diff options
author | TreeHugger Robot <treehugger-gerrit@google.com> | 2022-09-05 16:52:38 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2022-09-05 16:52:38 +0000 |
commit | d81b94deffbe64b2cf4f1d46e1f31c9436d8bdc0 (patch) | |
tree | 7a3121920fb35b0900bdc99d95f2aa48d17bf878 | |
parent | 419095c09c466c0a9cb8423c0633894b08905275 (diff) | |
parent | d806c76f5e63e6a95173a7132bc091ee42a88d7a (diff) | |
download | cts-d81b94deffbe64b2cf4f1d46e1f31c9436d8bdc0.tar.gz |
Merge "CTS test for Android Security b/208279300" into qt-dev am: 5dfff4294f am: d51559b2b2 am: d806c76f5e
Original change: https://googleplex-android-review.googlesource.com/c/platform/cts/+/19654308
Change-Id: I4c133df5829e8d446fb70c64558989270c8ddd53
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
5 files changed, 203 insertions, 0 deletions
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20197.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20197.java new file mode 100644 index 00000000000..ebfed1a4523 --- /dev/null +++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20197.java @@ -0,0 +1,71 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts; + +import static org.junit.Assume.assumeNoException; + +import android.platform.test.annotations.AsbSecurityTest; + +import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase; +import com.android.tradefed.device.ITestDevice; +import com.android.tradefed.testtype.DeviceJUnit4ClassRunner; + +import org.junit.Test; +import org.junit.runner.RunWith; + + +@RunWith(DeviceJUnit4ClassRunner.class) +public class CVE_2022_20197 extends StsExtraBusinessLogicHostTestBase { + private static final String TEST_PKG = "android.security.cts.CVE_2022_20197"; + + @AsbSecurityTest(cveBugId = 208279300) + @Test + public void testPocCVE_2022_20197() { + ITestDevice device = null; + boolean isPolicyPresent = true; + boolean isHiddenApiEnabled = true; + String status = ""; + try { + device = getDevice(); + installPackage("CVE-2022-20197.apk"); + + status = AdbUtils.runCommandLine("settings get global hidden_api_policy", device); + if (status.toLowerCase().contains("null")) { + isPolicyPresent = false; + } else if (!status.toLowerCase().contains("1")) { + isHiddenApiEnabled = false; + } + if (!isPolicyPresent || !isHiddenApiEnabled) { + AdbUtils.runCommandLine("settings put global hidden_api_policy 1", device); + } + runDeviceTests(TEST_PKG, TEST_PKG + ".DeviceTest", "testParcel"); + } catch (Exception e) { + assumeNoException(e); + } finally { + try { + if (!isPolicyPresent) { + AdbUtils.runCommandLine("settings delete global hidden_api_policy", device); + } else if (!isHiddenApiEnabled) { + AdbUtils.runCommandLine("settings put global hidden_api_policy " + status, + device); + } + } catch (Exception e) { + // ignore all exceptions. + } + } + } +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/Android.bp new file mode 100644 index 00000000000..582076e2d23 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/Android.bp @@ -0,0 +1,38 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package { + default_applicable_licenses: ["Android-Apache-2.0"], +} + +android_test_helper_app { + name: "CVE-2022-20197", + defaults: [ + "cts_support_defaults", + ], + srcs: [ + "src/**/*.java", + ], + test_suites: [ + "sts", + ], + static_libs: [ + "androidx.test.rules", + "androidx.test.core", + ], + platform_apis: true, +} diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/AndroidManifest.xml new file mode 100644 index 00000000000..3ea2a62f7bc --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/AndroidManifest.xml @@ -0,0 +1,24 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<manifest xmlns:android="http://schemas.android.com/apk/res/android" + xmlns:tools="http://schemas.android.com/tools" + package="android.security.cts.CVE_2022_20197"> + + <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner" + android:targetPackage="android.security.cts.CVE_2022_20197" /> +</manifest> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/res/values/strings.xml new file mode 100644 index 00000000000..c9a9407b3da --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/res/values/strings.xml @@ -0,0 +1,21 @@ +<?xml version="1.0" encoding="utf-8"?> +<!-- + Copyright 2022 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<resources> + <string name="vulnerableMsg">Device is vulnerable to b/208279300!</string> + <string name="stringObj">CVE_2022_20197</string> +</resources> diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/src/android/security/cts/CVE_2022_20197/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/src/android/security/cts/CVE_2022_20197/DeviceTest.java new file mode 100644 index 00000000000..a7b56187d47 --- /dev/null +++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20197/src/android/security/cts/CVE_2022_20197/DeviceTest.java @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.cts.CVE_2022_20197; + +import static androidx.test.core.app.ApplicationProvider.getApplicationContext; +import static org.junit.Assert.assertNull; +import static org.junit.Assume.assumeNoException; + +import android.app.PendingIntent; +import android.content.res.Resources; +import android.os.Parcel; + +import androidx.test.runner.AndroidJUnit4; + +import org.junit.Test; +import org.junit.runner.RunWith; + +@RunWith(AndroidJUnit4.class) +public class DeviceTest { + + @Test + public void testParcel() { + try { + Resources resources = getApplicationContext().getResources(); + Parcel parcel = Parcel.obtain(); + Object cookie = (Object) resources.getString(R.string.stringObj); + parcel.setClassCookie(PendingIntent.class, cookie); + parcel.recycle(); + Object value = parcel.getClassCookie(PendingIntent.class); + assertNull(resources.getString(R.string.vulnerableMsg), value); + } catch (Exception e) { + assumeNoException(e); + } + } +} |