commit 1967ee09451eaf015e43130ae194c0b6267499a2
author TreeHugger Robot <treehugger-gerrit@google.com> Sat Oct 17 01:37:43 2020 +0000
committer Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> Sat Oct 17 01:37:43 2020 +0000
tree dde61065f0a54fb693f3eaa04ebed97aa80f7cee
parent cbabe2bf1852596118622328f409a412c7ce884b
parent 16565c37f380008e5888dffc6edd2974935bc012

Merge changes I3d14a7db,I31956c84,I01a36836,I44563a4e into oc-dev am: 16565c37f3

Original change: https://googleplex-android-review.googlesource.com/c/platform/cts/+/12865596

Change-Id: I6404afc8b59985f5763b26b61951814e465dd6a1

hostsidetests/securitybulletin/src/android/security/cts/Poc20_06.java

diff --git a/hostsidetests/securitybulletin/src/android/security/cts/Poc20_06.java b/hostsidetests/securitybulletin/src/android/security/cts/Poc20_06.java
index 98d6778..bd8f3cd 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/Poc20_06.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/Poc20_06.java
@@ -1,3 +1,19 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package android.security.cts;
 
 import android.platform.test.annotations.SecurityTest;
@@ -11,6 +27,49 @@
 public class Poc20_06 extends SecurityTestCase {
 
     /**
+     * CVE-2020-3635
+     */
+    @Test
+    @SecurityTest(minPatchLevel = "2020-06")
+    public void testPocCVE_2020_3635() throws Exception {
+        String isApplicable = AdbUtils.runCommandLine("service list", getDevice());
+        if (isApplicable.contains("com.qualcomm.qti.IPerfManager")) {
+            AdbUtils.runCommandLine("logcat -c", getDevice());
+            AdbUtils.runCommandLine(
+                    "service call vendor.perfservice 4 i32 1 i64 4702394920265069920", getDevice());
+            String logcatOut = AdbUtils.runCommandLine("logcat -d", getDevice());
+            assertNotMatchesMultiLine(
+                    "Fatal signal 11 \\(SIGSEGV\\).*?>>> /system/bin/perfservice <<<", logcatOut);
+        }
+    }
+
+    /**
+     * CVE-2020-3626
+     */
+    @Test
+    @SecurityTest(minPatchLevel = "2020-06")
+    public void testPocCVE_2020_3626() throws Exception {
+        String isApplicable =
+                AdbUtils.runCommandLine("pm list package com.qualcomm.qti.lpa", getDevice());
+        if (!isApplicable.isEmpty()) {
+            String result =
+                    AdbUtils.runCommandLine("dumpsys package com.qualcomm.qti.lpa", getDevice());
+            assertTrue(result.contains("com.qti.permission.USE_UIM_LPA_SERVICE"));
+        }
+    }
+
+    /**
+     * CVE-2020-3628
+     */
+    @Test
+    @SecurityTest(minPatchLevel = "2020-06")
+    public void testPocCVE_2020_3628() throws Exception {
+        String result = AdbUtils.runCommandLine(
+                "pm list package com.qualcomm.qti.logkit",getDevice());
+        assertFalse(result.contains("com.qualcomm.qti.logkit"));
+    }
+
+    /**
      * CVE-2020-3676
      */
     @Test