[RESTRICT AUTOMERGE] CTS test for Android Security b/68300072
Bug: 68300072
Bug: 72323283
Test: Ran the new testcase on android-8.0.0_r11 with/without patch
Change-Id: Ie29b497fac7e20d7fa8a3758f3638e01a6528f23
diff --git a/common/host-side/tradefed/tests/src/com/android/compatibility/common/tradefed/presubmit/ValidateTestsAbi.java b/common/host-side/tradefed/tests/src/com/android/compatibility/common/tradefed/presubmit/ValidateTestsAbi.java
index f3c7abb..5753af0 100644
--- a/common/host-side/tradefed/tests/src/com/android/compatibility/common/tradefed/presubmit/ValidateTestsAbi.java
+++ b/common/host-side/tradefed/tests/src/com/android/compatibility/common/tradefed/presubmit/ValidateTestsAbi.java
@@ -149,6 +149,11 @@
* This binary only exists in 32-bit.
*/
BINARY_EXCEPTIONS.add("CVE-2017-084032");
+
+ /**
+ * This binary only exists in 32-bit.
+ */
+ BINARY_EXCEPTIONS.add("CVE-2017-1318932");
}
/**
diff --git a/hostsidetests/securitybulletin/AndroidTest.xml b/hostsidetests/securitybulletin/AndroidTest.xml
index 6c95998..ef9d4b9 100644
--- a/hostsidetests/securitybulletin/AndroidTest.xml
+++ b/hostsidetests/securitybulletin/AndroidTest.xml
@@ -271,6 +271,7 @@
<option name="cleanup" value="true" />
<!-- Please add 32-bit binary tests below to avoid merge conflict -->
+ <option name="push" value="CVE-2017-1318932->/data/local/tmp/CVE-2017-13189" />
<option name="push" value="CVE-2017-084032->/data/local/tmp/CVE-2017-0840" />
<option name="push" value="CVE-2017-1324132->/data/local/tmp/CVE-2017-13241" />
<option name="push" value="CVE-2016-390932->/data/local/tmp/CVE-2016-3909" />
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-13189/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2017-13189/Android.mk
new file mode 100644
index 0000000..9c69c5d
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2017-13189/Android.mk
@@ -0,0 +1,33 @@
+# Copyright (C) 2020 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+
+LOCAL_MODULE := CVE-2017-13189
+LOCAL_SRC_FILES := poc.c
+LOCAL_MULTILIB := 32
+LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
+LOCAL_C_INCLUDES := external/libavc/common
+LOCAL_C_INCLUDES += external/libavc/decoder
+LOCAL_SHARED_LIBRARIES := liblog
+LOCAL_SHARED_LIBRARIES += libstagefright_soft_avcdec
+
+# Tag this module as a cts test artifact
+LOCAL_COMPATIBILITY_SUITE := cts sts vts
+LOCAL_CTS_TEST_PACKAGE := android.security.cts
+
+LOCAL_ARM_MODE := arm
+LOCAL_CFLAGS += -Wall -Werror
+include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-13189/poc.c b/hostsidetests/securitybulletin/securityPatch/CVE-2017-13189/poc.c
new file mode 100644
index 0000000..2f94226
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2017-13189/poc.c
@@ -0,0 +1,52 @@
+/**
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <stdlib.h>
+#include "ih264_typedefs.h"
+#include "ih264d.h"
+#include "../includes/common.h"
+void * ih264a_aligned_malloc(void *pv_ctxt, WORD32 alignment, WORD32 i4_size) {
+ (void) pv_ctxt;
+ (void) alignment;
+ (void) i4_size;
+ return NULL;
+}
+void ih264a_aligned_free(void *pv_ctxt, void *pv_buf) {
+ (void) pv_ctxt;
+ free(pv_buf);
+ return;
+}
+int main() {
+ WORD32 ret;
+ ih264d_create_ip_t s_create_ip;
+ ih264d_create_op_t s_create_op;
+ s_create_ip.s_ivd_create_ip_t.e_cmd = IVD_CMD_CREATE;
+ s_create_ip.s_ivd_create_ip_t.u4_share_disp_buf = 0;
+ s_create_ip.s_ivd_create_ip_t.e_output_format = IV_YUV_420P;
+ s_create_ip.s_ivd_create_ip_t.pf_aligned_alloc = ih264a_aligned_malloc;
+ s_create_ip.s_ivd_create_ip_t.pf_aligned_free = ih264a_aligned_free;
+ s_create_ip.s_ivd_create_ip_t.pv_mem_ctxt = NULL;
+ s_create_ip.s_ivd_create_ip_t.u4_size = sizeof(ih264d_create_ip_t);
+ s_create_op.s_ivd_create_op_t.u4_size = sizeof(ih264d_create_op_t);
+ ret = ih264d_api_function(NULL, (void *) &s_create_ip,
+ (void *) &s_create_op);
+ if (ret != IV_SUCCESS) {
+ return EXIT_SUCCESS;
+ }
+ if (s_create_op.s_ivd_create_op_t.pv_handle == NULL) {
+ return EXIT_VULNERABLE;
+ }
+ return EXIT_SUCCESS;
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java b/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
index 06f8d58..f0ed942 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
@@ -49,6 +49,15 @@
******************************************************************************/
/**
+ * b/68300072
+ * Vulnerability Behaviour: EXIT_VULNERABLE (113)
+ */
+ @SecurityTest(minPatchLevel = "2018-01")
+ public void testPocCVE_2017_13189() throws Exception {
+ AdbUtils.runPocAssertNoCrashesNotVulnerable("CVE-2017-13189", null, getDevice());
+ }
+
+ /**
* b/62948670
* Vulnerability Behaviour: SIGSEGV in mediaserver or omx@1.0-service
*/