Age | Commit message (Collapse) | Author |
|
|
|
|
|
Prevent sending media key events from the non-system app to the global
priority session through the MediaSessionManager.dispatchMediaKeyEvent().
Note that any app can use the API indirectly with
the public API AudioManager.dispatchMediaKeyEvent().
Bug: 29833954
Tested: Installed malicious apps and confirmed that they don't work.
Tested: Run CtsTelecomTestCases and CtsMediaTestCases
Change-Id: I2a9e78196ba7455324e485f098f095d03b47ee15
(cherry picked from commit 09c3df004bad9343092e377a7e74e11f9635734a)
|
|
Bug: 30100884
Change-Id: I8fa379a74b5d9467b5b9498bd18de2a043963c6f
(cherry picked from commit baae57ab24db7d3b0bf7f84c05954173f1ee15fe)
|
|
am: 9c1cb7a273 am: 6634e90ad7
am: 66ee2296a9
Change-Id: Ib0023b44e521b936ab2f9450ad367b1feda64492
(cherry picked from commit d37eb7646581a2ffc68b11ccb67e3457716d878e)
|
|
Bug: 30568284
Change-Id: I0b613f8ce0f014320c5ac1bf445699ea2702a0a2
(cherry picked from commit dddc438e97509a858319e91988908b27085792d6)
|
|
Don't hold mPidsSelfLocked lock when calling
cleanUpApplicationRecordLocked.
Bug: 31463143
Change-Id: I421962cbfd7c466662edcef805c3e27321dc5a98
(cherry picked from commit 67e05b4d28bb63974f88f6abaf8b3636215c9511)
|
|
with system key and have get_password permission.
Bug: 30455516
Change-Id: I78484c59e4de1dff685ab91a0a8e7a756fffd9bf
(cherry picked from commit 9342e137c68e9d31e61b774f7a6583ed5f8353f9)
|
|
Bug: 31350622
Change-Id: I6d3f9faec32d54360caa6706d17405e20b50966c
(cherry picked from commit aa394dd42c049479bface1991f11b863dc1a0922)
|
|
setPairingConfirmation was set to only require BLUETOOTH_ADMIN
permission which shouldn't be able to set the confirmation itself.
This is restricted to BLUETOOTH_PRIVILEGED permission.
Bug: 29043989
Change-Id: I887de32d156e672ec44aa0b286cd7ea7f9f8ad55
(cherry picked from commit 93326cfd9fb8a20081baa9b975275772798cfd80)
|
|
change
ExifInterface object can be created with a unsupported file format.
If saveAttribute is called with an unsupported file format, ExifInterface
makes the file corrupted. This CL prevents those cases by throwing
an exception before making any change on the file.
Bug: 30936376
Change-Id: I115a42601c774062485974042464abb0d65c35e9
(cherry picked from commit a8f9a075b14c526a0de75c2ade81ebc4e05e4ef8)
(cherry picked from commit 56ea7b490107e4531ab4db6f74671c34b5c59fd3)
|
|
This is the backport of the following commits :
Reopen whitelisted zygote file descriptors after a fork.
We don't want these descriptors to be shared post-fork, so we'll
have to close and reopen them when the zygote forks. The set of
open descriptors is checked against a whitelist and it is a fatal
error if a non whitelisted FD is opened. It is also a fatal error
if anything other than a regular file / character device or socket
is opened at the time of forking.
This work is done in two stages :
- An initial list of FDs is constructed and cached prior to the
first zygote fork.
- On each subsequent fork, we check whether the list of open FDs
has changed. We are currently tolerant of changes, but in the
longer term, it should be a fatal error if the set of open file
descriptors in the zygote changes.
- Post fork, we traverse the list of open descriptors and reopen
them if necessary.
bug: 30963384
(cherry picked from commit c5f27a7cb2ec816f483a65255034a1b57a8aa221)
Fix clang build breakage (-Werror -Wformat).
Use %zd for size_t. Note that this will break only on (-plus-)aosp because
clang is disabled on the N development branches.
bug: 30963384
(cherry picked from commit b334c33d65894f5ca9833fa55c3a1cf75e01c497)
Add a whitelist of sockets on fork.
Maintain a whitelist of AF_UNIX sockets that are permitted
to exist at the time of forking. If an open socket does not belong
to the whitelist (or is not AF_UNIX), the process will abort. If an
open socket is whitelisted, it will be redirected to /dev/null after
a sucessful fork. This allows us to unify our handling of the special
zygote sockets (/dev/socket/zygote[_secondary]) with the existing
whitelist of non socket file descriptors.
This change also removes non-fatal ALOGW messages since they have the
side effect of reopening the logging socket.
bug: 30963384
(cherry picked from commit 3764a260f0c90dcb323caeda14baf903cc108759)
fd_utils: Remove whitelist for "/dev/pmsg0".
We're now calling __android_log_close prior to a fork, so this file
shouldn't need to be open.
bug: 31243313
bug: 30963384
(cherry picked from commit 8dee0541904e4f792cdebdee4f23f768561cb276)
fd_utils: Fix broken usage of iterators.
There were two separate issues here :
- RestatInternal was using an iterator after a call to erase(). This
will not work because it will be invalidated.
- The "standard" for loop idiom for iterating over a map while making
structural changes to it is broken. Switch to a while loop and treat
cases where elements are erased differently from cases where they
aren't.
bug: 31092930
bug: 30963384
(cherry picked from commit 0b76d6a28e6978151bf245a775329cdae5e574d5)
add dri device to zygote whitelisted FDs
The driver can be used just like /dev/ion for graphic buffers.
(cherry picked from commit 8977e424ee2d6d85fec419532ae510131aa88c45)
(cherry picked from commit a1252ccbdbae686cb41e7efba769c4935f664220)
|
|
Bypassing work challenge in freeform mode was trivial by just keeping
work apps open in freeform mode and then switching focus to them from
another app.
Because the only interception point is startActivity this never
triggered work challenge.
The solution is to trigger the check on focus change events and also to
allow passing the result back into the freeform stack instead of dumping
our user out into the homescreen.
Change-Id: I141ecf90b5f0e708a21d27141b6fec6074e5d475
Fix: 30693465
(cherry picked from commit 0737c2b4c2ae6415eced00926235f848d1957bae)
|
|
Fix Merge Conflict into nyc-release
We can no longer return the "my_downloads" paths: if those Uris were
shared beyond the app that requested the download, access would be
denied. Instead, we need to switch to using "all_downloads" Uris so
that permission grants can be issued to third-party viewer apps.
Since an app requesting a download doesn't normally have permission
to "all_downloads" paths, DownloadProvider now issues narrow grants
toward the owner of each download, both at device boot and when new
downloads are started.
Bug: 30537115, 30945409
Change-Id: I533125b36444877f54373d88922f2acc777e250b
|
|
injected.
-Can potentially crash system with OOM.
Bug: 29555864
Change-Id: I7157f48dddf148a9bcab029cf12e26a58d8054f4
(cherry picked from commit 79375723f0f201a6759ddbfda57d491ff3fea64e)
|
|
This fixes a bug where it was possible to authenticate the wrong user.
We now bind the userId when we start authentication and confirm it when
authentication completes.
Fixes bug 30744668
(Cherry pick from Change-Id: I346d92c301414ed81e11fa9c171584c7ae4341c2)
Change-Id: I3584790c39eb2e8c435ad1b2d887bf9b8ebd36fe
(cherry picked from commit 837d052ed4b5b75dfd4af44f5ad268e683bf2e13)
|
|
Fixes bug 30003944
Change-Id: I8700d4424c6186c8d5e71d2fdede0223ad86904d
(cherry picked from commit 2d71384a139ae27cbc7b57f06662bf6ee2010f2b)
|
|
Fix for accidental launch of a broadcast receiver in an
incorrect app instance.
Bug: 30202481
Change-Id: I8ec8f19c633f3aec8da084dab5fd5b312443336f
(cherry picked from commit 55eacb944122ddc0a3bb693b36fe0f07b0fe18c9)
|
|
Changing the service side to accept descriptions of
motion events, not motion events themselves, so we can
control their creation.
Bug: 30647115
Change-Id: Ia6772a1fc05df91818e3f88959d1e2b4a35fe0cc
(cherry picked from commit a8918f23c712e97fa1dc4911f64827d64fc906e5)
(cherry picked from commit 157f416a3549420bd109dbc4931b437089e22d04)
|
|
Don't write partial requests, and don't return (or throw) early after
partially reading a response.
bug: 30143607
Change-Id: I5881fdd5e81023cd21fb4d23a471a5031987a1f1
(cherry picked from commit 448be0a62209c977593d81617853a8a428d013df)
|
|
Bug: 29189712
Bug: 30317026
Bug: 30235113
Change-Id: I899f13898773483ee627a974d70173b5aa962e9a
|
|
Change-Id: Id9748ea39a8fa03b67d3fa6f91da530dd5cf9409
Fixes: 30107438
|
|
Bug: 29900345
Change-Id: Id3b4472b59ded2c7c29762ddf008ee8486009dbb
|
|
Test: ran libaapt2_tests64
Bug: 29250543
Change-Id: I1ebc017af623b6514cf0c493e8cd8e1d59ea26c3
(cherry picked from commit 4781057e78f63e0e99af109cebf3b6a78f4bfbb6)
|
|
restriction is set
Fix: 29899712
Change-Id: I38cc9d0e584c3f2674c9ff1d91f77a11479d8943
(cherry picked from commit 9c7b706cf4332b4aeea39c166abca04b56685280)
|
|
- Prevent external tiles from system apps
- Disable help
Bug: 29194585
Change-Id: I92da498110db49f7a523d6f775f191c4b52a4ad6
|
|
Bug: 29421441
Change-Id: Ia0a7b06112dde1c925ec3232f50bf4d90b17b5e5
(cherry picked from commit 0cd1b789567b60b963fc7b8935e898ea0e61a617)
|
|
If we enter multi-window mode or load WebView
assets into a Resources object, then the underlying
AssetManager instance may change.
crbug.com/627586
Bug:30118654
Change-Id: I837637bdad5370809db7f060d7d8536b536cad9e
|
|
Bug: 29342399
Bug: 28901867
Change-Id: Ib2049566582aa08783ff588dd25afef4e1c0b5e2
(cherry picked from commit a03dc2b5eb94a906eeeda5bf0afbcfb60588abb4)
|
|
Dumping stack traces can be extremely expensive, and doing so for
background applications often has extremely negative side effects for
foreground applications. This can be exacerbated by resource-intensive
applications, because those may exhibit thermal throttling in the first
place. For such applications, the additional performance hit caused by
stack dumps may be catastrophic.
Instead, don't dump stack traces for background ANRs except for the app
that actually ANR'd.
bug 30112521
Change-Id: I8a05059343254861c436a193690cd1c50a95d674
|
|
bug:30032790
Change-Id: I8553af0d0b0d59fea6535d03479c4e7134a9f4f9
|
|
Make sure that camera shutter sound is played in
total silence DND mode when enforced by country
regulation.
Bug: 29973005
Change-Id: I208f7ae5b07777eac48597f68feae6358999b2c3
|
|
We use 'this' for synchronization in NameValueCache but some code
that accesses the generation registry uses 'this' in a different
context ending up syncing on the wrong instance. This is why
sync on this is just a bad idea.
bug:29956424
Change-Id: Ide2d4f07a5f40cb3f0e8f50e4c8de216d15a31ee
|
|
Bug: 29927488
Change-Id: I3b705c2ab0d1493546ffa5185bb5b07d5e25c897
|
|
In some circumstances wallpaper-related files are moved into position,
and must then take proper effect. Make sure that they have the
correct SELinux labels afterwards to avoid preventing some valid
accesses.
Bug 29469965
Change-Id: I6d7c86be63d568fa0ad8841d109a7ff2149fdd54
|
|
append() is used to optimized insertions in the array, but it must
preserve the order of the hashcode array; when it doesn't, it falls back
to append(), but it should not log a warning message
In particular, PendingIntentRecords might have different hashcodes
across different processes.
Fixes: 29912192
Change-Id: I0ab566249829ddb934fd51cf21399b68cb286bd5
|
|
In another word, create another cached bitmap, when the current VectorDrawable
will look differently when state changed.
Bug: 29870392
Bug: 29854240
Change-Id: I7a5ef91091e547a930368286defc7ab96aeb9471
(cherry picked from commit 4f1acfb5f507798daaff2ff0da47d2b15607ded4)
|
|
Fixes a case where notification header text could go missing
if a notification view was recycled and previously had a header text.
Reapplying only hid the text without clearing it, so the extraction
logic thought it was still there and hid the text for the children
even though it was not showing for the parent.
Change-Id: I3f96e1e7bebb2f815020d278ad13b2b5d948e63c
Fixes: 29915184
|
|
Bug: 29865091
Change-Id: Ic4e3b50571034f341aff2c2fbf2c349342622448
|
|
Preserves API 23 behavior.
Bug: 29872769
Change-Id: I514cde81dcca4d78238f407251805cced4c0bea1
|
|
In extreme cases the list of recent tasks can grow beyond the size
of a single Binder transaction. This change moves over to
ParceledListSlice which handles chunking any large results.
Bug: 29635557
Change-Id: Iaf1227234f5f8c9451f73a6a5c1dc89f2067f05f
|
|
BUG: 28719274
BUG: 28764678
Change-Id: Ib17d3feda8997ce5b29060bff47d51f503c868dc
|
|
Change-Id: I0034b1681158b9a010d01fb0fcbe7990d9038c1f
|
|
Bug: 29854240
Change-Id: Icc58d04ad6f471d05b085a9089893e4f7205eb7d
|
|
|
|
|
|
In the past, if an app never renders to a SurfaceView, it will be
invisible despite having FLAG_OPAQUE. This means an app could leave a
totally empty SurfaceView (never drawing in to it) on top of a second
SurfaceView, and expect the second one to be visible. This is probably
buggy app behavior because FLAG_OPAQUE means if they ever draw anything at all
in to the top SurfaceView the bottom one will become totally invisible.
However this has worked in the past, so we have to preserve things for
apps. To accomplish this we ensure only the bottom most visible
SurfaceView for a given AppToken will receive a background. We achieve
this by synchronizing through the app token whenever visibility or
layering of a SurfaceView changes.
Bug: 29580298
Change-Id: I0023326323cb961b56404fd49093384e7b72aa54
|
|
|
|
Bug: 29320695
Change-Id: I14b5127b218597f3c32e647e0443a88b5a708ce1
|
|
|