hostsidetests/securitybulletin/test-apps/CVE-2021-39707/src/android/security/cts/CVE_2021_39707/DeviceTest.java - platform/cts - Git at Google

 /*
  * Copyright (C) 2022 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package android.security.cts.CVE_2021_39707;

 import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
 import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;

 import static org.junit.Assert.assertFalse;
 import static org.junit.Assume.assumeNoException;
 import static org.junit.Assume.assumeTrue;

 import android.content.Context;
 import android.content.Intent;
 import android.provider.Settings;
 import android.telecom.TelecomManager;

 import androidx.test.runner.AndroidJUnit4;
 import androidx.test.uiautomator.By;
 import androidx.test.uiautomator.BySelector;
 import androidx.test.uiautomator.UiDevice;
 import androidx.test.uiautomator.UiObject2;
 import androidx.test.uiautomator.UiScrollable;
 import androidx.test.uiautomator.UiSelector;
 import androidx.test.uiautomator.Until;

 import org.junit.Test;
 import org.junit.runner.RunWith;

 @RunWith(AndroidJUnit4.class)
 public class DeviceTest {

     @Test
     public void testAppRestrictionsFragment() {
         try {
             /* Start the "User Settings" window */
             Intent intent = new Intent(Settings.ACTION_USER_SETTINGS);
             intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK);
             Context context = getApplicationContext();
             context.startActivity(intent);
             String settingsPkgName =
                     intent.resolveActivity(context.getPackageManager()).getPackageName();
             settingsPkgName =
                     (settingsPkgName == null) ? context.getString(R.string.defaultSettingsPkgName)
                             : settingsPkgName;

             /*
              * Click on the text "CVE_2021_39707_RestrictedUser", the restricted user that we added
              * before
              */
             final int uiTimeoutMs = 5000;
             String textRestrictedUser = context.getString(R.string.textRestrictedUser);
             BySelector selector = By.text(textRestrictedUser);
             UiDevice device = UiDevice.getInstance(getInstrumentation());
             assumeTrue(context.getString(R.string.timedOutMsg, textRestrictedUser),
                     device.wait(Until.hasObject(selector), uiTimeoutMs));
             device.findObject(selector).click();

             /* Click on the text "App & content access" */
             String textAppContentAccess = context.getString(R.string.textAppContentAccess);
             selector = By.text(textAppContentAccess);
             assumeTrue(context.getString(R.string.timedOutMsg, textAppContentAccess),
                     device.wait(Until.hasObject(selector), uiTimeoutMs));
             device.findObject(selector).click();

             /*
              * Click on the icon with resource name
              * "com.android.settings:id/app_restrictions_settings" next to the test app
              * "CVE-2021-39707"
              */
             UiScrollable scrollable = new UiScrollable(new UiSelector());
             String textTestApp = context.getString(R.string.testAppLabel);
             scrollable.scrollTextIntoView(textTestApp);
             selector = By.text(textTestApp);
             assumeTrue(context.getString(R.string.timedOutMsg, textTestApp),
                     device.wait(Until.hasObject(selector), uiTimeoutMs));
             UiObject2 parent = device.findObject(selector).getParent().getParent().getParent();
             selector = By.res(context.getString(R.string.resTestAppIcon, settingsPkgName));
             parent.findObject(selector).click();

             /*
              * Wait on the UI of the dialer app, test fails if the dialer app appears on the screen
              * which indicates vulnerable behaviour
              */
             TelecomManager telecomManager = context.getSystemService(TelecomManager.class);
             selector = By.pkg(telecomManager.getSystemDialerPackage());
             assertFalse(context.getString(R.string.testFailMsg),
                     device.wait(Until.hasObject(selector), uiTimeoutMs));
         } catch (Exception e) {
             assumeNoException(e);
         }
     }
 }
	/*
	* Copyright (C) 2022 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package android.security.cts.CVE_2021_39707;

	import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
	import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;

	import static org.junit.Assert.assertFalse;
	import static org.junit.Assume.assumeNoException;
	import static org.junit.Assume.assumeTrue;

	import android.content.Context;
	import android.content.Intent;
	import android.provider.Settings;
	import android.telecom.TelecomManager;

	import androidx.test.runner.AndroidJUnit4;
	import androidx.test.uiautomator.By;
	import androidx.test.uiautomator.BySelector;
	import androidx.test.uiautomator.UiDevice;
	import androidx.test.uiautomator.UiObject2;
	import androidx.test.uiautomator.UiScrollable;
	import androidx.test.uiautomator.UiSelector;
	import androidx.test.uiautomator.Until;

	import org.junit.Test;
	import org.junit.runner.RunWith;

	@RunWith(AndroidJUnit4.class)
	public class DeviceTest {

	@Test
	public void testAppRestrictionsFragment() {
	try {
	/* Start the "User Settings" window */
	Intent intent = new Intent(Settings.ACTION_USER_SETTINGS);
	intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK \| Intent.FLAG_ACTIVITY_CLEAR_TASK);
	Context context = getApplicationContext();
	context.startActivity(intent);
	String settingsPkgName =
	intent.resolveActivity(context.getPackageManager()).getPackageName();
	settingsPkgName =
	(settingsPkgName == null) ? context.getString(R.string.defaultSettingsPkgName)
	: settingsPkgName;

	/*
	* Click on the text "CVE_2021_39707_RestrictedUser", the restricted user that we added
	* before
	*/
	final int uiTimeoutMs = 5000;
	String textRestrictedUser = context.getString(R.string.textRestrictedUser);
	BySelector selector = By.text(textRestrictedUser);
	UiDevice device = UiDevice.getInstance(getInstrumentation());
	assumeTrue(context.getString(R.string.timedOutMsg, textRestrictedUser),
	device.wait(Until.hasObject(selector), uiTimeoutMs));
	device.findObject(selector).click();

	/* Click on the text "App & content access" */
	String textAppContentAccess = context.getString(R.string.textAppContentAccess);
	selector = By.text(textAppContentAccess);
	assumeTrue(context.getString(R.string.timedOutMsg, textAppContentAccess),
	device.wait(Until.hasObject(selector), uiTimeoutMs));
	device.findObject(selector).click();

	/*
	* Click on the icon with resource name
	* "com.android.settings:id/app_restrictions_settings" next to the test app
	* "CVE-2021-39707"
	*/
	UiScrollable scrollable = new UiScrollable(new UiSelector());
	String textTestApp = context.getString(R.string.testAppLabel);
	scrollable.scrollTextIntoView(textTestApp);
	selector = By.text(textTestApp);
	assumeTrue(context.getString(R.string.timedOutMsg, textTestApp),
	device.wait(Until.hasObject(selector), uiTimeoutMs));
	UiObject2 parent = device.findObject(selector).getParent().getParent().getParent();
	selector = By.res(context.getString(R.string.resTestAppIcon, settingsPkgName));
	parent.findObject(selector).click();

	/*
	* Wait on the UI of the dialer app, test fails if the dialer app appears on the screen
	* which indicates vulnerable behaviour
	*/
	TelecomManager telecomManager = context.getSystemService(TelecomManager.class);
	selector = By.pkg(telecomManager.getSystemDialerPackage());
	assertFalse(context.getString(R.string.testFailMsg),
	device.wait(Until.hasObject(selector), uiTimeoutMs));
	} catch (Exception e) {
	assumeNoException(e);
	}
	}
	}