fixes a security vulnerability in slice provider
Bug: 138441555
Test: Manual
Change-Id: I0efd5dcb2586ac8dfcdb6aefa1e2eac59a186c3d
Merged-In: I0efd5dcb2586ac8dfcdb6aefa1e2eac59a186c3d
diff --git a/tests/tests/slice/Android.bp b/tests/tests/slice/Android.bp
new file mode 100644
index 0000000..9dfffd2
--- /dev/null
+++ b/tests/tests/slice/Android.bp
@@ -0,0 +1,54 @@
+// Copyright (C) 2019 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+android_test {
+ name: "CtsSliceTestCases",
+ defaults: ["cts_defaults"],
+
+ // don't include this package in any target
+
+ // and when built explicitly put it in the data partition
+
+ // Tag this module as a cts test artifact
+ test_suites: [
+ "cts",
+ "vts",
+ "general-tests",
+ ],
+
+ libs: ["android.test.runner.stubs"],
+
+ static_libs: [
+ "androidx.test.rules",
+ "compatibility-device-util-axt",
+ "ctsdeviceutillegacy-axt",
+ "ctstestrunner-axt",
+ "metrics-helper-lib",
+ "mockito-target-inline-minus-junit4",
+ "platform-test-annotations",
+ "ub-uiautomator",
+ ],
+
+ compile_multilib: "both",
+
+ jni_libs: [
+ "libdexmakerjvmtiagent",
+ "libmultiplejvmtiagentsinterferenceagent",
+ ],
+
+ srcs: ["src/**/*.java", "src/**/*.kt"],
+
+ platform_apis: true,
+
+}
diff --git a/tests/tests/slice/Android.mk b/tests/tests/slice/Android.mk
deleted file mode 100644
index b440d19..0000000
--- a/tests/tests/slice/Android.mk
+++ /dev/null
@@ -1,52 +0,0 @@
-# Copyright (C) 2008 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH:= $(call my-dir)
-
-include $(CLEAR_VARS)
-
-# don't include this package in any target
-LOCAL_MODULE_TAGS := optional
-# and when built explicitly put it in the data partition
-LOCAL_MODULE_PATH := $(TARGET_OUT_DATA_APPS)
-
-# Tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts vts general-tests
-
-LOCAL_JAVA_LIBRARIES := android.test.runner.stubs
-
-LOCAL_STATIC_JAVA_LIBRARIES := \
- androidx.test.rules \
- compatibility-device-util-axt \
- ctsdeviceutillegacy-axt \
- ctstestrunner-axt \
- metrics-helper-lib \
- mockito-target-inline-minus-junit4 \
- platform-test-annotations \
- ub-uiautomator
-
-LOCAL_MULTILIB := both
-
-LOCAL_JNI_SHARED_LIBRARIES := \
- libdexmakerjvmtiagent \
- libmultiplejvmtiagentsinterferenceagent
-
-LOCAL_SRC_FILES := $(call all-java-files-under, src)
-
-LOCAL_PACKAGE_NAME := CtsSliceTestCases
-LOCAL_PRIVATE_PLATFORM_APIS := true
-
-include $(BUILD_CTS_PACKAGE)
-
-include $(call all-makefiles-under,$(LOCAL_PATH))
diff --git a/tests/tests/slice/src/android/slice/cts/SliceProviderTest.kt b/tests/tests/slice/src/android/slice/cts/SliceProviderTest.kt
new file mode 100644
index 0000000..4b78f3a
--- /dev/null
+++ b/tests/tests/slice/src/android/slice/cts/SliceProviderTest.kt
@@ -0,0 +1,82 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
+ * except in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the
+ * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+package android.slice.cts
+
+import android.app.slice.Slice
+import android.app.slice.SliceSpec
+import android.content.ContentResolver
+import android.net.Uri
+import android.os.Bundle
+
+import androidx.test.rule.ActivityTestRule
+import androidx.test.runner.AndroidJUnit4
+import org.junit.Before
+
+import org.junit.Rule
+import org.junit.Test
+import org.junit.runner.RunWith
+
+private const val VALID_AUTHORITY = "android.slice.cts"
+private const val SUSPICIOUS_AUTHORITY = "com.suspicious.www"
+private const val ACTION_BLUETOOTH = "/action/bluetooth"
+private const val VALID_BASE_URI_STRING = "content://$VALID_AUTHORITY"
+private const val VALID_ACTION_URI_STRING = "content://$VALID_AUTHORITY$ACTION_BLUETOOTH"
+private const val SHADY_ACTION_URI_STRING = "content://$SUSPICIOUS_AUTHORITY$ACTION_BLUETOOTH"
+
+@RunWith(AndroidJUnit4::class)
+class SliceProviderTest {
+
+ @Rule @JvmField var activityTestRule = ActivityTestRule(Launcher::class.java)
+
+ private val validBaseUri = Uri.parse(VALID_BASE_URI_STRING)
+ private val validActionUri = Uri.parse(VALID_ACTION_URI_STRING)
+ private val shadyActionUri = Uri.parse(SHADY_ACTION_URI_STRING)
+
+ private lateinit var contentResolver: ContentResolver
+
+ @Before
+ fun setUp() {
+ contentResolver = activityTestRule.activity.contentResolver
+ }
+
+ @Test
+ fun testCallSliceUri_ValidAuthority() {
+ doQuery(validActionUri)
+ }
+
+ @Test(expected = SecurityException::class)
+ fun testCallSliceUri_ShadyAuthority() {
+ doQuery(shadyActionUri)
+ }
+
+ private fun doQuery(actionUri: Uri): Slice {
+ val extras = Bundle().apply {
+ putParcelable("slice_uri", actionUri)
+ putParcelableArrayList("supported_specs", ArrayList(listOf(
+ SliceSpec("androidx.slice.LIST", 1),
+ SliceSpec("androidx.app.slice.BASIC", 1),
+ SliceSpec("androidx.slice.BASIC", 1),
+ SliceSpec("androidx.app.slice.LIST", 1)
+ )))
+ }
+ val result = contentResolver.call(
+ validBaseUri,
+ SliceProvider.METHOD_SLICE,
+ null,
+ extras
+ )
+ return result.getParcelable(SliceProvider.EXTRA_SLICE)
+ }
+}
