Merge "Bluetooth Security Test" into gingerbread
diff --git a/tests/tests/security/src/android/security/cts/BannedFilesTest.java b/tests/tests/security/src/android/security/cts/BannedFilesTest.java
index 7a9c761..017bac0 100644
--- a/tests/tests/security/src/android/security/cts/BannedFilesTest.java
+++ b/tests/tests/security/src/android/security/cts/BannedFilesTest.java
@@ -23,6 +23,18 @@
public class BannedFilesTest extends TestCase {
/**
+ * setuid or setgid "ip" command can be used to modify the
+ * routing tables of a device, potentially allowing a malicious
+ * program to intercept all network traffic to and from
+ * the device.
+ */
+ public void testNoSetuidIp() {
+ assertNotSetugid("/system/bin/ip");
+ assertNotSetugid("/system/xbin/ip");
+ assertNotSetugid("/vendor/bin/ip");
+ }
+
+ /**
* setuid or setgid tcpdump can be used maliciously to monitor
* all traffic in and out of the device.
*/
@@ -31,6 +43,8 @@
assertNotSetugid("/system/bin/tcpdump-arm");
assertNotSetugid("/system/xbin/tcpdump");
assertNotSetugid("/system/xbin/tcpdump-arm");
+ assertNotSetugid("/vendor/bin/tcpdump");
+ assertNotSetugid("/vendor/bin/tcpdump-arm");
}
private static void assertNotSetugid(String file) {
diff --git a/tests/tests/security/src/android/security/cts/VoldExploitTest.java b/tests/tests/security/src/android/security/cts/VoldExploitTest.java
index 12b4392..1f0929f 100644
--- a/tests/tests/security/src/android/security/cts/VoldExploitTest.java
+++ b/tests/tests/security/src/android/security/cts/VoldExploitTest.java
@@ -56,12 +56,6 @@
return;
}
- // Verify that all processes listening for netlink messages
- // currently exist.
- for (int i : pids) {
- assertTrue(new File("/proc/" + i + "/cmdline").exists());
- }
-
NetlinkSocket ns = NetlinkSocket.create();
for (int i : pids) {
for (String j : devices) {
@@ -175,7 +169,7 @@
for (List<String> i : netlink) {
// The PID is in column 3
int pid = Integer.decode(i.get(2));
- if (pid > 0) {
+ if (new File("/proc/" + pid + "/cmdline").exists()) {
retval.add(pid);
}
}