Google Git
Sign in
android / platform / cts / b926d30^! / .
commitb926d305a93f549668ce42db1f6a009e8a6a0b66[log] [tgz]
authorDeep Shaunik <dshaunik@google.com>Thu May 19 15:36:07 2016 +0530
committerDeep Shaunik <dshaunik@google.com>Thu May 19 15:36:07 2016 +0530
treeebe8b9d4adaed5b0b644313e0cd5ed0082623c59
parent7918f1e655c42c59101cdc177e56a0c59a9038c1 [diff]
Add CTS for CVE-2015-3833

This test is to verify that vulnerability: apps can bypass the L
restrictions in getRunningTasks() is fixed.

Bug: 20034603

Change-Id: I28675ade3b5bb15760b9d05c6cddc2cfc420b286
Signed-off-by: Deep Shaunik <dshaunik@google.com>

diff --git a/tests/tests/security/src/android/security/cts/RunningAppProcessInfoTest.java b/tests/tests/security/src/android/security/cts/RunningAppProcessInfoTest.java
new file mode 100644
index 0000000..f6e463f
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/RunningAppProcessInfoTest.java

@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import android.app.ActivityManager;
+import android.content.Context;
+import android.test.AndroidTestCase;
+
+import java.util.List;
+
+public class RunningAppProcessInfoTest extends AndroidTestCase {
+    /*
+     * This test verifies severity vulnerability: apps can bypass the L restrictions in
+     * getRunningTasks()is fixed. The test tries to get current RunningAppProcessInfo and passes
+     * the test if it is not able to get other process information.
+     */
+
+    public void testRunningAppProcessInfo() {
+        ActivityManager amActivityManager =
+                (ActivityManager) mContext.getSystemService(Context.ACTIVITY_SERVICE);
+        List<ActivityManager.RunningAppProcessInfo> appList =
+                amActivityManager.getRunningAppProcesses();
+        // The test will pass if it is able to get only its process info
+        assertTrue("Device is vulnerable to CVE-2015-3833. For more information, see " +
+                "https://android.googlesource.com/platform/frameworks/base/+" +
+                "/aaa0fee0d7a8da347a0c47cef5249c70efee209e", (appList.size() == 1));
+    }
+}