OSDN Git Service
Phil Weaver [Fri, 7 Apr 2017 23:09:28 +0000 (23:09 +0000)]
Make a11y node info parceling more robust
am:
1d8eb49073
Change-Id: I5280a23cbfff5abfcc83e9e6d9afb4f8960ece44
Phil Weaver [Fri, 7 Apr 2017 21:39:27 +0000 (14:39 -0700)]
Make a11y node info parceling more robust
Fix a bug where a malformed Parceled representation
of an AccessibilityNodeInfo could be used to mess with
Bundles as they get reparceled.
Bug:
36491278
Test: Verified that POC no longer works, a11y cts still passes.
(Manual merge from commit
687bb44b437f7bb24dd3dddf072c2f646308e2ca)
Change-Id: I7746c9175a2da28f75d4f4b169d7997abadf1852
Fyodor Kupolov [Fri, 10 Mar 2017 03:06:31 +0000 (03:06 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev am:
ac87aee354 am:
a821245d70 am:
156fa32e2a -s ours
am:
de9cb7ed68 -s ours
Change-Id: I2f94e2ea49c05a29308ca2351a083377350bb2ab
Fyodor Kupolov [Fri, 10 Mar 2017 03:00:46 +0000 (03:00 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev am:
ac87aee354 am:
a821245d70
am:
156fa32e2a -s ours
Change-Id: Ic4e51daa36c395f2e3b538658649ff9104bb962c
Fyodor Kupolov [Fri, 10 Mar 2017 02:55:07 +0000 (02:55 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev am:
ac87aee354
am:
a821245d70
Change-Id: I1e47c963728906cb2283a353c882017368d07747
Fyodor Kupolov [Fri, 10 Mar 2017 02:49:34 +0000 (02:49 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev
am:
ac87aee354
Change-Id: I5bbdc48120f2d03b4ad6605bfeccd5ccdc8c7958
Fyodor Kupolov [Fri, 10 Mar 2017 02:39:09 +0000 (02:39 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev
Fyodor Kupolov [Fri, 10 Mar 2017 02:02:30 +0000 (02:02 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into lmp-dev
am:
d2e8e1488a -s ours
Change-Id: I85273c31137127b733b51579c55618326d67a88c
Fyodor Kupolov [Fri, 10 Mar 2017 01:55:54 +0000 (01:55 +0000)]
[DO NOT MERGE] Throw exception if slot has invalid offset
am:
69e347f7ef -s ours
Change-Id: I5b06e8493703961f828894358a05c9cc70856fa9
Fyodor Kupolov [Fri, 10 Mar 2017 01:51:13 +0000 (01:51 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into lmp-mr1-dev
Fyodor Kupolov [Fri, 10 Mar 2017 01:50:38 +0000 (01:50 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into lmp-dev
Fyodor Kupolov [Thu, 9 Mar 2017 20:05:21 +0000 (20:05 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr am:
7b83d625aa am:
2d54d2c0d5 am:
305a41b7a6 -s ours
am:
e0f30ecdb9 -s ours
Change-Id: Iffa0c61e06cbfe2e66912c26b0a3d81660bc5a91
Fyodor Kupolov [Thu, 9 Mar 2017 19:58:26 +0000 (19:58 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr am:
7b83d625aa am:
2d54d2c0d5
am:
305a41b7a6 -s ours
Change-Id: I902e6af1c2ef49d454a7d1bae92d8e20ea263b0e
Fyodor Kupolov [Thu, 9 Mar 2017 19:52:01 +0000 (19:52 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr am:
7b83d625aa
am:
2d54d2c0d5
Change-Id: I29dccd1ed95079470fc1dd7b04e3db6c5c7d76d2
Fyodor Kupolov [Thu, 9 Mar 2017 19:43:54 +0000 (19:43 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr
am:
7b83d625aa
Change-Id: Icfcec14e7d4bfcd6c893f0fa319541223b9d7901
Fyodor Kupolov [Thu, 9 Mar 2017 19:43:52 +0000 (19:43 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr
am:
bb6096d37b -s ours
Change-Id: Ief3269100fb5c0d425e58b4faf87bd73677251b1
Fyodor Kupolov [Wed, 22 Feb 2017 22:12:50 +0000 (14:12 -0800)]
[DO NOT MERGE] Throw exception if slot has invalid offset
Previously the process would crash, which is OK, but complicates testing.
Test: cts-tradefed run cts --module CtsContentTestCases
--test android.content.cts.ContentProviderCursorWindowTest
Bug:
34128677
Change-Id: I5b50982d77ec65c442fbb973d14c85a5c29c43c7
(cherry picked from commit
eb6de6f5f10148b9f81f9c0074d1e1f7af21bfb0)
Fyodor Kupolov [Wed, 22 Feb 2017 22:12:50 +0000 (14:12 -0800)]
[DO NOT MERGE] Throw exception if slot has invalid offset
Previously the process would crash, which is OK, but complicates testing.
Test: cts-tradefed run cts --module CtsContentTestCases
--test android.content.cts.ContentProviderCursorWindowTest
Bug:
34128677
Change-Id: I5b50982d77ec65c442fbb973d14c85a5c29c43c7
(cherry picked from commit
eb6de6f5f10148b9f81f9c0074d1e1f7af21bfb0)
Fyodor Kupolov [Wed, 22 Feb 2017 22:12:50 +0000 (14:12 -0800)]
[DO NOT MERGE] Throw exception if slot has invalid offset
Previously the process would crash, which is OK, but complicates testing.
Test: cts-tradefed run cts --module CtsContentTestCases
--test android.content.cts.ContentProviderCursorWindowTest
Bug:
34128677
Change-Id: I5b50982d77ec65c442fbb973d14c85a5c29c43c7
(cherry picked from commit
eb6de6f5f10148b9f81f9c0074d1e1f7af21bfb0)
Fyodor Kupolov [Tue, 28 Feb 2017 01:33:18 +0000 (17:33 -0800)]
[DO NOT MERGE] Check bounds in offsetToPtr
Check whether specified offset belongs to mData.
Also added a default argument bufferSize to check the end offset.
Size of the ashmem descriptor can be modified between
ashmem_get_size_region call and mmap. createFromParcel method was updated
to check ashmem size again immediately after memory is mapped.
Test: manual - using the test app from the bug
Bug:
34128677
Change-Id: I3ecd1616a870ce20941ce9b20a1843d2b4295750
(cherry picked from commit
45e2e95c2ffeb2d978e2cce80b729ef6ada3b8d2)
Fyodor Kupolov [Tue, 28 Feb 2017 01:33:18 +0000 (17:33 -0800)]
[DO NOT MERGE] Check bounds in offsetToPtr
Check whether specified offset belongs to mData.
Also added a default argument bufferSize to check the end offset.
Size of the ashmem descriptor can be modified between
ashmem_get_size_region call and mmap. createFromParcel method was updated
to check ashmem size again immediately after memory is mapped.
Test: manual - using the test app from the bug
Bug:
34128677
Change-Id: I3ecd1616a870ce20941ce9b20a1843d2b4295750
(cherry picked from commit
45e2e95c2ffeb2d978e2cce80b729ef6ada3b8d2)
Fyodor Kupolov [Tue, 28 Feb 2017 01:33:18 +0000 (17:33 -0800)]
[DO NOT MERGE] Check bounds in offsetToPtr
Check whether specified offset belongs to mData.
Also added a default argument bufferSize to check the end offset.
Size of the ashmem descriptor can be modified between
ashmem_get_size_region call and mmap. createFromParcel method was updated
to check ashmem size again immediately after memory is mapped.
Test: manual - using the test app from the bug
Bug:
34128677
Change-Id: I3ecd1616a870ce20941ce9b20a1843d2b4295750
(cherry picked from commit
45e2e95c2ffeb2d978e2cce80b729ef6ada3b8d2)
Jeff Sharkey [Wed, 30 Nov 2016 21:29:59 +0000 (14:29 -0700)]
DO NOT MERGE. Grant MMS Uri permissions as the calling UID.
A recent security fix prevents the system UID from handing out Uri
permission grants directly from itself. Instead, services need to
issue grants as the original calling UID to ensure that the caller
actually has access to the Uris.
Test: builds, boots, send/recv MMS works in primary/secondary users
Bug:
33231106
Change-Id: Ia9fe19843b52977c8a94ee5349b907beda1882fc
(cherry picked from commit
7ff418d9a9afb9ecf42f87fffd3e65477decb55e)
Jeff Sharkey [Fri, 3 Feb 2017 00:10:17 +0000 (00:10 +0000)]
Merge "DO NOT MERGE. No direct Uri grants from system." into lmp-dev
am:
3e4faac39f -s ours
Change-Id: If1ea6da6679874ca13379222a28c529421c80b23
Jeff Sharkey [Fri, 3 Feb 2017 00:10:16 +0000 (00:10 +0000)]
DO NOT MERGE. No direct Uri grants from system.
am:
2dfdf662d0 -s ours
Change-Id: Id06fac9dd096c1d821a1af7451db388446e9b156
Jeff Sharkey [Thu, 2 Feb 2017 23:59:43 +0000 (23:59 +0000)]
Merge "DO NOT MERGE. No direct Uri grants from system." into lmp-dev
Jeff Sharkey [Thu, 2 Feb 2017 23:59:42 +0000 (23:59 +0000)]
Merge "DO NOT MERGE. No direct Uri grants from system." into lmp-mr1-dev
Suprabh Shukla [Thu, 2 Feb 2017 23:07:36 +0000 (23:07 +0000)]
Merge "DO NOT MERGE Do not call RecoverySystem with DPMS lock held" into lmp-dev
am:
af85feef36 -s ours
Change-Id: Idf57ddf932e98dda06ac9c51f7e230d6a673882b
Suprabh Shukla [Thu, 2 Feb 2017 23:07:34 +0000 (23:07 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
am:
14ed611912 -s ours
Change-Id: I1645d15febdfffd76cd2c592241549c507db1185
Suprabh Shukla [Thu, 2 Feb 2017 22:58:45 +0000 (22:58 +0000)]
Merge "DO NOT MERGE Do not call RecoverySystem with DPMS lock held" into lmp-dev
Suprabh Shukla [Thu, 2 Feb 2017 22:45:36 +0000 (22:45 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am:
8cdc04957a am:
21992d997b am:
b278ed787e -s ours
am:
ec3e2b9dcb -s ours
Change-Id: I76bf4d69d98374a90da3cd4c74f0c2d892504a40
Suprabh Shukla [Thu, 2 Feb 2017 22:41:38 +0000 (22:41 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am:
8cdc04957a am:
21992d997b
am:
b278ed787e -s ours
Change-Id: Ib70440bdd1c60ed5eaa9b8c8152a4745f44cacd6
Suprabh Shukla [Thu, 2 Feb 2017 22:36:03 +0000 (22:36 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am:
8cdc04957a
am:
21992d997b
Change-Id: Ib5ba5eb63227be2fbf25a79e7f8f8e42b1cc9a2b
Suprabh Shukla [Thu, 2 Feb 2017 22:31:29 +0000 (22:31 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
am:
8cdc04957a
Change-Id: I7c1b9e9f785ef99575136d9af0b062dad759c17a
Suprabh Shukla [Thu, 2 Feb 2017 22:23:08 +0000 (22:23 +0000)]
Merge "DO NOT MERGE Do not call RecoverySystem with DPMS lock held" into lmp-mr1-dev
Jeff Sharkey [Mon, 21 Nov 2016 17:33:54 +0000 (10:33 -0700)]
DO NOT MERGE. No direct Uri grants from system.
The system should never be extending Uri permission grants from
itself, since it automatically holds all the permissions. Instead,
the system should always be a mediator between two specific app, and
it should be using startActivityAsCaller() if it needs to extend
permissions.
Blocking at this level fixes an entire class of confused deputy
security issues.
Test: builds, normal intent resolution UI works
Bug:
33019296,
32990341,
32879915,
32879772
Change-Id: Iaa57c393a386d8068e807d0dd0caccc89d8a11db
Jeff Sharkey [Mon, 21 Nov 2016 17:33:54 +0000 (10:33 -0700)]
DO NOT MERGE. No direct Uri grants from system.
The system should never be extending Uri permission grants from
itself, since it automatically holds all the permissions. Instead,
the system should always be a mediator between two specific app, and
it should be using startActivityAsCaller() if it needs to extend
permissions.
Blocking at this level fixes an entire class of confused deputy
security issues.
Test: builds, normal intent resolution UI works
Bug:
33019296,
32990341,
32879915,
32879772
Change-Id: Iaa57c393a386d8068e807d0dd0caccc89d8a11db
Suprabh Shukla [Tue, 31 Jan 2017 02:24:02 +0000 (18:24 -0800)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
Note DPM.wipeData() on a secondary user is now blocking, just like
it's been always blocking on the primary user.
Bug
30681079
Change-Id: Ia832bed0f22396998d6307ab46e262dae9463838
Merged-In: Ia832bed0f22396998d6307ab46e262dae9463838
Suprabh Shukla [Tue, 31 Jan 2017 04:52:04 +0000 (20:52 -0800)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
Note DPM.wipeData() on a secondary user is now blocking, just like
it's been always blocking on the primary user.
Bug
30681079
Change-Id: Ia832bed0f22396998d6307ab46e262dae9463838
Suprabh Shukla [Tue, 31 Jan 2017 02:02:18 +0000 (18:02 -0800)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
Bug
30681079
Change-Id: Ia832bed0f22396998d6307ab46e262dae9463838
Jack Yu [Mon, 16 Jan 2017 18:49:55 +0000 (10:49 -0800)]
Fixed the logic for tethering provisioning re-evaluation
Previously we only re-evaluate provisioning for SIM swap case
The new logic covers both SIM swap case
(ABSENT->NOT_READY->UNKNOWN->READY->LOADED) and modem reset
case (NOT_READY->READY->LOADED)
Test: Manual
bug:
33815946
Change-Id: I9960123605b10d3fa5f3584c6c8b70b616acd6f8
Charles He [Thu, 29 Dec 2016 09:43:10 +0000 (09:43 +0000)]
Merge "Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable." into lmp-mr1-dev
Charles He [Thu, 29 Dec 2016 09:42:25 +0000 (09:42 +0000)]
Merge "Prevent writing to FRP partition during factory reset." into lmp-mr1-dev
Tom O'Neill [Thu, 22 Dec 2016 17:14:05 +0000 (17:14 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e am:
d417e54872 am:
3380a77516
am:
0a8978f04b
Change-Id: I693665a57465ec57f946fad57cda9ce48389408f
Tom O'Neill [Thu, 22 Dec 2016 17:09:09 +0000 (17:09 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e am:
d417e54872
am:
3380a77516
Change-Id: Ice61f337e1fcfd0569431538e475d94f9d205423
Tom O'Neill [Thu, 22 Dec 2016 17:04:07 +0000 (17:04 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e
am:
d417e54872
Change-Id: I2f47020055f962b36f095137d75c9cbfe6b1a6db
Tom O'Neill [Thu, 22 Dec 2016 16:58:33 +0000 (16:58 +0000)]
Fix exploit where can hide the fact that a location was mocked
am:
a206a0f17e
Change-Id: Ib3af056919a4b909d3d11dd3fe2b46eaa7cdf0f4
Tom O'Neill [Thu, 15 Dec 2016 18:26:28 +0000 (10:26 -0800)]
Fix exploit where can hide the fact that a location was mocked
- Even if call setTestProviderLocation() with inconsistent providers,
should still end up with a location that is flagged as mocked
- Bug:
33091107
Change-Id: I39e038f25b975989c2e8651bfd9ec9e74073e6cd
Charles He [Thu, 1 Dec 2016 19:22:33 +0000 (19:22 +0000)]
Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable.
Change-Id: I1024f2a56badde5c123d025d6fe02f42559cbcb1
Test: manual
Bug:
30352311
(cherry picked from commit
f6f1d627483b4dad9d65176769a1ee92c59a4810)
Charles He [Thu, 24 Nov 2016 14:05:00 +0000 (14:05 +0000)]
Prevent writing to FRP partition during factory reset.
Avoid potential race condition between FRP wipe and write operations
during factory reset by making the FRP partition unwritable after
wipe.
Bug:
30352311
Test: manual
Change-Id: If3f024a1611366c0677a996705724458094fcfad
(cherry picked from commit
a629c772f4a7a5ddf7ff9f78fb19f7ab86c2a9c2)
Jeff Sharkey [Fri, 2 Dec 2016 18:19:53 +0000 (18:19 +0000)]
Merge "DO NOT MERGE. Check provider access for content changes." into lmp-dev
am:
ae7d4b1339 -s ours
Change-Id: Idc5d7d7d695db9ac7e7007447c89ca0466ea158b
Jeff Sharkey [Fri, 2 Dec 2016 18:19:50 +0000 (18:19 +0000)]
DO NOT MERGE. Check provider access for content changes.
am:
9b85862620 -s ours
Change-Id: I2a67bbde8b3e131ba62cedd0b6629912e226ba90
Jeff Sharkey [Fri, 2 Dec 2016 18:10:04 +0000 (18:10 +0000)]
Merge "DO NOT MERGE. Check provider access for content changes." into lmp-mr1-dev
Jeff Sharkey [Fri, 2 Dec 2016 18:10:04 +0000 (18:10 +0000)]
Merge "DO NOT MERGE. Check provider access for content changes." into lmp-dev
Jeff Sharkey [Fri, 2 Dec 2016 00:50:27 +0000 (00:50 +0000)]
DO NOT MERGE. Retain DownloadManager Uri grants when clearing.
am:
f279a5bc0d -s ours
Change-Id: I7fde8a3cd529bc495aa7e886988d73e22815c0b4
Jeff Sharkey [Wed, 30 Nov 2016 23:07:00 +0000 (16:07 -0700)]
DO NOT MERGE. Retain DownloadManager Uri grants when clearing.
As part of fixing a recent security issue, DownloadManager now needs
to issue Uri permission grants for all downloads. However, if an app
that requested a download is upgraded or otherwise force-stopped,
the required permission grants are removed.
We could tell DownloadManager about the app being stopped, but that
would be racy (due to background broadcast), and waking it up would
degrade system health. Instead, as a special case we now only
consider clearing DownloadManager permission grants when app data
is being cleared.
Bug:
32172542,
30537115
Test: builds, boots, app upgrade doesn't clear grants
Change-Id: I7e3d4546fd12bfe5f81b9fb9857ece58d574a6b9
(cherry picked from commit
23ec811266fb728cf159a90ce4882b3c9bac1887)
Jeff Sharkey [Wed, 30 Nov 2016 23:07:00 +0000 (16:07 -0700)]
DO NOT MERGE. Retain DownloadManager Uri grants when clearing.
As part of fixing a recent security issue, DownloadManager now needs
to issue Uri permission grants for all downloads. However, if an app
that requested a download is upgraded or otherwise force-stopped,
the required permission grants are removed.
We could tell DownloadManager about the app being stopped, but that
would be racy (due to background broadcast), and waking it up would
degrade system health. Instead, as a special case we now only
consider clearing DownloadManager permission grants when app data
is being cleared.
Bug:
32172542,
30537115
Test: builds, boots, app upgrade doesn't clear grants
Change-Id: I7e3d4546fd12bfe5f81b9fb9857ece58d574a6b9
(cherry picked from commit
23ec811266fb728cf159a90ce4882b3c9bac1887)
Jeff Sharkey [Fri, 18 Nov 2016 22:31:22 +0000 (15:31 -0700)]
DO NOT MERGE. Check provider access for content changes.
For an app to either send or receive content change notifications,
require that they have some level of access to the underlying
provider.
Without these checks, a malicious app could sniff sensitive user data
from the notifications of otherwise private providers.
Test: builds, boots, PoC app now fails
Bug:
32555637
Change-Id: If2dcd45cb0a9f1fb3b93e39fc7b8ae9c34c2fdef
Jeff Sharkey [Fri, 18 Nov 2016 21:23:23 +0000 (14:23 -0700)]
DO NOT MERGE. Check provider access for content changes.
For an app to either send or receive content change notifications,
require that they have some level of access to the underlying
provider.
Without these checks, a malicious app could sniff sensitive user data
from the notifications of otherwise private providers.
Test: builds, boots, PoC app now fails
Bug:
32555637
Change-Id: If2dcd45cb0a9f1fb3b93e39fc7b8ae9c34c2fdef
Narayan Kamath [Thu, 10 Nov 2016 11:05:42 +0000 (11:05 +0000)]
Zygote : Block SIGCHLD during fork.
am:
b1f1209d9a
Change-Id: I3658f583c82dd6243089aaa74ad731a5bfa85b01
Narayan Kamath [Mon, 7 Nov 2016 16:22:48 +0000 (16:22 +0000)]
Zygote : Block SIGCHLD during fork.
We close the android logging related sockets prior as late as possible
before every fork to avoid having to whitelist them. If one of the
zygote's children dies after this point (but prior to the fork), we can
end up reopening the logging sockets from the SIGCHLD signal handler.
To prevent this from happening, block SIGCHLD during this critical
section.
Bug:
32693692
Test: Manual
(cherry picked from commit
e9a525829a354c92983a35455ccab16d1b0d3892)
Zygote: Unblock SIGCHLD in the parent after fork.
Follow up to change
e9a525829a354c92983a. Allows the zygote to
receive SIGCHLD again and prevents the zygote from getting into a
zombie state if it's killed.
Contributed-By: rhed_jao <rhed_jao@htc.com>
Bug:
32693692
Test: manual
(cherry picked from commit
1480dc3e97b661f5bfa3a5c2fbce72385b8d2be6)
Change-Id: If89903a29c84dfc9b056f9e19618046874bba689
Narayan Kamath [Wed, 9 Nov 2016 10:24:57 +0000 (10:24 +0000)]
Merge "Zygote: Additional whitelisting for legacy devices." into lmp-dev
am:
7bd25ab485
Change-Id: I0266e2fe129ac5ae0c7bbd84e7890d5c41872655
Narayan Kamath [Wed, 9 Nov 2016 10:24:53 +0000 (10:24 +0000)]
Zygote: Additional whitelisting for legacy devices.
am:
7d302e018d
Change-Id: I15f8e0ec93f502ca45a9b00d93baa66780701996
Narayan Kamath [Wed, 9 Nov 2016 10:20:00 +0000 (10:20 +0000)]
Merge "Zygote: Additional whitelisting for legacy devices." into lmp-dev
Narayan Kamath [Wed, 9 Nov 2016 09:39:23 +0000 (09:39 +0000)]
Merge "Zygote: Additional whitelists for runtime overlay / other static resources." into lmp-dev
am:
d60156dfc6
Change-Id: I3696ed3639492ae446ccd1c9ad4feaaa9e15a5ef
Narayan Kamath [Wed, 9 Nov 2016 09:39:20 +0000 (09:39 +0000)]
Zygote: Additional whitelists for runtime overlay / other static resources.
am:
0ad0e859f6
Change-Id: Id24798deebb738ba6c6b6abef28ca96c0c61dc79
Narayan Kamath [Wed, 9 Nov 2016 09:30:47 +0000 (09:30 +0000)]
Merge "Zygote: Additional whitelists for runtime overlay / other static resources." into lmp-dev
neo.chae [Wed, 9 Nov 2016 09:21:46 +0000 (09:21 +0000)]
Fix idmap leak in zygote process
am:
0244ca8d10
Change-Id: Ia35ded23161ad5c5c6fe4dea388e74b8d8af2955
Xin Li [Tue, 8 Nov 2016 21:24:12 +0000 (21:24 +0000)]
Merge "Merge "Merge "DO NOT MERGE - Added Emergency affordance feature" into lollipop-mr1-dev" into lmp-mr1-dev." into lmp-mr1-dev
neo.chae [Mon, 31 Oct 2016 15:02:38 +0000 (00:02 +0900)]
Fix idmap leak in zygote process
Fix a idmap leak in AssetManager::addSystemOverlays.
And, The fix could also prevent fd leak of idmap.
Test: none
Bug:
32691930
Signed-off-by: Hyangseok Chae <neo.chae@lge.com>
(cherry picked from commit
6a742a38509693f8b39ee9a5ad2803fca12688bf)
Change-Id: Idc4af77db2b0cb739bd6b009b6af0f9123be1aac
Narayan Kamath [Mon, 7 Nov 2016 19:59:29 +0000 (19:59 +0000)]
Zygote: Additional whitelisting for legacy devices.
On M and below, we provide a blanket whitelist for all files under
"/vendor/zygote_whitelist". This path is whitelisted purely to allow
this patch to be applied easily on legacy devices and configurations.
Note that this does not amount to a loosening of our security policy
because whitelisted files are reopened anyway.
Bug:
32691930
Test: manual
(cherry picked from commit
5e2f7c6229d7191183888d685b57a7d0a2835fce)
Change-Id: I9700fc7b469d0bc4d876c52292f25888b94a5223
Narayan Kamath [Fri, 23 Sep 2016 08:07:11 +0000 (09:07 +0100)]
Zygote: Additional whitelists for runtime overlay / other static resources.
Partially cherry picked from commit
1c15c635785c64a.
These files are safe to reopen for the same reason that files in
/system/framework are. They're regular files and will not change after
the first zygote fork.
Bug:
32618130
Change-Id: I119e0bfcbf397cb331064adf148d92a5cd3ea92f
Sungsoo [Tue, 18 Oct 2016 17:47:58 +0000 (17:47 +0000)]
DO NOT MERGE) ExifInterface: Close the file when an exception happens am:
418e0869ba am:
a5affb045e am:
9a15881184 -s ours
am:
21c4e6d532 -s ours
Change-Id: Ibf02e62ee13accd5d204c44faeb6aa8c05afb709
Sungsoo [Tue, 18 Oct 2016 17:41:55 +0000 (17:41 +0000)]
DO NOT MERGE) ExifInterface: Close the file when an exception happens am:
418e0869ba am:
a5affb045e
am:
9a15881184 -s ours
Change-Id: I67ba2d8b8d3c3f32fca417303ee422482acc40d8
Sungsoo [Tue, 18 Oct 2016 17:35:23 +0000 (17:35 +0000)]
DO NOT MERGE) ExifInterface: Close the file when an exception happens am:
418e0869ba
am:
a5affb045e
Change-Id: I4bb4440c019839073b4fcf6df54d726a02286680
Sungsoo [Tue, 18 Oct 2016 17:29:03 +0000 (17:29 +0000)]
DO NOT MERGE) ExifInterface: Close the file when an exception happens
am:
135524f2c5 -s ours
Change-Id: I34fc1b37171ad6ea5d79035df6c4730260a0b47b
Sungsoo [Tue, 18 Oct 2016 17:28:58 +0000 (17:28 +0000)]
DO NOT MERGE) ExifInterface: Close the file when an exception happens
am:
418e0869ba
Change-Id: Ifad08d681f67abc4dd9ad5d8c4e82b038cbd8322
Sungsoo [Tue, 18 Oct 2016 05:12:00 +0000 (14:12 +0900)]
DO NOT MERGE) ExifInterface: Close the file when an exception happens
Bug:
32068647, Bug:
30936376
Change-Id: I22fa2384348c890ca726d2b1632cd54e59d25a8f
Sungsoo [Tue, 18 Oct 2016 05:12:00 +0000 (14:12 +0900)]
DO NOT MERGE) ExifInterface: Close the file when an exception happens
Bug:
32068647, Bug:
30936376
Change-Id: I22fa2384348c890ca726d2b1632cd54e59d25a8f
Sungsoo [Tue, 18 Oct 2016 05:12:00 +0000 (14:12 +0900)]
DO NOT MERGE) ExifInterface: Close the file when an exception happens
Bug:
32068647, Bug:
30936376
Change-Id: I22fa2384348c890ca726d2b1632cd54e59d25a8f
Suprabh Shukla [Sat, 15 Oct 2016 00:59:41 +0000 (00:59 +0000)]
Merge "DO NOT MERGE Isolated processes don't get precached system service binders" into klp-dev am:
6739ba0280 am:
c36913e68a am:
e3c0c509ea -s ours
am:
5bea7d3aee -s ours
Change-Id: If66e50ff4d2f4c1b91ed3204d7a11000429489d5
Suprabh Shukla [Sat, 15 Oct 2016 00:56:40 +0000 (00:56 +0000)]
DO NOT MERGE Isolated processes don't get precached system service binders am:
2aa7e5e861 am:
9df66924c0 am:
e07b811d78 -s ours
am:
9c78d0ad9f -s ours
Change-Id: I6e82648a135bd8ae17337eb97518eb8856d065e0
Suprabh Shukla [Sat, 15 Oct 2016 00:49:46 +0000 (00:49 +0000)]
Merge "DO NOT MERGE Isolated processes don't get precached system service binders" into klp-dev am:
6739ba0280 am:
c36913e68a
am:
e3c0c509ea -s ours
Change-Id: I287e60913bd2a3f6b46d1d5ef2413727e3e63cc2
Suprabh Shukla [Sat, 15 Oct 2016 00:48:51 +0000 (00:48 +0000)]
DO NOT MERGE Isolated processes don't get precached system service binders am:
2aa7e5e861 am:
9df66924c0
am:
e07b811d78 -s ours
Change-Id: Ia9271aeed1c2953a318fc4bf50ee169739147d66
Suprabh Shukla [Sat, 15 Oct 2016 00:41:36 +0000 (00:41 +0000)]
Merge "DO NOT MERGE Isolated processes don't get precached system service binders" into klp-dev am:
6739ba0280
am:
c36913e68a
Change-Id: I65ab1551a4cdbbdf58bf9ec98f718e79c6ee9fe5
Suprabh Shukla [Sat, 15 Oct 2016 00:40:45 +0000 (00:40 +0000)]
DO NOT MERGE Isolated processes don't get precached system service binders am:
2aa7e5e861
am:
9df66924c0
Change-Id: I9bd2580a687037fe9c5d74765d47bb4500b4d096
Suprabh Shukla [Sat, 15 Oct 2016 00:34:11 +0000 (00:34 +0000)]
Merge "DO NOT MERGE Isolated processes don't get precached system service binders" into klp-dev
am:
6739ba0280
Change-Id: Ib8534d2c7ae344d430a9ba2e227cb65d942f0222
Suprabh Shukla [Sat, 15 Oct 2016 00:34:09 +0000 (00:34 +0000)]
DO NOT MERGE Isolated processes don't get precached system service binders
am:
2aa7e5e861
Change-Id: Ied81e1f4b517627f0ced686e7485fa035b1f4c6a
Suprabh Shukla [Sat, 15 Oct 2016 00:34:06 +0000 (00:34 +0000)]
Merge "DO NOT MERGE Isolated processes don't get precached system service binders" into lmp-dev
am:
35bd0fc5f0 -s ours
Change-Id: I852b990d1715782f3332d56bba6f08b72da403c6
Suprabh Shukla [Sat, 15 Oct 2016 00:34:04 +0000 (00:34 +0000)]
DO NOT MERGE Isolated processes don't get precached system service binders
am:
4779ee70a2 -s ours
Change-Id: Ie4aef1642ca6f23d78e732f27455ebd087866121
Suprabh Shukla [Sat, 15 Oct 2016 00:26:18 +0000 (00:26 +0000)]
Merge "DO NOT MERGE Isolated processes don't get precached system service binders" into lmp-dev
TreeHugger Robot [Sat, 15 Oct 2016 00:24:31 +0000 (00:24 +0000)]
Merge "DO NOT MERGE Isolated processes don't get precached system service binders" into klp-dev
Suprabh Shukla [Thu, 13 Oct 2016 02:01:11 +0000 (19:01 -0700)]
DO NOT MERGE Isolated processes don't get precached system service binders
More specifically, they get a PackageManager binder -- necessary for
Android process startup and configuration -- but none of the other
usual preloaded service binders.
(backported from commit
2c61c57ac53cbb270b4e76b9d04465f8a3f6eadc)
Bug:
30202228
Change-Id: I3810649f504cd631665ece338a83d2e54d41ad05
Suprabh Shukla [Thu, 13 Oct 2016 23:33:04 +0000 (16:33 -0700)]
DO NOT MERGE Isolated processes don't get precached system service binders
More specifically, they get a PackageManager binder -- necessary for
Android process startup and configuration -- but none of the other
usual preloaded service binders.
(backported from commit
2c61c57ac53cbb270b4e76b9d04465f8a3f6eadc)
Bug:
30202228
Change-Id: I3810649f504cd631665ece338a83d2e54d41ad05
Christopher Tate [Tue, 16 Aug 2016 23:03:44 +0000 (16:03 -0700)]
DO NOT MERGE Isolated processes don't get precached system service binders
More specifically, they get a PackageManager binder -- necessary for
Android process startup and configuration -- but none of the other
usual preloaded service binders.
Bug
30202228
Change-Id: I3810649f504cd631665ece338a83d2e54d41ad05
(cherry picked from commit
2c61c57ac53cbb270b4e76b9d04465f8a3f6eadc)
Sungsoo [Thu, 13 Oct 2016 22:12:03 +0000 (22:12 +0000)]
DO NOT MERGE) ExifInterface: Provide backward compatibility am:
c11f599a2f am:
29e643bcbd am:
68aa33b9bf -s ours
am:
2a762996cb -s ours
Change-Id: If32418debc774a2f78eae4cc2b3f5b77457bfa1c
Sungsoo [Thu, 13 Oct 2016 22:06:03 +0000 (22:06 +0000)]
DO NOT MERGE) ExifInterface: Provide backward compatibility am:
c11f599a2f am:
29e643bcbd
am:
68aa33b9bf -s ours
Change-Id: I7fe3d5dbcb7bd206233ce969840f5ed182913dd6
Sungsoo [Thu, 13 Oct 2016 22:01:39 +0000 (22:01 +0000)]
DO NOT MERGE) ExifInterface: Provide backward compatibility am:
c11f599a2f
am:
29e643bcbd
Change-Id: I413ba35abfc8999c405df78a40b8182f19472b6a
Sungsoo [Thu, 13 Oct 2016 21:57:01 +0000 (21:57 +0000)]
DO NOT MERGE) ExifInterface: Provide backward compatibility
am:
22bd36448e -s ours
Change-Id: I13a49444b80cd07c0cb37f6b8fb514b5b04e61bb
Sungsoo [Thu, 13 Oct 2016 21:56:56 +0000 (21:56 +0000)]
DO NOT MERGE) ExifInterface: Provide backward compatibility
am:
c11f599a2f
Change-Id: If503e3361e69ad88a166f145603273d728d65652