Age | Commit message (Collapse) | Author |
|
We close the android logging related sockets prior as late as possible
before every fork to avoid having to whitelist them. If one of the
zygote's children dies after this point (but prior to the fork), we can
end up reopening the logging sockets from the SIGCHLD signal handler.
To prevent this from happening, block SIGCHLD during this critical
section.
Bug: 32693692
Test: Manual
(cherry picked from commit e9a525829a354c92983a35455ccab16d1b0d3892)
Zygote: Unblock SIGCHLD in the parent after fork.
Follow up to change e9a525829a354c92983a. Allows the zygote to
receive SIGCHLD again and prevents the zygote from getting into a
zombie state if it's killed.
Contributed-By: rhed_jao <rhed_jao@htc.com>
Bug: 32693692
Test: manual
(cherry picked from commit c7161f756e86b98f2244a04d9207b47149965fd7)
Change-Id: If89903a29c84dfc9b056f9e19618046874bba689
(cherry picked from commit dfcc79ee8ecd4166cba19be7493c6175cb0c65a9)
|
|
Fix a idmap leak in AssetManager::addSystemOverlays.
And, The fix could also prevent fd leak of idmap.
Test: none
Bug: 32691930
Signed-off-by: Hyangseok Chae <neo.chae@lge.com>
(cherry picked from commit 6a742a38509693f8b39ee9a5ad2803fca12688bf)
Change-Id: Idc4af77db2b0cb739bd6b009b6af0f9123be1aac
(cherry picked from commit 0244ca8d10dfc27e14f481fe649b89f7638c48eb)
|
|
On M and below, we provide a blanket whitelist for all files under
"/vendor/zygote_whitelist". This path is whitelisted purely to allow
this patch to be applied easily on legacy devices and configurations.
Note that this does not amount to a loosening of our security policy
because whitelisted files are reopened anyway.
Bug: 32691930
Test: manual
Change-Id: If5b53f6f0a707f8d36603c09bfd3f72dbfbbbb99
(cherry picked from commit 5e2f7c6229d7191183888d685b57a7d0a2835fce)
|
|
Partially cherry picked from commit 1c15c635785c64a.
These files are safe to reopen for the same reason that files in
/system/framework are. They're regular files and will not change after
the first zygote fork.
Bug: 32618130
Change-Id: I119e0bfcbf397cb331064adf148d92a5cd3ea92f
(cherry picked from commit 25cd01cc69fcad34756b00e52a79c0c54178f2e6)
|
|
When a public (vfat) device is inserted, it's strongly associated
with the current foreground user, and no other users should be able
to access it, since otherwise that would be a cross-user data leak.
To use the device under a different user, switch users and then
eject/remount the device.
Test: verified user isolation of USB drive
Bug: 32523490
Change-Id: I590c791996f1fea8d78f625dc942d149f1f41614
(cherry picked from commit 8b38d083c42e2706e1ff5a1410fa61d1f5dea3f5)
|
|
Test: unit test passes
Bug: 31850211
Change-Id: I47f9db1f2c50ccd4fc90b80a9ffc1e9e43078f5f
(cherry picked from commit a0289894718c230c746f7e85207d30fee431dab8)
|
|
This patch adds an explicit check in the DHCP packet parser for
rejecting packets without a magic cookie, instead of relying on the
top-level try-catch-all in the parser.
This allows to add to DHCP error metrics this specific error.
It also allows to add two poor man's fuzzing tests that tries to find
additional gaps in the DHCP packet parser by
- trying to parse all subslices of a valid offer packet.
- trying to parse random byte arrays.
Test: covered by previously introduced malformed DHCP packet unit tests
+ additional fuzzing tests.
Bug: 31850211
Change-Id: If53c9ba9df78d7604ec018c9d67c237ae59c4833
(cherry picked from commit 006e0613016c1a0e0627f992f5a93a7b7198edba)
|
|
Fix merge conflict into nyc-mr1-security-a-release
This patch adds a try catch all to DHCP packet parsing so that
DhcpClient does not choke on malformed packets, brinding down with it
the whole framework.
Test: added new unit tests catching the issue fixed in this patch.
Bug: 31850211
Change-Id: I3c50a149fed6b2cbc4f40bb4f0e5bb2b56859b44
(cherry picked from commit 1af48bbbabdf276b7e7a5a86b28f67332ae6b04d)
(cherry picked from commit 78325d1d7e2a616a686ea56fb3245d7e22b6eeab)
|
|
A second attempt to fix the upgrade problem due to SID == 0
in the above upgrade path. The previous fix contains a bug
where it would cause future attempts to unify work challenge
to silently fail, and crash SystemUi when unlocking.
This fix adds a check for non-zero SID before doing the initial work
profile unification (which caused the upgrade crash when SID == 0).
This means the initial work profile unification would only happen when
the user has unlocked the lockscreen and SID is generated.
Bug: 32490092
Bug: 33050562
Change-Id: Ib28951b2ec26b4f091df7763d9902f55616fcb5c
(cherry picked from commit bfc7faaf353ea75ab04e986edbc79478679d40f6)
|
|
This reverts commit c8fa5ed8f2d492aa5e005fcdb5991c3f980de045.
Change-Id: Ia1425e649e102cb79280d75e5f49db670214cec3
(cherry picked from commit e61672ab087df4857a4f0923258b945800046589)
|
|
When device upgrades from L->N, sid(in gatekeeper) could be 0
even primary profile screenlock is set.
We are now trying to catch the exception so when sid==0 happens,
it will try to tie profile lock again when primary profile is unlocked.
Bug: 32490092
Change-Id: I73011d872ac15e7e09be9bda0165cf7f6a75493a
(cherry picked from commit c8fa5ed8f2d492aa5e005fcdb5991c3f980de045)
|
|
The emergency call was not launched in the current user
and therefore was only launching once the user had switched.
Change-Id: If6f3bcf77d88a0658b6e0f91f7e4da5d6264b04f
Fixes: 32424103
Test: manual: switch to secondary user and launch emergency affordance
(cherry picked from commit b8a7f78d242cafb0c3ec10868c28583e8aacdf7a)
|
|
|
|
When device upgrades from L->N, sid(in gatekeeper) could be 0
even primary profile screenlock is set.
We are now trying to catch the exception so when sid==0 happens,
it will try to tie profile lock again when primary profile is unlocked.
Bug: 32490092
Change-Id: I73011d872ac15e7e09be9bda0165cf7f6a75493a
(cherry picked from commit c8fa5ed8f2d492aa5e005fcdb5991c3f980de045)
|
|
The emergency call was not launched in the current user
and therefore was only launching once the user had switched.
Change-Id: If6f3bcf77d88a0658b6e0f91f7e4da5d6264b04f
Fixes: 32424103
Test: manual: switch to secondary user and launch emergency affordance
(cherry picked from commit b8a7f78d242cafb0c3ec10868c28583e8aacdf7a)
|
|
Test: docs only, no test apart from verifying that it builds
Bug: #32158219 clean up InputConnection.commitContent() javadocs
Change-Id: I9b438d6b14aa8bc868fe41f7e0fe22b0e83800fb
(cherry picked from commit 5c0af8876468869f21baa204c498f0c975553bf3)
|
|
The setting apps' version code is 25 for both DR and MR1, so the
shortcut manager will not notice when it's changed.
Let's just always scan this app.
Bug 32554059
Change-Id: Ia05363b30a5eeb989dc4c44cf5dbd71cde96de96
(cherry picked from commit ac2898228edea493c76287338adf6dd8ca21303a)
|
|
Calculate size of installed APKs only when INSTALL_EXTERNAL flag is set.
calculateInstalledSize is expensive and may take up to 20% of total
installation time.
Bug: 32180551
Bug: 29932779
Change-Id: I173d2b38820cc86cbfacecd1bacef57369d10af7
(cherry picked from commit b87a491de63069fb903c95727f57511c7e4eeaa0)
|
|
We never unbind, so we only ever need one bind request; creating more
bind requests just wastes resources.
Test: builds
Bug: 32446301
Change-Id: I7d6c4a93b8f5bb8d9aed7a5041b193e19a2d65fc
(cherry picked from commit 7765d7320d8435a0e814d9f10039c7866f9d76a2)
|
|
Enabling BLE in airplane mode puts BluetoothManagerService in an
unexpected state which causes Bluetooth to be on when airplane mode
is disabled.
Also fixes a bug where a crash of a BLE client would trigger a restart
into ON mode.
Test: SL4A BleBackgroundScanTest:test_airplane_mode_disables_ble
Bug: 32140251
Bug: 32140271
Bug: 32369494
Change-Id: Ie65157e65c3a1ca914f567a7a0c631175d1e5835
(cherry picked from commit bd93b7b3dc6141cef6236cf0ca7dcc5acf5bfeed)
(cherry picked from commit a80d745c656f1e09aa9331002f613883220ca029)
|
|
Apps on the system image can change their package by declaring
their old one in the manifest. If a package is renamed it is
internally referred by its old name.
The reconciliation code was using the new package name for
renamed packages and was concluding the apk is orphaned thus
deleting it. This puts the package in a bad state where the app
is gone and the version on the system partition is disabled.
Also Play was showing an update for a renamed system app as
an install while it is an update because of the same reason,
it was using the new package name while the app is internally
referred by the old one.
The fix for both above is to internally normalize the package
name by using the old one if the package was renamed or the
package name as is.
Test: With the fix put the old calculator on the system image
and booted, then put the renamed calculator and booted, updated
calculator from play and rebooted - calculator keeps working.
Also did the above steps without the patch to put calculator
in a bad state and flashed the system with the patch which
fixed the broken calculator app.
bug:32321269
Change-Id: I98bfc05c399edfc9854ebcce44182fefa55ceeff
(cherry picked from commit e2c85890ac3941525288e08962b33d30618de801)
|
|
|
|
|
|
nyc-mr1-dev
|
|
The split ambient settings default to on - which is a bad experience
if the user explicitly turned it off before the split.
Change-Id: Id80d62727952f63b363f87c19b5befbde8ab5c31
Merged-In: I986d35a1a28e97f4c8d7d3d47ed5658e1836a44f
Merged-In: I346a53b0dc9cdf578c238113f4f33056ba0f3aea
Fixes: 32332195
Test: Flash angler to NYC, disable ambient, upgrade to NYC-MR1, check if "Lift to check phone" is still off.
|
|
am: fb4f5497b7
Change-Id: I1c550fa22586145ec949fe54ef727be814624340
|
|
am: afbf16f908
Change-Id: I6fa42074ba2fe6019f0bf817a7b21650d2a0dd43
|
|
|
|
|
|
|
|
b/31781348
Change-Id: I7e374dcec975ba45b03f1cde656a438f986c5093
|
|
Change-Id: I9b8b5245f61dbab513ee5de6ff9c71b2bd41f3ab
Auto-generated-cl: translation import
|
|
|
|
Change-Id: I8fe6b5f09b7c3daf9c630b5c36d02199248c11b3
Auto-generated-cl: translation import
|
|
9748d76be9
am: e8e196d007
Change-Id: I3d804611d1290eb6cf0fa525e492864220fb85fa
|
|
am: 9748d76be9
Change-Id: I976128eb4c14ee2587c9cfa9c34f4b3dc006aa38
|
|
If we call it before, SystemUI will not dismiss the Keyguard as
it is still occluded in that state.
Change-Id: I15cf9cc43b9a2b747bfd224a6dfbd769eee19d69
Fixes: 32202560
|
|
Bug: 32357457
Change-Id: I8f2b8dae5472cb81313417e85c092dca0aae5bd9
|
|
Updated Update startService() and bindService() docs to mention that they
no longer support implicit intent. And mentioned that the Intellegent
job scheduling is now the preferred method for launching services.
We also performed a copy edit, implementing Google styles.
Bug: 18333456
Change-Id: I2b2ec666be870aea15045d30fbc822256d1b9a81
|
|
|
|
nyc-mr1-dev
|
|
|
|
|
|
|
|
Change-Id: Ia238fb87c9c8be76cbadfbec1956b629414a3c48
Auto-generated-cl: translation import
|
|
Change-Id: I3d5eae9008ead575fda0db5acbd233b4a9cf7273
Auto-generated-cl: translation import
|
|
|
|
Change-Id: I42fdca60536425c757759414ac812b20e0b42823
Fixes: 32071681
|
|
This makes the policy for mixed HTTP/HTTPS content match Chrome.
This allows us to display login pages where unimportant
subresources are HTTP.
Bug: 32171569
Change-Id: Ic8bc1440f1f26898ddbc0984fd1ddd2155c9588b
|
|
Properly account for VPN apps that make heavy use of the tun
interface. Prior to this change a VPN app could be incorrectly charged
for more data than it actually used if it sent more traffic through
the tun interface than the underlying interface.
This change excludes VPN app traffic on the tun interface from the
adjustment pool and doesn't redistribute traffic to the VPN app.
Instead all of the redistributed traffic is deducted from the VPN app
which effectively represents any overhead incurred by the VPN app.
BUG: 30557871
Change-Id: I62a75a0c0c0111e052b7903baa9f5d6d94ef57fd
|