am eb4caa67: am 32998449: am be10bce7: Write a CTS test for the TelephonyProvider
* commit 'eb4caa673023f3106cdc81ca51b850669ad31227':
Write a CTS test for the TelephonyProvider
diff --git a/tests/AndroidManifest.xml b/tests/AndroidManifest.xml
index f487ab0..3ca39b2 100644
--- a/tests/AndroidManifest.xml
+++ b/tests/AndroidManifest.xml
@@ -98,6 +98,10 @@
<uses-permission android:name="android.permission.WRITE_EXTERNAL_STORAGE" />
<uses-permission android:name="android.permission.READ_LOGS" />
+ <!-- telephony provider tests -->
+ <uses-permission android:name="android.permission.READ_SMS"/>
+ <uses-permission android:name="android.permission.WRITE_SMS"/>
+
<!-- content sync tests -->
<uses-permission android:name="android.permission.MANAGE_ACCOUNTS" />
<uses-permission android:name="android.permission.AUTHENTICATE_ACCOUNTS" />
diff --git a/tests/tests/provider/src/android/provider/cts/TelephonyProviderTest.java b/tests/tests/provider/src/android/provider/cts/TelephonyProviderTest.java
new file mode 100644
index 0000000..e352252
--- /dev/null
+++ b/tests/tests/provider/src/android/provider/cts/TelephonyProviderTest.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright (C) 2013 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.provider.cts;
+
+import android.content.ContentResolver;
+import android.content.ContentValues;
+import android.net.Uri;
+import android.os.ParcelFileDescriptor;
+import android.test.InstrumentationTestCase;
+
+import java.lang.reflect.Field;
+
+import java.io.FileDescriptor;
+
+// To run the tests in this file w/o running all the cts tests:
+// build cts
+// cts-tradefed
+// run cts -c android.provider.cts.TelephonyProviderTest
+
+public class TelephonyProviderTest extends InstrumentationTestCase {
+ private ContentResolver mContentResolver;
+
+ @Override
+ protected void setUp() throws Exception {
+ super.setUp();
+ mContentResolver = getInstrumentation().getTargetContext().getContentResolver();
+ }
+
+ // Test that the TelephonyProvider doesn't allow clients to update _data column data and
+ // if they can, that they can't abuse the provider to open an arbitrary file.
+ public void testOpeningAnyFile() {
+ Uri uri = Uri.parse("content://mms/100/part");
+ try {
+ ContentValues values2 = new ContentValues();
+ values2.put("_data", "/dev/urandom");
+ Uri uri2 = mContentResolver.insert(uri, values2);
+ assertEquals("The code was able to insert the _data column", null, uri2);
+ if (uri2 == null) {
+ return;
+ }
+ ContentValues values = new ContentValues();
+ values.put("_data", "/dev/urandom");
+ int rowCnt = mContentResolver.update(uri2, values, null, null);
+ assertEquals("Was able to update the _data column", 0, rowCnt);
+
+ ParcelFileDescriptor pfd = mContentResolver.openFileDescriptor(uri2, "rw");
+ pfd.getFileDescriptor();
+ FileDescriptor fd = pfd.getFileDescriptor();
+ Field fld = fd.getClass().getDeclaredField("descriptor");
+ fld.setAccessible(true);
+ int fint = fld.getInt(fd);
+ fail("The code was able to abuse the MmsProvider to open any file");
+ } catch(Exception e){
+ e.printStackTrace();
+ }
+ }
+}