OSDN Git Service
Jeff Sharkey [Fri, 2 Dec 2016 18:10:04 +0000 (18:10 +0000)]
Merge "DO NOT MERGE. Check provider access for content changes." into lmp-dev
Jeff Sharkey [Wed, 30 Nov 2016 23:07:00 +0000 (16:07 -0700)]
DO NOT MERGE. Retain DownloadManager Uri grants when clearing.
As part of fixing a recent security issue, DownloadManager now needs
to issue Uri permission grants for all downloads. However, if an app
that requested a download is upgraded or otherwise force-stopped,
the required permission grants are removed.
We could tell DownloadManager about the app being stopped, but that
would be racy (due to background broadcast), and waking it up would
degrade system health. Instead, as a special case we now only
consider clearing DownloadManager permission grants when app data
is being cleared.
Bug:
32172542,
30537115
Test: builds, boots, app upgrade doesn't clear grants
Change-Id: I7e3d4546fd12bfe5f81b9fb9857ece58d574a6b9
(cherry picked from commit
23ec811266fb728cf159a90ce4882b3c9bac1887)
Jeff Sharkey [Fri, 18 Nov 2016 21:23:23 +0000 (14:23 -0700)]
DO NOT MERGE. Check provider access for content changes.
For an app to either send or receive content change notifications,
require that they have some level of access to the underlying
provider.
Without these checks, a malicious app could sniff sensitive user data
from the notifications of otherwise private providers.
Test: builds, boots, PoC app now fails
Bug:
32555637
Change-Id: If2dcd45cb0a9f1fb3b93e39fc7b8ae9c34c2fdef
Narayan Kamath [Mon, 7 Nov 2016 16:22:48 +0000 (16:22 +0000)]
Zygote : Block SIGCHLD during fork.
We close the android logging related sockets prior as late as possible
before every fork to avoid having to whitelist them. If one of the
zygote's children dies after this point (but prior to the fork), we can
end up reopening the logging sockets from the SIGCHLD signal handler.
To prevent this from happening, block SIGCHLD during this critical
section.
Bug:
32693692
Test: Manual
(cherry picked from commit
e9a525829a354c92983a35455ccab16d1b0d3892)
Zygote: Unblock SIGCHLD in the parent after fork.
Follow up to change
e9a525829a354c92983a. Allows the zygote to
receive SIGCHLD again and prevents the zygote from getting into a
zombie state if it's killed.
Contributed-By: rhed_jao <rhed_jao@htc.com>
Bug:
32693692
Test: manual
(cherry picked from commit
1480dc3e97b661f5bfa3a5c2fbce72385b8d2be6)
Change-Id: If89903a29c84dfc9b056f9e19618046874bba689
Narayan Kamath [Wed, 9 Nov 2016 10:20:00 +0000 (10:20 +0000)]
Merge "Zygote: Additional whitelisting for legacy devices." into lmp-dev
Narayan Kamath [Wed, 9 Nov 2016 09:30:47 +0000 (09:30 +0000)]
Merge "Zygote: Additional whitelists for runtime overlay / other static resources." into lmp-dev
neo.chae [Mon, 31 Oct 2016 15:02:38 +0000 (00:02 +0900)]
Fix idmap leak in zygote process
Fix a idmap leak in AssetManager::addSystemOverlays.
And, The fix could also prevent fd leak of idmap.
Test: none
Bug:
32691930
Signed-off-by: Hyangseok Chae <neo.chae@lge.com>
(cherry picked from commit
6a742a38509693f8b39ee9a5ad2803fca12688bf)
Change-Id: Idc4af77db2b0cb739bd6b009b6af0f9123be1aac
Narayan Kamath [Mon, 7 Nov 2016 19:59:29 +0000 (19:59 +0000)]
Zygote: Additional whitelisting for legacy devices.
On M and below, we provide a blanket whitelist for all files under
"/vendor/zygote_whitelist". This path is whitelisted purely to allow
this patch to be applied easily on legacy devices and configurations.
Note that this does not amount to a loosening of our security policy
because whitelisted files are reopened anyway.
Bug:
32691930
Test: manual
(cherry picked from commit
5e2f7c6229d7191183888d685b57a7d0a2835fce)
Change-Id: I9700fc7b469d0bc4d876c52292f25888b94a5223
Narayan Kamath [Fri, 23 Sep 2016 08:07:11 +0000 (09:07 +0100)]
Zygote: Additional whitelists for runtime overlay / other static resources.
Partially cherry picked from commit
1c15c635785c64a.
These files are safe to reopen for the same reason that files in
/system/framework are. They're regular files and will not change after
the first zygote fork.
Bug:
32618130
Change-Id: I119e0bfcbf397cb331064adf148d92a5cd3ea92f
Sungsoo [Tue, 18 Oct 2016 17:41:55 +0000 (17:41 +0000)]
DO NOT MERGE) ExifInterface: Close the file when an exception happens am:
418e0869ba am:
a5affb045e
am:
9a15881184 -s ours
Change-Id: I67ba2d8b8d3c3f32fca417303ee422482acc40d8
Sungsoo [Tue, 18 Oct 2016 17:35:23 +0000 (17:35 +0000)]
DO NOT MERGE) ExifInterface: Close the file when an exception happens am:
418e0869ba
am:
a5affb045e
Change-Id: I4bb4440c019839073b4fcf6df54d726a02286680
Sungsoo [Tue, 18 Oct 2016 17:28:58 +0000 (17:28 +0000)]
DO NOT MERGE) ExifInterface: Close the file when an exception happens
am:
418e0869ba
Change-Id: Ifad08d681f67abc4dd9ad5d8c4e82b038cbd8322
Sungsoo [Tue, 18 Oct 2016 05:12:00 +0000 (14:12 +0900)]
DO NOT MERGE) ExifInterface: Close the file when an exception happens
Bug:
32068647, Bug:
30936376
Change-Id: I22fa2384348c890ca726d2b1632cd54e59d25a8f
Sungsoo [Tue, 18 Oct 2016 05:12:00 +0000 (14:12 +0900)]
DO NOT MERGE) ExifInterface: Close the file when an exception happens
Bug:
32068647, Bug:
30936376
Change-Id: I22fa2384348c890ca726d2b1632cd54e59d25a8f
Suprabh Shukla [Sat, 15 Oct 2016 00:49:46 +0000 (00:49 +0000)]
Merge "DO NOT MERGE Isolated processes don't get precached system service binders" into klp-dev am:
6739ba0280 am:
c36913e68a
am:
e3c0c509ea -s ours
Change-Id: I287e60913bd2a3f6b46d1d5ef2413727e3e63cc2
Suprabh Shukla [Sat, 15 Oct 2016 00:48:51 +0000 (00:48 +0000)]
DO NOT MERGE Isolated processes don't get precached system service binders am:
2aa7e5e861 am:
9df66924c0
am:
e07b811d78 -s ours
Change-Id: Ia9271aeed1c2953a318fc4bf50ee169739147d66
Suprabh Shukla [Sat, 15 Oct 2016 00:41:36 +0000 (00:41 +0000)]
Merge "DO NOT MERGE Isolated processes don't get precached system service binders" into klp-dev am:
6739ba0280
am:
c36913e68a
Change-Id: I65ab1551a4cdbbdf58bf9ec98f718e79c6ee9fe5
Suprabh Shukla [Sat, 15 Oct 2016 00:40:45 +0000 (00:40 +0000)]
DO NOT MERGE Isolated processes don't get precached system service binders am:
2aa7e5e861
am:
9df66924c0
Change-Id: I9bd2580a687037fe9c5d74765d47bb4500b4d096
Suprabh Shukla [Sat, 15 Oct 2016 00:34:11 +0000 (00:34 +0000)]
Merge "DO NOT MERGE Isolated processes don't get precached system service binders" into klp-dev
am:
6739ba0280
Change-Id: Ib8534d2c7ae344d430a9ba2e227cb65d942f0222
Suprabh Shukla [Sat, 15 Oct 2016 00:34:09 +0000 (00:34 +0000)]
DO NOT MERGE Isolated processes don't get precached system service binders
am:
2aa7e5e861
Change-Id: Ied81e1f4b517627f0ced686e7485fa035b1f4c6a
Suprabh Shukla [Sat, 15 Oct 2016 00:26:18 +0000 (00:26 +0000)]
Merge "DO NOT MERGE Isolated processes don't get precached system service binders" into lmp-dev
TreeHugger Robot [Sat, 15 Oct 2016 00:24:31 +0000 (00:24 +0000)]
Merge "DO NOT MERGE Isolated processes don't get precached system service binders" into klp-dev
Suprabh Shukla [Thu, 13 Oct 2016 02:01:11 +0000 (19:01 -0700)]
DO NOT MERGE Isolated processes don't get precached system service binders
More specifically, they get a PackageManager binder -- necessary for
Android process startup and configuration -- but none of the other
usual preloaded service binders.
(backported from commit
2c61c57ac53cbb270b4e76b9d04465f8a3f6eadc)
Bug:
30202228
Change-Id: I3810649f504cd631665ece338a83d2e54d41ad05
Suprabh Shukla [Thu, 13 Oct 2016 23:33:04 +0000 (16:33 -0700)]
DO NOT MERGE Isolated processes don't get precached system service binders
More specifically, they get a PackageManager binder -- necessary for
Android process startup and configuration -- but none of the other
usual preloaded service binders.
(backported from commit
2c61c57ac53cbb270b4e76b9d04465f8a3f6eadc)
Bug:
30202228
Change-Id: I3810649f504cd631665ece338a83d2e54d41ad05
Sungsoo [Thu, 13 Oct 2016 22:06:03 +0000 (22:06 +0000)]
DO NOT MERGE) ExifInterface: Provide backward compatibility am:
c11f599a2f am:
29e643bcbd
am:
68aa33b9bf -s ours
Change-Id: I7fe3d5dbcb7bd206233ce969840f5ed182913dd6
Sungsoo [Thu, 13 Oct 2016 22:01:39 +0000 (22:01 +0000)]
DO NOT MERGE) ExifInterface: Provide backward compatibility am:
c11f599a2f
am:
29e643bcbd
Change-Id: I413ba35abfc8999c405df78a40b8182f19472b6a
Sungsoo [Thu, 13 Oct 2016 21:56:56 +0000 (21:56 +0000)]
DO NOT MERGE) ExifInterface: Provide backward compatibility
am:
c11f599a2f
Change-Id: If503e3361e69ad88a166f145603273d728d65652
Sungsoo [Thu, 13 Oct 2016 03:24:16 +0000 (12:24 +0900)]
DO NOT MERGE) ExifInterface: Provide backward compatibility
ExifInterface.saveAttribute() didn't throw UnsupportedOperationException
before. Use IOException instead of UnsupportedOperationException for
backward compatibility.
Bug:
30936376, Bug:
32068647, Bug:
31319086
Change-Id: Iacc7b4d91d49edd7bece8f2e738a633a91025eca
Sungsoo [Thu, 13 Oct 2016 03:24:16 +0000 (12:24 +0900)]
DO NOT MERGE) ExifInterface: Provide backward compatibility
ExifInterface.saveAttribute() didn't throw UnsupportedOperationException
before. Use IOException instead of UnsupportedOperationException for
backward compatibility.
Bug:
30936376, Bug:
32068647, Bug:
31319086
Change-Id: Iacc7b4d91d49edd7bece8f2e738a633a91025eca
Jaewan Kim [Thu, 22 Sep 2016 17:46:56 +0000 (17:46 +0000)]
Merge "DO NOT MERGE Fix build" into lmp-dev
Jaewan Kim [Thu, 22 Sep 2016 05:56:33 +0000 (14:56 +0900)]
DO NOT MERGE Fix build
Bug:
29833954
Change-Id: Ia814969b516ac7cc0ad7431ebab40cc74fdf2a05
Jaewan Kim [Thu, 22 Sep 2016 09:13:35 +0000 (09:13 +0000)]
Merge "DO NOT MERGE Check caller for sending media key to telephony service" into klp-dev am:
5b05226586 am:
b38fbf9894
am:
84ecab6059 -s ours
Change-Id: I077206cbba5614e52046cbbbf6e40544c3e25f92
Jaewan Kim [Thu, 22 Sep 2016 08:07:29 +0000 (08:07 +0000)]
DO NOT MERGE Check caller for sending media key to telephony service am:
d1641e8c27 am:
9477c1674c
am:
27d24e01cb -s ours
Change-Id: Ibfec9c02db97a94476d1b6b4d7e98fd051d4aa58
Jaewan Kim [Thu, 22 Sep 2016 08:07:17 +0000 (08:07 +0000)]
Merge "DO NOT MERGE Check caller for sending media key to telephony service" into klp-dev am:
5b05226586
am:
b38fbf9894
Change-Id: I6f6d600544f09aac349a626e3ced18de5e02a2eb
Jaewan Kim [Thu, 22 Sep 2016 07:35:37 +0000 (07:35 +0000)]
DO NOT MERGE Check caller for sending media key to telephony service am:
d1641e8c27
am:
9477c1674c
Change-Id: If2edd8d386cd57f00221fedff3f118e6887cab61
Jaewan Kim [Thu, 22 Sep 2016 06:39:33 +0000 (06:39 +0000)]
Merge "DO NOT MERGE Check caller for sending media key to telephony service" into klp-dev
am:
5b05226586
Change-Id: I0b0b672c42a7a4bd75ccbeb2c3a1047eebda5076
Jaewan Kim [Thu, 22 Sep 2016 06:39:24 +0000 (06:39 +0000)]
DO NOT MERGE Check caller for sending media key to telephony service
am:
d1641e8c27
Change-Id: I5be1d931c3a2f2748e69158d442172c327199ef5
Jaewan Kim [Thu, 22 Sep 2016 05:19:34 +0000 (05:19 +0000)]
Merge "DO NOT MERGE Check caller for sending media key to telephony service" into klp-dev
Jaewan Kim [Wed, 21 Sep 2016 02:20:54 +0000 (11:20 +0900)]
DO NOT MERGE Check caller for sending media key to telephony service
Prevent sending media key events from the non-system app to the
telephony service through the AudioManager.dispatchMediaKeyEvent()
or sending media key broadcast directly.
Bug:
29833954
Tested: Installed malicious apps and confirmed that they don't work.
Tested: Run CtsTelecomTestCases and CtsMediaTestCases
Change-Id: I2a9e78196ba7455324e485f098f095d03b47ee15
Ajay Panicker [Thu, 22 Sep 2016 03:50:02 +0000 (03:50 +0000)]
Merge "[DO NOT MERGE] Prevent FDs from being leaked when accepted sockets are closed" into klp-dev am:
c119a677c4 am:
35d1b45b0f
am:
dc0f9fa9c9 -s ours
Change-Id: I75e0e5a61d15b2e6c4a1fec70b807165c8768987
Ajay Panicker [Thu, 22 Sep 2016 03:48:40 +0000 (03:48 +0000)]
[DO NOT MERGE] Prevent FDs from being leaked when accepted sockets are closed am:
786e2694b1 am:
8fd324c33f
am:
438cc52ca1 -s ours
Change-Id: Iabaa5642ffa6c3417b5e027e2da9b33666b1aacf
Jaewan Kim [Wed, 21 Sep 2016 22:21:03 +0000 (22:21 +0000)]
Merge "DO NOT MERGE Check caller for sending media key to global priority session" into lmp-dev
Ajay Panicker [Wed, 21 Sep 2016 21:56:49 +0000 (21:56 +0000)]
Merge "[DO NOT MERGE] Prevent FDs from being leaked when accepted sockets are closed" into klp-dev am:
c119a677c4
am:
35d1b45b0f
Change-Id: I0417ea58275604b9ac1fca6e79c14697d965397a
Ajay Panicker [Wed, 21 Sep 2016 21:55:46 +0000 (21:55 +0000)]
[DO NOT MERGE] Prevent FDs from being leaked when accepted sockets are closed am:
786e2694b1
am:
8fd324c33f
Change-Id: Idbe61150d738e5e41d5606fa6d89c0a5b604a86d
Ajay Panicker [Wed, 21 Sep 2016 21:15:59 +0000 (21:15 +0000)]
Merge "[DO NOT MERGE] Prevent FDs from being leaked when accepted sockets are closed" into klp-dev
am:
c119a677c4
Change-Id: I7f1a7c5d09d38cfbd3fca0ee158f6401233e8f6d
Ajay Panicker [Wed, 21 Sep 2016 21:15:56 +0000 (21:15 +0000)]
[DO NOT MERGE] Prevent FDs from being leaked when accepted sockets are closed
am:
786e2694b1
Change-Id: Ia40c3fc57b5c17910c67faf40b940bdd944dd4e3
Ajay Panicker [Wed, 21 Sep 2016 21:08:04 +0000 (21:08 +0000)]
Merge "[DO NOT MERGE] Prevent FDs from being leaked when accepted sockets are closed" into lmp-dev
Ajay Panicker [Wed, 21 Sep 2016 21:08:01 +0000 (21:08 +0000)]
Merge "[DO NOT MERGE] Prevent FDs from being leaked when accepted sockets are closed" into klp-dev
Jaewan Kim [Wed, 21 Sep 2016 01:07:24 +0000 (10:07 +0900)]
DO NOT MERGE Check caller for sending media key to global priority session
Prevent sending media key events from the non-system app to the global
priority session through the MediaSessionManager.dispatchMediaKeyEvent().
Note that any app can use the API indirectly with
the public API AudioManager.dispatchMediaKeyEvent().
Bug:
29833954
Tested: Installed malicious apps and confirmed that they don't work.
Tested: Run CtsTelecomTestCases and CtsMediaTestCases
Change-Id: I2a9e78196ba7455324e485f098f095d03b47ee15
TreeHugger Robot [Wed, 21 Sep 2016 00:07:34 +0000 (00:07 +0000)]
Merge "[DO NOT MERGE] Fix setPairingConfirmation permissions issue (2/2)" into lmp-dev
Ajay Panicker [Wed, 21 Sep 2016 00:04:35 +0000 (00:04 +0000)]
Merge "[DO NOT MERGE] Fix setPairingConfirmation permissions issue (2/2)" into klp-dev am:
204da8aa9e am:
a278a1e660
am:
3d995d6f5f -s ours
Change-Id: I9e410ce2d5302eda87aea9628cb58ca203a212c5
Ajay Panicker [Wed, 21 Sep 2016 00:03:23 +0000 (00:03 +0000)]
[DO NOT MERGE] Fix setPairingConfirmation permissions issue (2/2) am:
edae39d59a am:
271e34dbd5
am:
3758253ae8 -s ours
Change-Id: I0836ddb1649084a6814c461bccc41135cb475337
Ajay Panicker [Tue, 20 Sep 2016 23:56:48 +0000 (23:56 +0000)]
Merge "[DO NOT MERGE] Fix setPairingConfirmation permissions issue (2/2)" into klp-dev am:
204da8aa9e
am:
a278a1e660
Change-Id: I22838d21bdd289ca34b78260ade59adafbdc408a
Ajay Panicker [Tue, 20 Sep 2016 23:55:44 +0000 (23:55 +0000)]
[DO NOT MERGE] Fix setPairingConfirmation permissions issue (2/2) am:
edae39d59a
am:
271e34dbd5
Change-Id: I954b8f2d9333fa6bb549dc812733d2b8f71220b9
Ajay Panicker [Tue, 20 Sep 2016 23:49:13 +0000 (23:49 +0000)]
Merge "[DO NOT MERGE] Fix setPairingConfirmation permissions issue (2/2)" into klp-dev
am:
204da8aa9e
Change-Id: I0ff3b20fc2f3318070e343dfe6dc29b2979284ef
Ajay Panicker [Tue, 20 Sep 2016 23:49:05 +0000 (23:49 +0000)]
[DO NOT MERGE] Fix setPairingConfirmation permissions issue (2/2)
am:
edae39d59a
Change-Id: I2bdf5c6fc24fd370e2555585e8492558040c0d10
TreeHugger Robot [Tue, 20 Sep 2016 23:44:57 +0000 (23:44 +0000)]
Merge "[DO NOT MERGE] Fix setPairingConfirmation permissions issue (2/2)" into klp-dev
Sudheer Shanka [Mon, 19 Sep 2016 23:24:48 +0000 (23:24 +0000)]
Merge "DO NOT MERGE: Fix deadlock in AcitivityManagerService." into klp-dev am:
d1e3e53d79 am:
a4c9bbefdf
am:
3fca892d3e -s ours
Change-Id: I4d66089c6ec8743f119dd4aab641b22ebdad7b5c
Sudheer Shanka [Mon, 19 Sep 2016 21:50:49 +0000 (21:50 +0000)]
DO NOT MERGE: Fix deadlock in AcitivityManagerService. am:
dce4be63bb am:
a437e7f3f1
am:
c1b2e6db98 -s ours
Change-Id: I006233ce7258467da7d5c09c9925bd6048d85ed3
Sudheer Shanka [Mon, 19 Sep 2016 21:50:47 +0000 (21:50 +0000)]
Merge "DO NOT MERGE: Fix deadlock in AcitivityManagerService." into klp-dev am:
d1e3e53d79
am:
a4c9bbefdf
Change-Id: I224c2cf56d53acf091a11372f82d1305052c6f18
Sudheer Shanka [Mon, 19 Sep 2016 21:02:53 +0000 (21:02 +0000)]
DO NOT MERGE: Fix deadlock in AcitivityManagerService. am:
dce4be63bb
am:
a437e7f3f1
Change-Id: I13fdcfc2ecca2e5e1d178d61ef8ec6990a0fc3af
Sudheer Shanka [Mon, 19 Sep 2016 20:16:17 +0000 (20:16 +0000)]
Merge "DO NOT MERGE: Fix deadlock in AcitivityManagerService." into klp-dev
am:
d1e3e53d79
Change-Id: Id794cb9cd3792317d2786671f2f84a6ad8bbd404
Sudheer Shanka [Mon, 19 Sep 2016 20:16:13 +0000 (20:16 +0000)]
DO NOT MERGE: Fix deadlock in AcitivityManagerService.
am:
dce4be63bb
Change-Id: Ia1db0d226d84ed07da6712f554327b49c9fe59c0
Sudheer Shanka [Mon, 19 Sep 2016 20:01:47 +0000 (20:01 +0000)]
Merge "DO NOT MERGE: Fix deadlock in AcitivityManagerService." into lmp-dev
Sudheer Shanka [Mon, 19 Sep 2016 19:59:18 +0000 (19:59 +0000)]
Merge "DO NOT MERGE: Fix deadlock in AcitivityManagerService." into klp-dev
Paul Jensen [Mon, 19 Sep 2016 11:34:00 +0000 (11:34 +0000)]
Merge "Avoid crashing when downloading MitM'd PAC that is too big" into klp-dev am:
96c045807b am:
7c08c4d5cc
am:
963ca6f947
Change-Id: I1a509c39640e7f9d76bd2e420764aeb3d823a3df
Paul Jensen [Mon, 19 Sep 2016 11:31:54 +0000 (11:31 +0000)]
Avoid crashing when downloading MitM'd PAC that is too big am:
7d2198b586 am:
9c1cb7a273
am:
6634e90ad7
Change-Id: Id46b32b80d47f6b7e2bfab2740978377a6b711cf
Paul Jensen [Mon, 19 Sep 2016 11:27:47 +0000 (11:27 +0000)]
Merge "Avoid crashing when downloading MitM'd PAC that is too big" into klp-dev am:
96c045807b
am:
7c08c4d5cc
Change-Id: Idd0a3598ffac808a39703a23238b47a02bca66ed
Paul Jensen [Mon, 19 Sep 2016 11:25:21 +0000 (11:25 +0000)]
Avoid crashing when downloading MitM'd PAC that is too big am:
7d2198b586
am:
9c1cb7a273
Change-Id: I8cd4b0d33da22bc29abd176672659c3eeb8c7d5b
Paul Jensen [Mon, 19 Sep 2016 11:19:16 +0000 (11:19 +0000)]
Merge "Avoid crashing when downloading MitM'd PAC that is too big" into klp-dev
am:
96c045807b
Change-Id: Ia20ba679f7b0445567b43aa74eef27f751453d4e
Paul Jensen [Mon, 19 Sep 2016 11:19:13 +0000 (11:19 +0000)]
Avoid crashing when downloading MitM'd PAC that is too big
am:
7d2198b586
Change-Id: I512d6f9de6a92dd3cabec93bcadf437f5cf2e16d
Paul Jensen [Mon, 19 Sep 2016 11:10:59 +0000 (11:10 +0000)]
Merge "Avoid crashing when downloading MitM'd PAC that is too big" into klp-dev
Tadashi G. Takaoka [Sun, 18 Sep 2016 12:22:55 +0000 (12:22 +0000)]
DO NOT MERGE: Catch all exceptions when parsing IME meta data am:
f71d2cddf1 am:
57454cf15e
am:
29f2e1d93a -s ours
Change-Id: Iaed8d1cc6e6a6bf00a9602ebb829d008f8c4e56e
Tadashi G. Takaoka [Sun, 18 Sep 2016 12:17:17 +0000 (12:17 +0000)]
DO NOT MERGE: Catch all exceptions when parsing IME meta data am:
f71d2cddf1
am:
57454cf15e
Change-Id: I2620580fca624c6ab4520f0a31c42cef42bafa01
Tadashi G. Takaoka [Sun, 18 Sep 2016 12:03:59 +0000 (12:03 +0000)]
DO NOT MERGE: Catch all exceptions when parsing IME meta data
am:
f71d2cddf1
Change-Id: Iaa5041d4b5fc61860f7ce95ecce60d39bbd5023b
Tadashi G. Takaoka [Sun, 18 Sep 2016 11:55:33 +0000 (11:55 +0000)]
Merge "DO NOT MERGE: Catch all exceptions when parsing IME meta data" into lmp-dev
Jeff Sharkey [Fri, 16 Sep 2016 18:04:05 +0000 (12:04 -0600)]
Use "all_downloads" instead of "my_downloads".
We can no longer return the "my_downloads" paths: if those Uris were
shared beyond the app that requested the download, access would be
denied. Instead, we need to switch to using "all_downloads" Uris so
that permission grants can be issued to third-party viewer apps.
Since an app requesting a download doesn't normally have permission
to "all_downloads" paths, DownloadProvider now issues narrow grants
toward the owner of each download, both at device boot and when new
downloads are started.
Bug:
30537115,
30945409
Change-Id: I533125b36444877f54373d88922f2acc777e250b
Tadashi G. Takaoka [Fri, 16 Sep 2016 03:12:14 +0000 (12:12 +0900)]
DO NOT MERGE: Catch all exceptions when parsing IME meta data
Bug:
30568284
Change-Id: I0b613f8ce0f014320c5ac1bf445699ea2702a0a2
(manually cherry picked from
9b2997d22e6ce2a15065d8e7608dd77b316c2065)
Tadashi G. Takaoka [Fri, 16 Sep 2016 03:00:57 +0000 (12:00 +0900)]
DO NOT MERGE: Catch all exceptions when parsing IME meta data
Bug:
30568284
Change-Id: I0b613f8ce0f014320c5ac1bf445699ea2702a0a2
(manually cherry picked from
9b2997d22e6ce2a15065d8e7608dd77b316c2065)
Sudheer Shanka [Fri, 16 Sep 2016 02:00:43 +0000 (19:00 -0700)]
DO NOT MERGE: Fix deadlock in AcitivityManagerService.
Don't hold mPidsSelfLocked lock when calling
cleanUpApplicationRecordLocked.
Bug:
31463143
Change-Id: I1fddd06f5e35b67fea041741f5746c57a39208ba
Sudheer Shanka [Wed, 14 Sep 2016 21:37:14 +0000 (14:37 -0700)]
DO NOT MERGE: Fix deadlock in AcitivityManagerService.
Don't hold mPidsSelfLocked lock when calling
cleanUpApplicationRecordLocked.
Bug:
31463143
Change-Id: I421962cbfd7c466662edcef805c3e27321dc5a98
Ajay Panicker [Thu, 8 Sep 2016 20:23:02 +0000 (13:23 -0700)]
[DO NOT MERGE] Prevent FDs from being leaked when accepted sockets are closed
Bug:
28672558
Change-Id: I4bc14bd7f098e34012c2ae1eeba2d439145901f0
Sungsoo [Fri, 9 Sep 2016 23:00:35 +0000 (23:00 +0000)]
DO NOT MERGE) ExifInterface: Make saveAttributes throw an exception before change am:
1bdd10a953 am:
b336cce830
am:
d07324fe85 -s ours
Change-Id: Ie3049cea7663d06632b0e3139f30f01e7dba5df0
Sungsoo [Fri, 9 Sep 2016 22:54:12 +0000 (22:54 +0000)]
DO NOT MERGE) ExifInterface: Make saveAttributes throw an exception before change am:
1bdd10a953
am:
b336cce830
Change-Id: Ib90b72ce9abefc6a7ceab1070555ded45dc8567d
Sungsoo [Fri, 9 Sep 2016 22:46:23 +0000 (22:46 +0000)]
DO NOT MERGE) ExifInterface: Make saveAttributes throw an exception before change
am:
1bdd10a953
Change-Id: I644f8187ed6f5957fc273b98c10ed0c602ed1879
Ajay Panicker [Thu, 8 Sep 2016 20:23:02 +0000 (13:23 -0700)]
[DO NOT MERGE] Prevent FDs from being leaked when accepted sockets are closed
Bug:
28672558
Change-Id: I4bc14bd7f098e34012c2ae1eeba2d439145901f0
Ajay Panicker [Thu, 8 Sep 2016 18:01:29 +0000 (11:01 -0700)]
[DO NOT MERGE] Fix setPairingConfirmation permissions issue (2/2)
setPairingConfirmation was set to only require BLUETOOTH_ADMIN
permission which shouldn't be able to set the confirmation itself.
This is restricted to BLUETOOTH_PRIVILEGED permission.
Bug:
29043989
Change-Id: Iddc935f0b02f5ff56e930914b4b664377e786184
Ajay Panicker [Thu, 8 Sep 2016 18:01:29 +0000 (11:01 -0700)]
[DO NOT MERGE] Fix setPairingConfirmation permissions issue (2/2)
setPairingConfirmation was set to only require BLUETOOTH_ADMIN
permission which shouldn't be able to set the confirmation itself.
This is restricted to BLUETOOTH_PRIVILEGED permission.
Bug:
29043989
Change-Id: Iddc935f0b02f5ff56e930914b4b664377e786184
Sungsoo [Thu, 8 Sep 2016 07:04:44 +0000 (16:04 +0900)]
DO NOT MERGE) ExifInterface: Make saveAttributes throw an exception before change
ExifInterface object can be created with a unsupported file format.
If saveAttribute is called with an unsupported file format, ExifInterface
makes the file corrupted. This CL prevents those cases by throwing
an exception before making any change on the file.
Bug:
30936376
Change-Id: I915f56b00ec9422b53591ac5534e070a1d6798e6
Sungsoo [Thu, 8 Sep 2016 07:04:44 +0000 (16:04 +0900)]
DO NOT MERGE) ExifInterface: Make saveAttributes throw an exception before change
ExifInterface object can be created with a unsupported file format.
If saveAttribute is called with an unsupported file format, ExifInterface
makes the file corrupted. This CL prevents those cases by throwing
an exception before making any change on the file.
Bug:
30936376
Change-Id: I915f56b00ec9422b53591ac5534e070a1d6798e6
Narayan Kamath [Fri, 19 Aug 2016 12:45:24 +0000 (13:45 +0100)]
Backport changes to whitelist sockets opened by the zygote.
This is the backport of the following commits :
Commit
c5f27a7cb2ec816f483a65255034a1b57a8aa22:
-----------------------------------------------
Reopen whitelisted zygote file descriptors after a fork.
We don't want these descriptors to be shared post-fork, so we'll
have to close and reopen them when the zygote forks. The set of
open descriptors is checked against a whitelist and it is a fatal
error if a non whitelisted FD is opened. It is also a fatal error
if anything other than a regular file / character device or socket
is opened at the time of forking.
This work is done in two stages :
- An initial list of FDs is constructed and cached prior to the
first zygote fork.
- On each subsequent fork, we check whether the list of open FDs
has changed. We are currently tolerant of changes, but in the
longer term, it should be a fatal error if the set of open file
descriptors in the zygote changes.
- Post fork, we traverse the list of open descriptors and reopen
them if necessary.
bug:
30963384
Commit
3764a260f0c90dcb323caeda14baf903cc108759:
-----------------------------------------------
Add a whitelist of sockets on fork.
Maintain a whitelist of AF_UNIX sockets that are permitted
to exist at the time of forking. If an open socket does not belong
to the whitelist (or is not AF_UNIX), the process will abort. If an
open socket is whitelisted, it will be redirected to /dev/null after
a sucessful fork. This allows us to unify our handling of the special
zygote sockets (/dev/socket/zygote[_secondary]) with the existing
whitelist of non socket file descriptors.
This change also removes non-fatal ALOGW messages since they have the
side effect of reopening the logging socket.
bug:
30963384
Commit
0b76d6a28e6978151bf245a775329cdae5e574d5:
-----------------------------------------------
fd_utils: Fix broken usage of iterators.
There were two separate issues here :
- RestatInternal was using an iterator after a call to erase(). This
will not work because it will be invalidated.
- The "standard" for loop idiom for iterating over a map while making
structural changes to it is broken. Switch to a while loop and treat
cases where elements are erased differently from cases where they
aren't.
bug:
31092930
bug:
30963384
Plus additional changes:
-----------------------------------------------
- change std::unordered_map to std::tr1::unordered_map.
- add /dev/alarm and /dev/__properties__ to the whitelist.
- map.erase(iterator) returns void prior to C++11, so need the kludge
of calling erase(it++).
Change-Id: I694ff66d5f227239b0190ffc2287882b16e336fa
Paul Jensen [Mon, 22 Aug 2016 13:15:40 +0000 (09:15 -0400)]
Avoid crashing when downloading MitM'd PAC that is too big
There's two pieces to this fix:
1. Move PAC loading off IoThread which isn't meant for
blocking network fetches. If the fetch takes more than
60s Android reboots when the IoThread is used.
2. Limit PAC fetching to 20MB. Any PAC bigger than that
is likely evil.
MitM of PACs should only be possbile when a non-SSL PAC URL
is used.
Change-Id: Ie1658a1c705615dc85a7fc68053f0dad8d048294
Fixes:
30100884
Sudheer Shanka [Mon, 22 Aug 2016 22:19:10 +0000 (22:19 +0000)]
DO NOT MERGE: Clean up when recycling a pid with a pending launch am:
a3af5c6207 am:
21ef672cab
am:
e0d1ff1c42 -s ours
Change-Id: I8a1464443e84bb7987235d25ad40ae01386d72ef
Sudheer Shanka [Mon, 22 Aug 2016 22:19:06 +0000 (22:19 +0000)]
resolve merge conflicts of
270947f to klp-modular-dev
am:
76c4b2a7b6 -s ours
Change-Id: Icdcd0929eb7bd32665e91fe2598af46db3ff01bd
Sudheer Shanka [Mon, 22 Aug 2016 22:11:52 +0000 (22:11 +0000)]
DO NOT MERGE: Clean up when recycling a pid with a pending launch am:
a3af5c6207
am:
21ef672cab
Change-Id: Ia073a40c330038e77ff5992c056a8fe0a5924edb
Sudheer Shanka [Fri, 19 Aug 2016 18:27:31 +0000 (11:27 -0700)]
resolve merge conflicts of
270947f to klp-modular-dev
Change-Id: I703a7f8eb0897e518c3df9e8c7efa19508611a47
Sudheer Shanka [Fri, 19 Aug 2016 17:46:12 +0000 (17:46 +0000)]
Merge "DO NOT MERGE: Clean up when recycling a pid with a pending launch" into klp-dev
am:
de04301f9a
Change-Id: I1d04889e2227d0a9a6b86b44ce38cdc5763dfac0
Sudheer Shanka [Fri, 19 Aug 2016 17:32:01 +0000 (17:32 +0000)]
DO NOT MERGE: Clean up when recycling a pid with a pending launch
am:
a3af5c6207
Change-Id: Ibdd69f2fa346dc31224fa6357718f56aa26ded1d
Sudheer Shanka [Fri, 19 Aug 2016 17:07:04 +0000 (17:07 +0000)]
Merge "DO NOT MERGE: Clean up when recycling a pid with a pending launch" into klp-dev
Sudheer Shanka [Fri, 19 Aug 2016 17:06:56 +0000 (17:06 +0000)]
Merge "DO NOT MERGE: Clean up when recycling a pid with a pending launch" into lmp-dev