Commit 3033f941 authored by dcashman's avatar dcashman Committed by Gerrit Code Review
Browse files

Merge "Remove ineffective sock_diag cts test."

parents 3551f488 247db5d5
......@@ -16,10 +16,6 @@
#include <jni.h>
#include <linux/futex.h>
#include <linux/netlink.h>
#include <linux/sock_diag.h>
#include <stdio.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <sys/syscall.h>
#include <unistd.h>
......@@ -38,9 +34,6 @@
#include <inttypes.h>
#include <linux/sysctl.h>
#define PASSED 0
#define UNKNOWN_ERROR -1
/*
* Returns true iff this device is vulnerable to CVE-2013-2094.
* A patch for CVE-2013-2094 can be found at
......@@ -89,84 +82,6 @@ static jboolean android_security_cts_NativeCodeTest_doPerfEventTest2(JNIEnv* env
return true;
}
/*
* Will hang if vulnerable, return 0 if successful, -1 on unforseen
* error.
*/
static jint android_security_cts_NativeCodeTest_doSockDiagTest(JNIEnv* env, jobject thiz)
{
int fd, nlmsg_size, err, len;
char buf[1024];
struct sockaddr_nl nladdr;
struct nlmsghdr *nlh;
struct msghdr msg;
struct iovec iov;
struct sock_diag_req* sock_diag_data;
int major, minor;
struct utsname uts;
if (uname(&uts) != -1 &&
sscanf(uts.release, "%d.%d", &major, &minor) == 2 &&
((major > 3) || ((major == 3) && (minor > 8)))) {
// Kernels above 3.8 are patched against CVE-2013-1763
// This test generates false positives if run on > 3.8.
// b/17253473
return PASSED;
}
fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_SOCK_DIAG);
if (fd == -1) {
switch (errno) {
/* NETLINK_SOCK_DIAG not accessible, vector dne */
case EACCES:
case EAFNOSUPPORT:
case EPERM:
case EPROTONOSUPPORT:
return PASSED;
default:
return UNKNOWN_ERROR;
}
}
/* prepare and send netlink packet */
memset(&nladdr, 0, sizeof(nladdr));
nladdr.nl_family = AF_NETLINK;
nlmsg_size = NLMSG_ALIGN(NLMSG_HDRLEN + sizeof(sock_diag_data));
nlh = (nlmsghdr *)malloc(nlmsg_size);
nlh->nlmsg_len = nlmsg_size;
nlh->nlmsg_pid = 0; //send packet to kernel
nlh->nlmsg_type = SOCK_DIAG_BY_FAMILY;
nlh->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK;
iov = { (void *) nlh, nlmsg_size };
msg = { (void *) &nladdr, sizeof(nladdr), &iov, 1, NULL, 0, 0 };
sock_diag_data = (sock_diag_req *) NLMSG_DATA(nlh);
sock_diag_data->sdiag_family = AF_MAX+1;
if ((err = sendmsg(fd, &msg, 0)) == -1) {
/* SELinux blocked it */
if (errno == 22) {
return PASSED;
} else {
return UNKNOWN_ERROR;
}
}
free(nlh);
memset(&nladdr, 0, sizeof(nladdr));
iov = { buf, sizeof(buf) };
msg = { (void *) &nladdr, sizeof(nladdr), &iov, 1, NULL, 0, 0 };
if ((len = recvmsg(fd, &msg, 0)) == -1) {
return UNKNOWN_ERROR;
}
for (nlh = (struct nlmsghdr *) buf; NLMSG_OK(nlh, len); nlh = NLMSG_NEXT (nlh, len)){
if (nlh->nlmsg_type == NLMSG_ERROR) {
/* -22 = -EINVAL from kernel */
if (*(int *)NLMSG_DATA(nlh) == -22) {
return PASSED;
}
}
}
return UNKNOWN_ERROR;
}
/*
* Prior to https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/arm/include/asm/uaccess.h?id=8404663f81d212918ff85f493649a7991209fa04
* there was a flaw in the kernel's handling of get_user and put_user
......@@ -288,8 +203,6 @@ static JNINativeMethod gMethods[] = {
(void *) android_security_cts_NativeCodeTest_doPerfEventTest },
{ "doPerfEventTest2", "()Z",
(void *) android_security_cts_NativeCodeTest_doPerfEventTest2 },
{ "doSockDiagTest", "()I",
(void *) android_security_cts_NativeCodeTest_doSockDiagTest },
{ "doVrootTest", "()Z",
(void *) android_security_cts_NativeCodeTest_doVrootTest },
{ "doCVE20141710Test", "()Z",
......
......@@ -42,12 +42,6 @@ public class NativeCodeTest extends TestCase {
assertTrue(doPerfEventTest2());
}
public void testSockDiag() throws Exception {
int result = doSockDiagTest();
assertFalse("Encountered unexpected error: " + result + ".", (result == -1));
assertEquals(0, result);
}
public void testFutex() throws Exception {
assertTrue("Device is vulnerable to CVE-2014-3153, a vulnerability in the futex() system "
+ "call. Please apply the security patch at "
......@@ -78,12 +72,6 @@ public class NativeCodeTest extends TestCase {
*/
private static native boolean doPerfEventTest2();
/**
* Hangs if device is vulnerable to CVE-2013-1763, returns -1 if
* unexpected error occurs, 0 otherwise.
*/
private static native int doSockDiagTest();
/**
* ANDROID-11234878 / CVE-2013-6282
*
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment