hostsidetests/securitybulletin/test-apps/CVE-2021-39702/src/android/security/cts/CVE_2021_39702/DeviceTest.java - platform/cts - Git at Google

 /*
  * Copyright (C) 2022 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package android.security.cts.CVE_2021_39702;

 import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
 import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;

 import static org.junit.Assert.assertTrue;
 import static org.junit.Assume.assumeNoException;
 import static org.junit.Assume.assumeNotNull;
 import static org.junit.Assume.assumeTrue;

 import android.content.Context;
 import android.content.Intent;
 import android.content.pm.PackageManager;
 import android.content.pm.ResolveInfo;
 import android.net.Uri;
 import android.provider.Settings;
 import android.security.AppUriAuthenticationPolicy;
 import android.security.Credentials;
 import android.security.KeyChain;

 import androidx.test.runner.AndroidJUnit4;
 import androidx.test.uiautomator.By;
 import androidx.test.uiautomator.UiDevice;
 import androidx.test.uiautomator.Until;

 import org.junit.Test;
 import org.junit.runner.RunWith;

 import java.io.IOException;
 import java.util.regex.Pattern;

 @RunWith(AndroidJUnit4.class)
 public class DeviceTest {
     private static final int LAUNCH_TIMEOUT_MS = 20000;
     private String vulnerableActivityName = "";

     private void startOverlayService() {
         Context context = getApplicationContext();
         assumeNotNull(context);
         Intent intent = new Intent(context, PocService.class);
         assumeTrue(context.getString(R.string.canNotDrawOverlaysMsg),
                 Settings.canDrawOverlays(context));
         try {
             context.startService(intent);
         } catch (Exception e) {
             assumeNoException(context.getString(R.string.overlayServiceNotStartedException), e);
         }
     }

     public void startVulnerableActivity() {
         Context context = getApplicationContext();
         assumeNotNull(context);
         Intent intent = new Intent(Credentials.ACTION_MANAGE_CREDENTIALS);
         intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
         AppUriAuthenticationPolicy policy = new AppUriAuthenticationPolicy.Builder()
                 .addAppAndUriMapping(context.getPackageName(), Uri.parse(""),
                         context.getString(R.string.overlayAttack))
                 .build();
         intent.putExtra(KeyChain.EXTRA_AUTHENTICATION_POLICY, policy);
         PackageManager pm = context.getPackageManager();
         assumeNotNull(pm);
         ResolveInfo ri = pm.resolveActivity(intent, PackageManager.MATCH_DEFAULT_ONLY);
         assumeTrue(context.getString(R.string.activityNotFoundMsg) + intent, ri != null);
         assumeNotNull(ri.activityInfo);
         vulnerableActivityName = ri.activityInfo.name;
         try {
             context.startActivity(intent);
         } catch (Exception e) {
             assumeNoException(context.getString(R.string.activityNotStartedException) + intent, e);
         }
     }

     @Test
     public void testOverlayButtonPresence() {
         Context context = getApplicationContext();
         assumeNotNull(context);
         UiDevice device = UiDevice.getInstance(getInstrumentation());
         assumeNotNull(device);

         /* Start the overlay service */
         startOverlayService();

         /* Wait for the overlay window */
         Pattern overlayTextPattern = Pattern.compile(context.getString(R.string.overlayButtonText),
                 Pattern.CASE_INSENSITIVE);
         assumeTrue(context.getString(R.string.overlayUiScreenError),
                 device.wait(Until.hasObject(By.text(overlayTextPattern)), LAUNCH_TIMEOUT_MS));

         /* Start the vulnerable activity */
         startVulnerableActivity();

         /* Wait until the object of launcher activity is gone */
         boolean overlayDisallowed = device.wait(Until.gone(By.pkg(context.getPackageName())),
                 LAUNCH_TIMEOUT_MS);

         /* Check if the currently running activity is the vulnerable activity */
         String activityDump = "";
         try {
             activityDump = device.executeShellCommand(
                     context.getString(R.string.dumpsysActivity) + " " + vulnerableActivityName);
         } catch (IOException e) {
             assumeNoException(context.getString(R.string.dumpsysActivityNotStartedException), e);
         }
         Pattern activityPattern =
                 Pattern.compile(context.getString(R.string.mResumedTrue), Pattern.CASE_INSENSITIVE);
         assumeTrue(context.getString(R.string.vulActivityNotRunningError),
                 activityPattern.matcher(activityDump).find());

         /* Failing the test as fix is not present */
         assertTrue(context.getString(R.string.errorMessage), overlayDisallowed);
     }
 }
	/*
	* Copyright (C) 2022 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package android.security.cts.CVE_2021_39702;

	import static androidx.test.core.app.ApplicationProvider.getApplicationContext;
	import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation;

	import static org.junit.Assert.assertTrue;
	import static org.junit.Assume.assumeNoException;
	import static org.junit.Assume.assumeNotNull;
	import static org.junit.Assume.assumeTrue;

	import android.content.Context;
	import android.content.Intent;
	import android.content.pm.PackageManager;
	import android.content.pm.ResolveInfo;
	import android.net.Uri;
	import android.provider.Settings;
	import android.security.AppUriAuthenticationPolicy;
	import android.security.Credentials;
	import android.security.KeyChain;

	import androidx.test.runner.AndroidJUnit4;
	import androidx.test.uiautomator.By;
	import androidx.test.uiautomator.UiDevice;
	import androidx.test.uiautomator.Until;

	import org.junit.Test;
	import org.junit.runner.RunWith;

	import java.io.IOException;
	import java.util.regex.Pattern;

	@RunWith(AndroidJUnit4.class)
	public class DeviceTest {
	private static final int LAUNCH_TIMEOUT_MS = 20000;
	private String vulnerableActivityName = "";

	private void startOverlayService() {
	Context context = getApplicationContext();
	assumeNotNull(context);
	Intent intent = new Intent(context, PocService.class);
	assumeTrue(context.getString(R.string.canNotDrawOverlaysMsg),
	Settings.canDrawOverlays(context));
	try {
	context.startService(intent);
	} catch (Exception e) {
	assumeNoException(context.getString(R.string.overlayServiceNotStartedException), e);
	}
	}

	public void startVulnerableActivity() {
	Context context = getApplicationContext();
	assumeNotNull(context);
	Intent intent = new Intent(Credentials.ACTION_MANAGE_CREDENTIALS);
	intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
	AppUriAuthenticationPolicy policy = new AppUriAuthenticationPolicy.Builder()
	.addAppAndUriMapping(context.getPackageName(), Uri.parse(""),
	context.getString(R.string.overlayAttack))
	.build();
	intent.putExtra(KeyChain.EXTRA_AUTHENTICATION_POLICY, policy);
	PackageManager pm = context.getPackageManager();
	assumeNotNull(pm);
	ResolveInfo ri = pm.resolveActivity(intent, PackageManager.MATCH_DEFAULT_ONLY);
	assumeTrue(context.getString(R.string.activityNotFoundMsg) + intent, ri != null);
	assumeNotNull(ri.activityInfo);
	vulnerableActivityName = ri.activityInfo.name;
	try {
	context.startActivity(intent);
	} catch (Exception e) {
	assumeNoException(context.getString(R.string.activityNotStartedException) + intent, e);
	}
	}

	@Test
	public void testOverlayButtonPresence() {
	Context context = getApplicationContext();
	assumeNotNull(context);
	UiDevice device = UiDevice.getInstance(getInstrumentation());
	assumeNotNull(device);

	/* Start the overlay service */
	startOverlayService();

	/* Wait for the overlay window */
	Pattern overlayTextPattern = Pattern.compile(context.getString(R.string.overlayButtonText),
	Pattern.CASE_INSENSITIVE);
	assumeTrue(context.getString(R.string.overlayUiScreenError),
	device.wait(Until.hasObject(By.text(overlayTextPattern)), LAUNCH_TIMEOUT_MS));

	/* Start the vulnerable activity */
	startVulnerableActivity();

	/* Wait until the object of launcher activity is gone */
	boolean overlayDisallowed = device.wait(Until.gone(By.pkg(context.getPackageName())),
	LAUNCH_TIMEOUT_MS);

	/* Check if the currently running activity is the vulnerable activity */
	String activityDump = "";
	try {
	activityDump = device.executeShellCommand(
	context.getString(R.string.dumpsysActivity) + " " + vulnerableActivityName);
	} catch (IOException e) {
	assumeNoException(context.getString(R.string.dumpsysActivityNotStartedException), e);
	}
	Pattern activityPattern =
	Pattern.compile(context.getString(R.string.mResumedTrue), Pattern.CASE_INSENSITIVE);
	assumeTrue(context.getString(R.string.vulActivityNotRunningError),
	activityPattern.matcher(activityDump).find());

	/* Failing the test as fix is not present */
	assertTrue(context.getString(R.string.errorMessage), overlayDisallowed);
	}
	}