commit | 12ee8935b27621975674d8a3e6675c597af14783 | [log] [tgz] |
---|---|---|
author | Jon Sawyer <jon@cunninglogic.com> | Sat Feb 22 11:44:27 2014 -0800 |
committer | Nick Kralevich <nnk@google.com> | Sat Feb 22 12:41:09 2014 -0800 |
tree | 5e2516f0bf9aadd2c5ed48e134512eb4d69a30ef | |
parent | 974c73e53e230096cbb2d14bbca7d57a6c90b8ad [diff] |
BannedFilesTest: Add testNoRootCmdSocket Test for known sockets that allow any users to execute commands as root. CVE-2014-1600 https://plus.google.com/+JustinCaseAndroid/posts/e1r6c9Z9jgg CVE-2013-4777 https://plus.google.com/+JustinCaseAndroid/posts/5ofgPNrSu3J (cherry picked from commit 6efee00d6fb976bd616ea6c8fe91d4dadda12280) Signed-off-by: Jon Sawyer <jon@cunninglogic.com> Change-Id: I245cc517eed79ff1810776021f32d91f807629d6 Conflicts: tests/plans/CTS-flaky.xml
diff --git a/tests/tests/security/src/android/security/cts/BannedFilesTest.java b/tests/tests/security/src/android/security/cts/BannedFilesTest.java index 971b5cc..8b9003d 100644 --- a/tests/tests/security/src/android/security/cts/BannedFilesTest.java +++ b/tests/tests/security/src/android/security/cts/BannedFilesTest.java
@@ -32,8 +32,18 @@ assertNotSetugid("/system/bin/sync_agent"); } - public void testNoInitRunIt() { + /** + * Detect devices allowing shell commands to be executed as root + * through sockets. + * + * References: + * + * https://plus.google.com/+JustinCaseAndroid/posts/e1r6c9Z9jgg + * https://plus.google.com/+JustinCaseAndroid/posts/5ofgPNrSu3J + */ + public void testNoRootCmdSocket() { assertFalse("/dev/socket/init_runit", new File("/dev/socket/init_runit").exists()); + assertFalse("/dev/socket/fotabinder", new File("/dev/socket/fotabinder").exists()); } public void testNoSu() {