1 /*
2  * Copyright (C) 2014 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.cts.verifier.security;
18 
19 import android.app.KeyguardManager;
20 import android.app.admin.DevicePolicyManager;
21 import android.content.Intent;
22 import android.os.Bundle;
23 import android.view.View;
24 import android.widget.Button;
25 
26 import com.android.cts.verifier.PassFailButtons;
27 import com.android.cts.verifier.R;
28 
29 /**
30  * Verify elimination of the vulnerability that allows using an intent (with
31  * an extra) that bypasses the confirmation step of entering the original password/pattern
32  * before creating a new password/pattern for the lockscreen.
33  *
34  * First ask the user to ensure that some pattern or password is set for the lockscreen.
35  * Then issue the intent that was used to exploit the vulnerability and ask the user
36  * if he/she was prompted for the original pattern or password. If the user wasn't prompted,
37  * the test fails.
38  */
39 public class LockConfirmBypassTest extends PassFailButtons.Activity {
40     @Override
onCreate(Bundle savedInstanceState)41     protected void onCreate(Bundle savedInstanceState) {
42         super.onCreate(savedInstanceState);
43 
44         // Setup the UI.
45         setContentView(R.layout.pass_fail_lockconfirm);
46         setPassFailButtonClickListeners();
47         setInfoResources(R.string.lock_confirm_test_title, R.string.lock_confirm_message, -1);
48         // Get the lock set button and attach the listener.
49         Button lockSetButton = (Button) findViewById(R.id.lock_set_btn);
50         lockSetButton.setOnClickListener(new View.OnClickListener() {
51             @Override
52             public void onClick(View v) {
53                 Intent setPasswordIntent = new Intent(DevicePolicyManager.ACTION_SET_NEW_PASSWORD);
54                 startActivity(setPasswordIntent);
55             }
56         });
57         // Get the lock change button and attach the listener.
58         Button lockChangeButton = (Button) findViewById(R.id.lock_change_btn);
59         lockChangeButton.setOnClickListener(new View.OnClickListener() {
60             @Override
61             public void onClick(View v) {
62                 Intent setPasswordIntent = new Intent(DevicePolicyManager.ACTION_SET_NEW_PASSWORD);
63                 setPasswordIntent.putExtra("confirm_credentials", false);
64                 startActivity(setPasswordIntent);
65             }
66         });
67     }
68 
69 }
70