Test for keystore crashing due to malformed names
(cherry picked from commit cb35803b31a8c0fe5e767e7a57632757c751346c)
Bug: 10676015
Change-Id: I2bdb74c0761080f7545edc1ea63302090ff0afdb
diff --git a/tests/tests/security/src/android/security/cts/KeystoreExploitTest.java b/tests/tests/security/src/android/security/cts/KeystoreExploitTest.java
new file mode 100644
index 0000000..23266c2
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/KeystoreExploitTest.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright (C) 2011 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import android.test.AndroidTestCase;
+
+import java.io.File;
+import java.lang.reflect.Method;
+
+public class KeystoreExploitTest extends AndroidTestCase {
+ public void testKeystoreCrash() throws Exception {
+ int pid = Proc.findPidFor("/system/bin/keystore");
+
+ Class<?> keystoreClass = Class.forName("android.security.KeyStore");
+ Method getInstance = keystoreClass.getMethod("getInstance");
+ Method get = keystoreClass.getMethod("get", String.class);
+
+ Object keystore = getInstance.invoke(null);
+ String keyName = "AAAA AAAA AAAA AAAA "
+ + "AAAA AAAA AAAA AAAA "
+ + "AAAA AAAA AAAA AAAA "
+ + "AAAA AAAA AAAA AAAA "
+ + "AAAA AAAA AAAA AAAA "
+ + "AAAA AAAA AAAA AAAA "
+ + "AAAA AAAA AAAA AAAA "
+ + "AAAA AAAA AAAA AAAA "
+ + "AAAA AAAA AAAA AAAA "
+ + "AAAA AAAA AAAA AAAA "
+ + "AAAA AAAA AAAA AAAA "
+ + "AAAA AAAA AAAA AAAA "
+ + "AAAA AAAA AAAA AAAA "
+ + "AAAA AAAA AAAA AAAA "
+ + "AAAA AAAA AAAA AAAA "
+ + "AAAA AAAA AAAA AAAA "
+ + "AAAA AAAA AAAA AAAA "
+ + "AAAA AAAA AAAA AAAA "
+ + "AAAA AAAA AAAA AAAA "
+ + "AAAA AAAA AAAA AAAA";
+ get.invoke(keystore, keyName);
+
+ Thread.sleep(2000); // give keystore some time to crash
+
+ assertTrue("PID=" + pid + " crashed due to a malformed key name.",
+ new File("/proc/" + pid + "/cmdline").exists());
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/Proc.java b/tests/tests/security/src/android/security/cts/Proc.java
new file mode 100644
index 0000000..6fe0706
--- /dev/null
+++ b/tests/tests/security/src/android/security/cts/Proc.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2011 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.security.cts;
+
+import java.io.BufferedReader;
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+
+/**
+ * Utilities for accessing /proc filesystem information.
+ */
+public class Proc {
+ public static int findPidFor(String executable) throws IOException {
+ File f = new File("/proc");
+ for (File d : f.listFiles()) {
+ String cmdLineString = d.getAbsolutePath() + "/cmdline";
+ File cmdLine = new File(cmdLineString);
+ if (cmdLine.exists()) {
+ BufferedReader in = null;
+ try {
+ in = new BufferedReader(new FileReader(cmdLine));
+ String line = in.readLine();
+ if ((line != null) && line.startsWith(executable)) {
+ return Integer.decode(d.getName());
+ }
+ } finally {
+ if (in != null) {
+ in.close();
+ }
+ }
+ }
+ }
+ throw new RuntimeException("should never get here");
+ }
+}
diff --git a/tests/tests/security/src/android/security/cts/VoldExploitTest.java b/tests/tests/security/src/android/security/cts/VoldExploitTest.java
index d7f97ee..74d0f68 100644
--- a/tests/tests/security/src/android/security/cts/VoldExploitTest.java
+++ b/tests/tests/security/src/android/security/cts/VoldExploitTest.java
@@ -58,7 +58,7 @@
* is the typical failure for this test.
*/
public void testZergRushCrash() throws Exception {
- int pid = findVold();
+ int pid = Proc.findPidFor("/system/bin/vold");
StorageManager sm = (StorageManager) getContext().getSystemService(Context.STORAGE_SERVICE);
sm.getMountedObbPath("AAAA AAAA AAAA AAAA "
@@ -214,29 +214,6 @@
}
}
- private static int findVold() throws IOException {
- File f = new File("/proc");
- for (File d : f.listFiles()) {
- String cmdLineString = d.getAbsolutePath() + "/cmdline";
- File cmdLine = new File(cmdLineString);
- if (cmdLine.exists()) {
- BufferedReader in = null;
- try {
- in = new BufferedReader(new FileReader(cmdLine));
- String line = in.readLine();
- if ((line != null) && line.startsWith("/system/bin/vold")) {
- return Integer.decode(d.getName());
- }
- } finally {
- if (in != null) {
- in.close();
- }
- }
- }
- }
- throw new RuntimeException("should never get here");
- }
-
/**
* Extract all the PIDs listening for netlink messages.
*/