Add test for CVE-2014-5532

Change-Id: I49caf3c3131e987fbeb7639193a59cfdaaf962f1
diff --git a/tests/tests/security/jni/android_security_cts_NativeCodeTest.cpp b/tests/tests/security/jni/android_security_cts_NativeCodeTest.cpp
index faa6eea..776729d 100644
--- a/tests/tests/security/jni/android_security_cts_NativeCodeTest.cpp
+++ b/tests/tests/security/jni/android_security_cts_NativeCodeTest.cpp
@@ -282,6 +282,35 @@
     return (ret == -1 && errno == EINVAL);
 }
 
+static jboolean android_security_cts_NativeCodeTest_doNvmapIocFromIdTest(JNIEnv*, jobject)
+{
+    /*
+     * IOCTL code specified from the original Qualcomm notification.
+     * Also available in:
+     *     .../kernel/tegra/drivers/video/tegra/nvmap/nvmap_ioctl.h
+     * #define NVMAP_IOC_MAGIC 'N'
+     * #define NVMAP_IOC_FROM_ID _IOWR(NVMAP_IOC_MAGIC, 2, struct nvmap_create_handle)
+     */
+    const int NVMAP_IOC_FROM_ID = 0xc0084e02;
+    int       nvmap = open("/dev/nvmap", O_RDWR | O_CLOEXEC, 0);
+    bool      vulnerable = false;
+
+    if (nvmap >= 0) {
+        if (0 >= ioctl(nvmap, NVMAP_IOC_FROM_ID)) {
+            /* IOCTL succeeded */
+            vulnerable = true;
+        }
+        else if (errno != ENOTTY) {
+            /* IOCTL failed, but provided the wrong error number */
+            vulnerable = true;
+        }
+
+        close(nvmap);
+    }
+
+    return !vulnerable;
+}
+
 
 static JNINativeMethod gMethods[] = {
     {  "doPerfEventTest", "()Z",
@@ -296,6 +325,8 @@
             (void *) android_security_cts_NativeCodeTest_doCVE20141710Test },
     {  "doFutexTest", "()Z",
             (void *) android_security_cts_NativeCodeTest_doFutexTest },
+    {  "doFutexTest", "()Z",
+            (void *) android_security_cts_NativeCodeTest_doNvmapIocFromIdTest },
 };
 
 int register_android_security_cts_NativeCodeTest(JNIEnv* env)
diff --git a/tests/tests/security/src/android/security/cts/NativeCodeTest.java b/tests/tests/security/src/android/security/cts/NativeCodeTest.java
index 4be00b6..0bb8d12 100644
--- a/tests/tests/security/src/android/security/cts/NativeCodeTest.java
+++ b/tests/tests/security/src/android/security/cts/NativeCodeTest.java
@@ -56,6 +56,14 @@
                    doFutexTest());
     }
 
+    public void testNvmapIocFromId() throws Exception {
+        assertTrue("Device is vulnerable to CVE-2014-5332. "
+                   + "NVIDIA has released code fixes to upstream repositories and device vendors. "
+                   + "For more information, see "
+                   + "https://nvidia.custhelp.com/app/answers/detail/a_id/3618",
+                   doNvmapIocFromIdTest());
+    }
+
     /**
      * Returns true iff this device is vulnerable to CVE-2013-2094.
      * A patch for CVE-2013-2094 can be found at
@@ -110,6 +118,16 @@
     private static native boolean doFutexTest();
 
     /**
+     * ANDROID-17453812 / CVE-2014-5332
+     *
+     * Returns true if the device is patched against the NVMAP_IOC_FROM_ID ioctl call.
+     *
+     * More information on this vulnreability is available at
+     * https://nvidia.custhelp.com/app/answers/detail/a_id/3618
+     */
+    private static native boolean doNvmapIocFromIdTest();
+
+    /**
      * Returns true if the device is immune to CVE-2014-1710,
      * false if the device is vulnerable.
      */