Google Git
Sign in
android / platform / cts / 662a86d8c878d5a34949cdbd1a8180342695b686 / . / hostsidetests / securitybulletin / src / android / security / cts / CVE_2021_0691.java
blob: bf261fd0eab1e61cdbc2842ebc9bd8687137e7f7 [file] [log] [blame]
/*
* Copyright (C) 2021 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package android.security.cts;
import android.platform.test.annotations.AppModeInstant;
import android.platform.test.annotations.AppModeFull;
import android.util.Log;
import android.platform.test.annotations.AsbSecurityTest;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
import com.android.tradefed.log.LogUtil.CLog;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import static org.junit.Assert.*;
import static org.hamcrest.CoreMatchers.*;
/**
* Test installs sample app and then tries to overwrite *.apk file
*/
@RunWith(DeviceJUnit4ClassRunner.class)
public class CVE_2021_0691 extends StsExtraBusinessLogicHostTestBase {
private static final String TEST_PKG = "android.security.cts.CVE_2021_0691";
private static final String TEST_APP = "CVE-2021-0691.apk";
private static final String DEVICE_TMP_DIR = "/data/local/tmp/";
private static final String DEVICE_APP_DIR = "/data/app/";
private static final String SCRIPT_NAME = "cve_2021_0691.sh";
@Before
public void setUp() throws Exception {
uninstallPackage(getDevice(), TEST_PKG);
}
@Test
@AsbSecurityTest(cveBugId = 188554048)
@AppModeFull
public void testRunDeviceTest() throws Exception {
String cmd;
String result;
//push repro script and install test app
AdbUtils.pushResource("/" + SCRIPT_NAME, DEVICE_TMP_DIR + SCRIPT_NAME, getDevice());
AdbUtils.runCommandLine("chmod +x " + DEVICE_TMP_DIR + SCRIPT_NAME, getDevice());
installPackage();
//see repro script in log
cmd = "cd " + DEVICE_TMP_DIR + "; cat " + SCRIPT_NAME;
CLog.i("repro script: " + cmd);
CLog.i(AdbUtils.runCommandLine(cmd, getDevice()));
/*
look for a location of test package dir
for example: /data/app/
~~stRisM1TaNKYDnrHq9PHJg==/android.security.cts.CVE_2021_0691-borrWKTczXhO86vR9vwNJg==
*/
cmd = "find " + DEVICE_APP_DIR + " -name \"*" + TEST_PKG + "*==\"";
String appDir = AdbUtils.runCommandLine(cmd, getDevice()).trim();
CLog.i("look for appDir: " + cmd);
CLog.i("appDir=" + appDir);
//run repro steps as 'system' user (su 1000)
cmd = "su 1000 " + DEVICE_TMP_DIR + SCRIPT_NAME + " " + appDir;
result = AdbUtils.runCommandLine(cmd, getDevice());
CLog.i("command: " + cmd);
CLog.i("result: " + result);
//compare base.apk against aaa
//if differs test passes
cmd = "echo aaa | cmp -s " + appDir + "/base.apk; echo $?";
result = AdbUtils.runCommandLine(cmd, getDevice()).trim();
CLog.i("command: " + cmd);
CLog.i("result: " + result);
assertThat(result, not(is("0")));
}
private void installPackage() throws Exception {
installPackage(TEST_APP, new String[0]);
}
}