Detect native code loading by untrusted_app.

Modify the regex to cover untrusted_app as well as untrusted_app_25 and untrusted_app_27. Add a test to verify. Bug: 126536482 Test: atest DynamicCodeLoggerIntegrationsTests Change-Id: Ie4cbabfb55a5e78868cc6ee8ec46270ab3bf75d1
author: Alan Stokes <alanstokes@google.com> 2019-02-27 21:30:59 +0000
committer: Alan Stokes <alanstokes@google.com> 2019-02-27 21:30:59 +0000
commit: fc9a21de684f24f0005be43d0113b504bd5990fc (patch)
tree: b3d293910bf690463604112c34b30a220216cf90 /tests/DynamicCodeLoggerIntegrationTests
parent: d5276e9f84269ee1a429177782beaa9f7a897234 (diff)
1 files changed, 28 insertions, 0 deletions
diff --git a/tests/DynamicCodeLoggerIntegrationTests/src/com/android/server/pm/dex/DynamicCodeLoggerIntegrationTests.java b/tests/DynamicCodeLoggerIntegrationTests/src/com/android/server/pm/dex/DynamicCodeLoggerIntegrationTests.java
index 8ef15d869a0b..4f9aeea5bdb4 100644
--- a/tests/DynamicCodeLoggerIntegrationTests/src/com/android/server/pm/dex/DynamicCodeLoggerIntegrationTests.java
+++ b/tests/DynamicCodeLoggerIntegrationTests/src/com/android/server/pm/dex/DynamicCodeLoggerIntegrationTests.java
@@ -235,6 +235,34 @@ public final class DynamicCodeLoggerIntegrationTests {
     }
 
     @Test
+    public void testGeneratesEvents_spoofed_validFile_untrustedApp() throws Exception {
+        File privateCopyFile = privateFile("spoofed2");
+
+        String expectedContentHash = copyAndHashResource(
+                "/DynamicCodeLoggerNativeExecutable", privateCopyFile);
+
+        EventLog.writeEvent(EventLog.getTagCode("auditd"),
+                "type=1400 avc: granted { execute_no_trans } "
+                        + "path=\"" + privateCopyFile + "\" "
+                        + "scontext=u:r:untrusted_app: "
+                        + "tcontext=u:object_r:app_data_file: "
+                        + "tclass=file ");
+
+        String expectedNameHash =
+                "3E57AA59249154C391316FDCF07C1D499C26A564E4D305833CCD9A98ED895AC9";
+
+        // Run the job to scan generated audit log entries
+        runDynamicCodeLoggingJob(AUDIT_WATCHING_JOB_ID);
+
+        // And then make sure we log events about it
+        long previousEventNanos = mostRecentEventTimeNanos();
+        runDynamicCodeLoggingJob(IDLE_LOGGING_JOB_ID);
+
+        assertDclLoggedSince(previousEventNanos, DCL_NATIVE_SUBTAG,
+                expectedNameHash, expectedContentHash);
+    }
+
+    @Test
     public void testGeneratesEvents_spoofed_pathTraversal() throws Exception {
         File privateDir = privateFile("x").getParentFile();
author	Alan Stokes <alanstokes@google.com>	2019-02-27 21:30:59 +0000
committer	Alan Stokes <alanstokes@google.com>	2019-02-27 21:30:59 +0000
commit	fc9a21de684f24f0005be43d0113b504bd5990fc (patch)
tree	b3d293910bf690463604112c34b30a220216cf90 /tests/DynamicCodeLoggerIntegrationTests
parent	d5276e9f84269ee1a429177782beaa9f7a897234 (diff)