diff options
author | Ryan Mitchell <rtmitchell@google.com> | 2018-06-06 09:32:43 -0700 |
---|---|---|
committer | Ryan Mitchell <rtmitchell@google.com> | 2018-08-08 09:30:42 -0700 |
commit | f6f09d5a4495f426c95e9292ab1133bbef55e750 (patch) | |
tree | 123d1286e7f6b251bf7f2d4dbf689db350f864b6 | |
parent | d333a47e1fb3cb06df73a80cd495be21cdea61bd (diff) | |
download | platform_cts-f6f09d5a4495f426c95e9292ab1133bbef55e750.tar.gz platform_cts-f6f09d5a4495f426c95e9292ab1133bbef55e750.tar.bz2 platform_cts-f6f09d5a4495f426c95e9292ab1133bbef55e750.zip |
RESTRICT AUTOMERGE: CTS: Verify DynamicRefTable::load security fix
This tests that corrupted apks fail to install on P and later as well as
adds a new test to verify that the DynamicRedTable::load security fix
prevents out-of-bounds reads from occurring.
Bug: 79488511
Test: run cts -m CtsAppSecurityHostTestCases \
-t android.appsecurity.cts.CorruptApkTests
Change-Id: I5b60758cb4979c6a593ff57e73acdd559b5d1be7
Merged-In: I5b60758cb4979c6a593ff57e73acdd559b5d1be7
-rw-r--r-- | hostsidetests/appsecurity/res/corruptapk/CtsCorruptApkTests_b71361168.apk | bin | 710089 -> 1891867 bytes | |||
-rw-r--r-- | hostsidetests/appsecurity/res/corruptapk/CtsCorruptApkTests_b79488511.apk | bin | 0 -> 1891846 bytes | |||
-rw-r--r-- | hostsidetests/appsecurity/src/com/android/cts/appsecurity/CorruptApkTests.java | 35 |
3 files changed, 20 insertions, 15 deletions
diff --git a/hostsidetests/appsecurity/res/corruptapk/CtsCorruptApkTests_b71361168.apk b/hostsidetests/appsecurity/res/corruptapk/CtsCorruptApkTests_b71361168.apk Binary files differindex ef1e2bf5d79..dc00656dc20 100644 --- a/hostsidetests/appsecurity/res/corruptapk/CtsCorruptApkTests_b71361168.apk +++ b/hostsidetests/appsecurity/res/corruptapk/CtsCorruptApkTests_b71361168.apk diff --git a/hostsidetests/appsecurity/res/corruptapk/CtsCorruptApkTests_b79488511.apk b/hostsidetests/appsecurity/res/corruptapk/CtsCorruptApkTests_b79488511.apk Binary files differnew file mode 100644 index 00000000000..22af499980f --- /dev/null +++ b/hostsidetests/appsecurity/res/corruptapk/CtsCorruptApkTests_b79488511.apk diff --git a/hostsidetests/appsecurity/src/com/android/cts/appsecurity/CorruptApkTests.java b/hostsidetests/appsecurity/src/com/android/cts/appsecurity/CorruptApkTests.java index 8fc1ff929ca..b334b05a8a2 100644 --- a/hostsidetests/appsecurity/src/com/android/cts/appsecurity/CorruptApkTests.java +++ b/hostsidetests/appsecurity/src/com/android/cts/appsecurity/CorruptApkTests.java @@ -39,7 +39,8 @@ import java.io.OutputStream; */ public class CorruptApkTests extends DeviceTestCase implements IBuildReceiver { private final String B71360999_PKG = "com.android.appsecurity.b71360999"; - private final String B71361168_PKG = "com.example.helloworld"; + private final String B71361168_PKG = "com.android.appsecurity.b71361168"; + private final String B79488511_PKG = "com.android.appsecurity.b79488511"; private static final String TEST_APK_RESOURCE_PREFIX = "/corruptapk/"; private IBuildInfo mBuildInfo; @@ -55,6 +56,7 @@ public class CorruptApkTests extends DeviceTestCase implements IBuildReceiver { super.setUp(); uninstall(B71360999_PKG); uninstall(B71361168_PKG); + uninstall(B79488511_PKG); } @After @@ -63,6 +65,7 @@ public class CorruptApkTests extends DeviceTestCase implements IBuildReceiver { super.tearDown(); uninstall(B71360999_PKG); uninstall(B71361168_PKG); + uninstall(B79488511_PKG); } /** Uninstall the apk if the test failed previously. */ @@ -74,11 +77,11 @@ public class CorruptApkTests extends DeviceTestCase implements IBuildReceiver { } /** - * Tests that apks described in b/71360999 do not install successfully nor cause + * Tests that apks described in b/71360999 do not install successfully. */ public void testFailToInstallCorruptStringPoolHeader_b71360999() throws Exception { final String APK_PATH = "CtsCorruptApkTests_b71360999.apk"; - assertFailsToInstall(APK_PATH, B71360999_PKG); + assertInstallNoFatalError(APK_PATH, B71360999_PKG); } /** @@ -86,29 +89,31 @@ public class CorruptApkTests extends DeviceTestCase implements IBuildReceiver { */ public void testFailToInstallCorruptStringPoolHeader_b71361168() throws Exception { final String APK_PATH = "CtsCorruptApkTests_b71361168.apk"; - assertFailsToInstall(APK_PATH, B71361168_PKG); + assertInstallNoFatalError(APK_PATH, B71361168_PKG); } /** - * Assert that the app fails to install and the reason for failing is not caused by a buffer - * overflow nor a out of bounds read. + * Tests that apks described in b/79488511 do not install successfully. + */ + public void testFailToInstallCorruptStringPoolHeader_b79488511() throws Exception { + final String APK_PATH = "CtsCorruptApkTests_b79488511.apk"; + assertInstallNoFatalError(APK_PATH, B79488511_PKG); + } + + /** + * Assert that installing the app does not cause a native error caused by a buffer overflow + * or an out-of-bounds read. **/ - private void assertFailsToInstall(String filename, String pkg) throws Exception { + private void assertInstallNoFatalError(String filename, String pkg) throws Exception { ITestDevice device = getDevice(); device.clearLogcat(); - installPackageFromResource(filename); - assertFalse(device.getInstalledPackageNames().contains(pkg)); - // This catches if the device fails to install the app because a segmentation fault // or out of bounds read created by the bug occurs String logs = device.executeAdbCommand("logcat", "-d"); assertNotNull(logs); - // Whether we hung or not, check for the log indicating the size is bad - boolean fixWasHit = logs.contains("Bad string block: malformed block dimensions") || - logs.contains("Bad string block: data size"); - assertTrue(fixWasHit); + // Also check for the original indicators assertFalse(logs.contains("SIGSEGV")); assertFalse(logs.contains("==ERROR")); @@ -117,7 +122,7 @@ public class CorruptApkTests extends DeviceTestCase implements IBuildReceiver { /** * Attempt to install the package with the given name from resources **/ - private void installPackageFromResource(String apkFilenameInResources) + private void installPackageFromResource(String apkFilenameInResources) throws Exception { final ITestDevice device = getDevice(); String fullResourceName = TEST_APK_RESOURCE_PREFIX + apkFilenameInResources; |