summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add @GuardedBy annotation to PersistentDataBlockService#mIsWritable.Charles He2017-03-221-0/+3
| | | | | | | | | | | | Test: manual Bug: 30352311 CVE-2017-0498 Change-Id: I1024f2a56badde5c123d025d6fe02f42559cbcb1 (cherry picked from commit f6f1d627483b4dad9d65176769a1ee92c59a4810) (cherry picked from commit 71d2a41dd9c8be8c4bca5eba339802e1e0c2be3c) (cherry picked from commit 5f621b5b1549e8379aee05807652d5111382ccc6)
* Prevent writing to FRP partition during factory reset.Charles He2017-03-222-6/+19
| | | | | | | | | | | | | | | | Avoid potential race condition between FRP wipe and write operations during factory reset by making the FRP partition unwritable after wipe. Bug: 30352311 Test: manual CVE-2017-0498 Change-Id: If3f024a1611366c0677a996705724458094fcfad (cherry picked from commit a629c772f4a7a5ddf7ff9f78fb19f7ab86c2a9c2) (cherry picked from commit a9437bd1caeeb38780d920a81bde8cc7ca280fe0) (cherry picked from commit 1c4d535d0806dbeb6d2fa5cea0373cbd9ab6d33b)
* DO NOT MERGE. Retain DownloadManager Uri grants when clearing.Jeff Sharkey2017-03-132-0/+9
| | | | | | | | | | | | | | | | | | | | As part of fixing a recent security issue, DownloadManager now needs to issue Uri permission grants for all downloads. However, if an app that requested a download is upgraded or otherwise force-stopped, the required permission grants are removed. We could tell DownloadManager about the app being stopped, but that would be racy (due to background broadcast), and waking it up would degrade system health. Instead, as a special case we now only consider clearing DownloadManager permission grants when app data is being cleared. Bug: 32172542, 30537115 Test: builds, boots, app upgrade doesn't clear grants Change-Id: I7e3d4546fd12bfe5f81b9fb9857ece58d574a6b9 (cherry picked from commit 23ec811266fb728cf159a90ce4882b3c9bac1887) (cherry picked from commit 6eee8e37fd06bd47dd19b8503bc30cc8ccaf72a7) (cherry picked from commit 36772fc2263e06972add737660392afd246da15e)
* DO NOT MERGE: Check provider access for content changes.Jeff Sharkey2017-03-133-31/+97
| | | | | | | | | | | | | | | | For an app to either send or receive content change notifications, require that they have some level of access to the underlying provider. Without these checks, a malicious app could sniff sensitive user data from the notifications of otherwise private providers. Test: builds, boots, PoC app now fails Bug: 32555637 Change-Id: If2dcd45cb0a9f1fb3b93e39fc7b8ae9c34c2fdef (cherry picked from commit c813f5dae231bd8f01864227c5dba10d43a89249) (cherry picked from commit db57376d6ccbd4d3e39fc35aa8cfb561bbca4bac) mh0rst: Backport from android-7.1.1_r21
* Automatic translation importAbhisek Devkota2017-02-1945-151/+3483
| | | | Change-Id: I80e32cc003cc9c8707732b27a683e87cdd67375d
* Use STREAM_RING on non-voice capable devicesLuK13372017-02-112-7/+17
| | | | | | * That's what Google does. Change-Id: Iac88d161eb1dccbbb5c538d5e04d8d1fc43edef2
* resolve merge conflicts of 89aa6fb to mnc-dr-devHugo Benichi2017-02-031-0/+9
| | | | | Change-Id: I9e4e538081600be6a8199060bcb0d4040c071a22 (cherry picked from commit a0cfb157ecf69c948e37db5a9df6cb8a8102874c)
* Fix idmap leak in zygote processneo.chae2017-02-031-0/+1
| | | | | | | | | | | | | | | Fix a idmap leak in AssetManager::addSystemOverlays. And, The fix could also prevent fd leak of idmap. Test: none Bug: 32691930 Signed-off-by: Hyangseok Chae <neo.chae@lge.com> (cherry picked from commit 6a742a38509693f8b39ee9a5ad2803fca12688bf) Change-Id: Idc4af77db2b0cb739bd6b009b6af0f9123be1aac (cherry picked from commit 0244ca8d10dfc27e14f481fe649b89f7638c48eb)
* Zygote: Additional whitelisting for legacy devices.Narayan Kamath2017-02-031-0/+6
| | | | | | | | | | | | | | On M and below, we provide a blanket whitelist for all files under "/vendor/zygote_whitelist". This path is whitelisted purely to allow this patch to be applied easily on legacy devices and configurations. Note that this does not amount to a loosening of our security policy because whitelisted files are reopened anyway. Bug: 32691930 Test: manual Change-Id: If5b53f6f0a707f8d36603c09bfd3f72dbfbbbb99 (cherry picked from commit 5e2f7c6229d7191183888d685b57a7d0a2835fce)
* Zygote: Additional whitelists for runtime overlay / other static resources.Narayan Kamath2017-02-031-3/+41
| | | | | | | | | | | | | Partially cherry picked from commit 1c15c635785c64a. These files are safe to reopen for the same reason that files in /system/framework are. They're regular files and will not change after the first zygote fork. Bug: 32618130 Change-Id: I119e0bfcbf397cb331064adf148d92a5cd3ea92f (cherry picked from commit 4e8ba1d73eee1311bb78144be43862b393548d5d)
* Zygote : Block SIGCHLD during fork.Narayan Kamath2017-02-031-5/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix merge conflict into mnc-mr2-release We close the android logging related sockets prior as late as possible before every fork to avoid having to whitelist them. If one of the zygote's children dies after this point (but prior to the fork), we can end up reopening the logging sockets from the SIGCHLD signal handler. To prevent this from happening, block SIGCHLD during this critical section. Bug: 32693692 Test: Manual (cherry picked from commit e9a525829a354c92983a35455ccab16d1b0d3892) Zygote: Unblock SIGCHLD in the parent after fork. Follow up to change e9a525829a354c92983a. Allows the zygote to receive SIGCHLD again and prevents the zygote from getting into a zombie state if it's killed. Contributed-By: rhed_jao <rhed_jao@htc.com> Bug: 32693692 Test: manual (cherry picked from commit 1480dc3e97b661f5bfa3a5c2fbce72385b8d2be6) Change-Id: If89903a29c84dfc9b056f9e19618046874bba689
* DO NOT MERGE) ExifInterface: Provide backward compatibilitySungsoo2017-02-031-2/+1
| | | | | | | | | | ExifInterface.saveAttribute() didn't throw UnsupportedOperationException before. Use IOException instead of UnsupportedOperationException for backward compatibility. Bug: 30936376, Bug: 32068647, Bug: 31319086 Change-Id: Iacc7b4d91d49edd7bece8f2e738a633a91025eca (cherry picked from commit 7ce9243087b04bce719e1f3d10a14b9b26b8ea81)
* Do not crash on malformed DHCP packets.Hugo Benichi2017-02-032-35/+181
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes possible crashes with malformed DHCP packets. It is part of Android Security Bulletin of January 2017 and mitigates CVE CVE-2017-0389. Squash of: Author: Lorenzo Colitti <lorenzo@google.com> Date: Wed Mar 02 13:31:52 2016 +0900 Don't crash if we get a DHCP packet with the wrong port. This should only happen if we get a packet in the small time window between binding the packet socket and programming the BPF filter on it. Bug: 26696823 Change-Id: I481f1bc74bbaeb9646d96e1841d2a69acdb47d62 Author: Hugo Benichi <hugobenichi@google.com> Date: Wed Oct 05 18:33:21 2016 +0900 Catch runtime exceptions when parsing DHCP packets This patch adds a try catch all to DHCP packet parsing so that DhcpClient does not choke on malformed packets, brinding down with it the whole framework. Test: added new unit tests catching the issue fixed in this patch. Bug: 31850211 Change-Id: I3c50a149fed6b2cbc4f40bb4f0e5bb2b56859b44 Author: Hugo Benichi <hugobenichi@google.com> Date: Wed Oct 05 21:07:19 2016 +0900 Reject DHCP packets with no magic cookie This patch adds an explicit check in the DHCP packet parser for rejecting packets without a magic cookie, instead of relying on the top-level try-catch-all in the parser. This allows to add to DHCP error metrics this specific error. It also allows to add two poor man's fuzzing tests that tries to find additional gaps in the DHCP packet parser by - trying to parse all subslices of a valid offer packet. - trying to parse random byte arrays. Test: covered by previously introduced malformed DHCP packet unit tests + additional fuzzing tests. Bug: 31850211 Change-Id: If53c9ba9df78d7604ec018c9d67c237ae59c4833 Change-Id: Ic5a8fa4feb46cca325cb5c47616ee63b22d2e7c8 mh0rst: Backported to cm-13.0.
* Public volumes belong to a single user.Jeff Sharkey2017-02-032-2/+10
| | | | | | | | | | | | | | | When a public (vfat) device is inserted, it's strongly associated with the current foreground user, and no other users should be able to access it, since otherwise that would be a cross-user data leak. To use the device under a different user, switch users and then eject/remount the device. Test: verified user isolation of USB drive Bug: 32523490 Change-Id: I590c791996f1fea8d78f625dc942d149f1f41614 (cherry picked from commit 8b38d083c42e2706e1ff5a1410fa61d1f5dea3f5) (cherry picked from commit 47e62b7fe6807a274ba760a8fecfd624fe792da9)
* Automatic translation importAbhisek Devkota2017-02-032-2/+3
| | | | Change-Id: Ifa3700c8e74716373712ebb84270eecbc3d94f45
* Automatic translation importAbhisek Devkota2017-02-028-15/+29
| | | | Change-Id: Id277710144095d2411baed890eeff40899482491
* Automatic translation importAbhisek Devkota2017-01-2788-741/+137
| | | | Change-Id: Ib115f3813214bfffb935cf522d0e31e8c95be4de
* Revert "Add overlay option for Settings.System.ACCELEROMETER_ROTATION_ANGLES"Zhao Wei Liew2017-01-242-10/+0
| | | | | | | | | | | | The default of 11 (90, 270 and 360 degrees) is perfectly fine. Thus, this overlay is pretty useless. Only 1 device currently uses this (and not due to any major issue), so we aren't losing anything by removing this overlay. This reverts commit 936c4bfa7c64ce4403d519d0f0df72523da1ec21. Change-Id: I7eb81d00af1672638689daddd1e78c7e12b21c4d
* base: Switch to LineageOS ADB iconJoey Rizzoli2016-12-311-15/+5
| | | | | | | Credit: @vazguard Change-Id: I8362cb30fa3ca3d10798e4723458e127d3dab327 Signed-off-by: Joey Rizzoli <joey@lineageos.it>
* Telephony: Don't crash for too long baseband versionMichael W2016-12-301-0/+6
| | | | | | | | Add a check and truncate the baseband version when it's longer than the allowed value for a SystemProperty (currently 91) Change-Id: I845b331650eb4446aa251e48d7594ecb10146d54 Reference: BugDumps 13-20161216-22 L#22
* Revert "Add CM PlatLogo (1/2)"Zhao Wei Liew2016-12-298-266/+4
| | | | | | | | As part of the rebrand to LineageOS. This reverts commit aed50cbe3c3dbe175dac695764df586d8dda14c9. Change-Id: I7ee6125f6c8d4ec8e57e5a1673bf2e095a11cb76
* Revert "Update ADB status bar icon"Zhao Wei Liew2016-12-291-22/+19
| | | | | | | | Bring in the new icon when it's done. This reverts commit 5ead120b6274841fe4a4c7552c44383e611478a7. Change-Id: I92ebb56b2bff9c03868002f6ef12ae017d197e7e
* Merge "Automatic translation import" into cm-13.0Abhisek Devkota2016-12-283-9/+9
|\
| * Automatic translation importinky@build012016-12-243-9/+9
| | | | | | | | | | Change-Id: Id213522b9303ea0bde8b5620cf88fbdb36414015 Ticket: -
* | StatusBarIconView: Enable notification icon count by defaultZhao Wei Liew2016-12-231-2/+2
| | | | | | | | | | | | This used to be enabled by default in previous releases. Change-Id: I24766bed58d081a0dd4763b9602379ff6435e092
* | SettingsProvider: Remove def_notif_count overlayZhao Wei Liew2016-12-231-3/+0
|/ | | | | | This is no longer used. Change-Id: Ifd8eaa1d9d1f156dbfa4fdf278f95213ee32271e
* Automatic translation importblinky@build012016-12-22103-7/+1041
| | | | | Change-Id: I251ee7b9d1508a91692a8a8c1ba863730fcf125b Ticket: -
* Fix "Error parsing XML: not well-formed"Omico2016-12-231-1/+1
| | | | | | frameworks/base/packages/SystemUI/res/values-zh-rTW/cm_strings.xml:65: error: Error parsing XML: not well-formed (invalid token) Change-Id: Ic29b77776c48d4a663656bf6ea40c8c4f0253414
* Automatic translation importblinky@build012016-12-214-34/+78
| | | | | Change-Id: Ic49d5ed34f92ca0298510b6ca8a3a279a0ea6e4d Ticket: -
* Automatic translation importclyde@build012016-12-2045-0/+945
| | | | | Change-Id: Icd3adceb4cfd523f56b7072934a037a203fd0b81 Ticket: -
* Automatic translation importblinky@build012016-12-182-2/+2
| | | | | Change-Id: I7eff0ec212cba24f97f35bddf3310e39b5fd1ce6 Ticket: -
* Automatic translation importclyde@build012016-12-164-0/+96
| | | | | Change-Id: I86e57b89e58d2cf5985e62b8d582f49285c265f3 Ticket: -
* Automatic translation importpinky@build012016-12-153-3/+3
| | | | | Change-Id: I53e8f93c43ddb93433c81d457e9721c0fff07b81 Ticket: -
* DO NOT MERGE) ExifInterface: Close the file when an exception happensSungsoo2016-12-121-1/+3
| | | | | | | | CYNGNOS-3312 Bug: 32068647, Bug: 30936376 Change-Id: I22fa2384348c890ca726d2b1632cd54e59d25a8f (cherry picked from commit cb17930077de640411407636eebc000e2d06dd9c) (cherry picked from commit 2c79cada8897dcb171b8227b4ea91c292400702f)
* DO NOT MERGE Isolated processes don't get precached system service bindersChristopher Tate2016-12-121-9/+16
| | | | | | | | | | | | | | More specifically, they get a PackageManager binder -- necessary for Android process startup and configuration -- but none of the other usual preloaded service binders. CYNGNOS-3312 Bug 30202228 Change-Id: I3810649f504cd631665ece338a83d2e54d41ad05 (cherry picked from commit 2c61c57ac53cbb270b4e76b9d04465f8a3f6eadc) (cherry picked from commit f4d23f30c92bc80808f57677caab0282c8d28dc6) (cherry picked from commit 9357830a380c8174ce5130941a7a53915d680819)
* Automatic translation importclyde@build012016-12-041-1/+1
| | | | | Change-Id: If3346af7ccc0e84d99d03b1c50f6b9e413d984b7 Ticket: -
* Support for MODE_ASK in commandlineamtlib-dot-dll2016-12-031-1/+8
| | | | Change-Id: Idaf46295aff58259c786de4a4fef9c475c363cff
* AppOps: Do not prune apps that are not presentJorge Ruesga2016-12-031-4/+11
| | | | | | | | | | | Do not prune apps that are not currently present in the device (like USB memory ones). While booting, they are not available but must not be purged from AppOps, because they are still present in the Android app database. Issue-Id: CYAN-2811 Change-Id: I6680cbdf0022812b45d966dffee754399e92accb Signed-off-by: Jorge Ruesga <jorge@ruesga.com>
* Automatic translation importinky@build012016-12-027-17/+17
| | | | | Change-Id: Ic80541e78c8570809868ce067a5176acb9d6a5a2 Ticket: -
* Automatic translation importinky@build012016-11-2910-201/+21
| | | | | Change-Id: I38a02ada64c66994c99ba5aee59a522931227337 Ticket: -
* Themes: Don't cache explicitly themed resourcesBharadwaj Narasimha2016-11-281-26/+1
| | | | | | | | | When a nav bar should be unchanged in the process of customization(like changing icons,fonts) the nav bar changes due to explicitly caching themed resources. Change-Id: I3135fac9df82a0551879908f6bf24deba0da0339
* Build: use UserHandle.isApp for M compatibilityZhao Wei Liew2016-11-271-1/+1
| | | | Change-Id: Ie4511c547d9afe2697e1ac3519f41a9b19784f18
* Make Build.TYPE and Build.FINGERPRINT consistent for apps.Danny Baumann2016-11-252-0/+43
| | | | | | | | | | Some apps (namely Android Wear) like to do comparisons between TYPE and FINGERPRINT and throw errors on inconsistencies. As our fingerprints are almost always taken from stock ROMs, they don't really match our builds, causing said comparisons to fail. Avoid those failures by taking build type out of fingerprint for apps. Change-Id: I8e8db64de7ea224572ecb3695c85abea91e0e29f
* zygote: Allow device to append extra whitelisted pathsLuca Stefani2016-11-172-1/+35
| | | | Change-Id: Ic5b056d7ead520da8648db9be28e16a81ec27c73
* SettingsLib: Fix possible NPEsMichael W2016-11-141-3/+6
| | | | | | | | | getText() can return null, resulting in a NPE when trying to call toString(). Add a null check to prevent this. Additionally add a null check for packageInfo, as this can also be null. Change-Id: Ia76326522872f4de4702ef56640b2f7b357c2bb7 Reference: BugDumps 20161104-10 L#135
* zygote: Add /proc/ged to the FD whitelistRicardo Cerqueira2016-11-121-1/+2
| | | | | | This is used by some platforms' gfx stack Change-Id: Ife6e1b0df30fc23eff7fb6a16ff95c3e7b16a9c7
* frameworks/base: Addition of Changes for ZeroBalance featurePragnya Paramita2016-11-104-0/+144
| | | | | | | | | | | | | | | | --Addition of code to receive broadcast from ZeroBalanceHelper application for executing command to write block/unblock rule to Iptable. --Addition of ZeroBalanceHelper file to be accesible by other modules to notify ZeroBalanceHelper application about update on change of SIM balance. --Addition of rule to allow browser uid when rest all applications are in blocked state. --Addition of feature flag to control the zerobalance feature. CRs-Fixed: 927258 Change-Id: Ifdf4c46fd63ab78193047a9bc8b62bf41065a665
* NotificationManager: Concentrate LED light capabilities at a single locationRicardo Cerqueira2016-11-106-14/+114
| | | | | | | | | | | | | We had(have) a bunch of individual boolean toggles for various LED behaviors and combinations, which end up getting used as a similarly sprawling bunch of getResource() calls across various locations. And they keep piling up... So... create a new overlayable array of LED capabilities (config_deviceLightCapabilities) where we can throw everything (and expand in the future). Also, create a helper to abstract usage of the old (multi-resource) and new (single resource array) formats to avoid breaking any deployed devices. Change-Id: I7d627914b058861048071fc15776031c4152157f
* Add CMSDK resource APK to Zygote FD whitelistSteve Kondik2016-11-101-1/+2
| | | | Change-Id: Ica91b23e467db61f142b183316db4afee2a2a283
* am: Fix mismergeBruno Martins2016-11-091-9/+0
| | | | | | | * The removal of this code was missed out during merge of tag 'android-6.0.1_r74' Change-Id: I57dc035f79b7e20c09a21d5242c20370ad6d34ce
generated by cgit v1.1 at 2025-01-07 20:35:48 +0000