1 /*
2  * Copyright (C) 2023 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.security.cts;
18 
19 import static org.junit.Assume.assumeNoException;
20 
21 import android.platform.test.annotations.AsbSecurityTest;
22 
23 import com.android.sts.common.UserUtils;
24 import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
25 import com.android.tradefed.device.ITestDevice;
26 import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
27 import com.android.tradefed.testtype.junit4.DeviceTestRunOptions;
28 
29 import org.junit.Test;
30 import org.junit.runner.RunWith;
31 
32 @RunWith(DeviceJUnit4ClassRunner.class)
33 public class CVE_2023_40092 extends NonRootSecurityTestCase {
34 
35     @AsbSecurityTest(cveBugId = 288110451)
36     @Test
testPocCVE_2023_40092()37     public void testPocCVE_2023_40092() {
38         try {
39             installPackage("CVE-2023-40092.apk");
40             ITestDevice device = getDevice();
41 
42             // Get userId of primary user
43             int primaryUserId = device.getCurrentUser();
44             try (AutoCloseable asSecondaryUser =
45                     new UserUtils.SecondaryUser(device)
46                             .name("cve_2023_40092_user")
47                             .doSwitch()
48                             .withUser()) {
49                 installPackage("CVE-2023-40092.apk", "--user " + device.getCurrentUser());
50 
51                 // Switch to primary user
52                 device.switchUser(primaryUserId);
53 
54                 // Run DeviceTest
55                 final String testPkg = "android.security.cts.CVE_2023_40092";
56                 runDeviceTests(
57                         new DeviceTestRunOptions(testPkg)
58                                 .setDevice(getDevice())
59                                 .setTestClassName(testPkg + ".DeviceTest")
60                                 .setTestMethodName("testPocCVE_2023_40092")
61                                 .setDisableHiddenApiCheck(true));
62             }
63         } catch (Exception e) {
64             assumeNoException(e);
65         }
66     }
67 }
68