• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2023 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.security.cts;
18 
19 import static org.junit.Assert.assertTrue;
20 import static org.junit.Assume.assumeNoException;
21 import static org.junit.Assume.assumeTrue;
22 
23 import android.platform.test.annotations.AsbSecurityTest;
24 
25 import com.android.sts.common.ProcessUtil;
26 import com.android.sts.common.tradefed.testtype.NonRootSecurityTestCase;
27 import com.android.tradefed.device.ITestDevice;
28 import com.android.tradefed.testtype.DeviceJUnit4ClassRunner;
29 import com.android.tradefed.util.RunUtil;
30 
31 import org.junit.Test;
32 import org.junit.runner.RunWith;
33 
34 import java.util.Optional;
35 
36 @RunWith(DeviceJUnit4ClassRunner.class)
37 public class CVE_2023_21145 extends NonRootSecurityTestCase {
38     private final int mNoPidFound = -1; /* Default pid */
39 
40     @AsbSecurityTest(cveBugId = 265293293)
41     @Test
testPocCVE_2023_21145()42     public void testPocCVE_2023_21145() {
43         try {
44             ITestDevice device = getDevice();
45 
46             // Install poc and start PipActivity to invoke the vulnerability
47             installPackage("CVE-2023-21145.apk");
48             String pocPkg = "android.security.cts.CVE_2023_21145";
49             device.executeShellCommand("am start-activity " + pocPkg + "/.PipActivity");
50 
51             // Wait for the PoC to start
52             final int initialPid = waitAndGetPid(device, mNoPidFound /* initial pid */);
53             assumeTrue("PoC process did not start", initialPid != mNoPidFound);
54 
55             // Wait for the PoC to be killed or restart
56             final int latestPid = waitAndGetPid(device, initialPid);
57             assumeTrue("PoC process did not die", latestPid != initialPid);
58 
59             // Without fix, the process restarts with new pid
60             assertTrue("Device is vulnerable to b/265293293 !!", latestPid == mNoPidFound);
61         } catch (Exception e) {
62             assumeNoException(e);
63         }
64     }
65 
waitAndGetPid(ITestDevice device, int initialPid)66     private int waitAndGetPid(ITestDevice device, int initialPid) throws Exception {
67         final long timeout = 10_000L;
68         final String processName = "android.security.cts.CVE_2023_21145:pipActivity";
69 
70         // Check if pid has changed
71         int currentPid = mNoPidFound;
72         long startTime = System.currentTimeMillis();
73         while ((currentPid == mNoPidFound || currentPid == initialPid) // Check if pid has changed
74                 && System.currentTimeMillis() - startTime <= timeout) {
75             Optional<Integer> pid = ProcessUtil.pidOf(device, processName);
76             currentPid = pid.isPresent() ? pid.get() : mNoPidFound;
77             RunUtil.getDefault().sleep(200); // Sleep for 200 ms before checking pid again
78         }
79         return currentPid;
80     }
81 }
82