[RESTRICT AUTOMERGE] CTS test for Android Security b/36035074
Bug: 36035074
Bug: 72389382
Test: Ran the new testcase on android-8.0.0_r30 with/without patch
Change-Id: I83d01a5286c279a5e4a0ee6c7778605d487ead16
diff --git a/common/host-side/tradefed/tests/src/com/android/compatibility/common/tradefed/presubmit/ValidateTestsAbi.java b/common/host-side/tradefed/tests/src/com/android/compatibility/common/tradefed/presubmit/ValidateTestsAbi.java
index f116e8d..844cc83 100644
--- a/common/host-side/tradefed/tests/src/com/android/compatibility/common/tradefed/presubmit/ValidateTestsAbi.java
+++ b/common/host-side/tradefed/tests/src/com/android/compatibility/common/tradefed/presubmit/ValidateTestsAbi.java
@@ -179,6 +179,11 @@
* This binary only exists in 32-bit.
*/
BINARY_EXCEPTIONS.add("CVE-2017-1314932");
+
+ /**
+ * This binary only exists in 32-bit.
+ */
+ BINARY_EXCEPTIONS.add("CVE-2017-067732");
}
/**
diff --git a/hostsidetests/securitybulletin/res/cve_2017_0677.h264 b/hostsidetests/securitybulletin/res/cve_2017_0677.h264
new file mode 100644
index 0000000..edff958
--- /dev/null
+++ b/hostsidetests/securitybulletin/res/cve_2017_0677.h264
Binary files differ
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0677/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0677/Android.mk
new file mode 100644
index 0000000..d2f8ef8
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0677/Android.mk
@@ -0,0 +1,35 @@
+# Copyright (C) 2020 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := CVE-2017-0677
+LOCAL_SRC_FILES := ../../../../../external/libavc/test/decoder/main.c
+LOCAL_SRC_FILES += ../includes/memutils.c
+LOCAL_MULTILIB := 32
+LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
+LOCAL_C_INCLUDES_32 := external/libavc/common
+LOCAL_C_INCLUDES_32 += external/libavc/decoder
+LOCAL_SHARED_LIBRARIES_32 := liblog
+LOCAL_SHARED_LIBRARIES_32 += libstagefright_soft_avcdec
+
+# Tag this module as a cts test artifact
+LOCAL_COMPATIBILITY_SUITE := cts sts vts
+LOCAL_CTS_TEST_PACKAGE := android.security.cts
+
+LOCAL_ARM_MODE := arm
+LOCAL_CFLAGS += -Wall -Werror
+LOCAL_CFLAGS += -DPROFILE_ENABLE -fPIC -DMD5_DISABLE -DCHECK_OVERFLOW -DCHECK_USE_AFTER_FREE_WITH_WINDOW_SIZE=1048576
+include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/TestMediaCodec.java b/hostsidetests/securitybulletin/src/android/security/cts/TestMediaCodec.java
index 01ad909..1a686ae 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/TestMediaCodec.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/TestMediaCodec.java
@@ -221,6 +221,19 @@
******************************************************************************/
/**
+ * b/36035074
+ * Vulnerability Behaviour: SIGSEGV in self
+ **/
+ @Test
+ @SecurityTest(minPatchLevel = "2017-07")
+ public void testPocCVE_2017_0677() throws Exception {
+ String inputFiles[] = {"cve_2017_0677.h264"};
+ AdbUtils.runPocAssertNoCrashesNotVulnerable("CVE-2017-0677",
+ "-i " + AdbUtils.TMP_PATH + inputFiles[0] + " -o /dev/null", inputFiles,
+ AdbUtils.TMP_PATH, getDevice());
+ }
+
+ /**
* b/70294343
* Vulnerability Behaviour: SIGSEGV in self
**/
