OSDN Git Service
TreeHugger Robot [Tue, 6 Jun 2017 22:53:55 +0000 (22:53 +0000)]
Merge "Close connection before retrying" into lmp-dev
Marco Nelissen [Fri, 2 Jun 2017 19:16:44 +0000 (12:16 -0700)]
Close connection before retrying
Otherwise the (CTS) server might run out of connections.
Bug:
38391487
Bug:
22771132
Test: build, run CTS, stream music
Change-Id: I92c782a6799ab36eec8df3f7c3217bea667b838a
Nick Kralevich [Tue, 14 Mar 2017 17:25:35 +0000 (10:25 -0700)]
ZygoteInit: Remove CAP_SYS_RESOURCE
Please see commit
3082eb7c7253c62a06aa151a80487a4eabd49914 for an
explanation of this change.
This capability is not used by system_server.
Bug:
34951864
Bug:
38496951
Test: code compiles, device boots, no selinux errors ever reported.
Change-Id: I4242b1abaa8679b9bfa0d31a1df565b46b7b3cc3
(cherry picked from commit
35775783fc6609035136184e3843bc743b59945d)
Nick Kralevich [Wed, 15 Feb 2017 23:12:31 +0000 (15:12 -0800)]
system_server: add CAP_SYS_PTRACE
Commit https://android.googlesource.com/kernel/common/+/
f0ce0eee added
CAP_SYS_RESOURCE as a capability check which would allow access to
sensitive /proc/PID files. system_server uses this capability to collect
smaps from managed processes. Presumably this was done to avoid the
implications of granting CAP_SYS_PTRACE to system_server.
However, with SELinux enforcement, we can grant CAP_SYS_PTRACE but not
allow ptrace attach() to other processes. The net result of this is that
CAP_SYS_PTRACE and CAP_SYS_RESOURCE have identical security controls, as
long as system_server:process ptrace is never granted.
Add CAP_SYS_PTRACE to the set of capabilities granted to system_server.
Don't delete CAP_SYS_RESOURCE for now. SELinux has blocked the use of
CAP_SYS_RESOURCE, but we still want to generate audit logs if it's
triggered. CAP_SYS_RESOURCE can be deleted in a future commit.
Bug:
34951864
Bug:
38496951
Test: Device boots, functionality remains identical, no sys_resource
denials from system_server.
Change-Id: I2570266165396dba2b600eac7c42c94800d9c65b
(cherry picked from commit
3082eb7c7253c62a06aa151a80487a4eabd49914)
Phil Weaver [Fri, 7 Apr 2017 21:39:27 +0000 (14:39 -0700)]
Make a11y node info parceling more robust
Fix a bug where a malformed Parceled representation
of an AccessibilityNodeInfo could be used to mess with
Bundles as they get reparceled.
Bug:
36491278
Test: Verified that POC no longer works, a11y cts still passes.
(Manual merge from commit
687bb44b437f7bb24dd3dddf072c2f646308e2ca)
Change-Id: I7746c9175a2da28f75d4f4b169d7997abadf1852
Fyodor Kupolov [Fri, 10 Mar 2017 03:00:46 +0000 (03:00 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev am:
ac87aee354 am:
a821245d70
am:
156fa32e2a -s ours
Change-Id: Ic4e51daa36c395f2e3b538658649ff9104bb962c
Fyodor Kupolov [Fri, 10 Mar 2017 02:55:07 +0000 (02:55 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev am:
ac87aee354
am:
a821245d70
Change-Id: I1e47c963728906cb2283a353c882017368d07747
Fyodor Kupolov [Fri, 10 Mar 2017 02:49:34 +0000 (02:49 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev
am:
ac87aee354
Change-Id: I5bbdc48120f2d03b4ad6605bfeccd5ccdc8c7958
Fyodor Kupolov [Fri, 10 Mar 2017 02:39:09 +0000 (02:39 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into klp-dev
Fyodor Kupolov [Fri, 10 Mar 2017 01:50:38 +0000 (01:50 +0000)]
Merge "[DO NOT MERGE] Throw exception if slot has invalid offset" into lmp-dev
Fyodor Kupolov [Thu, 9 Mar 2017 19:58:26 +0000 (19:58 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr am:
7b83d625aa am:
2d54d2c0d5
am:
305a41b7a6 -s ours
Change-Id: I902e6af1c2ef49d454a7d1bae92d8e20ea263b0e
Fyodor Kupolov [Thu, 9 Mar 2017 19:52:01 +0000 (19:52 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr am:
7b83d625aa
am:
2d54d2c0d5
Change-Id: I29dccd1ed95079470fc1dd7b04e3db6c5c7d76d2
Fyodor Kupolov [Thu, 9 Mar 2017 19:43:54 +0000 (19:43 +0000)]
[DO NOT MERGE] Check bounds in offsetToPtr
am:
7b83d625aa
Change-Id: Icfcec14e7d4bfcd6c893f0fa319541223b9d7901
Fyodor Kupolov [Wed, 22 Feb 2017 22:12:50 +0000 (14:12 -0800)]
[DO NOT MERGE] Throw exception if slot has invalid offset
Previously the process would crash, which is OK, but complicates testing.
Test: cts-tradefed run cts --module CtsContentTestCases
--test android.content.cts.ContentProviderCursorWindowTest
Bug:
34128677
Change-Id: I5b50982d77ec65c442fbb973d14c85a5c29c43c7
(cherry picked from commit
eb6de6f5f10148b9f81f9c0074d1e1f7af21bfb0)
Fyodor Kupolov [Wed, 22 Feb 2017 22:12:50 +0000 (14:12 -0800)]
[DO NOT MERGE] Throw exception if slot has invalid offset
Previously the process would crash, which is OK, but complicates testing.
Test: cts-tradefed run cts --module CtsContentTestCases
--test android.content.cts.ContentProviderCursorWindowTest
Bug:
34128677
Change-Id: I5b50982d77ec65c442fbb973d14c85a5c29c43c7
(cherry picked from commit
eb6de6f5f10148b9f81f9c0074d1e1f7af21bfb0)
Fyodor Kupolov [Tue, 28 Feb 2017 01:33:18 +0000 (17:33 -0800)]
[DO NOT MERGE] Check bounds in offsetToPtr
Check whether specified offset belongs to mData.
Also added a default argument bufferSize to check the end offset.
Size of the ashmem descriptor can be modified between
ashmem_get_size_region call and mmap. createFromParcel method was updated
to check ashmem size again immediately after memory is mapped.
Test: manual - using the test app from the bug
Bug:
34128677
Change-Id: I3ecd1616a870ce20941ce9b20a1843d2b4295750
(cherry picked from commit
45e2e95c2ffeb2d978e2cce80b729ef6ada3b8d2)
Fyodor Kupolov [Tue, 28 Feb 2017 01:33:18 +0000 (17:33 -0800)]
[DO NOT MERGE] Check bounds in offsetToPtr
Check whether specified offset belongs to mData.
Also added a default argument bufferSize to check the end offset.
Size of the ashmem descriptor can be modified between
ashmem_get_size_region call and mmap. createFromParcel method was updated
to check ashmem size again immediately after memory is mapped.
Test: manual - using the test app from the bug
Bug:
34128677
Change-Id: I3ecd1616a870ce20941ce9b20a1843d2b4295750
(cherry picked from commit
45e2e95c2ffeb2d978e2cce80b729ef6ada3b8d2)
Jeff Sharkey [Thu, 2 Feb 2017 23:59:43 +0000 (23:59 +0000)]
Merge "DO NOT MERGE. No direct Uri grants from system." into lmp-dev
Suprabh Shukla [Thu, 2 Feb 2017 22:58:45 +0000 (22:58 +0000)]
Merge "DO NOT MERGE Do not call RecoverySystem with DPMS lock held" into lmp-dev
Suprabh Shukla [Thu, 2 Feb 2017 22:41:38 +0000 (22:41 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am:
8cdc04957a am:
21992d997b
am:
b278ed787e -s ours
Change-Id: Ib70440bdd1c60ed5eaa9b8c8152a4745f44cacd6
Suprabh Shukla [Thu, 2 Feb 2017 22:36:03 +0000 (22:36 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held am:
8cdc04957a
am:
21992d997b
Change-Id: Ib5ba5eb63227be2fbf25a79e7f8f8e42b1cc9a2b
Suprabh Shukla [Thu, 2 Feb 2017 22:31:29 +0000 (22:31 +0000)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
am:
8cdc04957a
Change-Id: I7c1b9e9f785ef99575136d9af0b062dad759c17a
Jeff Sharkey [Mon, 21 Nov 2016 17:33:54 +0000 (10:33 -0700)]
DO NOT MERGE. No direct Uri grants from system.
The system should never be extending Uri permission grants from
itself, since it automatically holds all the permissions. Instead,
the system should always be a mediator between two specific app, and
it should be using startActivityAsCaller() if it needs to extend
permissions.
Blocking at this level fixes an entire class of confused deputy
security issues.
Test: builds, normal intent resolution UI works
Bug:
33019296,
32990341,
32879915,
32879772
Change-Id: Iaa57c393a386d8068e807d0dd0caccc89d8a11db
Suprabh Shukla [Tue, 31 Jan 2017 02:24:02 +0000 (18:24 -0800)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
Note DPM.wipeData() on a secondary user is now blocking, just like
it's been always blocking on the primary user.
Bug
30681079
Change-Id: Ia832bed0f22396998d6307ab46e262dae9463838
Merged-In: Ia832bed0f22396998d6307ab46e262dae9463838
Suprabh Shukla [Tue, 31 Jan 2017 02:02:18 +0000 (18:02 -0800)]
DO NOT MERGE Do not call RecoverySystem with DPMS lock held
Bug
30681079
Change-Id: Ia832bed0f22396998d6307ab46e262dae9463838
Tom O'Neill [Thu, 22 Dec 2016 17:09:09 +0000 (17:09 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e am:
d417e54872
am:
3380a77516
Change-Id: Ice61f337e1fcfd0569431538e475d94f9d205423
Tom O'Neill [Thu, 22 Dec 2016 17:04:07 +0000 (17:04 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e
am:
d417e54872
Change-Id: I2f47020055f962b36f095137d75c9cbfe6b1a6db
Tom O'Neill [Thu, 22 Dec 2016 16:58:33 +0000 (16:58 +0000)]
Fix exploit where can hide the fact that a location was mocked
am:
a206a0f17e
Change-Id: Ib3af056919a4b909d3d11dd3fe2b46eaa7cdf0f4
Tom O'Neill [Thu, 15 Dec 2016 18:26:28 +0000 (10:26 -0800)]
Fix exploit where can hide the fact that a location was mocked
- Even if call setTestProviderLocation() with inconsistent providers,
should still end up with a location that is flagged as mocked
- Bug:
33091107
Change-Id: I39e038f25b975989c2e8651bfd9ec9e74073e6cd
Jeff Sharkey [Fri, 2 Dec 2016 18:10:04 +0000 (18:10 +0000)]
Merge "DO NOT MERGE. Check provider access for content changes." into lmp-dev
Jeff Sharkey [Wed, 30 Nov 2016 23:07:00 +0000 (16:07 -0700)]
DO NOT MERGE. Retain DownloadManager Uri grants when clearing.
As part of fixing a recent security issue, DownloadManager now needs
to issue Uri permission grants for all downloads. However, if an app
that requested a download is upgraded or otherwise force-stopped,
the required permission grants are removed.
We could tell DownloadManager about the app being stopped, but that
would be racy (due to background broadcast), and waking it up would
degrade system health. Instead, as a special case we now only
consider clearing DownloadManager permission grants when app data
is being cleared.
Bug:
32172542,
30537115
Test: builds, boots, app upgrade doesn't clear grants
Change-Id: I7e3d4546fd12bfe5f81b9fb9857ece58d574a6b9
(cherry picked from commit
23ec811266fb728cf159a90ce4882b3c9bac1887)
Jeff Sharkey [Fri, 18 Nov 2016 21:23:23 +0000 (14:23 -0700)]
DO NOT MERGE. Check provider access for content changes.
For an app to either send or receive content change notifications,
require that they have some level of access to the underlying
provider.
Without these checks, a malicious app could sniff sensitive user data
from the notifications of otherwise private providers.
Test: builds, boots, PoC app now fails
Bug:
32555637
Change-Id: If2dcd45cb0a9f1fb3b93e39fc7b8ae9c34c2fdef
Narayan Kamath [Mon, 7 Nov 2016 16:22:48 +0000 (16:22 +0000)]
Zygote : Block SIGCHLD during fork.
We close the android logging related sockets prior as late as possible
before every fork to avoid having to whitelist them. If one of the
zygote's children dies after this point (but prior to the fork), we can
end up reopening the logging sockets from the SIGCHLD signal handler.
To prevent this from happening, block SIGCHLD during this critical
section.
Bug:
32693692
Test: Manual
(cherry picked from commit
e9a525829a354c92983a35455ccab16d1b0d3892)
Zygote: Unblock SIGCHLD in the parent after fork.
Follow up to change
e9a525829a354c92983a. Allows the zygote to
receive SIGCHLD again and prevents the zygote from getting into a
zombie state if it's killed.
Contributed-By: rhed_jao <rhed_jao@htc.com>
Bug:
32693692
Test: manual
(cherry picked from commit
1480dc3e97b661f5bfa3a5c2fbce72385b8d2be6)
Change-Id: If89903a29c84dfc9b056f9e19618046874bba689
Narayan Kamath [Wed, 9 Nov 2016 10:20:00 +0000 (10:20 +0000)]
Merge "Zygote: Additional whitelisting for legacy devices." into lmp-dev
Narayan Kamath [Wed, 9 Nov 2016 09:30:47 +0000 (09:30 +0000)]
Merge "Zygote: Additional whitelists for runtime overlay / other static resources." into lmp-dev
neo.chae [Mon, 31 Oct 2016 15:02:38 +0000 (00:02 +0900)]
Fix idmap leak in zygote process
Fix a idmap leak in AssetManager::addSystemOverlays.
And, The fix could also prevent fd leak of idmap.
Test: none
Bug:
32691930
Signed-off-by: Hyangseok Chae <neo.chae@lge.com>
(cherry picked from commit
6a742a38509693f8b39ee9a5ad2803fca12688bf)
Change-Id: Idc4af77db2b0cb739bd6b009b6af0f9123be1aac
Narayan Kamath [Mon, 7 Nov 2016 19:59:29 +0000 (19:59 +0000)]
Zygote: Additional whitelisting for legacy devices.
On M and below, we provide a blanket whitelist for all files under
"/vendor/zygote_whitelist". This path is whitelisted purely to allow
this patch to be applied easily on legacy devices and configurations.
Note that this does not amount to a loosening of our security policy
because whitelisted files are reopened anyway.
Bug:
32691930
Test: manual
(cherry picked from commit
5e2f7c6229d7191183888d685b57a7d0a2835fce)
Change-Id: I9700fc7b469d0bc4d876c52292f25888b94a5223
Narayan Kamath [Fri, 23 Sep 2016 08:07:11 +0000 (09:07 +0100)]
Zygote: Additional whitelists for runtime overlay / other static resources.
Partially cherry picked from commit
1c15c635785c64a.
These files are safe to reopen for the same reason that files in
/system/framework are. They're regular files and will not change after
the first zygote fork.
Bug:
32618130
Change-Id: I119e0bfcbf397cb331064adf148d92a5cd3ea92f
Sungsoo [Tue, 18 Oct 2016 17:41:55 +0000 (17:41 +0000)]
DO NOT MERGE) ExifInterface: Close the file when an exception happens am:
418e0869ba am:
a5affb045e
am:
9a15881184 -s ours
Change-Id: I67ba2d8b8d3c3f32fca417303ee422482acc40d8
Sungsoo [Tue, 18 Oct 2016 17:35:23 +0000 (17:35 +0000)]
DO NOT MERGE) ExifInterface: Close the file when an exception happens am:
418e0869ba
am:
a5affb045e
Change-Id: I4bb4440c019839073b4fcf6df54d726a02286680
Sungsoo [Tue, 18 Oct 2016 17:28:58 +0000 (17:28 +0000)]
DO NOT MERGE) ExifInterface: Close the file when an exception happens
am:
418e0869ba
Change-Id: Ifad08d681f67abc4dd9ad5d8c4e82b038cbd8322
Sungsoo [Tue, 18 Oct 2016 05:12:00 +0000 (14:12 +0900)]
DO NOT MERGE) ExifInterface: Close the file when an exception happens
Bug:
32068647, Bug:
30936376
Change-Id: I22fa2384348c890ca726d2b1632cd54e59d25a8f
Sungsoo [Tue, 18 Oct 2016 05:12:00 +0000 (14:12 +0900)]
DO NOT MERGE) ExifInterface: Close the file when an exception happens
Bug:
32068647, Bug:
30936376
Change-Id: I22fa2384348c890ca726d2b1632cd54e59d25a8f
Suprabh Shukla [Sat, 15 Oct 2016 00:49:46 +0000 (00:49 +0000)]
Merge "DO NOT MERGE Isolated processes don't get precached system service binders" into klp-dev am:
6739ba0280 am:
c36913e68a
am:
e3c0c509ea -s ours
Change-Id: I287e60913bd2a3f6b46d1d5ef2413727e3e63cc2
Suprabh Shukla [Sat, 15 Oct 2016 00:48:51 +0000 (00:48 +0000)]
DO NOT MERGE Isolated processes don't get precached system service binders am:
2aa7e5e861 am:
9df66924c0
am:
e07b811d78 -s ours
Change-Id: Ia9271aeed1c2953a318fc4bf50ee169739147d66
Suprabh Shukla [Sat, 15 Oct 2016 00:41:36 +0000 (00:41 +0000)]
Merge "DO NOT MERGE Isolated processes don't get precached system service binders" into klp-dev am:
6739ba0280
am:
c36913e68a
Change-Id: I65ab1551a4cdbbdf58bf9ec98f718e79c6ee9fe5
Suprabh Shukla [Sat, 15 Oct 2016 00:40:45 +0000 (00:40 +0000)]
DO NOT MERGE Isolated processes don't get precached system service binders am:
2aa7e5e861
am:
9df66924c0
Change-Id: I9bd2580a687037fe9c5d74765d47bb4500b4d096
Suprabh Shukla [Sat, 15 Oct 2016 00:34:11 +0000 (00:34 +0000)]
Merge "DO NOT MERGE Isolated processes don't get precached system service binders" into klp-dev
am:
6739ba0280
Change-Id: Ib8534d2c7ae344d430a9ba2e227cb65d942f0222
Suprabh Shukla [Sat, 15 Oct 2016 00:34:09 +0000 (00:34 +0000)]
DO NOT MERGE Isolated processes don't get precached system service binders
am:
2aa7e5e861
Change-Id: Ied81e1f4b517627f0ced686e7485fa035b1f4c6a
Suprabh Shukla [Sat, 15 Oct 2016 00:26:18 +0000 (00:26 +0000)]
Merge "DO NOT MERGE Isolated processes don't get precached system service binders" into lmp-dev
TreeHugger Robot [Sat, 15 Oct 2016 00:24:31 +0000 (00:24 +0000)]
Merge "DO NOT MERGE Isolated processes don't get precached system service binders" into klp-dev
Suprabh Shukla [Thu, 13 Oct 2016 02:01:11 +0000 (19:01 -0700)]
DO NOT MERGE Isolated processes don't get precached system service binders
More specifically, they get a PackageManager binder -- necessary for
Android process startup and configuration -- but none of the other
usual preloaded service binders.
(backported from commit
2c61c57ac53cbb270b4e76b9d04465f8a3f6eadc)
Bug:
30202228
Change-Id: I3810649f504cd631665ece338a83d2e54d41ad05
Suprabh Shukla [Thu, 13 Oct 2016 23:33:04 +0000 (16:33 -0700)]
DO NOT MERGE Isolated processes don't get precached system service binders
More specifically, they get a PackageManager binder -- necessary for
Android process startup and configuration -- but none of the other
usual preloaded service binders.
(backported from commit
2c61c57ac53cbb270b4e76b9d04465f8a3f6eadc)
Bug:
30202228
Change-Id: I3810649f504cd631665ece338a83d2e54d41ad05
Sungsoo [Thu, 13 Oct 2016 22:06:03 +0000 (22:06 +0000)]
DO NOT MERGE) ExifInterface: Provide backward compatibility am:
c11f599a2f am:
29e643bcbd
am:
68aa33b9bf -s ours
Change-Id: I7fe3d5dbcb7bd206233ce969840f5ed182913dd6
Sungsoo [Thu, 13 Oct 2016 22:01:39 +0000 (22:01 +0000)]
DO NOT MERGE) ExifInterface: Provide backward compatibility am:
c11f599a2f
am:
29e643bcbd
Change-Id: I413ba35abfc8999c405df78a40b8182f19472b6a
Sungsoo [Thu, 13 Oct 2016 21:56:56 +0000 (21:56 +0000)]
DO NOT MERGE) ExifInterface: Provide backward compatibility
am:
c11f599a2f
Change-Id: If503e3361e69ad88a166f145603273d728d65652
Sungsoo [Thu, 13 Oct 2016 03:24:16 +0000 (12:24 +0900)]
DO NOT MERGE) ExifInterface: Provide backward compatibility
ExifInterface.saveAttribute() didn't throw UnsupportedOperationException
before. Use IOException instead of UnsupportedOperationException for
backward compatibility.
Bug:
30936376, Bug:
32068647, Bug:
31319086
Change-Id: Iacc7b4d91d49edd7bece8f2e738a633a91025eca
Sungsoo [Thu, 13 Oct 2016 03:24:16 +0000 (12:24 +0900)]
DO NOT MERGE) ExifInterface: Provide backward compatibility
ExifInterface.saveAttribute() didn't throw UnsupportedOperationException
before. Use IOException instead of UnsupportedOperationException for
backward compatibility.
Bug:
30936376, Bug:
32068647, Bug:
31319086
Change-Id: Iacc7b4d91d49edd7bece8f2e738a633a91025eca
Jaewan Kim [Thu, 22 Sep 2016 17:46:56 +0000 (17:46 +0000)]
Merge "DO NOT MERGE Fix build" into lmp-dev
Jaewan Kim [Thu, 22 Sep 2016 05:56:33 +0000 (14:56 +0900)]
DO NOT MERGE Fix build
Bug:
29833954
Change-Id: Ia814969b516ac7cc0ad7431ebab40cc74fdf2a05
Jaewan Kim [Thu, 22 Sep 2016 09:13:35 +0000 (09:13 +0000)]
Merge "DO NOT MERGE Check caller for sending media key to telephony service" into klp-dev am:
5b05226586 am:
b38fbf9894
am:
84ecab6059 -s ours
Change-Id: I077206cbba5614e52046cbbbf6e40544c3e25f92
Jaewan Kim [Thu, 22 Sep 2016 08:07:29 +0000 (08:07 +0000)]
DO NOT MERGE Check caller for sending media key to telephony service am:
d1641e8c27 am:
9477c1674c
am:
27d24e01cb -s ours
Change-Id: Ibfec9c02db97a94476d1b6b4d7e98fd051d4aa58
Jaewan Kim [Thu, 22 Sep 2016 08:07:17 +0000 (08:07 +0000)]
Merge "DO NOT MERGE Check caller for sending media key to telephony service" into klp-dev am:
5b05226586
am:
b38fbf9894
Change-Id: I6f6d600544f09aac349a626e3ced18de5e02a2eb
Jaewan Kim [Thu, 22 Sep 2016 07:35:37 +0000 (07:35 +0000)]
DO NOT MERGE Check caller for sending media key to telephony service am:
d1641e8c27
am:
9477c1674c
Change-Id: If2edd8d386cd57f00221fedff3f118e6887cab61
Jaewan Kim [Thu, 22 Sep 2016 06:39:33 +0000 (06:39 +0000)]
Merge "DO NOT MERGE Check caller for sending media key to telephony service" into klp-dev
am:
5b05226586
Change-Id: I0b0b672c42a7a4bd75ccbeb2c3a1047eebda5076
Jaewan Kim [Thu, 22 Sep 2016 06:39:24 +0000 (06:39 +0000)]
DO NOT MERGE Check caller for sending media key to telephony service
am:
d1641e8c27
Change-Id: I5be1d931c3a2f2748e69158d442172c327199ef5
Jaewan Kim [Thu, 22 Sep 2016 05:19:34 +0000 (05:19 +0000)]
Merge "DO NOT MERGE Check caller for sending media key to telephony service" into klp-dev
Jaewan Kim [Wed, 21 Sep 2016 02:20:54 +0000 (11:20 +0900)]
DO NOT MERGE Check caller for sending media key to telephony service
Prevent sending media key events from the non-system app to the
telephony service through the AudioManager.dispatchMediaKeyEvent()
or sending media key broadcast directly.
Bug:
29833954
Tested: Installed malicious apps and confirmed that they don't work.
Tested: Run CtsTelecomTestCases and CtsMediaTestCases
Change-Id: I2a9e78196ba7455324e485f098f095d03b47ee15
Ajay Panicker [Thu, 22 Sep 2016 03:50:02 +0000 (03:50 +0000)]
Merge "[DO NOT MERGE] Prevent FDs from being leaked when accepted sockets are closed" into klp-dev am:
c119a677c4 am:
35d1b45b0f
am:
dc0f9fa9c9 -s ours
Change-Id: I75e0e5a61d15b2e6c4a1fec70b807165c8768987
Ajay Panicker [Thu, 22 Sep 2016 03:48:40 +0000 (03:48 +0000)]
[DO NOT MERGE] Prevent FDs from being leaked when accepted sockets are closed am:
786e2694b1 am:
8fd324c33f
am:
438cc52ca1 -s ours
Change-Id: Iabaa5642ffa6c3417b5e027e2da9b33666b1aacf
Jaewan Kim [Wed, 21 Sep 2016 22:21:03 +0000 (22:21 +0000)]
Merge "DO NOT MERGE Check caller for sending media key to global priority session" into lmp-dev
Ajay Panicker [Wed, 21 Sep 2016 21:56:49 +0000 (21:56 +0000)]
Merge "[DO NOT MERGE] Prevent FDs from being leaked when accepted sockets are closed" into klp-dev am:
c119a677c4
am:
35d1b45b0f
Change-Id: I0417ea58275604b9ac1fca6e79c14697d965397a
Ajay Panicker [Wed, 21 Sep 2016 21:55:46 +0000 (21:55 +0000)]
[DO NOT MERGE] Prevent FDs from being leaked when accepted sockets are closed am:
786e2694b1
am:
8fd324c33f
Change-Id: Idbe61150d738e5e41d5606fa6d89c0a5b604a86d
Ajay Panicker [Wed, 21 Sep 2016 21:15:59 +0000 (21:15 +0000)]
Merge "[DO NOT MERGE] Prevent FDs from being leaked when accepted sockets are closed" into klp-dev
am:
c119a677c4
Change-Id: I7f1a7c5d09d38cfbd3fca0ee158f6401233e8f6d
Ajay Panicker [Wed, 21 Sep 2016 21:15:56 +0000 (21:15 +0000)]
[DO NOT MERGE] Prevent FDs from being leaked when accepted sockets are closed
am:
786e2694b1
Change-Id: Ia40c3fc57b5c17910c67faf40b940bdd944dd4e3
Ajay Panicker [Wed, 21 Sep 2016 21:08:04 +0000 (21:08 +0000)]
Merge "[DO NOT MERGE] Prevent FDs from being leaked when accepted sockets are closed" into lmp-dev
Ajay Panicker [Wed, 21 Sep 2016 21:08:01 +0000 (21:08 +0000)]
Merge "[DO NOT MERGE] Prevent FDs from being leaked when accepted sockets are closed" into klp-dev
Jaewan Kim [Wed, 21 Sep 2016 01:07:24 +0000 (10:07 +0900)]
DO NOT MERGE Check caller for sending media key to global priority session
Prevent sending media key events from the non-system app to the global
priority session through the MediaSessionManager.dispatchMediaKeyEvent().
Note that any app can use the API indirectly with
the public API AudioManager.dispatchMediaKeyEvent().
Bug:
29833954
Tested: Installed malicious apps and confirmed that they don't work.
Tested: Run CtsTelecomTestCases and CtsMediaTestCases
Change-Id: I2a9e78196ba7455324e485f098f095d03b47ee15
TreeHugger Robot [Wed, 21 Sep 2016 00:07:34 +0000 (00:07 +0000)]
Merge "[DO NOT MERGE] Fix setPairingConfirmation permissions issue (2/2)" into lmp-dev
Ajay Panicker [Wed, 21 Sep 2016 00:04:35 +0000 (00:04 +0000)]
Merge "[DO NOT MERGE] Fix setPairingConfirmation permissions issue (2/2)" into klp-dev am:
204da8aa9e am:
a278a1e660
am:
3d995d6f5f -s ours
Change-Id: I9e410ce2d5302eda87aea9628cb58ca203a212c5
Ajay Panicker [Wed, 21 Sep 2016 00:03:23 +0000 (00:03 +0000)]
[DO NOT MERGE] Fix setPairingConfirmation permissions issue (2/2) am:
edae39d59a am:
271e34dbd5
am:
3758253ae8 -s ours
Change-Id: I0836ddb1649084a6814c461bccc41135cb475337
Ajay Panicker [Tue, 20 Sep 2016 23:56:48 +0000 (23:56 +0000)]
Merge "[DO NOT MERGE] Fix setPairingConfirmation permissions issue (2/2)" into klp-dev am:
204da8aa9e
am:
a278a1e660
Change-Id: I22838d21bdd289ca34b78260ade59adafbdc408a
Ajay Panicker [Tue, 20 Sep 2016 23:55:44 +0000 (23:55 +0000)]
[DO NOT MERGE] Fix setPairingConfirmation permissions issue (2/2) am:
edae39d59a
am:
271e34dbd5
Change-Id: I954b8f2d9333fa6bb549dc812733d2b8f71220b9
Ajay Panicker [Tue, 20 Sep 2016 23:49:13 +0000 (23:49 +0000)]
Merge "[DO NOT MERGE] Fix setPairingConfirmation permissions issue (2/2)" into klp-dev
am:
204da8aa9e
Change-Id: I0ff3b20fc2f3318070e343dfe6dc29b2979284ef
Ajay Panicker [Tue, 20 Sep 2016 23:49:05 +0000 (23:49 +0000)]
[DO NOT MERGE] Fix setPairingConfirmation permissions issue (2/2)
am:
edae39d59a
Change-Id: I2bdf5c6fc24fd370e2555585e8492558040c0d10
TreeHugger Robot [Tue, 20 Sep 2016 23:44:57 +0000 (23:44 +0000)]
Merge "[DO NOT MERGE] Fix setPairingConfirmation permissions issue (2/2)" into klp-dev
Sudheer Shanka [Mon, 19 Sep 2016 23:24:48 +0000 (23:24 +0000)]
Merge "DO NOT MERGE: Fix deadlock in AcitivityManagerService." into klp-dev am:
d1e3e53d79 am:
a4c9bbefdf
am:
3fca892d3e -s ours
Change-Id: I4d66089c6ec8743f119dd4aab641b22ebdad7b5c
Sudheer Shanka [Mon, 19 Sep 2016 21:50:49 +0000 (21:50 +0000)]
DO NOT MERGE: Fix deadlock in AcitivityManagerService. am:
dce4be63bb am:
a437e7f3f1
am:
c1b2e6db98 -s ours
Change-Id: I006233ce7258467da7d5c09c9925bd6048d85ed3
Sudheer Shanka [Mon, 19 Sep 2016 21:50:47 +0000 (21:50 +0000)]
Merge "DO NOT MERGE: Fix deadlock in AcitivityManagerService." into klp-dev am:
d1e3e53d79
am:
a4c9bbefdf
Change-Id: I224c2cf56d53acf091a11372f82d1305052c6f18
Sudheer Shanka [Mon, 19 Sep 2016 21:02:53 +0000 (21:02 +0000)]
DO NOT MERGE: Fix deadlock in AcitivityManagerService. am:
dce4be63bb
am:
a437e7f3f1
Change-Id: I13fdcfc2ecca2e5e1d178d61ef8ec6990a0fc3af
Sudheer Shanka [Mon, 19 Sep 2016 20:16:17 +0000 (20:16 +0000)]
Merge "DO NOT MERGE: Fix deadlock in AcitivityManagerService." into klp-dev
am:
d1e3e53d79
Change-Id: Id794cb9cd3792317d2786671f2f84a6ad8bbd404
Sudheer Shanka [Mon, 19 Sep 2016 20:16:13 +0000 (20:16 +0000)]
DO NOT MERGE: Fix deadlock in AcitivityManagerService.
am:
dce4be63bb
Change-Id: Ia1db0d226d84ed07da6712f554327b49c9fe59c0
Sudheer Shanka [Mon, 19 Sep 2016 20:01:47 +0000 (20:01 +0000)]
Merge "DO NOT MERGE: Fix deadlock in AcitivityManagerService." into lmp-dev
Sudheer Shanka [Mon, 19 Sep 2016 19:59:18 +0000 (19:59 +0000)]
Merge "DO NOT MERGE: Fix deadlock in AcitivityManagerService." into klp-dev
Paul Jensen [Mon, 19 Sep 2016 11:34:00 +0000 (11:34 +0000)]
Merge "Avoid crashing when downloading MitM'd PAC that is too big" into klp-dev am:
96c045807b am:
7c08c4d5cc
am:
963ca6f947
Change-Id: I1a509c39640e7f9d76bd2e420764aeb3d823a3df
Paul Jensen [Mon, 19 Sep 2016 11:31:54 +0000 (11:31 +0000)]
Avoid crashing when downloading MitM'd PAC that is too big am:
7d2198b586 am:
9c1cb7a273
am:
6634e90ad7
Change-Id: Id46b32b80d47f6b7e2bfab2740978377a6b711cf
Paul Jensen [Mon, 19 Sep 2016 11:27:47 +0000 (11:27 +0000)]
Merge "Avoid crashing when downloading MitM'd PAC that is too big" into klp-dev am:
96c045807b
am:
7c08c4d5cc
Change-Id: Idd0a3598ffac808a39703a23238b47a02bca66ed
Paul Jensen [Mon, 19 Sep 2016 11:25:21 +0000 (11:25 +0000)]
Avoid crashing when downloading MitM'd PAC that is too big am:
7d2198b586
am:
9c1cb7a273
Change-Id: I8cd4b0d33da22bc29abd176672659c3eeb8c7d5b
Paul Jensen [Mon, 19 Sep 2016 11:19:16 +0000 (11:19 +0000)]
Merge "Avoid crashing when downloading MitM'd PAC that is too big" into klp-dev
am:
96c045807b
Change-Id: Ia20ba679f7b0445567b43aa74eef27f751453d4e
Paul Jensen [Mon, 19 Sep 2016 11:19:13 +0000 (11:19 +0000)]
Avoid crashing when downloading MitM'd PAC that is too big
am:
7d2198b586
Change-Id: I512d6f9de6a92dd3cabec93bcadf437f5cf2e16d