OSDN Git Service
Android Build Merger (Role) [Wed, 31 Jan 2018 11:19:56 +0000 (11:19 +0000)]
[automerger] Adjust URI host parsing to stop on \ character. am:
fa3afbd0e7
Change-Id: I20336a5786e753e6941b9a784068480475415110
Adam Vartanian [Wed, 31 Jan 2018 11:05:10 +0000 (11:05 +0000)]
Adjust URI host parsing to stop on \ character.
The WHATWG URL parsing algorithm [1] used by browsers says that for
"special" URL schemes (which is basically all commonly-used
hierarchical schemes, including http, https, ftp, and file), the host
portion ends if a \ character is seen, whereas this class previously
continued to consider characters part of the hostname. This meant
that a malicious URL could be seen as having a "safe" host when viewed
by an app but navigate to a different host when passed to a browser.
[1] https://url.spec.whatwg.org/#host-state
Bug:
71360761
Test: vogar frameworks/base/core/tests/coretests/src/android/net/UriTest.java (on NYC branch)
Test: cts -m CtsNetTestCases (on NYC branch)
Change-Id: Id53f7054d1be8d59bbcc7e219159e59a2425106e
Adam Vartanian [Tue, 7 Nov 2017 20:51:02 +0000 (20:51 +0000)]
Adjust Uri host parsing to use last instead of first @. am:
cd6228dd37
am:
6a9c7c4814
Change-Id: I80bedf58833511d336839df9f17daf65cfebfacf
Adam Vartanian [Tue, 7 Nov 2017 20:41:28 +0000 (20:41 +0000)]
Adjust Uri host parsing to use last instead of first @.
am:
cd6228dd37
Change-Id: I5db66a5a2073acaffe0560999c914a78df362c51
Adam Vartanian [Tue, 7 Nov 2017 12:22:23 +0000 (12:22 +0000)]
Adjust Uri host parsing to use last instead of first @.
Malformed authority segments can currently cause the parser to produce
a hostname that doesn't match the hostname produced by the WHATWG URL
parsing algorithm* used by browsers, which means that a URL could be seen
as having a "safe" host when checked by an Android app but actually visit
a different host when passed to a browser. The WHATWG URL parsing
algorithm always produces a hostname based on the last @ in the authority
segment, so we do the same.
* https://url.spec.whatwg.org/#authority-state resets the "buffer", which
is being used to build up the host name, each time an @ is found, so it
has the effect of using the content between the final @ and the end
of the authority section as the hostname.
Bug:
68341964
Test: vogar android.net.UriTest (on NYC branch)
Test: cts -m CtsNetTestCases (on NYC branch)
Change-Id: Idca79f35a886de042c94d6ab66787c2e98ac8376
Siyamed Sinir [Tue, 31 Oct 2017 16:17:06 +0000 (16:17 +0000)]
Merge "Use calling user ID when calling isDeviceLocked" into mnc-dev
Jeff Sharkey [Thu, 19 Oct 2017 22:14:01 +0000 (22:14 +0000)]
DO NOT MERGE. KEY_INTENT shouldn't grant permissions. am:
ca7ffa06bc -s ours
am:
edb6b17ebc -s ours
Change-Id: Ie31aff669dfbabd860c123d4448362af4903973d
Jeff Sharkey [Thu, 19 Oct 2017 22:10:20 +0000 (22:10 +0000)]
DO NOT MERGE. KEY_INTENT shouldn't grant permissions.
am:
1f2a5d3622 -s ours
Change-Id: I2bf88a0e4808e7d3db67e7944696121c284ed7ae
Siyamed Sinir [Thu, 19 Oct 2017 22:04:10 +0000 (22:04 +0000)]
Fix ClipboardService device lock check for cross profile am:
0595b5a94b
am:
9e5a4ed6c3 -s ours
Change-Id: Ie6822b787e5777688faadcf125637b9c66c202de
Beverly Tai [Thu, 19 Oct 2017 21:18:55 +0000 (21:18 +0000)]
Merge "DO NOT MERGE Backporting potential usb tapjacking precaution." into lmp-mr1-dev
am:
f2b592726d -s ours
Change-Id: Idd1243bb1cddc91f34f6e47e9cea88b72cff29d0
Suprabh Shukla [Thu, 19 Oct 2017 20:57:26 +0000 (20:57 +0000)]
Clearing up invalid entries when SyncStorageEngine starts am:
271702fc28
am:
8b438236ce -s ours
Change-Id: Ib8c3a4e6e8e39e42aa640c9988d0dd2022f486ec
Beverly Tai [Thu, 19 Oct 2017 01:23:57 +0000 (01:23 +0000)]
Merge "DO NOT MERGE Backporting potential usb tapjacking precaution." into lmp-dev am:
e1adf2240f -s ours
am:
3ca0cc0ae6 -s ours
Change-Id: Id5662a7d789e3e17e365d99b439cc8e8ab5d1c37
Siyamed Sinir [Thu, 19 Oct 2017 01:20:25 +0000 (01:20 +0000)]
Merge "Prevent getting data from Clipboard if device is locked" into lmp-dev am:
9f496fbbe0
am:
4973227cbf -s ours
Change-Id: I9f53bf5a896885860e204764a8a282f77eff50cd
Suprabh Shukla [Thu, 19 Oct 2017 00:07:54 +0000 (00:07 +0000)]
Revert "Clearing up invalid entries when SyncStorageEngine starts" am:
4a9d358448
am:
0597a93629 -s ours
Change-Id: I08d261935eb00ae8e8a929ff9ab54f6ec48fac88
Suprabh Shukla [Wed, 18 Oct 2017 18:04:15 +0000 (18:04 +0000)]
Clearing up invalid entries when SyncStorageEngine starts am:
89c0dbca0f
am:
53a2e46036 -s ours
Change-Id: Ic0fa17750a252a75912c4a2da73d45ff9a9fea1d
Fyodor Kupolov [Thu, 12 Oct 2017 18:22:57 +0000 (11:22 -0700)]
Use calling user ID when calling isDeviceLocked
If isDeviceLocked is called with clearCallingIdentity,
original userId should be explicitly passed
Bug:
67621847
Test: Manual
Change-Id: I2bcb92572898811cc96bda1149ef806e6239e929
Jeff Sharkey [Wed, 11 Oct 2017 22:55:00 +0000 (22:55 +0000)]
DO NOT MERGE. KEY_INTENT shouldn't grant permissions.
am:
ca7ffa06bc -s ours
Change-Id: I306c63c1922f29f1df3cb225bd2d3153cadecaa3
Jeff Sharkey [Mon, 12 Jun 2017 23:33:07 +0000 (17:33 -0600)]
DO NOT MERGE. KEY_INTENT shouldn't grant permissions.
KEY_INTENT has no business granting any Uri permissions, so remove
any grant flags that malicious apps may have tried sneaking in.
Test: builds, boots
Bug:
32990341,
32879915
Change-Id: I657455a770c81f045ccce6abbd2291407a1cfb42
Jeff Sharkey [Mon, 12 Jun 2017 23:33:07 +0000 (17:33 -0600)]
DO NOT MERGE. KEY_INTENT shouldn't grant permissions.
KEY_INTENT has no business granting any Uri permissions, so remove
any grant flags that malicious apps may have tried sneaking in.
Test: builds, boots
Bug:
32990341,
32879915
Change-Id: I657455a770c81f045ccce6abbd2291407a1cfb42
Jeff Sharkey [Mon, 12 Jun 2017 23:33:07 +0000 (17:33 -0600)]
DO NOT MERGE. KEY_INTENT shouldn't grant permissions.
KEY_INTENT has no business granting any Uri permissions, so remove
any grant flags that malicious apps may have tried sneaking in.
Test: builds, boots
Bug:
32990341,
32879915
Change-Id: I657455a770c81f045ccce6abbd2291407a1cfb42
Siyamed Sinir [Sat, 30 Sep 2017 00:03:48 +0000 (00:03 +0000)]
Fix ClipboardService device lock check for cross profile
am:
0595b5a94b
Change-Id: I6aeaaef43a8e8c5ede049ae9e97fbf6d0129bac4
Beverly Tai [Thu, 14 Sep 2017 13:11:10 +0000 (13:11 +0000)]
Merge "DO NOT MERGE Backporting potential usb tapjacking precaution." into lmp-mr1-dev
Siyamed Sinir [Wed, 13 Sep 2017 23:32:21 +0000 (16:32 -0700)]
Fix ClipboardService device lock check for cross profile
ClipboardService.isDeviceLocked should clear callingIdentity before
accessing KeyguardManager.
Test: bit CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.ManagedProfileTest
Bug:
64934810
Change-Id: I81a7adac8c9d56ed801ffc1380fcbc987d5df3e6
Merged-In: I712abfe8d542cd1be9c1816f407c8912321ac480
Siyamed Sinir [Wed, 13 Sep 2017 22:09:24 +0000 (15:09 -0700)]
Fix ClipboardService device lock check for cross profile
ClipboardService.isDeviceLocked should clear callingIdentity before
accessing KeyguardManager.
Test: bit CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.ManagedProfileTest
Bug:
64934810
Change-Id: Iffc8e73dd3ee14a94958bb50dd11a696eab7f052
Suprabh Shukla [Wed, 13 Sep 2017 20:21:09 +0000 (20:21 +0000)]
Clearing up invalid entries when SyncStorageEngine starts
am:
271702fc28
Change-Id: I4943cf417be41679c2fa332223825dd01a477814
Suprabh Shukla [Mon, 11 Sep 2017 22:20:35 +0000 (22:20 +0000)]
Clearing up invalid entries when SyncStorageEngine starts
Fixing the original change which was reverted. Using the
available api Context.getSystemService(String) instead of
the unavailable Context.getSystemService(Class)
Test: cts-tradefed run cts -p android.content.syncmanager
Bug:
35028827
This reverts commit
4a9d358448ef150cae259e9c5b5ed1227a1d6d9c.
Change-Id: I725430401eaec861f45bb91ee1352bb1307a6915
Beverly Tai [Tue, 12 Sep 2017 15:29:21 +0000 (15:29 +0000)]
Merge "DO NOT MERGE Backporting potential usb tapjacking precaution." into mnc-dev
Beverly [Wed, 6 Sep 2017 17:24:46 +0000 (13:24 -0400)]
DO NOT MERGE Backporting potential usb tapjacking precaution.
Bug:
62187985
Test: manual, backport
Change-Id: I1a2150b795425a68ad45ee0134e31a317076d806
Beverly [Fri, 1 Sep 2017 15:14:03 +0000 (11:14 -0400)]
DO NOT MERGE Backporting potential usb tapjacking precaution.
Bug:
62187985
Test: manual, backport
Change-Id: Id9fff28cf54969cbcbdc8a3bfaeadc02ff597c89
Beverly Tai [Tue, 12 Sep 2017 14:11:10 +0000 (14:11 +0000)]
Merge "DO NOT MERGE Backporting potential usb tapjacking precaution." into lmp-dev
am:
e1adf2240f -s ours
Change-Id: I02b0df60257429b5f2ed4ce2f0f4ee817abf585c
Beverly Tai [Tue, 12 Sep 2017 14:03:19 +0000 (14:03 +0000)]
Merge "DO NOT MERGE Backporting potential usb tapjacking precaution." into lmp-dev
Beverly [Thu, 31 Aug 2017 19:32:36 +0000 (15:32 -0400)]
DO NOT MERGE Backporting potential usb tapjacking precaution.
Bug:
62187985
Test: manual, backport
Change-Id: I52e27f84338fdcf63cad0ee7436233736499d87b
Siyamed Sinir [Mon, 11 Sep 2017 23:42:10 +0000 (23:42 +0000)]
Merge "Prevent getting data from Clipboard if device is locked" into lmp-dev
am:
9f496fbbe0
Change-Id: Ibc57c285fec0bf1fcf560854971770e1353a88ac
Siyamed Sinir [Mon, 11 Sep 2017 23:31:44 +0000 (23:31 +0000)]
Merge "Prevent getting data from Clipboard if device is locked" into mnc-dev
Siyamed Sinir [Mon, 11 Sep 2017 23:30:34 +0000 (23:30 +0000)]
Merge "Prevent getting data from Clipboard if device is locked" into lmp-dev
Suprabh Shukla [Mon, 11 Sep 2017 22:25:29 +0000 (22:25 +0000)]
Revert "Clearing up invalid entries when SyncStorageEngine starts"
am:
4a9d358448
Change-Id: I3844594302279f859f7834a6bb29093162914ae6
Suprabh Shukla [Mon, 11 Sep 2017 19:50:51 +0000 (19:50 +0000)]
Revert "Clearing up invalid entries when SyncStorageEngine starts"
API getSystemService(Class) was not present in lmp-dev.
This reverts commit
89c0dbca0f52987571b62e929f114f3126c29455.
Bug:
35028827
Change-Id: I19846d2a3ee27aecbae2367a74ee49082eea154d
TreeHugger Robot [Mon, 11 Sep 2017 08:14:19 +0000 (08:14 +0000)]
Merge "DPC should not be allowed to grant development permission" into mnc-dev
Suprabh Shukla [Mon, 11 Sep 2017 04:13:16 +0000 (04:13 +0000)]
Clearing up invalid entries when SyncStorageEngine starts
am:
89c0dbca0f
Change-Id: Ib6a256a22d703feae8067366d8dc2622593c1142
Siyamed Sinir [Thu, 7 Sep 2017 01:02:23 +0000 (18:02 -0700)]
Prevent getting data from Clipboard if device is locked
Clipboard should not return data if the device is locked. This CL checks
for device locked state before returning values from get/has functions.
Bug:
64934810
Change-Id: I856a9079fe64db0af44383fae1a9a418de959420
Merged-In: Icefac226615fe22a7735dff4ba4c3b528fb2ac12
Siyamed Sinir [Thu, 7 Sep 2017 01:02:23 +0000 (18:02 -0700)]
Prevent getting data from Clipboard if device is locked
Clipboard should not return data if the device is locked. This CL checks
for device locked state before returning values from get/has functions.
Bug:
64934810
Change-Id: I856a9079fe64db0af44383fae1a9a418de959420
Suprabh Shukla [Fri, 12 May 2017 22:26:54 +0000 (15:26 -0700)]
Clearing up invalid entries when SyncStorageEngine starts
Any app with permission WRITE_SYNC_SETTINGS could write sync settings
for authorities or accounts that are not valid. This results in invalid
data being persisted to disk which can effectively lead to a DOS style
attack. Clearing such entries on boot will make sure that a reboot fixes
any such issues.
Test: cts-tradefed run cts-dev -m CtsSyncContentHostTestCases
Bug:
35028827
Change-Id: I9e206a42508e3cba65d7523bf47fff743f47dcb2
Merged-In: I9e206a42508e3cba65d7523bf47fff743f47dcb2
(cherry picked from commit
042a478b73c3b7f7cd73f5bb1af657cfe07d0571)
Suprabh Shukla [Fri, 12 May 2017 22:26:54 +0000 (15:26 -0700)]
Clearing up invalid entries when SyncStorageEngine starts
Any app with permission WRITE_SYNC_SETTINGS could write sync settings
for authorities or accounts that are not valid. This results in invalid
data being persisted to disk which can effectively lead to a DOS style
attack. Clearing such entries on boot will make sure that a reboot fixes
any such issues.
Test: cts-tradefed run cts-dev -m CtsSyncContentHostTestCases
Bug:
35028827
Change-Id: I9e206a42508e3cba65d7523bf47fff743f47dcb2
Merged-In: I9e206a42508e3cba65d7523bf47fff743f47dcb2
(cherry picked from commit
042a478b73c3b7f7cd73f5bb1af657cfe07d0571)
Tony Mak [Tue, 15 Aug 2017 18:56:39 +0000 (19:56 +0100)]
DPC should not be allowed to grant development permission
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testPermissionGrant_developmentPermission
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --t com.android.cts.devicepolicy.MixedProfileOwnerTest#testPermissionGrant_developmentPermission
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testPermissionGrant
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --t com.android.cts.devicepolicy.MixedProfileOwnerTest#testPermissionGrant
Test: Run "Permissions lockdown" test in CtsVerifier
Merged-In: If83d8edd0eea99145421e967ae47fdc264a5cf7c
Merged-In: I129bfe850981cf0b3646b7c1cf19c8a3ec69f512
Bug:
62623498
Change-Id: Ief96a23fa49f1ea923574840f8ff590a5ea2456e
Siarhei Vishniakou [Wed, 16 Aug 2017 21:15:05 +0000 (21:15 +0000)]
DO NOT MERGE Remove window obscurement information. am:
c3c2ed94ff am:
96fe6421f6 am:
9d99b0001e -s ours am:
3280efe50e -s ours am:
b737365553
am:
3d1931d4e3 -s ours
Change-Id: Ieb19904cf060072d2525836ebba9f310da515b4b
Siarhei Vishniakou [Wed, 16 Aug 2017 20:50:20 +0000 (20:50 +0000)]
DO NOT MERGE Remove window obscurement information. am:
c3c2ed94ff am:
96fe6421f6 am:
9d99b0001e -s ours am:
3280efe50e -s ours
am:
b737365553
Change-Id: I375324a937478c584e95cb6550d98293162656fc
Siarhei Vishniakou [Wed, 16 Aug 2017 20:35:40 +0000 (20:35 +0000)]
DO NOT MERGE Remove window obscurement information. am:
c3c2ed94ff am:
96fe6421f6 am:
9d99b0001e -s ours
am:
3280efe50e -s ours
Change-Id: Ia7bf4d6991be15c732ba8b55c37f2c9e447b1dbd
Siarhei Vishniakou [Wed, 16 Aug 2017 20:19:29 +0000 (20:19 +0000)]
DO NOT MERGE Remove window obscurement information. am:
c3c2ed94ff am:
96fe6421f6
am:
9d99b0001e -s ours
Change-Id: Ib0fb40f990138b3729b66bdb6d6a095bd3ad231d
Siarhei Vishniakou [Wed, 16 Aug 2017 20:03:29 +0000 (20:03 +0000)]
DO NOT MERGE Remove window obscurement information. am:
c3c2ed94ff
am:
96fe6421f6
Change-Id: Ia2ce3f8b95b578253c5336407ae85880d3d317f4
Siarhei Vishniakou [Wed, 16 Aug 2017 19:48:22 +0000 (19:48 +0000)]
DO NOT MERGE Remove window obscurement information.
am:
c3c2ed94ff
Change-Id: Ib9552165e9b1c2dfcd235d1f7930d85c258b2ece
TreeHugger Robot [Tue, 15 Aug 2017 19:30:53 +0000 (19:30 +0000)]
Merge "Fix security hole in GateKeeperResponse." into mnc-dev
Siarhei Vishniakou [Fri, 28 Jul 2017 01:24:01 +0000 (18:24 -0700)]
DO NOT MERGE Remove window obscurement information.
If ACTION_OUTSIDE_EVENTS contain information about whether the touch is
obscured, then a pattern of invisible, untouchable, unfocusable
SYSTEM_ALERT_WINDOWS can be placed across the screen to determine
approximate locations of touch events without the user knowing.
Bug:
31097064
Test: cts-tradefed run cts --class android.security.cts.MotionEventTest
Change-Id: I081a483c491dd384e252f0b615affee96038fdda
Phil Weaver [Tue, 18 Jul 2017 23:21:16 +0000 (23:21 +0000)]
Merge "Back-port fixes for b/
62196835" into mnc-dev
Phil Weaver [Tue, 18 Jul 2017 20:30:39 +0000 (20:30 +0000)]
Merge "DO NOT MERGE Back-port fixes for b/
62196835" into lmp-dev am:
a620b21828 -s ours am:
954deb1c6e
am:
37cf6265db -s ours
Change-Id: I28f848331e5379736dd777995fe844aa5c5df689
Phil Weaver [Tue, 18 Jul 2017 20:28:22 +0000 (20:28 +0000)]
DO NOT MERGE Back-port fixes for b/
62196835 am:
24fdc53cfe -s ours am:
ff115bffb1
am:
ccbac7e9e0 -s ours
Change-Id: I28a499e21a6a6d6a4df26317712c09f658383d37
Phil Weaver [Tue, 18 Jul 2017 20:25:44 +0000 (20:25 +0000)]
Back-port fixes for b/
62196835 am:
fd0ca151a6
am:
3c4d24923c -s ours
Change-Id: Ie8d7f1d4840bcea7538f99b2eb1bfb2bc472549f
Phil Weaver [Tue, 18 Jul 2017 18:41:22 +0000 (18:41 +0000)]
Merge "DO NOT MERGE Back-port fixes for b/
62196835" into lmp-dev am:
a620b21828 -s ours
am:
954deb1c6e
Change-Id: I929c9dfa84b25fdbeadfedf0e0e9ecd914a74483
Phil Weaver [Tue, 18 Jul 2017 18:36:23 +0000 (18:36 +0000)]
Merge "DO NOT MERGE Back-port fixes for b/
62196835" into lmp-dev
am:
a620b21828 -s ours
Change-Id: Iaa4e8eb83ebf2036999a31e3487c6157bcefecbf
Phil Weaver [Tue, 18 Jul 2017 18:36:21 +0000 (18:36 +0000)]
DO NOT MERGE Back-port fixes for b/
62196835 am:
24fdc53cfe -s ours
am:
ff115bffb1
Change-Id: Ieca157f60b7c57f60900b55b10fcf8e585852e70
Phil Weaver [Tue, 18 Jul 2017 18:26:58 +0000 (18:26 +0000)]
Back-port fixes for b/
62196835
am:
fd0ca151a6
Change-Id: I442d26b476e3e83602b5f2eb61a01386e4d6d247
Phil Weaver [Tue, 18 Jul 2017 18:26:57 +0000 (18:26 +0000)]
DO NOT MERGE Back-port fixes for b/
62196835
am:
24fdc53cfe -s ours
Change-Id: I01a6f574df5cc1b133b7f761062a6259aac07476
Phil Weaver [Tue, 18 Jul 2017 18:19:45 +0000 (18:19 +0000)]
Merge "DO NOT MERGE Back-port fixes for b/
62196835" into lmp-dev
Phil Weaver [Wed, 12 Jul 2017 21:04:16 +0000 (14:04 -0700)]
Back-port fixes for b/
62196835
Bug:
62196835
Test: Created an accessibility service that displays a system
and a toast overlay, confirmed that it disappeared when we
reached the accessibility permission screen that uses this
flag.
Change-Id: Ic51ead670fc480e549512ba1d02f49d9c13bc3f0
Charles He [Fri, 14 Jul 2017 13:41:06 +0000 (14:41 +0100)]
Fix security hole in GateKeeperResponse.
GateKeeperResponse has inconsistent writeToParcel() and
createFromParcel() methods, making it possible for a malicious app to
create a Bundle that changes contents after reserialization. Such
Bundles can be used to execute Intents with system privileges.
This CL changes writeToParcel() to make serialization and
deserialization consistent, thus fixing the issue.
Bug:
62998805
Test: use the debug app (see bug)
Change-Id: Ie1c64172c454c3a4b7a0919eb3454f0e38efcd09
Phil Weaver [Wed, 12 Jul 2017 21:04:16 +0000 (14:04 -0700)]
Back-port fixes for b/
62196835
Bug:
62196835
Test: Created an accessibility service that displays a system
and a toast overlay, confirmed that it disappeared when we
reached the accessibility permission screen that uses this
flag.
Change-Id: Ic51ead670fc480e549512ba1d02f49d9c13bc3f0
Phil Weaver [Wed, 12 Jul 2017 21:04:16 +0000 (14:04 -0700)]
DO NOT MERGE Back-port fixes for b/
62196835
Bug:
62196835
Test: Created an accessibility service that displays a system
and a toast overlay, confirmed that it disappeared when we
reached the accessibility permission screen that uses this
flag.
Change-Id: Ic51ead670fc480e549512ba1d02f49d9c13bc3f0
Phil Weaver [Wed, 12 Jul 2017 22:18:59 +0000 (22:18 +0000)]
Back-port fixes for b/
62196835 am:
5bdffc5d57 am:
5a7eb970e2 -s ours am:
f433884a84 am:
ba928bd522 am:
1add6be25e
am:
ba46064323
Change-Id: I7119e3f003562f6d826d40ad3577b9db0e44c2c6
Phil Weaver [Wed, 12 Jul 2017 22:14:01 +0000 (22:14 +0000)]
Back-port fixes for b/
62196835 am:
5bdffc5d57 am:
5a7eb970e2 -s ours am:
f433884a84 am:
ba928bd522
am:
1add6be25e
Change-Id: I83a6c654862443a69bfeeaf675a8c038b3f7fb53
Phil Weaver [Wed, 12 Jul 2017 22:06:27 +0000 (22:06 +0000)]
Back-port fixes for b/
62196835 am:
5bdffc5d57 am:
5a7eb970e2 -s ours am:
f433884a84
am:
ba928bd522
Change-Id: I74a7b0488371606dd9bdccab854d23c0e09b1ac9
Phil Weaver [Wed, 12 Jul 2017 22:00:31 +0000 (22:00 +0000)]
Back-port fixes for b/
62196835 am:
5bdffc5d57 am:
5a7eb970e2 -s ours
am:
f433884a84
Change-Id: I737838098a36efafe1509c4814ac1120a3bb8297
Phil Weaver [Wed, 12 Jul 2017 21:55:31 +0000 (21:55 +0000)]
Back-port fixes for b/
62196835 am:
5bdffc5d57
am:
5a7eb970e2 -s ours
Change-Id: Ifd4b5ff2487c8b8035ffaf6ed7e55539f26a463e
Phil Weaver [Wed, 12 Jul 2017 21:43:46 +0000 (21:43 +0000)]
Back-port fixes for b/
62196835
am:
5bdffc5d57
Change-Id: Ia5dafc7a8724d296e710f32d936bb493b51951de
Phil Weaver [Tue, 11 Jul 2017 00:27:20 +0000 (17:27 -0700)]
Back-port fixes for b/
62196835
Bug:
62196835
Test: Created an accessibility service that displays a system
and a toast overlay, confirmed that it disappeared when we
reached the accessibility permission screen that uses this
flag.
Change-Id: Ibb4c2c6a30de6b4ce8d27c34caa02e2d8148f621
Marco Nelissen [Fri, 16 Jun 2017 16:02:19 +0000 (16:02 +0000)]
libmedia_jni.so doesn't need libjhead.so am:
9a4a34afd8 -s ours am:
398d50feeb -s ours
am:
49fc959be3 -s ours
Change-Id: I0eb248911ce1a582a4939e2bd5419659c586128f
Marco Nelissen [Fri, 16 Jun 2017 15:51:48 +0000 (15:51 +0000)]
libmedia_jni.so doesn't need libjhead.so am:
9a4a34afd8 -s ours
am:
398d50feeb -s ours
Change-Id: Ide31821909dde91443cdf650216a6ada7277ce9a
Marco Nelissen [Fri, 16 Jun 2017 15:43:46 +0000 (15:43 +0000)]
libmedia_jni.so doesn't need libjhead.so
am:
9a4a34afd8 -s ours
Change-Id: I557d7e96401b742d916e2eef5aa03949018382c7
Marco Nelissen [Fri, 9 Jun 2017 22:07:38 +0000 (15:07 -0700)]
libmedia_jni.so doesn't need libjhead.so
Bug:
37776688
Merged-In: I0e0e6209be7a9d3e493abdcee8619cae6d4b9501
Change-Id: I18f0b6b88a9c0b117839497f081549404d5edc40
Marco Nelissen [Tue, 6 Jun 2017 23:16:24 +0000 (23:16 +0000)]
Merge "Close connection before retrying" into lmp-dev am:
a8648ecebb am:
5181a7ab64
am:
4b78a79546
Change-Id: Iceb4edfd80a0a483d28f2624669eff9dd86bfcb8
Marco Nelissen [Tue, 6 Jun 2017 23:10:16 +0000 (23:10 +0000)]
Merge "Close connection before retrying" into lmp-dev am:
a8648ecebb
am:
5181a7ab64
Change-Id: I34a176a0da235836eaa9e44b843ec5d5654b8db9
Marco Nelissen [Tue, 6 Jun 2017 23:02:35 +0000 (23:02 +0000)]
Merge "Close connection before retrying" into lmp-dev
am:
a8648ecebb
Change-Id: I744fdb979aa2803b53d3ff6f4e3e72f6f1160d74
TreeHugger Robot [Tue, 6 Jun 2017 22:53:55 +0000 (22:53 +0000)]
Merge "Close connection before retrying" into lmp-dev
Marco Nelissen [Fri, 2 Jun 2017 19:16:44 +0000 (12:16 -0700)]
Close connection before retrying
Otherwise the (CTS) server might run out of connections.
Bug:
38391487
Bug:
22771132
Test: build, run CTS, stream music
Change-Id: I92c782a6799ab36eec8df3f7c3217bea667b838a
Nick Kralevich [Mon, 22 May 2017 22:46:18 +0000 (22:46 +0000)]
ZygoteInit: Remove CAP_SYS_RESOURCE am:
4911af2b8c am:
1cc9ec47c8
am:
8965cd6a39
Change-Id: If549cda5fd1a640fee746311745b9b08ebf63b91
Nick Kralevich [Mon, 22 May 2017 22:45:44 +0000 (22:45 +0000)]
system_server: add CAP_SYS_PTRACE am:
966619d0ab am:
b8d972e973
am:
c46889e2d2
Change-Id: I840740012d9ba0c434f7de0fd9ca83a44926d018
Nick Kralevich [Mon, 22 May 2017 22:24:39 +0000 (22:24 +0000)]
ZygoteInit: Remove CAP_SYS_RESOURCE am:
4911af2b8c
am:
1cc9ec47c8
Change-Id: Ic81685686dabbc1f0004a30785a021bf89420846
Nick Kralevich [Mon, 22 May 2017 22:23:47 +0000 (22:23 +0000)]
system_server: add CAP_SYS_PTRACE am:
966619d0ab
am:
b8d972e973
Change-Id: I4d9e2d9b53523b9182a9f9272d06a93a87b0c61b
Nick Kralevich [Mon, 22 May 2017 22:05:18 +0000 (22:05 +0000)]
ZygoteInit: Remove CAP_SYS_RESOURCE
am:
4911af2b8c
Change-Id: I4aa46981edb8fd711e1aec8c889528e596e5c233
Nick Kralevich [Mon, 22 May 2017 22:04:57 +0000 (22:04 +0000)]
system_server: add CAP_SYS_PTRACE
am:
966619d0ab
Change-Id: Ie5f95f2c078cd0bec7a2b2321c3303301ec9ec74
Nick Kralevich [Tue, 14 Mar 2017 17:25:35 +0000 (10:25 -0700)]
ZygoteInit: Remove CAP_SYS_RESOURCE
Please see commit
3082eb7c7253c62a06aa151a80487a4eabd49914 for an
explanation of this change.
This capability is not used by system_server.
Bug:
34951864
Bug:
38496951
Test: code compiles, device boots, no selinux errors ever reported.
Change-Id: I4242b1abaa8679b9bfa0d31a1df565b46b7b3cc3
(cherry picked from commit
35775783fc6609035136184e3843bc743b59945d)
Nick Kralevich [Wed, 15 Feb 2017 23:12:31 +0000 (15:12 -0800)]
system_server: add CAP_SYS_PTRACE
Commit https://android.googlesource.com/kernel/common/+/
f0ce0eee added
CAP_SYS_RESOURCE as a capability check which would allow access to
sensitive /proc/PID files. system_server uses this capability to collect
smaps from managed processes. Presumably this was done to avoid the
implications of granting CAP_SYS_PTRACE to system_server.
However, with SELinux enforcement, we can grant CAP_SYS_PTRACE but not
allow ptrace attach() to other processes. The net result of this is that
CAP_SYS_PTRACE and CAP_SYS_RESOURCE have identical security controls, as
long as system_server:process ptrace is never granted.
Add CAP_SYS_PTRACE to the set of capabilities granted to system_server.
Don't delete CAP_SYS_RESOURCE for now. SELinux has blocked the use of
CAP_SYS_RESOURCE, but we still want to generate audit logs if it's
triggered. CAP_SYS_RESOURCE can be deleted in a future commit.
Bug:
34951864
Bug:
38496951
Test: Device boots, functionality remains identical, no sys_resource
denials from system_server.
Change-Id: I2570266165396dba2b600eac7c42c94800d9c65b
(cherry picked from commit
3082eb7c7253c62a06aa151a80487a4eabd49914)
Phil Weaver [Fri, 7 Apr 2017 23:43:28 +0000 (23:43 +0000)]
Merge "Make a11y node info parceling more robust" into lmp-mr1-dev am:
88698afd01
am:
7cb5e1dfd1
Change-Id: I8e51350ae38384dfb9ae034d73fe9087837b27f7
Phil Weaver [Fri, 7 Apr 2017 23:36:29 +0000 (23:36 +0000)]
Merge "Make a11y node info parceling more robust" into lmp-mr1-dev
am:
88698afd01
Change-Id: I37194d958aa5fc21ece027c288e2f9a0a239cd93
Phil Weaver [Fri, 7 Apr 2017 23:30:19 +0000 (23:30 +0000)]
Make a11y node info parceling more robust am:
1d8eb49073 am:
93c47c9d07
am:
3a7cf1f057 -s ours
Change-Id: I0000c6df3ca0375022535be19cf0f9a76ed07e39
Phil Weaver [Fri, 7 Apr 2017 23:27:47 +0000 (23:27 +0000)]
Merge "Make a11y node info parceling more robust" into lmp-mr1-dev
Phil Weaver [Fri, 7 Apr 2017 23:16:55 +0000 (23:16 +0000)]
Make a11y node info parceling more robust am:
1d8eb49073
am:
93c47c9d07
Change-Id: I8677c77968c202c8c6a0553db919610a140fda58
Phil Weaver [Fri, 7 Apr 2017 23:09:28 +0000 (23:09 +0000)]
Make a11y node info parceling more robust
am:
1d8eb49073
Change-Id: I5280a23cbfff5abfcc83e9e6d9afb4f8960ece44
Phil Weaver [Fri, 7 Apr 2017 21:39:27 +0000 (14:39 -0700)]
Make a11y node info parceling more robust
Fix a bug where a malformed Parceled representation
of an AccessibilityNodeInfo could be used to mess with
Bundles as they get reparceled.
Bug:
36491278
Test: Verified that POC no longer works, a11y cts still passes.
(Manual merge from commit
687bb44b437f7bb24dd3dddf072c2f646308e2ca)
Change-Id: I7746c9175a2da28f75d4f4b169d7997abadf1852
Phil Weaver [Fri, 7 Apr 2017 21:39:27 +0000 (14:39 -0700)]
Make a11y node info parceling more robust
Fix a bug where a malformed Parceled representation
of an AccessibilityNodeInfo could be used to mess with
Bundles as they get reparceled.
Bug:
36491278
Test: Verified that POC no longer works, a11y cts still passes.
(Manual merge from commit
687bb44b437f7bb24dd3dddf072c2f646308e2ca)
Change-Id: I7746c9175a2da28f75d4f4b169d7997abadf1852
Phil Weaver [Fri, 7 Apr 2017 00:40:51 +0000 (17:40 -0700)]
Make a11y node info parceling more robust
Fix a bug where a malformed Parceled representation
of an AccessibilityNodeInfo could be used to mess with
Bundles as they get reparceled.
Bug:
36491278
Test: Verified that POC no longer works, a11y cts still passes.
Change-Id: I10f24747e3ab87d77cd1deba56db4526e3aa5441
(cherry picked from commit
687bb44b437f7bb24dd3dddf072c2f646308e2ca)
Fyodor Kupolov [Fri, 10 Mar 2017 03:17:46 +0000 (03:17 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev am:
ac87aee354 am:
a821245d70 am:
156fa32e2a -s ours am:
de9cb7ed68 -s ours am:
2c112c4ad2
am:
2411b4f774 -s ours
Change-Id: Ie78ad1a602d6502c09a98ee9e28119caab3534b7