[RESTRICT AUTOMERGE:] STS test for Android Security CVE-2019-2092
This test is unique in that we are running under a new managed profile.
We try to call DevicePolicyManager.isSeparateProfileChallengeAllowed()
with USER_SYSTEM like an attacker would do. Since this test does not
run as USER_SYSTEM itself but instead runs in a managed profile, it
should fail with a SecurityException.
Test: cts-tradefed run cts -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.SeparateProfileChallengeTest#testSeparateProfileChallengePermissions
Bug: 130574934
Bug: 128599668
Change-Id: Ibde9cd8c49363a498699f68282013c58fc8a0cc0
diff --git a/hostsidetests/devicepolicy/Android.mk b/hostsidetests/devicepolicy/Android.mk
index f9a861c..ecaa698 100644
--- a/hostsidetests/devicepolicy/Android.mk
+++ b/hostsidetests/devicepolicy/Android.mk
@@ -27,7 +27,7 @@
LOCAL_CTS_TEST_PACKAGE := android.adminhostside
# tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts arcts vts general-tests
+LOCAL_COMPATIBILITY_SUITE := cts arcts vts general-tests sts
# Need the dependency to build/run the module solely by atest.
LOCAL_ADDITIONAL_DEPENDENCIES := $(TARGET_OUT_TESTCASES)/cts-current-api/current.api
diff --git a/hostsidetests/devicepolicy/app/SeparateProfileChallenge/Android.mk b/hostsidetests/devicepolicy/app/SeparateProfileChallenge/Android.mk
new file mode 100644
index 0000000..e0e7c4d
--- /dev/null
+++ b/hostsidetests/devicepolicy/app/SeparateProfileChallenge/Android.mk
@@ -0,0 +1,41 @@
+# Copyright (C) 2016 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH:= $(call my-dir)
+
+include $(CLEAR_VARS)
+
+LOCAL_PACKAGE_NAME := CtsSeparateProfileChallengeApp
+LOCAL_PRIVATE_PLATFORM_APIS := true
+
+LOCAL_MODULE_TAGS := optional
+
+LOCAL_MODULE_PATH := $(TARGET_OUT_DATA_APPS)
+
+LOCAL_SRC_FILES := $(call all-java-files-under, src)
+
+LOCAL_JAVA_LIBRARIES := \
+ android.test.runner.stubs \
+ cts-junit \
+ android.test.base.stubs \
+
+LOCAL_STATIC_JAVA_LIBRARIES := \
+ ctstestrunner-axt \
+ compatibility-device-util-axt \
+ ub-uiautomator
+
+# tag this module as a cts test artifact
+LOCAL_COMPATIBILITY_SUITE := cts vts general-tests sts
+
+include $(BUILD_CTS_PACKAGE)
diff --git a/hostsidetests/devicepolicy/app/SeparateProfileChallenge/AndroidManifest.xml b/hostsidetests/devicepolicy/app/SeparateProfileChallenge/AndroidManifest.xml
new file mode 100644
index 0000000..6d1c14f
--- /dev/null
+++ b/hostsidetests/devicepolicy/app/SeparateProfileChallenge/AndroidManifest.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2016 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="com.android.cts.separateprofilechallenge" >
+
+ <uses-sdk android:minSdkVersion="27"/>
+
+ <application>
+ <uses-library android:name="android.test.runner" />
+ <uses-permission android:name="WRITE_SECURE_SETTINGS"/>
+ </application>
+
+ <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="com.android.cts.separateprofilechallenge"
+ android:label="Separate Profile Challenge Permission CTS tests"/>
+</manifest>
diff --git a/hostsidetests/devicepolicy/app/SeparateProfileChallenge/src/com/android/cts/separateprofilechallenge/SeparateProfileChallengePermissionsTest.java b/hostsidetests/devicepolicy/app/SeparateProfileChallenge/src/com/android/cts/separateprofilechallenge/SeparateProfileChallengePermissionsTest.java
new file mode 100644
index 0000000..1b0378b
--- /dev/null
+++ b/hostsidetests/devicepolicy/app/SeparateProfileChallenge/src/com/android/cts/separateprofilechallenge/SeparateProfileChallengePermissionsTest.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.cts.separateprofilechallenge;
+
+import android.app.admin.DevicePolicyManager;
+import android.content.Context;
+import android.platform.test.annotations.SecurityTest;
+import android.test.AndroidTestCase;
+
+import androidx.test.runner.AndroidJUnitRunner;
+
+import static org.junit.Assert.assertNotNull;
+
+public class SeparateProfileChallengePermissionsTest extends AndroidTestCase {
+
+ public void testSeparateProfileChallengePermissions() throws Exception {
+ DevicePolicyManager dpm = (DevicePolicyManager)
+ mContext.getSystemService(Context.DEVICE_POLICY_SERVICE);
+ assertNotNull(dpm);
+ try {
+ dpm.isSeparateProfileChallengeAllowed(0); /* Try to use USER_SYSTEM */
+ fail("The user must be system to call isSeparateProfileChallengeAllowed().");
+ } catch (SecurityException ignore) {
+ // That's what we want!
+ } catch (NoSuchMethodError err) {
+ // API unavailable - pass
+ }
+ }
+}
diff --git a/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/SeparateProfileChallengeTest.java b/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/SeparateProfileChallengeTest.java
new file mode 100644
index 0000000..ef5e7c3
--- /dev/null
+++ b/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/SeparateProfileChallengeTest.java
@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.cts.devicepolicy;
+
+import com.android.tradefed.device.DeviceNotAvailableException;
+import android.platform.test.annotations.SecurityTest;
+
+/**
+ * Host side tests for separate profile challenge permissions.
+ * Run the CtsSeparateProfileChallengeApp device side test.
+ */
+
+public class SeparateProfileChallengeTest extends BaseDevicePolicyTest {
+ private static final String SEPARATE_PROFILE_PKG = "com.android.cts.separateprofilechallenge";
+ private static final String SEPARATE_PROFILE_APK = "CtsSeparateProfileChallengeApp.apk";
+ private static final String SEPARATE_PROFILE_TEST_CLASS =
+ ".SeparateProfileChallengePermissionsTest";
+ private String mPreviousHiddenApiPolicy = "0";
+
+ @Override
+ protected void setUp() throws Exception {
+ super.setUp();
+ setHiddenApiPolicyOn();
+ }
+
+ @Override
+ protected void tearDown() throws Exception {
+ removeTestUsers();
+ getDevice().uninstallPackage(SEPARATE_PROFILE_PKG);
+ setHiddenApiPolicyPreviousOrOff();
+ super.tearDown();
+ }
+
+ @SecurityTest
+ public void testSeparateProfileChallengePermissions() throws Exception {
+ if (!mHasFeature || !mSupportsMultiUser) {
+ return;
+ }
+
+ // Create managed profile.
+ final int profileUserId = createManagedProfile(mPrimaryUserId);
+ // createManagedProfile doesn't start the user automatically.
+ startUser(profileUserId);
+ installAppAsUser(SEPARATE_PROFILE_APK, profileUserId);
+ executeSeparateProfileChallengeTest(profileUserId);
+ }
+
+ protected void setHiddenApiPolicyOn() throws Exception {
+ mPreviousHiddenApiPolicy = getDevice().executeShellCommand(
+ "settings get global hidden_api_policy_p_apps");
+ executeShellCommand("settings put global hidden_api_policy_p_apps 1");
+ }
+
+ protected void setHiddenApiPolicyPreviousOrOff() throws Exception {
+ executeShellCommand("settings put global hidden_api_policy_p_apps "
+ + mPreviousHiddenApiPolicy);
+ }
+
+ private void executeSeparateProfileChallengeTest(int userId) throws Exception {
+ runDeviceTestsAsUser(SEPARATE_PROFILE_PKG, SEPARATE_PROFILE_TEST_CLASS, userId);
+ }
+}