PawletOS/app_Settings
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
47b254ad8859ae061f58cd853f7929218ae29ef0
app_Settings/tests/robotests/src/com/android/settings/bluetooth/DevicePickerFragmentTest.java
Hugh Chen 8adedc6249 Fix bluetooth settings will broadcast to anywhere when some cases 
BluetoothPermissionActivity and DevicePickerFragment will send
broadcast to return the result to calling apps. As this broadcast
intent is from Settings with uid 1000, it will be sent to any
protected BroadcastReceivers in the device. It can make an attacker
send broadcast to protected BroadcastReceivers like factory reset intent
(android/com.android.server.MasterClearReceiver) via
BluetoothPermissionActivity or DevicePickerFragment.

This CL will not allow to set package name and class name to avoid
the attacker.

Bug: 179386960
Bug: 179386068
Test: make -j42 RunSettingsRoboTests and use test apk to manually test
to verify factory reset not started and no system UI notification.

Change-Id: Id27a78091ab578077853b8fbb97a4422cff0a158
2021-04-12 14:10:42 +08:00

82 lines
2.7 KiB
Java
Raw Blame History

/*
* Copyright (C) 2017 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.settings.bluetooth;
import static org.mockito.ArgumentMatchers.eq;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
import android.bluetooth.BluetoothDevice;
import android.content.Context;
import android.content.Intent;
import com.android.settingslib.bluetooth.CachedBluetoothDevice;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.ArgumentCaptor;
import org.mockito.Mock;
import org.mockito.MockitoAnnotations;
import org.robolectric.RobolectricTestRunner;
import org.robolectric.RuntimeEnvironment;
@RunWith(RobolectricTestRunner.class)
public class DevicePickerFragmentTest {
@Mock
private BluetoothProgressCategory mAvailableDevicesCategory;
private DevicePickerFragment mFragment;
private Context mContext;
@Before
public void setUp() {
MockitoAnnotations.initMocks(this);
mFragment = new DevicePickerFragment();
mContext = spy(RuntimeEnvironment.application);
mFragment.mContext = mContext;
mFragment.mAvailableDevicesCategory = mAvailableDevicesCategory;
}
@Test
public void testScanningStateChanged_started_setProgressStarted() {
mFragment.mScanEnabled = true;
mFragment.onScanningStateChanged(true);
verify(mAvailableDevicesCategory).setProgress(true);
}
@Test
public void sendBroadcastWithPermission() {
final CachedBluetoothDevice cachedDevice = mock(CachedBluetoothDevice.class);
final BluetoothDevice bluetoothDevice = mock(BluetoothDevice.class);
final ArgumentCaptor<Intent> intentCaptor = ArgumentCaptor.forClass(Intent.class);
when(cachedDevice.getDevice()).thenReturn(bluetoothDevice);
mFragment.mSelectedDevice = bluetoothDevice;
mFragment.onDeviceBondStateChanged(cachedDevice, BluetoothDevice.BOND_BONDED);
verify(mContext).sendBroadcast(intentCaptor.capture(),
eq("android.permission.BLUETOOTH_ADMIN"));
}
}
Reference in New Issue View Git Blame Copy Permalink