OSDN Git Service
Guliz Tuncay [Wed, 16 Aug 2017 19:02:31 +0000 (12:02 -0700)]
Select only preinstalled Spell Checker Services
When we are setting a new spell checker as the default one in
Secure.Settings, TSMS#findAvailSpellCheckerLocked can pick up
any available spell checker service. This violates the principle
that user should be warned whenever we are setting an untrusted
spell checker service as the default service, since the warning
dialog is never shown.
Fixes:
64764051
Bug:
118694079
Test: Manually as follows:
1. Open 'packages/inputmethods/LatinIME/java/AndroidManifest.xml'
and remove 'AndroidSpellCheckerService'
2. lunch aosp_buillhead-userdebug && make -j
3. Flash the image
4. adb shell dumpsys textservices
-> no spell checker is recognized
5. adb shell settings get secure selected_spell_checker
-> null
6. tapas SampleSpellCheckerService
7. make -j
8. adb install -r $OUT/system/app/SampleSpellCheckerService/SampleSpellCheckerService.apk
9. adb shell dumpsys textservices
-> SampleSpellCheckerService is recognized
10. adb shell settings get secure selected_spell_checker
-> null
Change-Id: I16f12293d15258c9148677c7ee09fe6dcf81e81d
Merged-In: Idab3ecc246fe9344a09e6907a0ba39f8ea6506f9
(cherry picked from commit
ed5973b8a8a2c0f0fc1f39c59c33f81882f41405)
Tony Mak [Thu, 29 Nov 2018 17:37:42 +0000 (17:37 +0000)]
RESTRICT AUTOMERGE Do not linkify text with RLO/LRO characters.
Also don't show smart actions for selections in text with unsupported
characters.
Bug:
116321860
Test: runtest -x cts/tests/tests/text/src/android/text/util/cts/LinkifyTest.java
Change-Id: Id271cab8aef6b9b13ef17f1a8654c7616f75cf13
(cherry picked from commit
73f398d306a8acf2dbb1dcff4042ecbaec5506a3)
WyattRiley [Thu, 6 Dec 2018 19:43:58 +0000 (11:43 -0800)]
Adding SUPL NI Emergency Extension Time
Configurable by carrier config.xml resource
Bug:
118839234
Bug:
115361555
Bug:
112159033
Test: On device, see b/
115361555#comment14
Change-Id: I52e61656cca8b6fa6468d32d2e69bf60f4c83c61
Merged-In: I52e61656cca8b6fa6468d32d2e69bf60f4c83c61
(cherry picked from commit
64306e1e7b6a0b2257ac05d811be6df9329c9fba)
Jeff Sharkey [Mon, 24 Sep 2018 19:23:57 +0000 (13:23 -0600)]
RESTRICT AUTOMERGE: Recover shady content:// paths.
The path-permission element offers prefix or regex style matching of
paths, but most providers internally use UriMatcher to decide what
to do with an incoming Uri.
This causes trouble because UriMatcher uses Uri.getPathSegments(),
which quietly ignores "empty" paths. Consider this example:
<path-permission android:pathPrefix="/private" ... />
uriMatcher.addURI("com.example", "/private", CODE_PRIVATE);
content://com.example//private
The Uri above will pass the security check, since it's not
technically a prefix match. But the UriMatcher will then match it
as CODE_PRIVATE, since it ignores the "//" zero-length path.
Since we can't safely change the behavior of either path-permission
or UriMatcher, we're left with recovering these shady paths by
trimming away zero-length paths.
Bug:
112555574
Test: cts-tradefed run cts -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AppSecurityTests
Change-Id: Ibadbfa4fc904ec54780c8102958735b03293fb9a
(cherry picked from commit
301d17e4dd0420463b4201731366c1a64572940b)
Wale Ogunwale [Wed, 16 May 2018 23:42:29 +0000 (16:42 -0700)]
RESTRICT AUTOMERGE: Hide overlay windows when requesting media projection permission.
1: Cherry-pick ag/
4067454 - Setting PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS
updateNonSystemOverlayWindowsVisibilityIfNeeded on relayoutWindow
2: Cherry-pick ag/
3650369 - If PRIVATE_FLAG_HIDE_NON_SYSTEM_OVERLAY_WINDOWS changed on
relayoutWindow() then updateNonSystemOverlayWindowsVisibilityIfNeeded
3: Add permissions to SystemUI to allow it to hide non-system overlays
Bug:
34170870
Test: manual (see bug for poc)
Change-Id: I57cb0f390d9a78e721c5ddce49a377d385002753
(cherry picked from commit
295af3600912691ed737714462e64db43198d448)
Michael Wachenschwanz [Sat, 25 Aug 2018 04:50:35 +0000 (21:50 -0700)]
Verify number of Map entries written to Parcel
Make sure the number of entries written by Parcel#writeMapInternal
matches the size written. If a mismatch were allowed, an exploitable
scenario could occur where the data read from the Parcel would not
match the data written.
Fixes:
112859604
Test: cts-tradefed run cts -m CtsOsTestCases -t android.os.cts.ParcelTest
Change-Id: I325d08a8b66b6e80fe76501359c41b6656848607
Merged-In: I325d08a8b66b6e80fe76501359c41b6656848607
(cherry picked from commit
057a01d1f38e9b46d3faa4059fdd7c8717681ea0)
Seigo Nonaka [Thu, 19 Jul 2018 23:22:02 +0000 (16:22 -0700)]
Fix crash during cursor moving on BiDi text
The crash was introduced by Ib66ef392c19c937718e7101f6d48fac3abe51ad0
The root cause of the crashing is requesting out-of-line access for the
horizontal width. This invalid access is silently ignored by
TextLine#measure() method but new implementation end up with out of
bounds access.
To makes behavior as old implementation, calling getHorizontal instead
of accessing measured result array.
Bug:
78464361,
111580019
Test: Manually done
Change-Id: I5c5778718f6b397adbb1e4f2cf95e9f635f6e5c8
(cherry picked from commit
960647d582911ae7ab8b9491097898e6c313aaf1)
Merged-In: I5c5778718f6b397adbb1e4f2cf95e9f635f6e5c8
(cherry picked from commit
82c84d5fbb692f5ed56175c55031e30566c18ee2)
Jeff Sharkey [Wed, 25 Jul 2018 20:52:14 +0000 (14:52 -0600)]
DO NOT MERGE. Extend SQLiteQueryBuilder for update and delete.
Developers often accept selection clauses from untrusted code, and
SQLiteQueryBuilder already supports a "strict" mode to help catch
SQL injection attacks. This change extends the builder to support
update() and delete() calls, so that we can help secure those
selection clauses too.
Bug:
111085900
Test: atest packages/providers/DownloadProvider/tests/
Test: atest cts/tests/app/src/android/app/cts/DownloadManagerTest.java
Test: atest cts/tests/tests/database/src/android/database/sqlite/cts/SQLiteQueryBuilderTest.java
Change-Id: Ib4fc8400f184755ee7e971ab5f2095186341730c
Merged-In: Ib4fc8400f184755ee7e971ab5f2095186341730c
(cherry picked from commit
8e95967f092b4ffa593861452e55621b4e528acf)
Jeff Sharkey [Wed, 25 Jul 2018 20:01:59 +0000 (14:01 -0600)]
DO NOT MERGE. Execute "strict" queries with extra parentheses.
SQLiteQueryBuilder has a setStrict() mode which can be used to
detect SQL attacks from untrusted sources, which it does by running
each query twice: once with an extra set of parentheses, and if that
succeeds, it runs the original query verbatim.
This sadly doesn't catch inputs of the type "1=1) OR (1=1", which
creates valid statements for both tests above, but the final executed
query ends up leaking data due to SQLite operator precedence.
Instead, we need to continue compiling both variants, but we need
to execute the query with the additional parentheses to ensure
data won't be leaked.
Test: atest cts/tests/tests/database/src/android/database/sqlite/cts/SQLiteQueryBuilderTest.java
Bug:
111085900
Change-Id: I6e8746fa48f9de13adae37d2990de11c9c585381
Merged-In: I6e8746fa48f9de13adae37d2990de11c9c585381
(cherry picked from commit
286fd5652a9804bfd185980dc07ad239e1169929)
Android Build Merger (Role) [Thu, 31 May 2018 16:46:41 +0000 (16:46 +0000)]
[automerger] Optimise the hit test algorithm am:
71ecf5bd5c am:
42eaa8f932 am:
a72cb45f89 am:
f5d69aa775
Change-Id: Ic2d4d3ead4926ff0f8021725e28aee4ebfc369f3
Merged-In: Ib66ef392c19c937718e7101f6d48fac3abe51ad0
(cherry picked from commit
94bc67f03c3a32dbf8d29a1c983d11ceb1042b2e)
Robert Shih [Mon, 9 Jul 2018 20:38:31 +0000 (13:38 -0700)]
Fix TrackInfo parcel write
Bug:
77600398
Change-Id: Ia316f1c5dc4879f6851fdb78fe8b9039579be7bc
(cherry picked from commit
0d2dc943dcaa3d7c8479e22ae62be9753ea2643c)
Arthur Ishiguro [Mon, 25 Jun 2018 18:31:33 +0000 (11:31 -0700)]
Resolve inconsistent parcel read in NanoAppFilter
Bug:
77599679
Test: Compile only
Change-Id: Ib417a5cb4d51744442d2fb14437cabbe5fd1c266
(cherry picked from commit
abe5a73a4a81e312a1690fbc10a6b99ce98b699a)
Makoto Onuki [Tue, 12 Jun 2018 20:01:42 +0000 (13:01 -0700)]
RESTRICT AUTOMERGE: Prevent shortcut info package name spoofing
Test: cts-tradefed run cts -m CtsShortcutManagerTestCases -t android.content.pm.cts.shortcutmanager.ShortcutManagerFakingPublisherTest
Bug:
109824443
Change-Id: I80b2680d9c7e067f1a36fc8ad1aac1d315022a71
(cherry picked from commit
2f7d50058aeb8c5e0a411d50e5bdc4b25b84de70)
JP Sugarbroad [Thu, 19 Jul 2018 23:35:40 +0000 (16:35 -0700)]
Revert "Optimise the hit test algorithm"
This reverts commit
9dceb027701a1f638484bfeee3749d8399d38918.
Ryan Mitchell [Wed, 30 May 2018 19:17:01 +0000 (12:17 -0700)]
Fix DynamicRefTable::load security bug
DynamicRefTables parsed from apks are missing bounds checks that prevent
buffer overflows. This changes verifies the bounds of the header before
attempting to preform operations on the chunk.
Bug:
79488511
Test: run cts -m CtsAppSecurityHostTestCases \
-t android.appsecurity.cts.CorruptApkTests
Change-Id: I02c8ad957da244fce777ac68a482e4e8fa70f846
Merged-In: I02c8ad957da244fce777ac68a482e4e8fa70f846
(cherry picked from commit
8cf0f988b0c64bcf2c199bb76439c51c257dd162)
Ryan Mitchell [Mon, 21 May 2018 20:59:23 +0000 (13:59 -0700)]
ResStringPool: Prevenet boot loop from se fix
Changes the logs adding in a previous security fix to warnings so
devices with malformed APKs currently on them will not undergo DOS when
they are upgraded to P.
Bug:
79724567
Test: run cts -m CtsAppSecurityHostTestCases \
-t android.appsecurity.cts.CorruptApkTests
Change-Id: Ied54e4bb14abdaf79da562022c7ea6075187c1f8
(cherry picked from commit
f05f47b2c1838529e682ad8f931d3da72244b1a1)
(cherry picked from commit
c31cf80008fdb06ea8e1eab9764096653e7854b1)
Mihai Popa [Wed, 9 May 2018 16:31:48 +0000 (17:31 +0100)]
Optimise the hit test algorithm
Layout#getOffsetForHorizontal was running in O(n^2) time, where n is the
length of the current line. The method is used when a touch event
happens on a text line, to compute the cursor offset (and the character)
where it happened. Although this is not an issue in common usecases,
where the number of characters on a line is relatively small, this can
be very inefficient as a consequence of Unicode containing 0-width
(invisible) characters. Specifically, there are characters defining the
text direction (LTR or RTL), which cause our algorithm to touch the
worst case quadratic runtime. For example, a person is able to send a
message containing a few visible characters, and also a lot of these
direction changing invisible ones. When the receiver touches the message
(causing the Layout#getOffsetForHorizontal method to be called), the
receiver's application would become not responsive.
This CL optimizes the method to run in O(n) worst case. This is achieved
by computing the measurements of all line prefixes at first, which can
be done in a single pass. Then, all the prefix measurement queries will
be answered in O(1), rather than O(n) as it was happening before.
Bug:
79215201
Test: manual testing
Change-Id: Ib66ef392c19c937718e7101f6d48fac3abe51ad0
Merged-In: Ib66ef392c19c937718e7101f6d48fac3abe51ad0
(cherry picked from commit
71ecf5bd5c340988cc15cf9c637f67da8c77cded)
Todd Kennedy [Thu, 3 May 2018 09:05:04 +0000 (10:05 +0100)]
Make safe label more safe
* limit the absolute maximum size of the label to 50000 characters
[which is probably far more than necessary, but, can be dialed down]
* use a string buffer while processing the string [instead of creating
multiple string objects]
Bug:
62537081
Test: Manual. Install APK in bug and see that it can be uninstalled
Change-Id: Ibf63c2691ad7438a123e92110d95b1f50050f8b1
Merged-In: Ibf63c2691ad7438a123e92110d95b1f50050f8b1
(cherry picked from commit
2263da9539daef134395226a2718ba2d7af7547d)
Tony Mak [Thu, 14 Dec 2017 12:40:07 +0000 (12:40 +0000)]
clearCallingIdentity before calling into getPackageUidAsUser
Fix:
70585244
Bug:
69981755
Test: Enable any accessibility service -> inflate work profile
-> Tap on any work app -> no longer crash
Test: cts-tradefed run cts-dev --module DevicePolicyManager --test com.android.cts.devicepolicy.CrossProfileAppsHostSideTest.testPrimaryUserToManagedProfile
Change-Id: I80d18f4e2ab76a228cb0aa2c8312c323a9b5c84d
(cherry picked from commit
857326e3731939f6ec7979e1d86585bf0ea484f4)
Eugene Susla [Mon, 11 Dec 2017 18:07:03 +0000 (10:07 -0800)]
Nullcheck to fix Autofill CTS
Test: presubmit
Fixes:
70506475
Bug:
69981755
Change-Id: I187bed4889a4901a7137a2995178ea651ed09186
(cherry picked from commit
6c68a692880b7cc981e130aace0edb9f2fcffff6)
Hansong Zhang [Thu, 26 Apr 2018 21:13:45 +0000 (14:13 -0700)]
DO NOT MERGE Truncate newline and tab characters in BluetoothDevice name
Test: manual
Bug:
73173182
Change-Id: I3c25af233742e63351a68e8c5a279b51a94e49e2
(cherry picked from commit
b6cde9ecc19f2f156f8dc46976a5a91d21c3213f)
akirilov [Tue, 27 Mar 2018 20:08:47 +0000 (13:08 -0700)]
RESTRICT AUTOMERGE: Prevent reporting fake package name - framework (backport to nyc-dev)
Test: added AccessibilityEndToEndTest#testPackageNameCannotBeFaked
cts-tradefed run cts -m CtsAccessibilityServiceTestCases
cts-tradefed run cts -m CtsAccessibilityTestCases
Bug:
69981755
Change-Id: I187e3e9839f654cea9e06e5de93e10e4d1de3109
(cherry picked from commit
33c37cb37c885a18f073a3fb68eba1c3498e812d)
Philip P. Moltmann [Thu, 12 Apr 2018 20:48:13 +0000 (13:48 -0700)]
DO NOT MERGE (N) Revoke permision when group changed
If a run time permission of a group is already granted we grant the
other permission of the group automatically when requested.
Hence if an already granted permission changed its group during an
update suddenly permission of a potentially not approved group will
get auto-granted.
This is undesirable, hence we revoke the permission during the update
process.
Test: atest android.permission.cts.PermissionGroupChange
Bug:
72710897
Change-Id: Ib2165d1ae53b80455ebe02e07775853e37a2e339
(cherry picked from commit
5aee5696276650e992c813a778e4e7b6e723f331)
y [Fri, 6 Apr 2018 00:57:27 +0000 (17:57 -0700)]
ResStringPool: Fix security vulnerability
Adds detection of attacker-modified size and data fields passed to
ResStringPool::setTo(). These attacks are modified apks that AAPT would
not normally generate. In the rare case this occurs, the installation
cannot be allowed to continue.
Bug:
71361168
Bug:
71360999
Test: run cts -m CtsAppSecurityHostTestCases \
-t android.appsecurity.cts.CorruptApkTests
Change-Id: If7eb93a9e723b16c8a0556fc4e20006aa0391d57
Merged-In: If7eb93a9e723b16c8a0556fc4e20006aa0391d57
(cherry picked from commit
7e54c3f261d81316b75cb734075319108d8bc1d1)
Marco Nelissen [Tue, 7 Nov 2017 21:52:02 +0000 (13:52 -0800)]
Rework thumbnail cleanup
Bug:
63766886
Test: ran CTS tests
Change-Id: I1f92bb014e275eafe3f42aef1f8c817f187c6608
Merged-In: I1f92bb014e275eafe3f42aef1f8c817f187c6608
(cherry picked from commit
82a2a874749fb0c94c32bc1fae354820e275bc43)
Pengquan Meng [Fri, 9 Mar 2018 04:08:25 +0000 (20:08 -0800)]
Fixed Security Vulnerability of DcParamObject
The writeToParcel and readFromParcel is not symmetry, fixed it.
Test: no test
Bug:
70721937
Change-Id: I01f6f6b2ab778ee8b638d9b69fe0a6b9aa7ee395
(cherry picked from commit
8c55a70728fdb0a7b0585fac08629b0137dca51e)
Eugene Susla [Thu, 22 Feb 2018 18:39:34 +0000 (10:39 -0800)]
[DO NOT MERGE] Copy PermissionChecker from support lib and use in RcognitionService
Fixes:
73511076,
73311729
Test: presubmit
Change-Id: Ie98f67ffee4744050ac85d8b229370a16a76a194
(cherry picked from commit
726b51a26e9a54b7352aad90ed15edccc44dd60d)
(cherry picked from commit
5a28e533fe8865ed371b5c0fd909a4ec89f63633)
Fyodor Kupolov [Wed, 21 Feb 2018 01:02:35 +0000 (17:02 -0800)]
Verify last array's length in readFromParcel
Length of the last array in readFromParcel should be the same as
value of mNextIndex.
Test: PoC app in the bug
Bug:
73252178
Change-Id: I69f935949e945c3a036b19b4f88684d906079ea5
(cherry picked from commit
3b8bc2e45048527d7682b24b96957c34433da382)
Alan Viverette [Fri, 16 Feb 2018 18:56:02 +0000 (13:56 -0500)]
Update internal ViewPager's SavedState to match Support Library version
Merged-In: Ic4569b21d8a26a62bba91742b442f0c3ea8bcc9e
Change-Id: I17d085be9ce1a139e75264f1e715df7f565cd41b
Fixes:
71992105
Test: manual
(cherry picked from commit
187964aca12115c7ab66f59d1ebb95e4f4130ac6)
Rubin Xu [Thu, 11 Jan 2018 10:59:19 +0000 (10:59 +0000)]
[DO NOT MERGE] Add permission check to setAllowOnlyVpnForUids
Bug:
63000005
Test: runtest frameworks-net -c com.android.server.connectivity.VpnTest
Test: cts-tradefed run cts-dev -m CtsDevicePolicyManagerTestCases -t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testAlwaysOnVpnLockDown
Change-Id: Ia1a82ee73d8617f3124032986fe6c09c14bf7752
(cherry picked from commit
41d8bf1fedbd71b86579fff8d581491f36beb241)
Rubin Xu [Wed, 7 Feb 2018 08:10:08 +0000 (08:10 +0000)]
Fix VerifyCredentialResponse parcelling code
There was an asymmetry between parcelling and unparcelling of
VerifyCredentialResponse that could lead to type confusion if
packed with other objects in a Parcel.
Test: none
Bug:
71714464
Change-Id: Icff68879e249422ccca49f2bb7db85c35b4cb353
(cherry picked from commit
54813e988884f0d604d5358569f10feda8622f46)
Etan Cohen [Fri, 2 Feb 2018 16:07:20 +0000 (08:07 -0800)]
[RTT] ParcelableRttResults parcel code fix
ParcelableRttResults was unparceled incorrectly.
Bug:
70398564
Test: exploit provided in bug no longer works
Change-Id: Ifd6de547e9861bbebc399b43d0cc2899a8160813
(cherry picked from commit
e1e5a2409c8bef2481e68d9329f87bb8037afa45)
Adam Vartanian [Wed, 31 Jan 2018 11:05:10 +0000 (11:05 +0000)]
Adjust URI host parsing to stop on \ character.
The WHATWG URL parsing algorithm [1] used by browsers says that for
"special" URL schemes (which is basically all commonly-used
hierarchical schemes, including http, https, ftp, and file), the host
portion ends if a \ character is seen, whereas this class previously
continued to consider characters part of the hostname. This meant
that a malicious URL could be seen as having a "safe" host when viewed
by an app but navigate to a different host when passed to a browser.
[1] https://url.spec.whatwg.org/#host-state
Bug:
71360761
Test: vogar frameworks/base/core/tests/coretests/src/android/net/UriTest.java (on NYC branch)
Test: cts -m CtsNetTestCases (on NYC branch)
Change-Id: Id53f7054d1be8d59bbcc7e219159e59a2425106e
(cherry picked from commit
fa3afbd0e7a9a0d8fc8c55ceefdb4ddf9d0115af)
Adam Lesinski [Fri, 10 Nov 2017 01:12:17 +0000 (17:12 -0800)]
Check for null-terminator in ResStringPool::string8At
All other stringAt methods check for null termination. Be consistent
so that upper levels don't end up with huge corrupt strings.
Bug:
62537081
Test: none
Change-Id: I17bdfb0c1e34507b66c6cad651bbdb12c5d4c417
(cherry picked from commit
3d35a0ea307693a97583a61973e729a5e7db2687)
(cherry picked from commit
97f8cb01149b35b1832c7f9efe85ff19edf1083e)
(cherry picked from commit
5ec65ae909a85d13d03c030be357c8c14a50d306)
Adam Vartanian [Tue, 7 Nov 2017 12:22:23 +0000 (12:22 +0000)]
Adjust Uri host parsing to use last instead of first @.
Malformed authority segments can currently cause the parser to produce
a hostname that doesn't match the hostname produced by the WHATWG URL
parsing algorithm* used by browsers, which means that a URL could be seen
as having a "safe" host when checked by an Android app but actually visit
a different host when passed to a browser. The WHATWG URL parsing
algorithm always produces a hostname based on the last @ in the authority
segment, so we do the same.
* https://url.spec.whatwg.org/#authority-state resets the "buffer", which
is being used to build up the host name, each time an @ is found, so it
has the effect of using the content between the final @ and the end
of the authority section as the hostname.
Bug:
68341964
Test: vogar android.net.UriTest (on NYC branch)
Test: cts -m CtsNetTestCases (on NYC branch)
Change-Id: Idca79f35a886de042c94d6ab66787c2e98ac8376
(cherry picked from commit
cd6228dd377b2a0caa02a1e6df92f3d9ae702a95)
Chong Zhang [Tue, 24 Oct 2017 23:07:18 +0000 (16:07 -0700)]
mtp: fix double free of thumbnail data
bug:
67864232
Change-Id: I6eb51be839df12317273830521c70a4ed80f9496
(cherry picked from commit
e6b98532ee03d0ac1ca93382699893172454a946)
Fyodor Kupolov [Thu, 12 Oct 2017 18:22:57 +0000 (11:22 -0700)]
Use calling user ID when calling isDeviceLocked
If isDeviceLocked is called with clearCallingIdentity,
original userId should be explicitly passed
Bug:
67621847
Test: Manual
Change-Id: I2bcb92572898811cc96bda1149ef806e6239e929
(cherry picked from commit
ded7332328149bfd1041318e8c26395a9ee30cfc)
Siyamed Sinir [Wed, 13 Sep 2017 23:32:21 +0000 (16:32 -0700)]
Fix ClipboardService device lock check for cross profile
ClipboardService.isDeviceLocked should clear callingIdentity before
accessing KeyguardManager.
Test: bit CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.ManagedProfileTest
Bug:
64934810
Change-Id: I81a7adac8c9d56ed801ffc1380fcbc987d5df3e6
Merged-In: I712abfe8d542cd1be9c1816f407c8912321ac480
(cherry picked from commit
6d79675e0c0e55a7d5591a123727796f52c42954)
Beverly [Wed, 6 Sep 2017 14:23:29 +0000 (10:23 -0400)]
DO NOT MERGE Backporting potential usb tapjacking precaution.
Bug:
62187985
Test: manual, backport
Change-Id: I6a4997ef71340d01b352e07ff035c28e19d36c34
(cherry picked from commit
c8752a515963b1c8b67a553e2cb666f367743f32)
Siyamed Sinir [Thu, 7 Sep 2017 01:02:23 +0000 (18:02 -0700)]
Prevent getting data from Clipboard if device is locked
Clipboard should not return data if the device is locked. This CL checks
for device locked state before returning values from get/has functions.
Bug:
64934810
Change-Id: I856a9079fe64db0af44383fae1a9a418de959420
Merged-In: Icefac226615fe22a7735dff4ba4c3b528fb2ac12
(cherry picked from commit
0b8fa2f5e0d305f083345968a7c39fe7a6f0a158)
Jeff Sharkey [Mon, 12 Jun 2017 23:33:07 +0000 (17:33 -0600)]
DO NOT MERGE. KEY_INTENT shouldn't grant permissions.
KEY_INTENT has no business granting any Uri permissions, so remove
any grant flags that malicious apps may have tried sneaking in.
Test: builds, boots
Bug:
32990341,
32879915
Change-Id: I657455a770c81f045ccce6abbd2291407a1cfb42
(cherry picked from commit
ec733747bb428cea3b5523518c59159031f96e47)
Leon Scroggins III [Fri, 10 Mar 2017 15:50:33 +0000 (10:50 -0500)]
Stop explicitly using kCallerPasses_Ownership
Bug:
65646012
Bug:
65426286
Cherry-picked from master. The original CL just updates BitmapFactory.
This also updates ExifInterface in the same way. ExifInterface.cpp no
longer existed by the time the Skia change landed.
Required for Ib7aaf367f68f8764147887d858f65ee14fa7a1d9, which fixes
the aforementioned bugs.
Test: No change in behavior, no new tests.
This enum is going away in https://skia-review.googlesource.com/c/9498,
and this method is using the default anyway.
Merged-In: I928a72851f90e84f45ce2fa49560f8ba894a8058
Merged-In: I8f6c761e50cb29476dc0784f58908ec35e3c70e9
Change-Id: I928a72851f90e84f45ce2fa49560f8ba894a8058
(cherry picked from commit
adb5e0ba6d532c0d52b3bf89a1dbec4e3e7a6fd6)
Nikoli Cartagena [Mon, 23 Oct 2017 21:57:34 +0000 (14:57 -0700)]
Revert "Prevent getting data from Clipboard if device is locked"
This reverts commit
be9c7795159f3de646800b33b676a06c077efe70.
Nikoli Cartagena [Mon, 23 Oct 2017 21:57:33 +0000 (14:57 -0700)]
Revert "Fix ClipboardService device lock check for cross profile"
This reverts commit
fe293bb994ecc296f6767f8e24f16d31f1f8f3b8.
Siyamed Sinir [Wed, 13 Sep 2017 23:32:21 +0000 (16:32 -0700)]
Fix ClipboardService device lock check for cross profile
ClipboardService.isDeviceLocked should clear callingIdentity before
accessing KeyguardManager.
Test: bit CtsDevicePolicyManagerTestCases:com.android.cts.devicepolicy.ManagedProfileTest
Bug:
64934810
Change-Id: I81a7adac8c9d56ed801ffc1380fcbc987d5df3e6
Merged-In: I712abfe8d542cd1be9c1816f407c8912321ac480
(cherry picked from commit
6d79675e0c0e55a7d5591a123727796f52c42954)
Siyamed Sinir [Thu, 7 Sep 2017 01:02:23 +0000 (18:02 -0700)]
Prevent getting data from Clipboard if device is locked
Clipboard should not return data if the device is locked. This CL checks
for device locked state before returning values from get/has functions.
Bug:
64934810
Change-Id: I856a9079fe64db0af44383fae1a9a418de959420
Merged-In: Icefac226615fe22a7735dff4ba4c3b528fb2ac12
(cherry picked from commit
0b8fa2f5e0d305f083345968a7c39fe7a6f0a158)
Tony Mak [Tue, 15 Aug 2017 18:56:39 +0000 (19:56 +0100)]
DPC should not be allowed to grant development permission
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testPermissionGrant_developmentPermission
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --t com.android.cts.devicepolicy.MixedProfileOwnerTest#testPermissionGrant_developmentPermission
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --t com.android.cts.devicepolicy.MixedDeviceOwnerTest#testPermissionGrant
Test: cts-tradefed run cts-dev --module CtsDevicePolicyManagerTestCases --t com.android.cts.devicepolicy.MixedProfileOwnerTest#testPermissionGrant
Test: Run "Permissions lockdown" test in CtsVerifier
Merged-In: If83d8edd0eea99145421e967ae47fdc264a5cf7c
Merged-In: I129bfe850981cf0b3646b7c1cf19c8a3ec69f512
Bug:
62623498
Change-Id: Ief96a23fa49f1ea923574840f8ff590a5ea2456e
(cherry picked from commit
2ce5539045437b44a464a8c633af379c7eef21e1)
Suprabh Shukla [Fri, 12 May 2017 22:26:54 +0000 (15:26 -0700)]
Clearing up invalid entries when SyncStorageEngine starts
Any app with permission WRITE_SYNC_SETTINGS could write sync settings
for authorities or accounts that are not valid. This results in invalid
data being persisted to disk which can effectively lead to a DOS style
attack. Clearing such entries on boot will make sure that a reboot fixes
any such issues.
Test: cts-tradefed run cts-dev -m CtsSyncContentHostTestCases
Bug:
35028827
Change-Id: I9e206a42508e3cba65d7523bf47fff743f47dcb2
Merged-In: I9e206a42508e3cba65d7523bf47fff743f47dcb2
(cherry picked from commit
042a478b73c3b7f7cd73f5bb1af657cfe07d0571)
(cherry picked from commit
e5787fc13164856e39690e40e81d3d46839eea16)
Tony Mak [Fri, 28 Jul 2017 10:53:56 +0000 (11:53 +0100)]
Enforce policy for camera gesture in keyguard
Test:
1. Set lock screen, set keyguard policy. Lock the device.
Observe that double tap is not showing camera
2. Set lock screen, unset the keyguard policy. Lock the device.
Observe that double tap is showing camera
3. Unset lock screen (swipe), set the keyguard policy. Lock the device.
Observe that double tap is showing camera.
4. Unset lock screen (swipe), unset the keyguard policy. Lock the device.
Observe that double tap is showing camera.
Bug:
63787722
Merged-In: I104688eaad719528376e2851f837d5956a6a1169
Change-Id: I42e6d9015682998176fe41971356bde22e1b37b2
(cherry picked from commit
5b064e03bd28c734a6f6022e2cbdff14410dc59a)
Charles He [Fri, 14 Jul 2017 13:41:06 +0000 (14:41 +0100)]
Fix security hole in GateKeeperResponse.
GateKeeperResponse has inconsistent writeToParcel() and
createFromParcel() methods, making it possible for a malicious app to
create a Bundle that changes contents after reserialization. Such
Bundles can be used to execute Intents with system privileges.
This CL changes writeToParcel() to make serialization and
deserialization consistent, thus fixing the issue.
Bug:
62998805
Test: use the debug app (see bug)
Change-Id: Ie1c64172c454c3a4b7a0919eb3454f0e38efcd09
(cherry picked from commit
e74cae8f7c3e6b12f2bf2b75427ee8f5b53eca3c)
Phil Weaver [Wed, 12 Jul 2017 21:04:16 +0000 (14:04 -0700)]
Back-port fixes for b/
62196835
Bug:
62196835
Test: Created an accessibility service that displays a system
and a toast overlay, confirmed that it disappeared when we
reached the accessibility permission screen that uses this
flag.
Change-Id: Ic51ead670fc480e549512ba1d02f49d9c13bc3f0
(cherry picked from commit
41ff5389daa6e6ce4aa853bfae96e5ced0b1d8df)
Marco Nelissen [Fri, 2 Jun 2017 19:16:44 +0000 (12:16 -0700)]
Close connection before retrying
Otherwise the (CTS) server might run out of connections.
Bug:
38391487
Bug:
22771132
Test: build, run CTS, stream music
Change-Id: I92c782a6799ab36eec8df3f7c3217bea667b838a
(cherry picked from commit
46132afee7783665ae12538edd024770dbd93ecb)
Nick Kralevich [Tue, 14 Mar 2017 17:25:35 +0000 (10:25 -0700)]
ZygoteInit: Remove CAP_SYS_RESOURCE
Please see commit
3082eb7c7253c62a06aa151a80487a4eabd49914 for an
explanation of this change.
This capability is not used by system_server.
Bug:
34951864
Bug:
38496951
Test: code compiles, device boots, no selinux errors ever reported.
Change-Id: I4242b1abaa8679b9bfa0d31a1df565b46b7b3cc3
(cherry picked from commit
35775783fc6609035136184e3843bc743b59945d)
(cherry picked from commit
4911af2b8ced29dc5035dca301dc80939c9bdab5)
Nick Kralevich [Wed, 15 Feb 2017 23:12:31 +0000 (15:12 -0800)]
system_server: add CAP_SYS_PTRACE
Commit https://android.googlesource.com/kernel/common/+/
f0ce0eee added
CAP_SYS_RESOURCE as a capability check which would allow access to
sensitive /proc/PID files. system_server uses this capability to collect
smaps from managed processes. Presumably this was done to avoid the
implications of granting CAP_SYS_PTRACE to system_server.
However, with SELinux enforcement, we can grant CAP_SYS_PTRACE but not
allow ptrace attach() to other processes. The net result of this is that
CAP_SYS_PTRACE and CAP_SYS_RESOURCE have identical security controls, as
long as system_server:process ptrace is never granted.
Add CAP_SYS_PTRACE to the set of capabilities granted to system_server.
Don't delete CAP_SYS_RESOURCE for now. SELinux has blocked the use of
CAP_SYS_RESOURCE, but we still want to generate audit logs if it's
triggered. CAP_SYS_RESOURCE can be deleted in a future commit.
Bug:
34951864
Bug:
38496951
Test: Device boots, functionality remains identical, no sys_resource
denials from system_server.
Change-Id: I2570266165396dba2b600eac7c42c94800d9c65b
(cherry picked from commit
3082eb7c7253c62a06aa151a80487a4eabd49914)
(cherry picked from commit
966619d0ab6950fb6c90127b47d493b4c8617878)
Phil Weaver [Fri, 7 Apr 2017 00:40:51 +0000 (17:40 -0700)]
Make a11y node info parceling more robust
Fix a bug where a malformed Parceled representation
of an AccessibilityNodeInfo could be used to mess with
Bundles as they get reparceled.
Bug:
36491278
Test: Verified that POC no longer works, a11y cts still passes.
Change-Id: I10f24747e3ab87d77cd1deba56db4526e3aa5441
(cherry picked from commit
687bb44b437f7bb24dd3dddf072c2f646308e2ca)
(cherry picked from commit
487d8697333b1e7784394b9cd96cb590b047c513)
JP Sugarbroad [Wed, 22 Mar 2017 22:33:16 +0000 (22:33 +0000)]
Merge "DO NOT MERGE Protect Bluetooth OPP ACCEPT and DECLINE broadcast" into security-aosp-nyc-mr2-release
JP Sugarbroad [Wed, 22 Mar 2017 22:32:10 +0000 (22:32 +0000)]
Merge "DO NOT MERGE [DO NOT MERGE] Check bounds in offsetToPtr" into security-aosp-nyc-mr2-release
JP Sugarbroad [Wed, 22 Mar 2017 22:31:52 +0000 (22:31 +0000)]
Merge "DO NOT MERGE [DO NOT MERGE] Throw exception if slot has invalid offset" into security-aosp-nyc-mr2-release
Marie Janssen [Wed, 8 Mar 2017 18:12:07 +0000 (10:12 -0800)]
DO NOT MERGE
Protect Bluetooth OPP ACCEPT and DECLINE broadcast
Non-system apps could send these, and accept OPP transfers without user
interaction.
Test: run POC code, see that it crashes instaed of accepting
Bug:
35258579
Change-Id: I37bf2e17b4d612258f9dbaa879727ac7c72e5969
(cherry picked from commit
52c8ba1ecff872ea425d58b37afc1d55528b95f8)
Fyodor Kupolov [Wed, 22 Feb 2017 22:12:50 +0000 (14:12 -0800)]
DO NOT MERGE
[DO NOT MERGE] Throw exception if slot has invalid offset
Previously the process would crash, which is OK, but complicates testing.
Test: cts-tradefed run cts --module CtsContentTestCases
--test android.content.cts.ContentProviderCursorWindowTest
Bug:
34128677
Change-Id: I5b50982d77ec65c442fbb973d14c85a5c29c43c7
(cherry picked from commit
eb6de6f5f10148b9f81f9c0074d1e1f7af21bfb0)
(cherry picked from commit
676f703f746391cfdf05bafd2289226f7a6e5255)
Fyodor Kupolov [Tue, 28 Feb 2017 01:33:18 +0000 (17:33 -0800)]
DO NOT MERGE
[DO NOT MERGE] Check bounds in offsetToPtr
Check whether specified offset belongs to mData.
Also added a default argument bufferSize to check the end offset.
Size of the ashmem descriptor can be modified between
ashmem_get_size_region call and mmap. createFromParcel method was updated
to check ashmem size again immediately after memory is mapped.
Test: manual - using the test app from the bug
Bug:
34128677
Change-Id: I3ecd1616a870ce20941ce9b20a1843d2b4295750
(cherry picked from commit
45e2e95c2ffeb2d978e2cce80b729ef6ada3b8d2)
(cherry picked from commit
acede24109412a4c09e6e4e93d7b96bc9b1ad440)
Svetoslav Ganov [Thu, 29 Dec 2016 22:36:58 +0000 (14:36 -0800)]
DO NOT MERGE
[DO NOT MERGE] Don't allow permission change to runtime
Prevent apps to change permission protection level to dangerous
from any other type as this would allow a privilege escalation
where an app adds a normal permission in other app's group and
then redefines it as dangerous leading to the group auto-grant.
Test: Added a CTS test which passes.
Bug:
33860747
Change-Id: I1ccf546f78ee79ff027cb98124be81c8e5265a82
(cherry picked from commit
fe430be9f102893c95258cc81589df132b7d02b3)
Daniel Nishi [Wed, 22 Feb 2017 00:04:20 +0000 (16:04 -0800)]
Don't crash when primary volume is null in AppCollector.
getPrimaryStorageCurrentVolume() may return a null value. I did
not plan for this case in the AppCollector. This case occurs when
the primary storage is not mounted when the function is called.
By adding in a null check after getPrimaryStorageCurrentVolume()
and adding in preconditions to verify the non-nullness of the
volume as it propagates through the AppCollector, we ensure that
there should be no more NPE crashes for this reason.
Bug:
35636901
Test: FrameworkServicesTests
Change-Id: I4009e55502f71b8f14dd917ddd00caef3551aafd
(cherry picked from commit
d54f3a487bba1dc5008e2e1482ef451a59500752)
Meng Wang [Wed, 15 Feb 2017 05:55:09 +0000 (21:55 -0800)]
Add carrierconfig KEY_CARRIER_VOLTE_OVERRIDE_WFC_PROVISIONING_BOOL
Bug:
28709116
Change-Id: I19673ef092ebbd655e3d687fc8d92bd9f67c5645
(cherry picked from commit
0506299343e463598b819526cb6db6f46c2275f6)
Xiaohui Chen [Tue, 14 Feb 2017 22:55:07 +0000 (14:55 -0800)]
ReolverActivity: try auto launching single choice
We already does this on start. Now we also do the same when
the list of options changes.
Test: locally on device
Bug:
34470067
Change-Id: Ib184d67b532c5afd584fb9cd52daac69a7c50d0a
(cherry picked from commit
393c8018a1123f869698269e678876e03a5160ba)
gitbuildkicker [Thu, 16 Feb 2017 08:09:47 +0000 (00:09 -0800)]
merge in nyc-mr2-release history after reset to nyc-mr2-dev
TreeHugger Robot [Thu, 16 Feb 2017 03:02:14 +0000 (03:02 +0000)]
Merge "DO NOT MERGE - Ensuring that there are per-user last stack active times." into nyc-mr2-dev
Hall Liu [Thu, 16 Feb 2017 01:09:34 +0000 (01:09 +0000)]
Merge "Add extra key for app-specified outgoing call timeout" into nyc-mr2-dev
Chris Tate [Thu, 16 Feb 2017 00:50:56 +0000 (00:50 +0000)]
Merge "Harden against jobscheduler client app misbehavior" into nyc-mr2-dev
Manu Cornet [Thu, 16 Feb 2017 00:37:16 +0000 (16:37 -0800)]
DO NOT MERGE - Ensuring that there are per-user last stack active times.
- This fixes an issue where the last stack active time would be clobbered
when switching between users. With the policy in the phone/stack
recents, this is fine, but with the grid recents, it no longer only
applies when out of the historical window, so it is always wrong (it
would normally be wrong if switching back from another user after the
historical time of six hours).
This CL will migrate the last stack active time to a per-user secure
setting, which will be used going forward.
[This is a manual merge of change
1913535]
Bug:
35375206
Test: On the Ryu, launch some tasks, switch users, launch more tasks, and
return to the original user
Change-Id: Idc72920240093d15f822f5d9e3ee11b12a56edae
Hall Liu [Wed, 15 Feb 2017 02:11:11 +0000 (18:11 -0800)]
Add extra key for app-specified outgoing call timeout
Bug:
34474757
Test: manual
Merged-In: I6e7e67c946205b28440a4daeeab3a002f8d6bccc
Change-Id: Ia93d68d6a01308b0b93b88977daf983a0ed3a22c
gitbuildkicker [Wed, 15 Feb 2017 08:09:34 +0000 (00:09 -0800)]
merge in nyc-mr2-release history after reset to nyc-mr2-dev
Michael Kwan [Tue, 14 Feb 2017 22:53:41 +0000 (22:53 +0000)]
Merge "Fix incorrect values for VelocityTracker in SwipeDismissLayout." into cw-f-dev
am:
c61cd1a635
Change-Id: Ib1cff2ace082862c2a1c250170453b989f6697df
TreeHugger Robot [Tue, 14 Feb 2017 22:46:57 +0000 (22:46 +0000)]
Merge "Fix incorrect values for VelocityTracker in SwipeDismissLayout." into cw-f-dev
Michael Kwan [Tue, 14 Feb 2017 20:04:38 +0000 (12:04 -0800)]
Fix incorrect values for VelocityTracker in SwipeDismissLayout.
The offset used to adjust MotionEvents for swipe velocity tracking
was incorrect, and caused issues when touch points where close
together. Fixed the offset used, which resolved swiping issues.
Bug:
34673753
Change-Id: Ide6060b511510bcf299e3db778e6ffc6afda5e19
Philip P. Moltmann [Tue, 14 Feb 2017 16:03:27 +0000 (16:03 +0000)]
Merge "[DO NOT MERGE] Revert "[DO NOT MERGE] Delay SharedPreferences.apply() by 50 ms"" into nyc-mr2-dev
TreeHugger Robot [Tue, 14 Feb 2017 15:24:42 +0000 (15:24 +0000)]
Merge "2D Recents: Fix a glitch during task relayout after a dismiss" into nyc-mr2-dev
gitbuildkicker [Tue, 14 Feb 2017 08:09:33 +0000 (00:09 -0800)]
merge in nyc-mr2-release history after reset to nyc-mr2-dev
TreeHugger Robot [Tue, 14 Feb 2017 03:34:48 +0000 (03:34 +0000)]
Merge changes from topic 'pixel-c' into nyc-mr2-dev
* changes:
Introduce debounce to filter rapidly toggling type-c ports [DO NOT MERGE]
Fix handling usb dialog for wall chargers. [DO NOT MERGE]
Badhri Jagan Sridharan [Fri, 10 Feb 2017 03:45:21 +0000 (19:45 -0800)]
Introduce debounce to filter rapidly toggling type-c ports [DO NOT MERGE]
Type-c ports can quickly toggle between connected/disconnected
states. Introduce debounce to prevent sending spurious notifications.
Bug:
34972898
Test: notification should not be queued for a pixel-c charger not connected
to the power outlet.
Change-Id: I4aa19f9f864fe5b77e65f6a07a3184d8aba1f5fc
Badhri Jagan Sridharan [Mon, 13 Feb 2017 21:14:40 +0000 (13:14 -0800)]
Fix handling usb dialog for wall chargers. [DO NOT MERGE]
UsbPort.POWER_ROLE_SINK is orthogonal to the type of the charger
attached. POWER_ROLE_SINK would be the case for AC charging and
USB charging. Therefore query BatteryManager for the charger
type.
Bug:
34972898
Test: Charging notification should not show for pixel-c chargers.
Change-Id: I8dddcd7727b6af973bd173d2c6e325aa4be2ca3a
Amith Yamasani [Tue, 14 Feb 2017 01:02:53 +0000 (01:02 +0000)]
Merge "DO NOT MERGE : Revert "DO NOT MERGE. No direct Uri grants from system."" into nyc-mr1-dev am:
7556690cf5
am:
c510e19d18
Change-Id: I367d15ea4ab849ee16e58d08793dc7971304740f
Amith Yamasani [Tue, 14 Feb 2017 00:57:56 +0000 (00:57 +0000)]
Merge "DO NOT MERGE : Revert "DO NOT MERGE. No direct Uri grants from system."" into nyc-mr1-dev
am:
7556690cf5
Change-Id: Ib0446301e56751f6a72403155c576516cd7e559c
Michael Kwan [Tue, 14 Feb 2017 00:55:29 +0000 (00:55 +0000)]
Merge "Only modify window layout params when necessary." into cw-f-dev
am:
9fbd981f23
Change-Id: I14316841b80bdb25755e174528ef4bb271d3e005
TreeHugger Robot [Tue, 14 Feb 2017 00:49:41 +0000 (00:49 +0000)]
Merge "DO NOT MERGE : Revert "DO NOT MERGE. No direct Uri grants from system."" into nyc-mr1-dev
Michael Kwan [Tue, 14 Feb 2017 00:48:10 +0000 (00:48 +0000)]
Merge "Only modify window layout params when necessary." into cw-f-dev
Hakan Seyalioglu [Tue, 14 Feb 2017 00:41:51 +0000 (00:41 +0000)]
DO NOT MERGE - Check exported status in chooser
am:
7bae18232e
Change-Id: Ieda18baab005a6a85b5107dfab37d20dec990110
Philip P. Moltmann [Mon, 13 Feb 2017 20:59:21 +0000 (20:59 +0000)]
[DO NOT MERGE] Revert "[DO NOT MERGE] Delay SharedPreferences.apply() by 50 ms"
This reverts commit
2fc44947dd4f45a23c56985d4c12f01332027a9f.
Bug:
30662828
Change-Id: Ia22343c19e155555dff3b0cb58f7b58df0ce6301
Hakan Seyalioglu [Mon, 30 Jan 2017 19:14:48 +0000 (11:14 -0800)]
DO NOT MERGE - Check exported status in chooser
Relevant change in master is ag/
1844170
bug:
34147053
Change-Id: Ic9d9d65c66325904c95ab3966bdcc16e7668278b
(cherry picked from commit
e3286c3145d54564e783333ac2a2bb89b9ffdc49)
Amith Yamasani [Mon, 13 Feb 2017 21:59:14 +0000 (21:59 +0000)]
DO NOT MERGE : Revert "DO NOT MERGE. No direct Uri grants from system."
Reason: Breaking setting the user avatar in Settings.
Bug:
35158271
This reverts commit
b61338ecb307a2f595a8f78e290b5287a6503aaa.
Change-Id: Ia08c12be3da06b0d02e71635b46350c8ff50ec19
Michael Kwan [Sat, 11 Feb 2017 02:38:34 +0000 (18:38 -0800)]
Only modify window layout params when necessary.
Cancelling swipe-to-dismiss will trigger a check to ensure the window
is reset to its original state. Ensure that the reset is actually
required before setting the new layout attributes.
Bug:
34816397
Change-Id: Idf26ce7c8b63dc44a76effefcb32eb8d8665f605
TreeHugger Robot [Mon, 13 Feb 2017 20:49:50 +0000 (20:49 +0000)]
Merge "Fix live wallpaper not showing on lock screen after restore" into nyc-mr2-dev
TreeHugger Robot [Mon, 13 Feb 2017 20:04:08 +0000 (20:04 +0000)]
Merge "Workaround wallpaper restore race" into nyc-mr2-dev
Michael Kwan [Mon, 13 Feb 2017 19:32:29 +0000 (19:32 +0000)]
Add tweaks to smooth out swipe to dismiss.
am:
5758a9a94c
Change-Id: Id10a31504aa5a579e8670e7a23d2d99a990ed6e5
Bryan Mawhinney [Tue, 7 Feb 2017 15:18:07 +0000 (15:18 +0000)]
Workaround wallpaper restore race
If WallpaperManager is asked to read a wallpaper between when we
call mWm.clear and mWm.setStream, it is possible for us to end
up losing restored state such as cropHint and allowBackup
By not calling mWm.clear, we make this much less likely to happen.
It isn't necessary to call clear, as will explicitly overwrite
all the interesting state anyway.
Test: by repeated adb restore
Bug:
34760753
Change-Id: I2750695d5dd16077b47b5b8fca3a667b98cc4f6c
(cherry picked from commit
5c14853296172fe9885eee26d86351bd935e8430)
Bryan Mawhinney [Tue, 7 Feb 2017 15:27:19 +0000 (15:27 +0000)]
Fix live wallpaper not showing on lock screen after restore
A recent change in nyc-mr2 means that setWallpaperComponent will
promote any static system wallpaper to the lock screen. If we don't
actually have a static lock wallpaper to restore, we need to explicitly
clear the lock wallpaper to have the live one show through
Test: manually using adb backup / restore
Bug:
35090402
Change-Id: I8a2c5ffbaefe172c9d78a9f746ab87d9bc6b7448
(cherry picked from commit
96eb5b724bab31125e15eef2c926f6648567c3a1)
Bill Yi [Mon, 13 Feb 2017 14:10:54 +0000 (06:10 -0800)]
Import translations. DO NOT MERGE
Change-Id: I3355bb35c1500306ddaf5102f82beb010b67c208
Auto-generated-cl: translation import
Michael Kwan [Sun, 12 Feb 2017 21:43:45 +0000 (13:43 -0800)]
Add tweaks to smooth out swipe to dismiss.
Bug:
34673753
Change-Id: I5a9d420c70d124fc764803d505291e66818b1aa2
(cherry picked from commit
2e11adaac3ec959044e8154c67b6ab9cde82fdab)
Jeff Sharkey [Sun, 12 Feb 2017 10:26:51 +0000 (10:26 +0000)]
DO NOT MERGE. Grant MMS Uri permissions as the calling UID. am:
6f754e48e9 am:
a0b1198e70 -s ours am:
48f1ddc94a am:
00f5232dd0 am:
9335807fc4 am:
208dcadb4f -s ours am:
9aca89293a am:
ab296986fc am:
55ef8ba763
am:
62314d7dd3
Change-Id: I1eca65886210f095a29125506422a846ae6567f9
Jeff Sharkey [Sun, 12 Feb 2017 10:22:43 +0000 (10:22 +0000)]
DO NOT MERGE. Grant MMS Uri permissions as the calling UID. am:
6f754e48e9 am:
a0b1198e70 -s ours am:
48f1ddc94a am:
00f5232dd0 am:
9335807fc4 am:
208dcadb4f -s ours am:
9aca89293a am:
ab296986fc
am:
55ef8ba763
Change-Id: Ie2f9e943501b62177b23b701a9eea219a1dc696f
OSDN Git Service
