| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
check if device is a character device, before calling
ashmem_get_size_region. We do not check if the st_rdev
matches /dev/ashmem. So this at least eliminates making
this call when associated with a socket.
Bug: 26374183
Change-Id: I68ed9d1c2cd4c47228ed065e3e18eb4151f038f4
|
|
|
|
|
|
|
| |
Resolve a file descriptor leak when a request for
ashmem size adjustment is not filed.
Change-Id: I4ebccfd096ec5313725fd99dc3e025f9561d061f
|
|\
| |
| |
| |
| |
| | |
Ticket: CYNGNOS-3020
Change-Id: I13076de5caf1546b8eef44417ee83cd9b2cb9d62
|
| |
| |
| |
| |
| |
| |
| |
| | |
bail out if dup() fails, instead of creating an invalid native_handle_t
Bug: 28395952
Change-Id: Ia1a6198c0f45165b9c6a55a803e5f64d8afa0572
|
|\ \
| |/
| |
| |
| |
| |
| | |
Ticket: CYNGNOS-2373
Android 6.0.1 release 43 (MOB30J)
Change-Id: I1d6a9cc67ded5dd7d0ee1f17773e326ac0ae87ce
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Sending transaction to freed BBinder through weak handle
can cause use of a (mostly) freed object. We need to try to
safely promote to a strong reference first.
Change-Id: Ic9c6940fa824980472e94ed2dfeca52a6b0fd342
(cherry picked from commit c11146106f94e07016e8e26e4f8628f9a0c73199)
|
| |
| |
| |
| |
| |
| | |
Bug 26877992
Change-Id: Ibbf4b1061e4675e4e96bc944a865b53eaf6984fe
|
|\ \
| | |
| | |
| | |
| | | |
Ticket: CYNGNOS-2213
Android 6.0.1 release 24
|
| |/
| |
| |
| |
| |
| | |
Bug 26877992
Change-Id: Ibbf4b1061e4675e4e96bc944a865b53eaf6984fe
|
| |
| |
| |
| | |
Change-Id: I58e4ce885bce5fc11f3e36f50a1060b682b4a512
|
| |
| |
| |
| |
| |
| |
| | |
The addition of ashmem size tracking can lead to parcel objects
overwriting other values on the stack in old binary blobs.
Change-Id: Ife8514be1ba639c4061de38b59794c46bcc2d7f8
|
|\ \
| |/
| |
| |
| |
| |
| |
| | |
https://android.googlesource.com/platform/frameworks/native into cm-13.0
Android 6.0.1 release 3
Change-Id: I437aaf148d440a8144afe1454948980fc3b40cca
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Makes sure we don't change the memory layout of the Parcel class
to maintain binary compatibility with prebuilts linking against
libbinder.
Bug: 25004154
Change-Id: I656687497f08bb85cefda796aafa2341e601e30a
|
| |
| |
| |
| |
| |
| |
| | |
This reverts commit 6880307e8e35a6c484942443fb4ddd6173126152.
Bug: 25004154
Change-Id: I9b432d1ebc39f3bbcd7afdefc403f0fb6ced8158
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This reverts commit e2f499fb734bc30a1e1c947112caa0727349b6ed.
Bug: 25169267
Bug: 25191602
Bug: 25004154
Change-Id: I24bb0da4e8739ee5a0c251e4adac9904827144e0
|
| |
| |
| |
| |
| | |
Bug: 25004154
Change-Id: Id9d5656dd0605f1b50525596b75601309f67ebdc
|
| |
| |
| |
| |
| |
| |
| | |
The addition of ashmem size tracking can lead to parcel objects
overwriting other values on the stack in old binary blobs.
Change-Id: Ida52cec851a6f9d5a57c8f9130a5875c03dcb094
|
| |
| |
| |
| |
| |
| |
| | |
Using the __attribute__((unused)) preprocessor directive
Change-Id: I29d27fd7eacb962ffa06ccd81ee48b48f3743243
(cherry picked from commit 047c69bb8e17eab6f3432fae200fe94f7e119755)
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Source:
http://git.insignal.co.kr/samsung/exynos/android/platform/frameworks/native/commit/?h=exynos-jb&id=dc4cd25cc41e4358debd0c7d1a2706d208a58df6
Change-Id: Ib06cc37a2a25c78a061ee2bad48eec2d01b07833
binder: update MemoryHeapIon
* Update from ODROID-XU 09232013 BSP release
Change-Id: I5245c8a9f783e8902bf91a0ee23e60ebeb335b27
binder: update MemoryHeapIon
* Update from ODROID-XU 04212014 BSP
Change-Id: Ifc2664bcde37a71d855e05e7c9e50288a4508892
binder: Fixed new CM SLSI build variant
Change-Id: Icfff592cf705af660c7318b08fce75dbbf42103c
(cherry picked from commit 014ad5eee0a7de70c4a9f66e8f5ce7b32f4ecb16)
|
|
|
|
|
|
|
|
|
| |
writeByteArray writes the size using sizeof(size_t), however it is always
read using readInt32(). On devices where sizeof(size_t) != 4 this causes
extra bytes to be written.
BUG: 22204736
Change-Id: I8d4507b6b616857ef5827f1fe9da0907d09abf0e
|
|
|
|
|
|
|
|
|
|
|
| |
Make sure that we don't go haywire if an exponential buffer growth
operation winds up wrapping integer range. Along the way, fix a
bookkeeping bug in BufferedTextOutput that would cause it to keep
spuriously realloc()ing on every append().
Bug 20674694
Change-Id: Ia845b7de36b90672a151a918ffc26c7da68e20a2
|
|
|
|
|
|
|
|
|
|
|
| |
We now check for fd-legality before committing binder objects to
the flattened data buffer rather than after. Previously we would
wind up corrupting the parcel and incurring driver-level errors,
as well as potentially leaking FDs.
Bug 21428802
Change-Id: Ice0d641b3dcc41fb1b8c68ce2e2ebd744c2863a1
|
|
|
|
|
|
|
|
|
|
|
| |
Add functions to allow a client to take over the ashmem region
that was transferred so that it can claim it for its own and
reuse it.
Add support for mutable ashmem regions too.
Bug: 21428802
Change-Id: I16eca338cdb99b07d81fc43573d53ce86dbc60c8
|
|
|
|
|
|
|
|
| |
Attempts to replicate Java parceling in native code is fraught with
peril.
Change-Id: I4359036c5dddd1b886d886beef1d060523e53e5f
(cherry picked from commit f47a381001d4d4ce66c2e35aac5b96a26acc0730)
|
|\ |
|
| |
| |
| |
| |
| |
| | |
Bug: 15986092
Change-Id: I272ec070113a0bfc41c637c45a6e1a2ab346e87b
|
|/
|
|
|
|
|
|
|
|
| |
When appending one parcel's contents to another, ignore binder
objects within the source Parcel that appear to lie beyond the
formal bounds of that Parcel's data buffer.
Bug 17312693
Change-Id: If592a260f3fcd9a56fc160e7feb2c8b44c73f514
|
|
|
|
|
|
|
|
|
| |
The inputs to native_handle_create can cause an overflowed allocation,
so check the return value of native_handle_create before accessing
the memory it returns.
Bug:19334482
Change-Id: I1f489382776c2a1390793a79dc27ea17baa9b2a2
|
|
|
|
| |
Change-Id: I727a2bb1e28ae9158f2df9c74dd0aee977dfd47f
|
|\ |
|
| |
| |
| |
| | |
Change-Id: Id747767377953fd644a538aad3f603d6c50875a2
|
|/
|
|
|
|
|
| |
(cherrypicked from commit 6329f0199ed04030e6c2bd7aecd036387b732c71)
Bug: 20669363
Change-Id: Ia4c8d8ca9d8b4b87954d7267e8b1c94cf4e570e1
|
|\ |
|
| |
| |
| |
| | |
Change-Id: Ideacdc974ebad542df724464ccba9fcfb2b7ea91
|
|\ \
| |/
|/| |
|
| |
| |
| |
| |
| |
| |
| | |
Requires change Ifaf115da in frameworks/base.
Bug: 20079551
Change-Id: Ifaf115dabd1a59cdb1b46e2d49c41f64ac107de4
|
|/
|
|
|
|
|
|
|
| |
Will be used by the system_server watchdog to monitor the
availability of binder threads in the process to handle
incoming IPC requests.
Bug: 19297165
Change-Id: I39175f3869ad14da5620fddb47f454e6e4ee2b25
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It's a security best practice for size_t values to be rejected if
they are greater than INT32_SIZE. This is intended to prevent the
common error of inadvertently passing a negative int value to a
function, which after conversion to an unsigned type, becomes a huge
number, defeating the purpose of bounds checking.
This patch also addresses a bug where the call to:
Parcel::write(buf, (size_t) -1);
would call writeInPlace() which uses PAD_SIZE on the supplied
argument. This would then cause an integer overflow, with PAD_SIZE
returning a small value, but the memcpy in Parcel::write using the
old large length value.
Bug: 19573085
Change-Id: Ib11bfb3dae4f3be91cd17b2c676926700972c7b8
|
|\ |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This makes apps linked against the previous non-static versions
work with the new libbinder.
Bug: 19060033
Bug: 19773812
Change-Id: I3b5c78cbb4f4c0681ca1042e4d8503d98f969502
|
| |
| |
| |
| |
| |
| |
| | |
so we can do NULL checks again, and update calls to IInterface::asBinder()
to use the new static version.
Change-Id: Ia7b10eb38ca55b72278bfd33d3bf647f338b4e6a
|
| |
| |
| |
| |
| | |
Bug: 19620911
Change-Id: Ifce5319e4e35afd344dead67ab7ba1cd399476a3
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- Adds a new AIDL interface for querying process
information from activity manager.
Bug: 19186859
Change-Id: Ic08858f346d6b66e7bfc9da6faa2c6e38d9b2e82
|
|\ \
| | |
| | |
| | |
| | | |
* commit '6e32c0377db89bafa477715b3a02431d651978cf':
Kill HAVE_PTHREADS.
|
| | |
| | |
| | |
| | |
| | | |
Bug: 19083585
Change-Id: I355491de945590f43c82bdcb7968b01b4bff6e06
|
|\ \ \
| |/ /
| | |
| | |
| | | |
* commit '8f3ade0c9ab52a1e4f13d6ff1922dd98e3ccdbcc':
Follow StrictMode refactoring.
|
| | |
| | |
| | |
| | |
| | | |
Bug: 18335678
Change-Id: Iea920cfa26b5ebfd77b4601c9e6e65b21599342a
|
|\ \ \
| |/ /
| | |
| | |
| | | |
* commit 'aec922426620804768f00a6c5cb902f278f2967f':
Replace all instances of intptr_t with uintptr_t.
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When compiling 32 bit binaries against a 64 bit binder interface,
implicit promotions of intptr_t types to uint64_t for fields in the
binder ioctl structures can result in invalid pointers because of sign
extension.
|
|\ \ \
| |/ /
| | |
| | |
| | |
| | |
| | | |
interface test."
* commit '41a160c4cda1ef2c916028ec2d0801da738b5249':
Fix signed/unsigned comparison warnings in driver interface test.
|