Merge "Fix AnimationTest#testRunAccelerateAlpha" into jb-dev
diff --git a/tests/tests/security/src/android/security/cts/VoldExploitTest.java b/tests/tests/security/src/android/security/cts/VoldExploitTest.java
index 7247a79..d428c60 100644
--- a/tests/tests/security/src/android/security/cts/VoldExploitTest.java
+++ b/tests/tests/security/src/android/security/cts/VoldExploitTest.java
@@ -19,9 +19,6 @@
import android.content.Context;
import android.content.pm.PackageManager;
import android.net.cts.NetlinkSocket;
-import android.os.IBinder;
-import android.os.Parcel;
-import android.os.RemoteException;
import android.os.storage.StorageManager;
import android.test.AndroidTestCase;
@@ -30,7 +27,6 @@
import java.io.FileReader;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
-import java.lang.reflect.InvocationTargetException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
@@ -88,79 +84,6 @@
}
/**
- * Validate that this device isn't vulnerable to the "ZergRush"
- * vold vulnerability (CVE-2011-3874).
- *
- * https://github.com/revolutionary/zergRush/blob/master/zergRush.c
- *
- * Note: If the ZergRush vulnerability is present, the call to
- * {@link IBinder#transact(int, android.os.Parcel, android.os.Parcel, int)}}
- * below hangs until CTS kills the testsuite (10 minutes). A timeout,
- * while not desirable, is the typical failure for this test.
- *
- * This test accomplishes the same thing as {@link #testZergRushCrash()}
- */
- public void testZergRushUsingRelection() throws Exception {
- // This test assumes we have the MOUNT_UNMOUNT_FILESYSTEMS permission
- // Check it first so we know we're reaching the vulnerable code.
- assertEquals(PackageManager.PERMISSION_GRANTED,
- getContext().checkCallingOrSelfPermission(
- android.Manifest.permission.MOUNT_UNMOUNT_FILESYSTEMS));
-
- int pid = findVold();
-
- try {
- Object iBinderObj = Class.forName("android.os.ServiceManager")
- .getDeclaredMethod("getService", String.class)
- .invoke(null, "mount");
- if (!(iBinderObj instanceof IBinder)) {
- // unexpected return value, return. Assume not exploitable.
- return;
- }
-
- String[] names = new String[] {
- "IMountService", // Android 2.3
- "android.os.storage.IMountService" // Android 2.2
- };
-
- for (String name : names) {
- IBinder iBinder = (IBinder) iBinderObj;
- Parcel data = Parcel.obtain();
- data.writeInterfaceToken(name);
- data.writeString("AAAA AAAA AAAA AAAA "
- + "AAAA AAAA AAAA AAAA "
- + "AAAA AAAA AAAA AAAA "
- + "AAAA AAAA AAAA AAAA"
- + "AAAA AAAA AAAA AAAA"
- + "AAAA AAAA AAAA AAAA"
- + "AAAA AAAA AAAA AAAA"
- + "AAAA AAAA AAAA AAAA");
-
- // If vold crashes, this next line will hang forever.
- iBinder.transact(6, data, null, 0);
- }
- } catch (ClassNotFoundException e) {
- // class doesn't exist. Assume not exploitable.
- } catch (NoSuchMethodException e) {
- // no such method exists. Assume not exploitable.
- } catch (InvocationTargetException e) {
- // can't invoke. Assume not exploitable.
- } catch (IllegalAccessException e) {
- // can't access. Assume not exploitable.
- } catch (RemoteException e) {
- // remote failure. Assume not exploitable.
- }
-
- Thread.sleep(2000); // give vold some time to crash
-
- // Check to see if vold is still alive.
- assertTrue(
- "PID=" + pid + " crashed due to a malformed mount message."
- + " Detected unpatched ZergRush vulnerability (CVE-2011-3874).",
- new File("/proc/" + pid + "/cmdline").exists());
- }
-
- /**
* Try to crash the vold program using CVE-2011-1823.
*
* This test attempts to send an invalid netlink messages to
diff --git a/tests/tests/text/src/android/text/cts/SpannableStringBuilderSpanTest.java b/tests/tests/text/src/android/text/cts/SpannableStringBuilderSpanTest.java
index db9dbdd..352767c 100644
--- a/tests/tests/text/src/android/text/cts/SpannableStringBuilderSpanTest.java
+++ b/tests/tests/text/src/android/text/cts/SpannableStringBuilderSpanTest.java
@@ -96,9 +96,9 @@
String subReplacement = replacement.substring(replacementStart, replacementEnd);
String expected = original.substring(0, replaceStart) +
subReplacement + original.substring(replaceEnd, original.length());
- if (DEBUG) System.out.println("Replace \"" + original + "\" [" +
+ if (DEBUG) System.out.println("#" + testCounter + ", replace \"" + original + "\" [" +
replaceStart + " " + replaceEnd + "] by \"" + subReplacement + "\" -> \"" +
- expected + "\", flag=" + flag + ", test #" + testCounter);
+ expected + "\", flag=" + flag);
SpannableStringBuilder originalSpannable = new SpannableStringBuilder(original);
Spannable replacementSpannable = new SpannableStringBuilder(replacement);
@@ -111,7 +111,8 @@
assertEquals(expected, originalSpannable.toString());
- checkSpanPositions(originalSpannable, replaceStart, replaceEnd, subReplacement.length(), flag);
+ checkSpanPositions(originalSpannable, replaceStart, replaceEnd, subReplacement.length(),
+ flag);
checkReplacementSpanPositions(originalSpannable, replaceStart, replacementSpannable,
replacementStart, replacementEnd, flag);
}
@@ -142,7 +143,9 @@
// This is the exception to the following generic code where we need to consider
// both the start and end styles.
if (startStyle == SpanSet.INSIDE && endStyle == SpanSet.INSIDE &&
- flag == Spanned.SPAN_EXCLUSIVE_EXCLUSIVE) {
+ flag == Spanned.SPAN_EXCLUSIVE_EXCLUSIVE &&
+ (replacementLength == 0 || originalStart > replaceStart ||
+ originalEnd < replaceEnd)) {
// 0-length spans should have been removed
assertEquals(-1, start);
assertEquals(-1, end);