tests/tests/security/src/android/security/cts/NativeCodeTest.java

/*
 * Copyright (C) 2013 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package android.security.cts;

import android.platform.test.annotations.SecurityTest;

import junit.framework.TestCase;

@SecurityTest
public class NativeCodeTest extends TestCase {

    static {
        System.loadLibrary("ctssecurity_jni");
    }

    @SecurityTest
    public void testPerfEvent() throws Exception {
        assertFalse("Device is vulnerable to CVE-2013-2094. Please apply security patch "
                    + "at http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/"
                    + "commit/?id=8176cced706b5e5d15887584150764894e94e02f",
                    doPerfEventTest());
    }

    @SecurityTest
    public void testPerfEvent2() throws Exception {
        assertTrue(doPerfEventTest2());
    }

    @SecurityTest
    public void testFutex() throws Exception {
        assertTrue("Device is vulnerable to CVE-2014-3153, a vulnerability in the futex() system "
                   + "call. Please apply the security patch at "
                   + "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/"
                   + "?id=e9c243a5a6de0be8e584c604d353412584b592f8",
                   doFutexTest());
    }

    @SecurityTest
    public void testNvmapIocFromId() throws Exception {
        assertTrue("Device is vulnerable to CVE-2014-5332. "
                   + "NVIDIA has released code fixes to upstream repositories and device vendors. "
                   + "For more information, see "
                   + "https://nvidia.custhelp.com/app/answers/detail/a_id/3618",
                   doNvmapIocFromIdTest());
    }

    @SecurityTest
    public void testPingPongRoot() throws Exception {
        assertTrue("Device is vulnerable to CVE-2015-3636, a vulnerability in the ping "
                   + "socket implementation. Please apply the security patch at "
                   + "https://github.com/torvalds/linux/commit/a134f083e79f",
                   doPingPongRootTest());
    }

    @SecurityTest
    public void testPipeReadV() throws Exception {
        assertTrue("Device is vulnerable to CVE-2015-1805 and/or CVE-2016-0774,"
                   + " a vulnerability in the pipe_read() function."
                   + " Please apply the following patches:\n"
                   + "https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=75cf667b7fac08a7b21694adca7dff07361be68a\n"
                   + "https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=feae3ca2e5e1a8f44aa6290255d3d9709985d0b2\n",
                   doPipeReadVTest());
    }

    @SecurityTest
    public void testSysVipc() throws Exception {
        assertTrue("Android does not support Sys V IPC, it must "
                   + "be removed from the kernel. In the kernel config: "
                   + "Change \"CONFIG_SYSVIPC=y\" to \"# CONFIG_SYSVIPC is not set\" "
                   + "and rebuild.",
                   doSysVipcTest());
    }

    /**
     * Returns true iff this device is vulnerable to CVE-2013-2094.
     * A patch for CVE-2013-2094 can be found at
     * http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8176cced706b5e5d15887584150764894e94e02f
     */
    private static native boolean doPerfEventTest();

    /**
     * CVE-2013-4254
     *
     * Verifies that
     * http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c95eb3184ea1a3a2551df57190c81da695e2144b
     * is applied to the system. Returns true if the patch is applied,
     * and crashes the system otherwise.
     *
     * While you're at it, please also apply the following patch:
     * http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b88a2595b6d8aedbd275c07dfa784657b4f757eb
     *
     * Credit: https://github.com/deater/perf_event_tests/blob/master/exploits/arm_perf_exploit.c
     */
    private static native boolean doPerfEventTest2();

    @SecurityTest
    public void testCVE20141710() throws Exception {
        assertTrue("Device is vulnerable to CVE-2014-1710", doCVE20141710Test());
    }

    /**
     * ANDROID-15455425 / CVE-2014-3153
     *
     * Returns true if the device is patched against the futex() system call vulnerability.
     *
     * More information on this vulnerability is at http://seclists.org/oss-sec/2014/q2/467 and
     * the patch is at:
     * https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9c243a5a6de0be8e584c604d353412584b592f8
     */
    private static native boolean doFutexTest();

    /**
     * ANDROID-17453812 / CVE-2014-5332
     *
     * Returns true if the device is patched against the NVMAP_IOC_FROM_ID ioctl call.
     *
     * More information on this vulnreability is available at
     * https://nvidia.custhelp.com/app/answers/detail/a_id/3618
     */
    private static native boolean doNvmapIocFromIdTest();

    /**
     * Returns true if the device is immune to CVE-2014-1710,
     * false if the device is vulnerable.
     */
    private static native boolean doCVE20141710Test();

    /**
     * CVE-2015-3636
     *
     * Returns true if the patch is applied, crashes the system otherwise.
     *
     * Detects if the following patch is present.
     * https://github.com/torvalds/linux/commit/a134f083e79f
     *
     * Credit: Wen Xu and wushi of KeenTeam.
     * http://seclists.org/oss-sec/2015/q2/333
     */
    private static native boolean doPingPongRootTest();

    /**
     * CVE-2015-1805 and CVE-2016-0774
     *
     * Returns true if the patches are applied, crashes the system otherwise.
     *
     * Detects if the following patches are present.
     * https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=75cf667b7fac08a7b21694adca7dff07361be68a
     * https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=feae3ca2e5e1a8f44aa6290255d3d9709985d0b2
     *
     * b/27275324 and b/27721803
     */
    private static native boolean doPipeReadVTest();

    /**
     * Test that SysV IPC has been removed from the kernel.
     *
     * Returns true if SysV IPC has been removed.
     *
     * System V IPCs are not compliant with Android's application lifecycle because allocated
     * resources are not freed by the low memory killer. This lead to global kernel resource leakage.
     *
     * For example, there is no way to automatically release a SysV semaphore
     * allocated in the kernel when:
     * - a buggy or malicious process exits
     * - a non-buggy and non-malicious process crashes or is explicitly killed.
     *
     * Killing processes automatically to make room for new ones is an
     * important part of Android's application lifecycle implementation. This means
     * that, even assuming only non-buggy and non-malicious code, it is very likely
     * that over time, the kernel global tables used to implement SysV IPCs will fill
     * up.
     */
    private static native boolean doSysVipcTest();

}