1 /*
2  * Copyright (C) 2023 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.security.cts;
18 
19 import static org.junit.Assume.assumeNoException;
20 import static org.junit.Assume.assumeTrue;
21 
22 import android.platform.test.annotations.AsbSecurityTest;
23 
24 import com.android.sts.common.UserUtils;
25 import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
26 import com.android.tradefed.device.ITestDevice;
27 import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
28 import com.android.tradefed.util.IRunUtil;
29 import com.android.tradefed.util.RunUtil;
30 
31 import org.junit.Test;
32 import org.junit.runner.RunWith;
33 
34 @RunWith(DeviceJUnit4ClassRunner.class)
35 public class CVE_2023_21238 extends NonRootSecurityTestCase {
36 
37     @AsbSecurityTest(cveBugId = 277740848)
38     @Test
testPocCVE_2023_21238()39     public void testPocCVE_2023_21238() {
40         try {
41             ITestDevice device = getDevice();
42             final String testPkg = "android.security.cts.CVE_2023_21238";
43 
44             // Install test app in device
45             installPackage("CVE-2023-21238.apk", "-g");
46 
47             // Create new user and save a screenshot in that user
48             final int currentUserId = device.getCurrentUser();
49             try (AutoCloseable asSecondaryUser =
50                     new UserUtils.SecondaryUser(device)
51                             .name("cve_2023_21238_user")
52                             .doSwitch()
53                             .withUser()) {
54                 int userId = device.getCurrentUser();
55                 device.executeShellCommand("input keyevent KEYCODE_SYSRQ");
56 
57                 // Wait for screenshot to get saved in the created user
58                 final long timeout = 5_000L;
59                 final long waitPerIteration = 500L;
60                 boolean screenshotSaved = false;
61                 IRunUtil runUtil = RunUtil.getDefault();
62                 long start = System.currentTimeMillis();
63                 do {
64                     screenshotSaved =
65                             device.executeShellCommand(
66                                             "content query --user "
67                                                     + userId
68                                                     + " --projection _id --uri"
69                                                     + " content://media/external/images/media/")
70                                     .contains("Row");
71                     if (screenshotSaved) {
72                         break;
73                     }
74                     runUtil.sleep(waitPerIteration);
75                 } while (System.currentTimeMillis() - start <= timeout);
76                 assumeTrue(
77                         "Screenshot was not saved in the created userId = " + userId,
78                         screenshotSaved);
79 
80                 // Switch back to original user
81                 assumeTrue(device.switchUser(currentUserId));
82 
83                 // Run DeviceTest
84                 runDeviceTests(testPkg, testPkg + ".DeviceTest", "testPocCVE_2023_21238");
85             }
86         } catch (Exception e) {
87             assumeNoException(e);
88         }
89     }
90 }
91