STS test for Android Security CVE-2021-0428 [RESTRICT AUTOMERGE]
Test: sts-tradefed run sts-engbuild-no-spl-lock -m CtsTelephony3TestCases -t android.telephony3.cts.TelephonyManagerTest#testDeviceIdentifiersAreNotAccessible
TEST: sts-tradefed run sts-engbuild-no-spl-lock -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.DeviceIdentifierTest#testDeviceIdentifierAccessWithAppOpGranted
Bug: 179709842
Bug: 173421434
Change-Id: I3853a3708275aff3cdb4ca427eaebe50ab0cc6b8
diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/DeviceIdentifierTest.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/DeviceIdentifierTest.java
index 45e84b7..06fc7fc 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/DeviceIdentifierTest.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/DeviceIdentifierTest.java
@@ -16,6 +16,7 @@
package android.appsecurity.cts;
+import android.platform.test.annotations.SecurityTest;
import com.android.compatibility.common.tradefed.build.CompatibilityBuildHelper;
import com.android.tradefed.build.IBuildInfo;
import com.android.tradefed.device.DeviceNotAvailableException;
@@ -57,6 +58,7 @@
getDevice().uninstallPackage(DEVICE_IDENTIFIER_PKG);
}
+ @SecurityTest(minPatchLevel = "2021-04")
public void testDeviceIdentifierAccessWithAppOpGranted() throws Exception {
setDeviceIdentifierAccessAppOp(DEVICE_IDENTIFIER_PKG, true);
Utils.runDeviceTests(getDevice(), DEVICE_IDENTIFIER_PKG, DEVICE_IDENTIFIER_CLASS,
diff --git a/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/Android.bp b/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/Android.bp
index 6d4bf42..056a88b 100644
--- a/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/Android.bp
+++ b/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/Android.bp
@@ -20,6 +20,7 @@
static_libs: [
"androidx.test.rules",
"compatibility-device-util-axt",
+ "platform-test-annotations",
],
libs: ["android.test.base.stubs"],
srcs: ["src/**/*.java"],
@@ -27,6 +28,7 @@
"cts",
"vts",
"general-tests",
+ "sts",
],
optimize: {
enabled: false,
diff --git a/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/src/android/appsecurity/cts/deviceids/DeviceIdentifierAppOpTest.java b/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/src/android/appsecurity/cts/deviceids/DeviceIdentifierAppOpTest.java
index 140f75d..9ca9a4c 100644
--- a/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/src/android/appsecurity/cts/deviceids/DeviceIdentifierAppOpTest.java
+++ b/hostsidetests/appsecurity/test-apps/DeviceIdentifiers/src/android/appsecurity/cts/deviceids/DeviceIdentifierAppOpTest.java
@@ -22,6 +22,7 @@
import android.content.Context;
import android.content.pm.PackageManager;
import android.os.Build;
+import android.platform.test.annotations.SecurityTest;
import android.telephony.SubscriptionInfo;
import android.telephony.SubscriptionManager;
import android.telephony.TelephonyManager;
@@ -45,6 +46,7 @@
+ "granted when invoking %s.";
@Test
+ @SecurityTest(minPatchLevel = "2021-04")
public void testAccessToDeviceIdentifiersWithAppOp() throws Exception {
Context context = InstrumentationRegistry.getContext();
TelephonyManager telephonyManager =
diff --git a/hostsidetests/devicepolicy/app/DeviceOwner/Android.bp b/hostsidetests/devicepolicy/app/DeviceOwner/Android.bp
index 850d720..05e101b 100644
--- a/hostsidetests/devicepolicy/app/DeviceOwner/Android.bp
+++ b/hostsidetests/devicepolicy/app/DeviceOwner/Android.bp
@@ -45,5 +45,6 @@
"cts",
"vts",
"general-tests",
+ "sts",
],
}
diff --git a/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/DeviceIdentifiersTest.java b/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/DeviceIdentifiersTest.java
index 65f04c0..60c4b7ef 100644
--- a/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/DeviceIdentifiersTest.java
+++ b/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/DeviceIdentifiersTest.java
@@ -15,6 +15,7 @@
*/
package com.android.cts.deviceowner;
+import android.platform.test.annotations.SecurityTest;
import android.content.Context;
import android.os.Build;
import android.telephony.SubscriptionInfo;
@@ -35,6 +36,7 @@
"A device owner that does not have the READ_PHONE_STATE permission must receive a "
+ "SecurityException when invoking %s";
+ @SecurityTest(minPatchLevel = "2021-04")
public void testDeviceOwnerCanGetDeviceIdentifiersWithPermission() throws Exception {
// The device owner with the READ_PHONE_STATE permission should have access to all device
// identifiers. However since the TelephonyManager methods can return null this method
diff --git a/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/DeviceOwnerTest.java b/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/DeviceOwnerTest.java
index d223f03..9445d94 100644
--- a/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/DeviceOwnerTest.java
+++ b/hostsidetests/devicepolicy/src/com/android/cts/devicepolicy/DeviceOwnerTest.java
@@ -18,6 +18,7 @@
import static com.android.cts.devicepolicy.metrics.DevicePolicyEventLogVerifier.assertMetricsLogged;
+import android.platform.test.annotations.SecurityTest;
import android.stats.devicepolicy.EventId;
import com.android.compatibility.common.tradefed.build.CompatibilityBuildHelper;
@@ -771,6 +772,7 @@
"testEnablingAndDisablingBackupService");
}
+ @SecurityTest(minPatchLevel = "2021-04")
public void testDeviceOwnerCanGetDeviceIdentifiers() throws Exception {
// The Device Owner should have access to all device identifiers.
if (!mHasFeature) {
diff --git a/tests/tests/telephony3/Android.mk b/tests/tests/telephony3/Android.mk
index c09501a..40ed713 100644
--- a/tests/tests/telephony3/Android.mk
+++ b/tests/tests/telephony3/Android.mk
@@ -33,7 +33,7 @@
LOCAL_SDK_VERSION := 28
# Tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts vts general-tests
+LOCAL_COMPATIBILITY_SUITE := cts vts general-tests sts
LOCAL_JAVA_LIBRARIES += android.test.runner.stubs
LOCAL_JAVA_LIBRARIES += android.test.base.stubs
diff --git a/tests/tests/telephony3/src/android/telephony3/cts/TelephonyManagerTest.java b/tests/tests/telephony3/src/android/telephony3/cts/TelephonyManagerTest.java
index af3a54c..76a4ad0 100644
--- a/tests/tests/telephony3/src/android/telephony3/cts/TelephonyManagerTest.java
+++ b/tests/tests/telephony3/src/android/telephony3/cts/TelephonyManagerTest.java
@@ -23,6 +23,7 @@
import android.content.Context;
import android.content.pm.PackageManager;
import android.os.Build;
+import android.platform.test.annotations.SecurityTest;
import android.telephony.SubscriptionInfo;
import android.telephony.SubscriptionManager;
import android.telephony.TelephonyManager;
@@ -53,6 +54,7 @@
}
@Test
+ @SecurityTest(minPatchLevel = "2021-04")
public void testDeviceIdentifiersAreNotAccessible() throws Exception {
// Apps with the READ_PHONE_STATE permission should no longer have access to device
// identifiers. If an app's target SDK is less than Q and it has been granted the