STS test for Android Security CVE-2021-0428 Test: sts-tradefed run sts-engbuild-no-spl-lock -m CtsTelephony3TestCases -t android.telephony3.cts.TelephonyManagerTest#testDeviceIdentifiersAreNotAccessible TEST: sts-tradefed run sts-engbuild-no-spl-lock -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.DeviceIdentifierTest#testDeviceIdentifierAccessWithAppOpGranted Bug: 179709842 Bug: 173421434 Change-Id: I3853a3708275aff3cdb4ca427eaebe50ab0cc6b8

commit: 7705f27c0cb024bf352346af7dd8feaf161eb112 [log] [tgz]
author: Miroslaw Niemiec <mniemiec@google.com> Thu Mar 04 09:48:47 2021 -0800
committer: Christopher Dombroski <cdombroski@google.com> Tue Jun 15 16:42:34 2021 -0700
tree: 40f774369fea6afe030c2e4610044354391f8c28
parent: 8a54828e29e60fdd2a1d44d5786a661bafa7e609 [diff]
diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/DeviceIdentifierTest.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/DeviceIdentifierTest.java
index 1232edd..a27c2a5 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/DeviceIdentifierTest.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/DeviceIdentifierTest.java

@@ -16,6 +16,7 @@
 
 package android.appsecurity.cts;
 
+import android.platform.test.annotations.SecurityTest;
 import com.android.compatibility.common.tradefed.build.CompatibilityBuildHelper;
 import com.android.tradefed.build.IBuildInfo;
 import com.android.tradefed.device.DeviceNotAvailableException;
@@ -57,6 +58,7 @@
         getDevice().uninstallPackage(DEVICE_IDENTIFIER_PKG);
     }
 
+    @SecurityTest(minPatchLevel = "2021-04")
     public void testDeviceIdentifierAccessWithAppOpGranted() throws Exception {
         setDeviceIdentifierAccessAppOp(DEVICE_IDENTIFIER_PKG, true);
         Utils.runDeviceTestsAsCurrentUser(getDevice(), DEVICE_IDENTIFIER_PKG,

diff --git a/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/Android.bp b/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/Android.bp
index 6eac9b6..79b81c9 100644
--- a/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/Android.bp
+++ b/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/Android.bp

@@ -24,12 +24,14 @@
     static_libs: [
         "androidx.test.rules",
         "compatibility-device-util-axt",
+        "platform-test-annotations",
     ],
     libs: ["android.test.base"],
     srcs: ["src/**/*.java"],
     test_suites: [
         "cts",
         "general-tests",
+        "sts",
     ],
     optimize: {
         enabled: false,

diff --git a/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/src/android/appsecurity/cts/deviceids/DeviceIdentifierAppOpTest.java b/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/src/android/appsecurity/cts/deviceids/DeviceIdentifierAppOpTest.java
index 0534895..753bc2b 100644
--- a/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/src/android/appsecurity/cts/deviceids/DeviceIdentifierAppOpTest.java
+++ b/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/src/android/appsecurity/cts/deviceids/DeviceIdentifierAppOpTest.java

@@ -22,6 +22,7 @@
 import android.content.Context;
 import android.content.pm.PackageManager;
 import android.os.Build;
+import android.platform.test.annotations.SecurityTest;
 import android.telephony.SubscriptionInfo;
 import android.telephony.SubscriptionManager;
 import android.telephony.TelephonyManager;
@@ -45,6 +46,7 @@
                     + "granted when invoking %s.";
 
     @Test
+    @SecurityTest(minPatchLevel = "2021-04")
     public void testAccessToDeviceIdentifiersWithAppOp() throws Exception {
         Context context = InstrumentationRegistry.getContext();
         TelephonyManager telephonyManager =

diff --git a/hostsidetests/devicepolicy/app/DeviceOwner/Android.bp b/hostsidetests/devicepolicy/app/DeviceOwner/Android.bp
index ba0953a..2b19671 100644
--- a/hostsidetests/devicepolicy/app/DeviceOwner/Android.bp
+++ b/hostsidetests/devicepolicy/app/DeviceOwner/Android.bp

@@ -51,5 +51,6 @@
         "cts",
         "general-tests",
         "mts",
+        "sts",
     ],
 }

diff --git a/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/DeviceIdentifiersTest.java b/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/DeviceIdentifiersTest.java
index 4c356d2..a5a0cc6 100644
--- a/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/DeviceIdentifiersTest.java
+++ b/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/DeviceIdentifiersTest.java

@@ -15,6 +15,7 @@
  */
 package com.android.cts.deviceowner;
 
+import android.platform.test.annotations.SecurityTest;
 import android.content.Context;
 import android.content.pm.PackageManager;
 import android.os.Build;
@@ -33,6 +34,7 @@
             "An unexpected value was received by the device owner with the READ_PHONE_STATE "
                     + "permission when invoking %s";
 
+    @SecurityTest(minPatchLevel = "2021-04")
     public void testDeviceOwnerCanGetDeviceIdentifiersWithPermission() {
         // The device owner with the READ_PHONE_STATE permission should have access to all device
         // identifiers. However since the TelephonyManager methods can return null this method

diff --git a/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/DeviceOwnerTest.java b/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/DeviceOwnerTest.java
index fcf7e76..8992ec6 100644
--- a/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/DeviceOwnerTest.java
+++ b/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/DeviceOwnerTest.java

@@ -27,6 +27,7 @@
 
 import android.platform.test.annotations.FlakyTest;
 import android.platform.test.annotations.LargeTest;
+import android.platform.test.annotations.SecurityTest;
 import android.stats.devicepolicy.EventId;
 
 import com.android.compatibility.common.tradefed.build.CompatibilityBuildHelper;
@@ -611,6 +612,7 @@
     }
 
     @Test
+    @SecurityTest(minPatchLevel = "2021-04")
     public void testDeviceOwnerCanGetDeviceIdentifiers() throws Exception {
         // The Device Owner should have access to all device identifiers.
 

diff --git a/tests/tests/telephony3/Android.bp b/tests/tests/telephony3/Android.bp
index d520461..5284cda 100644
--- a/tests/tests/telephony3/Android.bp
+++ b/tests/tests/telephony3/Android.bp

@@ -28,6 +28,7 @@
     test_suites: [
         "cts",
         "general-tests",
+        "sts",
     ],
     libs: ["android.test.runner"] + ["android.test.base"],
 }

diff --git a/tests/tests/telephony3/src/android/telephony3/cts/TelephonyManagerTest.java b/tests/tests/telephony3/src/android/telephony3/cts/TelephonyManagerTest.java
index eaf161e..b1f4a52 100644
--- a/tests/tests/telephony3/src/android/telephony3/cts/TelephonyManagerTest.java
+++ b/tests/tests/telephony3/src/android/telephony3/cts/TelephonyManagerTest.java

@@ -23,6 +23,7 @@
 import android.content.Context;
 import android.content.pm.PackageManager;
 import android.os.Build;
+import android.platform.test.annotations.SecurityTest;
 import android.telephony.SubscriptionInfo;
 import android.telephony.SubscriptionManager;
 import android.telephony.TelephonyManager;
@@ -52,6 +53,7 @@
     }
 
     @Test
+    @SecurityTest(minPatchLevel = "2021-04")
     public void testDeviceIdentifiersAreNotAccessible() throws Exception {
         // Apps with the READ_PHONE_STATE permission should no longer have access to device
         // identifiers. If an app's target SDK is less than Q and it has been granted the
commit	7705f27c0cb024bf352346af7dd8feaf161eb112	[log] [tgz]
author	Miroslaw Niemiec <mniemiec@google.com>	Thu Mar 04 09:48:47 2021 -0800
committer	Christopher Dombroski <cdombroski@google.com>	Tue Jun 15 16:42:34 2021 -0700
tree	40f774369fea6afe030c2e4610044354391f8c28
parent	8a54828e29e60fdd2a1d44d5786a661bafa7e609 [diff]