什么是STS?(Security Test Suite)

Security Test Suite 安全测试套件

每月合作伙伴预览安全公告列出了设备制造商修复其设备的安全漏洞。 Android安全测试套件(STS)验证Android设备上是否解决了这些安全漏洞。 每月使用合作伙伴预览安全公告更新STS。 STS帮助合作伙伴验证:

安全补丁正确应用
相应的安全漏洞已修复
设备本身无安全漏洞


STS使用两个自动化测试工具软件组件:

STS tradefed测试工具在您的桌面计算机上运行并管理测试执行。
在被测设备(DUT)上执行各个测试用例。 测试用例用Java编写为JUnit测试并打包为Android .apk文件,以在实际设备目标上运行。

The monthly Partner Preview Security Bulletins list security vulnerabilities for device makers to fix on their devices. The Android Security Test Suite (STS) validates if security vulnerabilities are addressed on Android devices. STS is updated monthly with the Partner Preview Security Bulletin. STS helps partners to validate that:

  • security patches are applied correctly
  • corresponding security vulnerabilities are fixed
  • device is not otherwise vulnerable

STS uses an automated testing harness with two major software components:

  • The STS tradefed test harness runs on your desktop machine and manages test execution.
  • Individual test cases are executed on the Device Under Test (DUT). The test cases are written in Java as JUnit tests and packaged as Android .apk files to run on the actual device target.

Types of test cases 测试用例类型

The STS includes the following types of test cases:

  • Device Side Tests 设备端测试 are junit tests that are executed from the context of the DUT.
  • Host Side Tests 主机端测试 are executed on the host machine, and allow the host to push binaries or other resources to the device.

Setting up STS STS环境设置 请参考CTS设置

STS is similar to Android’s Compatibility Test Suite. To get started with STS, follow the CTS setup instructions.

Note: Unlike CTS, STS requires a device that is running a user debug or engineering build to run all of the tests.

Running STS tests 运行STS测试

Running STS is similar to running CTS Tradefed. To get started, follow the instructions for Running CTS tests. The only difference between running CTS and STS is the command. For Android 7.0 and above, run the STS test plan with:

 run sts-engbuild

STS binaries are stored on the Partner_Security_Bulletin Google Drive alongside the CTS security preview.

Here is an overview of the STS workflow:

Figure 1. How to use STS

微信扫码打赏

作者: RESSRC

个人资源站

发表评论

电子邮件地址不会被公开。 必填项已用*标注

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据