OSDN Git Service
Phil Weaver [Tue, 18 Jul 2017 18:41:22 +0000 (18:41 +0000)]
Merge "DO NOT MERGE Back-port fixes for b/
62196835" into lmp-dev am:
a620b21828 -s ours
am:
954deb1c6e
Change-Id: I929c9dfa84b25fdbeadfedf0e0e9ecd914a74483
Phil Weaver [Tue, 18 Jul 2017 18:36:23 +0000 (18:36 +0000)]
Merge "DO NOT MERGE Back-port fixes for b/
62196835" into lmp-dev
am:
a620b21828 -s ours
Change-Id: Iaa4e8eb83ebf2036999a31e3487c6157bcefecbf
Phil Weaver [Tue, 18 Jul 2017 18:36:21 +0000 (18:36 +0000)]
DO NOT MERGE Back-port fixes for b/
62196835 am:
24fdc53cfe -s ours
am:
ff115bffb1
Change-Id: Ieca157f60b7c57f60900b55b10fcf8e585852e70
Phil Weaver [Tue, 18 Jul 2017 18:26:58 +0000 (18:26 +0000)]
Back-port fixes for b/
62196835
am:
fd0ca151a6
Change-Id: I442d26b476e3e83602b5f2eb61a01386e4d6d247
Phil Weaver [Tue, 18 Jul 2017 18:26:57 +0000 (18:26 +0000)]
DO NOT MERGE Back-port fixes for b/
62196835
am:
24fdc53cfe -s ours
Change-Id: I01a6f574df5cc1b133b7f761062a6259aac07476
Phil Weaver [Tue, 18 Jul 2017 18:19:45 +0000 (18:19 +0000)]
Merge "DO NOT MERGE Back-port fixes for b/
62196835" into lmp-dev
Phil Weaver [Wed, 12 Jul 2017 21:04:16 +0000 (14:04 -0700)]
Back-port fixes for b/
62196835
Bug:
62196835
Test: Created an accessibility service that displays a system
and a toast overlay, confirmed that it disappeared when we
reached the accessibility permission screen that uses this
flag.
Change-Id: Ic51ead670fc480e549512ba1d02f49d9c13bc3f0
Phil Weaver [Wed, 12 Jul 2017 21:04:16 +0000 (14:04 -0700)]
DO NOT MERGE Back-port fixes for b/
62196835
Bug:
62196835
Test: Created an accessibility service that displays a system
and a toast overlay, confirmed that it disappeared when we
reached the accessibility permission screen that uses this
flag.
Change-Id: Ic51ead670fc480e549512ba1d02f49d9c13bc3f0
Phil Weaver [Wed, 12 Jul 2017 22:14:01 +0000 (22:14 +0000)]
Back-port fixes for b/
62196835 am:
5bdffc5d57 am:
5a7eb970e2 -s ours am:
f433884a84 am:
ba928bd522
am:
1add6be25e
Change-Id: I83a6c654862443a69bfeeaf675a8c038b3f7fb53
Phil Weaver [Wed, 12 Jul 2017 22:06:27 +0000 (22:06 +0000)]
Back-port fixes for b/
62196835 am:
5bdffc5d57 am:
5a7eb970e2 -s ours am:
f433884a84
am:
ba928bd522
Change-Id: I74a7b0488371606dd9bdccab854d23c0e09b1ac9
Phil Weaver [Wed, 12 Jul 2017 22:00:31 +0000 (22:00 +0000)]
Back-port fixes for b/
62196835 am:
5bdffc5d57 am:
5a7eb970e2 -s ours
am:
f433884a84
Change-Id: I737838098a36efafe1509c4814ac1120a3bb8297
Phil Weaver [Wed, 12 Jul 2017 21:55:31 +0000 (21:55 +0000)]
Back-port fixes for b/
62196835 am:
5bdffc5d57
am:
5a7eb970e2 -s ours
Change-Id: Ifd4b5ff2487c8b8035ffaf6ed7e55539f26a463e
Phil Weaver [Wed, 12 Jul 2017 21:43:46 +0000 (21:43 +0000)]
Back-port fixes for b/
62196835
am:
5bdffc5d57
Change-Id: Ia5dafc7a8724d296e710f32d936bb493b51951de
Phil Weaver [Tue, 11 Jul 2017 00:27:20 +0000 (17:27 -0700)]
Back-port fixes for b/
62196835
Bug:
62196835
Test: Created an accessibility service that displays a system
and a toast overlay, confirmed that it disappeared when we
reached the accessibility permission screen that uses this
flag.
Change-Id: Ibb4c2c6a30de6b4ce8d27c34caa02e2d8148f621
Marco Nelissen [Fri, 16 Jun 2017 15:51:48 +0000 (15:51 +0000)]
libmedia_jni.so doesn't need libjhead.so am:
9a4a34afd8 -s ours
am:
398d50feeb -s ours
Change-Id: Ide31821909dde91443cdf650216a6ada7277ce9a
Marco Nelissen [Fri, 16 Jun 2017 15:43:46 +0000 (15:43 +0000)]
libmedia_jni.so doesn't need libjhead.so
am:
9a4a34afd8 -s ours
Change-Id: I557d7e96401b742d916e2eef5aa03949018382c7
Marco Nelissen [Fri, 9 Jun 2017 22:07:38 +0000 (15:07 -0700)]
libmedia_jni.so doesn't need libjhead.so
Bug:
37776688
Merged-In: I0e0e6209be7a9d3e493abdcee8619cae6d4b9501
Change-Id: I18f0b6b88a9c0b117839497f081549404d5edc40
Marco Nelissen [Tue, 6 Jun 2017 23:10:16 +0000 (23:10 +0000)]
Merge "Close connection before retrying" into lmp-dev am:
a8648ecebb
am:
5181a7ab64
Change-Id: I34a176a0da235836eaa9e44b843ec5d5654b8db9
Marco Nelissen [Tue, 6 Jun 2017 23:02:35 +0000 (23:02 +0000)]
Merge "Close connection before retrying" into lmp-dev
am:
a8648ecebb
Change-Id: I744fdb979aa2803b53d3ff6f4e3e72f6f1160d74
TreeHugger Robot [Tue, 6 Jun 2017 22:53:55 +0000 (22:53 +0000)]
Merge "Close connection before retrying" into lmp-dev
Marco Nelissen [Fri, 2 Jun 2017 19:16:44 +0000 (12:16 -0700)]
Close connection before retrying
Otherwise the (CTS) server might run out of connections.
Bug:
38391487
Bug:
22771132
Test: build, run CTS, stream music
Change-Id: I92c782a6799ab36eec8df3f7c3217bea667b838a
Nick Kralevich [Mon, 22 May 2017 22:24:39 +0000 (22:24 +0000)]
ZygoteInit: Remove CAP_SYS_RESOURCE am:
4911af2b8c
am:
1cc9ec47c8
Change-Id: Ic81685686dabbc1f0004a30785a021bf89420846
Nick Kralevich [Mon, 22 May 2017 22:23:47 +0000 (22:23 +0000)]
system_server: add CAP_SYS_PTRACE am:
966619d0ab
am:
b8d972e973
Change-Id: I4d9e2d9b53523b9182a9f9272d06a93a87b0c61b
Nick Kralevich [Mon, 22 May 2017 22:05:18 +0000 (22:05 +0000)]
ZygoteInit: Remove CAP_SYS_RESOURCE
am:
4911af2b8c
Change-Id: I4aa46981edb8fd711e1aec8c889528e596e5c233
Nick Kralevich [Mon, 22 May 2017 22:04:57 +0000 (22:04 +0000)]
system_server: add CAP_SYS_PTRACE
am:
966619d0ab
Change-Id: Ie5f95f2c078cd0bec7a2b2321c3303301ec9ec74
Nick Kralevich [Tue, 14 Mar 2017 17:25:35 +0000 (10:25 -0700)]
ZygoteInit: Remove CAP_SYS_RESOURCE
Please see commit
3082eb7c7253c62a06aa151a80487a4eabd49914 for an
explanation of this change.
This capability is not used by system_server.
Bug:
34951864
Bug:
38496951
Test: code compiles, device boots, no selinux errors ever reported.
Change-Id: I4242b1abaa8679b9bfa0d31a1df565b46b7b3cc3
(cherry picked from commit
35775783fc6609035136184e3843bc743b59945d)
Nick Kralevich [Wed, 15 Feb 2017 23:12:31 +0000 (15:12 -0800)]
system_server: add CAP_SYS_PTRACE
Commit https://android.googlesource.com/kernel/common/+/
f0ce0eee added
CAP_SYS_RESOURCE as a capability check which would allow access to
sensitive /proc/PID files. system_server uses this capability to collect
smaps from managed processes. Presumably this was done to avoid the
implications of granting CAP_SYS_PTRACE to system_server.
However, with SELinux enforcement, we can grant CAP_SYS_PTRACE but not
allow ptrace attach() to other processes. The net result of this is that
CAP_SYS_PTRACE and CAP_SYS_RESOURCE have identical security controls, as
long as system_server:process ptrace is never granted.
Add CAP_SYS_PTRACE to the set of capabilities granted to system_server.
Don't delete CAP_SYS_RESOURCE for now. SELinux has blocked the use of
CAP_SYS_RESOURCE, but we still want to generate audit logs if it's
triggered. CAP_SYS_RESOURCE can be deleted in a future commit.
Bug:
34951864
Bug:
38496951
Test: Device boots, functionality remains identical, no sys_resource
denials from system_server.
Change-Id: I2570266165396dba2b600eac7c42c94800d9c65b
(cherry picked from commit
3082eb7c7253c62a06aa151a80487a4eabd49914)
Phil Weaver [Fri, 7 Apr 2017 23:36:29 +0000 (23:36 +0000)]
Merge "Make a11y node info parceling more robust" into lmp-mr1-dev
am:
88698afd01
Change-Id: I37194d958aa5fc21ece027c288e2f9a0a239cd93
Phil Weaver [Fri, 7 Apr 2017 23:27:47 +0000 (23:27 +0000)]
Merge "Make a11y node info parceling more robust" into lmp-mr1-dev
Phil Weaver [Fri, 7 Apr 2017 23:16:55 +0000 (23:16 +0000)]
Make a11y node info parceling more robust am:
1d8eb49073
am:
93c47c9d07
Change-Id: I8677c77968c202c8c6a0553db919610a140fda58
Phil Weaver [Fri, 7 Apr 2017 23:09:28 +0000 (23:09 +0000)]
Make a11y node info parceling more robust
am:
1d8eb49073
Change-Id: I5280a23cbfff5abfcc83e9e6d9afb4f8960ece44
Phil Weaver [Fri, 7 Apr 2017 21:39:27 +0000 (14:39 -0700)]
Make a11y node info parceling more robust
Fix a bug where a malformed Parceled representation
of an AccessibilityNodeInfo could be used to mess with
Bundles as they get reparceled.
Bug:
36491278
Test: Verified that POC no longer works, a11y cts still passes.
(Manual merge from commit
687bb44b437f7bb24dd3dddf072c2f646308e2ca)
Change-Id: I7746c9175a2da28f75d4f4b169d7997abadf1852
Phil Weaver [Fri, 7 Apr 2017 21:39:27 +0000 (14:39 -0700)]
Make a11y node info parceling more robust
Fix a bug where a malformed Parceled representation
of an AccessibilityNodeInfo could be used to mess with
Bundles as they get reparceled.
Bug:
36491278
Test: Verified that POC no longer works, a11y cts still passes.
(Manual merge from commit
687bb44b437f7bb24dd3dddf072c2f646308e2ca)
Change-Id: I7746c9175a2da28f75d4f4b169d7997abadf1852
Fyodor Kupolov [Fri, 10 Mar 2017 03:12:06 +0000 (03:12 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev am:
ac87aee354 am:
a821245d70 am:
156fa32e2a -s ours am:
de9cb7ed68 -s ours
am:
2c112c4ad2
Change-Id: Ic108a0750248d001873de33d69984e6cf2c3584a
Fyodor Kupolov [Fri, 10 Mar 2017 03:06:31 +0000 (03:06 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev am:
ac87aee354 am:
a821245d70 am:
156fa32e2a -s ours
am:
de9cb7ed68 -s ours
Change-Id: I2f94e2ea49c05a29308ca2351a083377350bb2ab
Fyodor Kupolov [Fri, 10 Mar 2017 03:00:46 +0000 (03:00 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev am:
ac87aee354 am:
a821245d70
am:
156fa32e2a -s ours
Change-Id: Ic4e51daa36c395f2e3b538658649ff9104bb962c
Fyodor Kupolov [Fri, 10 Mar 2017 02:55:07 +0000 (02:55 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev am:
ac87aee354
am:
a821245d70
Change-Id: I1e47c963728906cb2283a353c882017368d07747
Fyodor Kupolov [Fri, 10 Mar 2017 02:49:34 +0000 (02:49 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev
am:
ac87aee354
Change-Id: I5bbdc48120f2d03b4ad6605bfeccd5ccdc8c7958
Fyodor Kupolov [Fri, 10 Mar 2017 02:39:09 +0000 (02:39 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev
Fyodor Kupolov [Fri, 10 Mar 2017 02:07:27 +0000 (02:07 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into lmp-dev am:
d2e8e1488a -s ours
am:
1e6d3f904e
Change-Id: I50a91bc415fb1aa9b0baf8eb48e208f3792425bc
Fyodor Kupolov [Fri, 10 Mar 2017 02:03:24 +0000 (02:03 +0000)]
[DO NOT MERGE] Throw exception if slot has invalid offset am:
69e347f7ef -s ours
am:
1c732801ab
Change-Id: I5edf742dbf962ce2a863996b71192ccca038705e
Fyodor Kupolov [Fri, 10 Mar 2017 02:02:30 +0000 (02:02 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into lmp-dev
am:
d2e8e1488a -s ours
Change-Id: I85273c31137127b733b51579c55618326d67a88c
Fyodor Kupolov [Fri, 10 Mar 2017 01:56:58 +0000 (01:56 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into lmp-mr1-dev
am:
e1766acb41
Change-Id: I5bfc6d7e47772f0aabcc0567e52c6534ba6815c9
Fyodor Kupolov [Fri, 10 Mar 2017 01:55:54 +0000 (01:55 +0000)]
[DO NOT MERGE] Throw exception if slot has invalid offset
am:
69e347f7ef -s ours
Change-Id: I5b06e8493703961f828894358a05c9cc70856fa9
Fyodor Kupolov [Fri, 10 Mar 2017 01:51:13 +0000 (01:51 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into lmp-mr1-dev
Fyodor Kupolov [Fri, 10 Mar 2017 01:50:38 +0000 (01:50 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into lmp-dev
Fyodor Kupolov [Thu, 9 Mar 2017 20:12:46 +0000 (20:12 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr am:
7b83d625aa am:
2d54d2c0d5 am:
305a41b7a6 -s ours am:
e0f30ecdb9 -s ours
am:
a482ac81a5
Change-Id: I4f7b8442c5094c30496299cf00b744db48fd72ad
Fyodor Kupolov [Thu, 9 Mar 2017 20:05:21 +0000 (20:05 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr am:
7b83d625aa am:
2d54d2c0d5 am:
305a41b7a6 -s ours
am:
e0f30ecdb9 -s ours
Change-Id: Iffa0c61e06cbfe2e66912c26b0a3d81660bc5a91
Fyodor Kupolov [Thu, 9 Mar 2017 19:58:26 +0000 (19:58 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr am:
7b83d625aa am:
2d54d2c0d5
am:
305a41b7a6 -s ours
Change-Id: I902e6af1c2ef49d454a7d1bae92d8e20ea263b0e
Fyodor Kupolov [Thu, 9 Mar 2017 19:52:01 +0000 (19:52 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr am:
7b83d625aa
am:
2d54d2c0d5
Change-Id: I29dccd1ed95079470fc1dd7b04e3db6c5c7d76d2
Fyodor Kupolov [Thu, 9 Mar 2017 19:50:39 +0000 (19:50 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr am:
bb6096d37b -s ours
am:
31b54b9803
Change-Id: Idfb4997bc0e44322bcf2db7e111b76ea59244168
Fyodor Kupolov [Thu, 9 Mar 2017 19:44:01 +0000 (19:44 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr
am:
1cbfeef9d8
Change-Id: Ib2dc9c376b0ad77a0b64ac3a762bc49e4ef6159f
Fyodor Kupolov [Thu, 9 Mar 2017 19:43:54 +0000 (19:43 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr
am:
7b83d625aa
Change-Id: Icfcec14e7d4bfcd6c893f0fa319541223b9d7901
Fyodor Kupolov [Thu, 9 Mar 2017 19:43:52 +0000 (19:43 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr
am:
bb6096d37b -s ours
Change-Id: Ief3269100fb5c0d425e58b4faf87bd73677251b1
Fyodor Kupolov [Wed, 22 Feb 2017 22:12:50 +0000 (14:12 -0800)]
[DO NOT MERGE] Throw exception if slot has invalid offset
Previously the process would crash, which is OK, but complicates testing.
Test: cts-tradefed run cts --module CtsContentTestCases
--test android.content.cts.ContentProviderCursorWindowTest
Bug:
34128677
Change-Id: I5b50982d77ec65c442fbb973d14c85a5c29c43c7
(cherry picked from commit
eb6de6f5f10148b9f81f9c0074d1e1f7af21bfb0)
Fyodor Kupolov [Wed, 22 Feb 2017 22:12:50 +0000 (14:12 -0800)]
[DO NOT MERGE] Throw exception if slot has invalid offset
Previously the process would crash, which is OK, but complicates testing.
Test: cts-tradefed run cts --module CtsContentTestCases
--test android.content.cts.ContentProviderCursorWindowTest
Bug:
34128677
Change-Id: I5b50982d77ec65c442fbb973d14c85a5c29c43c7
(cherry picked from commit
eb6de6f5f10148b9f81f9c0074d1e1f7af21bfb0)
Fyodor Kupolov [Wed, 22 Feb 2017 22:12:50 +0000 (14:12 -0800)]
[DO NOT MERGE] Throw exception if slot has invalid offset
Previously the process would crash, which is OK, but complicates testing.
Test: cts-tradefed run cts --module CtsContentTestCases
--test android.content.cts.ContentProviderCursorWindowTest
Bug:
34128677
Change-Id: I5b50982d77ec65c442fbb973d14c85a5c29c43c7
(cherry picked from commit
eb6de6f5f10148b9f81f9c0074d1e1f7af21bfb0)
Fyodor Kupolov [Tue, 28 Feb 2017 01:33:18 +0000 (17:33 -0800)]
[DO NOT MERGE] Check bounds in offsetToPtr
Check whether specified offset belongs to mData.
Also added a default argument bufferSize to check the end offset.
Size of the ashmem descriptor can be modified between
ashmem_get_size_region call and mmap. createFromParcel method was updated
to check ashmem size again immediately after memory is mapped.
Test: manual - using the test app from the bug
Bug:
34128677
Change-Id: I3ecd1616a870ce20941ce9b20a1843d2b4295750
(cherry picked from commit
45e2e95c2ffeb2d978e2cce80b729ef6ada3b8d2)
Fyodor Kupolov [Tue, 28 Feb 2017 01:33:18 +0000 (17:33 -0800)]
[DO NOT MERGE] Check bounds in offsetToPtr
Check whether specified offset belongs to mData.
Also added a default argument bufferSize to check the end offset.
Size of the ashmem descriptor can be modified between
ashmem_get_size_region call and mmap. createFromParcel method was updated
to check ashmem size again immediately after memory is mapped.
Test: manual - using the test app from the bug
Bug:
34128677
Change-Id: I3ecd1616a870ce20941ce9b20a1843d2b4295750
(cherry picked from commit
45e2e95c2ffeb2d978e2cce80b729ef6ada3b8d2)
Fyodor Kupolov [Tue, 28 Feb 2017 01:33:18 +0000 (17:33 -0800)]
[DO NOT MERGE] Check bounds in offsetToPtr
Check whether specified offset belongs to mData.
Also added a default argument bufferSize to check the end offset.
Size of the ashmem descriptor can be modified between
ashmem_get_size_region call and mmap. createFromParcel method was updated
to check ashmem size again immediately after memory is mapped.
Test: manual - using the test app from the bug
Bug:
34128677
Change-Id: I3ecd1616a870ce20941ce9b20a1843d2b4295750
(cherry picked from commit
45e2e95c2ffeb2d978e2cce80b729ef6ada3b8d2)
Jeff Sharkey [Sun, 12 Feb 2017 09:48:46 +0000 (09:48 +0000)]
DO NOT MERGE. Grant MMS Uri permissions as the calling UID.
am:
6f754e48e9
Change-Id: I2f6dd5ba1e266b3d451533e518ec7f2fe24b262c
Jeff Sharkey [Wed, 30 Nov 2016 21:29:59 +0000 (14:29 -0700)]
DO NOT MERGE. Grant MMS Uri permissions as the calling UID.
A recent security fix prevents the system UID from handing out Uri
permission grants directly from itself. Instead, services need to
issue grants as the original calling UID to ensure that the caller
actually has access to the Uris.
Test: builds, boots, send/recv MMS works in primary/secondary users
Bug:
33231106
Change-Id: Ia9fe19843b52977c8a94ee5349b907beda1882fc
(cherry picked from commit
7ff418d9a9afb9ecf42f87fffd3e65477decb55e)
Jeff Sharkey [Fri, 3 Feb 2017 00:22:15 +0000 (00:22 +0000)]
Merge "DO NOT MERGE. No direct Uri grants from system." into lmp-dev am:
3e4faac39f -s ours
am:
b058dc139d
Change-Id: Idd1aeb4749741aa8bae76cf43ce3f2bdceff077d
Jeff Sharkey [Fri, 3 Feb 2017 00:21:13 +0000 (00:21 +0000)]
DO NOT MERGE. No direct Uri grants from system. am:
2dfdf662d0 -s ours
am:
4a4b6bfafb
Change-Id: Id479b2d27fd8396047312fe7259971c167b8d705
Jeff Sharkey [Fri, 3 Feb 2017 00:12:10 +0000 (00:12 +0000)]
Merge "DO NOT MERGE. No direct Uri grants from system." into lmp-mr1-dev
am:
6d3573e530
Change-Id: I501ff6230b9b5fa5d7232e52cfe326320c7edf65
Jeff Sharkey [Fri, 3 Feb 2017 00:12:08 +0000 (00:12 +0000)]
DO NOT MERGE. No direct Uri grants from system.
am:
6f13f73b73
Change-Id: I28627832c3ec765d6761afbf3fc508d1069c9582
Jeff Sharkey [Fri, 3 Feb 2017 00:10:17 +0000 (00:10 +0000)]
Merge "DO NOT MERGE. No direct Uri grants from system." into lmp-dev
am:
3e4faac39f -s ours
Change-Id: If1ea6da6679874ca13379222a28c529421c80b23
Jeff Sharkey [Fri, 3 Feb 2017 00:10:16 +0000 (00:10 +0000)]
DO NOT MERGE. No direct Uri grants from system.
am:
2dfdf662d0 -s ours
Change-Id: Id06fac9dd096c1d821a1af7451db388446e9b156
Jeff Sharkey [Thu, 2 Feb 2017 23:59:43 +0000 (23:59 +0000)]
Merge "DO NOT MERGE. No direct Uri grants from system." into lmp-dev
Jeff Sharkey [Thu, 2 Feb 2017 23:59:42 +0000 (23:59 +0000)]
Merge "DO NOT MERGE. No direct Uri grants from system." into lmp-mr1-dev
Suprabh Shukla [Thu, 2 Feb 2017 23:13:03 +0000 (23:13 +0000)]
Merge "DO NOT MERGE Do not call RecoverySystem with DPMS lock held" into lmp-dev am:
af85feef36 -s ours
am:
d9c8155943 -s ours
Change-Id: I9dfff7471440739580e7827cdb4484fad6900048
Suprabh Shukla [Thu, 2 Feb 2017 23:12:05 +0000 (23:12 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am:
14ed611912 -s ours
am:
051f01700e -s ours
Change-Id: Idcf3ce991369a6e41a3c2bd3aa9cd16d909eea13
Suprabh Shukla [Thu, 2 Feb 2017 23:07:36 +0000 (23:07 +0000)]
Merge "DO NOT MERGE Do not call RecoverySystem with DPMS lock held" into lmp-dev
am:
af85feef36 -s ours
Change-Id: Idf57ddf932e98dda06ac9c51f7e230d6a673882b
Suprabh Shukla [Thu, 2 Feb 2017 23:07:34 +0000 (23:07 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
am:
14ed611912 -s ours
Change-Id: I1645d15febdfffd76cd2c592241549c507db1185
Suprabh Shukla [Thu, 2 Feb 2017 22:58:45 +0000 (22:58 +0000)]
Merge "DO NOT MERGE Do not call RecoverySystem with DPMS lock held" into lmp-dev
Suprabh Shukla [Thu, 2 Feb 2017 22:50:32 +0000 (22:50 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am:
8cdc04957a am:
21992d997b am:
b278ed787e -s ours am:
ec3e2b9dcb -s ours
am:
483b561f41
Change-Id: I065ff3640f19985157cd63c529019167c135489a
Suprabh Shukla [Thu, 2 Feb 2017 22:45:36 +0000 (22:45 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am:
8cdc04957a am:
21992d997b am:
b278ed787e -s ours
am:
ec3e2b9dcb -s ours
Change-Id: I76bf4d69d98374a90da3cd4c74f0c2d892504a40
Suprabh Shukla [Thu, 2 Feb 2017 22:41:38 +0000 (22:41 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am:
8cdc04957a am:
21992d997b
am:
b278ed787e -s ours
Change-Id: Ib70440bdd1c60ed5eaa9b8c8152a4745f44cacd6
Suprabh Shukla [Thu, 2 Feb 2017 22:36:03 +0000 (22:36 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am:
8cdc04957a
am:
21992d997b
Change-Id: Ib5ba5eb63227be2fbf25a79e7f8f8e42b1cc9a2b
Suprabh Shukla [Thu, 2 Feb 2017 22:31:29 +0000 (22:31 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
am:
8cdc04957a
Change-Id: I7c1b9e9f785ef99575136d9af0b062dad759c17a
Suprabh Shukla [Thu, 2 Feb 2017 22:29:02 +0000 (22:29 +0000)]
Merge "DO NOT MERGE Do not call RecoverySystem with DPMS lock held" into lmp-mr1-dev
am:
3ced78bdda
Change-Id: I4da6e2894de769fb028ad713290b62e38925294a
Suprabh Shukla [Thu, 2 Feb 2017 22:28:59 +0000 (22:28 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
am:
835c8b3d69
Change-Id: I080d11d3d7d6434b832f8ecb1ee93c17a6d7cb4a
Suprabh Shukla [Thu, 2 Feb 2017 22:23:08 +0000 (22:23 +0000)]
Merge "DO NOT MERGE Do not call RecoverySystem with DPMS lock held" into lmp-mr1-dev
Jack Yu [Thu, 2 Feb 2017 22:21:00 +0000 (22:21 +0000)]
Fixed the logic for tethering provisioning re-evaluation
am:
91a0bc9564
Change-Id: I4c499b756c019d83a61e61da3065f31a4d8672f2
Jeff Sharkey [Mon, 21 Nov 2016 17:33:54 +0000 (10:33 -0700)]
DO NOT MERGE. No direct Uri grants from system.
The system should never be extending Uri permission grants from
itself, since it automatically holds all the permissions. Instead,
the system should always be a mediator between two specific app, and
it should be using startActivityAsCaller() if it needs to extend
permissions.
Blocking at this level fixes an entire class of confused deputy
security issues.
Test: builds, normal intent resolution UI works
Bug:
33019296,
32990341,
32879915,
32879772
Change-Id: Iaa57c393a386d8068e807d0dd0caccc89d8a11db
Jeff Sharkey [Mon, 21 Nov 2016 17:33:54 +0000 (10:33 -0700)]
DO NOT MERGE. No direct Uri grants from system.
The system should never be extending Uri permission grants from
itself, since it automatically holds all the permissions. Instead,
the system should always be a mediator between two specific app, and
it should be using startActivityAsCaller() if it needs to extend
permissions.
Blocking at this level fixes an entire class of confused deputy
security issues.
Test: builds, normal intent resolution UI works
Bug:
33019296,
32990341,
32879915,
32879772
Change-Id: Iaa57c393a386d8068e807d0dd0caccc89d8a11db
Suprabh Shukla [Tue, 31 Jan 2017 02:24:02 +0000 (18:24 -0800)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
Note DPM.wipeData() on a secondary user is now blocking, just like
it's been always blocking on the primary user.
Bug
30681079
Change-Id: Ia832bed0f22396998d6307ab46e262dae9463838
Merged-In: Ia832bed0f22396998d6307ab46e262dae9463838
Suprabh Shukla [Tue, 31 Jan 2017 04:52:04 +0000 (20:52 -0800)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
Note DPM.wipeData() on a secondary user is now blocking, just like
it's been always blocking on the primary user.
Bug
30681079
Change-Id: Ia832bed0f22396998d6307ab46e262dae9463838
Suprabh Shukla [Tue, 31 Jan 2017 02:02:18 +0000 (18:02 -0800)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
Bug
30681079
Change-Id: Ia832bed0f22396998d6307ab46e262dae9463838
Jack Yu [Mon, 16 Jan 2017 18:49:55 +0000 (10:49 -0800)]
Fixed the logic for tethering provisioning re-evaluation
Previously we only re-evaluate provisioning for SIM swap case
The new logic covers both SIM swap case
(ABSENT->NOT_READY->UNKNOWN->READY->LOADED) and modem reset
case (NOT_READY->READY->LOADED)
Test: Manual
bug:
33815946
Change-Id: I9960123605b10d3fa5f3584c6c8b70b616acd6f8
Charles He [Thu, 29 Dec 2016 09:50:26 +0000 (09:50 +0000)]
Merge "Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable." into lmp-mr1-dev
am:
63a27d773b
Change-Id: I01d332678c1c3fe57ed36062a9ed01b5f368a55d
Charles He [Thu, 29 Dec 2016 09:50:20 +0000 (09:50 +0000)]
Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable.
am:
71d2a41dd9
Change-Id: Iab575b1efdd720c9cf9e32e0b056c99eff98deab
Charles He [Thu, 29 Dec 2016 09:48:50 +0000 (09:48 +0000)]
Merge "Prevent writing to FRP partition during factory reset." into lmp-mr1-dev
am:
4bd97eb888
Change-Id: I607f7ca9e160c4eed69a5baeff6b31d6db7c6b03
Charles He [Thu, 29 Dec 2016 09:48:45 +0000 (09:48 +0000)]
Prevent writing to FRP partition during factory reset.
am:
a9437bd1ca
Change-Id: Ib0b8db2357317dc3e680910c08f15f098baf2af9
Charles He [Thu, 29 Dec 2016 09:43:10 +0000 (09:43 +0000)]
Merge "Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable." into lmp-mr1-dev
Charles He [Thu, 29 Dec 2016 09:42:25 +0000 (09:42 +0000)]
Merge "Prevent writing to FRP partition during factory reset." into lmp-mr1-dev
Tom O'Neill [Thu, 22 Dec 2016 17:19:10 +0000 (17:19 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e am:
d417e54872 am:
3380a77516 am:
0a8978f04b
am:
1684e5f344
Change-Id: I0ebd2856e2e2f3793273ba952b44dc77e85b021e
Tom O'Neill [Thu, 22 Dec 2016 17:14:05 +0000 (17:14 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e am:
d417e54872 am:
3380a77516
am:
0a8978f04b
Change-Id: I693665a57465ec57f946fad57cda9ce48389408f
Tom O'Neill [Thu, 22 Dec 2016 17:09:09 +0000 (17:09 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e am:
d417e54872
am:
3380a77516
Change-Id: Ice61f337e1fcfd0569431538e475d94f9d205423
Tom O'Neill [Thu, 22 Dec 2016 17:04:07 +0000 (17:04 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e
am:
d417e54872
Change-Id: I2f47020055f962b36f095137d75c9cbfe6b1a6db