Don't allow "enable_root" in adb.
This is a non-standard extension which is causing security
problems. Block it.
(cherry picked from commit ce8bdcac3350d007897f83fe2a421b84a24868f0)
Bug: 11784703
Change-Id: If0ea7b215424629094a929de0b5a9499ef528ef8
diff --git a/tests/tests/security/src/android/security/cts/BannedFilesTest.java b/tests/tests/security/src/android/security/cts/BannedFilesTest.java
index 6913fb2..0198ae7 100644
--- a/tests/tests/security/src/android/security/cts/BannedFilesTest.java
+++ b/tests/tests/security/src/android/security/cts/BannedFilesTest.java
@@ -20,7 +20,11 @@
import junit.framework.TestCase;
+import java.io.DataInputStream;
import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
public class BannedFilesTest extends TestCase {
@@ -48,6 +52,34 @@
}
}
+ public void testNoEnableRoot() throws UnsupportedEncodingException {
+ byte[] badPattern = "enable_root".getBytes("US-ASCII");
+ assertFileDoesNotContain("/system/bin/adb", badPattern);
+ }
+
+ private static void assertFileDoesNotContain(String filename, byte[] pattern) {
+ try {
+ File f = new File(filename);
+ byte[] fileData = new byte[(int) f.length()];
+ DataInputStream dis = new DataInputStream(new FileInputStream(f));
+ dis.readFully(fileData);
+ dis.close();
+
+ outer:
+ for (int i = 0; i < (fileData.length - pattern.length); i++) {
+ for (int j = 0; j < pattern.length; j++) {
+ if (fileData[i+j] != pattern[j]) {
+ continue outer;
+ }
+ }
+ fail("Found banned pattern in " + filename);
+ }
+
+ } catch (IOException e) {
+ // ignore - no such file, or IO error. Assume OK.
+ }
+ }
+
/**
* setuid or setgid "ip" command can be used to modify the
* routing tables of a device, potentially allowing a malicious