Merge tag 'android-8.1.0_r53' into oreo-x86

author Chih-Wei Huang <cwhuang@linux.org.tw>

Fri, 21 Dec 2018 08:57:42 +0000 (16:57 +0800)

committer Chih-Wei Huang <cwhuang@linux.org.tw>

Fri, 21 Dec 2018 08:57:42 +0000 (16:57 +0800)
author Chih-Wei Huang <cwhuang@linux.org.tw>
Fri, 21 Dec 2018 08:57:42 +0000 (16:57 +0800)
committer Chih-Wei Huang <cwhuang@linux.org.tw>
Fri, 21 Dec 2018 08:57:42 +0000 (16:57 +0800)
diff --git a/core/java/android/content/ContentProvider.java b/core/java/android/content/ContentProvider.java

index cdeaea3..e2c898d 100644 (file)
--- a/core/java/android/content/ContentProvider.java
+++ b/core/java/android/content/ContentProvider.java
@@ -54,6 +54,7 @@ import java.io.IOException;
  import java.io.PrintWriter;
  import java.util.ArrayList;
  import java.util.Arrays;
+import java.util.Objects;
  
  /**
   * Content providers are one of the primary building blocks of Android applications, providing
@@ -208,7 +209,7 @@ public abstract class ContentProvider implements ComponentCallbacks2 {
          @Override
          public Cursor query(String callingPkg, Uri uri, @Nullable String[] projection,
                  @Nullable Bundle queryArgs, @Nullable ICancellationSignal cancellationSignal) {
-            validateIncomingUri(uri);
+            uri = validateIncomingUri(uri);
              uri = maybeGetUriWithoutUserId(uri);
              if (enforceReadPermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) {
                  // The caller has no access to the data, so return an empty cursor with
@@ -247,14 +248,14 @@ public abstract class ContentProvider implements ComponentCallbacks2 {
  
          @Override
          public String getType(Uri uri) {
-            validateIncomingUri(uri);
+            uri = validateIncomingUri(uri);
              uri = maybeGetUriWithoutUserId(uri);
              return ContentProvider.this.getType(uri);
          }
  
          @Override
          public Uri insert(String callingPkg, Uri uri, ContentValues initialValues) {
-            validateIncomingUri(uri);
+            uri = validateIncomingUri(uri);
              int userId = getUserIdFromUri(uri);
              uri = maybeGetUriWithoutUserId(uri);
              if (enforceWritePermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) {
@@ -270,7 +271,7 @@ public abstract class ContentProvider implements ComponentCallbacks2 {
  
          @Override
          public int bulkInsert(String callingPkg, Uri uri, ContentValues[] initialValues) {
-            validateIncomingUri(uri);
+            uri = validateIncomingUri(uri);
              uri = maybeGetUriWithoutUserId(uri);
              if (enforceWritePermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) {
                  return 0;
@@ -292,11 +293,12 @@ public abstract class ContentProvider implements ComponentCallbacks2 {
              for (int i = 0; i < numOperations; i++) {
                  ContentProviderOperation operation = operations.get(i);
                  Uri uri = operation.getUri();
-                validateIncomingUri(uri);
                  userIds[i] = getUserIdFromUri(uri);
-                if (userIds[i] != UserHandle.USER_CURRENT) {
-                    // Removing the user id from the uri.
-                    operation = new ContentProviderOperation(operation, true);
+                uri = validateIncomingUri(uri);
+                uri = maybeGetUriWithoutUserId(uri);
+                // Rebuild operation if we changed the Uri above
+                if (!Objects.equals(operation.getUri(), uri)) {
+                    operation = new ContentProviderOperation(operation, uri);
                      operations.set(i, operation);
                  }
                  if (operation.isReadOperation()) {
@@ -331,7 +333,7 @@ public abstract class ContentProvider implements ComponentCallbacks2 {
  
          @Override
          public int delete(String callingPkg, Uri uri, String selection, String[] selectionArgs) {
-            validateIncomingUri(uri);
+            uri = validateIncomingUri(uri);
              uri = maybeGetUriWithoutUserId(uri);
              if (enforceWritePermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) {
                  return 0;
@@ -347,7 +349,7 @@ public abstract class ContentProvider implements ComponentCallbacks2 {
          @Override
          public int update(String callingPkg, Uri uri, ContentValues values, String selection,
                  String[] selectionArgs) {
-            validateIncomingUri(uri);
+            uri = validateIncomingUri(uri);
              uri = maybeGetUriWithoutUserId(uri);
              if (enforceWritePermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) {
                  return 0;
@@ -364,7 +366,7 @@ public abstract class ContentProvider implements ComponentCallbacks2 {
          public ParcelFileDescriptor openFile(
                  String callingPkg, Uri uri, String mode, ICancellationSignal cancellationSignal,
                  IBinder callerToken) throws FileNotFoundException {
-            validateIncomingUri(uri);
+            uri = validateIncomingUri(uri);
              uri = maybeGetUriWithoutUserId(uri);
              enforceFilePermission(callingPkg, uri, mode, callerToken);
              final String original = setCallingPackage(callingPkg);
@@ -380,7 +382,7 @@ public abstract class ContentProvider implements ComponentCallbacks2 {
          public AssetFileDescriptor openAssetFile(
                  String callingPkg, Uri uri, String mode, ICancellationSignal cancellationSignal)
                  throws FileNotFoundException {
-            validateIncomingUri(uri);
+            uri = validateIncomingUri(uri);
              uri = maybeGetUriWithoutUserId(uri);
              enforceFilePermission(callingPkg, uri, mode, null);
              final String original = setCallingPackage(callingPkg);
@@ -406,7 +408,7 @@ public abstract class ContentProvider implements ComponentCallbacks2 {
  
          @Override
          public String[] getStreamTypes(Uri uri, String mimeTypeFilter) {
-            validateIncomingUri(uri);
+            uri = validateIncomingUri(uri);
              uri = maybeGetUriWithoutUserId(uri);
              return ContentProvider.this.getStreamTypes(uri, mimeTypeFilter);
          }
@@ -415,7 +417,7 @@ public abstract class ContentProvider implements ComponentCallbacks2 {
          public AssetFileDescriptor openTypedAssetFile(String callingPkg, Uri uri, String mimeType,
                  Bundle opts, ICancellationSignal cancellationSignal) throws FileNotFoundException {
              Bundle.setDefusable(opts, true);
-            validateIncomingUri(uri);
+            uri = validateIncomingUri(uri);
              uri = maybeGetUriWithoutUserId(uri);
              enforceFilePermission(callingPkg, uri, "r", null);
              final String original = setCallingPackage(callingPkg);
@@ -434,7 +436,7 @@ public abstract class ContentProvider implements ComponentCallbacks2 {
  
          @Override
          public Uri canonicalize(String callingPkg, Uri uri) {
-            validateIncomingUri(uri);
+            uri = validateIncomingUri(uri);
              int userId = getUserIdFromUri(uri);
              uri = getUriWithoutUserId(uri);
              if (enforceReadPermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) {
@@ -450,7 +452,7 @@ public abstract class ContentProvider implements ComponentCallbacks2 {
  
          @Override
          public Uri uncanonicalize(String callingPkg, Uri uri) {
-            validateIncomingUri(uri);
+            uri = validateIncomingUri(uri);
              int userId = getUserIdFromUri(uri);
              uri = getUriWithoutUserId(uri);
              if (enforceReadPermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) {
@@ -467,7 +469,7 @@ public abstract class ContentProvider implements ComponentCallbacks2 {
          @Override
          public boolean refresh(String callingPkg, Uri uri, Bundle args,
                  ICancellationSignal cancellationSignal) throws RemoteException {
-            validateIncomingUri(uri);
+            uri = validateIncomingUri(uri);
              uri = getUriWithoutUserId(uri);
              if (enforceReadPermission(callingPkg, uri, null) != AppOpsManager.MODE_ALLOWED) {
                  return false;
@@ -1901,7 +1903,7 @@ public abstract class ContentProvider implements ComponentCallbacks2 {
           */
          if (mContext == null) {
              mContext = context;
-            if (context != null) {
+            if (context != null && mTransport != null) {
                  mTransport.mAppOpsManager = (AppOpsManager) context.getSystemService(
                          Context.APP_OPS_SERVICE);
              }
@@ -2010,7 +2012,7 @@ public abstract class ContentProvider implements ComponentCallbacks2 {
      }
  
      /** @hide */
-    private void validateIncomingUri(Uri uri) throws SecurityException {
+    public Uri validateIncomingUri(Uri uri) throws SecurityException {
          String auth = uri.getAuthority();
          if (!mSingleUser) {
              int userId = getUserIdFromAuthority(auth, UserHandle.USER_CURRENT);
@@ -2029,6 +2031,19 @@ public abstract class ContentProvider implements ComponentCallbacks2 {
              }
              throw new SecurityException(message);
          }
+
+        // Normalize the path by removing any empty path segments, which can be
+        // a source of security issues.
+        final String encodedPath = uri.getEncodedPath();
+        if (encodedPath != null && encodedPath.indexOf("//") != -1) {
+            final Uri normalized = uri.buildUpon()
+                    .encodedPath(encodedPath.replaceAll("//+", "/")).build();
+            Log.w(TAG, "Normalized " + uri + " to " + normalized
+                    + " to avoid possible security issues");
+            return normalized;
+        } else {
+            return uri;
+        }
      }
  
      /** @hide */
diff --git a/core/java/android/content/ContentProviderOperation.java b/core/java/android/content/ContentProviderOperation.java

index 8f3a317..f3914f2 100644 (file)
--- a/core/java/android/content/ContentProviderOperation.java
+++ b/core/java/android/content/ContentProviderOperation.java
@@ -94,13 +94,9 @@ public class ContentProviderOperation implements Parcelable {
      }
  
      /** @hide */
-    public ContentProviderOperation(ContentProviderOperation cpo, boolean removeUserIdFromUri) {
+    public ContentProviderOperation(ContentProviderOperation cpo, Uri withUri) {
          mType = cpo.mType;
-        if (removeUserIdFromUri) {
-            mUri = ContentProvider.getUriWithoutUserId(cpo.mUri);
-        } else {
-            mUri = cpo.mUri;
-        }
+        mUri = withUri;
          mValues = cpo.mValues;
          mSelection = cpo.mSelection;
          mSelectionArgs = cpo.mSelectionArgs;
@@ -110,14 +106,6 @@ public class ContentProviderOperation implements Parcelable {
          mYieldAllowed = cpo.mYieldAllowed;
      }
  
-    /** @hide */
-    public ContentProviderOperation getWithoutUserIdInUri() {
-        if (ContentProvider.uriHasUserId(mUri)) {
-            return new ContentProviderOperation(this, true);
-        }
-        return this;
-    }
-
      public void writeToParcel(Parcel dest, int flags) {
          dest.writeInt(mType);
          Uri.writeToParcel(dest, mUri);
diff --git a/core/java/android/os/Parcel.java b/core/java/android/os/Parcel.java

index c6d3860..7da3e1f 100644 (file)
--- a/core/java/android/os/Parcel.java
+++ b/core/java/android/os/Parcel.java
@@ -806,11 +806,19 @@ public final class Parcel {
              return;
          }
          Set<Map.Entry<String,Object>> entries = val.entrySet();
-        writeInt(entries.size());
+        int size = entries.size();
+        writeInt(size);
+
          for (Map.Entry<String,Object> e : entries) {
              writeValue(e.getKey());
              writeValue(e.getValue());
+            size--;
          }
+
+        if (size != 0) {
+            throw new BadParcelableException("Map size does not match number of entries!");
+        }
+
      }
  
      /**
diff --git a/core/res/res/values-mcc302-mnc220/config.xml b/core/res/res/values-mcc302-mnc220/config.xml

index 9a3d736..822592a 100644 (file)
--- a/core/res/res/values-mcc302-mnc220/config.xml
+++ b/core/res/res/values-mcc302-mnc220/config.xml
@@ -40,7 +40,7 @@
          <item>SUPL_PORT=7275</item>
          <item>SUPL_VER=0x20000</item>
          <item>SUPL_MODE=1</item>
-        <item>SUPL_ES=0</item>
+        <item>SUPL_ES=1</item>
          <item>LPP_PROFILE=3</item>
          <item>USE_EMERGENCY_PDN_FOR_EMERGENCY_SUPL=1</item>
          <item>A_GLONASS_POS_PROTOCOL_SELECT=0</item>
diff --git a/core/res/res/values-mcc302-mnc221/config.xml b/core/res/res/values-mcc302-mnc221/config.xml

index 007fd04..9046acd 100644 (file)
--- a/core/res/res/values-mcc302-mnc221/config.xml
+++ b/core/res/res/values-mcc302-mnc221/config.xml
@@ -38,7 +38,7 @@
          <item>SUPL_PORT=7275</item>
          <item>SUPL_VER=0x20000</item>
          <item>SUPL_MODE=1</item>
-        <item>SUPL_ES=0</item>
+        <item>SUPL_ES=1</item>
          <item>LPP_PROFILE=3</item>
          <item>USE_EMERGENCY_PDN_FOR_EMERGENCY_SUPL=1</item>
          <item>A_GLONASS_POS_PROTOCOL_SELECT=0</item>
diff --git a/core/res/res/values-mcc302-mnc370/config.xml b/core/res/res/values-mcc302-mnc370/config.xml

index 1241a9d..b520d5d 100644 (file)
--- a/core/res/res/values-mcc302-mnc370/config.xml
+++ b/core/res/res/values-mcc302-mnc370/config.xml
@@ -41,7 +41,7 @@
          <item>SUPL_PORT=7275</item>
          <item>SUPL_VER=0x20000</item>
          <item>SUPL_MODE=1</item>
-        <item>SUPL_ES=0</item>
+        <item>SUPL_ES=1</item>
          <item>LPP_PROFILE=2</item>
          <item>USE_EMERGENCY_PDN_FOR_EMERGENCY_SUPL=1</item>
          <item>A_GLONASS_POS_PROTOCOL_SELECT=0</item>
diff --git a/core/res/res/values-mcc302-mnc610/config.xml b/core/res/res/values-mcc302-mnc610/config.xml

index 232f149..650aa62 100644 (file)
--- a/core/res/res/values-mcc302-mnc610/config.xml
+++ b/core/res/res/values-mcc302-mnc610/config.xml
@@ -28,7 +28,7 @@
          <item>SUPL_PORT=7275</item>
          <item>SUPL_VER=0x20000</item>
          <item>SUPL_MODE=1</item>
-        <item>SUPL_ES=0</item>
+        <item>SUPL_ES=1</item>
          <item>LPP_PROFILE=2</item>
          <item>USE_EMERGENCY_PDN_FOR_EMERGENCY_SUPL=1</item>
          <item>A_GLONASS_POS_PROTOCOL_SELECT=0</item>
diff --git a/core/res/res/values-mcc302-mnc640/config.xml b/core/res/res/values-mcc302-mnc640/config.xml

index 1d2e625..4bb68dc 100644 (file)
--- a/core/res/res/values-mcc302-mnc640/config.xml
+++ b/core/res/res/values-mcc302-mnc640/config.xml
@@ -24,7 +24,7 @@
          <item>SUPL_PORT=7275</item>
          <item>SUPL_VER=0x20000</item>
          <item>SUPL_MODE=1</item>
-        <item>SUPL_ES=0</item>
+        <item>SUPL_ES=1</item>
          <item>LPP_PROFILE=2</item>
          <item>USE_EMERGENCY_PDN_FOR_EMERGENCY_SUPL=1</item>
          <item>A_GLONASS_POS_PROTOCOL_SELECT=0</item>
diff --git a/core/res/res/values-mcc302-mnc720/config.xml b/core/res/res/values-mcc302-mnc720/config.xml

index ef1ecd2..11bfa05 100644 (file)
--- a/core/res/res/values-mcc302-mnc720/config.xml
+++ b/core/res/res/values-mcc302-mnc720/config.xml
@@ -43,7 +43,7 @@
          <item>SUPL_PORT=7275</item>
          <item>SUPL_VER=0x20000</item>
          <item>SUPL_MODE=1</item>
-        <item>SUPL_ES=0</item>
+        <item>SUPL_ES=1</item>
          <item>LPP_PROFILE=2</item>
          <item>USE_EMERGENCY_PDN_FOR_EMERGENCY_SUPL=1</item>
          <item>A_GLONASS_POS_PROTOCOL_SELECT=0</item>
diff --git a/core/res/res/values/config.xml b/core/res/res/values/config.xml

index 3d75785..5080366 100644 (file)
--- a/core/res/res/values/config.xml
+++ b/core/res/res/values/config.xml
@@ -2497,7 +2497,7 @@
          <item>SUPL_PORT=7275</item>
          <item>SUPL_VER=0x20000</item>
          <item>SUPL_MODE=1</item>
-        <item>SUPL_ES=0</item>
+        <item>SUPL_ES=1</item>
          <item>LPP_PROFILE=0</item>
          <item>USE_EMERGENCY_PDN_FOR_EMERGENCY_SUPL=1</item>
          <item>A_GLONASS_POS_PROTOCOL_SELECT=0</item>
diff --git a/packages/SystemUI/AndroidManifest.xml b/packages/SystemUI/AndroidManifest.xml

index 070634b..2f7f0bb 100644 (file)
--- a/packages/SystemUI/AndroidManifest.xml
+++ b/packages/SystemUI/AndroidManifest.xml
@@ -199,6 +199,9 @@
      <!-- to change themes - light or dark -->
      <uses-permission android:name="android.permission.CHANGE_OVERLAY_PACKAGES" />
  
+    <!-- permission necessary to hide non-system overlay windows from covering up the SystemUI -->
+    <uses-permission android:name="android.permission.HIDE_NON_SYSTEM_OVERLAY_WINDOWS" />
+
      <application
          android:name=".SystemUIApplication"
          android:persistent="true"
diff --git a/packages/SystemUI/src/com/android/systemui/media/MediaProjectionPermissionActivity.java b/packages/SystemUI/src/com/android/systemui/media/MediaProjectionPermissionActivity.java

index b2a80f4..4a67868 100644 (file)
--- a/packages/SystemUI/src/com/android/systemui/media/MediaProjectionPermissionActivity.java
+++ b/packages/SystemUI/src/com/android/systemui/media/MediaProjectionPermissionActivity.java
@@ -16,6 +16,8 @@
  
  package com.android.systemui.media;
  
+import static android.view.WindowManager.LayoutParams.PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS;
+
  import android.app.Activity;
  import android.app.AlertDialog;
  import android.content.DialogInterface;
@@ -36,6 +38,7 @@ import android.text.TextPaint;
  import android.text.TextUtils;
  import android.text.style.StyleSpan;
  import android.util.Log;
+import android.view.Window;
  import android.view.WindowManager;
  import android.widget.CheckBox;
  import android.widget.CompoundButton;
@@ -146,7 +149,9 @@ public class MediaProjectionPermissionActivity extends Activity
          mDialog.getButton(DialogInterface.BUTTON_POSITIVE).setFilterTouchesWhenObscured(true);
  
          ((CheckBox) mDialog.findViewById(R.id.remember)).setOnCheckedChangeListener(this);
-        mDialog.getWindow().setType(WindowManager.LayoutParams.TYPE_SYSTEM_ALERT);
+        final Window w = mDialog.getWindow();
+        w.setType(WindowManager.LayoutParams.TYPE_SYSTEM_ALERT);
+        w.addPrivateFlags(PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS);
  
          mDialog.show();
      }
diff --git a/services/core/java/com/android/server/wm/WindowManagerService.java b/services/core/java/com/android/server/wm/WindowManagerService.java

index d378fa3..5f4c994 100644 (file)
--- a/services/core/java/com/android/server/wm/WindowManagerService.java
+++ b/services/core/java/com/android/server/wm/WindowManagerService.java
@@ -49,6 +49,7 @@ import static android.view.WindowManager.LayoutParams.INPUT_FEATURE_NO_INPUT_CHA
  import static android.view.WindowManager.LayoutParams.LAST_APPLICATION_WINDOW;
  import static android.view.WindowManager.LayoutParams.LAST_SUB_WINDOW;
  import static android.view.WindowManager.LayoutParams.PRIVATE_FLAG_COMPATIBLE_WINDOW;
+import static android.view.WindowManager.LayoutParams.PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS;
  import static android.view.WindowManager.LayoutParams.TYPE_ACCESSIBILITY_OVERLAY;
  import static android.view.WindowManager.LayoutParams.TYPE_APPLICATION_STARTING;
  import static android.view.WindowManager.LayoutParams.TYPE_DOCK_DIVIDER;
@@ -1984,6 +1985,11 @@ public class WindowManagerService extends IWindowManager.Stub
                      // No move or resize, but the controller checks for title changes as well
                      mAccessibilityController.onSomeWindowResizedOrMovedLocked();
                  }
+
+                if ((flagChanges & PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS) != 0) {
+                    updateNonSystemOverlayWindowsVisibilityIfNeeded(
+                            win, win.mWinAnimator.getShown());
+                }
              }
  
              if (DEBUG_LAYOUT) Slog.v(TAG_WM, "Relayout " + win + ": viewVisibility=" + viewVisibility
@@ -7691,7 +7697,8 @@ public class WindowManagerService extends IWindowManager.Stub
      }
  
      void updateNonSystemOverlayWindowsVisibilityIfNeeded(WindowState win, boolean surfaceShown) {
-        if (!win.hideNonSystemOverlayWindowsWhenVisible()) {
+        if (!win.hideNonSystemOverlayWindowsWhenVisible()
+                && !mHidingNonSystemOverlayWindows.contains(win)) {
              return;
          }
          final boolean systemAlertWindowsHidden = !mHidingNonSystemOverlayWindows.isEmpty();
author	Chih-Wei Huang <cwhuang@linux.org.tw>
	Fri, 21 Dec 2018 08:57:42 +0000 (16:57 +0800)
committer	Chih-Wei Huang <cwhuang@linux.org.tw>
	Fri, 21 Dec 2018 08:57:42 +0000 (16:57 +0800)
core/java/android/content/ContentProvider.java		patch \| blob \| history
core/java/android/content/ContentProviderOperation.java		patch \| blob \| history
core/java/android/os/Parcel.java		patch \| blob \| history
core/res/res/values-mcc302-mnc220/config.xml		patch \| blob \| history
core/res/res/values-mcc302-mnc221/config.xml		patch \| blob \| history
core/res/res/values-mcc302-mnc370/config.xml		patch \| blob \| history
core/res/res/values-mcc302-mnc610/config.xml		patch \| blob \| history
core/res/res/values-mcc302-mnc640/config.xml		patch \| blob \| history
core/res/res/values-mcc302-mnc720/config.xml		patch \| blob \| history
core/res/res/values/config.xml		patch \| blob \| history
packages/SystemUI/AndroidManifest.xml		patch \| blob \| history
packages/SystemUI/src/com/android/systemui/media/MediaProjectionPermissionActivity.java		patch \| blob \| history
services/core/java/com/android/server/wm/WindowManagerService.java		patch \| blob \| history