[DO NOT MERGE] Test backupAgentCreated() for caller outside of package
Adds test which checks the behavior when AM.backupAgentCreated() is called for a package which doesn't belong to the caller.
Bug: 289549315
Test: atest android.security.cts.ActivityManagerTest#testActivityManager_backupAgentCreated_rejectIfCallerUidNotEqualsPackageUid
Change-Id: Ifcf46e774109903ab2e977d287b5f8cb40b76838
diff --git a/tests/tests/security/src/android/security/cts/ActivityManagerTest.java b/tests/tests/security/src/android/security/cts/ActivityManagerTest.java
index 116d21e..197b1a8 100644
--- a/tests/tests/security/src/android/security/cts/ActivityManagerTest.java
+++ b/tests/tests/security/src/android/security/cts/ActivityManagerTest.java
@@ -262,6 +262,41 @@
assertNull(activity.mReceivedTransition);
}
+ @AsbSecurityTest(cveBugId = 289549315)
+ @Test
+ public void testActivityManager_backupAgentCreated_rejectIfCallerUidNotEqualsPackageUid()
+ throws Exception {
+ SecurityException securityException = null;
+ Exception unexpectedException = null;
+ try {
+ final Object iam = ActivityManager.class.getDeclaredMethod("getService").invoke(null);
+ Class.forName("android.app.IActivityManager").getDeclaredMethod("backupAgentCreated",
+ String.class, IBinder.class, int.class)
+ .invoke(iam, /* agentPackageName*/ "android", /* agent */ null, /* userId */ 0);
+ } catch (SecurityException e) {
+ securityException = e;
+ } catch (InvocationTargetException e) {
+ if (e.getCause() instanceof SecurityException) {
+ securityException = (SecurityException) e.getCause();
+ } else {
+ unexpectedException = e;
+ }
+ } catch (Exception e) {
+ unexpectedException = e;
+ }
+ if (unexpectedException != null) {
+ Log.w("ActivityManagerTest", "Unexpected exception", unexpectedException);
+ fail("ActivityManagerNative.backupAgentCreated() API should have thrown "
+ + "SecurityException when invoked from process with uid not matching target "
+ + "package uid.");
+ }
+
+ assertNotNull("Expected SecurityException when caller's uid doesn't match package uid",
+ securityException);
+ assertEquals("android does not belong to uid " + Process.myUid(),
+ securityException.getMessage());
+ }
+
/**
* Run ActivityManager.getHistoricalProcessExitReasons once, return the time spent on it.
*/