STS test for Android Security CVE-2021-0428
Test: sts-tradefed run sts-engbuild-no-spl-lock -m CtsTelephony3TestCases -t android.telephony3.cts.TelephonyManagerTest#testDeviceIdentifiersAreNotAccessible
TEST: sts-tradefed run sts-engbuild-no-spl-lock -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.DeviceIdentifierTest#testDeviceIdentifierAccessWithAppOpGranted
Bug: 179709842
Bug: 173421434
Change-Id: I3853a3708275aff3cdb4ca427eaebe50ab0cc6b8
diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/DeviceIdentifierTest.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/DeviceIdentifierTest.java
index 1232edd..a27c2a5 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/DeviceIdentifierTest.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/DeviceIdentifierTest.java
@@ -16,6 +16,7 @@
package android.appsecurity.cts;
+import android.platform.test.annotations.SecurityTest;
import com.android.compatibility.common.tradefed.build.CompatibilityBuildHelper;
import com.android.tradefed.build.IBuildInfo;
import com.android.tradefed.device.DeviceNotAvailableException;
@@ -57,6 +58,7 @@
getDevice().uninstallPackage(DEVICE_IDENTIFIER_PKG);
}
+ @SecurityTest(minPatchLevel = "2021-04")
public void testDeviceIdentifierAccessWithAppOpGranted() throws Exception {
setDeviceIdentifierAccessAppOp(DEVICE_IDENTIFIER_PKG, true);
Utils.runDeviceTestsAsCurrentUser(getDevice(), DEVICE_IDENTIFIER_PKG,
diff --git a/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/Android.bp b/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/Android.bp
index 6eac9b6..79b81c9 100644
--- a/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/Android.bp
+++ b/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/Android.bp
@@ -24,12 +24,14 @@
static_libs: [
"androidx.test.rules",
"compatibility-device-util-axt",
+ "platform-test-annotations",
],
libs: ["android.test.base"],
srcs: ["src/**/*.java"],
test_suites: [
"cts",
"general-tests",
+ "sts",
],
optimize: {
enabled: false,
diff --git a/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/src/android/appsecurity/cts/deviceids/DeviceIdentifierAppOpTest.java b/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/src/android/appsecurity/cts/deviceids/DeviceIdentifierAppOpTest.java
index 0534895..753bc2b 100644
--- a/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/src/android/appsecurity/cts/deviceids/DeviceIdentifierAppOpTest.java
+++ b/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/src/android/appsecurity/cts/deviceids/DeviceIdentifierAppOpTest.java
@@ -22,6 +22,7 @@
import android.content.Context;
import android.content.pm.PackageManager;
import android.os.Build;
+import android.platform.test.annotations.SecurityTest;
import android.telephony.SubscriptionInfo;
import android.telephony.SubscriptionManager;
import android.telephony.TelephonyManager;
@@ -45,6 +46,7 @@
+ "granted when invoking %s.";
@Test
+ @SecurityTest(minPatchLevel = "2021-04")
public void testAccessToDeviceIdentifiersWithAppOp() throws Exception {
Context context = InstrumentationRegistry.getContext();
TelephonyManager telephonyManager =
diff --git a/hostsidetests/devicepolicy/app/DeviceOwner/Android.bp b/hostsidetests/devicepolicy/app/DeviceOwner/Android.bp
index ba0953a..2b19671 100644
--- a/hostsidetests/devicepolicy/app/DeviceOwner/Android.bp
+++ b/hostsidetests/devicepolicy/app/DeviceOwner/Android.bp
@@ -51,5 +51,6 @@
"cts",
"general-tests",
"mts",
+ "sts",
],
}
diff --git a/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/DeviceIdentifiersTest.java b/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/DeviceIdentifiersTest.java
index 4c356d2..a5a0cc6 100644
--- a/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/DeviceIdentifiersTest.java
+++ b/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/DeviceIdentifiersTest.java
@@ -15,6 +15,7 @@
*/
package com.android.cts.deviceowner;
+import android.platform.test.annotations.SecurityTest;
import android.content.Context;
import android.content.pm.PackageManager;
import android.os.Build;
@@ -33,6 +34,7 @@
"An unexpected value was received by the device owner with the READ_PHONE_STATE "
+ "permission when invoking %s";
+ @SecurityTest(minPatchLevel = "2021-04")
public void testDeviceOwnerCanGetDeviceIdentifiersWithPermission() {
// The device owner with the READ_PHONE_STATE permission should have access to all device
// identifiers. However since the TelephonyManager methods can return null this method
diff --git a/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/DeviceOwnerTest.java b/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/DeviceOwnerTest.java
index fcf7e76..8992ec6 100644
--- a/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/DeviceOwnerTest.java
+++ b/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/DeviceOwnerTest.java
@@ -27,6 +27,7 @@
import android.platform.test.annotations.FlakyTest;
import android.platform.test.annotations.LargeTest;
+import android.platform.test.annotations.SecurityTest;
import android.stats.devicepolicy.EventId;
import com.android.compatibility.common.tradefed.build.CompatibilityBuildHelper;
@@ -611,6 +612,7 @@
}
@Test
+ @SecurityTest(minPatchLevel = "2021-04")
public void testDeviceOwnerCanGetDeviceIdentifiers() throws Exception {
// The Device Owner should have access to all device identifiers.
diff --git a/tests/tests/telephony3/Android.bp b/tests/tests/telephony3/Android.bp
index d520461..5284cda 100644
--- a/tests/tests/telephony3/Android.bp
+++ b/tests/tests/telephony3/Android.bp
@@ -28,6 +28,7 @@
test_suites: [
"cts",
"general-tests",
+ "sts",
],
libs: ["android.test.runner"] + ["android.test.base"],
}
diff --git a/tests/tests/telephony3/src/android/telephony3/cts/TelephonyManagerTest.java b/tests/tests/telephony3/src/android/telephony3/cts/TelephonyManagerTest.java
index eaf161e..b1f4a52 100644
--- a/tests/tests/telephony3/src/android/telephony3/cts/TelephonyManagerTest.java
+++ b/tests/tests/telephony3/src/android/telephony3/cts/TelephonyManagerTest.java
@@ -23,6 +23,7 @@
import android.content.Context;
import android.content.pm.PackageManager;
import android.os.Build;
+import android.platform.test.annotations.SecurityTest;
import android.telephony.SubscriptionInfo;
import android.telephony.SubscriptionManager;
import android.telephony.TelephonyManager;
@@ -52,6 +53,7 @@
}
@Test
+ @SecurityTest(minPatchLevel = "2021-04")
public void testDeviceIdentifiersAreNotAccessible() throws Exception {
// Apps with the READ_PHONE_STATE permission should no longer have access to device
// identifiers. If an app's target SDK is less than Q and it has been granted the