diff options
Diffstat (limited to 'libraries/sts-common-util/sts-sdk/package/test-app')
6 files changed, 75 insertions, 126 deletions
diff --git a/libraries/sts-common-util/sts-sdk/package/test-app/src/main/AndroidManifest.xml b/libraries/sts-common-util/sts-sdk/package/test-app/src/main/AndroidManifest.xml index b7f8ac87e..a16eccb9d 100644 --- a/libraries/sts-common-util/sts-sdk/package/test-app/src/main/AndroidManifest.xml +++ b/libraries/sts-common-util/sts-sdk/package/test-app/src/main/AndroidManifest.xml @@ -32,13 +32,5 @@ <category android:name="android.intent.category.LAUNCHER" /> </intent-filter> </activity> - <receiver android:name=".PocReceiver" - android:exported="true"> - <intent-filter> - <action android:name="com.android.nfc.handover.action.ALLOW_CONNECT" /> - <action android:name="com.android.nfc.handover.action.DENY_CONNECT" /> - <action android:name="com.android.nfc.handover.action.TIMEOUT_CONNECT" /> - </intent-filter> - </receiver> </application> </manifest> diff --git a/libraries/sts-common-util/sts-sdk/package/test-app/src/main/java/android/security/sts/sts_test_app_package/DeviceTest.java b/libraries/sts-common-util/sts-sdk/package/test-app/src/main/java/android/security/sts/sts_test_app_package/DeviceTest.java index da1f7bf47..a218e81f6 100644 --- a/libraries/sts-common-util/sts-sdk/package/test-app/src/main/java/android/security/sts/sts_test_app_package/DeviceTest.java +++ b/libraries/sts-common-util/sts-sdk/package/test-app/src/main/java/android/security/sts/sts_test_app_package/DeviceTest.java @@ -18,56 +18,82 @@ package android.security.sts.sts_test_app_package; import static androidx.test.core.app.ApplicationProvider.getApplicationContext; import static androidx.test.platform.app.InstrumentationRegistry.getInstrumentation; -import static org.junit.Assert.assertNotEquals; -import static org.junit.Assume.assumeNoException; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + +import android.content.BroadcastReceiver; import android.content.Context; -import android.content.SharedPreferences; +import android.content.Intent; +import android.content.IntentFilter; +import android.util.Log; -import androidx.annotation.IntegerRes; -import androidx.annotation.StringRes; -import androidx.test.runner.AndroidJUnit4; -import androidx.test.uiautomator.UiDevice; +import androidx.test.ext.junit.runners.AndroidJUnit4; import org.junit.Test; import org.junit.runner.RunWith; +import java.util.concurrent.Semaphore; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.atomic.AtomicReference; + +/** + * An example device test that starts an activity and uses broadcasts to wait for the artifact + * proving vulnerability + */ @RunWith(AndroidJUnit4.class) public class DeviceTest { + private static final String TAG = DeviceTest.class.getSimpleName(); + Context mContext; - Context mAppContext; + /** Test broadcast action */ + public static final String ACTION_BROADCAST = "action_security_test_broadcast"; + /** Broadcast intent extra name for artifacts */ + public static final String INTENT_ARTIFACT = "artifact"; - int getInteger(@IntegerRes int resId) { - return mAppContext.getResources().getInteger(resId); - } + /** Device test */ + @Test + public void testDeviceSideMethod() throws Exception { + mContext = getApplicationContext(); - String getString(@StringRes int resId) { - return mAppContext.getResources().getString(resId); - } + AtomicReference<String> actual = new AtomicReference<>(); + final Semaphore broadcastReceived = new Semaphore(0); + BroadcastReceiver broadcastReceiver = + new BroadcastReceiver() { + @Override + public void onReceive(Context context, Intent intent) { + try { + if (!intent.getAction().equals(ACTION_BROADCAST)) { + Log.i( + TAG, + String.format( + "got a broadcast that we didn't expect: %s", + intent.getAction())); + } + actual.set(intent.getStringExtra(INTENT_ARTIFACT)); + broadcastReceived.release(); + } catch (Exception e) { + Log.e(TAG, "got an exception when handling broadcast", e); + } + } + }; + IntentFilter filter = new IntentFilter(); // see if there's a shorthand + filter.addAction(ACTION_BROADCAST); // what does this return? + mContext.registerReceiver(broadcastReceiver, filter); - @Test - public void testDeviceSideMethod() { + // start the target app try { - mAppContext = getApplicationContext(); - UiDevice device = UiDevice.getInstance(getInstrumentation()); - device.executeShellCommand( - "am start -n com.android.nfc/.handover.ConfirmConnectActivity"); - long startTime = System.currentTimeMillis(); - while ((System.currentTimeMillis() - startTime) - < getInteger(R.integer.MAX_WAIT_TIME_MS)) { - SharedPreferences sh = - mAppContext.getSharedPreferences( - getString(R.string.SHARED_PREFERENCE), Context.MODE_APPEND); - int result = - sh.getInt(getString(R.string.RESULT_KEY), getInteger(R.integer.DEFAULT)); - assertNotEquals( - "NFC Android App broadcasts Bluetooth device information!", - result, - getInteger(R.integer.FAIL)); - Thread.sleep(getInteger(R.integer.SLEEP_TIME_MS)); - } - } catch (Exception e) { - assumeNoException(e); + Log.d(TAG, "starting local activity"); + Intent newActivityIntent = new Intent(mContext, PocActivity.class); + newActivityIntent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK); + // this could be startActivityForResult, but is generic for illustrative purposes + mContext.startActivity(newActivityIntent); + } finally { + getInstrumentation().getUiAutomation().dropShellPermissionIdentity(); } + assertTrue( + "Timed out when getting result from other activity", + broadcastReceived.tryAcquire(/* TIMEOUT_MS */ 5000, TimeUnit.MILLISECONDS)); + assertEquals("The target artifact should have been 'secure'", "secure", actual.get()); } } diff --git a/libraries/sts-common-util/sts-sdk/package/test-app/src/main/java/android/security/sts/sts_test_app_package/PocActivity.java b/libraries/sts-common-util/sts-sdk/package/test-app/src/main/java/android/security/sts/sts_test_app_package/PocActivity.java index 27d682d19..daeb76c8b 100644 --- a/libraries/sts-common-util/sts-sdk/package/test-app/src/main/java/android/security/sts/sts_test_app_package/PocActivity.java +++ b/libraries/sts-common-util/sts-sdk/package/test-app/src/main/java/android/security/sts/sts_test_app_package/PocActivity.java @@ -17,13 +17,26 @@ package android.security.sts.sts_test_app_package; import android.app.Activity; +import android.content.Intent; import android.os.Bundle; +import android.util.Log; public class PocActivity extends Activity { + private static final String TAG = PocActivity.class.getSimpleName(); @Override protected void onCreate(Bundle savedInstanceState) { super.onCreate(savedInstanceState); setContentView(R.layout.activity_main); + Log.d(TAG, "poc activity started"); + + // Collect the artifact representing vulnerability here. + // Change this to whatever type best fits the vulnerable artifact; consider using a bundle + // if there are multiple artifacts necessary to prove the security vulnerability. + String artifact = "vulnerable"; + + Intent vulnerabilityDescriptionIntent = new Intent(DeviceTest.ACTION_BROADCAST); + vulnerabilityDescriptionIntent.putExtra(DeviceTest.INTENT_ARTIFACT, artifact); + this.sendBroadcast(vulnerabilityDescriptionIntent); } } diff --git a/libraries/sts-common-util/sts-sdk/package/test-app/src/main/java/android/security/sts/sts_test_app_package/PocReceiver.java b/libraries/sts-common-util/sts-sdk/package/test-app/src/main/java/android/security/sts/sts_test_app_package/PocReceiver.java deleted file mode 100644 index ac879258e..000000000 --- a/libraries/sts-common-util/sts-sdk/package/test-app/src/main/java/android/security/sts/sts_test_app_package/PocReceiver.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (C) 2022 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package android.security.sts.sts_test_app_package; - -import android.content.BroadcastReceiver; -import android.content.Context; -import android.content.Intent; -import android.content.SharedPreferences; - -public class PocReceiver extends BroadcastReceiver { - - @Override - public void onReceive(Context context, Intent intent) { - SharedPreferences sh = - context.getSharedPreferences( - context.getResources().getString(R.string.SHARED_PREFERENCE), - Context.MODE_PRIVATE); - SharedPreferences.Editor edit = sh.edit(); - edit.putInt( - context.getResources().getString(R.string.RESULT_KEY), - context.getResources().getInteger(R.integer.FAIL)); - edit.commit(); - } -} diff --git a/libraries/sts-common-util/sts-sdk/package/test-app/src/main/res/values/integers.xml b/libraries/sts-common-util/sts-sdk/package/test-app/src/main/res/values/integers.xml deleted file mode 100644 index acdcd84b6..000000000 --- a/libraries/sts-common-util/sts-sdk/package/test-app/src/main/res/values/integers.xml +++ /dev/null @@ -1,23 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - Copyright 2022 The Android Open Source Project - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - --> - -<resources> - <integer name="DEFAULT">0</integer> - <integer name="FAIL">1</integer> - <integer name="SLEEP_TIME_MS">500</integer> - <integer name="MAX_WAIT_TIME_MS">10000</integer> -</resources> diff --git a/libraries/sts-common-util/sts-sdk/package/test-app/src/main/res/values/strings.xml b/libraries/sts-common-util/sts-sdk/package/test-app/src/main/res/values/strings.xml deleted file mode 100644 index 286e6fd69..000000000 --- a/libraries/sts-common-util/sts-sdk/package/test-app/src/main/res/values/strings.xml +++ /dev/null @@ -1,21 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- - Copyright 2022 The Android Open Source Project - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - --> - -<resources> - <string name="RESULT_KEY">result</string> - <string name="SHARED_PREFERENCE">sts_test_app_failure</string> -</resources> |