diff --git a/tests/android_androidqf/__init__.py b/tests/android_androidqf/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/tests/android_androidqf/test_dumpsysaccessbility.py b/tests/android_androidqf/test_dumpsysaccessbility.py new file mode 100644 index 0000000..03937d7 --- /dev/null +++ b/tests/android_androidqf/test_dumpsysaccessbility.py @@ -0,0 +1,22 @@ +# Mobile Verification Toolkit (MVT) - Private +# Copyright (c) 2021-2022 Claudio Guarnieri. +# This file is part of MVT Private and its content is confidential. +# Please refer to the project maintainers before sharing with others. + +import logging + +from mvt.common.module import run_module + +from mvt.android.modules.androidqf.dumpsys_accessibility import \ + DumpsysAccessibility + +from ..utils import get_android_androidqf + + +class TestDumpsysAccessibilityModule: + def test_parsing(self): + data_path = get_android_androidqf() + m = DumpsysAccessibility(target_path=data_path) + run_module(m) + assert len(m.results) == 4 + assert len(m.detected) == 0 diff --git a/tests/android_androidqf/test_dumpsysappops.py b/tests/android_androidqf/test_dumpsysappops.py new file mode 100644 index 0000000..eb7e203 --- /dev/null +++ b/tests/android_androidqf/test_dumpsysappops.py @@ -0,0 +1,22 @@ +# Mobile Verification Toolkit (MVT) - Private +# Copyright (c) 2021-2022 Claudio Guarnieri. +# This file is part of MVT Private and its content is confidential. +# Please refer to the project maintainers before sharing with others. + +import logging + +from mvt.common.module import run_module + +from mvt.android.modules.androidqf.dumpsys_appops import DumpsysAppops + +from ..utils import get_android_androidqf + + +class TestDumpsysAppOpsModule: + def test_parsing(self): + data_path = get_android_androidqf() + m = DumpsysAppops(target_path=data_path) + run_module(m) + assert len(m.results) == 12 + assert len(m.timeline) == 16 + assert len(m.detected) == 0 diff --git a/tests/android_androidqf/test_dumpsyspackages.py b/tests/android_androidqf/test_dumpsyspackages.py new file mode 100644 index 0000000..a552c15 --- /dev/null +++ b/tests/android_androidqf/test_dumpsyspackages.py @@ -0,0 +1,37 @@ +# Mobile Verification Toolkit (MVT) - Private +# Copyright (c) 2021-2022 Claudio Guarnieri. +# This file is part of MVT Private and its content is confidential. +# Please refer to the project maintainers before sharing with others. + +import logging + +from mvt.common.indicators import Indicators +from mvt.common.module import run_module + +from mvt.android.modules.androidqf.dumpsys_packages import DumpsysPackages + +from ..utils import get_android_androidqf + + +class TestDumpsysPackagesModule: + def test_parsing(self): + data_path = get_android_androidqf() + m = DumpsysPackages(target_path=data_path) + run_module(m) + assert len(m.results) == 2 + assert len(m.detected) == 0 + assert len(m.timeline) == 6 + assert m.results[0]["package_name"] == "com.samsung.android.provider.filterprovider" + + def test_detection_pkgname(self, indicator_file): + data_path = get_android_androidqf() + m = DumpsysPackages(target_path=data_path) + ind = Indicators(log=logging.getLogger()) + ind.parse_stix2(indicator_file) + ind.ioc_collections[0]["app_ids"].append("com.sec.android.app.DataCreate") + m.indicators = ind + run_module(m) + assert len(m.results) == 2 + assert len(m.detected) == 1 + assert len(m.timeline) == 6 + assert m.detected[0]["package_name"] == "com.sec.android.app.DataCreate" diff --git a/tests/android_androidqf/test_dumpsysreceivers.py b/tests/android_androidqf/test_dumpsysreceivers.py new file mode 100644 index 0000000..d9d761e --- /dev/null +++ b/tests/android_androidqf/test_dumpsysreceivers.py @@ -0,0 +1,21 @@ +# Mobile Verification Toolkit (MVT) - Private +# Copyright (c) 2021-2022 Claudio Guarnieri. +# This file is part of MVT Private and its content is confidential. +# Please refer to the project maintainers before sharing with others. + +import logging + +from mvt.common.module import run_module + +from mvt.android.modules.androidqf.dumpsys_receivers import DumpsysReceivers + +from ..utils import get_android_androidqf + + +class TestDumpsysReceiversModule: + def test_parsing(self): + data_path = get_android_androidqf() + m = DumpsysReceivers(target_path=data_path) + run_module(m) + assert len(m.results) == 4 + assert len(m.detected) == 0 diff --git a/tests/android/test_androidqf_getprop.py b/tests/android_androidqf/test_getprop.py similarity index 100% rename from tests/android/test_androidqf_getprop.py rename to tests/android_androidqf/test_getprop.py diff --git a/tests/android/test_androidqf_processes.py b/tests/android_androidqf/test_processes.py similarity index 100% rename from tests/android/test_androidqf_processes.py rename to tests/android_androidqf/test_processes.py diff --git a/tests/android_androidqf/test_settings.py b/tests/android_androidqf/test_settings.py new file mode 100644 index 0000000..62ec2b8 --- /dev/null +++ b/tests/android_androidqf/test_settings.py @@ -0,0 +1,20 @@ +# Mobile Verification Toolkit (MVT) - Private +# Copyright (c) 2021-2022 Claudio Guarnieri. +# This file is part of MVT Private and its content is confidential. +# Please refer to the project maintainers before sharing with others. + +from mvt.common.module import run_module + +from mvt.android.modules.androidqf.settings import Settings + +from ..utils import get_android_androidqf + + +class TestSettingsModule: + def test_parsing(self): + data_path = get_android_androidqf() + m = Settings(target_path=data_path) + run_module(m) + assert len(m.results) == 1 + assert "random" in m.results.keys() + assert len(m.detected) == 0 diff --git a/tests/android/test_androidqf_sms.py b/tests/android_androidqf/test_sms.py similarity index 100% rename from tests/android/test_androidqf_sms.py rename to tests/android_androidqf/test_sms.py diff --git a/tests/artifacts/androidqf/dumpsys.txt b/tests/artifacts/androidqf/dumpsys.txt new file mode 100644 index 0000000..005b539 --- /dev/null +++ b/tests/artifacts/androidqf/dumpsys.txt @@ -0,0 +1,254 @@ +some random text here + +DUMP OF SERVICE accessibility: +ACCESSIBILITY MANAGER (dumpsys accessibility) + +User state[attributes:{id=0, currentUser=true + mIsNavBarMagnificationAssignedToAccessibilityButton = false + + mIsNavBarMagnifierWindowAssignedToAccessibilityButton = false + mIsNavBarAmplifyAmbientSoundAssignedToAccessibilityButton = fals +e + mIsAmplifyAmbientSoundEnabled = false + mIsBixbyRunning = false + mIsMagniferWindowEnabled = false + mIsFollowTypingFocusEnabled = false + mIsTapDurationEnabled = false + mIsTouchBlockingEnabled = false + mIsStickyKeysEnabled = false + mIsBounceKeysEnabled = false + mIsTouchExplorationEnabled = false + mIsTextHighContrastEnabled = false + mIsDisplayMagnificationEnabled = false + mIsNavBarMagnificationEnabled = false + mIsAutoclickEnabled = false + mIsPerformGesturesEnabled = false + mIsFilterKeyEventsEnabled = false + mAccessibilityFocusOnlyInActiveWindow = true + mUserNonInteractiveUiTimeout = 0 + mUserInteractiveUiTimeout = 0 + mBindInstantServiceAllowed = false + mIsGestureNaviBar = false + } + installed services: { + installed services: { + 0 : com.android.settings/com.samsung.android.settings.development.gpuwatch.GPUWatchInterceptor + 1 : com.samsung.accessibility/.universalswitch.UniversalSwitchService + 2 : com.samsung.accessibility/com.samsung.android.app.talkback.TalkBackService + 3 : com.sec.android.app.camera/com.samsung.android.glview.AccessibilityGestureHandler + } + enabled services: { + } + binding services: { + } + bound services:{ + } + AccessibilityInputFilter:{ + }] + +--------- 0.004s was the duration of dumpsys accessibility, ending at: 2022-01-28 17:37:22 +---------------------------- +------------------------------------------------------------------------------- +DUMP OF SERVICE package: +Database versions: + Internal: + sdkVersion=29 databaseVersion=3 + fingerprint=samsung/a40 + External: + sdkVersion=28 databaseVersion=3 + fingerprint=samsung/a40 + +Verifiers: + Required: com.android.vending (uid=10019) + +Intent Filter Verifier: + Using: com.google.android.gms (uid=10012) + +Receiver Resolver Table: + Non-Data Actions: + com.android.storagemanager.automatic.SHOW_NOTIFICATION: + 23fa699 com.android.storagemanager/.automatic.NotificationController + android.intent.action.PHONE_STATE: + 85c0aa6 com.facebook.katana/com.facebook.confirmation.util.BackgroundVoiceCallReceiver + a713de8 com.samsung.android.app.contacts/com.samsung.android.contacts.notification.CallStateBroadcastReceiver + ba10b0b com.sec.hearingadjust/.Receiver + c843c01 com.samsung.android.messaging/.ui.receiver.notification.CmcPhoneStateUpdateReceiver + com.samsung.intent.internal.stk.user_action: + 2062d63 com.android.stk/.StkCmdReceiver + android.intent.action.NEW_OUTGOING_CALL: + 1ff4352 com.sec.android.app.safetyassurance/.emergencyreporthelper.EmergencyReportStartMonitorReceiver + 2906244 com.google.android.gms/.chimera.GmsIntentOperationService$PersistentTrustedReceiver + +Active APEX packages: + + +Inactive APEX packages: + + +Factory APEX packages: + +Packages: + Package [com.samsung.android.provider.filterprovider] (4be8eeb): + userId=1000 + sharedUser=SharedUserSetting{b8a0e41 android.uid.system/1000} + pkg=Package{1660fe6 com.samsung.android.provider.filterprovider} + codePath=/system/app/FilterProvider + resourcePath=/system/app/FilterProvider + legacyNativeLibraryDir=/system/app/FilterProvider/lib + primaryCpuAbi=armeabi-v7a + secondaryCpuAbi=null + versionCode=500700000 minSdk=28 targetSdk=28 + versionName=5.0.07 + splits=[base] + apkSigningVersion=2 + applicationInfo=ApplicationInfo{b6df792 com.samsung.android.provider.filterprovider} + flags=[ SYSTEM HAS_CODE ALLOW_CLEAR_USER_DATA ] + privateFlags=[ PRIVATE_FLAG_ACTIVITIES_RESIZE_MODE_RESIZEABLE_VIA_SDK_VERSION PRIVATE_FLAG_REQUEST_LEGACY_EXTERNAL_STORAGE ] + dataDir=/data/user/0/com.samsung.android.provider.filterprovider + supportsScreens=[small, medium, large, xlarge, resizeable, anyDensity] + usesLibraries: + android.hidl.manager-V1.0-java + android.hidl.base-V1.0-java + usesLibraryFiles: + /system/framework/android.hidl.manager-V1.0-java.jar + /system/framework/android.hidl.base-V1.0-java.jar + timeStamp=2008-12-31 16:00:00 + firstInstallTime=2008-12-31 16:00:00 + lastUpdateTime=2008-12-31 16:00:00 + signatures=PackageSignatures{3310927 version:2, signatures:[b378e95c], past signatures:[]} + installPermissionsFixed=true + pkgFlags=[ SYSTEM HAS_CODE ALLOW_CLEAR_USER_DATA ] + Package [com.sec.android.app.DataCreate] (8c78be6): + userId=10143 + pkg=Package{7d4f7d4 com.sec.android.app.DataCreate} + codePath=/system/app/AutomationTest_FB + resourcePath=/system/app/AutomationTest_FB + legacyNativeLibraryDir=/system/app/AutomationTest_FB/lib + primaryCpuAbi=null + secondaryCpuAbi=null + versionCode=1 minSdk=29 targetSdk=29 + versionName=1.0 + splits=[base] + apkSigningVersion=2 + applicationInfo=ApplicationInfo{b284d7d com.sec.android.app.DataCreate} + flags=[ SYSTEM HAS_CODE ALLOW_CLEAR_USER_DATA ALLOW_BACKUP ] + privateFlags=[ PRIVATE_FLAG_ACTIVITIES_RESIZE_MODE_RESIZEABLE_VIA_SDK_VERSION ALLOW_AUDIO_PLAYBACK_CAPTURE ] + dataDir=/data/user/0/com.sec.android.app.DataCreate + supportsScreens=[small, medium, large, xlarge, resizeable, anyDensity] + timeStamp=2008-12-31 16:00:00 + firstInstallTime=2008-12-31 16:00:00 + lastUpdateTime=2008-12-31 16:00:00 + + + APEX session state: + +Active install Logging info: + [] + 1642419683196: "Ver":"", "Session":"0", +--------- 2.929s was the duration of dumpsys package, ending at: 2022-01-28 17:37:43 +------------------------------------------------------------------------------- +DUMP OF SERVICE appops: +Current AppOps Service state: + Settings: + top_state_settle_time=+30s0ms + fg_service_state_settle_time=+10s0ms + bg_state_settle_time=+1s0ms + + Op mode watchers: + Op COARSE_LOCATION: + #0: ModeCallback{b8f1a14 watchinguid=-1 flags=0x1 from uid=1000 pid=4098} + #1: ModeCallback{e9062d4 watchinguid=-1 flags=0x1 from uid=u0a12 pid=13172} + Op READ_CALL_LOG: + #0: ModeCallback{4b4eb4e watchinguid=-1 flags=0x0 from uid=1000 pid=4098} + Op WRITE_CALL_LOG: + #0: ModeCallback{4b4eb4e watchinguid=-1 flags=0x0 from uid=1000 pid=4098} + Op READ_SMS: + #0: ModeCallback{4b4eb4e watchinguid=-1 flags=0x0 from uid=1000 pid=4098} + Op RECEIVE_SMS: + #0: ModeCallback{4b4eb4e watchinguid=-1 flags=0x0 from uid=1000 pid=4098} + Op RECEIVE_MMS: + #0: ModeCallback{4b4eb4e watchinguid=-1 flags=0x0 from uid=1000 pid=4098} + + Uid 0: + state=cch + Package com.android.phone: + MANAGE_IPSEC_TUNNELS (allow): + Package com.sec.epdg: + MANAGE_IPSEC_TUNNELS (deny): + Uid 1000: + state=pers + LEGACY_STORAGE: mode=allow + Package com.samsung.android.provider.filterprovider: + READ_EXTERNAL_STORAGE (allow): + WRITE_EXTERNAL_STORAGE (allow): + Package com.samsung.android.smartswitchassistant: + READ_EXTERNAL_STORAGE (allow): + WRITE_EXTERNAL_STORAGE (allow): + Package com.samsung.clipboardsaveservice: + READ_EXTERNAL_STORAGE (allow): + WRITE_EXTERNAL_STORAGE (allow): + RUN_IN_BACKGROUND (allow): + Package com.skms.android.agent: + READ_EXTERNAL_STORAGE (allow): + WRITE_EXTERNAL_STORAGE (allow): + Package com.sec.factory.camera: + RECORD_AUDIO (allow): + RUN_IN_BACKGROUND (allow): + Access: [pers-s] 2022-03-29 18:37:30.315 (-4h50m23s772ms) + Uid u0a103: + state=cch + COARSE_LOCATION: mode=ignore + LEGACY_STORAGE: mode=allow + Package com.facebook.katana: + READ_CONTACTS (allow): + Access: [bg-tpd] 2022-03-07 18:05:34.325 (-22d4h22m19s762ms) + WRITE_SMS (ignore): + Reject: [fg-s]2021-05-19 22:02:52.054 (-314d1h25m2s33ms) + Reject: [bg-s]2022-03-10 19:35:06.426 (-19d2h52m47s661ms) + Reject: [cch-s]2022-03-29 18:48:02.923 (-4h39m51s164ms) + WAKE_LOCK (allow): + Access: [fg-s] 2021-05-19 22:02:49.186 (-314d1h25m4s901ms) + Access: [bg-s] 2022-03-29 23:03:03.763 (-24m50s324ms) duration=+33ms + Access: [cch-s] 2022-03-07 14:57:11.635 (-22d7h30m42s452ms) + TOAST_WINDOW (allow): + READ_PHONE_STATE (allow): + Access: [fg-s] 2021-05-19 22:02:53.336 (-314d1h25m0s751ms) + Access: [bg-s] 2022-03-24 21:06:52.731 (-5d1h21m1s356ms) + Access: [cch-s] 2022-03-29 18:57:58.524 (-4h29m55s563ms) + READ_EXTERNAL_STORAGE (allow): + WRITE_EXTERNAL_STORAGE (allow): + READ_DEVICE_IDENTIFIERS (deny): + Reject: [fg-s]2021-05-19 22:02:53.434 (-314d1h25m0s653ms) + Reject: [bg-s]2022-03-24 21:06:56.538 (-5d1h20m57s549ms) + Reject: [cch-s]2022-03-29 18:57:58.644 (-4h29m55s443ms) + Uid u0a104: + state=cch + COARSE_LOCATION: mode=ignore + LEGACY_STORAGE: mode=ignore + Package org.mozilla.firefox: + REQUEST_INSTALL_PACKAGES (allow): + Uid u0a105: + state=cch + Package com.android.carrierdefaultapp: + READ_EXTERNAL_STORAGE (allow): + WRITE_EXTERNAL_STORAGE (allow): + Uid u0a106: + state=cch + LEGACY_STORAGE: mode=allow + Package com.samsung.safetyinformation: + READ_EXTERNAL_STORAGE (allow): + WRITE_EXTERNAL_STORAGE (allow): + Uid u0a107: + state=cch + LEGACY_STORAGE: mode=allow + Package com.sec.android.app.clockpackage: + WAKE_LOCK (allow): + Access: [bg-s] 2022-03-29 18:38:31.440 (-4h49m22s647ms) duration=+126ms + Access: [cch-s] 2021-06-07 12:47:06.642 (-295d10h40m47s445ms) + TOAST_WINDOW (allow): + READ_EXTERNAL_STORAGE (allow): + WRITE_EXTERNAL_STORAGE (allow): + + + + diff --git a/tests/artifacts/androidqf/settings_random.txt b/tests/artifacts/androidqf/settings_random.txt new file mode 100644 index 0000000..dd6f1c4 --- /dev/null +++ b/tests/artifacts/androidqf/settings_random.txt @@ -0,0 +1,9 @@ +samsung_errorlog_agree=0 +package_verifier_enable=1 +package_verifier_user_consent=1 +navigationbar_hide_bar=1 +navigationbar_key_order=0 +navigationbar_pressure_user_level=3 +navigationbar_recently_used_color= +navigationbar_unlock_with_home_button=0 +navigationbar_use_theme_default=0 diff --git a/tests/utils.py b/tests/utils.py index c641565..7469c79 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -28,5 +28,9 @@ def get_android_backup_folder(): return os.path.join(os.path.dirname(__file__), "artifacts", "android_backup") +def get_android_androidqf(): + return os.path.join(os.path.dirname(__file__), "artifacts", "androidqf") + + def get_indicator_file(): print("PYTEST env", os.getenv("PYTEST_CURRENT_TEST"))