diff options
author | Emilian Peev <epeev@google.com> | 2018-05-11 16:14:11 +0100 |
---|---|---|
committer | hamzeh <hamzeh@google.com> | 2018-05-15 17:38:35 -0700 |
commit | d92e3377679fc83b49bc09e742a9ccdee8b15a61 (patch) | |
tree | 2b1d4ad45bfedf0890f533ede2c1347d9d346780 | |
parent | 77f5b53be1adc83733a96a8dc9a1f0c9fb5530af (diff) | |
download | sts-android-security-8.1.0_r91.tar.gz |
Merge commit 'b74cbcce3f0026e8ef3f586e8cc266e0374859db' into am-c67d124f-e517-450d-961f-9cad0643e6fdandroid-security-8.1.0_r93android-security-8.1.0_r92android-security-8.1.0_r91android-security-8.1.0_r90android-security-8.1.0_r89android-security-8.1.0_r88android-security-8.1.0_r87android-security-8.1.0_r86android-security-8.1.0_r85android-security-8.1.0_r84android-security-8.1.0_r83android-security-8.1.0_r82android-8.1.0_r81android-8.1.0_r80android-8.1.0_r79android-8.1.0_r78android-8.1.0_r77android-8.1.0_r76android-8.1.0_r75android-8.1.0_r74android-8.1.0_r73android-8.1.0_r72android-8.1.0_r71android-8.1.0_r70android-8.1.0_r69android-8.1.0_r68android-8.1.0_r66security-oc-mr1-releaseoreo-mr1-security-release
* commit 'b74cbcce3f0026e8ef3f586e8cc266e0374859db':
RESTRICT AUTOMERGE: STS test for Android Security b/77238656
Test: successful run of newly introduced STS test case.
Bug: 77238656
Change-Id: Ieb253916d3c0fc918315f4f588c4d59923c01c76
(cherry picked from commit 790830def1d7d6d8f01f9199cd009e11383bc047)
-rw-r--r-- | tests/hostside/AndroidTest.xml | 6 | ||||
-rw-r--r-- | tests/hostside/securityPatch/Bug-77238656/Android.mk | 32 | ||||
-rw-r--r-- | tests/hostside/securityPatch/Bug-77238656/poc.cpp | 37 | ||||
-rw-r--r-- | tests/hostside/src/android/security/sts/Poc18_07.java | 46 |
4 files changed, 120 insertions, 1 deletions
diff --git a/tests/hostside/AndroidTest.xml b/tests/hostside/AndroidTest.xml index 2482cc4..b4765be 100644 --- a/tests/hostside/AndroidTest.xml +++ b/tests/hostside/AndroidTest.xml @@ -194,7 +194,6 @@ <!-- Bulletin 2017-11 --> <!-- Please add tests solely from this bulletin below to avoid merge conflict --> <option name="push" value="CVE-2017-9690->/data/local/tmp/CVE-2017-9690" /> - <option name="push" value="CVE-2017-6264->/data/local/tmp/CVE-2017-6264" /> <!--__________________--> @@ -209,6 +208,11 @@ <option name="push" value="Bug-77486542->/data/local/tmp/Bug-77486542" /> + <!-- Bulletin 2018-07 --> + <!-- Please add tests solely from this bulletin below to avoid merge conflict --> + + <option name="push" value="Bug-77238656->/data/local/tmp/Bug-77238656" /> + <option name="append-bitness" value="true" /> </target_preparer> <target_preparer class="com.android.compatibility.common.tradefed.targetprep.FilePusher"> diff --git a/tests/hostside/securityPatch/Bug-77238656/Android.mk b/tests/hostside/securityPatch/Bug-77238656/Android.mk new file mode 100644 index 0000000..78829be --- /dev/null +++ b/tests/hostside/securityPatch/Bug-77238656/Android.mk @@ -0,0 +1,32 @@ +# Copyright (C) 2018 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +LOCAL_PATH := $(call my-dir) + +include $(CLEAR_VARS) +LOCAL_MODULE := Bug-77238656 +LOCAL_SRC_FILES := poc.cpp +LOCAL_MULTILIB := both +LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32 +LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64 + +# Tag this module as a sts test artifact +LOCAL_COMPATIBILITY_SUITE := sts +LOCAL_CTS_TEST_PACKAGE := android.security.sts + +LOCAL_SHARED_LIBRARIES := liblog libcamera_metadata + +LOCAL_ARM_MODE := arm +LOCAL_CFLAGS += -Wall -Werror -W -g +include $(BUILD_CTS_EXECUTABLE) diff --git a/tests/hostside/securityPatch/Bug-77238656/poc.cpp b/tests/hostside/securityPatch/Bug-77238656/poc.cpp new file mode 100644 index 0000000..48e3a78 --- /dev/null +++ b/tests/hostside/securityPatch/Bug-77238656/poc.cpp @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <utils/Log.h> +#include "system/camera_metadata.h" + +static const uint32_t kPaddingByteOffset = 36; + +int main() { + camera_metadata_t *buffer = nullptr; + buffer = allocate_camera_metadata(1, 100); + if (buffer != nullptr) { + uint8_t *byteBuffer = reinterpret_cast<uint8_t *> (buffer); + if ((byteBuffer[kPaddingByteOffset] != 0) || + (byteBuffer[kPaddingByteOffset + 1] != 0) || + (byteBuffer[kPaddingByteOffset + 2] != 0) || + (byteBuffer[kPaddingByteOffset + 3] != 0)) { + return 113; + } + free_camera_metadata(buffer); + } + + return 0; +} diff --git a/tests/hostside/src/android/security/sts/Poc18_07.java b/tests/hostside/src/android/security/sts/Poc18_07.java new file mode 100644 index 0000000..4383d0c --- /dev/null +++ b/tests/hostside/src/android/security/sts/Poc18_07.java @@ -0,0 +1,46 @@ +/** + * Copyright (C) 2018 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.sts; + +import static org.junit.Assert.*; +import android.platform.test.annotations.RootPermissionTest; +import org.junit.Test; +import org.junit.runner.RunWith; + +public class Poc18_07 extends SecurityTestCase { + + /** + * b/77238656 + */ + @RootPermissionTest + public void testPocBug_77238656() throws Exception { + final String PROPERTY_GET = "getprop libc.debug.malloc.options"; + final String PROPERTY_SET = "setprop libc.debug.malloc.options "; + enableAdbRoot(getDevice()); + String oldProperty = AdbUtils.runCommandLine(PROPERTY_GET, getDevice()); + AdbUtils.runCommandLine(PROPERTY_SET + "fill", getDevice()); + AdbUtils.runCommandLine("logcat -c", getDevice()); + boolean retCode = AdbUtils.runPocCheckExitCode("Bug-77238656", getDevice(), 30); + String logcat = AdbUtils.runCommandLine("logcat -d", getDevice()); + if ((oldProperty == null) || (oldProperty.isEmpty())) { + AdbUtils.runCommandLine(PROPERTY_SET + "\"\"", getDevice()); + } else { + AdbUtils.runCommandLine(PROPERTY_SET + "\"" + oldProperty + "\"", getDevice()); + } + assertFalse("Metadata padding is not empty", retCode); + } +} |