OSDN Git Service
Chia-I Wu [Tue, 16 May 2017 20:33:31 +0000 (20:33 +0000)]
Merge "libgui: check for invalid slot in attachBuffer" into lmp-dev
TreeHugger Robot [Tue, 16 May 2017 20:30:06 +0000 (20:30 +0000)]
Merge "libgui: Check slot received from IGBP in Surface" into lmp-dev
Chris Forbes [Tue, 16 May 2017 19:15:38 +0000 (19:15 +0000)]
Merge "ui: Fix bad size check in Fence::unflatten" into klp-dev am:
25556811f0 am:
71d3ef1340
am:
5c5ee81b0c
Change-Id: Ie7ec2067057ea2dbd4b9af0c93a00ba53879b72f
Chris Forbes [Tue, 16 May 2017 19:12:38 +0000 (19:12 +0000)]
Merge "ui: Fix bad size check in Fence::unflatten" into klp-dev am:
25556811f0
am:
71d3ef1340
Change-Id: I75797414173ebfb38eefe02ac0a635f10c59d883
Chris Forbes [Tue, 16 May 2017 19:10:08 +0000 (19:10 +0000)]
Merge "ui: Fix bad size check in Fence::unflatten" into klp-dev
am:
25556811f0
Change-Id: I5a267f8dccb75625fafd96e67bc0fbb9a2492ce7
Chris Forbes [Tue, 16 May 2017 19:00:54 +0000 (19:00 +0000)]
Merge "ui: Fix bad size check in Fence::unflatten" into klp-dev
Chris Forbes [Wed, 10 May 2017 20:12:00 +0000 (13:12 -0700)]
ui: Fix bad size check in Fence::unflatten
Differs slightly from mnc+ patch: GetFlattenedSize was fixed in mnc.
Test: Boot device, run poc from bug, observe no longer crashes
Bug:
37285689
Change-Id: Id8b851733b088cce0d07493fbf76e7e24f9299ad
Chia-I Wu [Mon, 15 May 2017 17:32:27 +0000 (10:32 -0700)]
libgui: check for invalid slot in attachBuffer
Bug:
37478824
Test: manual
Change-Id: I369337d53539bf7f7e3d925bccdae4045da1b404
Dan Stoza [Mon, 1 May 2017 23:31:53 +0000 (16:31 -0700)]
libgui: Check slot received from IGBP in Surface
Checks that the slot number received from mGraphicBufferProducer in
Surface::dequeueBuffer is on the interval [0, NUM_BUFFER_SLOTS) to
protect against a malicious BnGraphicBufferProducer.
Bug:
36991414
Change-Id: I1a76fd1bcce1c558f1c0c30f03638278288ed4fa
Dan Stoza [Mon, 15 May 2017 18:13:30 +0000 (18:13 +0000)]
libgui: Check slot received from IGBP in Surface am:
ac93b3a30e am:
7cb9cd3df2
am:
057ae95ab2 -s ours
Change-Id: I2c6441b19650f31c7bbab9ce22191ae162ba9e58
Dan Stoza [Mon, 15 May 2017 18:02:29 +0000 (18:02 +0000)]
libgui: Check slot received from IGBP in Surface am:
ac93b3a30e
am:
7cb9cd3df2
Change-Id: Iff706258762cac4bfb7d97af7d365412d9ee661d
Dan Stoza [Mon, 15 May 2017 17:59:58 +0000 (17:59 +0000)]
libgui: Check slot received from IGBP in Surface
am:
ac93b3a30e
Change-Id: I6ab9bc7f577634c0bf23359b5eb60e6dd07e4854
Dan Stoza [Mon, 1 May 2017 23:31:53 +0000 (16:31 -0700)]
libgui: Check slot received from IGBP in Surface
Checks that the slot number received from mGraphicBufferProducer in
Surface::dequeueBuffer is on the interval [0, NUM_BUFFER_SLOTS) to
protect against a malicious BnGraphicBufferProducer.
Bug:
36991414
Change-Id: I1a76fd1bcce1c558f1c0c30f03638278288ed4fa
Fabien Sanglard [Thu, 2 Feb 2017 01:31:32 +0000 (01:31 +0000)]
Fix security vulnerability am:
2ae83f4f62 am:
11ab583834
am:
ac2b87ac0f
Change-Id: I3b249a9ec1820917dc015c72bd093535927c9ed6
Fabien Sanglard [Thu, 2 Feb 2017 01:29:02 +0000 (01:29 +0000)]
Fix security vulnerability am:
2ae83f4f62
am:
11ab583834
Change-Id: I09ec85b9f83e1f4458940415cd07f6fca725c552
Fabien Sanglard [Thu, 2 Feb 2017 01:27:03 +0000 (01:27 +0000)]
Fix security vulnerability
am:
2ae83f4f62
Change-Id: Ie0590dbb8429b5b289f3095055abdc8d29b95a7f
Fabien Sanglard [Thu, 19 Jan 2017 19:13:20 +0000 (11:13 -0800)]
Fix security vulnerability
Test: hammerhead
Bug:
32628763
Change-Id: I19a81b63fffee8f323a5925c7e8633fbd640b91c
Christopher Tate [Thu, 3 Nov 2016 20:32:41 +0000 (13:32 -0700)]
Correct overflow check in Parcel resize code
Bug
31929765
Change-Id: Ie27b9945f1de056624668869bdf9a5578abff467
Fabien Sanglard [Tue, 8 Nov 2016 23:31:32 +0000 (15:31 -0800)]
Fix SF security vulnerability:
32660278
Because of lack of mutex lock when get mSidebandStream, if one thread
getSidebandStream, another thread setSidebandStream frequently, an UAF
will be triggered.
Bug:
32660278
Test: Marlin device with poc
Change-Id: Idbcf0976ce2db682d0f13455105c45a5c7481a45
Arve Hjønnevåg [Thu, 18 Aug 2016 22:42:35 +0000 (15:42 -0700)]
ServiceManager: Allow system services running as secondary users to add services
This should be reverted when all system services have been cleaned up to not
do this. A process looking up a service while running in the background will
see the service registered by the active user (assuming the service is
registered on every user switch), not the service registered by the user that
the process itself belongs to.
BUG:
30795333
Change-Id: I1b74d58be38ed358f43c163692f9e704f8f31dbe
Arve Hjønnevåg [Mon, 1 Aug 2016 23:05:17 +0000 (16:05 -0700)]
DO NOT MERGE ServiceManager: Restore basic uid check
Prevent apps from registering services without relying on selinux checks.
Bug:
29431260
Change-Id: I38c6e8bc7f7cba1cbd3568e8fed1ae7ac2054a9b
Pablo Ceballos [Thu, 26 May 2016 22:35:55 +0000 (15:35 -0700)]
Add FrameStats default constructor
Bug
28592402
Change-Id: I857e46c9ab3ffae0d96923d665d13a4128a6cafa
Marco Nelissen [Mon, 9 May 2016 20:54:25 +0000 (20:54 +0000)]
Correctly handle dup() failure in Parcel::readNativeHandle am:
1de7966c72 am:
275c9f60f9
am:
853702ce3d
* commit '
853702ce3d1ba5e45ce58f332ed1d40008a44375':
Correctly handle dup() failure in Parcel::readNativeHandle
Change-Id: I2b8f6070ecc873d67be5a4c72ca870606af93a3d
Marco Nelissen [Mon, 9 May 2016 20:48:32 +0000 (20:48 +0000)]
Correctly handle dup() failure in Parcel::readNativeHandle am:
1de7966c72
am:
275c9f60f9
* commit '
275c9f60f94780bd686eca9750ec41cc1fafa333':
Correctly handle dup() failure in Parcel::readNativeHandle
Change-Id: I6516dea7eac82d06e1ffd1d269dbb6415fece948
Marco Nelissen [Mon, 9 May 2016 20:43:16 +0000 (20:43 +0000)]
Correctly handle dup() failure in Parcel::readNativeHandle
am:
1de7966c72
* commit '
1de7966c72981aebc3c7f9978ab129678ac89258':
Correctly handle dup() failure in Parcel::readNativeHandle
Change-Id: Ie043622a17b241c489429273d369e9a478b7ebcc
Marco Nelissen [Tue, 26 Apr 2016 15:44:09 +0000 (08:44 -0700)]
Correctly handle dup() failure in Parcel::readNativeHandle
bail out if dup() fails, instead of creating an invalid native_handle_t
Bug:
28395952
Change-Id: Ia1a6198c0f45165b9c6a55a803e5f64d8afa0572
Dianne Hackborn [Wed, 23 Mar 2016 22:15:19 +0000 (22:15 +0000)]
Fix issue #
27252896: Security Vulnerability -- weak binder am:
41e7b17
am:
74d2c4b -s ours
* commit '
74d2c4b4c97dbbcf43a9f8870007593d61beb547':
Fix issue #
27252896: Security Vulnerability -- weak binder
Dianne Hackborn [Wed, 23 Mar 2016 22:07:32 +0000 (22:07 +0000)]
Fix issue #
27252896: Security Vulnerability -- weak binder
am:
41e7b17
* commit '
41e7b1780f106d2eb4304b1f9cf060ce44177cae':
Fix issue #
27252896: Security Vulnerability -- weak binder
Dianne Hackborn [Mon, 21 Mar 2016 17:36:54 +0000 (10:36 -0700)]
Fix issue #
27252896: Security Vulnerability -- weak binder
Sending transaction to freed BBinder through weak handle
can cause use of a (mostly) freed object. We need to try to
safely promote to a strong reference first.
Change-Id: Ic9c6940fa824980472e94ed2dfeca52a6b0fd342
(manually cherry picked and resolved conflicts from commit
c11146106f94e07016e8e26e4f8628f9a0c73199)
Dianne Hackborn [Mon, 21 Mar 2016 17:36:54 +0000 (10:36 -0700)]
Fix issue #
27252896: Security Vulnerability -- weak binder
Sending transaction to freed BBinder through weak handle
can cause use of a (mostly) freed object. We need to try to
safely promote to a strong reference first.
Change-Id: Ic9c6940fa824980472e94ed2dfeca52a6b0fd342
(cherry picked from commit
c11146106f94e07016e8e26e4f8628f9a0c73199)
Pablo Ceballos [Fri, 18 Mar 2016 18:03:50 +0000 (18:03 +0000)]
Merge "DO NOT MERGE BQ: fix some uninitialized variables" into klp-dev am:
b4eac74
am:
dc5d0f4 -s ours
* commit '
dc5d0f46de1f8a800b3af340ca57278989df151a':
DO NOT MERGE BQ: fix some uninitialized variables
Pablo Ceballos [Fri, 18 Mar 2016 18:01:32 +0000 (18:01 +0000)]
Merge "DO NOT MERGE BQ: fix some uninitialized variables" into klp-dev
am:
b4eac74
* commit '
b4eac742c9e3f0238d5d03b237b2038df885ed2c':
DO NOT MERGE BQ: fix some uninitialized variables
Pablo Ceballos [Fri, 18 Mar 2016 17:52:55 +0000 (17:52 +0000)]
Merge "DO NOT MERGE BQ: fix some uninitialized variables" into klp-dev
Pablo Ceballos [Wed, 16 Mar 2016 01:10:49 +0000 (18:10 -0700)]
DO NOT MERGE BQ: fix some uninitialized variables
Bug
27555981
Bug
27556038
Change-Id: I436b6fec589677d7e36c0e980f6e59808415dc0e
Pablo Ceballos [Wed, 16 Mar 2016 01:10:49 +0000 (18:10 -0700)]
BQ: fix some uninitialized variables
Bug
27555981
Bug
27556038
Change-Id: I436b6fec589677d7e36c0e980f6e59808415dc0e
Pablo Ceballos [Tue, 23 Feb 2016 00:40:58 +0000 (00:40 +0000)]
DO NOT MERGE Add SN logging am:
24cd2b9627
am:
ec7538a254 -s ours
* commit '
ec7538a254f283afc7b046aa8ca2fe908d4e3b0c':
DO NOT MERGE Add SN logging
Pablo Ceballos [Tue, 23 Feb 2016 00:34:17 +0000 (00:34 +0000)]
DO NOT MERGE Add SN logging
am:
24cd2b9627
* commit '
24cd2b96279ac29b936ba09ed708b1bcb922d04c':
DO NOT MERGE Add SN logging
Pablo Ceballos [Sat, 20 Feb 2016 19:30:43 +0000 (11:30 -0800)]
DO NOT MERGE Add SN logging
Bug
27046057
Change-Id: I942876c09fdbe841c19807e463f5426287e07803
Pablo Ceballos [Sat, 20 Feb 2016 19:26:13 +0000 (11:26 -0800)]
Add SN logging
Bug
27046057
Change-Id: Iede7c92e59e60795df1ec7768ebafd6b090f1c27
Pablo Ceballos [Sat, 20 Feb 2016 00:00:50 +0000 (00:00 +0000)]
Merge "DO NOT MERGE BQ: Add permission check to BufferQueueConsumer::dump" into klp-dev am:
c232606413
am:
1d0e811e5a -s ours
* commit '
1d0e811e5ac853669fe96370e499428049a5b7ee':
DO NOT MERGE BQ: Add permission check to BufferQueueConsumer::dump
Pablo Ceballos [Fri, 19 Feb 2016 23:54:34 +0000 (23:54 +0000)]
Merge "DO NOT MERGE BQ: Add permission check to BufferQueueConsumer::dump" into klp-dev
am:
c232606413
* commit '
c2326064136adb834d12c3fed47af5d66cd42c15':
DO NOT MERGE BQ: Add permission check to BufferQueueConsumer::dump
Pablo Ceballos [Fri, 19 Feb 2016 23:39:53 +0000 (23:39 +0000)]
Merge "BQ: Add permission check to BufferQueueConsumer::dump" into lmp-dev
Pablo Ceballos [Fri, 19 Feb 2016 23:39:36 +0000 (23:39 +0000)]
Merge "DO NOT MERGE BQ: Add permission check to BufferQueueConsumer::dump" into klp-dev
Christopher Tate [Wed, 17 Feb 2016 18:44:11 +0000 (18:44 +0000)]
Sanity check IMemory access versus underlying mmap am:
94b0d4e3ab
am:
ef6908e2b3
* commit '
ef6908e2b3e6ee6514620acc338b458ade7c3640':
Sanity check IMemory access versus underlying mmap
Christopher Tate [Wed, 17 Feb 2016 18:37:52 +0000 (18:37 +0000)]
Sanity check IMemory access versus underlying mmap
am:
94b0d4e3ab
* commit '
94b0d4e3ab023cfa03a7a4e85f3e09d3743da715':
Sanity check IMemory access versus underlying mmap
Christopher Tate [Sat, 6 Feb 2016 03:02:56 +0000 (19:02 -0800)]
Sanity check IMemory access versus underlying mmap
Bug
26877992
Change-Id: Ibbf4b1061e4675e4e96bc944a865b53eaf6984fe
Pablo Ceballos [Fri, 12 Feb 2016 02:01:49 +0000 (18:01 -0800)]
BQ: Add permission check to BufferQueueConsumer::dump
Bug
27046057
Change-Id: Id7bd8cf95045b497943ea39dde49e877aa6f5c4e
Pablo Ceballos [Fri, 12 Feb 2016 03:15:35 +0000 (19:15 -0800)]
DO NOT MERGE BQ: Add permission check to BufferQueueConsumer::dump
Bug
27046057
Change-Id: I387178708f460596433f75bb059854a26cc22e78
Robert Shih [Fri, 15 Jan 2016 01:38:56 +0000 (01:38 +0000)]
IGraphicBufferProducer: fix QUEUE_BUFFER info leak am:
d06421fd37
am:
413318311c
* commit '
413318311c8cc356dd7e0837ce26e937a9f4c56a':
IGraphicBufferProducer: fix QUEUE_BUFFER info leak
Robert Shih [Fri, 15 Jan 2016 01:27:23 +0000 (01:27 +0000)]
IGraphicBufferProducer: fix QUEUE_BUFFER info leak
am:
d06421fd37
* commit '
d06421fd37fbb7fd07002e6738fac3a223cb1a62':
IGraphicBufferProducer: fix QUEUE_BUFFER info leak
Robert Shih [Mon, 11 Jan 2016 23:02:12 +0000 (15:02 -0800)]
IGraphicBufferProducer: fix QUEUE_BUFFER info leak
Bug:
26338109
Change-Id: I8a979469bfe1e317ebdefa43685e19f9302baea8
Robert Shih [Mon, 11 Jan 2016 19:42:48 +0000 (11:42 -0800)]
IGraphicBufferConsumer: fix ATTACH_BUFFER info leak
Bug:
26338113
Change-Id: I019c4df2c6adbc944122df96968ddd11a02ebe33
Nick Kralevich [Fri, 23 Oct 2015 04:19:51 +0000 (04:19 +0000)]
DO NOT MERGE: fix build try #2 am:
778b6f4902
am:
034bc1799c -s ours
* commit '
034bc1799cbbc4184aa507eba181573c0a3b9b35':
DO NOT MERGE: fix build try #2
Nick Kralevich [Fri, 23 Oct 2015 04:15:21 +0000 (04:15 +0000)]
DO NOT MERGE: fix build try #2
am:
778b6f4902
* commit '
778b6f4902ad824d5fc62071caaa837bb47deee5':
DO NOT MERGE: fix build try #2
Nick Kralevich [Fri, 23 Oct 2015 01:44:26 +0000 (01:44 +0000)]
resolve merge conflicts of
834ac204ce to klp-modular-dev.
am:
7f1ea80d65
* commit '
7f1ea80d65996ab687ff56a884da915535cdc176':
DO NOT MERGE: fix build breakage
Nick Kralevich [Fri, 23 Oct 2015 00:26:19 +0000 (17:26 -0700)]
resolve merge conflicts of
834ac204ce to klp-modular-dev.
Bug:
23905002
Change-Id: Ic7262861af91a8fff27692c0f68761cb3ab12aa3
Nick Kralevich [Thu, 22 Oct 2015 21:48:50 +0000 (14:48 -0700)]
DO NOT MERGE: fix build try #2
On klp-dev, UINT16_MAX isn't available unless __STDINT_LIMITS
is defined, which it's not for this code. This isn't relevant
for later branches due to bionic commit
e2a292d278b94fec3d078b1f1b27c1f89942c276
Don't use UINT16_MAX when we can just hardcode 65535.
Bug:
23905002
Change-Id: Ia1fd0f749cb7a4d19866075abc28ed6960424e54
Nick Kralevich [Thu, 22 Oct 2015 14:09:23 +0000 (07:09 -0700)]
DO NOT MERGE: fix build breakage
fix klp-dev only build breakage.
frameworks/native/libs/input/Input.cpp: In member function 'android::status_t android::MotionEvent::readFromParcel(android::Parcel*)':
frameworks/native/libs/input/Input.cpp:494:47: error: 'UINT16_MAX' was not declared in this scope
Bug:
23905002
Change-Id: I4b6b864ca64d39a8873d045a61e0ddaea2ab9109
Flanker [Thu, 22 Oct 2015 02:04:55 +0000 (02:04 +0000)]
add number constraint for samples per MotionEvent am:
5d17838ade
am:
72c8ca4a01
* commit '
72c8ca4a0191827fd3265c0820b685a6cf420be1':
add number constraint for samples per MotionEvent
Flanker [Thu, 22 Oct 2015 02:02:46 +0000 (02:02 +0000)]
add number constraint for samples per MotionEvent
am:
5d17838ade
* commit '
5d17838adef13062717322e79d4db0b9bb6b2395':
add number constraint for samples per MotionEvent
Flanker [Mon, 7 Sep 2015 07:28:58 +0000 (15:28 +0800)]
add number constraint for samples per MotionEvent
Bug:
23905002
Signed-off-by: Adam Lesinski <adamlesinski@google.com>
(cherry picked from commit
552a8a5d8df32f659b8d11311a244cdc6d3b7733)
Change-Id: I9b7ea859889b7697bee4165a2746602212120543
Naveen Leekha [Thu, 24 Sep 2015 22:04:48 +0000 (22:04 +0000)]
am
e2c4f4fb: am
c1e6fbb5: Initialize local variables to avoid data leak
* commit '
e2c4f4fb8b34e36a4f2760f3812c942604cabfb6':
Initialize local variables to avoid data leak
Naveen Leekha [Thu, 24 Sep 2015 22:00:13 +0000 (22:00 +0000)]
am
c1e6fbb5: Initialize local variables to avoid data leak
* commit '
c1e6fbb52c3f85cc7610d1d07d12be38f70b4ed4':
Initialize local variables to avoid data leak
Naveen Leekha [Wed, 23 Sep 2015 01:04:44 +0000 (18:04 -0700)]
Initialize local variables to avoid data leak
The uninitialized local variables pick up
whatever the memory content was there on stack.
This data gets sent to the remote process in
case of a failed transaction, which is a security
issue. Fixed.
(Partial manual merge of master change
12ba0f57d028a9c8f4eb3afddc326b70677d1e0c. Rest
to automerge from klp-dev)
For b/
23696300
Change-Id: I704c9fab327b3545c58e8a9a96ac542eb7469c2a
Naveen Leekha [Wed, 23 Sep 2015 00:58:21 +0000 (17:58 -0700)]
Initialize local variables to avoid data leak
The uninitialized local variables pick up
whatever the memory content was there on stack.
This data gets sent to the remote process in
case of a failed transaction, which is a security
issue. Fixed.
(Manual merge of master change
12ba0f57d028a9c8f4eb3afddc326b70677d1e0c )
For b/
23696300
Change-Id: I665212d10da56f0803b5bb772d14c77e632ba2ab
Christopher Tate [Thu, 2 Jul 2015 01:42:09 +0000 (01:42 +0000)]
am
dc3d6af9: am
bb686c25: Disregard alleged binder entities beyond parcel bounds
* commit '
dc3d6af97d521678981c773ad9f4e1da088d7870':
Disregard alleged binder entities beyond parcel bounds
Christopher Tate [Thu, 2 Jul 2015 01:31:09 +0000 (01:31 +0000)]
am
bb686c25: Disregard alleged binder entities beyond parcel bounds
* commit '
bb686c25b214edadd1830abd056db2d570d716ff':
Disregard alleged binder entities beyond parcel bounds
Christopher Tate [Thu, 28 May 2015 00:53:02 +0000 (17:53 -0700)]
Disregard alleged binder entities beyond parcel bounds
When appending one parcel's contents to another, ignore binder
objects within the source Parcel that appear to lie beyond the
formal bounds of that Parcel's data buffer.
Bug
17312693
Change-Id: If592a260f3fcd9a56fc160e7feb2c8b44c73f514
(cherry picked from commit
27182be9f20f4f5b48316666429f09b9ecc1f22e)
Christopher Tate [Thu, 28 May 2015 00:53:02 +0000 (17:53 -0700)]
Disregard alleged binder entities beyond parcel bounds
When appending one parcel's contents to another, ignore binder
objects within the source Parcel that appear to lie beyond the
formal bounds of that Parcel's data buffer.
Bug
17312693
Change-Id: If592a260f3fcd9a56fc160e7feb2c8b44c73f514
(cherry picked from commit
27182be9f20f4f5b48316666429f09b9ecc1f22e)
Adam Lesinski [Thu, 28 May 2015 20:40:46 +0000 (20:40 +0000)]
am
9004e7f5: am
4ff0cb44: Verify that the native handle was created
* commit '
9004e7f5516c5b4a1b4178fa6a8bb4b3ca4ddcd0':
Verify that the native handle was created
Adam Lesinski [Thu, 28 May 2015 20:26:02 +0000 (20:26 +0000)]
am
4ff0cb44: Verify that the native handle was created
* commit '
4ff0cb4404db31576cd8a81ca5ef3b044d492904':
Verify that the native handle was created
Adam Lesinski [Wed, 13 May 2015 00:35:48 +0000 (17:35 -0700)]
Verify that the native handle was created
The inputs to native_handle_create can cause an overflowed allocation,
so check the return value of native_handle_create before accessing
the memory it returns.
Bug:
19334482
Change-Id: I1f489382776c2a1390793a79dc27ea17baa9b2a2
(cherry picked from commit
eaac99a7172da52a76ba48c26413778a74951b1a)
Michael Lentine [Thu, 19 Feb 2015 00:32:42 +0000 (00:32 +0000)]
am
dc2d031a: am
da9fd70d: am
2758eb2e: am
fde92eb0: Update maxNumber to be smaller.
* commit '
dc2d031a7ee05725ad3d8cab4887d6c7a4063967':
Update maxNumber to be smaller.
Michael Lentine [Thu, 19 Feb 2015 00:25:34 +0000 (00:25 +0000)]
am
da9fd70d: am
2758eb2e: am
fde92eb0: Update maxNumber to be smaller.
* commit '
da9fd70de125b0e6df4fb6285f538be9133c7b22':
Update maxNumber to be smaller.
Michael Lentine [Thu, 19 Feb 2015 00:15:40 +0000 (00:15 +0000)]
am
2758eb2e: am
fde92eb0: Update maxNumber to be smaller.
* commit '
2758eb2e67d935cf1f04e3d713438c6ac7fe8b89':
Update maxNumber to be smaller.
Michael Lentine [Thu, 19 Feb 2015 00:10:11 +0000 (00:10 +0000)]
am
fde92eb0: Update maxNumber to be smaller.
* commit '
fde92eb0ffcc37106d5fe85bf1f1ba30d8639d17':
Update maxNumber to be smaller.
Michael Lentine [Wed, 18 Feb 2015 18:14:18 +0000 (10:14 -0800)]
Update maxNumber to be smaller.
There shouldn't be more than 4096 fds (probably signficantly smaller) and
there shouldn't be more than 4096 ints.
Bug:
18076253
Change-Id: I3a3e50ee3078a4710e9737114e65afc923ed0573
Michael Lentine [Tue, 2 Dec 2014 19:15:56 +0000 (11:15 -0800)]
resolved conflicts for merge of
d6308379 to lmp-dev
Change-Id: I92ed61b6fdfe458cf5f8bfd6f0b37ff736280500
Michael Lentine [Tue, 2 Dec 2014 18:04:09 +0000 (18:04 +0000)]
am
76ebd319: am
3d89edca: am
e6f7a44e: Fix for corruption when numFds or numInts is too large.
* commit '
76ebd319d96494049a2a598f4449c0ec417220f6':
Fix for corruption when numFds or numInts is too large.
Michael Lentine [Tue, 2 Dec 2014 17:52:00 +0000 (17:52 +0000)]
am
3d89edca: am
e6f7a44e: Fix for corruption when numFds or numInts is too large.
* commit '
3d89edca65e07319c9ac3b9bb9889e80e8c40578':
Fix for corruption when numFds or numInts is too large.
Michael Lentine [Tue, 2 Dec 2014 17:45:44 +0000 (17:45 +0000)]
am
e6f7a44e: Fix for corruption when numFds or numInts is too large.
* commit '
e6f7a44e835d320593fa33052f35ea52948ff0b2':
Fix for corruption when numFds or numInts is too large.
Michael Lentine [Fri, 31 Oct 2014 22:25:03 +0000 (15:25 -0700)]
Fix for corruption when numFds or numInts is too large.
Bug:
18076253
Change-Id: I4c5935440013fc755e1d123049290383f4659fb6
Jesse Hall [Tue, 21 Oct 2014 18:09:17 +0000 (11:09 -0700)]
surfaceflinger: don't close fence fds after passing to queueBuffer
ANativeWindow::queueBuffer takes ownership of the fence fd passed to
it, and will close it before returning. SurfaceFlinger's screenshot
code was also closing the syncFd it passed to queueBuffer. Most of the
time this meant the second close() silently failed, but in a rare race
condition the file descriptor could be reused between the two
close()s.
Bug:
17946343
Change-Id: Ib74fcb1dce52cc21328059c99b7c4c76f41aa3a5
Jesse Hall [Mon, 20 Oct 2014 13:59:24 +0000 (13:59 +0000)]
Merge "bufferqueue: workaround: allow NULL fence with queueBuffer (DO NOT MERGE)" into lmp-dev
Aravind Akella [Sat, 18 Oct 2014 23:37:13 +0000 (16:37 -0700)]
Add version number to SensorService dump output.
Change-Id: I64f9482ade523ec3fafe14bff14db7196e32413f
Jesse Hall [Sun, 19 Oct 2014 04:47:04 +0000 (21:47 -0700)]
bufferqueue: workaround: allow NULL fence with queueBuffer (DO NOT MERGE)
On one device there is a bug, not yet root-caused, that causes fence
fds to not make it across binder from producer to consumer in the
IGraphicBufferProducer::queueBuffer call. Rather than returning an
error, which the producer typically treats as a fatal error, this
change allows the buffer to be queued with no fence. This avoids an
application crash at the risk of (likely single-frame) visible
corruption.
Bug:
17946343
Change-Id: I9ca89f94098c455e1e90f5f58d5336c936b04a9c
Robin Lee [Tue, 7 Oct 2014 15:55:02 +0000 (16:55 +0100)]
Migrate CA certificates to all users
Copies the /data/misc/keychain/cacert-* directories to all users on
the device, whereas previously they were simply copied to user 0.
This is a shallow copy so anything that wasn't supposed to be there
will disappear.
Bug:
17811821
Change-Id: Iae5909ab8d5efdb83c9c8fdf0e10ab7060d022cc
Lajos Molnar [Tue, 14 Oct 2014 05:56:09 +0000 (22:56 -0700)]
media: add kMetadataBufferTypeGraphicBuffer
Bug:
17935149
Change-Id: I1c26d1e83d8fa0a9ccdb25f6f3b19a86b1dc6f37
Jeff Brown [Sat, 11 Oct 2014 02:01:34 +0000 (19:01 -0700)]
Improve ANR diagnostics.
Print more details about the exact reason that an ANR has occurred.
Also start checking that the window actually has a registered
input connection that is not in a broken state. These windows
are supposed to be cleaned up by the window manager promptly
as if the app had crashed but the pattern of ANRs we are observing
suggests that broken windows might be sticking around longer than
they should.
Bug:
17721767
Change-Id: Ie2803a3fa9642381ecadc198fec15e1b70d93c20
Narayan Kamath [Wed, 8 Oct 2014 16:35:45 +0000 (17:35 +0100)]
Fix broken error check in Parcel::readBlob
mmap returns MAP_FAILED (which is -1) and not NULL on
failure.
Diagnosed by cferris.
bug:
17909809
Change-Id: I609788ebf94742ef88af002d2d3f3bc9b9e520ac
Aravind Akella [Tue, 7 Oct 2014 21:13:12 +0000 (14:13 -0700)]
Change ordering of memory allocation and calling Thread::run().
In some cases this is causing a crash as device.poll is called with
NULL.
Bug:
17896339
Change-Id: Id431599f2c661338c355c7081b6602f8449a9198
Jesse Hall [Mon, 6 Oct 2014 22:36:53 +0000 (22:36 +0000)]
Merge "Parcel: extra validation/debug code for writeDupFileDescriptor" into lmp-dev
Jesse Hall [Mon, 6 Oct 2014 16:49:45 +0000 (09:49 -0700)]
Parcel: extra validation/debug code for writeDupFileDescriptor
Temporary extra debug validation for b/
17477219: a Parcel recipient is
getting a positive but invalid fd unexpectedly. Trying to track down
where it's coming from.
Debug code for bug:
17477219
Change-Id: Idb1e71621025a3928c7adc88fd44790e1abd2a01
Aravind Akella [Fri, 3 Oct 2014 21:45:36 +0000 (21:45 +0000)]
Merge "Fix sockfd leakage in SensorService." into lmp-dev
Riley Andrews [Mon, 29 Sep 2014 20:29:40 +0000 (13:29 -0700)]
Generate the SurfaceFlinger shader cache on initialization
Blobcache is not yet enabled for surfaceflinger (as it should be).
As a temporary workaround, generate all needed shaders during
surfaceflinger initialization instead of doing the compilation
on-demand during ui transitions.
Change-Id: I14455b20a3f85f177d85c9c8b76d8ccc35379b39
Aravind Akella [Mon, 29 Sep 2014 00:52:41 +0000 (17:52 -0700)]
Fix sockfd leakage in SensorService.
i) Call removeFd() only if the fd in the BitTube has been
previously added to the Looper. Use a flag to determine whether the fd
has been previously added or not.
ii) Increment mPendingFlushEventsToSend after holding a connectionLock.
iii) Store the number of acks that are pending in SensorEventQueue
and send them all at once.
Bug:
17472228
Change-Id: I1ec834fea1112a9cfbd9cddd2198438793698502
Jesse Hall [Thu, 2 Oct 2014 23:11:08 +0000 (23:11 +0000)]
Merge "Surface: cancel the dequeued buffer when requestBuffer fails" into lmp-dev
Lajos Molnar [Thu, 2 Oct 2014 22:44:30 +0000 (22:44 +0000)]
Merge "add OMX_VIDEO_AVCLevel52 constant" into lmp-dev
Michael Lentine [Thu, 2 Oct 2014 19:01:09 +0000 (19:01 +0000)]
Merge "Add more logging for dup(fd) failure" into lmp-dev
Jesse Hall [Thu, 2 Oct 2014 18:09:03 +0000 (11:09 -0700)]
Surface: cancel the dequeued buffer when requestBuffer fails
Partial fix for bug:
17477219
Change-Id: Ibf5a9e26e02c4be8854925a77a70f5c9c7dcf6f2
OSDN Git Service
