScanning))), + UI_TIMEOUT_MS); + assumeTrue(getStringRes(R.string.btScanningTimedOut), btScanningFound); + + /* + * Check if the toggle "Bluetooth scanning" is enabled, it is supposed to be disabled by + * the Device Admin in presence of fix + */ + UiObject2 btScanningToggle = mDevice.findObject( + By.text(btScanningPattern).res(getStringRes(R.string.resBtScanning))); + assertFalse(getStringRes(R.string.failMsg), btScanningToggle.isEnabled()); + } catch (Exception e) { + assumeNoException(e); + } + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/src/android/security/cts/CVE_2022_20349/PocDeviceAdminReceiver.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/src/android/security/cts/CVE_2022_20349/PocDeviceAdminReceiver.java new file mode 100644 index 00000000000..145307126e7 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20349/src/android/security/cts/CVE_2022_20349/PocDeviceAdminReceiver.java @@ -0,0 +1,22 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2022_20349; + +import android.app.admin.DeviceAdminReceiver; + +public class PocDeviceAdminReceiver extends DeviceAdminReceiver { +} |