OSDN Git Service
Phil Weaver [Fri, 7 Apr 2017 23:16:55 +0000 (23:16 +0000)]
Make a11y node info parceling more robust am:
1d8eb49073
am:
93c47c9d07
Change-Id: I8677c77968c202c8c6a0553db919610a140fda58
Phil Weaver [Fri, 7 Apr 2017 23:09:28 +0000 (23:09 +0000)]
Make a11y node info parceling more robust
am:
1d8eb49073
Change-Id: I5280a23cbfff5abfcc83e9e6d9afb4f8960ece44
Phil Weaver [Fri, 7 Apr 2017 21:39:27 +0000 (14:39 -0700)]
Make a11y node info parceling more robust
Fix a bug where a malformed Parceled representation
of an AccessibilityNodeInfo could be used to mess with
Bundles as they get reparceled.
Bug:
36491278
Test: Verified that POC no longer works, a11y cts still passes.
(Manual merge from commit
687bb44b437f7bb24dd3dddf072c2f646308e2ca)
Change-Id: I7746c9175a2da28f75d4f4b169d7997abadf1852
Fyodor Kupolov [Fri, 10 Mar 2017 03:12:06 +0000 (03:12 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev am:
ac87aee354 am:
a821245d70 am:
156fa32e2a -s ours am:
de9cb7ed68 -s ours
am:
2c112c4ad2
Change-Id: Ic108a0750248d001873de33d69984e6cf2c3584a
Fyodor Kupolov [Fri, 10 Mar 2017 03:06:31 +0000 (03:06 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev am:
ac87aee354 am:
a821245d70 am:
156fa32e2a -s ours
am:
de9cb7ed68 -s ours
Change-Id: I2f94e2ea49c05a29308ca2351a083377350bb2ab
Fyodor Kupolov [Fri, 10 Mar 2017 03:00:46 +0000 (03:00 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev am:
ac87aee354 am:
a821245d70
am:
156fa32e2a -s ours
Change-Id: Ic4e51daa36c395f2e3b538658649ff9104bb962c
Fyodor Kupolov [Fri, 10 Mar 2017 02:55:07 +0000 (02:55 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev am:
ac87aee354
am:
a821245d70
Change-Id: I1e47c963728906cb2283a353c882017368d07747
Fyodor Kupolov [Fri, 10 Mar 2017 02:49:34 +0000 (02:49 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev
am:
ac87aee354
Change-Id: I5bbdc48120f2d03b4ad6605bfeccd5ccdc8c7958
Fyodor Kupolov [Fri, 10 Mar 2017 02:39:09 +0000 (02:39 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev
Fyodor Kupolov [Fri, 10 Mar 2017 02:07:27 +0000 (02:07 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into lmp-dev am:
d2e8e1488a -s ours
am:
1e6d3f904e
Change-Id: I50a91bc415fb1aa9b0baf8eb48e208f3792425bc
Fyodor Kupolov [Fri, 10 Mar 2017 02:03:24 +0000 (02:03 +0000)]
[DO NOT MERGE] Throw exception if slot has invalid offset am:
69e347f7ef -s ours
am:
1c732801ab
Change-Id: I5edf742dbf962ce2a863996b71192ccca038705e
Fyodor Kupolov [Fri, 10 Mar 2017 02:02:30 +0000 (02:02 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into lmp-dev
am:
d2e8e1488a -s ours
Change-Id: I85273c31137127b733b51579c55618326d67a88c
Fyodor Kupolov [Fri, 10 Mar 2017 01:56:58 +0000 (01:56 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into lmp-mr1-dev
am:
e1766acb41
Change-Id: I5bfc6d7e47772f0aabcc0567e52c6534ba6815c9
Fyodor Kupolov [Fri, 10 Mar 2017 01:55:54 +0000 (01:55 +0000)]
[DO NOT MERGE] Throw exception if slot has invalid offset
am:
69e347f7ef -s ours
Change-Id: I5b06e8493703961f828894358a05c9cc70856fa9
Fyodor Kupolov [Fri, 10 Mar 2017 01:51:13 +0000 (01:51 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into lmp-mr1-dev
Fyodor Kupolov [Fri, 10 Mar 2017 01:50:38 +0000 (01:50 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into lmp-dev
Fyodor Kupolov [Thu, 9 Mar 2017 20:12:46 +0000 (20:12 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr am:
7b83d625aa am:
2d54d2c0d5 am:
305a41b7a6 -s ours am:
e0f30ecdb9 -s ours
am:
a482ac81a5
Change-Id: I4f7b8442c5094c30496299cf00b744db48fd72ad
Fyodor Kupolov [Thu, 9 Mar 2017 20:05:21 +0000 (20:05 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr am:
7b83d625aa am:
2d54d2c0d5 am:
305a41b7a6 -s ours
am:
e0f30ecdb9 -s ours
Change-Id: Iffa0c61e06cbfe2e66912c26b0a3d81660bc5a91
Fyodor Kupolov [Thu, 9 Mar 2017 19:58:26 +0000 (19:58 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr am:
7b83d625aa am:
2d54d2c0d5
am:
305a41b7a6 -s ours
Change-Id: I902e6af1c2ef49d454a7d1bae92d8e20ea263b0e
Fyodor Kupolov [Thu, 9 Mar 2017 19:52:01 +0000 (19:52 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr am:
7b83d625aa
am:
2d54d2c0d5
Change-Id: I29dccd1ed95079470fc1dd7b04e3db6c5c7d76d2
Fyodor Kupolov [Thu, 9 Mar 2017 19:50:39 +0000 (19:50 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr am:
bb6096d37b -s ours
am:
31b54b9803
Change-Id: Idfb4997bc0e44322bcf2db7e111b76ea59244168
Fyodor Kupolov [Thu, 9 Mar 2017 19:44:01 +0000 (19:44 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr
am:
1cbfeef9d8
Change-Id: Ib2dc9c376b0ad77a0b64ac3a762bc49e4ef6159f
Fyodor Kupolov [Thu, 9 Mar 2017 19:43:54 +0000 (19:43 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr
am:
7b83d625aa
Change-Id: Icfcec14e7d4bfcd6c893f0fa319541223b9d7901
Fyodor Kupolov [Thu, 9 Mar 2017 19:43:52 +0000 (19:43 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr
am:
bb6096d37b -s ours
Change-Id: Ief3269100fb5c0d425e58b4faf87bd73677251b1
Fyodor Kupolov [Wed, 22 Feb 2017 22:12:50 +0000 (14:12 -0800)]
[DO NOT MERGE] Throw exception if slot has invalid offset
Previously the process would crash, which is OK, but complicates testing.
Test: cts-tradefed run cts --module CtsContentTestCases
--test android.content.cts.ContentProviderCursorWindowTest
Bug:
34128677
Change-Id: I5b50982d77ec65c442fbb973d14c85a5c29c43c7
(cherry picked from commit
eb6de6f5f10148b9f81f9c0074d1e1f7af21bfb0)
Fyodor Kupolov [Wed, 22 Feb 2017 22:12:50 +0000 (14:12 -0800)]
[DO NOT MERGE] Throw exception if slot has invalid offset
Previously the process would crash, which is OK, but complicates testing.
Test: cts-tradefed run cts --module CtsContentTestCases
--test android.content.cts.ContentProviderCursorWindowTest
Bug:
34128677
Change-Id: I5b50982d77ec65c442fbb973d14c85a5c29c43c7
(cherry picked from commit
eb6de6f5f10148b9f81f9c0074d1e1f7af21bfb0)
Fyodor Kupolov [Wed, 22 Feb 2017 22:12:50 +0000 (14:12 -0800)]
[DO NOT MERGE] Throw exception if slot has invalid offset
Previously the process would crash, which is OK, but complicates testing.
Test: cts-tradefed run cts --module CtsContentTestCases
--test android.content.cts.ContentProviderCursorWindowTest
Bug:
34128677
Change-Id: I5b50982d77ec65c442fbb973d14c85a5c29c43c7
(cherry picked from commit
eb6de6f5f10148b9f81f9c0074d1e1f7af21bfb0)
Fyodor Kupolov [Tue, 28 Feb 2017 01:33:18 +0000 (17:33 -0800)]
[DO NOT MERGE] Check bounds in offsetToPtr
Check whether specified offset belongs to mData.
Also added a default argument bufferSize to check the end offset.
Size of the ashmem descriptor can be modified between
ashmem_get_size_region call and mmap. createFromParcel method was updated
to check ashmem size again immediately after memory is mapped.
Test: manual - using the test app from the bug
Bug:
34128677
Change-Id: I3ecd1616a870ce20941ce9b20a1843d2b4295750
(cherry picked from commit
45e2e95c2ffeb2d978e2cce80b729ef6ada3b8d2)
Fyodor Kupolov [Tue, 28 Feb 2017 01:33:18 +0000 (17:33 -0800)]
[DO NOT MERGE] Check bounds in offsetToPtr
Check whether specified offset belongs to mData.
Also added a default argument bufferSize to check the end offset.
Size of the ashmem descriptor can be modified between
ashmem_get_size_region call and mmap. createFromParcel method was updated
to check ashmem size again immediately after memory is mapped.
Test: manual - using the test app from the bug
Bug:
34128677
Change-Id: I3ecd1616a870ce20941ce9b20a1843d2b4295750
(cherry picked from commit
45e2e95c2ffeb2d978e2cce80b729ef6ada3b8d2)
Fyodor Kupolov [Tue, 28 Feb 2017 01:33:18 +0000 (17:33 -0800)]
[DO NOT MERGE] Check bounds in offsetToPtr
Check whether specified offset belongs to mData.
Also added a default argument bufferSize to check the end offset.
Size of the ashmem descriptor can be modified between
ashmem_get_size_region call and mmap. createFromParcel method was updated
to check ashmem size again immediately after memory is mapped.
Test: manual - using the test app from the bug
Bug:
34128677
Change-Id: I3ecd1616a870ce20941ce9b20a1843d2b4295750
(cherry picked from commit
45e2e95c2ffeb2d978e2cce80b729ef6ada3b8d2)
Jeff Sharkey [Sun, 12 Feb 2017 09:48:46 +0000 (09:48 +0000)]
DO NOT MERGE. Grant MMS Uri permissions as the calling UID.
am:
6f754e48e9
Change-Id: I2f6dd5ba1e266b3d451533e518ec7f2fe24b262c
Jeff Sharkey [Wed, 30 Nov 2016 21:29:59 +0000 (14:29 -0700)]
DO NOT MERGE. Grant MMS Uri permissions as the calling UID.
A recent security fix prevents the system UID from handing out Uri
permission grants directly from itself. Instead, services need to
issue grants as the original calling UID to ensure that the caller
actually has access to the Uris.
Test: builds, boots, send/recv MMS works in primary/secondary users
Bug:
33231106
Change-Id: Ia9fe19843b52977c8a94ee5349b907beda1882fc
(cherry picked from commit
7ff418d9a9afb9ecf42f87fffd3e65477decb55e)
Jeff Sharkey [Fri, 3 Feb 2017 00:22:15 +0000 (00:22 +0000)]
Merge "DO NOT MERGE. No direct Uri grants from system." into lmp-dev am:
3e4faac39f -s ours
am:
b058dc139d
Change-Id: Idd1aeb4749741aa8bae76cf43ce3f2bdceff077d
Jeff Sharkey [Fri, 3 Feb 2017 00:21:13 +0000 (00:21 +0000)]
DO NOT MERGE. No direct Uri grants from system. am:
2dfdf662d0 -s ours
am:
4a4b6bfafb
Change-Id: Id479b2d27fd8396047312fe7259971c167b8d705
Jeff Sharkey [Fri, 3 Feb 2017 00:12:10 +0000 (00:12 +0000)]
Merge "DO NOT MERGE. No direct Uri grants from system." into lmp-mr1-dev
am:
6d3573e530
Change-Id: I501ff6230b9b5fa5d7232e52cfe326320c7edf65
Jeff Sharkey [Fri, 3 Feb 2017 00:12:08 +0000 (00:12 +0000)]
DO NOT MERGE. No direct Uri grants from system.
am:
6f13f73b73
Change-Id: I28627832c3ec765d6761afbf3fc508d1069c9582
Jeff Sharkey [Fri, 3 Feb 2017 00:10:17 +0000 (00:10 +0000)]
Merge "DO NOT MERGE. No direct Uri grants from system." into lmp-dev
am:
3e4faac39f -s ours
Change-Id: If1ea6da6679874ca13379222a28c529421c80b23
Jeff Sharkey [Fri, 3 Feb 2017 00:10:16 +0000 (00:10 +0000)]
DO NOT MERGE. No direct Uri grants from system.
am:
2dfdf662d0 -s ours
Change-Id: Id06fac9dd096c1d821a1af7451db388446e9b156
Jeff Sharkey [Thu, 2 Feb 2017 23:59:43 +0000 (23:59 +0000)]
Merge "DO NOT MERGE. No direct Uri grants from system." into lmp-dev
Jeff Sharkey [Thu, 2 Feb 2017 23:59:42 +0000 (23:59 +0000)]
Merge "DO NOT MERGE. No direct Uri grants from system." into lmp-mr1-dev
Suprabh Shukla [Thu, 2 Feb 2017 23:13:03 +0000 (23:13 +0000)]
Merge "DO NOT MERGE Do not call RecoverySystem with DPMS lock held" into lmp-dev am:
af85feef36 -s ours
am:
d9c8155943 -s ours
Change-Id: I9dfff7471440739580e7827cdb4484fad6900048
Suprabh Shukla [Thu, 2 Feb 2017 23:12:05 +0000 (23:12 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am:
14ed611912 -s ours
am:
051f01700e -s ours
Change-Id: Idcf3ce991369a6e41a3c2bd3aa9cd16d909eea13
Suprabh Shukla [Thu, 2 Feb 2017 23:07:36 +0000 (23:07 +0000)]
Merge "DO NOT MERGE Do not call RecoverySystem with DPMS lock held" into lmp-dev
am:
af85feef36 -s ours
Change-Id: Idf57ddf932e98dda06ac9c51f7e230d6a673882b
Suprabh Shukla [Thu, 2 Feb 2017 23:07:34 +0000 (23:07 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
am:
14ed611912 -s ours
Change-Id: I1645d15febdfffd76cd2c592241549c507db1185
Suprabh Shukla [Thu, 2 Feb 2017 22:58:45 +0000 (22:58 +0000)]
Merge "DO NOT MERGE Do not call RecoverySystem with DPMS lock held" into lmp-dev
Suprabh Shukla [Thu, 2 Feb 2017 22:50:32 +0000 (22:50 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am:
8cdc04957a am:
21992d997b am:
b278ed787e -s ours am:
ec3e2b9dcb -s ours
am:
483b561f41
Change-Id: I065ff3640f19985157cd63c529019167c135489a
Suprabh Shukla [Thu, 2 Feb 2017 22:45:36 +0000 (22:45 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am:
8cdc04957a am:
21992d997b am:
b278ed787e -s ours
am:
ec3e2b9dcb -s ours
Change-Id: I76bf4d69d98374a90da3cd4c74f0c2d892504a40
Suprabh Shukla [Thu, 2 Feb 2017 22:41:38 +0000 (22:41 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am:
8cdc04957a am:
21992d997b
am:
b278ed787e -s ours
Change-Id: Ib70440bdd1c60ed5eaa9b8c8152a4745f44cacd6
Suprabh Shukla [Thu, 2 Feb 2017 22:36:03 +0000 (22:36 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am:
8cdc04957a
am:
21992d997b
Change-Id: Ib5ba5eb63227be2fbf25a79e7f8f8e42b1cc9a2b
Suprabh Shukla [Thu, 2 Feb 2017 22:31:29 +0000 (22:31 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
am:
8cdc04957a
Change-Id: I7c1b9e9f785ef99575136d9af0b062dad759c17a
Suprabh Shukla [Thu, 2 Feb 2017 22:29:02 +0000 (22:29 +0000)]
Merge "DO NOT MERGE Do not call RecoverySystem with DPMS lock held" into lmp-mr1-dev
am:
3ced78bdda
Change-Id: I4da6e2894de769fb028ad713290b62e38925294a
Suprabh Shukla [Thu, 2 Feb 2017 22:28:59 +0000 (22:28 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
am:
835c8b3d69
Change-Id: I080d11d3d7d6434b832f8ecb1ee93c17a6d7cb4a
Suprabh Shukla [Thu, 2 Feb 2017 22:23:08 +0000 (22:23 +0000)]
Merge "DO NOT MERGE Do not call RecoverySystem with DPMS lock held" into lmp-mr1-dev
Jack Yu [Thu, 2 Feb 2017 22:21:00 +0000 (22:21 +0000)]
Fixed the logic for tethering provisioning re-evaluation
am:
91a0bc9564
Change-Id: I4c499b756c019d83a61e61da3065f31a4d8672f2
Jeff Sharkey [Mon, 21 Nov 2016 17:33:54 +0000 (10:33 -0700)]
DO NOT MERGE. No direct Uri grants from system.
The system should never be extending Uri permission grants from
itself, since it automatically holds all the permissions. Instead,
the system should always be a mediator between two specific app, and
it should be using startActivityAsCaller() if it needs to extend
permissions.
Blocking at this level fixes an entire class of confused deputy
security issues.
Test: builds, normal intent resolution UI works
Bug:
33019296,
32990341,
32879915,
32879772
Change-Id: Iaa57c393a386d8068e807d0dd0caccc89d8a11db
Jeff Sharkey [Mon, 21 Nov 2016 17:33:54 +0000 (10:33 -0700)]
DO NOT MERGE. No direct Uri grants from system.
The system should never be extending Uri permission grants from
itself, since it automatically holds all the permissions. Instead,
the system should always be a mediator between two specific app, and
it should be using startActivityAsCaller() if it needs to extend
permissions.
Blocking at this level fixes an entire class of confused deputy
security issues.
Test: builds, normal intent resolution UI works
Bug:
33019296,
32990341,
32879915,
32879772
Change-Id: Iaa57c393a386d8068e807d0dd0caccc89d8a11db
Suprabh Shukla [Tue, 31 Jan 2017 02:24:02 +0000 (18:24 -0800)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
Note DPM.wipeData() on a secondary user is now blocking, just like
it's been always blocking on the primary user.
Bug
30681079
Change-Id: Ia832bed0f22396998d6307ab46e262dae9463838
Merged-In: Ia832bed0f22396998d6307ab46e262dae9463838
Suprabh Shukla [Tue, 31 Jan 2017 04:52:04 +0000 (20:52 -0800)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
Note DPM.wipeData() on a secondary user is now blocking, just like
it's been always blocking on the primary user.
Bug
30681079
Change-Id: Ia832bed0f22396998d6307ab46e262dae9463838
Suprabh Shukla [Tue, 31 Jan 2017 02:02:18 +0000 (18:02 -0800)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
Bug
30681079
Change-Id: Ia832bed0f22396998d6307ab46e262dae9463838
Jack Yu [Mon, 16 Jan 2017 18:49:55 +0000 (10:49 -0800)]
Fixed the logic for tethering provisioning re-evaluation
Previously we only re-evaluate provisioning for SIM swap case
The new logic covers both SIM swap case
(ABSENT->NOT_READY->UNKNOWN->READY->LOADED) and modem reset
case (NOT_READY->READY->LOADED)
Test: Manual
bug:
33815946
Change-Id: I9960123605b10d3fa5f3584c6c8b70b616acd6f8
Charles He [Thu, 29 Dec 2016 09:50:26 +0000 (09:50 +0000)]
Merge "Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable." into lmp-mr1-dev
am:
63a27d773b
Change-Id: I01d332678c1c3fe57ed36062a9ed01b5f368a55d
Charles He [Thu, 29 Dec 2016 09:50:20 +0000 (09:50 +0000)]
Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable.
am:
71d2a41dd9
Change-Id: Iab575b1efdd720c9cf9e32e0b056c99eff98deab
Charles He [Thu, 29 Dec 2016 09:48:50 +0000 (09:48 +0000)]
Merge "Prevent writing to FRP partition during factory reset." into lmp-mr1-dev
am:
4bd97eb888
Change-Id: I607f7ca9e160c4eed69a5baeff6b31d6db7c6b03
Charles He [Thu, 29 Dec 2016 09:48:45 +0000 (09:48 +0000)]
Prevent writing to FRP partition during factory reset.
am:
a9437bd1ca
Change-Id: Ib0b8db2357317dc3e680910c08f15f098baf2af9
Charles He [Thu, 29 Dec 2016 09:43:10 +0000 (09:43 +0000)]
Merge "Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable." into lmp-mr1-dev
Charles He [Thu, 29 Dec 2016 09:42:25 +0000 (09:42 +0000)]
Merge "Prevent writing to FRP partition during factory reset." into lmp-mr1-dev
Tom O'Neill [Thu, 22 Dec 2016 17:19:10 +0000 (17:19 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e am:
d417e54872 am:
3380a77516 am:
0a8978f04b
am:
1684e5f344
Change-Id: I0ebd2856e2e2f3793273ba952b44dc77e85b021e
Tom O'Neill [Thu, 22 Dec 2016 17:14:05 +0000 (17:14 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e am:
d417e54872 am:
3380a77516
am:
0a8978f04b
Change-Id: I693665a57465ec57f946fad57cda9ce48389408f
Tom O'Neill [Thu, 22 Dec 2016 17:09:09 +0000 (17:09 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e am:
d417e54872
am:
3380a77516
Change-Id: Ice61f337e1fcfd0569431538e475d94f9d205423
Tom O'Neill [Thu, 22 Dec 2016 17:04:07 +0000 (17:04 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e
am:
d417e54872
Change-Id: I2f47020055f962b36f095137d75c9cbfe6b1a6db
Tom O'Neill [Thu, 22 Dec 2016 16:58:33 +0000 (16:58 +0000)]
Fix exploit where can hide the fact that a location was mocked
am:
a206a0f17e
Change-Id: Ib3af056919a4b909d3d11dd3fe2b46eaa7cdf0f4
Tom O'Neill [Thu, 15 Dec 2016 18:26:28 +0000 (10:26 -0800)]
Fix exploit where can hide the fact that a location was mocked
- Even if call setTestProviderLocation() with inconsistent providers,
should still end up with a location that is flagged as mocked
- Bug:
33091107
Change-Id: I39e038f25b975989c2e8651bfd9ec9e74073e6cd
Charles He [Thu, 1 Dec 2016 19:22:33 +0000 (19:22 +0000)]
Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable.
Change-Id: I1024f2a56badde5c123d025d6fe02f42559cbcb1
Test: manual
Bug:
30352311
(cherry picked from commit
f6f1d627483b4dad9d65176769a1ee92c59a4810)
Charles He [Thu, 24 Nov 2016 14:05:00 +0000 (14:05 +0000)]
Prevent writing to FRP partition during factory reset.
Avoid potential race condition between FRP wipe and write operations
during factory reset by making the FRP partition unwritable after
wipe.
Bug:
30352311
Test: manual
Change-Id: If3f024a1611366c0677a996705724458094fcfad
(cherry picked from commit
a629c772f4a7a5ddf7ff9f78fb19f7ab86c2a9c2)
Jeff Sharkey [Fri, 2 Dec 2016 18:30:18 +0000 (18:30 +0000)]
Merge "DO NOT MERGE. Check provider access for content changes." into lmp-dev am:
ae7d4b1339 -s ours
am:
ce477912a2
Change-Id: I1f05c5204e6ba49a95a8b21cb457b04fe6738cb0
Jeff Sharkey [Fri, 2 Dec 2016 18:29:19 +0000 (18:29 +0000)]
DO NOT MERGE. Check provider access for content changes. am:
9b85862620 -s ours
am:
9277cce7fa
Change-Id: I5cdc35759ad40566c02db6ee725c199ae255b5b8
Jeff Sharkey [Fri, 2 Dec 2016 18:19:56 +0000 (18:19 +0000)]
Merge "DO NOT MERGE. Check provider access for content changes." into lmp-mr1-dev
am:
6b89229d14
Change-Id: I8f09aaed1be7f86cfb0a2cbe91ae5b4fe881df07
Jeff Sharkey [Fri, 2 Dec 2016 18:19:53 +0000 (18:19 +0000)]
Merge "DO NOT MERGE. Check provider access for content changes." into lmp-dev
am:
ae7d4b1339 -s ours
Change-Id: Idc5d7d7d695db9ac7e7007447c89ca0466ea158b
Jeff Sharkey [Fri, 2 Dec 2016 18:19:51 +0000 (18:19 +0000)]
DO NOT MERGE. Check provider access for content changes.
am:
91add43ae7
Change-Id: I158a5dab0643fb5d2c07393f0df030e93b3c006a
Jeff Sharkey [Fri, 2 Dec 2016 18:19:50 +0000 (18:19 +0000)]
DO NOT MERGE. Check provider access for content changes.
am:
9b85862620 -s ours
Change-Id: I2a67bbde8b3e131ba62cedd0b6629912e226ba90
Jeff Sharkey [Fri, 2 Dec 2016 18:10:04 +0000 (18:10 +0000)]
Merge "DO NOT MERGE. Check provider access for content changes." into lmp-mr1-dev
Jeff Sharkey [Fri, 2 Dec 2016 18:10:04 +0000 (18:10 +0000)]
Merge "DO NOT MERGE. Check provider access for content changes." into lmp-dev
Jeff Sharkey [Fri, 2 Dec 2016 00:56:32 +0000 (00:56 +0000)]
DO NOT MERGE. Retain DownloadManager Uri grants when clearing. am:
f279a5bc0d -s ours
am:
704085119d
Change-Id: Ic687581a9bf5f0906cdb7642e59b81d9b6175aca
Jeff Sharkey [Fri, 2 Dec 2016 00:50:29 +0000 (00:50 +0000)]
DO NOT MERGE. Retain DownloadManager Uri grants when clearing.
am:
1de465bec2
Change-Id: I14f82fa9c555bea0e71553713436a6836a421691
Jeff Sharkey [Fri, 2 Dec 2016 00:50:27 +0000 (00:50 +0000)]
DO NOT MERGE. Retain DownloadManager Uri grants when clearing.
am:
f279a5bc0d -s ours
Change-Id: I7fde8a3cd529bc495aa7e886988d73e22815c0b4
Jeff Sharkey [Wed, 30 Nov 2016 23:07:00 +0000 (16:07 -0700)]
DO NOT MERGE. Retain DownloadManager Uri grants when clearing.
As part of fixing a recent security issue, DownloadManager now needs
to issue Uri permission grants for all downloads. However, if an app
that requested a download is upgraded or otherwise force-stopped,
the required permission grants are removed.
We could tell DownloadManager about the app being stopped, but that
would be racy (due to background broadcast), and waking it up would
degrade system health. Instead, as a special case we now only
consider clearing DownloadManager permission grants when app data
is being cleared.
Bug:
32172542,
30537115
Test: builds, boots, app upgrade doesn't clear grants
Change-Id: I7e3d4546fd12bfe5f81b9fb9857ece58d574a6b9
(cherry picked from commit
23ec811266fb728cf159a90ce4882b3c9bac1887)
Jeff Sharkey [Wed, 30 Nov 2016 23:07:00 +0000 (16:07 -0700)]
DO NOT MERGE. Retain DownloadManager Uri grants when clearing.
As part of fixing a recent security issue, DownloadManager now needs
to issue Uri permission grants for all downloads. However, if an app
that requested a download is upgraded or otherwise force-stopped,
the required permission grants are removed.
We could tell DownloadManager about the app being stopped, but that
would be racy (due to background broadcast), and waking it up would
degrade system health. Instead, as a special case we now only
consider clearing DownloadManager permission grants when app data
is being cleared.
Bug:
32172542,
30537115
Test: builds, boots, app upgrade doesn't clear grants
Change-Id: I7e3d4546fd12bfe5f81b9fb9857ece58d574a6b9
(cherry picked from commit
23ec811266fb728cf159a90ce4882b3c9bac1887)
Jeff Sharkey [Fri, 18 Nov 2016 22:31:22 +0000 (15:31 -0700)]
DO NOT MERGE. Check provider access for content changes.
For an app to either send or receive content change notifications,
require that they have some level of access to the underlying
provider.
Without these checks, a malicious app could sniff sensitive user data
from the notifications of otherwise private providers.
Test: builds, boots, PoC app now fails
Bug:
32555637
Change-Id: If2dcd45cb0a9f1fb3b93e39fc7b8ae9c34c2fdef
Jeff Sharkey [Fri, 18 Nov 2016 21:23:23 +0000 (14:23 -0700)]
DO NOT MERGE. Check provider access for content changes.
For an app to either send or receive content change notifications,
require that they have some level of access to the underlying
provider.
Without these checks, a malicious app could sniff sensitive user data
from the notifications of otherwise private providers.
Test: builds, boots, PoC app now fails
Bug:
32555637
Change-Id: If2dcd45cb0a9f1fb3b93e39fc7b8ae9c34c2fdef
Narayan Kamath [Thu, 10 Nov 2016 11:12:11 +0000 (11:12 +0000)]
Zygote : Block SIGCHLD during fork. am:
b1f1209d9a
am:
35b8453338
Change-Id: I7c73b1a37d79f31ad8fff6d0b83426debbfd88f9
Narayan Kamath [Thu, 10 Nov 2016 11:05:42 +0000 (11:05 +0000)]
Zygote : Block SIGCHLD during fork.
am:
b1f1209d9a
Change-Id: I3658f583c82dd6243089aaa74ad731a5bfa85b01
Narayan Kamath [Mon, 7 Nov 2016 16:22:48 +0000 (16:22 +0000)]
Zygote : Block SIGCHLD during fork.
We close the android logging related sockets prior as late as possible
before every fork to avoid having to whitelist them. If one of the
zygote's children dies after this point (but prior to the fork), we can
end up reopening the logging sockets from the SIGCHLD signal handler.
To prevent this from happening, block SIGCHLD during this critical
section.
Bug:
32693692
Test: Manual
(cherry picked from commit
e9a525829a354c92983a35455ccab16d1b0d3892)
Zygote: Unblock SIGCHLD in the parent after fork.
Follow up to change
e9a525829a354c92983a. Allows the zygote to
receive SIGCHLD again and prevents the zygote from getting into a
zombie state if it's killed.
Contributed-By: rhed_jao <rhed_jao@htc.com>
Bug:
32693692
Test: manual
(cherry picked from commit
1480dc3e97b661f5bfa3a5c2fbce72385b8d2be6)
Change-Id: If89903a29c84dfc9b056f9e19618046874bba689
Narayan Kamath [Wed, 9 Nov 2016 20:17:01 +0000 (20:17 +0000)]
Merge "Zygote: Additional whitelisting for legacy devices." into lmp-dev am:
7bd25ab485
am:
a045aed7a2
Change-Id: Iec015c0607286511a0d82db7fd6c82f6e17379aa
Narayan Kamath [Wed, 9 Nov 2016 20:16:06 +0000 (20:16 +0000)]
Zygote: Additional whitelisting for legacy devices. am:
7d302e018d
am:
f369b3ce75
Change-Id: Id0794434479585b2cf4b4996256a3cb9374fd9a7
Narayan Kamath [Wed, 9 Nov 2016 20:15:05 +0000 (20:15 +0000)]
Merge "Zygote: Additional whitelists for runtime overlay / other static resources." into lmp-dev am:
d60156dfc6
am:
fd23b9d509
Change-Id: I86ad3b0fe5c3da67014540c1aa35c4326ee4f33b
Narayan Kamath [Wed, 9 Nov 2016 20:14:07 +0000 (20:14 +0000)]
Zygote: Additional whitelists for runtime overlay / other static resources. am:
0ad0e859f6
am:
1e6a5d11a6
Change-Id: Ia98abb9cb437dd3c42b80de5c0cd98c965e6603e
neo.chae [Wed, 9 Nov 2016 20:13:07 +0000 (20:13 +0000)]
Fix idmap leak in zygote process am:
0244ca8d10
am:
82537abc3b
Change-Id: I83d338ebfdefd0f935c4cfb14c3b15efca1cce0f
Xin Li [Wed, 9 Nov 2016 20:11:44 +0000 (20:11 +0000)]
Merge "Merge "Merge "DO NOT MERGE - Added Emergency affordance feature" into lollipop-mr1-dev" into lmp-mr1-dev." into lmp-mr1-dev
am:
78f15948fb
Change-Id: I5f5509cd98a6a98ce9edc782e9d8ef9093fa86e4
Xin Li [Wed, 9 Nov 2016 20:11:40 +0000 (20:11 +0000)]
Merge "Merge "DO NOT MERGE - Added Emergency affordance feature" into lollipop-mr1-dev" into lmp-mr1-dev.
am:
7e0483fcec -s ours
Change-Id: I3a351771548f827aeecf9a4c8305b907c106abc5
Narayan Kamath [Wed, 9 Nov 2016 10:24:57 +0000 (10:24 +0000)]
Merge "Zygote: Additional whitelisting for legacy devices." into lmp-dev
am:
7bd25ab485
Change-Id: I0266e2fe129ac5ae0c7bbd84e7890d5c41872655