[RESTRICT AUTOMERGE] CTS test for Android Security b/24441553
Bug: 24441553
Bug: 72510121
Test: Ran the new testcase on android-8.0.0_r30 with/without patch
Change-Id: Idfe9deb3d95e187e708b0b797177ed3fe54ca8f4
(cherry picked from commit 1e53e8d96c933d9eaf19c720bc001fc309149fac)
diff --git a/common/host-side/tradefed/tests/src/com/android/compatibility/common/tradefed/presubmit/ValidateTestsAbi.java b/common/host-side/tradefed/tests/src/com/android/compatibility/common/tradefed/presubmit/ValidateTestsAbi.java
index 1bd1eaa..ad1ca1e 100644
--- a/common/host-side/tradefed/tests/src/com/android/compatibility/common/tradefed/presubmit/ValidateTestsAbi.java
+++ b/common/host-side/tradefed/tests/src/com/android/compatibility/common/tradefed/presubmit/ValidateTestsAbi.java
@@ -179,6 +179,11 @@
* This binary only exists in 32-bit.
*/
BINARY_EXCEPTIONS.add("CVE-2019-217632");
+
+ /**
+ * This binary only exists in 32-bit.
+ */
+ BINARY_EXCEPTIONS.add("CVE-2015-6616-232");
}
/**
diff --git a/hostsidetests/securitybulletin/AndroidTest.xml b/hostsidetests/securitybulletin/AndroidTest.xml
index db4fdab..befd344 100644
--- a/hostsidetests/securitybulletin/AndroidTest.xml
+++ b/hostsidetests/securitybulletin/AndroidTest.xml
@@ -242,6 +242,7 @@
<!-- Bulletin 2020-03 -->
<!-- Please add tests solely from this bulletin below to avoid merge conflict -->
<option name="push" value="CVE-2020-0069->/data/local/tmp/CVE-2020-0069" />
+
<option name="append-bitness" value="true" />
</target_preparer>
@@ -299,6 +300,7 @@
<option name="cleanup" value="true" />
<!-- Please add 32-bit binary tests below to avoid merge conflict -->
+ <option name="push" value="CVE-2015-6616-232->/data/local/tmp/CVE-2015-6616-2" />
<option name="push" value="CVE-2019-217632->/data/local/tmp/CVE-2019-2176" />
<option name="push" value="CVE-2020-000232->/data/local/tmp/CVE-2020-0002" />
<option name="push" value="CVE-2017-1317932->/data/local/tmp/CVE-2017-13179" />
diff --git a/hostsidetests/securitybulletin/res/cve_2015_6616_2.mp4 b/hostsidetests/securitybulletin/res/cve_2015_6616_2.mp4
new file mode 100644
index 0000000..33b6327
--- /dev/null
+++ b/hostsidetests/securitybulletin/res/cve_2015_6616_2.mp4
Binary files differ
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2015-6616-2/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2015-6616-2/Android.mk
new file mode 100644
index 0000000..a6b3ddb
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2015-6616-2/Android.mk
@@ -0,0 +1,34 @@
+# Copyright (C) 2020 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := CVE-2015-6616-2
+LOCAL_SRC_FILES := poc.cpp
+LOCAL_MULTILIB := 32
+LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
+LOCAL_C_INCLUDES := frameworks/av/media/libstagefright
+LOCAL_C_INCLUDES += frameworks/av/include/media/stagefright
+LOCAL_SHARED_LIBRARIES := libstagefright
+LOCAL_SHARED_LIBRARIES += libstagefright_foundation
+LOCAL_SHARED_LIBRARIES += libutils
+
+# Tag this module as a cts test artifact
+LOCAL_COMPATIBILITY_SUITE := cts sts vts
+LOCAL_CTS_TEST_PACKAGE := android.security.cts
+
+LOCAL_ARM_MODE := arm
+LOCAL_CFLAGS := -Wall -Werror
+include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2015-6616-2/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2015-6616-2/poc.cpp
new file mode 100644
index 0000000..d21edb1
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2015-6616-2/poc.cpp
@@ -0,0 +1,55 @@
+/**
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <sys/types.h>
+#include <include/MPEG4Extractor.h>
+#include <media/stagefright/MetaData.h>
+#include "FileSource.h"
+
+using namespace android;
+
+int main(int argc, char **argv) {
+ if (argc < 2) {
+ return EXIT_FAILURE;
+ }
+
+ sp < DataSource > dataSource = new FileSource(argv[1]);
+ if (dataSource == nullptr) {
+ return EXIT_FAILURE;
+ }
+
+ MPEG4Extractor *ret = new MPEG4Extractor(dataSource.get());
+ if (ret == nullptr) {
+ return EXIT_FAILURE;
+ }
+
+ sp < MetaData > metaData = new MetaData;
+ metaData->setInt32(kKeyWantsNALFragments, 1);
+
+ sp < IMediaSource > source = ret->getTrack(0);
+ if (source == nullptr) {
+ return EXIT_FAILURE;
+ }
+
+ status_t retValue = source->start(metaData.get());
+ if(retValue != OK) {
+ return EXIT_FAILURE;
+ }
+
+ MediaBuffer *buffer;
+ source->read(&buffer,nullptr);
+
+ return EXIT_SUCCESS;
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java b/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
index 7bd6a91..3b592bb 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
@@ -54,6 +54,25 @@
******************************************************************************/
/**
+ * b/24441553
+ * Vulnerability Behaviour: SIGABRT in self
+ */
+ @Test
+ @SecurityTest(minPatchLevel = "2015-12")
+ public void testPocCVE_2015_6616_2() throws Exception {
+ String inputFiles[] = {"cve_2015_6616_2.mp4"};
+ String binaryName = "CVE-2015-6616-2";
+ String signals[] = {CrashUtils.SIGSEGV, CrashUtils.SIGBUS, CrashUtils.SIGABRT};
+ AdbUtils.pocConfig testConfig = new AdbUtils.pocConfig(binaryName, getDevice());
+ testConfig.config = new CrashUtils.Config().setProcessPatterns(binaryName);
+ testConfig.config.setSignals(signals);
+ testConfig.arguments = AdbUtils.TMP_PATH + inputFiles[0];
+ testConfig.inputFiles = Arrays.asList(inputFiles);
+ testConfig.inputFilesDestination = AdbUtils.TMP_PATH;
+ AdbUtils.runPocAssertNoCrashesNotVulnerable(testConfig);
+ }
+
+ /**
* b/134420911
* Vulnerability Behaviour: EXIT_VULNERABLE (113)
*/