summaryrefslogtreecommitdiffstats
path: root/libs
Commit message (Collapse)AuthorAgeFilesLines
* Fix SF security vulnerability: 32706020Fabien Sanglard2017-03-131-0/+1
| | | | | | | | | | | | Because of lack of mutex lock when get mConsumerName, if one thread getConsumerName, another thread setConsumerName frequently, an UAF will be triggered. Change-Id: Id1bbf0d15de6d16def2f54ecade385058cda3b65 Test: Marling with poc provided in bug report. Bug: 32706020 (cherry picked from commit d073eb7a3f28fd74bfa24c8b7599465cb7de5436) (cherry picked from commit 2e16d5fac149dab3c3e8f1b2ca89f45cf55a7b34)
* Correct overflow check in Parcel resize codeChristopher Tate2017-03-131-2/+2
| | | | | | | | | Fix merge conflict into nyc-mr1-release Bug 31929765 Change-Id: Ie27b9945f1de056624668869bdf9a5578abff467 (cherry picked from commit 65dd433f0db2fe402dc725f7012c6e26769b3224) (cherry picked from commit b4d6b292bce7d82c93fd454078dedf5a1302b9fa)
* Fix SF security vulnerability: 32660278Fabien Sanglard2017-01-131-0/+1
| | | | | | | | | | | | Because of lack of mutex lock when get mSidebandStream, if one thread getSidebandStream, another thread setSidebandStream frequently, an UAF will be triggered. Bug: 32660278 Test: Marlin device with poc Change-Id: Idbcf0976ce2db682d0f13455105c45a5c7481a45 (cherry picked from commit 2d8a2432e04234d9edbb3b099f9bbbaa36ad4843) (cherry picked from commit 675e212c8c6653825cc3352c603caf2e40b00f9f)
* Merge tag 'android-6.0.1_r66' into HEADJessica Wagantall2016-09-071-0/+5
|\ | | | | | | | | | | | | Android 6.0.1 release 66 # gpg: Signature made Tue 06 Sep 2016 09:26:47 AM PDT using DSA key ID 9AB10E78 # gpg: Can't check signature: public key not found
| * Region: Detect malicious overflow in unflattenPablo Ceballos2016-07-211-0/+5
| | | | | | | | | | | | Bug 29983260 Change-Id: Ib6e1cb8ae279010c5e9960aaa03513f55b7d873b
* | system_server BINDER_TYPE_FD driver ashmem accessorsMark Salyzyn2016-07-151-2/+30
| | | | | | | | | | | | | | | | | | | | | | check if device matches the ashmem rdev, before calling ashmem_get_size_region. This eliminates making this call when associated with other driver file descriptors. Bug: 26374183 Bug: 26918423 Bug: 26871259 Change-Id: I1f88c2c93ea35a73c8e14125f3d1a6c67fa4f15b
* | system_server BINDER_TYPE_FD sockets using ashmem accessorsMark Salyzyn2016-07-151-5/+14
| | | | | | | | | | | | | | | | | | | | check if device is a character device, before calling ashmem_get_size_region. We do not check if the st_rdev matches /dev/ashmem. So this at least eliminates making this call when associated with a socket. Bug: 26374183 Change-Id: I68ed9d1c2cd4c47228ed065e3e18eb4151f038f4
* | Parcel: file descriptor leakMark Salyzyn2016-07-151-4/+3
| | | | | | | | | | | | | | Resolve a file descriptor leak when a request for ashmem size adjustment is not filed. Change-Id: I4ebccfd096ec5313725fd99dc3e025f9561d061f
* | Merge remote-tracking branch 'remotes/android-6.0.1_r52' into HEADJessica Wagantall2016-07-071-1/+7
|\ \ | |/ | | | | | | | | Ticket: CYNGNOS-3020 Change-Id: I13076de5caf1546b8eef44417ee83cd9b2cb9d62
| * Correctly handle dup() failure in Parcel::readNativeHandleMarco Nelissen2016-05-271-1/+7
| | | | | | | | | | | | | | | | bail out if dup() fails, instead of creating an invalid native_handle_t Bug: 28395952 Change-Id: Ia1a6198c0f45165b9c6a55a803e5f64d8afa0572
* | Merge tag 'android-6.0.1_r43' into HEADJessica Wagantall2016-05-033-3/+12
|\ \ | |/ | | | | | | | | | | Ticket: CYNGNOS-2373 Android 6.0.1 release 43 (MOB30J) Change-Id: I1d6a9cc67ded5dd7d0ee1f17773e326ac0ae87ce
| * Fix issue #27252896: Security Vulnerability -- weak binderDianne Hackborn2016-03-251-2/+10
| | | | | | | | | | | | | | | | | | Sending transaction to freed BBinder through weak handle can cause use of a (mostly) freed object. We need to try to safely promote to a strong reference first. Change-Id: Ic9c6940fa824980472e94ed2dfeca52a6b0fd342 (cherry picked from commit c11146106f94e07016e8e26e4f8628f9a0c73199)
| * BQ: fix some uninitialized variablesPablo Ceballos2016-03-252-1/+2
| | | | | | | | | | | | | | Bug 27555981 Bug 27556038 Change-Id: I436b6fec589677d7e36c0e980f6e59808415dc0e
| * Add SN loggingPablo Ceballos2016-02-261-0/+1
| | | | | | | | | | | | Bug 27046057 Change-Id: Iede7c92e59e60795df1ec7768ebafd6b090f1c27
| * Sanity check IMemory access versus underlying mmapChristopher Tate2016-02-261-3/+15
| | | | | | | | | | | | Bug 26877992 Change-Id: Ibbf4b1061e4675e4e96bc944a865b53eaf6984fe
| * BQ: Add permission check to BufferQueueConsumer::dumpPablo Ceballos2016-02-261-1/+15
| | | | | | | | | | | | Bug 27046057 Change-Id: Id7bd8cf95045b497943ea39dde49e877aa6f5c4e
* | Merge tag 'android-6.0.1_r24' into HEADJessica Wagantall2016-04-052-4/+31
|\ \ | | | | | | | | | | | | Ticket: CYNGNOS-2213 Android 6.0.1 release 24
| * | Add SN loggingPablo Ceballos2016-03-011-0/+1
| | | | | | | | | | | | | | | | | | Bug 27046057 Change-Id: Iede7c92e59e60795df1ec7768ebafd6b090f1c27
| * | Sanity check IMemory access versus underlying mmapChristopher Tate2016-03-011-3/+15
| | | | | | | | | | | | | | | | | | Bug 26877992 Change-Id: Ibbf4b1061e4675e4e96bc944a865b53eaf6984fe
| * | BQ: Add permission check to BufferQueueConsumer::dumpPablo Ceballos2016-03-011-1/+15
| | | | | | | | | | | | | | | | | | Bug 27046057 Change-Id: Id7bd8cf95045b497943ea39dde49e877aa6f5c4e
| * | IGraphicBufferProducer: fix QUEUE_BUFFER info leak am: d06421fd37 am: ↵Robert Shih2016-01-151-0/+1
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 413318311c am: dc9ec35294 am: 9d959e2755 am: edb7c81a1b am: 2a7a1247cb * commit '2a7a1247cb4829daaaa4e6a6ee3e670cd2f068bf': IGraphicBufferProducer: fix QUEUE_BUFFER info leak
| | * \ IGraphicBufferProducer: fix QUEUE_BUFFER info leak am: d06421fd37 am: ↵Robert Shih2016-01-151-0/+1
| | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 413318311c am: dc9ec35294 am: 9d959e2755 am: edb7c81a1b * commit 'edb7c81a1b99d2456910b03db9e4ac250eac2fab': IGraphicBufferProducer: fix QUEUE_BUFFER info leak
| | | * \ IGraphicBufferProducer: fix QUEUE_BUFFER info leak am: d06421fd37 am: ↵Robert Shih2016-01-151-0/+1
| | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 413318311c am: dc9ec35294 am: 9d959e2755 * commit '9d959e275561bcace3aab1f9df009c6c880003fa': IGraphicBufferProducer: fix QUEUE_BUFFER info leak
| | | | * \ IGraphicBufferProducer: fix QUEUE_BUFFER info leak am: d06421fd37 am: 413318311cRobert Shih2016-01-151-0/+1
| | | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: dc9ec35294 * commit 'dc9ec35294b8ec6b6c349b826edc9b44f4ddb96d': IGraphicBufferProducer: fix QUEUE_BUFFER info leak
| | | | | * \ IGraphicBufferProducer: fix QUEUE_BUFFER info leak am: d06421fd37Robert Shih2016-01-151-0/+1
| | | | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: 413318311c * commit '413318311c8cc356dd7e0837ce26e937a9f4c56a': IGraphicBufferProducer: fix QUEUE_BUFFER info leak
| | | | | | * \ IGraphicBufferProducer: fix QUEUE_BUFFER info leakRobert Shih2016-01-151-0/+1
| | | | | | |\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: d06421fd37 * commit 'd06421fd37fbb7fd07002e6738fac3a223cb1a62': IGraphicBufferProducer: fix QUEUE_BUFFER info leak
| | | | | | | * | IGraphicBufferProducer: fix QUEUE_BUFFER info leakRobert Shih2016-01-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 26338109 Change-Id: I8a979469bfe1e317ebdefa43685e19f9302baea8
| * | | | | | | | IGraphicBufferConsumer: fix ATTACH_BUFFER info leak am: dded8fdbb7 am: ↵Robert Shih2016-01-151-1/+1
| |\ \ \ \ \ \ \ \ | | |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 7ee203b59d am: dc252255af am: 202aaa8f97 * commit '202aaa8f97083b68c0a736f4cd432f61c9b0989d': IGraphicBufferConsumer: fix ATTACH_BUFFER info leak
| | * | | | | | | IGraphicBufferConsumer: fix ATTACH_BUFFER info leak am: dded8fdbb7 am: ↵Robert Shih2016-01-151-1/+1
| | |\ \ \ \ \ \ \ | | | |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 7ee203b59d am: dc252255af * commit 'dc252255af835bb3a69bc9a0d01da12419c0fc05': IGraphicBufferConsumer: fix ATTACH_BUFFER info leak
| | | * | | | | | IGraphicBufferConsumer: fix ATTACH_BUFFER info leak am: dded8fdbb7Robert Shih2016-01-151-1/+1
| | | |\ \ \ \ \ \ | | | | |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: 7ee203b59d * commit '7ee203b59d9a74d485ce2fdfd07e96b2d10ff23b': IGraphicBufferConsumer: fix ATTACH_BUFFER info leak
| | | | * | | | | IGraphicBufferConsumer: fix ATTACH_BUFFER info leakRobert Shih2016-01-151-1/+1
| | | | |\ \ \ \ \ | | | | | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: dded8fdbb7 * commit 'dded8fdbb700d6cc498debc69a780915bc34d755': IGraphicBufferConsumer: fix ATTACH_BUFFER info leak
| | | | | * | | | IGraphicBufferConsumer: fix ATTACH_BUFFER info leakRobert Shih2016-01-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 26338113 Change-Id: I019c4df2c6adbc944122df96968ddd11a02ebe33
| | * | | | | | | add number constraint for samples per MotionEvent am: 5d17838ade am: ↵Flanker2015-10-221-1/+2
| | |\ \ \ \ \ \ \ | | | |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 72c8ca4a01 am: 9964d83869 am: 90dc6dc825 am: 9830f11dc6 * commit '9830f11dc6b6aa4001c79147966fdb9eaa71c2f2': add number constraint for samples per MotionEvent
| | | * | | | | | add number constraint for samples per MotionEvent am: 5d17838ade am: ↵Flanker2015-10-221-1/+2
| | | |\ \ \ \ \ \ | | | | |/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 72c8ca4a01 am: 9964d83869 am: 90dc6dc825 * commit '90dc6dc825ebd1f0f4c9474fad887cd7eac8e9bd': add number constraint for samples per MotionEvent
| | | | * | | | | add number constraint for samples per MotionEvent am: 5d17838ade am: 72c8ca4a01Flanker2015-10-221-1/+2
| | | | |\ \ \ \ \ | | | | | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: 9964d83869 * commit '9964d83869565cf4dda432129cfe50f6ede19338': add number constraint for samples per MotionEvent
| | | | | * | | | add number constraint for samples per MotionEvent am: 5d17838adeFlanker2015-10-221-1/+2
| | | | | |\ \ \ \ | | | | | | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: 72c8ca4a01 * commit '72c8ca4a0191827fd3265c0820b685a6cf420be1': add number constraint for samples per MotionEvent
| | | | | | * | | add number constraint for samples per MotionEventFlanker2015-10-221-1/+2
| | | | | | |\ \ \ | | | | | | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: 5d17838ade * commit '5d17838adef13062717322e79d4db0b9bb6b2395': add number constraint for samples per MotionEvent
| | | | | | | * | add number constraint for samples per MotionEventFlanker2015-10-201-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug:23905002 Signed-off-by: Adam Lesinski <adamlesinski@google.com> (cherry picked from commit 552a8a5d8df32f659b8d11311a244cdc6d3b7733) Change-Id: I9b7ea859889b7697bee4165a2746602212120543
| | | | * | | | | am 18165848: am e2c4f4fb: am c1e6fbb5: Initialize local variables to avoid ↵Naveen Leekha2015-09-241-2/+2
| | | | |\ \ \ \ \ | | | | | |/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | data leak * commit '18165848e86feab8656bfdac3173bccf45a9a6df': Initialize local variables to avoid data leak
| | | | | * | | | am e2c4f4fb: am c1e6fbb5: Initialize local variables to avoid data leakNaveen Leekha2015-09-241-2/+2
| | | | | |\ \ \ \ | | | | | | |/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit 'e2c4f4fb8b34e36a4f2760f3812c942604cabfb6': Initialize local variables to avoid data leak
| | | | | | * | | am c1e6fbb5: Initialize local variables to avoid data leakNaveen Leekha2015-09-241-2/+2
| | | | | | |\ \ \ | | | | | | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit 'c1e6fbb52c3f85cc7610d1d07d12be38f70b4ed4': Initialize local variables to avoid data leak
| | | | | | | * | Initialize local variables to avoid data leakNaveen Leekha2015-09-221-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The uninitialized local variables pick up whatever the memory content was there on stack. This data gets sent to the remote process in case of a failed transaction, which is a security issue. Fixed. (Manual merge of master change 12ba0f57d028a9c8f4eb3afddc326b70677d1e0c ) For b/23696300 Change-Id: I665212d10da56f0803b5bb772d14c77e632ba2ab
| | | | | | * | | am bb686c25: Disregard alleged binder entities beyond parcel boundsChristopher Tate2015-07-021-1/+1
| | | | | | |\ \ \ | | | | | | | |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | * commit 'bb686c25b214edadd1830abd056db2d570d716ff': Disregard alleged binder entities beyond parcel bounds
| | | | | | | * | Disregard alleged binder entities beyond parcel boundsChristopher Tate2015-06-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When appending one parcel's contents to another, ignore binder objects within the source Parcel that appear to lie beyond the formal bounds of that Parcel's data buffer. Bug 17312693 Change-Id: If592a260f3fcd9a56fc160e7feb2c8b44c73f514 (cherry picked from commit 27182be9f20f4f5b48316666429f09b9ecc1f22e)
* | | | | | | | | Merge tag 'android-6.0.1_r17' into HEADJessica Wagantall2016-03-072-1/+2
|\ \ \ \ \ \ \ \ \ | | |_|_|_|_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | Android 6.0.1 release 17 Ticket: CYNGNOS-1854
| * | | | | | | | IGraphicBufferProducer: fix QUEUE_BUFFER info leakRobert Shih2016-01-221-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 26338109 Change-Id: I8a979469bfe1e317ebdefa43685e19f9302baea8
| * | | | | | | | IGraphicBufferConsumer: fix ATTACH_BUFFER info leakRobert Shih2016-01-221-1/+1
| |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bug: 26338113 Change-Id: I019c4df2c6adbc944122df96968ddd11a02ebe33
* | | | | | | | binder: MemoryHeapIon: Fix size_t vs integer formatting mismatchChristopher N. Hesse2016-02-201-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I58e4ce885bce5fc11f3e36f50a1060b682b4a512
* | | | | | | | sensor: Skip additional permission request checksMatt Filetto2015-12-211-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Some legacy Samsung HALs supporting BODY_SENSOR types are incompatible with the new permission checks added in M. Extend the NO_SENSOR_PERMISSION_CHECK flags to cover more of the actual checks. Change-Id: Id2b9b57d8151b0998d9233e0a6541e8c88e06af7
* | | | | | | | sensor: Allow devices to skip the permission requestChristopher N. Hesse2015-12-182-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is needed by Samsung devices with pre-M sensor blobs which have support for SENSOR_TYPE_HEART_RATE or body sensors in general. These HALs somehow segfault on the flagged code. Change-Id: I698f4129e71b683f6f063f00da79f32a5f521149
generated by cgit v1.1 at 2024-05-08 22:08:21 +0000