RESTRICT AUTOMERGE: CTS: Verify DynamicRefTable::load security fix This tests that corrupted apks fail to install on P and later as well as adds a new test to verify that the DynamicRedTable::load security fix prevents out-of-bounds reads from occurring. Bug: 79488511 Test: run cts -m CtsAppSecurityHostTestCases \ -t android.appsecurity.cts.CorruptApkTests Change-Id: I5b60758cb4979c6a593ff57e73acdd559b5d1be7 Merged-In: I5b60758cb4979c6a593ff57e73acdd559b5d1be7

commit: 352a9aaba7fb49b85667803f468cd735af63153d [log] [tgz]
author: Ryan Mitchell <rtmitchell@google.com> Tue Jun 05 18:06:36 2018 -0700
committer: Ryan Mitchell <rtmitchell@google.com> Wed Aug 08 09:57:19 2018 -0700
tree: 5cea04d837c6742f5b8677ffbbe016341615475f
parent: 59db42d8d784428dcd442d2180f559cb502dee05 [diff]
diff --git a/hostsidetests/appsecurity/res/corruptapk/CtsCorruptApkTests_b71361168.apk b/hostsidetests/appsecurity/res/corruptapk/CtsCorruptApkTests_b71361168.apk
index ef1e2bf..dc00656 100644
--- a/hostsidetests/appsecurity/res/corruptapk/CtsCorruptApkTests_b71361168.apk
+++ b/hostsidetests/appsecurity/res/corruptapk/CtsCorruptApkTests_b71361168.apk
Binary files differ

diff --git a/hostsidetests/appsecurity/res/corruptapk/CtsCorruptApkTests_b79488511.apk b/hostsidetests/appsecurity/res/corruptapk/CtsCorruptApkTests_b79488511.apk
new file mode 100644
index 0000000..22af499
--- /dev/null
+++ b/hostsidetests/appsecurity/res/corruptapk/CtsCorruptApkTests_b79488511.apk
Binary files differ

diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/CorruptApkTests.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/CorruptApkTests.java
index bf54cb3..bc0d759 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/CorruptApkTests.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/CorruptApkTests.java

@@ -39,7 +39,8 @@
  */
 public class CorruptApkTests extends DeviceTestCase implements IBuildReceiver {
     private final String B71360999_PKG = "com.android.appsecurity.b71360999";
-    private final String B71361168_PKG = "com.example.helloworld";
+    private final String B71361168_PKG = "com.android.appsecurity.b71361168";
+    private final String B79488511_PKG = "com.android.appsecurity.b79488511";
     private static final String TEST_APK_RESOURCE_PREFIX = "/corruptapk/";
 
     private IBuildInfo mBuildInfo;
@@ -55,6 +56,7 @@
         super.setUp();
         uninstall(B71360999_PKG);
         uninstall(B71361168_PKG);
+        uninstall(B79488511_PKG);
     }
 
     @After
@@ -63,6 +65,7 @@
         super.tearDown();
         uninstall(B71360999_PKG);
         uninstall(B71361168_PKG);
+        uninstall(B79488511_PKG);
     }
 
     /** Uninstall the apk if the test failed previously. */
@@ -74,11 +77,11 @@
     }
 
     /**
-     * Tests that apks described in b/71360999 do not install successfully nor cause
+     * Tests that apks described in b/71360999 do not install successfully.
      */
     public void testFailToInstallCorruptStringPoolHeader_b71360999() throws Exception {
         final String APK_PATH = "CtsCorruptApkTests_b71360999.apk";
-        assertFailsToInstall(APK_PATH, B71360999_PKG);
+        assertInstallNoFatalError(APK_PATH, B71360999_PKG);
     }
 
     /**
@@ -86,29 +89,31 @@
      */
     public void testFailToInstallCorruptStringPoolHeader_b71361168() throws Exception {
         final String APK_PATH = "CtsCorruptApkTests_b71361168.apk";
-        assertFailsToInstall(APK_PATH, B71361168_PKG);
+        assertInstallNoFatalError(APK_PATH, B71361168_PKG);
     }
 
     /**
-     * Assert that the app fails to install and the reason for failing is not caused by a buffer
-     * overflow nor a out of bounds read.
+     * Tests that apks described in b/79488511 do not install successfully.
+     */
+    public void testFailToInstallCorruptStringPoolHeader_b79488511() throws Exception {
+        final String APK_PATH = "CtsCorruptApkTests_b79488511.apk";
+        assertInstallNoFatalError(APK_PATH, B79488511_PKG);
+    }
+
+    /**
+     * Assert that installing the app does not cause a native error caused by a buffer overflow
+     * or an out-of-bounds read.
      **/
-    private void assertFailsToInstall(String filename, String pkg) throws Exception {
+    private void assertInstallNoFatalError(String filename, String pkg) throws Exception {
         ITestDevice device = getDevice();
         device.clearLogcat();
-
         installPackageFromResource(filename);
 
-        assertFalse(device.getInstalledPackageNames().contains(pkg));
-
         // This catches if the device fails to install the app because a segmentation fault
         // or out of bounds read created by the bug occurs
         String logs = device.executeAdbCommand("logcat", "-d");
         assertNotNull(logs);
-        // Whether we hung or not, check for the log indicating the size is bad
-        boolean fixWasHit = logs.contains("Bad string block: malformed block dimensions") ||
-                logs.contains("Bad string block: data size");
-        assertTrue(fixWasHit);
+
         // Also check for the original indicators
         assertFalse(logs.contains("SIGSEGV"));
         assertFalse(logs.contains("==ERROR"));
commit	352a9aaba7fb49b85667803f468cd735af63153d	[log] [tgz]
author	Ryan Mitchell <rtmitchell@google.com>	Tue Jun 05 18:06:36 2018 -0700
committer	Ryan Mitchell <rtmitchell@google.com>	Wed Aug 08 09:57:19 2018 -0700
tree	5cea04d837c6742f5b8677ffbbe016341615475f
parent	59db42d8d784428dcd442d2180f559cb502dee05 [diff]