1 /**
2  * Copyright (C) 2021 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.security.cts;
18 
19 import com.android.tradefed.util.RunUtil;
20 import android.platform.test.annotations.AsbSecurityTest;
21 import android.platform.test.annotations.SecurityTest;
22 
23 import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
24 import com.android.tradefed.device.ITestDevice;
25 import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
26 
27 import org.junit.Test;
28 import org.junit.runner.RunWith;
29 
30 @RunWith(DeviceJUnit4ClassRunner.class)
31 public class CVE_2021_0478 extends NonRootSecurityTestCase {
32 
33     /**
34      * b/169255797
35      */
36     @AsbSecurityTest(cveBugId = 169255797)
37     @SecurityTest(minPatchLevel = "2021-06")
38     @Test
testPocCVE_2021_0478()39     public void testPocCVE_2021_0478() throws Exception {
40         final int SLEEP_INTERVAL_MILLISEC = 30 * 1000;
41         String apkName = "CVE-2021-0478.apk";
42         String appPath = AdbUtils.TMP_PATH + apkName;
43         String packageName = "android.security.cts.cve_2021_0478";
44         String crashPattern = "Canvas: trying to draw too large";
45         ITestDevice device = getDevice();
46 
47         try {
48             /* Push the app to /data/local/tmp */
49             pocPusher.appendBitness(false);
50             pocPusher.pushFile(apkName, appPath);
51 
52             /* Wake up the screen */
53             AdbUtils.runCommandLine("input keyevent KEYCODE_WAKEUP", device);
54             AdbUtils.runCommandLine("input keyevent KEYCODE_MENU", device);
55             AdbUtils.runCommandLine("input keyevent KEYCODE_HOME", device);
56 
57             /* Install the application */
58             AdbUtils.runCommandLine("pm install " + appPath, device);
59 
60             /* Start the application */
61             AdbUtils.runCommandLine("am start -n " + packageName + "/.PocActivity", getDevice());
62             RunUtil.getDefault().sleep(SLEEP_INTERVAL_MILLISEC);
63         } catch (Exception e) {
64             e.printStackTrace();
65         } finally {
66             /* Un-install the app after the test */
67             AdbUtils.runCommandLine("pm uninstall " + packageName, device);
68 
69             /* Check if System UI has crashed thereby indicating the presence */
70             /* of the vulnerability */
71             String logcat = AdbUtils.runCommandLine("logcat -d *:S AndroidRuntime:E", device);
72             assertNotMatches(crashPattern, logcat);
73         }
74     }
75 }
76