add testMmapMinAddr
Enforce a minimum (and maximum!) value for mmap_min_addr, to help defend
against kernel based NULL pointer attacks.
Bug: 5712789
Change-Id: I0d6f383c9f8cf877bceee6ba3a065bf0f4e6cffc
diff --git a/tests/tests/security/src/android/security/cts/KernelSettingsTest.java b/tests/tests/security/src/android/security/cts/KernelSettingsTest.java
index 17ec7b5..7198241 100644
--- a/tests/tests/security/src/android/security/cts/KernelSettingsTest.java
+++ b/tests/tests/security/src/android/security/cts/KernelSettingsTest.java
@@ -30,18 +30,39 @@
public class KernelSettingsTest extends TestCase {
/**
+ * Protect against kernel based NULL pointer attacks by enforcing a
+ * minimum (and maximum!) value of mmap_min_addr.
+ *
+ * http://lwn.net/Articles/342330/
+ * http://lwn.net/Articles/342420/
+ */
+ public void testMmapMinAddr() throws IOException {
+ try {
+ assertEquals("32768", getFile("/proc/sys/vm/mmap_min_addr"));
+ } catch (FileNotFoundException e) {
+ // Odd. The file doesn't exist... Assume we're ok.
+ }
+ }
+
+ /**
* /proc/kallsyms will show the address of exported kernel symbols. This
* information can be used to write a reliable kernel exploit that can run
* on many platforms without using hardcoded pointers. To make this more
* difficult for attackers, don't export kernel symbols.
*/
public void testKptrRestrict() throws IOException {
- BufferedReader in = null;
try {
- in = new BufferedReader(new FileReader("/proc/sys/kernel/kptr_restrict"));
- assertEquals("2", in.readLine().trim());
+ assertEquals("2", getFile("/proc/sys/kernel/kptr_restrict"));
} catch (FileNotFoundException e) {
// Odd. The file doesn't exist... Assume we're ok.
+ }
+ }
+
+ private String getFile(String filename) throws IOException {
+ BufferedReader in = null;
+ try {
+ in = new BufferedReader(new FileReader(filename));
+ return in.readLine().trim();
} finally {
if (in != null) {
in.close();