hostsidetests/securitybulletin/test-apps/CVE-2021-0954/src/android/security/cts/CVE_2021_0954/DeviceTest.java - platform/cts - Git at Google

 /*
  * Copyright (C) 2021 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package android.security.cts.cve_2021_0954;

 import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
 import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assume.assumeNoException;

 import android.content.ActivityNotFoundException;
 import android.content.Context;
 import android.content.Intent;
 import android.provider.Settings;

 import androidx.test.runner.AndroidJUnit4;
 import androidx.test.uiautomator.By;
 import androidx.test.uiautomator.UiDevice;
 import androidx.test.uiautomator.Until;

 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;

 import java.io.IOException;
 import java.util.regex.Pattern;

 @RunWith(AndroidJUnit4.class)
 public class DeviceTest {
     private static final String TEST_PKG = "android.security.cts.cve_2021_0954";
     private static final String TEST_VULNERABLE_PKG = "android";
     private static final String TEST_VULNERABLE_ACTIVITY =
             "com.android.internal.app.ResolverActivity";
     private static final int LAUNCH_TIMEOUT_MS = 20000;
     private static final String vulnerableActivityName = "ResolverActivity";
     private UiDevice mDevice;
     String activityDump = "";

     private void startOverlayService() {
         Context context = getApplicationContext();
         assertNotNull(context);
         Intent intent = new Intent(context, PocService.class);
         assertNotNull(intent);

         if (Settings.canDrawOverlays(getApplicationContext())) {
             context.startService(intent);
         } else {
             try {
                 context.startService(intent);
             } catch (Exception e) {
                 throw new RuntimeException("Unable to start the overlay service", e);
             }
         }
     }

     public void startVulnerableActivity() {
         Context context = getApplicationContext();
         Intent intent = new Intent();
         intent.setClassName(TEST_VULNERABLE_PKG, TEST_VULNERABLE_ACTIVITY);
         intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
         try {
             context.startActivity(intent);
         } catch (ActivityNotFoundException e) {
             assumeNoException("Activity not found on device", e);
         }
     }

     @Before
     public void setUp() throws Exception {
         mDevice = UiDevice.getInstance(getInstrumentation());

         /* Start the vulnerable activity */
         startVulnerableActivity();
         if (!mDevice.wait(Until.hasObject(By.res("android:id/contentPanel")
                 .clazz("android.widget.ScrollView").pkg("android")), LAUNCH_TIMEOUT_MS)) {
             return;
         }

         /* Start the overlay service */
         startOverlayService();
     }

     @Test
     public void testVulnerableActivityPresence() {
         Pattern overlayTextPattern = Pattern.compile("OverlayButton", Pattern.CASE_INSENSITIVE);
         if (!mDevice.wait(Until.hasObject(By.text(overlayTextPattern)), LAUNCH_TIMEOUT_MS)) {
             return;
         }

         /*
          * Check if the currently running activity is the vulnerable activity, if not abort the test
          */
         try {
             activityDump = mDevice.executeShellCommand("dumpsys activity");
         } catch (IOException e) {
             throw new RuntimeException("Could not execute dumpsys activity command");
         }
         Pattern activityPattern =
                 Pattern.compile("mResumedActivity.*" + vulnerableActivityName + ".*\n");
         if (!activityPattern.matcher(activityDump).find()) {
             return;
         }
         String message = "Device is vulnerable to b/143559931 hence any app with "
                 + "SYSTEM_ALERT_WINDOW can overlay the ResolverActivity screen";
         assertNull(message, mDevice.findObject(By.text(overlayTextPattern)));
     }
 }
	/*
	* Copyright (C) 2021 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package android.security.cts.cve_2021_0954;

	import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
	import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
	import static org.junit.Assert.assertNotNull;
	import static org.junit.Assert.assertNull;
	import static org.junit.Assume.assumeNoException;

	import android.content.ActivityNotFoundException;
	import android.content.Context;
	import android.content.Intent;
	import android.provider.Settings;

	import androidx.test.runner.AndroidJUnit4;
	import androidx.test.uiautomator.By;
	import androidx.test.uiautomator.UiDevice;
	import androidx.test.uiautomator.Until;

	import org.junit.Before;
	import org.junit.Test;
	import org.junit.runner.RunWith;

	import java.io.IOException;
	import java.util.regex.Pattern;

	@RunWith(AndroidJUnit4.class)
	public class DeviceTest {
	private static final String TEST_PKG = "android.security.cts.cve_2021_0954";
	private static final String TEST_VULNERABLE_PKG = "android";
	private static final String TEST_VULNERABLE_ACTIVITY =
	"com.android.internal.app.ResolverActivity";
	private static final int LAUNCH_TIMEOUT_MS = 20000;
	private static final String vulnerableActivityName = "ResolverActivity";
	private UiDevice mDevice;
	String activityDump = "";

	private void startOverlayService() {
	Context context = getApplicationContext();
	assertNotNull(context);
	Intent intent = new Intent(context, PocService.class);
	assertNotNull(intent);

	if (Settings.canDrawOverlays(getApplicationContext())) {
	context.startService(intent);
	} else {
	try {
	context.startService(intent);
	} catch (Exception e) {
	throw new RuntimeException("Unable to start the overlay service", e);
	}
	}
	}

	public void startVulnerableActivity() {
	Context context = getApplicationContext();
	Intent intent = new Intent();
	intent.setClassName(TEST_VULNERABLE_PKG, TEST_VULNERABLE_ACTIVITY);
	intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
	try {
	context.startActivity(intent);
	} catch (ActivityNotFoundException e) {
	assumeNoException("Activity not found on device", e);
	}
	}

	@Before
	public void setUp() throws Exception {
	mDevice = UiDevice.getInstance(getInstrumentation());

	/* Start the vulnerable activity */
	startVulnerableActivity();
	if (!mDevice.wait(Until.hasObject(By.res("android:id/contentPanel")
	.clazz("android.widget.ScrollView").pkg("android")), LAUNCH_TIMEOUT_MS)) {
	return;
	}

	/* Start the overlay service */
	startOverlayService();
	}

	@Test
	public void testVulnerableActivityPresence() {
	Pattern overlayTextPattern = Pattern.compile("OverlayButton", Pattern.CASE_INSENSITIVE);
	if (!mDevice.wait(Until.hasObject(By.text(overlayTextPattern)), LAUNCH_TIMEOUT_MS)) {
	return;
	}

	/*
	* Check if the currently running activity is the vulnerable activity, if not abort the test
	*/
	try {
	activityDump = mDevice.executeShellCommand("dumpsys activity");
	} catch (IOException e) {
	throw new RuntimeException("Could not execute dumpsys activity command");
	}
	Pattern activityPattern =
	Pattern.compile("mResumedActivity." + vulnerableActivityName + ".\n");
	if (!activityPattern.matcher(activityDump).find()) {
	return;
	}
	String message = "Device is vulnerable to b/143559931 hence any app with "
	+ "SYSTEM_ALERT_WINDOW can overlay the ResolverActivity screen";
	assertNull(message, mDevice.findObject(By.text(overlayTextPattern)));
	}
	}