OSDN Git Service
Andrew Scull [Fri, 13 Jan 2017 14:52:26 +0000 (14:52 +0000)]
Merge "Don't save password metrics to disk." into nyc-dev
am:
97848fc473
Change-Id: I12d9a6d18654673e5912416550c64e81aab857f9
Andrew Scull [Fri, 13 Jan 2017 13:16:09 +0000 (13:16 +0000)]
resolve merge conflicts of
e4cefbf4fce4 to nyc-dr1-dev
Change-Id: Ib536a33ba381c28397320edd516d52727e5bdacc
Andrew Scull [Fri, 13 Jan 2017 12:18:42 +0000 (12:18 +0000)]
Merge "Don't save password metrics to disk." into nyc-dev
Andrew Scull [Fri, 2 Dec 2016 16:08:09 +0000 (16:08 +0000)]
Don't save password metrics to disk.
On FBE devices, don't save the metrics to disk but compute them when the
password is first entered and only store them in RAM.
Merged-in:
5daf273b7e3272269c53eda20ce494d0e7a365b5
Bug:
32793550
Change-Id: Icee7f615167761177b224b342970a36c7d90f6ba
David Friedman [Sat, 7 Jan 2017 02:30:48 +0000 (02:30 +0000)]
Merge "Docs: Updates Javadoc documentation. Bug:
32532540" into nyc-dev
am:
101f885826
Change-Id: I5e6d948373c8f8ff2892c843329a7d2b540b8706
Dave Friedman [Sat, 7 Jan 2017 02:30:45 +0000 (02:30 +0000)]
Docs: Updates Javadoc documentation. Bug:
32532540
am:
2a3ebadcbe
Change-Id: Ibee55c5e73d9b51e5f5df24be01b0b797fa8a7a5
David Friedman [Sat, 7 Jan 2017 02:24:54 +0000 (02:24 +0000)]
Merge "Docs: Updates Javadoc documentation. Bug:
32532540" into nyc-dev
Dave Friedman [Thu, 5 Jan 2017 02:27:26 +0000 (18:27 -0800)]
Docs: Updates Javadoc documentation.
Bug:
32532540
Change-Id: Ia811d9a51812206b18b75a98f6c5a55b92627404
Kevin Hufnagle [Wed, 4 Jan 2017 01:32:24 +0000 (01:32 +0000)]
docs: Added descriptions of IAB subscription-specific settings. am:
145b377b38 am:
4418907d50
am:
c32df53fc7
Change-Id: Ib2ac681a13b8d3b80feba803f25fdc8dbdcfe4f9
Kevin Hufnagle [Wed, 4 Jan 2017 01:28:19 +0000 (01:28 +0000)]
docs: Added descriptions of IAB subscription-specific settings. am:
145b377b38
am:
4418907d50
Change-Id: I486f53410a427f373daec719bac522289d812e7a
Kevin Hufnagle [Wed, 4 Jan 2017 01:24:24 +0000 (01:24 +0000)]
docs: Added descriptions of IAB subscription-specific settings.
am:
145b377b38
Change-Id: I1b7a0885f613beb9b7baba8a6b35b59f00989ff3
Kevin Hufnagle [Wed, 4 Jan 2017 01:18:51 +0000 (01:18 +0000)]
Merge "docs: Added note - test subscriptions cannot use reserved IDs" into nyc-dev
am:
dbe9b81ef5
Change-Id: Ie08ac386f441b16451538e21dcc8d5e5052258b0
Kevin Hufnagle [Wed, 4 Jan 2017 01:18:47 +0000 (01:18 +0000)]
docs: Added note - test subscriptions cannot use reserved IDs
am:
98a11580ef
Change-Id: I2c44d24b772d3df80dabab418875a1e9842aebbf
Kevin Hufnagle [Wed, 4 Jan 2017 01:14:21 +0000 (01:14 +0000)]
Merge "docs: Added note - test subscriptions cannot use reserved IDs" into nyc-dev
Charles He [Thu, 29 Dec 2016 10:44:41 +0000 (10:44 +0000)]
Merge "Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable." into lmp-mr1-dev am:
63a27d773b am:
1422a6074d am:
a1d59972ad am:
f027831c6b am:
5c74a1e9bb am:
1d84f619bf
am:
0e2e913b04
Change-Id: I02047ef2536a6a77df84e1b203d3b5ee55439e32
Charles He [Thu, 29 Dec 2016 10:43:40 +0000 (10:43 +0000)]
Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable. am:
71d2a41dd9 am:
d0339c6e8f am:
6aa436bef2 am:
76ca2da7e8 am:
0cc0219089 am:
ced5ab190c
am:
3cc7f6acdc
Change-Id: I98e65fcf8180e5187a92e8d5b888eb794f89ab6d
Charles He [Thu, 29 Dec 2016 10:42:32 +0000 (10:42 +0000)]
Merge "Prevent writing to FRP partition during factory reset." into lmp-mr1-dev am:
4bd97eb888 am:
a8484b4f92 am:
d7f2a4b0c7 am:
b64af9bacd am:
e15e0de7e5 am:
6bb6f02a15
am:
03fa83e216
Change-Id: I8f10fcf6b604848f68ecc086dd3723841e07ef8c
Charles He [Thu, 29 Dec 2016 10:41:25 +0000 (10:41 +0000)]
Prevent writing to FRP partition during factory reset. am:
a9437bd1ca am:
2ce5c4320d am:
133ff4d611 am:
00a581f882 am:
e5156ec1e9 am:
9a47fa7fc0
am:
8bcdab7e6f
Change-Id: I6e41bfad4ce66ca80bca636a5fb4ddc85b71e83a
Charles He [Thu, 29 Dec 2016 10:37:45 +0000 (10:37 +0000)]
Merge "Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable." into lmp-mr1-dev am:
63a27d773b am:
1422a6074d am:
a1d59972ad am:
f027831c6b am:
5c74a1e9bb
am:
1d84f619bf
Change-Id: Ic189edc98c3079ca98b258d08a5821b9c97dc027
Charles He [Thu, 29 Dec 2016 10:36:32 +0000 (10:36 +0000)]
Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable. am:
71d2a41dd9 am:
d0339c6e8f am:
6aa436bef2 am:
76ca2da7e8 am:
0cc0219089
am:
ced5ab190c
Change-Id: I59602f83fd659ce5192636d0e66feae217997d7c
Charles He [Thu, 29 Dec 2016 10:35:19 +0000 (10:35 +0000)]
Merge "Prevent writing to FRP partition during factory reset." into lmp-mr1-dev am:
4bd97eb888 am:
a8484b4f92 am:
d7f2a4b0c7 am:
b64af9bacd am:
e15e0de7e5
am:
6bb6f02a15
Change-Id: I849811a3be2c6989edea3ed6f938b4b36a4fabe7
Charles He [Thu, 29 Dec 2016 10:34:04 +0000 (10:34 +0000)]
Prevent writing to FRP partition during factory reset. am:
a9437bd1ca am:
2ce5c4320d am:
133ff4d611 am:
00a581f882 am:
e5156ec1e9
am:
9a47fa7fc0
Change-Id: Ifb9f5b177f7c031352e6e9cf308e6295f7c60074
Charles He [Thu, 29 Dec 2016 10:28:57 +0000 (10:28 +0000)]
Merge "Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable." into lmp-mr1-dev am:
63a27d773b am:
1422a6074d am:
a1d59972ad am:
f027831c6b
am:
5c74a1e9bb
Change-Id: Ie15d3c1927f17a36ed6d6bbe4b96c986536be3c7
Charles He [Thu, 29 Dec 2016 10:27:52 +0000 (10:27 +0000)]
Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable. am:
71d2a41dd9 am:
d0339c6e8f am:
6aa436bef2 am:
76ca2da7e8
am:
0cc0219089
Change-Id: Id72d64d9356e362f35062bc6e45071b2be308558
Charles He [Thu, 29 Dec 2016 10:26:51 +0000 (10:26 +0000)]
Merge "Prevent writing to FRP partition during factory reset." into lmp-mr1-dev am:
4bd97eb888 am:
a8484b4f92 am:
d7f2a4b0c7 am:
b64af9bacd
am:
e15e0de7e5
Change-Id: I12af619f1fce710f643387dca3e06c1c4b5258d3
Charles He [Thu, 29 Dec 2016 10:25:50 +0000 (10:25 +0000)]
Prevent writing to FRP partition during factory reset. am:
a9437bd1ca am:
2ce5c4320d am:
133ff4d611 am:
00a581f882
am:
e5156ec1e9
Change-Id: I62b79fe7ef5a2febce27729f4709a599832cb3da
Charles He [Thu, 29 Dec 2016 10:21:47 +0000 (10:21 +0000)]
Merge "Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable." into lmp-mr1-dev am:
63a27d773b am:
1422a6074d am:
a1d59972ad
am:
f027831c6b
Change-Id: I49d10d41d5b89c97a2f418ccaed44eeae720bb22
Charles He [Thu, 29 Dec 2016 10:20:47 +0000 (10:20 +0000)]
Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable. am:
71d2a41dd9 am:
d0339c6e8f am:
6aa436bef2
am:
76ca2da7e8
Change-Id: I9e20b2954ccb462cee31cb5ea44986c00afadbff
Charles He [Thu, 29 Dec 2016 10:19:49 +0000 (10:19 +0000)]
Merge "Prevent writing to FRP partition during factory reset." into lmp-mr1-dev am:
4bd97eb888 am:
a8484b4f92 am:
d7f2a4b0c7
am:
b64af9bacd
Change-Id: I261c46544e8e1aef26772d57475037810198e4d9
Charles He [Thu, 29 Dec 2016 10:18:49 +0000 (10:18 +0000)]
Prevent writing to FRP partition during factory reset. am:
a9437bd1ca am:
2ce5c4320d am:
133ff4d611
am:
00a581f882
Change-Id: I016955744e48d7a91380c2ff39f7c64536a39c7e
Charles He [Thu, 29 Dec 2016 10:14:26 +0000 (10:14 +0000)]
Merge "Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable." into lmp-mr1-dev am:
63a27d773b am:
1422a6074d
am:
a1d59972ad
Change-Id: I027ab6594b563204515677fca9c256251b7067cd
Charles He [Thu, 29 Dec 2016 10:13:27 +0000 (10:13 +0000)]
Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable. am:
71d2a41dd9 am:
d0339c6e8f
am:
6aa436bef2
Change-Id: I994b2fe070091a32beffff9dbf11b907b7878fe8
Charles He [Thu, 29 Dec 2016 10:12:24 +0000 (10:12 +0000)]
Merge "Prevent writing to FRP partition during factory reset." into lmp-mr1-dev am:
4bd97eb888 am:
a8484b4f92
am:
d7f2a4b0c7
Change-Id: I3019f9751b69809d3cb66061753f0b76085b235b
Charles He [Thu, 29 Dec 2016 10:11:20 +0000 (10:11 +0000)]
Prevent writing to FRP partition during factory reset. am:
a9437bd1ca am:
2ce5c4320d
am:
133ff4d611
Change-Id: I54b163f645f561243aac3df1a55c1023531997b3
Charles He [Thu, 29 Dec 2016 10:07:20 +0000 (10:07 +0000)]
Merge "Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable." into lmp-mr1-dev am:
63a27d773b
am:
1422a6074d
Change-Id: I2f3bf02f57c5f00964e645321467977b4ef498a7
Charles He [Thu, 29 Dec 2016 10:06:14 +0000 (10:06 +0000)]
Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable. am:
71d2a41dd9
am:
d0339c6e8f
Change-Id: I0dbec3edf704821eb4605a48b770461eb99ddae7
Charles He [Thu, 29 Dec 2016 10:05:02 +0000 (10:05 +0000)]
Merge "Prevent writing to FRP partition during factory reset." into lmp-mr1-dev am:
4bd97eb888
am:
a8484b4f92
Change-Id: Id5a9576ab6e37e3744a59d904909d11f668d0e06
Charles He [Thu, 29 Dec 2016 10:03:53 +0000 (10:03 +0000)]
Prevent writing to FRP partition during factory reset. am:
a9437bd1ca
am:
2ce5c4320d
Change-Id: I29339a634fd22cd46bfc08619464da8fe159a2b7
Charles He [Thu, 29 Dec 2016 09:50:26 +0000 (09:50 +0000)]
Merge "Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable." into lmp-mr1-dev
am:
63a27d773b
Change-Id: I01d332678c1c3fe57ed36062a9ed01b5f368a55d
Charles He [Thu, 29 Dec 2016 09:50:20 +0000 (09:50 +0000)]
Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable.
am:
71d2a41dd9
Change-Id: Iab575b1efdd720c9cf9e32e0b056c99eff98deab
Charles He [Thu, 29 Dec 2016 09:48:50 +0000 (09:48 +0000)]
Merge "Prevent writing to FRP partition during factory reset." into lmp-mr1-dev
am:
4bd97eb888
Change-Id: I607f7ca9e160c4eed69a5baeff6b31d6db7c6b03
Charles He [Thu, 29 Dec 2016 09:48:45 +0000 (09:48 +0000)]
Prevent writing to FRP partition during factory reset.
am:
a9437bd1ca
Change-Id: Ib0b8db2357317dc3e680910c08f15f098baf2af9
Charles He [Thu, 29 Dec 2016 09:43:10 +0000 (09:43 +0000)]
Merge "Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable." into lmp-mr1-dev
Charles He [Thu, 29 Dec 2016 09:42:25 +0000 (09:42 +0000)]
Merge "Prevent writing to FRP partition during factory reset." into lmp-mr1-dev
Tom O'Neill [Thu, 22 Dec 2016 17:54:44 +0000 (17:54 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e am:
d417e54872 am:
3380a77516 am:
0a8978f04b am:
1684e5f344 am:
d28eef0cc2 am:
1f458fdc66 am:
d82f8a67fc am:
1ac8affd51 am:
56098f81b6
am:
7cec76de0f
Change-Id: I9168d45717c26e71bb356dd7304276e23c519bd9
Tom O'Neill [Thu, 22 Dec 2016 17:44:46 +0000 (17:44 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e am:
d417e54872 am:
3380a77516 am:
0a8978f04b am:
1684e5f344 am:
d28eef0cc2 am:
1f458fdc66 am:
d82f8a67fc am:
1ac8affd51
am:
56098f81b6
Change-Id: I14fcacaede569580c8ca8e5bbbebb408ddcce76a
Tom O'Neill [Thu, 22 Dec 2016 17:39:18 +0000 (17:39 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e am:
d417e54872 am:
3380a77516 am:
0a8978f04b am:
1684e5f344 am:
d28eef0cc2 am:
1f458fdc66 am:
d82f8a67fc
am:
1ac8affd51
Change-Id: I965c900e266a9189c595612cef6ddac839498949
Tom O'Neill [Thu, 22 Dec 2016 17:34:11 +0000 (17:34 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e am:
d417e54872 am:
3380a77516 am:
0a8978f04b am:
1684e5f344 am:
d28eef0cc2 am:
1f458fdc66
am:
d82f8a67fc
Change-Id: I25e43680e464c5169e8a5b9e8151b0dab2d2cf86
Tom O'Neill [Thu, 22 Dec 2016 17:29:05 +0000 (17:29 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e am:
d417e54872 am:
3380a77516 am:
0a8978f04b am:
1684e5f344 am:
d28eef0cc2
am:
1f458fdc66
Change-Id: I61d4b25ee0264397693f30e2091997c058d0c5fc
Tom O'Neill [Thu, 22 Dec 2016 17:23:39 +0000 (17:23 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e am:
d417e54872 am:
3380a77516 am:
0a8978f04b am:
1684e5f344
am:
d28eef0cc2
Change-Id: If937d91cee2bb06406cf3cd1ae6ac3402a51e88d
Tom O'Neill [Thu, 22 Dec 2016 17:19:10 +0000 (17:19 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e am:
d417e54872 am:
3380a77516 am:
0a8978f04b
am:
1684e5f344
Change-Id: I0ebd2856e2e2f3793273ba952b44dc77e85b021e
Tom O'Neill [Thu, 22 Dec 2016 17:14:05 +0000 (17:14 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e am:
d417e54872 am:
3380a77516
am:
0a8978f04b
Change-Id: I693665a57465ec57f946fad57cda9ce48389408f
Tom O'Neill [Thu, 22 Dec 2016 17:09:09 +0000 (17:09 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e am:
d417e54872
am:
3380a77516
Change-Id: Ice61f337e1fcfd0569431538e475d94f9d205423
Tom O'Neill [Thu, 22 Dec 2016 17:04:07 +0000 (17:04 +0000)]
Fix exploit where can hide the fact that a location was mocked am:
a206a0f17e
am:
d417e54872
Change-Id: I2f47020055f962b36f095137d75c9cbfe6b1a6db
Tom O'Neill [Thu, 22 Dec 2016 16:58:33 +0000 (16:58 +0000)]
Fix exploit where can hide the fact that a location was mocked
am:
a206a0f17e
Change-Id: Ib3af056919a4b909d3d11dd3fe2b46eaa7cdf0f4
Joe Fernandez [Sat, 17 Dec 2016 04:26:02 +0000 (04:26 +0000)]
docs: Add deprecation message for the developer.android.com docs
am:
b9bd6cca9e
Change-Id: I3ba7d4519c491bdf09836f096106b4a6bc52e116
Svet Ganov [Sat, 17 Dec 2016 03:21:28 +0000 (03:21 +0000)]
[DO NOT MERGE] Fix vulnerability in MemoryIntArray - fix build file
am:
c3db570a00 -s ours
Change-Id: I63b03cd2b057f95aefab23cdb4a29766ec304544
Joe Fernandez [Sat, 17 Dec 2016 02:20:56 +0000 (18:20 -0800)]
docs: Add deprecation message for the developer.android.com docs
Change-Id: Ia091df49099482696abbc3a596cf1787ca904d67
Svet Ganov [Thu, 15 Dec 2016 22:51:17 +0000 (14:51 -0800)]
[DO NOT MERGE] Fix vulnerability in MemoryIntArray - fix build file
bug:
33039926
bug:
33042690
Change-Id: If0431b77ec546c72f8cc25bb605a851572bb22a6
Tom O'Neill [Thu, 15 Dec 2016 18:26:28 +0000 (10:26 -0800)]
Fix exploit where can hide the fact that a location was mocked
- Even if call setTestProviderLocation() with inconsistent providers,
should still end up with a location that is flagged as mocked
- Bug:
33091107
Change-Id: I39e038f25b975989c2e8651bfd9ec9e74073e6cd
Julius D'souza [Wed, 14 Dec 2016 19:06:29 +0000 (19:06 +0000)]
fix case issues with mGoingIdleWakeLock in DeviceIdleController am:
e6f8cb29ec -s ours am:
7a69e8f3d8
am:
af0b547fc7
Change-Id: I23ef765ebbd2dde2110946fcc46c6b61e11733f2
Julius D'souza [Wed, 14 Dec 2016 19:00:38 +0000 (19:00 +0000)]
fix case issues with mGoingIdleWakeLock in DeviceIdleController am:
e6f8cb29ec -s ours
am:
7a69e8f3d8
Change-Id: I581e1cd6ef0dec7042802b29dd76db8ffc02cec3
Julius D'souza [Wed, 14 Dec 2016 18:54:02 +0000 (18:54 +0000)]
fix case issues with mGoingIdleWakeLock in DeviceIdleController
am:
e6f8cb29ec -s ours
Change-Id: Ia7bdba0fd3d52bb2d7c33f81d376336563f3a5cb
Julius D'souza [Wed, 14 Dec 2016 18:30:25 +0000 (10:30 -0800)]
fix case issues with mGoingIdleWakeLock in DeviceIdleController
Bug:
31900521
Change-Id: I9484b10f0e6b99dfaf11266bb275a31d7ff3868c
Julius D'souza [Wed, 14 Dec 2016 17:56:53 +0000 (17:56 +0000)]
DO NOT MERGE ANYWHERE: Hold a wake lock while DeviceIdleController is going idle. am:
f9f39cc4a8 -s ours am:
589f83e686 -s ours
am:
495aa09cc6 -s ours
Change-Id: I0f1a50fac9a6fc8a5c21b890aaa3aea5ea2aca74
Julius D'souza [Wed, 14 Dec 2016 17:51:28 +0000 (17:51 +0000)]
DO NOT MERGE ANYWHERE: Hold a wake lock while DeviceIdleController is going idle. am:
f9f39cc4a8 -s ours
am:
589f83e686 -s ours
Change-Id: I76a619ed9824174735d0a86c55fe13a3d6e90ec5
Julius D'souza [Wed, 14 Dec 2016 17:44:27 +0000 (17:44 +0000)]
DO NOT MERGE ANYWHERE: Hold a wake lock while DeviceIdleController is going idle.
am:
f9f39cc4a8 -s ours
Change-Id: Ibd0b18a9e833afcc85845f4db57a927e80739cc2
Charles He [Thu, 1 Dec 2016 19:22:33 +0000 (19:22 +0000)]
Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable.
Change-Id: I1024f2a56badde5c123d025d6fe02f42559cbcb1
Test: manual
Bug:
30352311
(cherry picked from commit
f6f1d627483b4dad9d65176769a1ee92c59a4810)
Charles He [Thu, 24 Nov 2016 14:05:00 +0000 (14:05 +0000)]
Prevent writing to FRP partition during factory reset.
Avoid potential race condition between FRP wipe and write operations
during factory reset by making the FRP partition unwritable after
wipe.
Bug:
30352311
Test: manual
Change-Id: If3f024a1611366c0677a996705724458094fcfad
(cherry picked from commit
a629c772f4a7a5ddf7ff9f78fb19f7ab86c2a9c2)
Julius D'souza [Tue, 13 Dec 2016 01:15:17 +0000 (17:15 -0800)]
DO NOT MERGE ANYWHERE: Hold a wake lock while DeviceIdleController
is going idle.
The inputs to DeviceIdleController (alarm manager, sensors)
hold wake locks while they call it. But then the real work
happens in a handler which is outside of the wakelock, so
listeners don't get a chance to run right away, which in
the case of NetworkPolicyManager means the device is in a
higher power state than it should be.
It's not clear that this will 100% fix the bug, because
NetworkPolicyManagerService also has its own internal
Handler, and isn't holding its own wakelock for this,
but this change allows NPMS to be fixed if it really
needed to be.
Bug:
31900521
Change-Id: I706045aa189147824c9214c57abc13993aee9a5b
Svetoslav Ganov [Thu, 8 Dec 2016 23:58:02 +0000 (23:58 +0000)]
Fix vulnerability in MemoryIntArray
MemoryIntArray was using the size of the undelying
ashmem region to mmap the data but the ashmem size
can be changed until the former is memory mapped.
Since we use the ashmem region size for boundary
checking and memory unmapping if it does not match
the size used while mapping an attacker can force
the system to unmap memory or to access undefined
memory and crash.
Also we were passing the memory address where the
ashmem region is mapped in the owner process to
support cases where the client can pass back the
MemoryIntArray instance. This allows an attacker
to put invalid address and cause arbitrary memory
to be freed.
Now we no longer support passing back the instance
to the owner process (the passed back instance is
read only), so no need to pass the memory adress
of the owner's mapping, thus not allowing freeing
arbitrary memory.
Further, we now check the memory mapped size against
the size of the underlying ashmem region after we do
the memory mapping (to fix the ahsmem size) and if
an attacker changed the size under us we throw.
Tests: Updated the tests and they pass.
bug:
33039926
bug:
33042690
Change-Id: Ibf56827209a9b791aa83ae679219baf829ffc2ac
Bill Napier [Thu, 8 Dec 2016 22:22:38 +0000 (22:22 +0000)]
Revert "Fix vulnerability in MemoryIntArray am:
a97171ec49"
This reverts commit
fb12dd509f8e106d034f67c2e404845128128994.
Change-Id: I9e1b22b8df0e754095541a758096cba279a81ab1
Svetoslav Ganov [Thu, 8 Dec 2016 21:37:33 +0000 (21:37 +0000)]
Fix vulnerability in MemoryIntArray
am:
a97171ec49
Change-Id: Ifa2221a9b8ca705ef0239d61772938ac11761ce2
Svetoslav Ganov [Thu, 8 Dec 2016 19:48:19 +0000 (11:48 -0800)]
Fix vulnerability in MemoryIntArray
MemoryIntArray was using the size of the undelying
ashmem region to mmap the data but the ashmem size
can be changed until the former is memory mapped.
Since we use the ashmem region size for boundary
checking and memory unmapping if it does not match
the size used while mapping an attacker can force
the system to unmap memory or to access undefined
memory and crash.
Also we were passing the memory address where the
ashmem region is mapped in the owner process to
support cases where the client can pass back the
MemoryIntArray instance. This allows an attacker
to put invalid address and cause arbitrary memory
to be freed.
Now we no longer support passing back the instance
to the owner process (the passed back instance is
read only), so no need to pass the memory adress
of the owner's mapping, thus not allowing freeing
arbitrary memory.
Further, we now check the memory mapped size against
the size of the underlying ashmem region after we do
the memory mapping (to fix the ahsmem size) and if
an attacker changed the size under us we throw.
Tests: Updated the tests and they pass.
bug:
33039926
bug:
33042690
Change-Id: I1004579181ff7a223ef659e85c46100c47ab2409
Svetoslav Ganov [Thu, 8 Dec 2016 02:29:00 +0000 (02:29 +0000)]
Revert "Fix vulnerability in MemoryIntArray"
am:
1f06508bc6
Change-Id: Id387817495b1857f304203c8487da3db49bdd0e4
Svetoslav Ganov [Thu, 8 Dec 2016 02:17:40 +0000 (02:17 +0000)]
Revert "Fix vulnerability in MemoryIntArray"
This reverts commit
4694cad51122c20880d00389ef95833d7a14b358.
Change-Id: I235ea3c4bd86d90bf97bc1a2d023f4780251e570
Svetoslav Ganov [Thu, 8 Dec 2016 01:49:21 +0000 (01:49 +0000)]
Fix vulnerability in MemoryIntArray
am:
4694cad511
Change-Id: I64257a851c06e4a333056ee132ff8a2ea29aef5c
Aart Bik [Thu, 8 Dec 2016 01:36:50 +0000 (01:36 +0000)]
Revert "Fix vulnerability in MemoryIntArray"
am:
29139a8ae5
Change-Id: I3975cfc51bd03a65855c113dfdb827d24471e0ba
Svetoslav Ganov [Thu, 8 Dec 2016 01:30:38 +0000 (01:30 +0000)]
Fix vulnerability in MemoryIntArray
MemoryIntArray was using the size of the undelying
ashmem region to mmap the data but the ashmem size
can be changed until the former is memory mapped.
Since we use the ashmem region size for boundary
checking and memory unmapping if it does not match
the size used while mapping an attacker can force
the system to unmap memory or to access undefined
memory and crash.
Also we were passing the memory address where the
ashmem region is mapped in the owner process to
support cases where the client can pass back the
MemoryIntArray instance. This allows an attacker
to put invalid address and cause arbitrary memory
to be freed.
Now we no longer support passing back the instance
to the owner process (the passed back instance is
read only), so no need to pass the memory adress
of the owner's mapping, thus not allowing freeing
arbitrary memory.
Further, we now check the memory mapped size against
the size of the underlying ashmem region after we do
the memory mapping (to fix the ahsmem size) and if
an attacker changed the size under us we throw.
Tests: Updated the tests and they pass.
bug:
33039926
bug:
33042690
Change-Id: Id7f0e8a4c861b0b9fa796767e0c22d96633b14d1
Aart Bik [Thu, 8 Dec 2016 01:05:35 +0000 (01:05 +0000)]
Revert "Fix vulnerability in MemoryIntArray"
This reverts commit
86dfa094de773670743d41c3e3156eace8e403a3.
BROKE BUILD (as shown in some treehugger builds)
frameworks/base/core/java/android/util/MemoryIntArray.java:84: error: cannot find symbol
mCloseGuard.open("close");
^
bug:
33039926
bug:
33042690
Change-Id: Ief875e543ec849fe55c747fb1ed5253f0cd9a122
Svetoslav Ganov [Thu, 8 Dec 2016 00:42:18 +0000 (00:42 +0000)]
Fix vulnerability in MemoryIntArray
am:
86dfa094de
Change-Id: I664782bea6e2b941ba94e51c65afd7e9b0f95f8d
Svetoslav Ganov [Wed, 7 Dec 2016 23:19:09 +0000 (15:19 -0800)]
Fix vulnerability in MemoryIntArray
MemoryIntArray was using the size of the undelying
ashmem region to mmap the data but the ashmem size
can be changed until the former is memory mapped.
Since we use the ashmem region size for boundary
checking and memory unmapping if it does not match
the size used while mapping an attacker can force
the system to unmap memory or to access undefined
memory and crash.
Also we were passing the memory address where the
ashmem region is mapped in the owner process to
support cases where the client can pass back the
MemoryIntArray instance. This allows an attacker
to put invalid address and cause arbitrary memory
to be freed.
Now we no longer support passing back the instance
to the owner process (the passed back instance is
read only), so no need to pass the memory adress
of the owner's mapping, thus not allowing freeing
arbitrary memory.
Further, we now check the memory mapped size against
the size of the underlying ashmem region after we do
the memory mapping (to fix the ahsmem size) and if
an attacker changed the size under us we throw.
Tests: Updated the tests and they pass.
bug:
33039926
bug:
33042690
Change-Id: Ie267646eb88014034fbd048d7a9bc273420c7eff
Jeff Sharkey [Fri, 2 Dec 2016 19:55:09 +0000 (19:55 +0000)]
Merge "DO NOT MERGE. Check provider access for content changes." into lmp-dev am:
ae7d4b1339 -s ours am:
ce477912a2 am:
920b02a94f -s ours am:
aff9286bd6 am:
37ff2d56bf am:
56247334f8 am:
923aef8e02 -s ours
am:
f199d511c3
Change-Id: I990a5459cd64bbc0e2ede2d3b5899163d12818f4
Jeff Sharkey [Fri, 2 Dec 2016 19:54:12 +0000 (19:54 +0000)]
DO NOT MERGE. Check provider access for content changes. am:
9b85862620 -s ours am:
9277cce7fa am:
a1d1ecbe05 -s ours am:
928c09cd8e am:
5267b63325 am:
a51ebb828a am:
acfda3d71a -s ours
am:
0eaa192436
Change-Id: Ie0fe9fd6770c94d56b3af10902c44c52d9a2f2a3
Jeff Sharkey [Fri, 2 Dec 2016 19:53:09 +0000 (19:53 +0000)]
Merge "DO NOT MERGE. Check provider access for content changes." into lmp-mr1-dev am:
6b89229d14 am:
a7efe16fe1 -s ours am:
f1085f2dc8 am:
c130d7fd5e am:
948841362a am:
7e54dc58d4 -s ours
am:
3fa188bd8f
Change-Id: Ibae31cd6439c2fdfcc9d333ca23bd466a7730218
Jeff Sharkey [Fri, 2 Dec 2016 19:52:04 +0000 (19:52 +0000)]
DO NOT MERGE. Check provider access for content changes. am:
91add43ae7 am:
792d49dfb5 -s ours am:
32af84320b am:
8b5fa0c0c0 am:
d081cb0ab7 am:
cd35e746dc -s ours
am:
836b54e6bb
Change-Id: Ib546b18b5373aaf8e429a3e8668a23a9d3b5c411
Jeff Sharkey [Fri, 2 Dec 2016 19:46:36 +0000 (19:46 +0000)]
Merge "DO NOT MERGE. Check provider access for content changes." into lmp-dev am:
ae7d4b1339 -s ours am:
ce477912a2 am:
920b02a94f -s ours am:
aff9286bd6 am:
37ff2d56bf am:
56247334f8
am:
923aef8e02 -s ours
Change-Id: Ia0d0ac5ed1f8a84bd9158530fde499f91ac7f411
Jeff Sharkey [Fri, 2 Dec 2016 19:45:33 +0000 (19:45 +0000)]
DO NOT MERGE. Check provider access for content changes. am:
9b85862620 -s ours am:
9277cce7fa am:
a1d1ecbe05 -s ours am:
928c09cd8e am:
5267b63325 am:
a51ebb828a
am:
acfda3d71a -s ours
Change-Id: I0857c3cdd2e471ad04dbafc22a7898168a615a24
Jeff Sharkey [Fri, 2 Dec 2016 19:44:38 +0000 (19:44 +0000)]
Merge "DO NOT MERGE. Check provider access for content changes." into lmp-mr1-dev am:
6b89229d14 am:
a7efe16fe1 -s ours am:
f1085f2dc8 am:
c130d7fd5e am:
948841362a
am:
7e54dc58d4 -s ours
Change-Id: I3dce2baad70e1d9d606c27534f4ff4e9435f2445
Jeff Sharkey [Fri, 2 Dec 2016 19:43:33 +0000 (19:43 +0000)]
DO NOT MERGE. Check provider access for content changes. am:
91add43ae7 am:
792d49dfb5 -s ours am:
32af84320b am:
8b5fa0c0c0 am:
d081cb0ab7
am:
cd35e746dc -s ours
Change-Id: I12608bbd9173dc053df967174bc59f9297a151c2
Jeff Sharkey [Fri, 2 Dec 2016 19:29:15 +0000 (19:29 +0000)]
Merge "DO NOT MERGE. Check provider access for content changes." into lmp-dev am:
ae7d4b1339 -s ours am:
ce477912a2 am:
920b02a94f -s ours am:
aff9286bd6 am:
37ff2d56bf
am:
56247334f8
Change-Id: I8bf5769fbb68fb10a4acd2c557dc1c66a3c448df
Jeff Sharkey [Fri, 2 Dec 2016 19:28:18 +0000 (19:28 +0000)]
DO NOT MERGE. Check provider access for content changes. am:
9b85862620 -s ours am:
9277cce7fa am:
a1d1ecbe05 -s ours am:
928c09cd8e am:
5267b63325
am:
a51ebb828a
Change-Id: Ic67fac2e28ab776632a98e3556c46826d7335a91
Jeff Sharkey [Fri, 2 Dec 2016 19:27:23 +0000 (19:27 +0000)]
Merge "DO NOT MERGE. Check provider access for content changes." into lmp-mr1-dev am:
6b89229d14 am:
a7efe16fe1 -s ours am:
f1085f2dc8 am:
c130d7fd5e
am:
948841362a
Change-Id: I66fdc5fb2ca169453b6b2f5dc7d6c10360aea709
Jeff Sharkey [Fri, 2 Dec 2016 19:26:28 +0000 (19:26 +0000)]
DO NOT MERGE. Check provider access for content changes. am:
91add43ae7 am:
792d49dfb5 -s ours am:
32af84320b am:
8b5fa0c0c0
am:
d081cb0ab7
Change-Id: I3fc3458a9050e1ee9cb57b9348d67ccd3ce71037
Jeff Sharkey [Fri, 2 Dec 2016 19:13:31 +0000 (19:13 +0000)]
Merge "DO NOT MERGE. Check provider access for content changes." into lmp-dev am:
ae7d4b1339 -s ours am:
ce477912a2 am:
920b02a94f -s ours am:
aff9286bd6
am:
37ff2d56bf
Change-Id: I0ff63a0da9300799a8df538fcefaf0d27ea2be00
Jeff Sharkey [Fri, 2 Dec 2016 19:12:33 +0000 (19:12 +0000)]
DO NOT MERGE. Check provider access for content changes. am:
9b85862620 -s ours am:
9277cce7fa am:
a1d1ecbe05 -s ours am:
928c09cd8e
am:
5267b63325
Change-Id: I3cab573840604be9c44e85998c4b1a579d07aee4
Jeff Sharkey [Fri, 2 Dec 2016 19:12:00 +0000 (19:12 +0000)]
Merge "DO NOT MERGE: Check provider access for content changes." into mnc-dev am:
8e14278209 am:
a80cbeeee2 am:
44e8914f8b am:
26f78f5836 -s ours
am:
99b97e5ed1
Change-Id: I1812de0dd036142fae97145361fdf5da50e61536
Jeff Sharkey [Fri, 2 Dec 2016 19:11:29 +0000 (19:11 +0000)]
Merge "DO NOT MERGE. Check provider access for content changes." into lmp-mr1-dev am:
6b89229d14 am:
a7efe16fe1 -s ours am:
f1085f2dc8
am:
c130d7fd5e
Change-Id: I15e9c5f864ec67c8bf5901fcc46abe0c7b362a6e
Jeff Sharkey [Fri, 2 Dec 2016 19:10:36 +0000 (19:10 +0000)]
DO NOT MERGE: Check provider access for content changes. am:
4ddbf942a0 am:
190e20c2b5 am:
74b36307a0 am:
4ad177829a -s ours
am:
c067e76bba
Change-Id: I36e17906c43408126d1acabde89bf7ec04e16aab
Jeff Sharkey [Fri, 2 Dec 2016 19:10:35 +0000 (19:10 +0000)]
DO NOT MERGE. Check provider access for content changes. am:
91add43ae7 am:
792d49dfb5 -s ours am:
32af84320b
am:
8b5fa0c0c0
Change-Id: Ie5bb120bcd900c2032e47f0ae3e1c710c083ae2e
OSDN Git Service
