This test is to verify Apps with zero-permission should not be able to receive
broadcast sent by CAT Telephony with action android.intent.action.stk.command
and that "Intercept SIM commands to Telephony" is fixed
Bug: #21697171
Change-Id: Ifdec5a13cfdd329dee466682e5c15e726a66eebf
Signed-off-by: Atchamnaidu <asarvasuddi@google.com>
diff --git a/tests/tests/security/src/android/security/cts/STKFrameworkTest.java b/tests/tests/security/src/android/security/cts/STKFrameworkTest.java
new file mode 100644
index 0000000..1fae3c8
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/STKFrameworkTest.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.security.cts;
+
+import android.content.ComponentName;
+import android.content.Intent;
+import android.test.AndroidTestCase;
+
+public class STKFrameworkTest extends AndroidTestCase {
+ @Override
+ protected void setUp() throws Exception {
+ super.setUp();
+ }
+
+ @Override
+ protected void tearDown() throws Exception {
+ super.tearDown();
+ }
+
+ /*
+ * Verifies commands Intercepting which has been sent from SIM card to Telephony using
+ * zero-permission malicious application
+ */
+ public void testInterceptedSIMCommandsToTelephony() {
+ Intent intent = new Intent();
+ intent.setAction("android.intent.action.stk.command");
+ intent.putExtra("STK CMD", "test");
+ ComponentName cn =
+ ComponentName.unflattenFromString("com.android.stk/com.android.stk.StkCmdReceiver");
+ intent.setComponent(cn);
+ try {
+ mContext.sendBroadcast(intent);
+ fail("Able to send broadcast which can be received by any app which has registered " +
+ "broadcast for action 'android.intent.action.stk.command' since it is not " +
+ "protected with any permission. Device is vulnerable to CVE-2015-3843.");
+ } catch (SecurityException e) {
+ /* Pass the Test case: App should not be able to send broadcast using action
+ * 'android.intent.action.stk.command' as it is protected by permission in
+ * patched devices
+ */
+ }
+ }
+}
