OSDN Git Service
Android Build Merger (Role) [Wed, 15 Aug 2018 00:26:19 +0000 (00:26 +0000)]
[automerger] Fix crash during cursor moving on BiDi text am:
95218ce7ea am:
b7a2d47ec2
Change-Id: I6995aab201805b64e81022db295356ef8abda30c
Android Build Merger (Role) [Wed, 15 Aug 2018 00:26:10 +0000 (00:26 +0000)]
[automerger] Fix crash during cursor moving on BiDi text am:
95218ce7ea
Change-Id: Id97c3f508a0dcd82978b06891b3a979921d4be3a
Seigo Nonaka [Thu, 19 Jul 2018 23:22:02 +0000 (16:22 -0700)]
Fix crash during cursor moving on BiDi text
The crash was introduced by Ib66ef392c19c937718e7101f6d48fac3abe51ad0
The root cause of the crashing is requesting out-of-line access for the
horizontal width. This invalid access is silently ignored by
TextLine#measure() method but new implementation end up with out of
bounds access.
To makes behavior as old implementation, calling getHorizontal instead
of accessing measured result array.
Bug:
111580019
Test: Manually done
Change-Id: I5c5778718f6b397adbb1e4f2cf95e9f635f6e5c8
Merged-In: Ib66ef392c19c937718e7101f6d48fac3abe51ad0
Ryan Mitchell [Wed, 6 Jun 2018 23:33:08 +0000 (23:33 +0000)]
Merge changes from topic "dynamic-ref-se-mnc-dev" into cw-e-dev
* changes:
[automerger] Fix DynamicRefTable::load security bug am:
8cf0f988b0 am:
d65dbf91ce
[automerger] Fix DynamicRefTable::load security bug am:
8cf0f988b0
Fix DynamicRefTable::load security bug
Ryan Mitchell [Wed, 6 Jun 2018 23:33:08 +0000 (23:33 +0000)]
Merge changes from topic "dynamic-ref-se-mnc-dev" into mnc-dr-dev
* changes:
[automerger] Fix DynamicRefTable::load security bug am:
8cf0f988b0
Fix DynamicRefTable::load security bug
Ryan Mitchell [Wed, 6 Jun 2018 23:33:08 +0000 (23:33 +0000)]
Merge "Fix DynamicRefTable::load security bug" into mnc-dev
TreeHugger Robot [Wed, 6 Jun 2018 22:09:54 +0000 (22:09 +0000)]
Merge changes from topic "am-
c1e91e5e-2686-4871-b188-
107c0ddf3273" into cw-e-dev
* changes:
[automerger] ResStringPool: Prevenet boot loop from se fix am:
c31cf80008 am:
fd1097e436
[automerger] ResStringPool: Prevenet boot loop from se fix am:
c31cf80008
ResStringPool: Prevenet boot loop from se fix
TreeHugger Robot [Wed, 6 Jun 2018 22:09:54 +0000 (22:09 +0000)]
Merge changes from topic "am-
c1e91e5e-2686-4871-b188-
107c0ddf3273" into mnc-dr-dev
* changes:
[automerger] ResStringPool: Prevenet boot loop from se fix am:
c31cf80008
ResStringPool: Prevenet boot loop from se fix
TreeHugger Robot [Wed, 6 Jun 2018 22:09:54 +0000 (22:09 +0000)]
Merge "ResStringPool: Prevenet boot loop from se fix" into mnc-dev
Android Build Merger (Role) [Wed, 6 Jun 2018 17:12:11 +0000 (17:12 +0000)]
[automerger] Fix DynamicRefTable::load security bug am:
8cf0f988b0 am:
d65dbf91ce
Change-Id: I17fcbac2b6a7860749ddaabf6324cd89e3b78570
Android Build Merger (Role) [Wed, 6 Jun 2018 17:12:04 +0000 (17:12 +0000)]
[automerger] Fix DynamicRefTable::load security bug am:
8cf0f988b0
Change-Id: I17682a41fbacafd30a032bd78b176a883bc7bdd8
Ryan Mitchell [Wed, 30 May 2018 19:17:01 +0000 (12:17 -0700)]
Fix DynamicRefTable::load security bug
DynamicRefTables parsed from apks are missing bounds checks that prevent
buffer overflows. This changes verifies the bounds of the header before
attempting to preform operations on the chunk.
Bug:
79488511
Test: run cts -m CtsAppSecurityHostTestCases \
-t android.appsecurity.cts.CorruptApkTests
Change-Id: I02c8ad957da244fce777ac68a482e4e8fa70f846
Merged-In: I02c8ad957da244fce777ac68a482e4e8fa70f846
Android Build Merger (Role) [Wed, 6 Jun 2018 15:04:54 +0000 (15:04 +0000)]
[automerger] ResStringPool: Prevenet boot loop from se fix am:
c31cf80008 am:
fd1097e436
Change-Id: I50e23f33371f7f1e47b65d421628ab771238b278
Android Build Merger (Role) [Wed, 6 Jun 2018 15:04:30 +0000 (15:04 +0000)]
[automerger] ResStringPool: Prevenet boot loop from se fix am:
c31cf80008
Change-Id: Ie8651904560e43e89374df132bf30cd615718192
Ryan Mitchell [Mon, 21 May 2018 20:59:23 +0000 (13:59 -0700)]
ResStringPool: Prevenet boot loop from se fix
Changes the logs adding in a previous security fix to warnings so
devices with malformed APKs currently on them will not undergo DOS when
they are upgraded to P.
Bug:
79724567
Test: run cts -m CtsAppSecurityHostTestCases \
-t android.appsecurity.cts.CorruptApkTests
Change-Id: Ied54e4bb14abdaf79da562022c7ea6075187c1f8
(cherry picked from commit
f05f47b2c1838529e682ad8f931d3da72244b1a1)
Android Build Merger (Role) [Mon, 4 Jun 2018 15:28:37 +0000 (15:28 +0000)]
[automerger] Optimise the hit test algorithm am:
3b6f84b77c am:
5b224ccf41
Change-Id: I4c318ee8e717792cbe25caa830e6567572bd03f7
Android Build Merger (Role) [Mon, 4 Jun 2018 15:28:29 +0000 (15:28 +0000)]
[automerger] Optimise the hit test algorithm am:
3b6f84b77c
Change-Id: I881f5f6db05ad200a6d8507956664c8f25172dc9
Mihai Popa [Wed, 9 May 2018 16:31:48 +0000 (17:31 +0100)]
Optimise the hit test algorithm
Layout#getOffsetForHorizontal was running in O(n^2) time, where n is the
length of the current line. The method is used when a touch event
happens on a text line, to compute the cursor offset (and the character)
where it happened. Although this is not an issue in common usecases,
where the number of characters on a line is relatively small, this can
be very inefficient as a consequence of Unicode containing 0-width
(invisible) characters. Specifically, there are characters defining the
text direction (LTR or RTL), which cause our algorithm to touch the
worst case quadratic runtime. For example, a person is able to send a
message containing a few visible characters, and also a lot of these
direction changing invisible ones. When the receiver touches the message
(causing the Layout#getOffsetForHorizontal method to be called), the
receiver's application would become not responsive.
This CL optimizes the method to run in O(n) worst case. This is achieved
by computing the measurements of all line prefixes at first, which can
be done in a single pass. Then, all the prefix measurement queries will
be answered in O(1), rather than O(n) as it was happening before.
Bug:
79215201
Test: manual testing
Change-Id: Ib66ef392c19c937718e7101f6d48fac3abe51ad0
Merged-In: Ib66ef392c19c937718e7101f6d48fac3abe51ad0
Android Build Merger (Role) [Thu, 10 May 2018 17:40:22 +0000 (17:40 +0000)]
[automerger] clearCallingIdentity before calling into getPackageUidAsUser am:
857326e373 am:
b1f2848510
Change-Id: I689d44b6617f0ed949e3f72367980158ea06ad0d
Android Build Merger (Role) [Thu, 10 May 2018 17:40:16 +0000 (17:40 +0000)]
[automerger] clearCallingIdentity before calling into getPackageUidAsUser am:
857326e373
Change-Id: I2166c2f9ca0a6654e1a88b1d183062eb1564c24d
Tony Mak [Thu, 14 Dec 2017 12:40:07 +0000 (12:40 +0000)]
clearCallingIdentity before calling into getPackageUidAsUser
Fix:
70585244
Bug:
69981755
Test: Enable any accessibility service -> inflate work profile
-> Tap on any work app -> no longer crash
Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.CrossProfileAppsHostSideTest.testPrimaryUserToManagedProfile
Change-Id: I80d18f4e2ab76a228cb0aa2c8312c323a9b5c84d
Android Build Merger (Role) [Wed, 9 May 2018 17:19:07 +0000 (17:19 +0000)]
[automerger] Nullcheck to fix Autofill CTS am:
6c68a69288 am:
743abb939a
Change-Id: Ia89ea1adb47be3b70f5db292677c4c19194a04db
Android Build Merger (Role) [Wed, 9 May 2018 17:19:02 +0000 (17:19 +0000)]
[automerger] Nullcheck to fix Autofill CTS am:
6c68a69288
Change-Id: I379d54d926e01da53b637bba6b3b1ee8577cbdbb
Eugene Susla [Mon, 11 Dec 2017 18:07:03 +0000 (10:07 -0800)]
Nullcheck to fix Autofill CTS
Test: presubmit
Fixes:
70506475
Bug:
69981755
Change-Id: I187bed4889a4901a7137a2995178ea651ed09186
Android Build Merger (Role) [Thu, 26 Apr 2018 21:18:21 +0000 (21:18 +0000)]
[automerger] DO NOT MERGE Truncate newline and tab characters in BluetoothDevice name am:
984dfe074c am:
8fbe4bce1e
Change-Id: If7693b2ff5785a1a09920061b318aaac33f5d6b6
Android Build Merger (Role) [Thu, 26 Apr 2018 21:18:14 +0000 (21:18 +0000)]
[automerger] DO NOT MERGE Truncate newline and tab characters in BluetoothDevice name am:
984dfe074c
Change-Id: Iac403f5118d55d9919745d98eba260dd2929d56c
Hansong Zhang [Thu, 26 Apr 2018 21:13:45 +0000 (14:13 -0700)]
DO NOT MERGE Truncate newline and tab characters in BluetoothDevice name
Test: manual
Bug:
73173182
Change-Id: I3c25af233742e63351a68e8c5a279b51a94e49e2
TreeHugger Robot [Sat, 14 Apr 2018 01:56:10 +0000 (01:56 +0000)]
Merge "DO NOT MERGE (M) Revoke permision when group changed" into mnc-dev
Android Build Merger (Role) [Sat, 14 Apr 2018 01:07:14 +0000 (01:07 +0000)]
[automerger] DO NOT MERGE (M) Revoke permision when group changed am:
d87a1a7d53 am:
5630564178
Change-Id: I5220d4063a27154243b74e7cd43dc8fd8ffdeb51
Android Build Merger (Role) [Sat, 14 Apr 2018 01:07:08 +0000 (01:07 +0000)]
[automerger] DO NOT MERGE (M) Revoke permision when group changed am:
d87a1a7d53
Change-Id: Ie178331d03d590e50a81117498a0f5dabe4d83ae
Philip P. Moltmann [Thu, 12 Apr 2018 23:44:43 +0000 (16:44 -0700)]
DO NOT MERGE (M) Revoke permision when group changed
If a run time permission of a group is already granted we grant the
other permission of the group automatically when requested.
Hence if an already granted permission changed its group during an
update suddenly permission of a potentially not approved group will
get auto-granted.
This is undesirable, hence we revoke the permission during the update
process.
Test: atest android.permission.cts.PermissionGroupChange
Bug:
72710897
Change-Id: Ib2165d1ae53b80455ebe02e07775853e37a2e339
Android Build Merger (Role) [Fri, 13 Apr 2018 20:34:24 +0000 (20:34 +0000)]
[automerger] ResStringPool: Fix security vulnerability am:
7e54c3f261 am:
98e2d2ec50
Change-Id: I0a5c57b7a50d9221b3be4d193388ac610ba92f73
Android Build Merger (Role) [Fri, 13 Apr 2018 20:34:20 +0000 (20:34 +0000)]
[automerger] ResStringPool: Fix security vulnerability am:
7e54c3f261
Change-Id: I57e2ea2122d22341c43b9b445291cc4b02ec2b11
y [Fri, 6 Apr 2018 00:57:27 +0000 (17:57 -0700)]
ResStringPool: Fix security vulnerability
Adds detection of attacker-modified size and data fields passed to
ResStringPool::setTo(). These attacks are modified apks that AAPT would
not normally generate. In the rare case this occurs, the installation
cannot be allowed to continue.
Bug:
71361168
Bug:
71360999
Test: run cts -m CtsAppSecurityHostTestCases \
-t android.appsecurity.cts.CorruptApkTests
Change-Id: If7eb93a9e723b16c8a0556fc4e20006aa0391d57
Merged-In: If7eb93a9e723b16c8a0556fc4e20006aa0391d57
Android Build Merger (Role) [Mon, 9 Apr 2018 21:00:15 +0000 (21:00 +0000)]
[automerger] RESTRICT AUTOMERGE: Prevent reporting fake package name - framework (backport to mnc-dev) am:
de71ee469a am:
d672eef559
Change-Id: Ib50692050fd4e62ad80f24531818a378c75dfe25
Android Build Merger (Role) [Mon, 9 Apr 2018 21:00:08 +0000 (21:00 +0000)]
[automerger] RESTRICT AUTOMERGE: Prevent reporting fake package name - framework (backport to mnc-dev) am:
de71ee469a
Change-Id: I000fae45e723679ba44b378a36a85daef20ae96d
akirilov [Thu, 22 Mar 2018 21:01:44 +0000 (14:01 -0700)]
RESTRICT AUTOMERGE: Prevent reporting fake package name - framework (backport to mnc-dev)
Test: added AccessibilityEndToEndTest#testPackageNameCannotBeFaked
cts-tradefed run cts --package android.accessibilityservice
cts-tradefed run cts --package android.accessibility
BUG:
69981755
Change-Id: Id9990ccf1e88cea441f9b8927e849e67a059cfe4
Android Build Merger (Role) [Mon, 9 Apr 2018 20:17:09 +0000 (20:17 +0000)]
[automerger] Fix issue #
27317952: PendingIntent.getIntent() should be protected am:
ae77fa4725 am:
d6b6319286
Change-Id: Ic3796cc42e2ce78558fe47cff83e19d1aa52cea1
Android Build Merger (Role) [Mon, 9 Apr 2018 20:16:59 +0000 (20:16 +0000)]
[automerger] Fix issue #
27317952: PendingIntent.getIntent() should be protected am:
ae77fa4725
Change-Id: Ic2e2b8d07e1f9872189282923114846db3b3c94c
Dianne Hackborn [Tue, 1 Mar 2016 02:02:43 +0000 (18:02 -0800)]
Fix issue #
27317952: PendingIntent.getIntent() should be protected
Bug:
64752751
Change-Id: Ib05135cd94f5251942a6fc6df542ed39083f7827
(cherry picked from commit
e5ad41bc022db99c4f6663da0a9e49356c006741)
Android Build Merger (Role) [Thu, 15 Mar 2018 19:59:32 +0000 (19:59 +0000)]
[automerger] DO NOT MERGE Rework thumbnail cleanup am:
b514ce9b38 am:
b8dad6c644
Change-Id: I8539a02510ed9a61b683c66c66de7d1b319c2603
Android Build Merger (Role) [Thu, 15 Mar 2018 19:59:26 +0000 (19:59 +0000)]
[automerger] DO NOT MERGE Rework thumbnail cleanup am:
b514ce9b38
Change-Id: I5cb1316547ced23a1259e068d1ea34631d105608
Marco Nelissen [Tue, 7 Nov 2017 21:52:02 +0000 (13:52 -0800)]
DO NOT MERGE Rework thumbnail cleanup
Bug:
63766886
Test: ran CTS tests
Change-Id: I1f92bb014e275eafe3f42aef1f8c817f187c6608
Merged-In: I1f92bb014e275eafe3f42aef1f8c817f187c6608
Android Build Merger (Role) [Wed, 14 Mar 2018 15:23:32 +0000 (15:23 +0000)]
[automerger] DO NOT MERGE Fix build with SDK 24-like implementation of constructor am:
f3c2e0b3ab am:
1b6f3f9a97
Change-Id: I49de968aa0daa18b60921af1a381f77d13a8ff0e
Android Build Merger (Role) [Wed, 14 Mar 2018 15:23:19 +0000 (15:23 +0000)]
[automerger] DO NOT MERGE Fix build with SDK 24-like implementation of constructor am:
f3c2e0b3ab
Change-Id: I87dcb4ce2fc52e0ed6ce5f79d15ab49084d088e3
Alan Viverette [Tue, 13 Mar 2018 17:56:24 +0000 (13:56 -0400)]
DO NOT MERGE Fix build with SDK 24-like implementation of constructor
Bug:
71992105
Test: manual
Change-Id: I106760ada9c85adde29fd143e5dfcd924fd95f54
Pengquan Meng [Fri, 9 Mar 2018 23:37:01 +0000 (23:37 +0000)]
Merge changes from topic "am-
59911b1f-fa0c-400c-a3f8-
812ac0a8762b" into cw-e-dev
* changes:
[automerger] Fixed Security Vulnerability of DcParamObject am:
8c55a70728 am:
61f84448eb
[automerger] Fixed Security Vulnerability of DcParamObject am:
8c55a70728
Fixed Security Vulnerability of DcParamObject
Pengquan Meng [Fri, 9 Mar 2018 23:37:01 +0000 (23:37 +0000)]
Merge changes from topic "am-
59911b1f-fa0c-400c-a3f8-
812ac0a8762b" into mnc-dr-dev
* changes:
[automerger] Fixed Security Vulnerability of DcParamObject am:
8c55a70728
Fixed Security Vulnerability of DcParamObject
Pengquan Meng [Fri, 9 Mar 2018 23:37:01 +0000 (23:37 +0000)]
Merge "Fixed Security Vulnerability of DcParamObject" into mnc-dev
Alan Viverette [Fri, 9 Mar 2018 18:43:02 +0000 (18:43 +0000)]
Merge changes from topic "viewpager_state" into cw-e-dev
* changes:
[automerger] Update internal ViewPager's SavedState to match Support Library version am:
187964aca1 am:
4c24e4d831
[automerger] Update internal ViewPager's SavedState to match Support Library version am:
187964aca1
Update internal ViewPager's SavedState to match Support Library version
Alan Viverette [Fri, 9 Mar 2018 18:43:02 +0000 (18:43 +0000)]
Merge changes from topic "viewpager_state" into mnc-dr-dev
* changes:
[automerger] Update internal ViewPager's SavedState to match Support Library version am:
187964aca1
Update internal ViewPager's SavedState to match Support Library version
Alan Viverette [Fri, 9 Mar 2018 18:43:02 +0000 (18:43 +0000)]
Merge "Update internal ViewPager's SavedState to match Support Library version" into mnc-dev
Android Build Merger (Role) [Fri, 9 Mar 2018 04:18:50 +0000 (04:18 +0000)]
[automerger] Fixed Security Vulnerability of DcParamObject am:
8c55a70728 am:
61f84448eb
Change-Id: Ibdad47ba4b4f48341957f1112cf26794ef3af0ac
Android Build Merger (Role) [Fri, 9 Mar 2018 04:18:45 +0000 (04:18 +0000)]
[automerger] Fixed Security Vulnerability of DcParamObject am:
8c55a70728
Change-Id: Ic9cf5392057bfb47945e9a1b06abb19697468610
Pengquan Meng [Fri, 9 Mar 2018 04:08:25 +0000 (20:08 -0800)]
Fixed Security Vulnerability of DcParamObject
The writeToParcel and readFromParcel is not symmetry, fixed it.
Test: no test
Bug:
70721937
Change-Id: I01f6f6b2ab778ee8b638d9b69fe0a6b9aa7ee395
Android Build Merger (Role) [Fri, 9 Mar 2018 00:35:48 +0000 (00:35 +0000)]
[automerger] [DO NOT MERGE] Copy PermissionChecker from support lib and use in RcognitionService am:
5a28e533fe am:
b91acca082
Change-Id: I0cbca14aed609ab81556ee1deb72ef1e0e294256
Android Build Merger (Role) [Fri, 9 Mar 2018 00:35:42 +0000 (00:35 +0000)]
[automerger] [DO NOT MERGE] Copy PermissionChecker from support lib and use in RcognitionService am:
5a28e533fe
Change-Id: I09ac593ade4e725b560384042304f93f451b5be5
Eugene Susla [Thu, 22 Feb 2018 18:39:34 +0000 (10:39 -0800)]
[DO NOT MERGE] Copy PermissionChecker from support lib and use in RcognitionService
Fixes:
73511076,
73311729
Test: presubmit
Change-Id: Ie98f67ffee4744050ac85d8b229370a16a76a194
(cherry picked from commit
726b51a26e9a54b7352aad90ed15edccc44dd60d)
Android Build Merger (Role) [Fri, 16 Feb 2018 19:45:30 +0000 (19:45 +0000)]
[automerger] Update internal ViewPager's SavedState to match Support Library version am:
187964aca1 am:
4c24e4d831
Change-Id: I33e06bfcad6941fd8845f443991dfbcbd4167348
Android Build Merger (Role) [Fri, 16 Feb 2018 19:45:24 +0000 (19:45 +0000)]
[automerger] Update internal ViewPager's SavedState to match Support Library version am:
187964aca1
Change-Id: Ia2d011a3e2c705e82ab11dbf571f6f52cf05bae8
Alan Viverette [Fri, 16 Feb 2018 18:56:02 +0000 (13:56 -0500)]
Update internal ViewPager's SavedState to match Support Library version
Merged-In: Ic4569b21d8a26a62bba91742b442f0c3ea8bcc9e
Change-Id: I17d085be9ce1a139e75264f1e715df7f565cd41b
Fixes:
71992105
Test: manual
Siyamed Sinir [Thu, 15 Feb 2018 00:14:36 +0000 (00:14 +0000)]
Merge "DO NOT MERGE Fix mTrustManager NPE" into mnc-dev
Android Build Merger (Role) [Thu, 15 Feb 2018 00:05:43 +0000 (00:05 +0000)]
[automerger] DO NOT MERGE Fix mTrustManager NPE am:
a381c4ced3 am:
30a705874a
Change-Id: Ic83a666bae330bea031b95233079e1493c02c9b3
Android Build Merger (Role) [Thu, 15 Feb 2018 00:05:38 +0000 (00:05 +0000)]
[automerger] DO NOT MERGE Fix mTrustManager NPE am:
a381c4ced3
Change-Id: Ib622af453781a1769e820c10d6ab46c140809c57
Android Build Merger (Role) [Wed, 7 Feb 2018 23:26:32 +0000 (23:26 +0000)]
Merge "Merge changes from topic "am-
8cd2288f-c3e9-422f-8fde-
02d5b6100d12" into mnc-dr-dev am:
0153ac9dad" into cw-e-dev
Etan Cohen [Wed, 7 Feb 2018 23:22:41 +0000 (23:22 +0000)]
Merge changes from topic "am-
8cd2288f-c3e9-422f-8fde-
02d5b6100d12" into mnc-dr-dev
am:
0153ac9dad
Change-Id: I2a07841e7cd27f2ba7c30f9b2df5ddf1afcc6ef5
Android Build Merger (Role) [Wed, 7 Feb 2018 23:21:42 +0000 (23:21 +0000)]
[automerger] Merge "[RTT] ParcelableRttResults parcel code fix" into mnc-dev am:
e137462b2c am:
15754b34be
Change-Id: Idfec393662af2392aba6949d7ffcad720b4d4eb6
Etan Cohen [Wed, 7 Feb 2018 23:21:17 +0000 (23:21 +0000)]
Merge "[RTT] ParcelableRttResults parcel code fix" into mnc-dev
am:
e137462b2c
Change-Id: I4132c2ccfc0db161c6a89a6c62fb276f0874d39b
Etan Cohen [Wed, 7 Feb 2018 22:41:26 +0000 (22:41 +0000)]
Merge "[RTT] ParcelableRttResults parcel code fix" into mnc-dev
Etan Cohen [Wed, 7 Feb 2018 22:41:26 +0000 (22:41 +0000)]
Merge changes from topic "am-
8cd2288f-c3e9-422f-8fde-
02d5b6100d12" into cw-e-dev
* changes:
[automerger] [RTT] ParcelableRttResults parcel code fix am:
e1e5a2409c am:
5f4d9350f4
[automerger] [RTT] ParcelableRttResults parcel code fix am:
e1e5a2409c
[RTT] ParcelableRttResults parcel code fix
Etan Cohen [Wed, 7 Feb 2018 22:41:26 +0000 (22:41 +0000)]
Merge changes from topic "am-
8cd2288f-c3e9-422f-8fde-
02d5b6100d12" into mnc-dr-dev
* changes:
[automerger] [RTT] ParcelableRttResults parcel code fix am:
e1e5a2409c
[RTT] ParcelableRttResults parcel code fix
Android Build Merger (Role) [Wed, 7 Feb 2018 08:18:09 +0000 (08:18 +0000)]
[automerger] Fix VerifyCredentialResponse parcelling code am:
54813e9888 am:
0231bc4d6d
Change-Id: I060b6306f3f53b4497b6a19d7221aa1938e66f55
Android Build Merger (Role) [Wed, 7 Feb 2018 08:18:02 +0000 (08:18 +0000)]
[automerger] Fix VerifyCredentialResponse parcelling code am:
54813e9888
Change-Id: Ib1b60818cddeefe3031cf6c9880f5b790775aa62
Rubin Xu [Wed, 7 Feb 2018 08:10:08 +0000 (08:10 +0000)]
Fix VerifyCredentialResponse parcelling code
There was an asymmetry between parcelling and unparcelling of
VerifyCredentialResponse that could lead to type confusion if
packed with other objects in a Parcel.
Test: none
Bug:
71714464
Change-Id: Icff68879e249422ccca49f2bb7db85c35b4cb353
Android Build Merger (Role) [Fri, 2 Feb 2018 18:16:00 +0000 (18:16 +0000)]
[automerger] [RTT] ParcelableRttResults parcel code fix am:
e1e5a2409c am:
5f4d9350f4
Change-Id: I371f3a2967a5a7a826bca94637a78b7dae7c2cd8
Android Build Merger (Role) [Fri, 2 Feb 2018 18:15:53 +0000 (18:15 +0000)]
[automerger] [RTT] ParcelableRttResults parcel code fix am:
e1e5a2409c
Change-Id: I46bbee504ea7a64d39b98a2a8336b3bcf593869a
Etan Cohen [Fri, 2 Feb 2018 16:07:20 +0000 (08:07 -0800)]
[RTT] ParcelableRttResults parcel code fix
ParcelableRttResults was unparceled incorrectly.
Bug:
70398564
Test: exploit provided in bug no longer works
Change-Id: Ifd6de547e9861bbebc399b43d0cc2899a8160813
Android Build Merger (Role) [Thu, 1 Feb 2018 14:14:17 +0000 (14:14 +0000)]
[automerger] Merge "Adjust URI host parsing to stop on \ character." into lmp-mr1-dev am:
5ed5d15e66 am:
8a0c7fd99e am:
c1cb058249
Change-Id: I1ea542611301d0c4359021303b05a5e59ee1185b
Android Build Merger (Role) [Thu, 1 Feb 2018 14:14:11 +0000 (14:14 +0000)]
[automerger] Merge "Adjust URI host parsing to stop on \ character." into lmp-mr1-dev am:
5ed5d15e66 am:
8a0c7fd99e
Change-Id: If53ecf0654e883fa43e2f543561f0f7994763698
Adam Vartanian [Thu, 1 Feb 2018 14:13:34 +0000 (14:13 +0000)]
Merge "Adjust URI host parsing to stop on \ character." into lmp-mr1-dev
am:
5ed5d15e66
Change-Id: I7eb106b0db3ab568a7d8845ddd2025d80eeced3c
Adam Vartanian [Thu, 1 Feb 2018 14:05:44 +0000 (14:05 +0000)]
Merge changes from topic "am-
f1eb5cc5-7ac1-4540-b9cf-
e0577f9334e7" into mnc-dr-dev
am:
fea4158eea
Change-Id: Iea20c91a29115634c2241f535c4a0c489605798f
Adam Vartanian [Thu, 1 Feb 2018 10:02:43 +0000 (10:02 +0000)]
Merge changes from topic "am-
f1eb5cc5-7ac1-4540-b9cf-
e0577f9334e7" into mnc-dr-dev
* changes:
[automerger] Adjust URI host parsing to stop on \ character. am:
fa3afbd0e7 am:
97668ae137
[automerger] Adjust URI host parsing to stop on \ character. am:
fa3afbd0e7
Adjust URI host parsing to stop on \ character.
Adam Vartanian [Thu, 1 Feb 2018 10:02:43 +0000 (10:02 +0000)]
Merge changes from topic "am-
f1eb5cc5-7ac1-4540-b9cf-
e0577f9334e7" into mnc-dev
* changes:
[automerger] Adjust URI host parsing to stop on \ character. am:
fa3afbd0e7
Adjust URI host parsing to stop on \ character.
Adam Vartanian [Thu, 1 Feb 2018 10:02:42 +0000 (10:02 +0000)]
Merge "Adjust URI host parsing to stop on \ character." into lmp-mr1-dev
Adam Vartanian [Thu, 1 Feb 2018 10:02:42 +0000 (10:02 +0000)]
Merge changes from topic "am-
f1eb5cc5-7ac1-4540-b9cf-
e0577f9334e7" into cw-e-dev
* changes:
[automerger] Adjust URI host parsing to stop on \ character. am:
fa3afbd0e7 am:
97668ae137 am:
fddbf1b6b2
[automerger] Adjust URI host parsing to stop on \ character. am:
fa3afbd0e7 am:
97668ae137
[automerger] Adjust URI host parsing to stop on \ character. am:
fa3afbd0e7
Adjust URI host parsing to stop on \ character.
Android Build Merger (Role) [Wed, 31 Jan 2018 11:20:15 +0000 (11:20 +0000)]
[automerger] Adjust URI host parsing to stop on \ character. am:
fa3afbd0e7 am:
97668ae137 am:
fddbf1b6b2
Change-Id: I3fd20a3ee5eaa6be1c1989f13d40aed34136557e
Android Build Merger (Role) [Wed, 31 Jan 2018 11:20:08 +0000 (11:20 +0000)]
[automerger] Adjust URI host parsing to stop on \ character. am:
fa3afbd0e7 am:
97668ae137
Change-Id: Ic336b5fafebabdd4a5ad4d775a96d76739189a09
Android Build Merger (Role) [Wed, 31 Jan 2018 11:19:56 +0000 (11:19 +0000)]
[automerger] Adjust URI host parsing to stop on \ character. am:
fa3afbd0e7
Change-Id: I20336a5786e753e6941b9a784068480475415110
Adam Vartanian [Wed, 31 Jan 2018 11:05:10 +0000 (11:05 +0000)]
Adjust URI host parsing to stop on \ character.
The WHATWG URL parsing algorithm [1] used by browsers says that for
"special" URL schemes (which is basically all commonly-used
hierarchical schemes, including http, https, ftp, and file), the host
portion ends if a \ character is seen, whereas this class previously
continued to consider characters part of the hostname. This meant
that a malicious URL could be seen as having a "safe" host when viewed
by an app but navigate to a different host when passed to a browser.
[1] https://url.spec.whatwg.org/#host-state
Bug:
71360761
Test: vogar frameworks/base/core/tests/coretests/src/android/net/UriTest.java (on NYC branch)
Test: cts -m CtsNetTestCases (on NYC branch)
Change-Id: Id53f7054d1be8d59bbcc7e219159e59a2425106e
Android Build Merger (Role) [Wed, 17 Jan 2018 22:20:19 +0000 (22:20 +0000)]
[automerger] Check for null-terminator in ResStringPool::string8At am:
5ec65ae909 am:
c3d7250b99 am:
e2417e6682
Change-Id: Ief72a1c4868ab7433e4d3d4d99cbdc30954d6695
Android Build Merger (Role) [Wed, 17 Jan 2018 22:20:14 +0000 (22:20 +0000)]
[automerger] Check for null-terminator in ResStringPool::string8At am:
5ec65ae909 am:
c3d7250b99
Change-Id: I43a4eb54f67bd3dbcffd0432c3988b0377463fff
Android Build Merger (Role) [Wed, 17 Jan 2018 22:20:03 +0000 (22:20 +0000)]
[automerger] Check for null-terminator in ResStringPool::string8At am:
5ec65ae909
Change-Id: I1ea52e1ccd7bf5467438e3dc2e670cf8f325c629
Adam Lesinski [Fri, 10 Nov 2017 01:12:17 +0000 (17:12 -0800)]
Check for null-terminator in ResStringPool::string8At
All other stringAt methods check for null termination. Be consistent
so that upper levels don't end up with huge corrupt strings.
Bug:
62537081
Test: none
Change-Id: I17bdfb0c1e34507b66c6cad651bbdb12c5d4c417
(cherry picked from commit
3d35a0ea307693a97583a61973e729a5e7db2687)
(cherry picked from commit
97f8cb01149b35b1832c7f9efe85ff19edf1083e)
Siyamed Sinir [Tue, 28 Nov 2017 21:29:18 +0000 (13:29 -0800)]
DO NOT MERGE Fix mTrustManager NPE
When isDeviceLocked function is called in KeyguardManager, mTrustManager
can be null. To prevent NPE during this call, moved the mTrustManager
access to a synchronized getter.
Test: run cts -c android.print.cts.PageRangeAdjustmentTest -m testWantedPagesAlreadyWrittenForPreview
Test: run cts -c android.accessibilityservice.cts.AccessibilityEndToEndTest -m testTypeViewTextChangedAccessibilityEvent
Test: run cts -c com.android.cts.appsecurity.DocumentsTest -m testCreateExisting
Test: run cts -c com.android.cts.devicepolicy.ManagedProfileTest -m testCrossProfileCopyPaste
Test: run cts -c android.text.method.cts.PasswordTransformationMethodTest
Bug:
69471788
Change-Id: I4b4a0bb3b127424fecdad85ba559ce861af165e4
Adam Vartanian [Tue, 7 Nov 2017 21:29:27 +0000 (21:29 +0000)]
Adjust Uri host parsing to use last instead of first @. am:
cd6228dd37 am:
6a9c7c4814 am:
4158c9fbf3
am:
eee677386e
Change-Id: Ifd94d94c5376a6b4f1174aa7c2c8bb6d40199d89
Adam Vartanian [Tue, 7 Nov 2017 21:02:07 +0000 (21:02 +0000)]
Adjust Uri host parsing to use last instead of first @. am:
cd6228dd37 am:
6a9c7c4814
am:
4158c9fbf3
Change-Id: I61bc0f5471d8f7a9a59136f320d465f2ee81b518
Adam Vartanian [Tue, 7 Nov 2017 20:51:02 +0000 (20:51 +0000)]
Adjust Uri host parsing to use last instead of first @. am:
cd6228dd37
am:
6a9c7c4814
Change-Id: I80bedf58833511d336839df9f17daf65cfebfacf
Adam Vartanian [Tue, 7 Nov 2017 20:41:28 +0000 (20:41 +0000)]
Adjust Uri host parsing to use last instead of first @.
am:
cd6228dd37
Change-Id: I5db66a5a2073acaffe0560999c914a78df362c51
Adam Vartanian [Tue, 7 Nov 2017 12:22:23 +0000 (12:22 +0000)]
Adjust Uri host parsing to use last instead of first @.
Malformed authority segments can currently cause the parser to produce
a hostname that doesn't match the hostname produced by the WHATWG URL
parsing algorithm* used by browsers, which means that a URL could be seen
as having a "safe" host when checked by an Android app but actually visit
a different host when passed to a browser. The WHATWG URL parsing
algorithm always produces a hostname based on the last @ in the authority
segment, so we do the same.
* https://url.spec.whatwg.org/#authority-state resets the "buffer", which
is being used to build up the host name, each time an @ is found, so it
has the effect of using the content between the final @ and the end
of the authority section as the hostname.
Bug:
68341964
Test: vogar android.net.UriTest (on NYC branch)
Test: cts -m CtsNetTestCases (on NYC branch)
Change-Id: Idca79f35a886de042c94d6ab66787c2e98ac8376
Siyamed Sinir [Tue, 31 Oct 2017 16:34:29 +0000 (16:34 +0000)]
Merge "Use calling user ID when calling isDeviceLocked" into mnc-dev am:
a0c253d07a
am:
c275b77b03
Change-Id: Ia2887869c4ac6cdcd1a66372b991b9f78edf7679