OSDN Git Service
Zongheng Wang [Thu, 5 Sep 2019 20:44:28 +0000 (13:44 -0700)]
Set default phonebook access to ACCESS_REJECTED when user didn't choose
one
When there's no users' choice to tell us whether to share their
phonebook information to the Bluetooth device, set the phonebook access
permission to ACCESS_REJECTED.
Bug:
138529441
Test: Manual test
Change-Id: Iefabeb731b941f09fe1272ac7b7cd2feba75c8df
Merged-In: Iefabeb731b941f09fe1272ac7b7cd2feba75c8df
(cherry picked from commit
02046b4f2ce82f6a3b6fd733c4b45f47acf51296)
Jonathan Scott [Tue, 25 Jun 2019 09:58:06 +0000 (10:58 +0100)]
Add MANAGED_PROVISIONING_DPC_DOWNLOADED (nyc).
Test: Just adding a constant
Bug:
132261064
Change-Id: I1527be03a10fa1a2fde09e3e41d6b7e83a986fc0
Merged-In: I2bce277ff8f2de4614e19d5385fe6712b076f9c9
(cherry picked from commit
20e5d92613268c196b508865b7275b59f00688f5)
Bryan Ferris [Tue, 21 May 2019 19:38:19 +0000 (12:38 -0700)]
[RESTRICT AUTOMERGE] Pass correct realCallingUid to startActivity() if provided by PendingIntentRecord#sendInner()
Previously we'd ignore realCallingPid and realCallingUid that
PendingIntentRecord#sendInner() provided to startActivityInPackage().
Now we correctly pass it on, preserving past behaviour if none
provided.
Test: manual; we added logging statements to check the value of realCallingUid
in startActivitiesMayWait when launching the calendar app from the calendar widget
and verified that it was the calendar uid rather than the system uid.
Bug:
123013720
Change-Id: I0ef42c2f89b537a720f1ad5aefac756b0ccac52e
Merged-In: I0ef42c2f89b537a720f1ad5aefac756b0ccac52e
(cherry picked from commit
f5e5af7f3d01e35d43faef897f625b954cfbcc3c)
Christopher Dombroski [Tue, 16 Apr 2019 20:21:39 +0000 (13:21 -0700)]
OP_REQUEST_INSTALL_PACKAGES denied by default
Some system apps may download unknown content and the user should
be explicitly asked whether they trust these files. System apps should
explicitly use the extra NOT_UNKNOWN_SOURCE to bypass this check.
Test: Builds, boots, existing tests pass:
atest CtsPackageInstallTestCases
Locally verified they pass if CtsPackageInstallTestCases.apk was signed by
the platform cert.
Bug:
123700348
Change-Id: I3028bf8ff3f79a41521deeee43fba3c32bb1b2ca
Merged-In: I2578251906f6656b83464d1c4fc4db99165841c9
(cherry picked from commit
43e682abef2a1c65585bef510c390480f0c4a2fd)
Mihai Popa [Tue, 25 Jun 2019 10:15:18 +0000 (11:15 +0100)]
Fix Layout.primaryIsTrailingPreviousAllLineOffsets
The CL fixes a crash in Layout.primaryIsTrailingPreviousAllLineOffsets.
The crash was happening when the method was called for a line beginning
with an empty bidi run. This could happen, for example, for empty text -
I was unable to find any other case. The CL improves the existing test
for the method with this case, which was previously crashing.
The CL also fixes a potential crash in getLineHorizontals. However, this
bug could never happen as in the current code path clamped is always
false (and kept as parameter for parity with getHorizontal).
Bug:
135444178
Bug:
78464361
Test: atest FrameworksCoreTests:android.text.LayoutTest\#testPrimaryIsTrailingPrevious
Change-Id: I47157abe1d74675884734e3810628a566e40c1b4
(cherry picked from commit
7ad499d00716f45fffdf7331493ed21d1b8d9b77)
(cherry picked from commit
42a6af7a11842cea3faa97d24dba209a97101bb3)
Chienyuan [Tue, 9 Jul 2019 07:09:56 +0000 (15:09 +0800)]
HidProfile: sync isPreferred() with HidHostService
HidHostService allow to connect when priority is PRIORITY_UNDEFINED.
HidProfile should return ture when priority is PRIORITY_UNDEFINED.
Otherwise, the "Input device" toggle in off state when HID device
connected.
Bug:
132456322
Test: manual
Change-Id: Id7bae694c57aec17e019d591c0a677e3cb64f845
(cherry picked from commit
830217f277e31e63d9ab8acd21ee2a8f81ee1c8f)
Michael Wachenschwanz [Thu, 16 May 2019 05:58:15 +0000 (22:58 -0700)]
Clear the Parcel before writing an exception during a transaction
This prevents any object data from being accidentally overwritten by the
exception, which could cause unexpected malformed objects to be sent
across the transaction.
Test: atest CtsOsTestCases:ParcelTest#testExceptionOverwritesObject
Bug:
34175893
Change-Id: Iaf80a0ad711762992b8ae60f76d861c97a403013
Merged-In: Iaf80a0ad711762992b8ae60f76d861c97a403013
(cherry picked from commit
f8ef5bcf21c87d8617f5e11810cc94350298d114)
Chalard Jean [Mon, 20 May 2019 04:11:37 +0000 (13:11 +0900)]
Protect VPN dialogs against overlay.
Bug:
130568701
Test: manual. After this, can't display on top of it
Change-Id: Ib032f800edb0416cc15f01a34954340d0d0ffa78
Merged-In: Ib032f800edb0416cc15f01a34954340d0d0ffa78
(cherry picked from commit
4e80dc2861614d25a1f957f50040a8cf04812d11)
(cherry picked from commit
016c72c8abfbae08eda269afb8923e8fc8a4ce44)
Jonathan Scott [Thu, 9 May 2019 10:52:47 +0000 (11:52 +0100)]
[RESTRICT AUTOMERGE] Make Lock task default consistent w/ Settings (oc-mr1-dev).
Bug:
127605586
Test: Manual
Change-Id: I40c9a29935d9e5a27cdcdf90187efe61035448fd
(cherry picked from commit
cd6c636800b62c2c823d53b973171070fe5d8aba)
Steven Moreland [Thu, 18 Apr 2019 23:32:42 +0000 (16:32 -0700)]
HwBlob: s/malloc/calloc/
Since this blob is passed between processes.
We could potentially only memset portions of the blob as it is
written to. However, the JHwBlob API itself doesn't have to have
writes in order (even though known usages of it do write in order).
Because of this, keeping track of which bytes to pad would be too
expensive.
Bug:
131356202
Test: boot, hidl_test_java
Change-Id: I48f4d7cb20c4bfe747dd323ae3744d323ad097c9
Merged-In: I48f4d7cb20c4bfe747dd323ae3744d323ad097c9
(cherry picked from commit
d8157bc094569bee74976df2585d632f1793e226)
Greg Wroblewski [Fri, 19 Apr 2019 21:42:18 +0000 (14:42 -0700)]
SUPL ES Extension - June 2019 rollup
Bug:
112159033
ASB: 2019-06
Change-Id: Iaf4b0295e726658852272de1cf857d9d55b63276
Julia Reynolds [Wed, 27 Mar 2019 16:15:57 +0000 (12:15 -0400)]
[RESTRICT_AUTOMERGE]: Add cross user permission check - areNotificationsEnabledForPackage
Test: atest
Fixes:
128599467
Change-Id: I13a0ca7590f8c4b44379730e0ee2088aba400c2a
(cherry picked from commit
657d164136199126ae241848887de0230699cea0)
(cherry picked from commit
bed6193b5954565f60afb5f5f9868d89991354d7)
Pavel Grafov [Wed, 10 Apr 2019 11:47:25 +0000 (12:47 +0100)]
Limit IsSeparateProfileChallengeAllowed to system callers
Fixes:
128599668
Test: build, set up separate challenge
Change-Id: I2fef9ab13614627c0f1bcca04759d0974fc6181a
(cherry picked from commit
1b6301cf2430f192c9842a05fc22984d782bade9)
Varun Shah [Wed, 20 Mar 2019 18:10:33 +0000 (11:10 -0700)]
Added missing permission check to isPackageDeviceAdminOnAnyUser.
Added a check for the MANAGE_USERS permission to
PackageManagerService#isPackageDeviceAdminOnAnyUser.
To test that the method is still usable:
1) Enable virtual storage via: adb shell sm set-virtual-disk true
2) Follow instructions by clicking on notification to set up virtual storage
3) Go to Settings -> Apps & notifications -> See all X apps
4) Click on any non-system app (example Instagram)
5) Tap Storage and you should see a "Change" button (if not, choose another app)
6) Tap Change and you should see Internal and Virtual storage options listed
7) The above step confirms the method is still usable by Settings
Bug:
128599183
Test: SafetyNet logging (steps listed above)
Change-Id: I989f1daf52a71f6c778ebd81baa6f1bf83e9a718
Merged-In: I36521fa43daab399e08869647326a7ac32d1e512
(cherry picked from commit
18e7dedf6c35f07daf8b7239d501737745ac7f43)
Eran Messeri [Mon, 25 Mar 2019 14:31:04 +0000 (14:31 +0000)]
Permission Check For DPM.getPermittedAccessibilityServices
Bug:
128599660
Test: com.android.server.devicepolicy.DevicePolicyManagerTest
Test: com.google.android.gts.devicepolicy.DeviceOwnerTest
Change-Id: I8be915bd6a4ff99884d23005a4c6f0100806dbe8
Merged-In: I8ee3f876fcaffa63636645f0f59709cd147254ef
(cherry picked from commit
4fd13eefcf99d9b9b0d5f5ea99fdc7c799c83d23)
WyattRiley [Thu, 28 Feb 2019 19:43:12 +0000 (11:43 -0800)]
DO NOT MERGE - SUPL ES Extension - Safer Init and Not After Boot
Safe order of pointer setting and background thread start
Verifying mCallEndElapsedRealtimeMillis is not the initial value
Bug:
112159033
Bug:
115361555
Bug:
125124724
Test: Verified not-after-boot with test code b/
115361555#comment14
Test: Reproed NPE with test thread sleep and verify fix
Change-Id: Icd2ea91d71da71c8fda109ceb70514733d35060b
(cherry picked from commit
a7cb82eb85cd361b90c9700ff935ba614c94f490)
JP Sugarbroad [Mon, 25 Feb 2019 21:55:30 +0000 (13:55 -0800)]
Revert "Adding SUPL NI Emergency Extension Time"
This reverts commit
8315a530d3378705ba5ef29152b3c51c006bc697.
Adrian Roos [Mon, 7 Jan 2019 15:57:31 +0000 (16:57 +0100)]
DPM: Fix regression from I54376f60ac53451ace22965d331b47cd8c2e614e
Fixes an issue where setting a password via DPM would never
satisfy a QUALITY_COMPLEX password requirement.
Change-Id: I3fbc952bd44291ac22728c626b128fc0c1aae232
Merged-In: I3fbc952bd44291ac22728c626b128fc0c1aae232
Fixes:
120915644
Bug:
110172241
Test: atest 'com.android.cts.devicepolicy.DeviceAdminHostSideTestApi24#testRunDeviceOwnerPasswordTest'
Test: Set credential via DPM.resetPassword(), factory reset device to trigger FRP, verify FRP shows.
(cherry picked from commit
48d06522c66cac586a859a628729d26c6fa5d64c)
Abodunrinwa Toki [Fri, 4 Jan 2019 17:18:39 +0000 (17:18 +0000)]
RESTRICT AUTOMERGE Do not linkify text with RLO/LRO characters.
Also don't show smart actions for selections in text with unsupported
characters.
Bug:
116321860
Test: runtest -x cts/tests/tests/text/src/android/text/util/cts/LinkifyTest.java
Change-Id: Ib2ee544b5783234fba8ee2f93adf0b36b039520f
(cherry picked from commit
4e3507d544741ba08d871a235b6ec11e1e674853)
WyattRiley [Thu, 6 Dec 2018 19:43:58 +0000 (11:43 -0800)]
Adding SUPL NI Emergency Extension Time
Configurable by carrier config.xml resource
Bug:
118839234
Bug:
115361555
Bug:
112159033
Test: On device, see b/
115361555#comment14
Change-Id: I52e61656cca8b6fa6468d32d2e69bf60f4c83c61
Merged-In: I52e61656cca8b6fa6468d32d2e69bf60f4c83c61
(cherry picked from commit
1cd7883a76d7bb28edc9c29bdabb3753a0c63396)
Adrian Roos [Thu, 6 Dec 2018 16:50:41 +0000 (17:50 +0100)]
FRP: save password quality in DPM.resetPassword
When setting a password from DPM.resetPassword(), the actual quality of the
password was not passed to LockSettingsService (instead, the minimum required
quality was passed which is often UNSPECIFIED). As a result, during FRP we
would see inconsistent state and skip it.
Bug:
110172241
Test: Set credential via DPM.resetPassword(), factory reset device to trigger FRP, verify FRP shows.
Change-Id: I54376f60ac53451ace22965d331b47cd8c2e614e
Merged-In: I54376f60ac53451ace22965d331b47cd8c2e614e
(cherry picked from commit
ef116def7c91fd4492a8df03355e1dbdbde02a85)
Wayne Lin [Thu, 13 Sep 2018 07:34:10 +0000 (15:34 +0800)]
[DO NOT MERGE] Changing SUPL_ES=1 for SUPL end point control
SUPL_ES=1 ensures the GnssLocationProvider and related framework code
accepts incoming SMS SUPL_INIT messages with ES-bit=1
(which allow redirection of the ESLP
end-point e.g. to the current local emergency services provider when
you are travelling) only during an emergency call
Bug:
115331218
Bug:
112159033
Test: Build pass
Change-Id: I5075f7887a184ce18bb1815b35a2ce7acd8bca10
(cherry picked from commit
02f38c7284f183d5e1fc39fe56903a567ff3fc20)
Jakub Pawlowski [Thu, 29 Nov 2018 17:54:21 +0000 (18:54 +0100)]
Bluetooth: Check descriptors size in BluetoothHidDeviceAppSdpSettings
Bug:
119819889
Test: compilation
Change-Id: If51d0e2af74d99758f79a603d40cc2f5c84e4dde
Merged-In: If51d0e2af74d99758f79a603d40cc2f5c84e4dde
(cherry picked from commit
f843ccbf9e3791b426af78389e276c46dbec75e1)
JP Sugarbroad [Thu, 10 Jan 2019 22:42:03 +0000 (14:42 -0800)]
Revert "[DO NOT MERGE] Changing SUPL_ES=1 for SUPL end point control"
This reverts commit
7334c95f01b36158188485a21e056faa30c2b985.
Jeff Sharkey [Mon, 24 Sep 2018 19:23:57 +0000 (13:23 -0600)]
RESTRICT AUTOMERGE: Recover shady content:// paths.
The path-permission element offers prefix or regex style matching of
paths, but most providers internally use UriMatcher to decide what
to do with an incoming Uri.
This causes trouble because UriMatcher uses Uri.getPathSegments(),
which quietly ignores "empty" paths. Consider this example:
<path-permission android:pathPrefix="/private" ... />
uriMatcher.addURI("com.example", "/private", CODE_PRIVATE);
content://com.example//private
The Uri above will pass the security check, since it's not
technically a prefix match. But the UriMatcher will then match it
as CODE_PRIVATE, since it ignores the "//" zero-length path.
Since we can't safely change the behavior of either path-permission
or UriMatcher, we're left with recovering these shady paths by
trimming away zero-length paths.
Bug:
112555574
Test: cts-tradefed run cts -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AppSecurityTests
Change-Id: Ibadbfa4fc904ec54780c8102958735b03293fb9a
(cherry picked from commit
a1ec7b115cc378f0547f10cf1074a5248d42d94f)
Wayne Lin [Thu, 13 Sep 2018 07:34:10 +0000 (15:34 +0800)]
[DO NOT MERGE] Changing SUPL_ES=1 for SUPL end point control
SUPL_ES=1 ensures the GnssLocationProvider and related framework code
accepts incoming SMS SUPL_INIT messages with ES-bit=1
(which allow redirection of the ESLP
end-point e.g. to the current local emergency services provider when
you are travelling) only during an emergency call
Bug:
115331218
Bug:
112159033
Test: Build pass
Change-Id: I5075f7887a184ce18bb1815b35a2ce7acd8bca10
(cherry picked from commit
02f38c7284f183d5e1fc39fe56903a567ff3fc20)
Wale Ogunwale [Wed, 16 May 2018 23:42:29 +0000 (16:42 -0700)]
RESTRICT AUTOMERGE: Hide overlay windows when requesting media projection permission.
1: Cherry-pick ag/
4067454 - Setting PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS
updateNonSystemOverlayWindowsVisibilityIfNeeded on relayoutWindow
2: Cherry-pick ag/
3650369 - If PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS changed on
relayoutWindow() then updateNonSystemOverlayWindowsVisibilityIfNeeded
3: Add permissions to SystemUI to allow it to hide non-system overlays
Bug:
34170870
Test: manual (see bug for poc)
Change-Id: I57cb0f390d9a78e721c5ddce49a377d385002753
(cherry picked from commit
40f7b5832291ec81b921d9d7598447653d926604)
Michael Wachenschwanz [Sat, 25 Aug 2018 04:50:35 +0000 (21:50 -0700)]
Verify number of Map entries written to Parcel
Make sure the number of entries written by Parcel#writeMapInternal
matches the size written. If a mismatch were allowed, an exploitable
scenario could occur where the data read from the Parcel would not
match the data written.
Fixes:
112859604
Test: cts-tradefed run cts -m CtsOsTestCases -t android.os.cts.ParcelTest
Change-Id: I325d08a8b66b6e80fe76501359c41b6656848607
Merged-In: I325d08a8b66b6e80fe76501359c41b6656848607
(cherry picked from commit
057a01d1f38e9b46d3faa4059fdd7c8717681ea0)
Seigo Nonaka [Thu, 19 Jul 2018 23:22:02 +0000 (16:22 -0700)]
Fix crash during cursor moving on BiDi text
The crash was introduced by Ib66ef392c19c937718e7101f6d48fac3abe51ad0
The root cause of the crashing is requesting out-of-line access for the
horizontal width. This invalid access is silently ignored by
TextLine#measure() method but new implementation end up with out of
bounds access.
To makes behavior as old implementation, calling getHorizontal instead
of accessing measured result array.
Bug:
78464361,
111580019
Test: Manually done
Change-Id: I5c5778718f6b397adbb1e4f2cf95e9f635f6e5c8
(cherry picked from commit
960647d582911ae7ab8b9491097898e6c313aaf1)
Merged-In: I5c5778718f6b397adbb1e4f2cf95e9f635f6e5c8
(cherry picked from commit
d30c55e3ccf25668fcbccf29c94224fd1d2e67b6)
Jeff Sharkey [Tue, 7 Aug 2018 21:02:17 +0000 (15:02 -0600)]
DO NOT MERGE. Persistable Uri grants still require permissions.
When FLAG_GRANT_PERSISTABLE_URI_PERMISSION is requested, we still
need to check permissions between the source and target packages,
instead of shortcutting past them.
The spirit of the original change is remains intact: if the caller
requested FLAG_GRANT_PERSISTABLE_URI_PERMISSION, then we avoid
returning "-1", which would prevent the grant data structure from
being allocated.
Bug:
111934948
Test: atest android.appsecurity.cts.AppSecurityTests
Change-Id: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
Merged-In: Ief0fc922aa09fc3d9bb6a126c2ff5855347cd030
(cherry picked from commit
05519b7e3d0f3d16ddfe6ee3892c8468a2c10c62)
Jeff Sharkey [Wed, 25 Jul 2018 20:52:14 +0000 (14:52 -0600)]
DO NOT MERGE. Extend SQLiteQueryBuilder for update and delete.
Developers often accept selection clauses from untrusted code, and
SQLiteQueryBuilder already supports a "strict" mode to help catch
SQL injection attacks. This change extends the builder to support
update() and delete() calls, so that we can help secure those
selection clauses too.
Bug:
111085900
Test: atest packages/providers/DownloadProvider/tests/
Test: atest cts/tests/app/src/android/app/cts/DownloadManagerTest.java
Test: atest cts/tests/tests/database/src/android/database/sqlite/cts/SQLiteQueryBuilderTest.java
Change-Id: Ib4fc8400f184755ee7e971ab5f2095186341730c
Merged-In: Ib4fc8400f184755ee7e971ab5f2095186341730c
(cherry picked from commit
09d49531334ce6bc4ac45de1d3d0edb1495c0566)
Jeff Sharkey [Wed, 25 Jul 2018 20:01:59 +0000 (14:01 -0600)]
DO NOT MERGE. Execute "strict" queries with extra parentheses.
SQLiteQueryBuilder has a setStrict() mode which can be used to
detect SQL attacks from untrusted sources, which it does by running
each query twice: once with an extra set of parentheses, and if that
succeeds, it runs the original query verbatim.
This sadly doesn't catch inputs of the type "1=1) OR (1=1", which
creates valid statements for both tests above, but the final executed
query ends up leaking data due to SQLite operator precedence.
Instead, we need to continue compiling both variants, but we need
to execute the query with the additional parentheses to ensure
data won't be leaked.
Test: atest cts/tests/tests/database/src/android/database/sqlite/cts/SQLiteQueryBuilderTest.java
Bug:
111085900
Change-Id: I6e8746fa48f9de13adae37d2990de11c9c585381
Merged-In: I6e8746fa48f9de13adae37d2990de11c9c585381
(cherry picked from commit
5a55a72fcd18fb676eb4c114e62048068f71c01a)
Mihai Popa [Wed, 9 May 2018 16:31:48 +0000 (17:31 +0100)]
Optimise the hit test algorithm
Layout#getOffsetForHorizontal was running in O(n^2) time, where n is the
length of the current line. The method is used when a touch event
happens on a text line, to compute the cursor offset (and the character)
where it happened. Although this is not an issue in common usecases,
where the number of characters on a line is relatively small, this can
be very inefficient as a consequence of Unicode containing 0-width
(invisible) characters. Specifically, there are characters defining the
text direction (LTR or RTL), which cause our algorithm to touch the
worst case quadratic runtime. For example, a person is able to send a
message containing a few visible characters, and also a lot of these
direction changing invisible ones. When the receiver touches the message
(causing the Layout#getOffsetForHorizontal method to be called), the
receiver's application would become not responsive.
This CL optimizes the method to run in O(n) worst case. This is achieved
by computing the measurements of all line prefixes at first, which can
be done in a single pass. Then, all the prefix measurement queries will
be answered in O(1), rather than O(n) as it was happening before.
Bug:
79215201
Test: manual testing
Change-Id: Ib66ef392c19c937718e7101f6d48fac3abe51ad0
Merged-In: Ib66ef392c19c937718e7101f6d48fac3abe51ad0
(cherry picked from commit
69b589b21d02cd380a6827c39e56cbd12a804ffd)
Robert Shih [Mon, 9 Jul 2018 20:38:31 +0000 (13:38 -0700)]
Fix TrackInfo parcel write
Bug:
77600398
Change-Id: Ia316f1c5dc4879f6851fdb78fe8b9039579be7bc
(cherry picked from commit
0d2dc943dcaa3d7c8479e22ae62be9753ea2643c)
Arthur Ishiguro [Mon, 25 Jun 2018 18:31:33 +0000 (11:31 -0700)]
Resolve inconsistent parcel read in NanoAppFilter
Bug:
77599679
Test: Compile only
Change-Id: Ib417a5cb4d51744442d2fb14437cabbe5fd1c266
(cherry picked from commit
abe5a73a4a81e312a1690fbc10a6b99ce98b699a)
Bernie Innocenti [Mon, 28 May 2018 13:04:37 +0000 (22:04 +0900)]
vpn: allow IPSec traffic through Always-on VPN
This won't leak any traffic outside the VPN as long as there are no
processes owned by uid 0 which generate network traffic (which is
currently the case).
Bug:
69873852
Test: compared the output of 'adb shell ip rule show' before and after
Test: runtest -x frameworks/base/tests/net/java/com/android/server/connectivity/VpnTest.java
Test: local CTS tests run: android.net.cts.VpnServiceTest
Test: local CTS tests run: com.android.cts.devicepolicy.MixedDeviceOwnerTest
Change-Id: I8758e576c9d961d73f62bfcf0559dd7ecee6e8e6
Merged-In: I8758e576c9d961d73f62bfcf0559dd7ecee6e8e6
Merged-In: I1f9b78c8f828ec2df7aba71b39d62be0c4db2550
Merged-In: I8edeb0942e661c8385ff0cd3fdb72e6f62a8f218
(cherry picked from commit
00000fe55a4729f8339afdc7eab5c970b2549813)
(cherry picked from commit
ef2910dc709d698b6476e8d462c608d04c784a26)
Makoto Onuki [Tue, 12 Jun 2018 20:01:42 +0000 (13:01 -0700)]
Backport Prevent shortcut info package name spoofing
Test: cts-tradefed run cts -m CtsShortcutManagerTestCases -t android.content.pm.cts.shortcutmanager.ShortcutManagerFakingPublisherTest
Bug:
109824443
Change-Id: I90443973aaef157d357b98b739572866125b2bbc
Merged-In: I78948446a63b428ae750464194558fd44a658493
(cherry picked from commit
9e21579a11219581a0c08ff5dd6ac4dc22e988a4)
JP Sugarbroad [Thu, 19 Jul 2018 23:33:42 +0000 (16:33 -0700)]
Revert "Optimise the hit test algorithm"
This reverts commit
29de3319b7c1c763916aeab91cfc15f7daf60c09.
Ryan Mitchell [Mon, 21 May 2018 20:59:23 +0000 (13:59 -0700)]
ResStringPool: Prevenet boot loop from se fix
Changes the logs adding in a previous security fix to warnings so
devices with malformed APKs currently on them will not undergo DOS when
they are upgraded to P.
Bug:
79724567
Test: run cts -m CtsAppSecurityHostTestCases \
-t android.appsecurity.cts.CorruptApkTests
Change-Id: Ied54e4bb14abdaf79da562022c7ea6075187c1f8
(cherry picked from commit
f05f47b2c1838529e682ad8f931d3da72244b1a1)
(cherry picked from commit
c31cf80008fdb06ea8e1eab9764096653e7854b1)
Ryan Mitchell [Wed, 30 May 2018 19:17:01 +0000 (12:17 -0700)]
Fix DynamicRefTable::load security bug
DynamicRefTables parsed from apks are missing bounds checks that prevent
buffer overflows. This changes verifies the bounds of the header before
attempting to preform operations on the chunk.
Bug:
79488511
Test: run cts -m CtsAppSecurityHostTestCases \
-t android.appsecurity.cts.CorruptApkTests
Change-Id: I02c8ad957da244fce777ac68a482e4e8fa70f846
Merged-In: I02c8ad957da244fce777ac68a482e4e8fa70f846
(cherry picked from commit
18a6ada4aa136da4f50f03fff91d61d448ced195)
Mihai Popa [Wed, 9 May 2018 16:31:48 +0000 (17:31 +0100)]
Optimise the hit test algorithm
Layout#getOffsetForHorizontal was running in O(n^2) time, where n is the
length of the current line. The method is used when a touch event
happens on a text line, to compute the cursor offset (and the character)
where it happened. Although this is not an issue in common usecases,
where the number of characters on a line is relatively small, this can
be very inefficient as a consequence of Unicode containing 0-width
(invisible) characters. Specifically, there are characters defining the
text direction (LTR or RTL), which cause our algorithm to touch the
worst case quadratic runtime. For example, a person is able to send a
message containing a few visible characters, and also a lot of these
direction changing invisible ones. When the receiver touches the message
(causing the Layout#getOffsetForHorizontal method to be called), the
receiver's application would become not responsive.
This CL optimizes the method to run in O(n) worst case. This is achieved
by computing the measurements of all line prefixes at first, which can
be done in a single pass. Then, all the prefix measurement queries will
be answered in O(1), rather than O(n) as it was happening before.
Bug:
79215201
Test: manual testing
Change-Id: Ib66ef392c19c937718e7101f6d48fac3abe51ad0
Merged-In: Ib66ef392c19c937718e7101f6d48fac3abe51ad0
(cherry picked from commit
69b589b21d02cd380a6827c39e56cbd12a804ffd)
Benedict Wong [Tue, 20 Feb 2018 23:19:59 +0000 (15:19 -0800)]
DO NOT MERGE: Add unit tests to ensure VPN meteredness
These new tests ensure that VPNs report the meteredness of their
underlying networks correctly. The added test verifies VPN meteredness
for cases of metered and unmetered WiFi and Cell
Bug:
78644887
Test: This; ran on walleye-eng
Change-Id: I28bdc71a336bfd97f7908455d4781d774df44b87
(cherry picked from commit
66bc52884b1009fca7917ae89e72e8aa40f394d1)
Adrian Roos [Tue, 22 May 2018 14:56:35 +0000 (16:56 +0200)]
WM: Prevent secondary display focus while keyguard is up
Fixes an issue where input intended for the keyguard could end up going
to a different display.
To prevent this, make sure that only the default display can get focused
when the keyguard is showing.
Change-Id: I6463c44aedca06930d2c9bda7c45ffd93141308c
Merged-In: I6463c44aedca06930d2c9bda7c45ffd93141308c
Fixes:
71786287
Test: atest DisplayContentTests
(cherry picked from commit
3cd5e3d9bbb3255e874b8fa27d7ed506164905dd)
Benedict Wong [Fri, 4 May 2018 04:07:58 +0000 (21:07 -0700)]
DO NOT MERGE: Fix ConnectivityController meteredness checks
This patch corrects ConnectivityController's meteredness checks to
perform correct meteredness checks while VPNs are running. This fixes a
bug in O-MR1 where any apps using the DownloadProvider with unmetered
network constraints fail to start while the VPN is enabled.
This change adds a bespoke method for ConnectivityController, allowing
it to correctly identify the meteredness without affecting public API
surfaces.
Bug:
78644887
Test: Built, flashed on Walleye, and tested.
Test: Additional test coverage in subsequent patch(es).
Change-Id: Ie1d11d93d51d936ce81cd5984af61bde30325983
(cherry picked from commit
d08ab5a641d9d81314c9439724dd34338fa81d58)
Todd Kennedy [Thu, 3 May 2018 09:05:04 +0000 (10:05 +0100)]
Make safe label more safe
* limit the absolute maximum size of the label to 50000 characters
[which is probably far more than necessary, but, can be dialed down]
* use a string buffer while processing the string [instead of creating
multiple string objects]
Bug:
62537081
Test: Manual. Install APK in bug and see that it can be uninstalled
Change-Id: Ibf63c2691ad7438a123e92110d95b1f50050f8b1
Merged-In: Ibf63c2691ad7438a123e92110d95b1f50050f8b1
(cherry picked from commit
2263da9539daef134395226a2718ba2d7af7547d)
Tony Mak [Thu, 14 Dec 2017 12:40:07 +0000 (12:40 +0000)]
clearCallingIdentity before calling into getPackageUidAsUser
Fix:
70585244
Bug:
69981755
Test: Enable any accessibility service -> inflate work profile
-> Tap on any work app -> no longer crash
Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.CrossProfileAppsHostSideTest.testPrimaryUserToManagedProfile
Change-Id: I80d18f4e2ab76a228cb0aa2c8312c323a9b5c84d
(cherry picked from commit
857326e3731939f6ec7979e1d86585bf0ea484f4)
Eugene Susla [Mon, 11 Dec 2017 18:07:03 +0000 (10:07 -0800)]
Nullcheck to fix Autofill CTS
Test: presubmit
Fixes:
70506475
Bug:
69981755
Change-Id: I187bed4889a4901a7137a2995178ea651ed09186
(cherry picked from commit
6c68a692880b7cc981e130aace0edb9f2fcffff6)
Ecco Park [Thu, 3 May 2018 21:49:40 +0000 (14:49 -0700)]
Osu: fixed Mismatch between createFromParcel and writeToParcel
Bug:
77600924
Change-Id: I46d765892e8e6839ed5140a3b0d6bb1815ccf9bc
Signed-off-by: Ecco Park <eccopark@google.com>
(cherry picked from commit
9a59cf84506e9fa841524ac2c70ae683449e709a)
Hansong Zhang [Thu, 26 Apr 2018 21:22:39 +0000 (14:22 -0700)]
DO NOT MERGE Truncate newline and tab characters in BluetoothDevice name
Test: manual
Bug:
73173182
Change-Id: I7f2201cab36adf7f01d1a794d783cb78a536811f
(cherry picked from commit
24da173b63b17a0bc6c80b2fcfefa7fe4574a15b)
sqian [Sat, 14 Apr 2018 00:10:05 +0000 (17:10 -0700)]
Fix broken check for TelephonyManager#getForbiddenPlmns
(backport from a fix merged in pi-dev)
Bug:
73884967
Test: Treehugger
Change-Id: I9deaae20893184cde36dcd936fe83708fa60b830
Merged-In: I0cf7920e138892fbcab71fae0eed1293f0b2e404
Merged-In: I9e3456e5f1e479b0e2b102f6c90db57cd0e977fe
(cherry picked from commit
7b52a48d6b10e3ed2806b57d39a2d9211dd4b585)
akirilov [Tue, 27 Mar 2018 20:08:47 +0000 (13:08 -0700)]
RESTRICT AUTOMERGE: Prevent reporting fake package name - framework (backport to oc-mr1-dev)
Test: added AccessibilityEndToEndTest#testPackageNameCannotBeFaked
cts-tradefed run cts -m CtsAccessibilityServiceTestCases
cts-tradefed run cts -m CtsAccessibilityTestCases
Bug:
69981755
Change-Id: If3752e106aa7fdee4645dc9852289af471ceff18
Merged-In: I13304efbee10d1affa087e9c8bc4ec237643283e
(cherry picked from commit
c36db6d473c9988496cd614924ee113b67f7e333)
y [Fri, 6 Apr 2018 00:57:27 +0000 (17:57 -0700)]
ResStringPool: Fix security vulnerability
Adds detection of attacker-modified size and data fields passed to
ResStringPool::setTo(). These attacks are modified apks that AAPT would
not normally generate. In the rare case this occurs, the installation
cannot be allowed to continue.
Bug:
71361168
Bug:
71360999
Test: run cts -m CtsAppSecurityHostTestCases \
-t android.appsecurity.cts.CorruptApkTests
Change-Id: If7eb93a9e723b16c8a0556fc4e20006aa0391d57
Merged-In: If7eb93a9e723b16c8a0556fc4e20006aa0391d57
(cherry picked from commit
7e54c3f261d81316b75cb734075319108d8bc1d1)
Philip P. Moltmann [Thu, 12 Apr 2018 21:45:14 +0000 (14:45 -0700)]
DO NOT MERGE (O) Revoke permision when group changed
If a run time permission of a group is already granted we grant the
other permission of the group automatically when requested.
Hence if an already granted permission changed its group during an
update suddenly permission of a potentially not approved group will
get auto-granted.
This is undesirable, hence we revoke the permission during the update
process.
Test: atest android.permission.cts.PermissionGroupChange
Change-Id: Ib2165d1ae53b80455ebe02e07775853e37a2e339
Fixes:
72710897
(cherry picked from commit
0ed1b472af194896fcf421dc862c443343c7c127)
Fyodor Kupolov [Fri, 16 Mar 2018 19:20:40 +0000 (12:20 -0700)]
Use concrete CREATOR instance for parceling lists
Replaced readTypedArrayList/writeTypedArrayList with
writeTypedList/createTypedArrayList(CREATOR)
Bug:
71508348
Test: CtsAutoFillServiceTestCases pass
Merged-In: I2a8321023b40cc74b7026eb0fb32a9cc5f5543a9
Change-Id: Id17d02e40a4ae567bf2d74d2ea8ba4d8a943bdb7
(cherry picked from commit
4921986db76b1580bcb6ec8b2fd381d1364a6325)
Marco Nelissen [Tue, 7 Nov 2017 21:52:02 +0000 (13:52 -0800)]
Rework thumbnail cleanup
Bug:
63766886
Test: ran CTS tests
Change-Id: I1f92bb014e275eafe3f42aef1f8c817f187c6608
(cherry picked from commit
6d2096f3889d38da60099b1b5678347de4f042bf)
Felipe Leme [Mon, 11 Dec 2017 22:37:35 +0000 (14:37 -0800)]
Proper autofill fix to let phone process autofill Settings activity.
Test: adb shell am start com.android.settings/.RadioInfo
Bug:
69981710
Fixes:
70506888
Change-Id: Id29bad2d20b621f7379eb6144c95dcc819949b3d
Merged-In: Id29bad2d20b621f7379eb6144c95dcc819949b3d
(cherry picked from commit
97f16a76db29269619d9a1b45d4cea49026a5b6a)
(cherry picked from commit
92b5d2783a1b97bee476f04754481403839b4e45)
Pengquan Meng [Fri, 9 Mar 2018 04:08:25 +0000 (20:08 -0800)]
Fixed Security Vulnerability of DcParamObject
The writeToParcel and readFromParcel is not symmetry, fixed it.
Test: no test
Bug:
70721937
Change-Id: I01f6f6b2ab778ee8b638d9b69fe0a6b9aa7ee395
(cherry picked from commit
8c55a70728fdb0a7b0585fac08629b0137dca51e)
Eugene Susla [Thu, 22 Feb 2018 18:39:34 +0000 (10:39 -0800)]
[DO NOT MERGE] Copy PermissionChecker from support lib and use in RcognitionService
Fixes:
73511076,
73311729
Test: presubmit
Change-Id: Ie98f67ffee4744050ac85d8b229370a16a76a194
(cherry picked from commit
726b51a26e9a54b7352aad90ed15edccc44dd60d)
(cherry picked from commit
5a28e533fe8865ed371b5c0fd909a4ec89f63633)
Rubin Xu [Thu, 11 Jan 2018 10:59:19 +0000 (10:59 +0000)]
[DO NOT MERGE] Add permission check to setAllowOnlyVpnForUids
Bug:
63000005
Test: runtest frameworks-net -c com.android.server.connectivity.VpnTest
Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testAlwaysOnVpnLockDown
Merged-In: Ia1a82ee73d8617f3124032986fe6c09c14bf7752
Change-Id: Ia1a82ee73d8617f3124032986fe6c09c14bf7752
(cherry picked from commit
f915e04d5010c4dfffad263fa70c1e412e856314)
Fyodor Kupolov [Wed, 21 Feb 2018 01:02:35 +0000 (17:02 -0800)]
Verify last array's length in readFromParcel
Length of the last array in readFromParcel should be the same as
value of mNextIndex.
Test: PoC app in the bug
Bug:
73252178
Change-Id: I69f935949e945c3a036b19b4f88684d906079ea5
(cherry picked from commit
3b8bc2e45048527d7682b24b96957c34433da382)
Alan Viverette [Fri, 16 Feb 2018 18:56:02 +0000 (13:56 -0500)]
Update internal ViewPager's SavedState to match Support Library version
Merged-In: Ic4569b21d8a26a62bba91742b442f0c3ea8bcc9e
Change-Id: I17d085be9ce1a139e75264f1e715df7f565cd41b
Fixes:
71992105
Test: manual
(cherry picked from commit
187964aca12115c7ab66f59d1ebb95e4f4130ac6)
Felipe Leme [Mon, 22 Jan 2018 23:33:40 +0000 (15:33 -0800)]
DO NOT MERGE - fix AFM.getComponentNameFromContext()
This method broke on O-MR1 when I3abf999eb6056c1df7982780bae43b58337c0668
was chery-picked from master.
Test: cts-tradefed run commandAndExit cts-dev -m CtsAutoFillServiceTestCases \
-t android.autofillservice.cts.AttachedContextActivityTest#testAutofill
Test: cts-tradefed run commandAndExit cts-dev -m CtsAutoFillServiceTestCases
Also individually ran tests that failed (due to flakiness) when ran in a suite:
Test: cts-tradefed run commandAndExit cts-dev -m CtsAutoFillServiceTestCases \
-t android.autofillservice.cts.OptionalSaveActivityTest#testDontShowSaveUiWhenUserManuallyFilled_oneDatasetAllRequiredFields
Test: cts-tradefed run commandAndExit cts-dev -m CtsAutoFillServiceTestCases -t android.autofillservice.cts.PreSimpleSaveActivityTest #testTapLink_tapBack_thenStartOverBySayingYesAndManualRequest
Fixes:
71960322
Change-Id: Ia093dcefe6699dc9493c46d671e48c2000214b31
Merged-In: I3abf999eb6056c1df7982780bae43b58337c0668
(cherry picked from commit
b25b4736db2ea05dce6b9f03e8a9920ab338dd5a)
Felipe Leme [Fri, 1 Dec 2017 01:41:57 +0000 (17:41 -0800)]
Make sure apps cannot forge package name on AssistStructure used for Autofill.
Test: cts-tradefed run commandAndExit cts-dev -m CtsAutoFillServiceTestCases -t android.autofillservice.cts.VirtualContainerActivityTest#testAppCannotFakePackageName
Test: cts-tradefed run commandAndExit cts-dev -m CtsAutoFillServiceTestCases
Bug:
69981710
Change-Id: Id6036cddb51dd8dd0c9128b7212d573f630d693f
Merged-In: Id6036cddb51dd8dd0c9128b7212d573f630d693f
(cherry picked from commit
23e61a9086a34405e277868474e003b37ed1b711)
Rubin Xu [Wed, 7 Feb 2018 08:10:08 +0000 (08:10 +0000)]
Fix VerifyCredentialResponse parcelling code
There was an asymmetry between parcelling and unparcelling of
VerifyCredentialResponse that could lead to type confusion if
packed with other objects in a Parcel.
Test: none
Bug:
71714464
Change-Id: Icff68879e249422ccca49f2bb7db85c35b4cb353
(cherry picked from commit
54813e988884f0d604d5358569f10feda8622f46)
Etan Cohen [Fri, 2 Feb 2018 16:07:20 +0000 (08:07 -0800)]
[RTT] ParcelableRttResults parcel code fix
ParcelableRttResults was unparceled incorrectly.
Bug:
70398564
Test: exploit provided in bug no longer works
Change-Id: Ifd6de547e9861bbebc399b43d0cc2899a8160813
(cherry picked from commit
e1e5a2409c8bef2481e68d9329f87bb8037afa45)
Jakub Pawlowski [Fri, 8 Dec 2017 06:56:03 +0000 (22:56 -0800)]
Fix bad type for txPower in PeriodicAdvertisingReport serialization
Bug:
69634768
Test: compilation
Change-Id: Icedfbaf1ba933637e935ada0fd98aea42c73f2b2
Merged-In: Icedfbaf1ba933637e935ada0fd98aea42c73f2b2
(cherry picked from commit
5332988c62e2f2ededb29ac3bfc4774551fe956f)
Adam Vartanian [Wed, 31 Jan 2018 11:05:10 +0000 (11:05 +0000)]
Adjust URI host parsing to stop on \ character.
The WHATWG URL parsing algorithm [1] used by browsers says that for
"special" URL schemes (which is basically all commonly-used
hierarchical schemes, including http, https, ftp, and file), the host
portion ends if a \ character is seen, whereas this class previously
continued to consider characters part of the hostname. This meant
that a malicious URL could be seen as having a "safe" host when viewed
by an app but navigate to a different host when passed to a browser.
[1] https://url.spec.whatwg.org/#host-state
Bug:
71360761
Test: vogar frameworks/base/core/tests/coretests/src/android/net/UriTest.java (on NYC branch)
Test: cts -m CtsNetTestCases (on NYC branch)
Change-Id: Id53f7054d1be8d59bbcc7e219159e59a2425106e
(cherry picked from commit
fa3afbd0e7a9a0d8fc8c55ceefdb4ddf9d0115af)
Adam Lesinski [Fri, 10 Nov 2017 01:12:17 +0000 (17:12 -0800)]
Check for null-terminator in ResStringPool::string8At
All other stringAt methods check for null termination. Be consistent
so that upper levels don't end up with huge corrupt strings.
Bug:
62537081
Test: none
Change-Id: I17bdfb0c1e34507b66c6cad651bbdb12c5d4c417
(cherry picked from commit
3d35a0ea307693a97583a61973e729a5e7db2687)
(cherry picked from commit
97f8cb01149b35b1832c7f9efe85ff19edf1083e)
(cherry picked from commit
5ec65ae909a85d13d03c030be357c8c14a50d306)
Shuzhen Wang [Fri, 8 Dec 2017 20:16:49 +0000 (12:16 -0800)]
OutputConfiguration: Fix missing mIsShared in parcel read
Test: Camera CTS
Bug:
69683251
Merged-In: I7ea4aa8ed4baa5a5e7d25a0073361d827ba86c13
Change-Id: I7ea4aa8ed4baa5a5e7d25a0073361d827ba86c13
(cherry picked from commit
4304a02ac990c1af5fb8f479bdd2b04c8af4fddb)
Adam Lesinski [Tue, 14 Nov 2017 08:50:18 +0000 (00:50 -0800)]
OMS: Only allow trusted overlays to be registered.
Bug:
69383160
Test: cts-tradefed run cts -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.OverlayHostTest
Change-Id: I930c11716317cff1ec485a3943d1f22f07a423df
Merged-In: I930c11716317cff1ec485a3943d1f22f07a423df
(cherry picked from commit
80609e584c9c6155ed3199109735ec8d16f6115c)
Rubin Xu [Tue, 31 Oct 2017 15:40:32 +0000 (15:40 +0000)]
Swap the order of synthetic password wrapping
Synthetic password is double encrypted by both a random auth-bound keymaster
key and a secret derived from user password. In order to avoid a password
verification oracle without rate limiting, synthetic password needs to be
encrypted by the derived secret first, and then the auth-bound key. This
change corrects the order of encryptions, as well as adds an upgrade path to
refresh existing credentials.
Test: Running an old build with existing password, flash to new build,
verify the device unlocks successfully.
Bug:
68694819
Change-Id: Ifdaa01f3f4ddd5bb3f3d808d38f440ced729034f
Merged-In: Ifdaa01f3f4ddd5bb3f3d808d38f440ced729034f
(cherry picked from commit
78acfe71d5d527ec727ffa3ad33f0de6255d60d7)
Adam Vartanian [Tue, 7 Nov 2017 12:22:23 +0000 (12:22 +0000)]
Adjust Uri host parsing to use last instead of first @.
Malformed authority segments can currently cause the parser to produce
a hostname that doesn't match the hostname produced by the WHATWG URL
parsing algorithm* used by browsers, which means that a URL could be seen
as having a "safe" host when checked by an Android app but actually visit
a different host when passed to a browser. The WHATWG URL parsing
algorithm always produces a hostname based on the last @ in the authority
segment, so we do the same.
* https://url.spec.whatwg.org/#authority-state resets the "buffer", which
is being used to build up the host name, each time an @ is found, so it
has the effect of using the content between the final @ and the end
of the authority section as the hostname.
Bug:
68341964
Test: vogar android.net.UriTest (on NYC branch)
Test: cts -m CtsNetTestCases (on NYC branch)
Change-Id: Idca79f35a886de042c94d6ab66787c2e98ac8376
(cherry picked from commit
cd6228dd377b2a0caa02a1e6df92f3d9ae702a95)
Chong Zhang [Tue, 24 Oct 2017 23:07:18 +0000 (16:07 -0700)]
mtp: fix double free of thumbnail data
bug:
67864232
Change-Id: I6eb51be839df12317273830521c70a4ed80f9496
(cherry picked from commit
e6b98532ee03d0ac1ca93382699893172454a946)
Leon Scroggins III [Tue, 3 Oct 2017 18:00:20 +0000 (14:00 -0400)]
Throw OOME if Bitmap.nativeCreate fails
Bug:
33846679
Test: I6ab6cb7a3b3151641a9f9b02b0bfc484e0a4524b
This matches the old behavior, prior to switching from Java allocated
pixel memory to native allocations (b/
27762775). It also better matches
what has happened - we ran out of memory. (Better than the current
behavior - NullPointerException in the Java code, or an alternative
solution of returning null, which would likely result in NPEs in the
calling code.)
Merged-In: I3958ed1106ac94fb1d3f30e044b620d984875211
Change-Id: I3958ed1106ac94fb1d3f30e044b620d984875211
(cherry picked from commit
5906a4869cdf5c39eba1d9a3125aff894c5e804d)
android-build-team Robot [Thu, 2 Nov 2017 04:50:11 +0000 (04:50 +0000)]
Merge cherrypicks of [
3156476,
3155698,
3156194,
3156639,
3156018,
3156477,
3156098,
3156099,
3156100,
3156101,
3156102,
3158393,
3155699,
3155700,
3156195,
3156196,
3156019,
3156020,
3158394] into oc-mr1-release
Change-Id: I5b1e8ce0b0d4c129cf502ab21733dd7bc65aed67
Sunny Goyal [Wed, 1 Nov 2017 18:58:13 +0000 (11:58 -0700)]
Preventing recursive referrence in drawables
Bug:
68706673
Bug:
66498711
Test: Added CTS tests
Change-Id: I8034f49d16f9a7bc1749714fd6d6231bba5088d0
(cherry picked from commit
99b25d2817a1058e56c5384a43040e0f3f291ce1)
Christine Franks [Mon, 30 Oct 2017 23:22:37 +0000 (16:22 -0700)]
Respect legacy color mode settings
Bug:
68411440
Test: make -j100, verified starting with each of the three options.
Change-Id: I73e701a86733e0f8a5d017949052b16cdf58f398
(cherry picked from commit
17947177b38c0b583ce263b1f66454b84cb5959e)
(cherry picked from commit
8ab97c1e417620b99a2057b7dd6ad59ecc419853)
Julia Reynolds [Thu, 26 Oct 2017 15:30:31 +0000 (11:30 -0400)]
Allow dnd access for secondary users
Test: runtest systemui-notification
Change-Id: Ie63b767bcd25b7b3e7cac08afcf3351adc97263f
Merged-In: Ie63b767bcd25b7b3e7cac08afcf3351adc97263f
Fixes:
68060759
(cherry picked from commit
ee611537e935ca419b4333cc82c9dee5d2e7a92d)
Bryce Lee [Tue, 31 Oct 2017 18:35:55 +0000 (11:35 -0700)]
DO NOT MERGE Remove orientation restriction to only fullscreen activities.
This changelist removes checks that enforce that only fullscreen,
opaque activities may request orientation changes. An application
may itself be compatible with the change and update their SDK level.
However, it is possible they use a library that has not itself been
updated and still leverages this feature for non-fullscreen
activities.
Fixes:
68684796
Test: bit FrameworksServicesTests:com.android.server.wm.AppWindowTokenTests
Change-Id: Ib5a60f0b660ad145d07e953e541a0a1b801aeef2
(cherry picked from commit
a89b183ef9323f4426941b207e2378064b5c7de3)
Michael Wachenschwanz [Tue, 31 Oct 2017 02:06:23 +0000 (19:06 -0700)]
AAPT2: Allow for nested inline xmls
Add recursion to InlineXmlFormatParser::Consume for handling nested
aapt:attr
Change-Id: Iabf98945b4f5ef22a3b8fdc4ca2bac092a377629
Fixes:
64385167
Test: make aapt2_tests
(cherry picked from commit
7b6b02bd13aea90b938c3ab3b1eaa3fb5043f931)
(cherry picked from commit
c8f5fc284cc635f7056307e55121e439b21ac83a)
android-build-team Robot [Fri, 27 Oct 2017 14:49:38 +0000 (14:49 +0000)]
Merge cherrypicks of [
3134552,
3130583,
3131953,
3131954,
3131955,
3131956,
3131957,
3131958,
3131959,
3132062,
3132336,
3131074,
3133939,
3131024,
3131025,
3131026,
3130584,
3130879,
3130880] into oc-mr1-release
Change-Id: I345643be0750801a95bd6a61a235f1576501807f
Dan Sandler [Fri, 27 Oct 2017 03:27:57 +0000 (23:27 -0400)]
Give fg services a shelf life before they go bad.
When a fg service starts (as indicated by its presence in a
NOTE_FOREGROUND_SERVICES notification), we note the service
start time (as encoded in Notification.when in ActivityMgr).
SysUI will suppress the dungeon (foreground service
disclosure) notification until 5 seconds have elapsed since
the earliest service start time. After that, if the service
is still running, the disclosure will be shown.
Bug:
67819284
Test: runtest -x frameworks/base/packages/SystemUI/tests/src/com/android/systemui/ForegroundServiceControllerTest.java
Change-Id: I5b6df95eb673e2f551aaa3ecc5a7df617f815a90
(cherry picked from commit
9830b5a8e41c3b477064e3b378734fc129e8342f)
Todd Kennedy [Wed, 25 Oct 2017 17:11:09 +0000 (10:11 -0700)]
Allow internal services access to instant apps
Any system UID [those with a UID < Process.FIRST_APPLICATION_UID] should be
able to see instant applications. These are trusted processes and will often
need to verify permissions of the calling instant app.
Change-Id: I4ec899ffd45d931a17d4ea0bfacf3004d3e074ef
Fixes:
67849834
Test: Manual.
Test: Install hellozip_base.apk from bug:
Test: $ adb install --instantapp -i com.android.vending hellozip_base.apk
Test: Run hellozip
Test: $ adb shell am start -a android.intent.action.VIEW -c android.intent.category.BROWSABLE -d https://hello.samples.androidinstantapps.com/hello
Test: Try to capture a photo and see that the app crashes with a SecurityException before the patch and that a photo is taken after the patch
Test: Try to record audio and see that the app crashes with an IllegalStateException before the patch and that the app doesn't crash after the patch
(cherry picked from commit
17e40d2fb6d5ad2be3b71d3bc1232ea84f6596b6)
Donald Chai [Fri, 13 Oct 2017 04:00:45 +0000 (21:00 -0700)]
AAPT: treat "-I" with lower precedence than main APK for dumping.
This is the desired behavior if resource IDs may overlap, and also happens to
improve the behavior of:
aapt dump -I base.apk badging feature.apk
when both APKs use the same package name with different package IDs
(base=0x7F, feature=0x80). Previously, the final call to
DynamicRefTable::addMapping was for base.apk, and all references to 0x80 were
rewritten in DynamicRefTable::lookupResourceId to 0x7F. After this
change resources defined in both APKs are resolved correctly.
Note that this is a bit of kludge, and APKs should use different names
to avoid conflating the package IDs.
Fixes:
67070085
Bug:
64058531
Test: manual with sample in b/
67070085#comment2
Change-Id: I285adb6f44a297440b08fc7a1f9ad73c700eb9bc
(cherry picked from commit
d1ac6e1f9ea3a4d6c0d6d4a118c61526b8234a5f)
(cherry picked from commit
94251fac62b12f030c404132a395fdef73e7ab29)
ztenghui [Fri, 13 Oct 2017 22:56:08 +0000 (15:56 -0700)]
AAPT leave <gradient> alone for VDC
bug:
62421666
Test: Tested with changes for Gradient of VDC.
Change-Id: I07b39721aeaaafd888416a0f71f6cbd5fce97732
(cherry picked from commit
ab2a38c03d54fad1ed0873ac091959ee38823cd6)
(cherry picked from commit
f49cce3aa6f625cfc7288886c044992e1580dbbc)
Donald Chai [Thu, 19 Oct 2017 06:51:18 +0000 (23:51 -0700)]
AAPT2: Sanitize resource qualifiers before using in split names.
Fixes:
67960909
Test: UtilTest.SplitNamesAreSanitized
Change-Id: I9ba1b8430a00cc7ce981075a60388f275c41dbea
(cherry picked from commit
b8f078c9a0c9f32ad84c475c26299ecb00962ffa)
(cherry picked from commit
50bae79111afcdb8d36d73cac15155cb61df2dc0)
android-build-team Robot [Wed, 25 Oct 2017 21:04:00 +0000 (21:04 +0000)]
Merge cherrypicks of [
3120219,
3121602,
3124243,
3125180] into oc-mr1-release
Change-Id: Iba119bfeb023f798076d19b82546db78ab06edb5
Christine Franks [Wed, 25 Oct 2017 02:04:22 +0000 (19:04 -0700)]
DO NOT MERGE - Support native and srgb for night display
Bug:
68159303
Test: make -j100
Change-Id: Iea4b38bd8c9037f50b7ffa6e3c4f12b0e536a8ce
(cherry picked from commit
8c9f91eba618c1fc5ad7f7ddef2b8854d4d10fce)
android-build-team Robot [Wed, 25 Oct 2017 05:32:01 +0000 (05:32 +0000)]
Merge cherrypicks of [
3122088,
3121430,
3119129,
3119130,
3119131,
3120667] into oc-mr1-release
Change-Id: I27e7d8f0f1dc1d73083eb6949e0c40d1ed77445c
Romain Guy [Tue, 24 Oct 2017 20:37:34 +0000 (21:37 +0100)]
Add color mode setting
The new setting appears on devices that support color management
and wide color gamut rendering. The setting allows the user to
choose between natural (sRGB), boosted (sRGB + 10% saturation)
and saturated (unmanaged colors; colors are remapped to the device's
native gamut).
This change adds a metric constant for analytics in Settings
and uses a persistent system property to know when to suppress
color management.
Bug:
68159303
Test: manual
Change-Id: I83cc972fc3a2290ff106eae0e76a3ee799503813
(cherry picked from commit
62e8c175257d25c64ed19e5ccccd4e3cd987b8ad)
android-build-team Robot [Mon, 23 Oct 2017 02:35:29 +0000 (02:35 +0000)]
Snap for
4411005 from
6575d483cc12747e8f6790e369ed59c15e3ff91a to oc-mr1-release
Change-Id: I5ec74e6de18301999f2140642016f85fda1d6a6a
TreeHugger Robot [Fri, 20 Oct 2017 17:44:58 +0000 (17:44 +0000)]
Merge "Fix netlink group mismatch in fds used for offload" into oc-mr1-dev
Niranjan Pendharkar [Wed, 18 Oct 2017 23:58:25 +0000 (16:58 -0700)]
Fix netlink group mismatch in fds used for offload
Existing groups used for binding to netlink conntrack events don't
seem to work as expected. Fix this by using exact groups defined
in IOffloadConfig hal.
Test: as follows
- Compiles and boots on walleye
- Validated conntrack destroy events are received as expected.
- Validated offload works as expected.
Bug:
68018148
CRs-fixed:
2126789
Merged-In: I2dcebec1c08bb7b067621331533d8a65dd7b5083
Merged-In: I96d6d5601aff009879f452975be91b6e7e40bb57
Change-Id: I76178fd7f109b82a4e4961347b8949937813d71d
(cherry picked from commit
f10282b830af4c7ea56b2c64e73a7ffd3c006007)
android-build-team Robot [Fri, 20 Oct 2017 07:17:57 +0000 (07:17 +0000)]
Snap for
4407597 from
7bd96d32a17553cf5772c7abf5a759636bcc4943 to oc-mr1-release
Change-Id: I9e76506b991d8147e5b6a5a3dbcc3e16ed825def
Jonathan Basseri [Fri, 20 Oct 2017 02:50:35 +0000 (02:50 +0000)]
Merge "DO NOT MERGE Revert "Convert ICarrierService to oneway."" into oc-mr1-dev
Jeff Sharkey [Fri, 20 Oct 2017 01:48:46 +0000 (01:48 +0000)]
DO NOT MERGE. KEY_INTENT shouldn't grant permissions. am:
ca7ffa06bc -s ours am:
edb6b17ebc -s ours am:
08bd3a75fb am:
9c441159f9 am:
2f8dbe9693 am:
3bb6994a0b -s ours am:
73a4e88df8 am:
832890f6e2 am:
34e4628cfb am:
76d9732106 am:
af70ac2914 -s ours am:
571c8a4507
am:
45829c0c41
Change-Id: I9c80ad1cde980004a625ba7a0df579c7432d14ae
Jeff Sharkey [Fri, 20 Oct 2017 01:33:20 +0000 (01:33 +0000)]
DO NOT MERGE. KEY_INTENT shouldn't grant permissions. am:
1f2a5d3622 -s ours am:
b52056d549 am:
563ea682e7 am:
901c587c6b am:
1455bd6492 -s ours am:
7f00f14d81 am:
3c30346de2 am:
b049f43f9b am:
1b40397eb0 am:
00183554a9 -s ours am:
61d6dd8185
am:
438ed4369d
Change-Id: I467f1f279116602880a6533cadf0dc7721bdfe88
Jeff Sharkey [Fri, 20 Oct 2017 01:26:22 +0000 (01:26 +0000)]
DO NOT MERGE. KEY_INTENT shouldn't grant permissions. am:
ca7ffa06bc -s ours am:
edb6b17ebc -s ours am:
08bd3a75fb am:
9c441159f9 am:
2f8dbe9693 am:
3bb6994a0b -s ours am:
73a4e88df8 am:
832890f6e2 am:
34e4628cfb am:
76d9732106 am:
af70ac2914 -s ours
am:
571c8a4507
Change-Id: Ie4e871d2017d505461027c376946e2034105062a
Siyamed Sinir [Fri, 20 Oct 2017 01:17:09 +0000 (01:17 +0000)]
Fix ClipboardService device lock check for cross profile am:
0595b5a94b am:
9e5a4ed6c3 -s ours am:
1c7cdde2d3 am:
63bb54738d am:
4c7113461f am:
74b3298994 am:
4afdfec2d9 am:
bf5b9d7e8e am:
9f073ee9fd am:
c257b61ec2 am:
21bdeacae7 am:
6ecad744a9
am:
289db3b4f3
Change-Id: I71991fe9cd3b442dff4ce84657cd84936511a8b2
Jeff Sharkey [Fri, 20 Oct 2017 01:11:01 +0000 (01:11 +0000)]
DO NOT MERGE. KEY_INTENT shouldn't grant permissions. am:
1f2a5d3622 -s ours am:
b52056d549 am:
563ea682e7 am:
901c587c6b am:
1455bd6492 -s ours am:
7f00f14d81 am:
3c30346de2 am:
b049f43f9b am:
1b40397eb0 am:
00183554a9 -s ours
am:
61d6dd8185
Change-Id: I9b862fb8aa4858bf57aa390c7d54a65bb19d12fd