tests/tests/os/src/android/os/cts/SecurityFeaturesTest.java - platform/cts - Git at Google

 /*
  * Copyright (C) 2013 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package android.os.cts;

 import android.os.Build;
 import android.platform.test.annotations.AppModeFull;
 import android.system.Os;
 import static android.system.OsConstants.PR_GET_DUMPABLE;

 import junit.framework.TestCase;

 public class SecurityFeaturesTest extends TestCase {

     /**
      * Iterate over all possible capabilities, testing to make sure each capability
      * has been removed from the app's capability bounding set.
      */
     public void testPrCapbsetEmpty() {
         int i = 0;
         while (true) {
             int result = OSFeatures.prctlCapBsetRead(i);
             if (result == -1) {
                 // The kernel has told us that the capability we're inquiring about
                 // doesn't exist. Capabilities are assigned sequentially and
                 // and monotonically increase with each kernel release, so if we
                 // see -1, we know we've examined every capability the kernel
                 // knows about.
                 break;
             }
             assertEquals("capability " + i + " is still in the bounding set",
                          0, result);
             i++;
         }
     }

     /**
      * Verifies that prctl(PR_GET_DUMPABLE) == ro.debuggable
      *
      * When PR_SET_DUMPABLE is 0, an application will not generate a
      * coredump, and PTRACE_ATTACH is disallowed. It's a security best
      * practice to ensure that PR_SET_DUMPABLE is 0, to prevent an app
      * from leaking the contents of its memory to persistent storage,
      * other processes, or logs.
      *
      * By default, PR_SET_DUMPABLE is 0 for zygote spawned apps, except
      * in the following circumstances:
      *
      * 1) ro.debuggable=1 (global debuggable enabled, i.e., userdebug or
      * eng builds).
      *
      * 2) android:debuggable="true" in the manifest for an individual
      * application.
      *
      * 3) An app which explicitly calls prctl(PR_SET_DUMPABLE, 1).
      *
      * For this test, neither #2 nor #3 are true, so we expect ro.debuggable
      * to exactly equal prctl(PR_GET_DUMPABLE).
      */
     @AppModeFull(reason = "Instant apps cannot access APIs")
     public void testPrctlDumpable() throws Exception {
         boolean userBuild = "user".equals(Build.TYPE);
         int prctl_dumpable = Os.prctl(PR_GET_DUMPABLE, 0, 0, 0, 0);
         int expected  = userBuild ? 0 : 1;
         assertEquals(expected, prctl_dumpable);
     }
 }
	/*
	* Copyright (C) 2013 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package android.os.cts;

	import android.os.Build;
	import android.platform.test.annotations.AppModeFull;
	import android.system.Os;
	import static android.system.OsConstants.PR_GET_DUMPABLE;

	import junit.framework.TestCase;

	public class SecurityFeaturesTest extends TestCase {

	/**
	* Iterate over all possible capabilities, testing to make sure each capability
	* has been removed from the app's capability bounding set.
	*/
	public void testPrCapbsetEmpty() {
	int i = 0;
	while (true) {
	int result = OSFeatures.prctlCapBsetRead(i);
	if (result == -1) {
	// The kernel has told us that the capability we're inquiring about
	// doesn't exist. Capabilities are assigned sequentially and
	// and monotonically increase with each kernel release, so if we
	// see -1, we know we've examined every capability the kernel
	// knows about.
	break;
	}
	assertEquals("capability " + i + " is still in the bounding set",
	0, result);
	i++;
	}
	}

	/**
	* Verifies that prctl(PR_GET_DUMPABLE) == ro.debuggable
	*
	* When PR_SET_DUMPABLE is 0, an application will not generate a
	* coredump, and PTRACE_ATTACH is disallowed. It's a security best
	* practice to ensure that PR_SET_DUMPABLE is 0, to prevent an app
	* from leaking the contents of its memory to persistent storage,
	* other processes, or logs.
	*
	* By default, PR_SET_DUMPABLE is 0 for zygote spawned apps, except
	* in the following circumstances:
	*
	* 1) ro.debuggable=1 (global debuggable enabled, i.e., userdebug or
	* eng builds).
	*
	* 2) android:debuggable="true" in the manifest for an individual
	* application.
	*
	* 3) An app which explicitly calls prctl(PR_SET_DUMPABLE, 1).
	*
	* For this test, neither #2 nor #3 are true, so we expect ro.debuggable
	* to exactly equal prctl(PR_GET_DUMPABLE).
	*/
	@AppModeFull(reason = "Instant apps cannot access APIs")
	public void testPrctlDumpable() throws Exception {
	boolean userBuild = "user".equals(Build.TYPE);
	int prctl_dumpable = Os.prctl(PR_GET_DUMPABLE, 0, 0, 0, 0);
	int expected = userBuild ? 0 : 1;
	assertEquals(expected, prctl_dumpable);
	}
	}