Merge "Updated CTS test for Android Security b/199754277" into rvc-dev am: 64fa53bdfd
Original change: https://googleplex-android-review.googlesource.com/c/platform/cts/+/21701202
Change-Id: I034aac9edf4d38909cbdc44ef625bc5b68730d6b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0963.java b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0963.java
index 90d8196..645f909 100644
--- a/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0963.java
+++ b/hostsidetests/securitybulletin/src/android/security/cts/CVE_2021_0963.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 The Android Open Source Project
+ * Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,7 +20,7 @@
import android.platform.test.annotations.AsbSecurityTest;
-import com.android.sts.common.tradefed.testtype.StsExtraBusinessLogicHostTestBase;
+import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
import com.android.tradefed.device.ITestDevice;
import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
@@ -28,41 +28,39 @@
import org.junit.runner.RunWith;
@RunWith(DeviceJUnit4ClassRunner.class)
-public class CVE_2021_0963 extends StsExtraBusinessLogicHostTestBase {
- static final String TEST_PKG = "android.security.cts.CVE_2021_0963";
+public class CVE_2021_0963 extends NonRootSecurityTestCase {
- /**
- * b/199754277
- * Vulnerable app : KeyChain.apk
- * Vulnerable module : com.android.keychain
- * Is Play managed : No
- */
+ // b/199754277
+ // Vulnerable app : KeyChain.apk
+ // Vulnerable module : com.android.keychain
+ // Is Play managed : No
@AsbSecurityTest(cveBugId = 199754277)
@Test
public void testPocCVE_2021_0963() {
+ int userId = 0;
+ String component = null;
+ ITestDevice device = null;
try {
- ITestDevice device = getDevice();
+ // Install the application
+ installPackage("CVE-2021-0963.apk", "-t");
- /* Wake up the device */
- AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device);
- AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device);
- AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device);
+ // Set test-app as device owner.
+ final String testPkg = "android.security.cts.CVE_2021_0963";
+ component = testPkg + "/" + testPkg + ".PocDeviceAdminReceiver";
+ device = getDevice();
+ device.setDeviceOwner(component, userId);
- /* Install the application */
- installPackage("CVE-2021-0963.apk");
-
- /*
- * Set device as owner. After the test is completed, this change is reverted in the
- * DeviceTest.java's tearDown() method by calling clearDeviceOwnerApp() on an instance
- * of DevicePolicyManager.
- */
- AdbUtils.runCommandLine("dpm set-device-owner --user 0 '" + TEST_PKG + "/" + TEST_PKG
- + ".PocDeviceAdminReceiver" + "'", device);
-
- /* Run the device test "testOverlayButtonPresence" */
- runDeviceTests(TEST_PKG, TEST_PKG + "." + "DeviceTest", "testOverlayButtonPresence");
+ // Run the device test "testOverlayButtonPresence"
+ runDeviceTests(testPkg, testPkg + ".DeviceTest", "testOverlayButtonPresence");
} catch (Exception e) {
assumeNoException(e);
+ } finally {
+ try {
+ // Remove test-app as device owner.
+ device.removeAdmin(component, userId);
+ } catch (Exception e) {
+ // ignore
+ }
}
}
}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/Android.bp b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/Android.bp
index ea39e68..2a30791 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/Android.bp
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/Android.bp
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 The Android Open Source Project
+ * Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -35,5 +35,5 @@
"androidx.test.rules",
"androidx.test.uiautomator_uiautomator",
],
- platform_apis: true,
+ platform_apis: true, // required for using RemoteCallback
}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/AndroidManifest.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/AndroidManifest.xml
index ae0d416..dec0ae4 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/AndroidManifest.xml
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/AndroidManifest.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
- Copyright 2022 The Android Open Source Project
+ Copyright 2023 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -18,7 +18,7 @@
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="android.security.cts.CVE_2021_0963">
<uses-permission android:name="android.permission.SYSTEM_ALERT_WINDOW" />
- <application>
+ <application android:testOnly="true">
<activity android:name=".PocActivity"
android:exported="true">
<intent-filter>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/res/raw/cve_2021_0963_pkey b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/res/raw/cve_2021_0963_pkey
new file mode 100644
index 0000000..3a07113
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/res/raw/cve_2021_0963_pkey
Binary files differ
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/res/raw/cve_2021_0963_usercert b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/res/raw/cve_2021_0963_usercert
new file mode 100644
index 0000000..4665a94
--- /dev/null
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/res/raw/cve_2021_0963_usercert
Binary files differ
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/res/values/integers.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/res/values/integers.xml
index 6a14b4a..18ccaba 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/res/values/integers.xml
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/res/values/integers.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
- Copyright 2022 The Android Open Source Project
+ Copyright 2023 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/res/values/strings.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/res/values/strings.xml
index 1da84fe..e6915d6 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/res/values/strings.xml
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/res/values/strings.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
- Copyright 2022 The Android Open Source Project
+ Copyright 2023 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -16,25 +16,32 @@
-->
<resources>
- <string name="actionKeychainActivity">com.android.keychain.CHOOSER</string>
- <string name="activityNotFoundMsg">The activity with intent was not found : </string>
- <string name="activityNotStartedException">Unable to start the activity with intent : </string>
+ <string name="action">com.android.keychain.CHOOSER</string>
<string name="alias">Client</string>
- <string name="callbackKey">callback</string>
- <string name="canNotDrawOverlaysMsg">The application cannot draw overlays</string>
- <string name="certType">X.509</string>
- <string name="dumpsysActivity">dumpsys activity %1$s</string>
- <string name="dumpsysActivityNotStartedException">Could not execute dumpsys activity command
- </string>
- <string name="errorMessage">Device is vulnerable to b/199754277 hence any app with
- "SYSTEM_ALERT_WINDOW can overlay the %1$s screen</string>
- <string name="keyType">RSA</string>
- <string name="mResumedTrue">mResumed=true</string>
- <string name="messageKey">message</string>
- <string name="overlayButtonText">OverlayButton</string>
- <string name="overlayServiceNotStartedException">Unable to start the overlay service</string>
- <string name="overlayUiScreenError">Overlay UI did not appear on the screen</string>
- <string name="statusKey">status</string>
- <string name="vulActivityNotRunningError">The activity %1$s is not currently running
- on the device</string>
+ <string name="callback">callback</string>
+ <string name="cmdAdbHome">input keyevent KEYCODE_HOME</string>
+ <string name="cmdDumpsysActivityByActivity">dumpsys activity %1$s</string>
+ <string name="cmdDumpsysActivityByPkg">dumpsys activity -p %1$s activities</string>
+ <string name="exceptionActivityNotFound">The activity with intent was not found : </string>
+ <string name="exceptionActivityNotStart">Unable to start the activity with intent : </string>
+ <string name="exceptionCanNotDrawOverlays">The application cannot draw overlays</string>
+ <string name="exceptionOverlayUiNotVisible">Overlay UI did not appear on the screen</string>
+ <string name="exceptionServiceNotStart">Unable to start the overlay service</string>
+ <string name="exceptionVulActivityNotResume">The activity %1$s is not currently resumed on the
+ device</string>
+ <string name="exceptionVulUiNotVisible">UI of vulnerable activity %1$s is not visible</string>
+ <string name="failMsg">Device is vulnerable to b/199754277 !! Any app with SYSTEM_ALERT_WINDOW
+ can overlay the %1$s screen</string>
+ <string name="flagActivityResumed">mResumed=true</string>
+ <string name="flagActivityVisible">mVisible=true</string>
+ <string name="message">message</string>
+ <string name="pKey">cve_2021_0963_pkey</string>
+ <string name="rawResOpenError">Could not open the raw resource %1$s</string>
+ <string name="status">status</string>
+ <string name="strSplitRegex"><![CDATA[((?<=mVisible=(true|false)))]]></string>
+ <string name="streamReadError">Could not read from stream of the raw resource %1$s</string>
+ <string name="txtOverlayBtn">CVE_2021_0963_button</string>
+ <string name="typeCert">X.509</string>
+ <string name="typeKey">RSA</string>
+ <string name="userCert">cve_2021_0963_usercert</string>
</resources>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/res/xml/device_policies.xml b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/res/xml/device_policies.xml
index a826e80..ed5352d 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/res/xml/device_policies.xml
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/res/xml/device_policies.xml
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<!--
- Copyright 2022 The Android Open Source Project
+ Copyright 2023 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -16,6 +16,5 @@
-->
<device-admin>
- <uses-policies>
- </uses-policies>
+ <uses-policies />
</device-admin>
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/src/android/security/cts/CVE_2021_0963/DeviceTest.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/src/android/security/cts/CVE_2021_0963/DeviceTest.java
index 3d1c0df..209bdf0 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/src/android/security/cts/CVE_2021_0963/DeviceTest.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/src/android/security/cts/CVE_2021_0963/DeviceTest.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 The Android Open Source Project
+ * Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -43,6 +43,9 @@
import org.junit.runner.RunWith;
import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.cert.Certificate;
@@ -56,256 +59,31 @@
public class DeviceTest {
private DevicePolicyManager mDevicePolicyManager;
private ComponentName mComponentName;
- Context mContext;
+ private Context mContext;
+ private UiDevice mDevice;
+ private Resources mResources;
- /**
- * Generated from above and converted with:
- *
- * openssl pkcs8 -topk8 -outform d -in userkey.pem -nocrypt | xxd -i | sed 's/0x/(byte) 0x/g'
- */
- private static final byte[] PRIVATE_KEY =
- new byte[] {(byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x76, (byte) 0x02,
- (byte) 0x01, (byte) 0x00, (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09,
- (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d,
- (byte) 0x01, (byte) 0x01, (byte) 0x01, (byte) 0x05, (byte) 0x00, (byte) 0x04,
- (byte) 0x82, (byte) 0x02, (byte) 0x60, (byte) 0x30, (byte) 0x82, (byte) 0x02,
- (byte) 0x5c, (byte) 0x02, (byte) 0x01, (byte) 0x00, (byte) 0x02, (byte) 0x81,
- (byte) 0x81, (byte) 0x00, (byte) 0xee, (byte) 0x6e, (byte) 0x51, (byte) 0xa8,
- (byte) 0xc4, (byte) 0x44, (byte) 0xd9, (byte) 0xb7, (byte) 0x53, (byte) 0xf1,
- (byte) 0xb9, (byte) 0x1b, (byte) 0x9d, (byte) 0x8d, (byte) 0x7c, (byte) 0x9f,
- (byte) 0x06, (byte) 0xe7, (byte) 0xed, (byte) 0xa8, (byte) 0x05, (byte) 0xb8,
- (byte) 0xaa, (byte) 0x0a, (byte) 0x2d, (byte) 0x74, (byte) 0x05, (byte) 0x8b,
- (byte) 0xad, (byte) 0xfe, (byte) 0xd3, (byte) 0x3e, (byte) 0x08, (byte) 0x9d,
- (byte) 0xc9, (byte) 0xf5, (byte) 0xf7, (byte) 0x81, (byte) 0x90, (byte) 0xf1,
- (byte) 0xcc, (byte) 0x3f, (byte) 0x91, (byte) 0xda, (byte) 0xcb, (byte) 0x67,
- (byte) 0x6a, (byte) 0xe8, (byte) 0x4a, (byte) 0xa0, (byte) 0xc3, (byte) 0x8a,
- (byte) 0x53, (byte) 0xd9, (byte) 0xf0, (byte) 0x17, (byte) 0xbe, (byte) 0x90,
- (byte) 0xbb, (byte) 0x95, (byte) 0x29, (byte) 0x01, (byte) 0xce, (byte) 0x32,
- (byte) 0xce, (byte) 0xf8, (byte) 0x02, (byte) 0xfe, (byte) 0xe8, (byte) 0x19,
- (byte) 0x91, (byte) 0x29, (byte) 0x46, (byte) 0xf7, (byte) 0x67, (byte) 0xd1,
- (byte) 0xcb, (byte) 0xa7, (byte) 0x20, (byte) 0x8b, (byte) 0x85, (byte) 0x8a,
- (byte) 0x0c, (byte) 0x07, (byte) 0xf8, (byte) 0xfe, (byte) 0xf4, (byte) 0x5d,
- (byte) 0x08, (byte) 0xf4, (byte) 0x63, (byte) 0x4a, (byte) 0x69, (byte) 0x66,
- (byte) 0x28, (byte) 0xcb, (byte) 0x0d, (byte) 0x1c, (byte) 0x7f, (byte) 0x7f,
- (byte) 0x7e, (byte) 0x83, (byte) 0x49, (byte) 0x66, (byte) 0x6c, (byte) 0x83,
- (byte) 0x2d, (byte) 0xa0, (byte) 0x51, (byte) 0xf6, (byte) 0x14, (byte) 0x68,
- (byte) 0x47, (byte) 0x31, (byte) 0x72, (byte) 0x4d, (byte) 0xe9, (byte) 0x1e,
- (byte) 0x12, (byte) 0x1b, (byte) 0xd0, (byte) 0xe6, (byte) 0x21, (byte) 0xd8,
- (byte) 0x84, (byte) 0x5f, (byte) 0xe3, (byte) 0xef, (byte) 0x02, (byte) 0x03,
- (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x81, (byte) 0x80,
- (byte) 0x24, (byte) 0x95, (byte) 0xb8, (byte) 0xe1, (byte) 0xf4, (byte) 0x7b,
- (byte) 0xbc, (byte) 0x0c, (byte) 0x6d, (byte) 0x4d, (byte) 0x01, (byte) 0xe2,
- (byte) 0x42, (byte) 0xe2, (byte) 0x9a, (byte) 0xe4, (byte) 0xab, (byte) 0xe2,
- (byte) 0x9a, (byte) 0x8c, (byte) 0xd5, (byte) 0x93, (byte) 0xe8, (byte) 0x43,
- (byte) 0x77, (byte) 0x85, (byte) 0xfd, (byte) 0xf3, (byte) 0xd8, (byte) 0xd6,
- (byte) 0xe9, (byte) 0x02, (byte) 0xf3, (byte) 0xbf, (byte) 0x82, (byte) 0x65,
- (byte) 0xc3, (byte) 0x7c, (byte) 0x96, (byte) 0x09, (byte) 0x04, (byte) 0x16,
- (byte) 0x1d, (byte) 0x03, (byte) 0x3d, (byte) 0x82, (byte) 0xb8, (byte) 0xdc,
- (byte) 0xbb, (byte) 0xd6, (byte) 0xbf, (byte) 0x2a, (byte) 0x52, (byte) 0x83,
- (byte) 0x76, (byte) 0x5b, (byte) 0xae, (byte) 0x59, (byte) 0xf6, (byte) 0xee,
- (byte) 0x84, (byte) 0x44, (byte) 0x4a, (byte) 0xa7, (byte) 0x25, (byte) 0x50,
- (byte) 0x89, (byte) 0x63, (byte) 0x43, (byte) 0x0b, (byte) 0xc8, (byte) 0xd5,
- (byte) 0x17, (byte) 0x9d, (byte) 0x8b, (byte) 0x62, (byte) 0xd5, (byte) 0xf1,
- (byte) 0xde, (byte) 0x45, (byte) 0xe6, (byte) 0x35, (byte) 0x10, (byte) 0xba,
- (byte) 0x58, (byte) 0x18, (byte) 0x44, (byte) 0xc1, (byte) 0x6d, (byte) 0xb6,
- (byte) 0x1d, (byte) 0x2f, (byte) 0x53, (byte) 0xb6, (byte) 0x5a, (byte) 0xf1,
- (byte) 0x66, (byte) 0xbc, (byte) 0x0e, (byte) 0x63, (byte) 0xa7, (byte) 0x0f,
- (byte) 0x81, (byte) 0x4b, (byte) 0x07, (byte) 0x31, (byte) 0xa5, (byte) 0x70,
- (byte) 0xec, (byte) 0x30, (byte) 0x57, (byte) 0xc4, (byte) 0x14, (byte) 0xb2,
- (byte) 0x8b, (byte) 0x6f, (byte) 0x26, (byte) 0x7e, (byte) 0x55, (byte) 0x60,
- (byte) 0x63, (byte) 0x7d, (byte) 0x90, (byte) 0xd7, (byte) 0x5f, (byte) 0xef,
- (byte) 0x7d, (byte) 0xc1, (byte) 0x02, (byte) 0x41, (byte) 0x00, (byte) 0xfe,
- (byte) 0x92, (byte) 0xa9, (byte) 0xf1, (byte) 0x29, (byte) 0x1e, (byte) 0xd4,
- (byte) 0x72, (byte) 0xd3, (byte) 0x3f, (byte) 0x9d, (byte) 0xd6, (byte) 0x3d,
- (byte) 0xe9, (byte) 0xcf, (byte) 0x3e, (byte) 0x06, (byte) 0xdc, (byte) 0x65,
- (byte) 0x8f, (byte) 0xc0, (byte) 0x81, (byte) 0xc2, (byte) 0x66, (byte) 0xc1,
- (byte) 0x5c, (byte) 0x2c, (byte) 0xfa, (byte) 0x08, (byte) 0x65, (byte) 0xb6,
- (byte) 0x47, (byte) 0xc5, (byte) 0x14, (byte) 0x8d, (byte) 0x69, (byte) 0xe9,
- (byte) 0xaf, (byte) 0x42, (byte) 0x02, (byte) 0x53, (byte) 0x04, (byte) 0x63,
- (byte) 0x47, (byte) 0xaf, (byte) 0xcc, (byte) 0xae, (byte) 0x08, (byte) 0x31,
- (byte) 0xba, (byte) 0xea, (byte) 0x85, (byte) 0xda, (byte) 0xd6, (byte) 0xb2,
- (byte) 0xe7, (byte) 0x4c, (byte) 0xda, (byte) 0xad, (byte) 0x52, (byte) 0x76,
- (byte) 0x48, (byte) 0x16, (byte) 0xeb, (byte) 0x02, (byte) 0x41, (byte) 0x00,
- (byte) 0xef, (byte) 0xc4, (byte) 0x7d, (byte) 0x69, (byte) 0x7b, (byte) 0xcb,
- (byte) 0xcb, (byte) 0xf7, (byte) 0x00, (byte) 0x2d, (byte) 0x05, (byte) 0x3c,
- (byte) 0xe4, (byte) 0xfd, (byte) 0x5c, (byte) 0xea, (byte) 0xcf, (byte) 0x40,
- (byte) 0x84, (byte) 0x10, (byte) 0xf1, (byte) 0xc0, (byte) 0xaf, (byte) 0xc7,
- (byte) 0xc8, (byte) 0x51, (byte) 0xac, (byte) 0x18, (byte) 0x25, (byte) 0x63,
- (byte) 0x75, (byte) 0xc7, (byte) 0x0e, (byte) 0xa9, (byte) 0xed, (byte) 0x9c,
- (byte) 0x78, (byte) 0x08, (byte) 0x28, (byte) 0x1d, (byte) 0x9e, (byte) 0xfa,
- (byte) 0x17, (byte) 0x0f, (byte) 0x7a, (byte) 0x6a, (byte) 0x78, (byte) 0x63,
- (byte) 0x6e, (byte) 0xb3, (byte) 0x6b, (byte) 0xd6, (byte) 0x43, (byte) 0x4b,
- (byte) 0x58, (byte) 0xb8, (byte) 0x77, (byte) 0x10, (byte) 0x07, (byte) 0x70,
- (byte) 0xa6, (byte) 0xa9, (byte) 0xae, (byte) 0x0d, (byte) 0x02, (byte) 0x41,
- (byte) 0x00, (byte) 0x92, (byte) 0x4c, (byte) 0x79, (byte) 0x0b, (byte) 0x95,
- (byte) 0xc5, (byte) 0x18, (byte) 0xf4, (byte) 0x90, (byte) 0x40, (byte) 0x8c,
- (byte) 0x15, (byte) 0x96, (byte) 0x69, (byte) 0x2a, (byte) 0xe7, (byte) 0x8b,
- (byte) 0x8b, (byte) 0xd7, (byte) 0x76, (byte) 0x00, (byte) 0x7c, (byte) 0xd1,
- (byte) 0xda, (byte) 0xb9, (byte) 0x9e, (byte) 0x9e, (byte) 0x5e, (byte) 0x66,
- (byte) 0xbb, (byte) 0x05, (byte) 0x41, (byte) 0x43, (byte) 0x9a, (byte) 0x67,
- (byte) 0x16, (byte) 0x89, (byte) 0xec, (byte) 0x65, (byte) 0x33, (byte) 0xee,
- (byte) 0xbf, (byte) 0xa3, (byte) 0xca, (byte) 0x8b, (byte) 0xd6, (byte) 0x45,
- (byte) 0xe1, (byte) 0x81, (byte) 0xaa, (byte) 0xd8, (byte) 0xa2, (byte) 0x6a,
- (byte) 0x3c, (byte) 0x5e, (byte) 0x7e, (byte) 0x1c, (byte) 0xa5, (byte) 0xc3,
- (byte) 0x5b, (byte) 0x93, (byte) 0x8c, (byte) 0x24, (byte) 0x57, (byte) 0x02,
- (byte) 0x40, (byte) 0x0a, (byte) 0x6d, (byte) 0x3f, (byte) 0x0e, (byte) 0xf1,
- (byte) 0x45, (byte) 0x41, (byte) 0x8f, (byte) 0x72, (byte) 0x40, (byte) 0x82,
- (byte) 0xf3, (byte) 0xcc, (byte) 0xf9, (byte) 0x7f, (byte) 0xaa, (byte) 0xee,
- (byte) 0x6c, (byte) 0x5d, (byte) 0xd1, (byte) 0xe6, (byte) 0xd1, (byte) 0x7c,
- (byte) 0x53, (byte) 0x71, (byte) 0xd0, (byte) 0xab, (byte) 0x6d, (byte) 0x39,
- (byte) 0x63, (byte) 0x03, (byte) 0xe2, (byte) 0x2e, (byte) 0x2f, (byte) 0x11,
- (byte) 0x98, (byte) 0x36, (byte) 0x58, (byte) 0x14, (byte) 0x76, (byte) 0x85,
- (byte) 0x4d, (byte) 0x56, (byte) 0xe7, (byte) 0x63, (byte) 0x69, (byte) 0x71,
- (byte) 0xe6, (byte) 0xd1, (byte) 0x0f, (byte) 0x98, (byte) 0x66, (byte) 0xee,
- (byte) 0xf2, (byte) 0x3d, (byte) 0xdf, (byte) 0x77, (byte) 0xbe, (byte) 0x08,
- (byte) 0xb4, (byte) 0xcb, (byte) 0x6a, (byte) 0xa1, (byte) 0x99, (byte) 0x02,
- (byte) 0x40, (byte) 0x52, (byte) 0x01, (byte) 0xde, (byte) 0x62, (byte) 0xc2,
- (byte) 0x25, (byte) 0xbf, (byte) 0x5d, (byte) 0x77, (byte) 0xe4, (byte) 0x6b,
- (byte) 0xb6, (byte) 0xd7, (byte) 0x8f, (byte) 0x89, (byte) 0x2c, (byte) 0xe6,
- (byte) 0x8d, (byte) 0xe5, (byte) 0xad, (byte) 0x39, (byte) 0x17, (byte) 0x54,
- (byte) 0x2b, (byte) 0x35, (byte) 0x53, (byte) 0xd1, (byte) 0xa1, (byte) 0xef,
- (byte) 0x48, (byte) 0xbc, (byte) 0x95, (byte) 0x48, (byte) 0xcf, (byte) 0x62,
- (byte) 0xf4, (byte) 0x33, (byte) 0xcf, (byte) 0x37, (byte) 0x78, (byte) 0xeb,
- (byte) 0x17, (byte) 0xb4, (byte) 0x0b, (byte) 0x83, (byte) 0x4f, (byte) 0xb6,
- (byte) 0xab, (byte) 0x7d, (byte) 0x67, (byte) 0x3e, (byte) 0x4e, (byte) 0x44,
- (byte) 0x4a, (byte) 0x55, (byte) 0x2e, (byte) 0x34, (byte) 0x12, (byte) 0x0b,
- (byte) 0x59, (byte) 0xb3, (byte) 0xb1, (byte) 0x1e, (byte) 0x3d};
-
-
- /**
- * Generated from above and converted with:
- *
- * openssl x509 -outform d -in usercert.pem | xxd -i | sed 's/0x/(byte) 0x/g'
- */
- private static final byte[] USER_CERT =
- {(byte) 0x30, (byte) 0x82, (byte) 0x02, (byte) 0xd8, (byte) 0x30, (byte) 0x82,
- (byte) 0x01, (byte) 0xc0, (byte) 0xa0, (byte) 0x03, (byte) 0x02, (byte) 0x01,
- (byte) 0x02, (byte) 0x02, (byte) 0x01, (byte) 0x01, (byte) 0x30, (byte) 0x0d,
- (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86,
- (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x0b, (byte) 0x05,
- (byte) 0x00, (byte) 0x30, (byte) 0x33, (byte) 0x31, (byte) 0x0b, (byte) 0x30,
- (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06,
- (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, (byte) 0x31, (byte) 0x13,
- (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04,
- (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, (byte) 0x6f, (byte) 0x6d,
- (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, (byte) 0x61, (byte) 0x74,
- (byte) 0x65, (byte) 0x31, (byte) 0x0f, (byte) 0x30, (byte) 0x0d, (byte) 0x06,
- (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x06,
- (byte) 0x47, (byte) 0x6f, (byte) 0x6f, (byte) 0x67, (byte) 0x6c, (byte) 0x65,
- (byte) 0x30, (byte) 0x1e, (byte) 0x17, (byte) 0x0d, (byte) 0x32, (byte) 0x32,
- (byte) 0x30, (byte) 0x33, (byte) 0x32, (byte) 0x35, (byte) 0x30, (byte) 0x37,
- (byte) 0x32, (byte) 0x30, (byte) 0x31, (byte) 0x32, (byte) 0x5a, (byte) 0x17,
- (byte) 0x0d, (byte) 0x33, (byte) 0x32, (byte) 0x30, (byte) 0x33, (byte) 0x32,
- (byte) 0x32, (byte) 0x30, (byte) 0x37, (byte) 0x32, (byte) 0x30, (byte) 0x31,
- (byte) 0x32, (byte) 0x5a, (byte) 0x30, (byte) 0x33, (byte) 0x31, (byte) 0x0b,
- (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04,
- (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x41, (byte) 0x55, (byte) 0x31,
- (byte) 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55,
- (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x53, (byte) 0x6f,
- (byte) 0x6d, (byte) 0x65, (byte) 0x2d, (byte) 0x53, (byte) 0x74, (byte) 0x61,
- (byte) 0x74, (byte) 0x65, (byte) 0x31, (byte) 0x0f, (byte) 0x30, (byte) 0x0d,
- (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c,
- (byte) 0x06, (byte) 0x47, (byte) 0x6f, (byte) 0x6f, (byte) 0x67, (byte) 0x6c,
- (byte) 0x65, (byte) 0x30, (byte) 0x81, (byte) 0x9f, (byte) 0x30, (byte) 0x0d,
- (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0x86,
- (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x01, (byte) 0x05,
- (byte) 0x00, (byte) 0x03, (byte) 0x81, (byte) 0x8d, (byte) 0x00, (byte) 0x30,
- (byte) 0x81, (byte) 0x89, (byte) 0x02, (byte) 0x81, (byte) 0x81, (byte) 0x00,
- (byte) 0xee, (byte) 0x6e, (byte) 0x51, (byte) 0xa8, (byte) 0xc4, (byte) 0x44,
- (byte) 0xd9, (byte) 0xb7, (byte) 0x53, (byte) 0xf1, (byte) 0xb9, (byte) 0x1b,
- (byte) 0x9d, (byte) 0x8d, (byte) 0x7c, (byte) 0x9f, (byte) 0x06, (byte) 0xe7,
- (byte) 0xed, (byte) 0xa8, (byte) 0x05, (byte) 0xb8, (byte) 0xaa, (byte) 0x0a,
- (byte) 0x2d, (byte) 0x74, (byte) 0x05, (byte) 0x8b, (byte) 0xad, (byte) 0xfe,
- (byte) 0xd3, (byte) 0x3e, (byte) 0x08, (byte) 0x9d, (byte) 0xc9, (byte) 0xf5,
- (byte) 0xf7, (byte) 0x81, (byte) 0x90, (byte) 0xf1, (byte) 0xcc, (byte) 0x3f,
- (byte) 0x91, (byte) 0xda, (byte) 0xcb, (byte) 0x67, (byte) 0x6a, (byte) 0xe8,
- (byte) 0x4a, (byte) 0xa0, (byte) 0xc3, (byte) 0x8a, (byte) 0x53, (byte) 0xd9,
- (byte) 0xf0, (byte) 0x17, (byte) 0xbe, (byte) 0x90, (byte) 0xbb, (byte) 0x95,
- (byte) 0x29, (byte) 0x01, (byte) 0xce, (byte) 0x32, (byte) 0xce, (byte) 0xf8,
- (byte) 0x02, (byte) 0xfe, (byte) 0xe8, (byte) 0x19, (byte) 0x91, (byte) 0x29,
- (byte) 0x46, (byte) 0xf7, (byte) 0x67, (byte) 0xd1, (byte) 0xcb, (byte) 0xa7,
- (byte) 0x20, (byte) 0x8b, (byte) 0x85, (byte) 0x8a, (byte) 0x0c, (byte) 0x07,
- (byte) 0xf8, (byte) 0xfe, (byte) 0xf4, (byte) 0x5d, (byte) 0x08, (byte) 0xf4,
- (byte) 0x63, (byte) 0x4a, (byte) 0x69, (byte) 0x66, (byte) 0x28, (byte) 0xcb,
- (byte) 0x0d, (byte) 0x1c, (byte) 0x7f, (byte) 0x7f, (byte) 0x7e, (byte) 0x83,
- (byte) 0x49, (byte) 0x66, (byte) 0x6c, (byte) 0x83, (byte) 0x2d, (byte) 0xa0,
- (byte) 0x51, (byte) 0xf6, (byte) 0x14, (byte) 0x68, (byte) 0x47, (byte) 0x31,
- (byte) 0x72, (byte) 0x4d, (byte) 0xe9, (byte) 0x1e, (byte) 0x12, (byte) 0x1b,
- (byte) 0xd0, (byte) 0xe6, (byte) 0x21, (byte) 0xd8, (byte) 0x84, (byte) 0x5f,
- (byte) 0xe3, (byte) 0xef, (byte) 0x02, (byte) 0x03, (byte) 0x01, (byte) 0x00,
- (byte) 0x01, (byte) 0xa3, (byte) 0x7b, (byte) 0x30, (byte) 0x79, (byte) 0x30,
- (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13,
- (byte) 0x04, (byte) 0x02, (byte) 0x30, (byte) 0x00, (byte) 0x30, (byte) 0x2c,
- (byte) 0x06, (byte) 0x09, (byte) 0x60, (byte) 0x86, (byte) 0x48, (byte) 0x01,
- (byte) 0x86, (byte) 0xf8, (byte) 0x42, (byte) 0x01, (byte) 0x0d, (byte) 0x04,
- (byte) 0x1f, (byte) 0x16, (byte) 0x1d, (byte) 0x4f, (byte) 0x70, (byte) 0x65,
- (byte) 0x6e, (byte) 0x53, (byte) 0x53, (byte) 0x4c, (byte) 0x20, (byte) 0x47,
- (byte) 0x65, (byte) 0x6e, (byte) 0x65, (byte) 0x72, (byte) 0x61, (byte) 0x74,
- (byte) 0x65, (byte) 0x64, (byte) 0x20, (byte) 0x43, (byte) 0x65, (byte) 0x72,
- (byte) 0x74, (byte) 0x69, (byte) 0x66, (byte) 0x69, (byte) 0x63, (byte) 0x61,
- (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x1d, (byte) 0x06, (byte) 0x03,
- (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, (byte) 0x16, (byte) 0x04,
- (byte) 0x14, (byte) 0xee, (byte) 0xec, (byte) 0x08, (byte) 0xcc, (byte) 0xdd,
- (byte) 0xa3, (byte) 0x29, (byte) 0x6e, (byte) 0x2b, (byte) 0x78, (byte) 0x23,
- (byte) 0xb3, (byte) 0xf0, (byte) 0xb8, (byte) 0x9d, (byte) 0x53, (byte) 0x41,
- (byte) 0x2e, (byte) 0x3c, (byte) 0x61, (byte) 0x30, (byte) 0x1f, (byte) 0x06,
- (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, (byte) 0x04, (byte) 0x18,
- (byte) 0x30, (byte) 0x16, (byte) 0x80, (byte) 0x14, (byte) 0x86, (byte) 0xdb,
- (byte) 0xa5, (byte) 0x5e, (byte) 0x0e, (byte) 0x03, (byte) 0xbc, (byte) 0xe4,
- (byte) 0xc1, (byte) 0xc8, (byte) 0xf3, (byte) 0xed, (byte) 0x24, (byte) 0x48,
- (byte) 0xb1, (byte) 0x37, (byte) 0x3a, (byte) 0x52, (byte) 0x10, (byte) 0x57,
- (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86,
- (byte) 0x48, (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01,
- (byte) 0x0b, (byte) 0x05, (byte) 0x00, (byte) 0x03, (byte) 0x82, (byte) 0x01,
- (byte) 0x01, (byte) 0x00, (byte) 0x15, (byte) 0x5a, (byte) 0x5c, (byte) 0x08,
- (byte) 0xe4, (byte) 0x0e, (byte) 0x28, (byte) 0x4c, (byte) 0xa9, (byte) 0x0e,
- (byte) 0x35, (byte) 0xbe, (byte) 0xe3, (byte) 0xd5, (byte) 0xd1, (byte) 0xb4,
- (byte) 0x47, (byte) 0x87, (byte) 0x63, (byte) 0xd2, (byte) 0x5e, (byte) 0x7e,
- (byte) 0xf6, (byte) 0xd8, (byte) 0xce, (byte) 0xdf, (byte) 0x10, (byte) 0x15,
- (byte) 0x61, (byte) 0xc4, (byte) 0x9a, (byte) 0xf1, (byte) 0xba, (byte) 0x33,
- (byte) 0xf2, (byte) 0xc2, (byte) 0x01, (byte) 0x95, (byte) 0xa7, (byte) 0x74,
- (byte) 0x97, (byte) 0xc1, (byte) 0x43, (byte) 0x68, (byte) 0x92, (byte) 0xbe,
- (byte) 0x9a, (byte) 0x6f, (byte) 0x38, (byte) 0xcb, (byte) 0xa0, (byte) 0xcf,
- (byte) 0x1e, (byte) 0x5b, (byte) 0x03, (byte) 0xde, (byte) 0x45, (byte) 0x6d,
- (byte) 0xea, (byte) 0xf0, (byte) 0x46, (byte) 0x4d, (byte) 0xb6, (byte) 0x4b,
- (byte) 0x88, (byte) 0xc7, (byte) 0xb8, (byte) 0xe3, (byte) 0x9f, (byte) 0x58,
- (byte) 0x8b, (byte) 0x2d, (byte) 0xbf, (byte) 0x4b, (byte) 0x3f, (byte) 0x54,
- (byte) 0x2d, (byte) 0xa8, (byte) 0x27, (byte) 0x72, (byte) 0x5e, (byte) 0x36,
- (byte) 0x67, (byte) 0x5c, (byte) 0x6e, (byte) 0x9a, (byte) 0x67, (byte) 0x73,
- (byte) 0x44, (byte) 0xaf, (byte) 0x46, (byte) 0x7f, (byte) 0xd6, (byte) 0x2b,
- (byte) 0x9d, (byte) 0x28, (byte) 0xb1, (byte) 0xc4, (byte) 0xc4, (byte) 0x72,
- (byte) 0x3d, (byte) 0x6d, (byte) 0x7d, (byte) 0x28, (byte) 0x40, (byte) 0x62,
- (byte) 0x40, (byte) 0x21, (byte) 0x52, (byte) 0xb5, (byte) 0x0b, (byte) 0xf3,
- (byte) 0xcc, (byte) 0x36, (byte) 0x03, (byte) 0x10, (byte) 0x19, (byte) 0xe3,
- (byte) 0xc2, (byte) 0xfe, (byte) 0xe9, (byte) 0x08, (byte) 0x0d, (byte) 0xd4,
- (byte) 0x8b, (byte) 0x12, (byte) 0xd6, (byte) 0x3d, (byte) 0xc5, (byte) 0xb8,
- (byte) 0x8c, (byte) 0xbd, (byte) 0xa5, (byte) 0xcd, (byte) 0xb3, (byte) 0xe4,
- (byte) 0xd1, (byte) 0xd8, (byte) 0x4c, (byte) 0x32, (byte) 0x44, (byte) 0x3f,
- (byte) 0x63, (byte) 0x32, (byte) 0x09, (byte) 0xdb, (byte) 0x8b, (byte) 0x7b,
- (byte) 0x30, (byte) 0x58, (byte) 0xc7, (byte) 0xcf, (byte) 0xc3, (byte) 0x44,
- (byte) 0xd9, (byte) 0xff, (byte) 0x63, (byte) 0x91, (byte) 0x74, (byte) 0xd8,
- (byte) 0x62, (byte) 0x2b, (byte) 0x52, (byte) 0xc8, (byte) 0x82, (byte) 0x9f,
- (byte) 0xeb, (byte) 0x22, (byte) 0x5c, (byte) 0xa2, (byte) 0x26, (byte) 0xfe,
- (byte) 0x04, (byte) 0x31, (byte) 0x53, (byte) 0x09, (byte) 0xa7, (byte) 0x23,
- (byte) 0xe3, (byte) 0x0f, (byte) 0xf8, (byte) 0xe9, (byte) 0x99, (byte) 0xad,
- (byte) 0x4b, (byte) 0x23, (byte) 0x07, (byte) 0xfb, (byte) 0xfa, (byte) 0xc3,
- (byte) 0x55, (byte) 0x59, (byte) 0xdb, (byte) 0x6b, (byte) 0x71, (byte) 0xdf,
- (byte) 0x25, (byte) 0x0f, (byte) 0xaa, (byte) 0xa2, (byte) 0xfa, (byte) 0x28,
- (byte) 0x49, (byte) 0x65, (byte) 0x7e, (byte) 0x0b, (byte) 0x74, (byte) 0x30,
- (byte) 0xd9, (byte) 0x9a, (byte) 0xfe, (byte) 0x2c, (byte) 0x8c, (byte) 0x67,
- (byte) 0x50, (byte) 0x0c, (byte) 0x6d, (byte) 0x4c, (byte) 0xba, (byte) 0x34,
- (byte) 0x3b, (byte) 0x0d, (byte) 0x16, (byte) 0x45, (byte) 0x63, (byte) 0x73,
- (byte) 0xc2, (byte) 0x9f, (byte) 0xb4, (byte) 0xdd, (byte) 0x6f, (byte) 0xde,
- (byte) 0x9d, (byte) 0x71, (byte) 0xbf, (byte) 0x8d, (byte) 0x1b, (byte) 0x79,
- (byte) 0xa0, (byte) 0x0a, (byte) 0x66, (byte) 0x7e, (byte) 0x56, (byte) 0x83,
- (byte) 0x8f, (byte) 0x3f, (byte) 0x7d, (byte) 0x93, (byte) 0xf6, (byte) 0xc9,
- (byte) 0x42, (byte) 0xfc, (byte) 0xc5, (byte) 0xf2, (byte) 0x49, (byte) 0xec};
+ private byte[] getByteArrayFromRawRes(int resId, String resName) throws IOException {
+ byte[] byteArray = null;
+ try (InputStream inStream = mResources.openRawResource(resId);
+ ByteArrayOutputStream outStream = new ByteArrayOutputStream(); ) {
+ assumeTrue(mContext.getString(R.string.rawResOpenError, resName), inStream != null);
+ byteArray = new byte[1024];
+ int nRead = inStream.read(byteArray, 0, byteArray.length);
+ assumeTrue(mContext.getString(R.string.streamReadError, resName), nRead > 0);
+ outStream.write(byteArray, 0, nRead);
+ }
+ return byteArray;
+ }
@After
public void tearDown() {
try {
+ // Go to home screen
+ mDevice.executeShellCommand(mContext.getString(R.string.cmdAdbHome));
+
+ // Remove key pair added by the test as part of cleanup
mDevicePolicyManager.removeKeyPair(mComponentName, mContext.getString(R.string.alias));
- mDevicePolicyManager.clearDeviceOwnerApp(mContext.getPackageName());
} catch (Exception e) {
// ignore all exceptions as the test is already complete
}
@@ -314,85 +92,146 @@
@Test
public void testOverlayButtonPresence() {
try {
- /* Install key pair required to launch KeyChainActivity dialog */
+ // Create the byte arrays from raw resources of private key and user certificate
+ // respectively.
mContext = getInstrumentation().getContext();
- Resources resources = mContext.getResources();
- KeyFactory kf = KeyFactory.getInstance(mContext.getString(R.string.keyType));
- PrivateKey privKey = kf.generatePrivate(new PKCS8EncodedKeySpec(PRIVATE_KEY));
- CertificateFactory cf =
- CertificateFactory.getInstance(mContext.getString(R.string.certType));
- Certificate cert = cf.generateCertificate(new ByteArrayInputStream(USER_CERT));
- mDevicePolicyManager = mContext.getSystemService(DevicePolicyManager.class);
- mComponentName = new ComponentName(PocDeviceAdminReceiver.class.getPackage().getName(),
- PocDeviceAdminReceiver.class.getName());
- assumeTrue(mDevicePolicyManager.installKeyPair(mComponentName, privKey, cert,
- mContext.getString(R.string.alias)));
+ mResources = mContext.getResources();
+ byte[] privateKeyByteArray =
+ getByteArrayFromRawRes(
+ R.raw.cve_2021_0963_pkey, mContext.getString(R.string.pKey));
+ byte[] userCertByteArray =
+ getByteArrayFromRawRes(
+ R.raw.cve_2021_0963_usercert, mContext.getString(R.string.userCert));
- /* Start the overlay service */
+ // Install key pair required to launch KeyChainActivity dialog
+ KeyFactory kf = KeyFactory.getInstance(mContext.getString(R.string.typeKey));
+ PrivateKey privKey = kf.generatePrivate(new PKCS8EncodedKeySpec(privateKeyByteArray));
+ CertificateFactory cf =
+ CertificateFactory.getInstance(mContext.getString(R.string.typeCert));
+ Certificate cert = cf.generateCertificate(new ByteArrayInputStream(userCertByteArray));
+ mDevicePolicyManager = mContext.getSystemService(DevicePolicyManager.class);
+ mComponentName =
+ new ComponentName(
+ PocDeviceAdminReceiver.class.getPackage().getName(),
+ PocDeviceAdminReceiver.class.getName());
+ assumeTrue(
+ mDevicePolicyManager.installKeyPair(
+ mComponentName, privKey, cert, mContext.getString(R.string.alias)));
+
+ // Start the overlay service
Intent intent = new Intent(mContext, PocService.class);
- assumeTrue(mContext.getString(R.string.canNotDrawOverlaysMsg),
+ assumeTrue(
+ mContext.getString(R.string.exceptionCanNotDrawOverlays),
Settings.canDrawOverlays(mContext));
CompletableFuture<PocStatus> callbackReturn = new CompletableFuture<>();
- RemoteCallback cb = new RemoteCallback((Bundle result) -> {
- PocStatus pocStatus =
- new PocStatus(result.getInt(mContext.getString(R.string.statusKey)),
- result.getString(mContext.getString(R.string.messageKey)));
- callbackReturn.complete(pocStatus);
- });
- intent.putExtra(mContext.getString(R.string.callbackKey), cb);
+ RemoteCallback cb =
+ new RemoteCallback(
+ (Bundle result) -> {
+ PocStatus pocStatus =
+ new PocStatus(
+ result.getInt(mContext.getString(R.string.status)),
+ result.getString(
+ mContext.getString(R.string.message)));
+ callbackReturn.complete(pocStatus);
+ });
+ intent.putExtra(mContext.getString(R.string.callback), cb);
mContext.startService(intent);
- PocStatus result = callbackReturn.get(resources.getInteger(R.integer.timeoutMs),
- TimeUnit.MILLISECONDS);
- assumeTrue(result.getErrorMessage(),
- result.getStatusCode() != resources.getInteger(R.integer.assumptionFailure));
-
- /* Wait for the overlay window */
- Pattern overlayTextPattern = Pattern.compile(
- mContext.getString(R.string.overlayButtonText), Pattern.CASE_INSENSITIVE);
- UiDevice device = UiDevice.getInstance(getInstrumentation());
- assumeTrue(mContext.getString(R.string.overlayUiScreenError),
- device.wait(Until.hasObject(By.text(overlayTextPattern)),
- mContext.getResources().getInteger(R.integer.timeoutMs)));
-
- /* Start PocActivity which starts the vulnerable activity */
- intent = new Intent(mContext, PocActivity.class);
- intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
- CompletableFuture<PocStatus> pocActivityReturn = new CompletableFuture<>();
- RemoteCallback pocActivityCb = new RemoteCallback((Bundle pocActivityResult) -> {
- PocStatus pocStatus = new PocStatus(
- pocActivityResult.getInt(mContext.getString(R.string.statusKey)),
- pocActivityResult.getString(mContext.getString(R.string.messageKey)));
- pocActivityReturn.complete(pocStatus);
- });
- intent.putExtra(mContext.getString(R.string.callbackKey), pocActivityCb);
- mContext.startActivity(intent);
- result = pocActivityReturn.get(resources.getInteger(R.integer.timeoutMs),
- TimeUnit.MILLISECONDS);
- assumeTrue(result.getErrorMessage(),
- result.getStatusCode() != resources.getInteger(R.integer.assumptionFailure));
-
- /* Get the vulnerable activity name by using an alternative intent */
- Intent vulIntent = new Intent(mContext.getString(R.string.actionKeychainActivity));
- ResolveInfo ri = mContext.getPackageManager().resolveActivity(vulIntent,
- PackageManager.MATCH_DEFAULT_ONLY);
- String vulnerableActivityName = ri.activityInfo.name;
-
- /* Wait until the object of launcher activity is gone */
- boolean overlayDisallowed = device.wait(Until.gone(By.pkg(mContext.getPackageName())),
- mContext.getResources().getInteger(R.integer.timeoutMs));
-
- /* Check if the currently running activity is the vulnerable activity */
- String activityDump = "";
- activityDump = device.executeShellCommand(
- mContext.getString(R.string.dumpsysActivity, vulnerableActivityName));
- Pattern activityPattern = Pattern.compile(mContext.getString(R.string.mResumedTrue),
- Pattern.CASE_INSENSITIVE);
+ PocStatus result =
+ callbackReturn.get(
+ mResources.getInteger(R.integer.timeoutMs), TimeUnit.MILLISECONDS);
assumeTrue(
- mContext.getString(R.string.vulActivityNotRunningError, vulnerableActivityName),
+ result.getErrorMessage(),
+ result.getStatusCode() != mResources.getInteger(R.integer.assumptionFailure));
+
+ // Wait for the overlay window
+ mDevice = UiDevice.getInstance(getInstrumentation());
+ Pattern overlayTextPattern =
+ Pattern.compile(
+ mContext.getString(R.string.txtOverlayBtn), Pattern.CASE_INSENSITIVE);
+ assumeTrue(
+ mContext.getString(R.string.exceptionOverlayUiNotVisible),
+ mDevice.wait(
+ Until.hasObject(By.text(overlayTextPattern)),
+ mResources.getInteger(R.integer.timeoutMs)));
+
+ // Start PocActivity which in turn starts the vulnerable activity
+ intent = new Intent(mContext, PocActivity.class);
+ intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK | Intent.FLAG_ACTIVITY_CLEAR_TASK);
+ CompletableFuture<PocStatus> pocActivityReturn = new CompletableFuture<>();
+ RemoteCallback pocActivityCb =
+ new RemoteCallback(
+ (Bundle pocActivityResult) -> {
+ PocStatus pocStatus =
+ new PocStatus(
+ pocActivityResult.getInt(
+ mContext.getString(R.string.status)),
+ pocActivityResult.getString(
+ mContext.getString(R.string.message)));
+ pocActivityReturn.complete(pocStatus);
+ });
+ intent.putExtra(mContext.getString(R.string.callback), pocActivityCb);
+ mContext.startActivity(intent);
+ result =
+ pocActivityReturn.get(
+ mResources.getInteger(R.integer.timeoutMs), TimeUnit.MILLISECONDS);
+ assumeTrue(
+ result.getErrorMessage(),
+ result.getStatusCode() != mResources.getInteger(R.integer.assumptionFailure));
+
+ // Get the vulnerable activity name by using an alternative intent
+ Intent vulIntent = new Intent(mContext.getString(R.string.action));
+ ResolveInfo ri =
+ mContext.getPackageManager()
+ .resolveActivity(vulIntent, PackageManager.MATCH_DEFAULT_ONLY);
+ String vulnerableActivityName = ri.activityInfo.name;
+ String vulnerablePkgName = ri.activityInfo.packageName;
+
+ // Wait until the object of launcher activity is gone
+ boolean overlayDisallowed =
+ mDevice.wait(
+ Until.gone(By.pkg(mContext.getPackageName())),
+ mResources.getInteger(R.integer.timeoutMs));
+
+ // Check if the currently resumed activity is the vulnerable activity
+ String activityDump =
+ mDevice.executeShellCommand(
+ mContext.getString(
+ R.string.cmdDumpsysActivityByActivity, vulnerableActivityName));
+ Pattern activityPattern =
+ Pattern.compile(
+ mContext.getString(R.string.flagActivityResumed),
+ Pattern.CASE_INSENSITIVE);
+ assumeTrue(
+ mContext.getString(
+ R.string.exceptionVulActivityNotResume, vulnerableActivityName),
activityPattern.matcher(activityDump).find());
- /* Failing the test as fix is not present */
- assertTrue(mContext.getString(R.string.errorMessage, vulnerableActivityName),
+ // Check if vulnerable activity's UI is visible
+ String vulPkgDump =
+ mDevice.executeShellCommand(
+ mContext.getString(
+ R.string.cmdDumpsysActivityByPkg, vulnerablePkgName));
+ boolean isVisible = false;
+ for (String vulPkgDumpElement :
+ vulPkgDump.split(mContext.getString(R.string.strSplitRegex))) {
+ if (vulPkgDumpElement
+ .toLowerCase()
+ .contains(vulnerableActivityName.toLowerCase())) {
+ if (vulPkgDumpElement.contains(
+ mContext.getString(R.string.flagActivityVisible))) {
+ isVisible = true;
+ break;
+ }
+ }
+ }
+ assumeTrue(
+ mContext.getString(R.string.exceptionVulUiNotVisible, vulnerableActivityName),
+ isVisible);
+
+ // On vulnerable device, vulnerable activity will be overlaid so 'overlayDisallowed'
+ // will be set to true so the test fails, else it passes.
+ assertTrue(
+ mContext.getString(R.string.failMsg, vulnerableActivityName),
overlayDisallowed);
} catch (Exception e) {
assumeNoException(e);
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/src/android/security/cts/CVE_2021_0963/PocActivity.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/src/android/security/cts/CVE_2021_0963/PocActivity.java
index ac8ea15..bcf98e1 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/src/android/security/cts/CVE_2021_0963/PocActivity.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/src/android/security/cts/CVE_2021_0963/PocActivity.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 The Android Open Source Project
+ * Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -27,13 +27,19 @@
public class PocActivity extends Activity {
@Override
- protected void onCreate(Bundle savedInstanceState) {
+ public void onResume() {
try {
- super.onCreate(savedInstanceState);
- KeyChainAliasCallback callback = new KeyChainAliasCallback() {
- @Override
- public void alias(@Nullable String alias) {}
- };
+ super.onResume();
+
+ // Waiting briefly for the PocActivity window transition animation to complete.
+ Thread.sleep(500);
+
+ // Launching the vulnerable activity KeyChainActivity
+ KeyChainAliasCallback callback =
+ new KeyChainAliasCallback() {
+ @Override
+ public void alias(@Nullable String alias) {}
+ };
KeyChain.choosePrivateKeyAlias(this, callback, null, null, null, -1, null);
sendTestResult(getResources().getInteger(R.integer.noException), "");
} catch (Exception e) {
@@ -44,10 +50,10 @@
void sendTestResult(int status, String message) {
try {
RemoteCallback cb =
- (RemoteCallback) getIntent().getExtras().get(getString(R.string.callbackKey));
+ (RemoteCallback) getIntent().getExtras().get(getString(R.string.callback));
Bundle res = new Bundle();
- res.putString(getString(R.string.messageKey), message);
- res.putInt(getString(R.string.statusKey), status);
+ res.putString(getString(R.string.message), message);
+ res.putInt(getString(R.string.status), status);
cb.sendResult(res);
} catch (Exception e) {
// ignore all exceptions
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/src/android/security/cts/CVE_2021_0963/PocDeviceAdminReceiver.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/src/android/security/cts/CVE_2021_0963/PocDeviceAdminReceiver.java
index 5592323..b8ef104 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/src/android/security/cts/CVE_2021_0963/PocDeviceAdminReceiver.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/src/android/security/cts/CVE_2021_0963/PocDeviceAdminReceiver.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 The Android Open Source Project
+ * Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -18,5 +18,4 @@
import android.app.admin.DeviceAdminReceiver;
-public class PocDeviceAdminReceiver extends DeviceAdminReceiver {
-}
+public class PocDeviceAdminReceiver extends DeviceAdminReceiver {}
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/src/android/security/cts/CVE_2021_0963/PocService.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/src/android/security/cts/CVE_2021_0963/PocService.java
index b83e824..c78d7d4 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/src/android/security/cts/CVE_2021_0963/PocService.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/src/android/security/cts/CVE_2021_0963/PocService.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 The Android Open Source Project
+ * Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -55,8 +55,8 @@
mWindowManager = getSystemService(WindowManager.class);
mLayoutParams = new LayoutParams();
mLayoutParams.type = LayoutParams.TYPE_APPLICATION_OVERLAY;
- mLayoutParams.flags = LayoutParams.FLAG_NOT_TOUCH_MODAL |
- LayoutParams.FLAG_NOT_FOCUSABLE;
+ mLayoutParams.flags =
+ LayoutParams.FLAG_NOT_TOUCH_MODAL | LayoutParams.FLAG_NOT_FOCUSABLE;
mLayoutParams.format = PixelFormat.OPAQUE;
mLayoutParams.gravity = Gravity.LEFT | Gravity.TOP;
mLayoutParams.width = getScreenWidth();
@@ -65,7 +65,7 @@
mLayoutParams.y = getScreenHeight() / 2;
Context context = getApplicationContext();
mButton = new Button(context);
- mButton.setText(context.getString(R.string.overlayButtonText));
+ mButton.setText(context.getString(R.string.txtOverlayBtn));
mWindowManager.addView(mButton, mLayoutParams);
sendTestResult(getResources().getInteger(R.integer.noException), "");
} catch (Exception e) {
@@ -87,10 +87,10 @@
void sendTestResult(int status, String message) {
try {
RemoteCallback cb =
- (RemoteCallback) mIntent.getExtras().get(getString(R.string.callbackKey));
+ (RemoteCallback) mIntent.getExtras().get(getString(R.string.callback));
Bundle res = new Bundle();
- res.putString(getString(R.string.messageKey), message);
- res.putInt(getString(R.string.statusKey), status);
+ res.putString(getString(R.string.message), message);
+ res.putInt(getString(R.string.status), status);
cb.sendResult(res);
} catch (Exception e) {
// ignore exception here
diff --git a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/src/android/security/cts/CVE_2021_0963/PocStatus.java b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/src/android/security/cts/CVE_2021_0963/PocStatus.java
index de67f0f..7e6c63d 100644
--- a/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/src/android/security/cts/CVE_2021_0963/PocStatus.java
+++ b/hostsidetests/securitybulletin/test-apps/CVE-2021-0963/src/android/security/cts/CVE_2021_0963/PocStatus.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2022 The Android Open Source Project
+ * Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.