add testMmapMinAddr

Enforce a minimum (and maximum!) value for mmap_min_addr, to help defend
against kernel based NULL pointer attacks.

Bug: 5712789
Change-Id: I0d6f383c9f8cf877bceee6ba3a065bf0f4e6cffc
diff --git a/tests/tests/security/src/android/security/cts/KernelSettingsTest.java b/tests/tests/security/src/android/security/cts/KernelSettingsTest.java
index 17ec7b5..7198241 100644
--- a/tests/tests/security/src/android/security/cts/KernelSettingsTest.java
+++ b/tests/tests/security/src/android/security/cts/KernelSettingsTest.java
@@ -30,18 +30,39 @@
 public class KernelSettingsTest extends TestCase {
 
     /**
+     * Protect against kernel based NULL pointer attacks by enforcing a
+     * minimum (and maximum!) value of mmap_min_addr.
+     *
+     * http://lwn.net/Articles/342330/
+     * http://lwn.net/Articles/342420/
+     */
+    public void testMmapMinAddr() throws IOException {
+        try {
+            assertEquals("32768", getFile("/proc/sys/vm/mmap_min_addr"));
+        } catch (FileNotFoundException e) {
+            // Odd. The file doesn't exist... Assume we're ok.
+        }
+    }
+
+    /**
      * /proc/kallsyms will show the address of exported kernel symbols. This
      * information can be used to write a reliable kernel exploit that can run
      * on many platforms without using hardcoded pointers. To make this more
      * difficult for attackers, don't export kernel symbols.
      */
     public void testKptrRestrict() throws IOException {
-        BufferedReader in = null;
         try {
-            in = new BufferedReader(new FileReader("/proc/sys/kernel/kptr_restrict"));
-            assertEquals("2", in.readLine().trim());
+            assertEquals("2", getFile("/proc/sys/kernel/kptr_restrict"));
         } catch (FileNotFoundException e) {
             // Odd. The file doesn't exist... Assume we're ok.
+        }
+    }
+
+    private String getFile(String filename) throws IOException {
+        BufferedReader in = null;
+        try {
+            in = new BufferedReader(new FileReader(filename));
+            return in.readLine().trim();
         } finally {
             if (in != null) {
                 in.close();