Merge "Get rid of zergrush reflection test" into jb-dev
diff --git a/tests/tests/security/src/android/security/cts/VoldExploitTest.java b/tests/tests/security/src/android/security/cts/VoldExploitTest.java
index 7247a79..d428c60 100644
--- a/tests/tests/security/src/android/security/cts/VoldExploitTest.java
+++ b/tests/tests/security/src/android/security/cts/VoldExploitTest.java
@@ -19,9 +19,6 @@
import android.content.Context;
import android.content.pm.PackageManager;
import android.net.cts.NetlinkSocket;
-import android.os.IBinder;
-import android.os.Parcel;
-import android.os.RemoteException;
import android.os.storage.StorageManager;
import android.test.AndroidTestCase;
@@ -30,7 +27,6 @@
import java.io.FileReader;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
-import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
@@ -88,79 +84,6 @@
}
/**
- * Validate that this device isn't vulnerable to the "ZergRush"
- * vold vulnerability (CVE-2011-3874).
- *
- * https://github.com/revolutionary/zergRush/blob/master/zergRush.c
- *
- * Note: If the ZergRush vulnerability is present, the call to
- * {@link IBinder#transact(int, android.os.Parcel, android.os.Parcel, int)}}
- * below hangs until CTS kills the testsuite (10 minutes). A timeout,
- * while not desirable, is the typical failure for this test.
- *
- * This test accomplishes the same thing as {@link #testZergRushCrash()}
- */
- public void testZergRushUsingRelection() throws Exception {
- // This test assumes we have the MOUNT_UNMOUNT_FILESYSTEMS permission
- // Check it first so we know we're reaching the vulnerable code.
- assertEquals(PackageManager.PERMISSION_GRANTED,
- getContext().checkCallingOrSelfPermission(
- android.Manifest.permission.MOUNT_UNMOUNT_FILESYSTEMS));
-
- int pid = findVold();
-
- try {
- Object iBinderObj = Class.forName("android.os.ServiceManager")
- .getDeclaredMethod("getService", String.class)
- .invoke(null, "mount");
- if (!(iBinderObj instanceof IBinder)) {
- // unexpected return value, return. Assume not exploitable.
- return;
- }
-
- String[] names = new String[] {
- "IMountService", // Android 2.3
- "android.os.storage.IMountService" // Android 2.2
- };
-
- for (String name : names) {
- IBinder iBinder = (IBinder) iBinderObj;
- Parcel data = Parcel.obtain();
- data.writeInterfaceToken(name);
- data.writeString("AAAA AAAA AAAA AAAA "
- + "AAAA AAAA AAAA AAAA "
- + "AAAA AAAA AAAA AAAA "
- + "AAAA AAAA AAAA AAAA"
- + "AAAA AAAA AAAA AAAA"
- + "AAAA AAAA AAAA AAAA"
- + "AAAA AAAA AAAA AAAA"
- + "AAAA AAAA AAAA AAAA");
-
- // If vold crashes, this next line will hang forever.
- iBinder.transact(6, data, null, 0);
- }
- } catch (ClassNotFoundException e) {
- // class doesn't exist. Assume not exploitable.
- } catch (NoSuchMethodException e) {
- // no such method exists. Assume not exploitable.
- } catch (InvocationTargetException e) {
- // can't invoke. Assume not exploitable.
- } catch (IllegalAccessException e) {
- // can't access. Assume not exploitable.
- } catch (RemoteException e) {
- // remote failure. Assume not exploitable.
- }
-
- Thread.sleep(2000); // give vold some time to crash
-
- // Check to see if vold is still alive.
- assertTrue(
- "PID=" + pid + " crashed due to a malformed mount message."
- + " Detected unpatched ZergRush vulnerability (CVE-2011-3874).",
- new File("/proc/" + pid + "/cmdline").exists());
- }
-
- /**
* Try to crash the vold program using CVE-2011-1823.
*
* This test attempts to send an invalid netlink messages to