OSDN Git Service
Ben Lin [Tue, 13 Dec 2016 01:34:39 +0000 (01:34 +0000)]
Merge "DO NOT MERGE ANYWHERE" into nyc-mr2-dev
Hugo Benichi [Tue, 13 Dec 2016 00:27:32 +0000 (00:27 +0000)]
Merge "DO NOT MERGE Logging improvements in CaptivePortalLoginActivity" into nyc-mr2-dev
Hugo Benichi [Tue, 6 Dec 2016 06:36:30 +0000 (15:36 +0900)]
DO NOT MERGE Logging improvements in CaptivePortalLoginActivity
Logging improvements to help debugging captive portal issues.
Test: manually tested
Bug:
33126342
(cherry picked from commit
87de0c206709d3a170649b535a973de8f9c0fb0c)
Change-Id: I3ac1773e07827194d854ebad4c27c48da106154b
Hugo Benichi [Tue, 13 Dec 2016 00:22:31 +0000 (00:22 +0000)]
Merge changes Ic83c3f8f,I7ed954de,I7780c389 into nyc-mr2-dev
* changes:
DO NOT MERGE NetworkMonitor: send one DNS probe per web probe
DO NOT MERGE NetworkMonitor metrics: add first validation information
DO NOT MERGE Captive portal systel log improvements
Hugo Benichi [Tue, 13 Dec 2016 00:21:43 +0000 (00:21 +0000)]
Merge "DO NOT MERGE APF: also drop any ICMPv6 RSs" into nyc-mr2-dev
Xiaohui Chen [Mon, 12 Dec 2016 23:36:51 +0000 (23:36 +0000)]
Merge "sysui: add assets and dimentions for sw900dp" into nyc-mr2-dev
Jason Monk [Mon, 12 Dec 2016 20:22:19 +0000 (20:22 +0000)]
Merge "Fix animations for app QS tiles." into nyc-mr2-dev
Jason Monk [Mon, 12 Dec 2016 20:21:56 +0000 (20:21 +0000)]
Merge "Fix loading bar positioning." into nyc-mr2-dev
Alan Viverette [Mon, 12 Dec 2016 19:50:47 +0000 (19:50 +0000)]
Merge "Add missing API diffs for support library 25.1.0" into nyc-mr2-dev
Jason Monk [Mon, 12 Dec 2016 18:07:50 +0000 (13:07 -0500)]
Fix loading bar positioning.
Move it down and make sure it covers entire width.
Change-Id: If906ea86ae1e78b7a75e2376c65f0ff0e191b86c
Fixes:
30292983
Test: Manual visual inspection of UI element locations
Tyler Gunn [Mon, 12 Dec 2016 17:09:35 +0000 (17:09 +0000)]
Merge "Add reason code used to tell dialer when call failed due to WFC being off." into nyc-mr2-dev
TreeHugger Robot [Mon, 12 Dec 2016 17:05:06 +0000 (17:05 +0000)]
Merge "[DO NOT MERGE] Switch to using UMS.mUserStates" into nyc-mr2-dev
Jason Monk [Mon, 12 Dec 2016 17:02:16 +0000 (12:02 -0500)]
Fix animations for app QS tiles.
Use correct context for third party tile drawable creation, also
fix comparison so that AVDs don't animate multiple times.
Change-Id: Ifcf7b818304d6677eacf080ed8c22893c91fdf73
Fixes:
32779384
Test: Install app with animated app QS tile.
Meng Wang [Sat, 10 Dec 2016 00:08:20 +0000 (00:08 +0000)]
Merge "DO NOT MERGE API for reporting IMS registration failures" into nyc-mr2-dev
Fyodor Kupolov [Mon, 5 Dec 2016 21:23:28 +0000 (13:23 -0800)]
[DO NOT MERGE] Switch to using UMS.mUserStates
UserManager.isUserUnlocked/isUserRunning/isUserUnlockingOrUnlocked now
return state from UMS.mUserStates that is pushed from ActivityManager.
Test: create managed profile using TestDPC and check Launcher3
Test: manually create unstarted managed profile and check launchers
Bug:
33232933
Change-Id: I6b619ba1880188eabdd6e3e4cc7eb60d3a22a977
Doris Liu [Fri, 9 Dec 2016 21:13:37 +0000 (21:13 +0000)]
Merge "Add API info about Keyframe and PropertyValuesHolder" into nyc-mr2-dev
Fyodor Kupolov [Fri, 9 Dec 2016 19:58:18 +0000 (19:58 +0000)]
Merge "[DO NOT MERGE] Increased user switch timeout to 3s" into nyc-mr2-dev
Jeff Sharkey [Fri, 9 Dec 2016 17:28:47 +0000 (17:28 +0000)]
Merge "Fix race condition bug related to freezing apps." into cw-f-dev
am:
3350ae9c82
Change-Id: Ia1f4349217b2baca92678c74d20196a3b332f008
Jeff Sharkey [Fri, 9 Dec 2016 17:28:43 +0000 (17:28 +0000)]
Fix race condition bug related to freezing apps.
am:
41d2be0f0f
Change-Id: I012093b52efda2cdffa47143c40e2708007158f5
TreeHugger Robot [Fri, 9 Dec 2016 17:22:19 +0000 (17:22 +0000)]
Merge "Fix race condition bug related to freezing apps." into cw-f-dev
Jeff Sharkey [Fri, 9 Dec 2016 16:06:12 +0000 (09:06 -0700)]
Fix race condition bug related to freezing apps.
Consider the following situation:
1. Package is frozen.
2. We try forking the app while frozen, causing a ProcessRecord with
PID 0 to be recorded in mProcessNames. As a result of the failed
fork, removeProcessLocked() tears down that ProcessRecord, but a
special case records it into mRemovedProcesses.
3. Package is unfrozen.
4. We try forking the app, and this time it proceeds normally now
that we're unfrozen. The new valid ProcessRecord is recorded in
mProcessNames.
5. activityIdleInternalLocked() triggers a clean-up pass of
mRemovedProcesses. trimApplications() ends up cleaning up the
stale reference from (2) above *by hash key* and not *by reference*,
which causes us to remove the new valid ProcessRecord. This results
in the valid ProcessRecord in (4) becoming an orphaned PID, which
starts a chain reaction of havoc that ensues.
This issue is fixed by checking the expected ProcessRecord by value
before actually removing it, thus preventing orphaned PIDs.
Test: builds, boots, over 600 installs without orphaned PIDs
Bug:
28395549
Change-Id: I5ea1b31c3fd374ea7f5cc40ff35bb9195d9f3e2b
TreeHugger Robot [Fri, 9 Dec 2016 12:02:42 +0000 (12:02 +0000)]
Merge "Import translations. DO NOT MERGE" into nyc-mr2-dev
Bill Yi [Fri, 9 Dec 2016 08:08:50 +0000 (00:08 -0800)]
Import translations. DO NOT MERGE
Change-Id: I1b452aa96ca024ffc792815917b75f8b777e7a81
Auto-generated-cl: translation import
Hugo Benichi [Wed, 16 Nov 2016 09:18:08 +0000 (18:18 +0900)]
DO NOT MERGE NetworkMonitor: send one DNS probe per web probe
This patch changes sligthly the two web probes mechanism for captive
portal detection and network validation so that DNS resolution is always
done for both probes.
In general the target web servers of the two parallel HTTP and HTTPS probes
are now different. This introduces a bias in the latency measurement of
th HTTPS probe since this latency will also include DNS resolution in
general.
Test: manual verification + $ runtest frameworks-net
Bug:
32198726
(cherry picked from commit
ab61e7c324b24e46829495bc2597e42ea907c53d)
Change-Id: Ic83c3f8f46d32269bca1b90ae192ef648d5df6c3
Hugo Benichi [Tue, 15 Nov 2016 14:23:24 +0000 (23:23 +0900)]
DO NOT MERGE NetworkMonitor metrics: add first validation information
This patch adds first validation information to:
- ValidationProbeEvent, by extending the probe_type int field of to
also include a bit indicating if the probe was part of a first
validation attempt or not.
- NetworkMonitorEvent, by defining new contants for the event_type
field.
Test: $ runtest frameworks-net
+ manually generating events and inspecting the
output of $ adb shell dumpsys connmetrics list
Bug: b/
32198726
(cherry picked from commit
147aa6d53bc1e9f8a3632553abcf936023806e1d)
Change-Id: I7ed954dee006f8804a5bf8940eec180714bddd07
Hugo Benichi [Mon, 21 Nov 2016 04:50:05 +0000 (13:50 +0900)]
DO NOT MERGE Captive portal systel log improvements
This patch improves system logging around captive portal detection to
make inspection of bug reports sligthly easier:
- NetworkMonitor now logs by default CMD_CAPTIVE_PORTAL_RECHECK and
CMD_CAPTIVE_PORTAL_APP_FINISHED. Other system logs are kept off with
a new VDBG boolean contant,
- NetworkNotificationManager now prints the notification id at
notification time. This allows to easily correlate show and clear.
- errors in NetworkNotificationManager are logged as Throwable instead
of through their implicit toString() method.
Test: $ runtest frameworks-net
Bug:
32198726
(cherry picked from commit
8b025bf108c729156b40159038befa0e6c5bebce)
Change-Id: I7780c389a94c4b9fa226f53b02fe5960d1c08618
Hugo Benichi [Thu, 8 Dec 2016 07:34:46 +0000 (16:34 +0900)]
DO NOT MERGE APF: also drop any ICMPv6 RSs
Test: new unit test + $ runtest franeworks-net
Bug:
32833400
(cherry picked from commit
f98182ef5e80ede5de7f2c2a5f40fc92a46c9704)
Change-Id: I4c46304b9dc8105123fc02a29f99dbc835248eb0
Svetoslav Ganov [Fri, 9 Dec 2016 01:52:48 +0000 (01:52 +0000)]
Fix vulnerability in MemoryIntArray am:
1181f448c1 am:
d08cf2b071
am:
385277305e
Change-Id: Ie90f6504f26526256671b057dfbb0c93e8c193c5
Fyodor Kupolov [Tue, 6 Dec 2016 19:46:56 +0000 (11:46 -0800)]
[DO NOT MERGE] Increased user switch timeout to 3s
Also report the actual delay if sendResult is eventually called.
Test: Manual - device boots, no timeouts
Bug:
30813554
Change-Id: I1271181ab9d2653fad1167049c84a6780ad46ff0
Svetoslav Ganov [Fri, 9 Dec 2016 01:48:16 +0000 (01:48 +0000)]
Fix vulnerability in MemoryIntArray am:
1181f448c1
am:
d08cf2b071
Change-Id: I436a09f1e49626fa45a7f6cc6bff92b2e5486a97
Svetoslav Ganov [Fri, 9 Dec 2016 01:43:52 +0000 (01:43 +0000)]
Fix vulnerability in MemoryIntArray
am:
1181f448c1
Change-Id: I4217066be49bb9525e945f110c22eb864ec6c212
Svetoslav Ganov [Thu, 8 Dec 2016 23:58:02 +0000 (23:58 +0000)]
Fix vulnerability in MemoryIntArray
MemoryIntArray was using the size of the undelying
ashmem region to mmap the data but the ashmem size
can be changed until the former is memory mapped.
Since we use the ashmem region size for boundary
checking and memory unmapping if it does not match
the size used while mapping an attacker can force
the system to unmap memory or to access undefined
memory and crash.
Also we were passing the memory address where the
ashmem region is mapped in the owner process to
support cases where the client can pass back the
MemoryIntArray instance. This allows an attacker
to put invalid address and cause arbitrary memory
to be freed.
Now we no longer support passing back the instance
to the owner process (the passed back instance is
read only), so no need to pass the memory adress
of the owner's mapping, thus not allowing freeing
arbitrary memory.
Further, we now check the memory mapped size against
the size of the underlying ashmem region after we do
the memory mapping (to fix the ahsmem size) and if
an attacker changed the size under us we throw.
Tests: Updated the tests and they pass.
bug:
33039926
bug:
33042690
Change-Id: Ibf56827209a9b791aa83ae679219baf829ffc2ac
Bill Napier [Thu, 8 Dec 2016 22:40:05 +0000 (22:40 +0000)]
Revert "Fix vulnerability in MemoryIntArray am:
a97171ec49" am:
43966dafb3 am:
498547ec6c
am:
ef435f6780
Change-Id: Ib5c8b17acafa4a2c55666c2dbc1591bbbeac51a7
Bill Napier [Thu, 8 Dec 2016 22:34:34 +0000 (22:34 +0000)]
Revert "Fix vulnerability in MemoryIntArray am:
a97171ec49" am:
43966dafb3
am:
498547ec6c
Change-Id: I8874250d553a7271305efc3f027c933e4aad3b1d
Bill Napier [Thu, 8 Dec 2016 22:30:02 +0000 (22:30 +0000)]
Revert "Fix vulnerability in MemoryIntArray am:
a97171ec49"
am:
43966dafb3
Change-Id: I01bc83edd411dc39cb696e64ea35b5d4a8497fbf
Bill Napier [Thu, 8 Dec 2016 22:22:38 +0000 (22:22 +0000)]
Revert "Fix vulnerability in MemoryIntArray am:
a97171ec49"
This reverts commit
fb12dd509f8e106d034f67c2e404845128128994.
Change-Id: I9e1b22b8df0e754095541a758096cba279a81ab1
Svetoslav Ganov [Thu, 8 Dec 2016 21:51:00 +0000 (21:51 +0000)]
Fix vulnerability in MemoryIntArray am:
a97171ec49 am:
fb12dd509f am:
a5ee109029
am:
5250d90637
Change-Id: I08c3a670598d8d26694b7d282d0bd18ffb4faf9b
Svetoslav Ganov [Thu, 8 Dec 2016 21:46:34 +0000 (21:46 +0000)]
Fix vulnerability in MemoryIntArray am:
a97171ec49 am:
fb12dd509f
am:
a5ee109029
Change-Id: If1b852faa812b0bcb7419ae0f75a3e2349926de0
Svetoslav Ganov [Thu, 8 Dec 2016 21:42:05 +0000 (21:42 +0000)]
Fix vulnerability in MemoryIntArray am:
a97171ec49
am:
fb12dd509f
Change-Id: I269ec7d61ebdc9f485d759d1398d5fa4eacf868f
Svetoslav Ganov [Thu, 8 Dec 2016 21:37:33 +0000 (21:37 +0000)]
Fix vulnerability in MemoryIntArray
am:
a97171ec49
Change-Id: Ifa2221a9b8ca705ef0239d61772938ac11761ce2
Alan Viverette [Thu, 8 Dec 2016 21:31:09 +0000 (16:31 -0500)]
Add missing API diffs for support library 25.1.0
Bug:
33457676
Change-Id: I8be25b41fe54ec3cd328373d4577ee3e292f5581
Xiaohui Chen [Thu, 8 Dec 2016 20:03:09 +0000 (12:03 -0800)]
sysui: add assets and dimentions for sw900dp
We are enabling all large (sw900dp) Android devices to have a
consistent sysui designed for bigger screen similar to Pixel C.
Bug:
32516898
Test: Locally on pixel c
Change-Id: Iefd81225dd8801d41976f080e1fa71a1712f92de
Svetoslav Ganov [Thu, 8 Dec 2016 19:48:19 +0000 (11:48 -0800)]
Fix vulnerability in MemoryIntArray
MemoryIntArray was using the size of the undelying
ashmem region to mmap the data but the ashmem size
can be changed until the former is memory mapped.
Since we use the ashmem region size for boundary
checking and memory unmapping if it does not match
the size used while mapping an attacker can force
the system to unmap memory or to access undefined
memory and crash.
Also we were passing the memory address where the
ashmem region is mapped in the owner process to
support cases where the client can pass back the
MemoryIntArray instance. This allows an attacker
to put invalid address and cause arbitrary memory
to be freed.
Now we no longer support passing back the instance
to the owner process (the passed back instance is
read only), so no need to pass the memory adress
of the owner's mapping, thus not allowing freeing
arbitrary memory.
Further, we now check the memory mapped size against
the size of the underlying ashmem region after we do
the memory mapping (to fix the ahsmem size) and if
an attacker changed the size under us we throw.
Tests: Updated the tests and they pass.
bug:
33039926
bug:
33042690
Change-Id: I1004579181ff7a223ef659e85c46100c47ab2409
Bill Yi [Thu, 8 Dec 2016 17:16:51 +0000 (17:16 +0000)]
Merge "Import translations. DO NOT MERGE" into cw-f-dev
am:
c0b7e766b0 -s ours
Change-Id: I00f0418ff736f2cb861ae7f1339f9ed477215b74
Bill Yi [Thu, 8 Dec 2016 17:16:49 +0000 (17:16 +0000)]
Import translations. DO NOT MERGE
am:
b004945727 -s ours
Change-Id: I4287af7000efb01c1203276a6e1817f52504a560
Bill Yi [Thu, 8 Dec 2016 17:15:12 +0000 (17:15 +0000)]
Merge "Import translations. DO NOT MERGE" into cw-f-dev
am:
e1add91fa1 -s ours
Change-Id: I3c99e350f7130ea39ac29751f104fafc04dde0d2
Bill Yi [Thu, 8 Dec 2016 17:15:09 +0000 (17:15 +0000)]
Import translations. DO NOT MERGE
am:
c30efc0214 -s ours
Change-Id: I93c5e34494eb4d3cb56ca3652406cc2a24d62fd4
Bill Yi [Thu, 8 Dec 2016 17:13:32 +0000 (17:13 +0000)]
Merge "Import translations. DO NOT MERGE" into cw-f-dev
am:
7e212ae873 -s ours
Change-Id: I14cbe78cdcb23fd8f82103395f057dca03a3b171
Bill Yi [Thu, 8 Dec 2016 17:13:31 +0000 (17:13 +0000)]
Import translations. DO NOT MERGE
am:
c300be1cf4 -s ours
Change-Id: I4318b5a4b5d6f927c03696cfe2ee52f5940bbe99
Bill Yi [Thu, 8 Dec 2016 17:12:00 +0000 (17:12 +0000)]
Merge "Import translations. DO NOT MERGE" into cw-f-dev
am:
df9a47a79f -s ours
Change-Id: I5bf1a9de6b0539b8115fb89c738ef903736c9cb4
Bill Yi [Thu, 8 Dec 2016 17:11:59 +0000 (17:11 +0000)]
Import translations. DO NOT MERGE
am:
ef89f62670 -s ours
Change-Id: Ia2a1482ed04988a1d47940402ec868c25e8bd95f
Bill Yi [Thu, 8 Dec 2016 17:08:12 +0000 (17:08 +0000)]
Merge "Import translations. DO NOT MERGE" into cw-f-dev
am:
3c54cdf15e -s ours
Change-Id: I4cdda925e378df0b674bae5c01ab9118d91d0dce
Bill Yi [Thu, 8 Dec 2016 17:08:10 +0000 (17:08 +0000)]
Import translations. DO NOT MERGE
am:
d4bdbc314b -s ours
Change-Id: Ib09ce8f953d127e4fdccaf3848f78678dc1f56b4
TreeHugger Robot [Thu, 8 Dec 2016 17:00:37 +0000 (17:00 +0000)]
Merge "Import translations. DO NOT MERGE" into cw-f-dev
TreeHugger Robot [Thu, 8 Dec 2016 17:00:10 +0000 (17:00 +0000)]
Merge "Import translations. DO NOT MERGE" into cw-f-dev
TreeHugger Robot [Thu, 8 Dec 2016 16:59:44 +0000 (16:59 +0000)]
Merge "Import translations. DO NOT MERGE" into cw-f-dev
TreeHugger Robot [Thu, 8 Dec 2016 16:59:16 +0000 (16:59 +0000)]
Merge "Import translations. DO NOT MERGE" into cw-f-dev
TreeHugger Robot [Thu, 8 Dec 2016 16:58:48 +0000 (16:58 +0000)]
Merge "Import translations. DO NOT MERGE" into cw-f-dev
Bill Yi [Thu, 8 Dec 2016 07:47:19 +0000 (23:47 -0800)]
Import translations. DO NOT MERGE
Change-Id: Iaf10ebaae14bf032c8e6ee512c3968c970b6438e
Auto-generated-cl: translation import
Bill Yi [Thu, 8 Dec 2016 07:21:48 +0000 (23:21 -0800)]
Import translations. DO NOT MERGE
Change-Id: I82ffbc76e650cbe5b782ad8ff4a257270d11b03f
Auto-generated-cl: translation import
Bill Yi [Thu, 8 Dec 2016 07:18:44 +0000 (23:18 -0800)]
Import translations. DO NOT MERGE
Change-Id: Ifebc058ab8d5b151e49ef51ea2fd895817d70bd9
Auto-generated-cl: translation import
Bill Yi [Thu, 8 Dec 2016 07:00:43 +0000 (23:00 -0800)]
Import translations. DO NOT MERGE
Change-Id: I1b1c0c189c1979a7a885b4e6e6fef21bae6dd22a
Auto-generated-cl: translation import
Bill Yi [Thu, 8 Dec 2016 06:46:57 +0000 (22:46 -0800)]
Import translations. DO NOT MERGE
Change-Id: I4de79adeee71e5aa9f9055d09f6a6dd14d6a5dec
Auto-generated-cl: translation import
Svetoslav Ganov [Thu, 8 Dec 2016 02:40:55 +0000 (02:40 +0000)]
Revert "Fix vulnerability in MemoryIntArray" am:
1f06508bc6 am:
64b5725900 am:
60357eb6bd
am:
590b77da13
Change-Id: Ic676846ed4e671535ed79cbec39ab33ad52c97f1
Svetoslav Ganov [Thu, 8 Dec 2016 02:36:54 +0000 (02:36 +0000)]
Revert "Fix vulnerability in MemoryIntArray" am:
1f06508bc6 am:
64b5725900
am:
60357eb6bd
Change-Id: Ib81f6d25a1f59c14f47fe79325c95b02c7cbe639
Svetoslav Ganov [Thu, 8 Dec 2016 02:33:00 +0000 (02:33 +0000)]
Revert "Fix vulnerability in MemoryIntArray" am:
1f06508bc6
am:
64b5725900
Change-Id: Id7021fb02059cfb3bb9184ef24f417c0be7f55b9
Svetoslav Ganov [Thu, 8 Dec 2016 02:29:00 +0000 (02:29 +0000)]
Revert "Fix vulnerability in MemoryIntArray"
am:
1f06508bc6
Change-Id: Id387817495b1857f304203c8487da3db49bdd0e4
Svetoslav Ganov [Thu, 8 Dec 2016 02:17:40 +0000 (02:17 +0000)]
Revert "Fix vulnerability in MemoryIntArray"
This reverts commit
4694cad51122c20880d00389ef95833d7a14b358.
Change-Id: I235ea3c4bd86d90bf97bc1a2d023f4780251e570
Svetoslav Ganov [Thu, 8 Dec 2016 02:08:23 +0000 (02:08 +0000)]
Fix vulnerability in MemoryIntArray am:
4694cad511 am:
ec40a70ffb am:
138a541eaa
am:
557858b9c0
Change-Id: Ia6b6b59be28f938f4c3a7c4aecb035fd4c6607f6
Aart Bik [Thu, 8 Dec 2016 02:00:56 +0000 (02:00 +0000)]
Revert "Fix vulnerability in MemoryIntArray" am:
29139a8ae5 am:
86699f980f am:
65cf055ad9
am:
278cad4793
Change-Id: I545ba917e74f34716fe773250468e06b1dfd8312
Svetoslav Ganov [Thu, 8 Dec 2016 02:00:55 +0000 (02:00 +0000)]
Fix vulnerability in MemoryIntArray am:
4694cad511 am:
ec40a70ffb
am:
138a541eaa
Change-Id: I659d82f39cab9f6d73ceb118cdc74307ee995dfb
Svetoslav Ganov [Thu, 8 Dec 2016 01:56:24 +0000 (01:56 +0000)]
Fix vulnerability in MemoryIntArray am:
4694cad511
am:
ec40a70ffb
Change-Id: I5d03aaa04fe13b3af20bcc61e9bb925b471ab825
Aart Bik [Thu, 8 Dec 2016 01:52:51 +0000 (01:52 +0000)]
Revert "Fix vulnerability in MemoryIntArray" am:
29139a8ae5 am:
86699f980f
am:
65cf055ad9
Change-Id: Iae6e4fe6eada607d71a20b8ea588ee8efd56a8e0
TreeHugger Robot [Thu, 8 Dec 2016 01:50:09 +0000 (01:50 +0000)]
Merge "EmergencyCryptkeeperText: Make sure we update if airplane mode changes" into nyc-mr2-dev
Svetoslav Ganov [Thu, 8 Dec 2016 01:49:21 +0000 (01:49 +0000)]
Fix vulnerability in MemoryIntArray
am:
4694cad511
Change-Id: I64257a851c06e4a333056ee132ff8a2ea29aef5c
Aart Bik [Thu, 8 Dec 2016 01:44:54 +0000 (01:44 +0000)]
Revert "Fix vulnerability in MemoryIntArray" am:
29139a8ae5
am:
86699f980f
Change-Id: I7876874ba0d6815920f21021a47e3fe1b3e1c42f
Aart Bik [Thu, 8 Dec 2016 01:36:50 +0000 (01:36 +0000)]
Revert "Fix vulnerability in MemoryIntArray"
am:
29139a8ae5
Change-Id: I3975cfc51bd03a65855c113dfdb827d24471e0ba
Svetoslav Ganov [Thu, 8 Dec 2016 01:30:38 +0000 (01:30 +0000)]
Fix vulnerability in MemoryIntArray
MemoryIntArray was using the size of the undelying
ashmem region to mmap the data but the ashmem size
can be changed until the former is memory mapped.
Since we use the ashmem region size for boundary
checking and memory unmapping if it does not match
the size used while mapping an attacker can force
the system to unmap memory or to access undefined
memory and crash.
Also we were passing the memory address where the
ashmem region is mapped in the owner process to
support cases where the client can pass back the
MemoryIntArray instance. This allows an attacker
to put invalid address and cause arbitrary memory
to be freed.
Now we no longer support passing back the instance
to the owner process (the passed back instance is
read only), so no need to pass the memory adress
of the owner's mapping, thus not allowing freeing
arbitrary memory.
Further, we now check the memory mapped size against
the size of the underlying ashmem region after we do
the memory mapping (to fix the ahsmem size) and if
an attacker changed the size under us we throw.
Tests: Updated the tests and they pass.
bug:
33039926
bug:
33042690
Change-Id: Id7f0e8a4c861b0b9fa796767e0c22d96633b14d1
Aart Bik [Thu, 8 Dec 2016 01:05:35 +0000 (01:05 +0000)]
Revert "Fix vulnerability in MemoryIntArray"
This reverts commit
86dfa094de773670743d41c3e3156eace8e403a3.
BROKE BUILD (as shown in some treehugger builds)
frameworks/base/core/java/android/util/MemoryIntArray.java:84: error: cannot find symbol
mCloseGuard.open("close");
^
bug:
33039926
bug:
33042690
Change-Id: Ief875e543ec849fe55c747fb1ed5253f0cd9a122
Svetoslav Ganov [Thu, 8 Dec 2016 01:04:48 +0000 (01:04 +0000)]
Fix vulnerability in MemoryIntArray am:
86dfa094de am:
367023218e am:
e123f41553
am:
b317e60014
Change-Id: I550293e05ce1d1039e3f22f72002e69df919f735
Svetoslav Ganov [Thu, 8 Dec 2016 00:57:21 +0000 (00:57 +0000)]
Fix vulnerability in MemoryIntArray am:
86dfa094de am:
367023218e
am:
e123f41553
Change-Id: Id5cd6072d972b5d03512e83dc342a7c78341ffeb
Svetoslav Ganov [Thu, 8 Dec 2016 00:49:48 +0000 (00:49 +0000)]
Fix vulnerability in MemoryIntArray am:
86dfa094de
am:
367023218e
Change-Id: I38d3f7089b9678210772f79215b44198b262e922
Daniel Nishi [Thu, 8 Dec 2016 00:42:20 +0000 (00:42 +0000)]
Merge "Add methods to query the private storage." into nyc-mr2-dev
Svetoslav Ganov [Thu, 8 Dec 2016 00:42:18 +0000 (00:42 +0000)]
Fix vulnerability in MemoryIntArray
am:
86dfa094de
Change-Id: I664782bea6e2b941ba94e51c65afd7e9b0f95f8d
Adrian Roos [Thu, 8 Dec 2016 00:30:04 +0000 (00:30 +0000)]
Merge "Notifications: Fix bad layout for long texts" into nyc-mr2-dev
Adrian Roos [Thu, 8 Dec 2016 00:25:16 +0000 (00:25 +0000)]
Merge "Revert "Direct Reply: Add back emoji button" This reverts commit
713fed9226a411d1ba83f925c10bc56fec4f2b70." into nyc-mr2-dev
Dheeraj Shetty [Wed, 7 Dec 2016 19:38:49 +0000 (11:38 -0800)]
DO NOT MERGE API for reporting IMS registration failures
Draft API to report registration failures in the following
scenarios:
1. Idle mode failures - new IMS registration.
2. Ims registration handover failures - Handover of IMS registration
from one access technology to another.
Bug:
33430556
Change-Id: Ie3bafec41c0198a66aa3ebca660a2a060e511c39
Adrian Roos [Tue, 6 Dec 2016 22:48:43 +0000 (14:48 -0800)]
EmergencyCryptkeeperText: Make sure we update if airplane mode changes
Fixes a race condition that could case the emergency text
to show when it should not, if airplane mode was queried
before it was set by the radio layer.
Change-Id: I146f2877e300d105d8a53af130be46b02ec965b2
Test: Boot into cryptkeeper with a SIM, verify that it does not show 'Emergency Calls Only' until emergency call is initiated.
Fixes:
33278862
Fixes:
32063642
Svetoslav Ganov [Wed, 7 Dec 2016 23:19:09 +0000 (15:19 -0800)]
Fix vulnerability in MemoryIntArray
MemoryIntArray was using the size of the undelying
ashmem region to mmap the data but the ashmem size
can be changed until the former is memory mapped.
Since we use the ashmem region size for boundary
checking and memory unmapping if it does not match
the size used while mapping an attacker can force
the system to unmap memory or to access undefined
memory and crash.
Also we were passing the memory address where the
ashmem region is mapped in the owner process to
support cases where the client can pass back the
MemoryIntArray instance. This allows an attacker
to put invalid address and cause arbitrary memory
to be freed.
Now we no longer support passing back the instance
to the owner process (the passed back instance is
read only), so no need to pass the memory adress
of the owner's mapping, thus not allowing freeing
arbitrary memory.
Further, we now check the memory mapped size against
the size of the underlying ashmem region after we do
the memory mapping (to fix the ahsmem size) and if
an attacker changed the size under us we throw.
Tests: Updated the tests and they pass.
bug:
33039926
bug:
33042690
Change-Id: Ie267646eb88014034fbd048d7a9bc273420c7eff
Tyler Gunn [Wed, 7 Dec 2016 21:19:44 +0000 (13:19 -0800)]
Add reason code used to tell dialer when call failed due to WFC being off.
Adding new reason code which will be sent to Dialer to display a message
to the user when the call fails to the WFC being off.
Test: Manual
Bug:
28709116
Change-Id: I155fda9a47823d6d3f68be6f07dbe64998a582ae
Ned Burns [Wed, 7 Dec 2016 21:14:51 +0000 (21:14 +0000)]
DO NOT MERGE Fix android:noHistory for Wear
am:
d7a313fb11
Change-Id: I3715b2fb1045b7bfce7f52e9b4982fcc0218d28c
Eric Laurent [Wed, 7 Dec 2016 21:12:38 +0000 (21:12 +0000)]
Merge "AudioService: fix mismatch in device volume index for alias streams" into nyc-mr2-dev
Ned Burns [Tue, 6 Dec 2016 20:52:01 +0000 (15:52 -0500)]
DO NOT MERGE Fix android:noHistory for Wear
Modifies swipe-to-close activities to be opaque by default (instead
of translucent by default). Previously, android:noHistory properties
on most activities in Wear were being ignored because they were
usually transitioning to a swipe-to-close activity that was marked
as translucent. This meant that the noHistory activity was still
technically visible, and so would never be culled from the task
history.
Now, we convert a swiped activity to translucent as soon as a swipe
begins, and convert it back after the swipe finishes. The previous
version of SDL tries to do this, but fails in the case where the
context is a ContextWrapper.
This approach is hacky and isn't merge-able into master. We leave
it DO NOT MERGE and will do a long-term fix after the holidays.
Test: Built a test app to verify that noHistory is now being
correctly respected. Manually verified that new activities start
out opaque and not translucent. Manually verified that Home
correctly starts/stops when it's revealed from underneath a
partially swiped activity. Tested general swipe behavior on Settings,
Contacts, Flashlight, Fit.
Bug:
33252029
Change-Id: Ib2e7f21ea1e0d52db03e78d25676501e5f73b31f
Sunny Goyal [Wed, 7 Dec 2016 19:12:21 +0000 (19:12 +0000)]
Merge "Preventing widgets from exceeding Bitmap memory limit" into nyc-mr2-dev
Eric Laurent [Thu, 3 Nov 2016 23:27:40 +0000 (16:27 -0700)]
AudioService: fix mismatch in device volume index for alias streams
Fix VolumeStreamState.setIndex() to force device volume
index update on an alias stream when no specific device volume exists
on the VolumeStreamState of this alias stream.
This prevents asymetric behaviors of setDeviceVolume() and setAllVolumes()
causing some stream types to be muted and
not unmuted if no specific device volume index exist.
Test: make
Test: wipe device, setup wizard, place call and check nofication volume
Bug:
32626244
Change-Id: Idd170aa9f295b0a9533a589e1891a04c05ab2f2f
(cherry picked from commit
3fb608e4f38df2781461ee601156258c90b6c472)
Tenghui Zhu [Wed, 7 Dec 2016 18:53:28 +0000 (18:53 +0000)]
Merge "Recreate the bitmap cache when it is smaller than needed" into nyc-mr2-dev
TreeHugger Robot [Wed, 7 Dec 2016 18:39:00 +0000 (18:39 +0000)]
Merge "Fix two StrictMode stack collection bugs." into nyc-mr2-dev
TreeHugger Robot [Wed, 7 Dec 2016 17:22:56 +0000 (17:22 +0000)]
Merge "Revert "Allow power button to close an input method"" into nyc-mr2-dev
Jeff Sharkey [Tue, 6 Dec 2016 23:47:00 +0000 (16:47 -0700)]
Fix two StrictMode stack collection bugs.
When Binder calls are nested, we can quickly end up with a snowball
of stacktraces that can cause the original transaction to fail. This
CL makes two specific changes to alleviate this pressure:
-- Consider a nested Binder call from PID A -> B -> C. If both B and
C encounter dozens of StrictMode violations, then gatheredViolations
in B will end up with 10 ViolationInfo (5 from B and 5 from C). This
problem only grows with each successive nested call. To solve this,
always limit ourselves to only ever write out 3 ViolationInfo from
any given process.
-- CrashInfo already nicely truncates any large stack traces to 20kB,
but readAndHandleBinderCallViolations() blindly appends the entire
local trace, and never considers truncating again. Similar to the
first problem above, nested calls can quickly cause the stackTrace
value to explode in size. To solve this, we always re-truncate the
stackTrace value after appending our local stack.
Also fix some NPE bugs when missing crashInfo.
(cherry-picked from commit
58f27b5033542150a78fb050e2f85253a48efa67)
Test: builds, boots
Bug:
32575987
Change-Id: Ie8373ca277296f920f2b1c564d419c702a8ee0f2
Alan Viverette [Fri, 11 Nov 2016 22:11:01 +0000 (17:11 -0500)]
Add missing API diffs for support library 25.0.0
Bug:
33408968
Test: n/a
Change-Id: I497b2a24248c1511c0d6eca4d5951451e4870b83
OSDN Git Service
