1 /*
2  * Copyright (C) 2024 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.security.cts;
18 
19 import static com.google.common.truth.TruthJUnit.assume;
20 
21 import static org.junit.Assume.assumeNoException;
22 
23 import android.platform.test.annotations.AsbSecurityTest;
24 
25 import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
26 import com.android.tradefed.device.ITestDevice;
27 import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
28 import com.android.tradefed.testtype.junit4.DeviceTestRunOptions;
29 
30 import org.junit.Test;
31 import org.junit.runner.RunWith;
32 
33 @RunWith(DeviceJUnit4ClassRunner.class)
34 public class CVE_2024_23704 extends NonRootSecurityTestCase {
35 
36     @AsbSecurityTest(cveBugId = 299931761)
37     @Test
testPocCVE_2024_23704()38     public void testPocCVE_2024_23704() {
39         try {
40             // Install test-app
41             installPackage("CVE-2024-23704.apk", "-t");
42 
43             // Set the 'PocAdminReceiver' as device-owner using device policy manager
44             final String testPkg = "android.security.cts.CVE_2024_23704";
45             try (AutoCloseable withPocAdminReceiverAsDeviceOwner =
46                     withPocAdminReceiverAsDeviceOwner(testPkg)) {
47                 // Run DeviceTest
48                 runDeviceTests(
49                         new DeviceTestRunOptions(testPkg)
50                                 .setTestClassName(testPkg + ".DeviceTest")
51                                 .setTestMethodName("testCVE_2024_23704")
52                                 .setDisableHiddenApiCheck(true));
53             }
54         } catch (Exception e) {
55             assumeNoException(e);
56         }
57     }
58 
withPocAdminReceiverAsDeviceOwner(String testPackage)59     private AutoCloseable withPocAdminReceiverAsDeviceOwner(String testPackage) throws Exception {
60         // Set the 'PocAdminReceiver' as device-owner using device policy manager
61         final ITestDevice device = getDevice();
62         final int userId = device.getCurrentUser();
63         final String componentName = testPackage + "/.PocAdminReceiver";
64         assume().withMessage("Unable to set device owner")
65                 .that(device.setDeviceOwner(componentName, userId))
66                 .isTrue();
67 
68         // Return 'AutoCloseable' to remove the 'PocAdminReceiver' as device-owner
69         return () -> device.removeAdmin(componentName, userId);
70     }
71 }
72