am 1c6f8237: am b33e0c42: am 39c4dedb: am 92e58b67: am 62d4d92a: am 46a37359: BannedFilesTest: Assert no su on device
* commit '1c6f82373a67541e3a5d73179219ab18db211d98':
BannedFilesTest: Assert no su on device
diff --git a/tests/tests/security/src/android/security/cts/BannedFilesTest.java b/tests/tests/security/src/android/security/cts/BannedFilesTest.java
index 6ce8588..c409b59 100644
--- a/tests/tests/security/src/android/security/cts/BannedFilesTest.java
+++ b/tests/tests/security/src/android/security/cts/BannedFilesTest.java
@@ -38,6 +38,26 @@
assertNotSetugid("/system/bin/sync_agent");
}
+ public void testNoSu() {
+ assertFalse("/sbin/su", new File("/sbin/su").exists());
+ assertFalse("/system/bin/su", new File("/system/bin/su").exists());
+ assertFalse("/system/sbin/su", new File("/system/sbin/su").exists());
+ assertFalse("/system/xbin/su", new File("/system/xbin/su").exists());
+ assertFalse("/vendor/bin/su", new File("/vendor/bin/su").exists());
+ }
+
+ public void testNoSuInPath() {
+ String path = System.getenv("PATH");
+ if (path == null) {
+ return;
+ }
+ String[] elems = path.split(":");
+ for (String i : elems) {
+ File f = new File(i, "su");
+ assertFalse(f.getAbsolutePath() + " exists", f.exists());
+ }
+ }
+
/**
* setuid or setgid "ip" command can be used to modify the
* routing tables of a device, potentially allowing a malicious