CTS test for Android Security b/115635871
Bug: 115635871
Bug: 126802862
Test: Ran the new testcase on android-10.0.0_r39 to test with/without patch
Change-Id: I06bb61160d3803997f48f3a842d6d03b7bd39a0f
(cherry picked from commit 3263352061625929db9e7eee22a7b1a055dd5678)
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2019-2019/Android.bp b/hostsidetests/securitybulletin/securityPatch/CVE-2019-2019/Android.bp
new file mode 100644
index 0000000..fe66191
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2019-2019/Android.bp
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+cc_test {
+ name: "CVE-2019-2019",
+ defaults: ["cts_hostsidetests_securitybulletin_defaults"],
+ srcs: [
+ "poc.cpp",
+ ":cts_hostsidetests_securitybulletin_memutils",
+ ],
+ cflags: [
+ "-DCHECK_OVERFLOW",
+ "-DENABLE_SELECTIVE_OVERLOADING",
+ ],
+ include_dirs: [
+ "system/nfc/src/include/",
+ "system/nfc/src/gki/common/",
+ "system/nfc/src/gki/ulinux/",
+ "system/nfc/src/nfc/include/",
+ ],
+ shared_libs: [
+ "libnfc-nci",
+ ],
+}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2019-2019/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2019-2019/poc.cpp
new file mode 100644
index 0000000..483b7c4
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2019-2019/poc.cpp
@@ -0,0 +1,65 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <ce_int.h>
+#include <nfc_int.h>
+
+#include "../includes/common.h"
+#include "../includes/memutils.h"
+
+#define OFFSET 8
+#define VULNERABLE_LENGTH 0
+
+char enable_selective_overload = ENABLE_NONE;
+
+extern tNFC_CB nfc_cb;
+extern tCE_CB ce_cb;
+
+void GKI_freebuf(void* p_buf __attribute__((unused))) {}
+
+void nfc_start_quick_timer(TIMER_LIST_ENT*, uint16_t, uint32_t) {}
+
+void nfc_stop_timer(TIMER_LIST_ENT*) {}
+
+void nfc_stop_quick_timer(TIMER_LIST_ENT*) {}
+
+int main() {
+ enable_selective_overload = ENABLE_ALL;
+ GKI_init();
+ ce_init();
+ ce_cb.mem.t4t.status = CE_T4T_STATUS_REG_AID_SELECTED;
+
+ if (ce_select_t4t() != NFC_STATUS_OK) {
+ return EXIT_FAILURE;
+ }
+
+ tNFC_CONN_CB* p_cb = &nfc_cb.conn_cb[NFC_RF_CONN_ID];
+ tNFC_CONN* p_data = (tNFC_CONN*)malloc(sizeof(tNFC_CONN));
+ p_data->data.p_data = (NFC_HDR*)malloc(sizeof(uint8_t) * 16);
+ NFC_HDR* p_c_apdu = (NFC_HDR*)p_data->data.p_data;
+ p_c_apdu->len = VULNERABLE_LENGTH;
+ p_c_apdu->offset = OFFSET;
+ uint8_t conn_id = 1;
+ TIMER_LIST_ENT pFirst = {};
+ nfc_cb.quick_timer_queue.p_first = &pFirst;
+
+ p_cb->p_cback(conn_id, NFC_DATA_CEVT, p_data);
+
+ free(p_data->data.p_data);
+ free(p_data);
+ enable_selective_overload = ENABLE_NONE;
+ return EXIT_SUCCESS;
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2019.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2019.java
new file mode 100644
index 0000000..a97c679
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2019_2019.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import android.platform.test.annotations.SecurityTest;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2019_2019 extends SecurityTestCase {
+
+ /**
+ * b/115635871
+ * Vulnerability Behaviour: SIGSEGV in self
+ */
+ @SecurityTest(minPatchLevel = "2019-03")
+ @Test
+ public void testPocCVE_2019_2019() throws Exception {
+ pocPusher.only64();
+ AdbUtils.runPocAssertNoCrashesNotVulnerable("CVE-2019-2019", null, getDevice());
+ }
+}