diff options
| author | Daniel Norman <danielnorman@google.com> | 2023-11-28 18:20:13 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2023-11-28 18:20:13 +0000 |
| commit | 8a5d2528d731eb6b93fb4738e9c7924989acf7fa (patch) | |
| tree | d02faa23ac43802988eddb6a6f9fb7b6972d7163 | |
| parent | 21e135c288e5d7427f020b020ae615ed1e79a669 (diff) | |
| parent | 5953647238291c484208f0a03cff9d74ed03e6eb (diff) | |
| download | cts-8a5d2528d731eb6b93fb4738e9c7924989acf7fa.tar.gz | |
Merge "RESTRICT AUTOMERGE Test that injecting to the input filter requires INJECT_EVENTS." into udc-dev
| -rw-r--r-- | tests/accessibility/AndroidTest.xml | 4 | ||||
| -rw-r--r-- | tests/accessibility/src/android/view/accessibility/cts/AccessibilityManagerTest.java | 37 |
2 files changed, 41 insertions, 0 deletions
diff --git a/tests/accessibility/AndroidTest.xml b/tests/accessibility/AndroidTest.xml index 50c779179b9..0ec90a03c74 100644 --- a/tests/accessibility/AndroidTest.xml +++ b/tests/accessibility/AndroidTest.xml @@ -24,6 +24,10 @@ <target_preparer class="com.android.tradefed.targetprep.RunCommandTargetPreparer"> <option name="run-command" value="cmd accessibility set-bind-instant-service-allowed true" /> <option name="teardown-command" value="cmd accessibility set-bind-instant-service-allowed false" /> + <!-- Enable hidden APIs to allow tests to use reflection, for security tests which + check reflection abuse. This must be set before installing the test app. --> + <option name="run-command" value="settings put global hidden_api_policy 1" /> + <option name="teardown-command" value="settings delete global hidden_api_policy" /> </target_preparer> <target_preparer class="com.android.tradefed.targetprep.suite.SuiteApkInstaller"> <option name="cleanup-apks" value="true" /> diff --git a/tests/accessibility/src/android/view/accessibility/cts/AccessibilityManagerTest.java b/tests/accessibility/src/android/view/accessibility/cts/AccessibilityManagerTest.java index 6c210583e47..1c8f6847705 100644 --- a/tests/accessibility/src/android/view/accessibility/cts/AccessibilityManagerTest.java +++ b/tests/accessibility/src/android/view/accessibility/cts/AccessibilityManagerTest.java @@ -18,12 +18,17 @@ package android.view.accessibility.cts; import static android.accessibility.cts.common.InstrumentedAccessibilityService.TIMEOUT_SERVICE_ENABLE; +import static com.google.common.truth.Truth.assertThat; + import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertSame; +import static org.junit.Assert.assertThrows; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; + +import android.Manifest; import android.accessibility.cts.common.AccessibilityDumpOnFailureRule; import android.accessibility.cts.common.InstrumentedAccessibilityService; import android.accessibility.cts.common.InstrumentedAccessibilityServiceTestRule; @@ -32,9 +37,12 @@ import android.app.Instrumentation; import android.app.Service; import android.app.UiAutomation; import android.content.Context; +import android.content.pm.PackageManager; import android.content.pm.ServiceInfo; import android.os.Handler; import android.platform.test.annotations.AsbSecurityTest; +import android.view.InputEvent; +import android.view.MotionEvent; import android.view.accessibility.AccessibilityEvent; import android.view.accessibility.AccessibilityManager; import android.view.accessibility.AccessibilityManager.AccessibilityServicesStateChangeListener; @@ -58,6 +66,9 @@ import org.junit.rules.RuleChain; import org.junit.runner.RunWith; import java.io.IOException; +import java.lang.reflect.Field; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; import java.util.List; import java.util.concurrent.atomic.AtomicBoolean; @@ -202,6 +213,32 @@ public class AccessibilityManagerTest extends StsExtraBusinessLogicTestCase { assertFalse(mAccessibilityManager.removeAccessibilityServicesStateChangeListener(listener)); } + @AsbSecurityTest(cveBugId = {309426390}) + @Test + public void testInjectInputEventToInputFilter_throwsWithoutInjectEventsPermission() + throws Exception { + // Ensure the test itself doesn't have INJECT_EVENTS permission before + // calling the method that requires it and expecting failure. + assertThat(sInstrumentation.getContext().checkSelfPermission( + Manifest.permission.INJECT_EVENTS)).isEqualTo(PackageManager.PERMISSION_DENIED); + + // Use reflection to directly invoke IAccessibilityManager#injectInputEventToInputFilter. + final AccessibilityManager accessibilityManager = (AccessibilityManager) + sInstrumentation.getContext().getSystemService(Service.ACCESSIBILITY_SERVICE); + final Field serviceField = AccessibilityManager.class.getDeclaredField("mService"); + serviceField.setAccessible(true); + final Method injectInputEventToInputFilter = + Class.forName("android.view.accessibility.IAccessibilityManager") + .getDeclaredMethod("injectInputEventToInputFilter", InputEvent.class); + + final InvocationTargetException exception = assertThrows(InvocationTargetException.class, + () -> injectInputEventToInputFilter.invoke( + serviceField.get(accessibilityManager), + MotionEvent.obtain(0, 0, 0, 0, 0, 0))); + assertThat(exception).hasCauseThat().isInstanceOf(SecurityException.class); + assertThat(exception).hasCauseThat().hasMessageThat().contains("INJECT_EVENTS"); + } + @Test public void testGetInstalledAccessibilityServicesList() throws Exception { List<AccessibilityServiceInfo> installedServices = |