| Age | Commit message (Collapse) | Author |
|---|
|
pi-platform-release
Change-Id: I5b1dc16c0696ce8452f8798e68fe417d7533c5df
|
|
pi-platform-release
Change-Id: I77f90a13ae9a3897eeffcc49b91ab9088f5d8001
|
|
pi-platform-release
Change-Id: I3b3671176a1bcb52a6a1efa8b295ac03b0ce7241
|
|
Change-Id: I86ec97700963540f7ce9686e7ac0151812e58a8b
|
|
Checking APK file modified timestamps is not a reliable signal to
determine that the APK signature may have changed. APKs in the system
image (anything that passes through add_img_to_target_files) have all
file timestamps rewritten to 2009-01-01, for instance, so timestamp will
explicitly fail to detect changes in the platform key across an OTA.
Bug: 80093599
Bug: 74501739
Test: Verified OTA between test-keys and dev-keys worked for 2 builds
with same APK timestamps, and signature changes were picked up.
Change-Id: Id3e5afbfe22e63d70cd176f1e438e2fa143ccd65
(cherry picked from commit 770f3579dcc5a1697e0e5c3474e8fa34fd21d3dd)
|
|
7995789, 7995790, 7995450, 7996029, 7996030, 7996139, 7996140, 7996141, 7996142, 7996143, 7996144, 7995544, 7995545, 7995546, 7995547, 7995548, 7995549, 7995550, 7996145, 7996146, 7996032, 7996147, 7996148, 7996149, 7996150, 7994747, 7994748, 7995451, 7994749, 7994750, 7995966, 7995967, 7994751, 7996151, 7996152, 7996153] into pi-qpr3-b-release
Change-Id: I3fe0a777a941f10d12cc8ada07876a8f2e5e1418
|
|
Bug: 130568701
Test: manual. After this, can't display on top of it
Change-Id: Ib032f800edb0416cc15f01a34954340d0d0ffa78
(cherry picked from commit 4e80dc2861614d25a1f957f50040a8cf04812d11)
(cherry picked from commit 27d47340496580d66f36a734a115e47eaf550972)
|
|
This prevents any object data from being accidentally overwritten by the
exception, which could cause unexpected malformed objects to be sent
across the transaction.
Test: atest CtsOsTestCases:ParcelTest#testExceptionOverwritesObject
Bug: 34175893
Change-Id: Iaf80a0ad711762992b8ae60f76d861c97a403013
Merged-In: Iaf80a0ad711762992b8ae60f76d861c97a403013
(cherry picked from commit f8ef5bcf21c87d8617f5e11810cc94350298d114)
|
|
Missed a call-point in last refactoring.
This CL should have been included in https://googleplex-android-review.git.corp.google.com/q/topic:%22bp-secure-screen-rotation%22+(status:open%20OR%20status:merged)
Bug: 130211665
Bug: 133054270
Test: Manual
Change-Id: I43fa93eea7d79f5b773497e3bb65750866eca2cb
(cherry picked from commit bf9298f1c9b848ff0db4ae0be3913ad531bafa9e)
(cherry picked from commit fbc22c2b6d54a8a9b589746be67d3992f01212cc)
|
|
When Zygote starts a process with a pid, system_server may have this
pid associate with a old process which is killed by the OS but
system_server has not finished cleanup. In this case, clean up the old
ProcessRecord so the new process can use the pid.
This problem is exposed because the asynchronous process start change.
attachApplicationLocked() may happen before handleProcessStartedLocked() and
the mPidsSelfLocked may still have the old ProcessRecord associate with
the new process's pid.
Bug: 131105245
Test: POC test steps in b/131105245.
Change-Id: I775acda5147291d0cf9836b6ffb3f52d1bf9bffe
Merged-In: I775acda5147291d0cf9836b6ffb3f52d1bf9bffe
Merged-In: I5d421f6c68f6b3437d51c94f4aef77e08a7bf002
(cherry picked from commit 3d47e0ceca4e6528a1bec2a7e94a833b8951d93a)
|
|
Test: atest LockTaskControllerTest
Bug: 132593073
Change-Id: I1bfacd5992569d67cdaa526b18d1c426a366babb
(cherry picked from commit fa1b986746ad7d9ebab6a34a0bfafd0a93267d5b)
|
|
Make it clear that ending an emergency call is not possible with this
method.
Test: Compile; this is a docs change.
Bug: 132438333
Change-Id: I736b90e31723ee2055cedf16142c4d0f494bf49b
(cherry picked from commit 3acf511895d8d19d5f9189d0159ae1d677a89a42)
|
|
ScreenPinningSettings.
Fixes: 127605586
Test: atest LockTaskControllerTest
Change-Id: I7d4c53fd6740f500d1a0ce18b47b83ed895300a5
(cherry picked from commit 5d6c1e8f451a920695e92fd321bbffe9c75f9aaa)
|
|
pi-platform-release
Change-Id: Ic11e8de9f8384ee039c536f67febaa56e9a3a673
|
|
7517884, 7517885, 7517886, 7517956, 7517957, 7518438, 7518102, 7517887, 7518141, 7518142, 7518143, 7518144, 7517888, 7517889, 7517890, 7517891, 7518439, 7518440, 7518441, 7518442, 7518443, 7518029, 7518104, 7517892, 7517893, 7518061, 7518444, 7517894, 7517895, 7518030, 7518031, 7518445, 7517896, 7517969, 7517897, 7518105, 7518145, 7518146, 7518446] into pi-qpr3-b-release
Change-Id: I53ce1be1dd499c8f0d271f46e947522e25aea9aa
|
|
Camera default constructor does not create the underlying native camera
object. Thus calling _enableShutterSound after the default constuctor
causes application crash.
Bug: 132362603
Bug: 80498247
Test: ARC++ Eve/Kevin:
Manually modify the code to return MODE_IGNORED for
AppOpsService#checkAudioOperation() and to return false for
CameraManager#supportsCamera2ApiLocked. Then start voice call in
Hangouts.
cf_x86_phone with camera HALv1 enabled:
New CTS test
Change-Id: Ia232dd71da15fda31c4dbe5568ba5083cbfaed9b
Merged-In: Id738c4d46a8e3625bc3b1142b11acac9cfb0b603
(cherry picked from commit 97999565311a909a75b6214cb5076f2f7a067e16)
|
|
For purposes of the screen rotation animation the system server is allowed
to capture secure (not protected) layers and trusted not to persist screenshots
which may contain secure layers. However when displaying the screen rotation animation,
the layer the screenshot is placed on will itself not be secure, so if we record
the animation the recording will contain persisted versions of the secure content. Make sure
we use the new API from SurfaceFlinger to set FLAG_SECURE if our screenshot contains secure
content.
Bug: 69703445
Test: Transaction_test#SetFlagsSecureEUidSystem
Change-Id: I0dd36462867da52e6b1451f65f56c2c5d37538f3
(cherry picked from commit bab740f10e0812ba47d19931fdfe2fa7e02bbd0c)
|
|
Since this blob is passed between processes.
We could potentially only memset portions of the blob as it is
written to. However, the JHwBlob API itself doesn't have to have
writes in order (even though known usages of it do write in order).
Because of this, keeping track of which bytes to pad would be too
expensive.
Bug: 131356202
Test: boot, hidl_test_java
Change-Id: I48f4d7cb20c4bfe747dd323ae3744d323ad097c9
Merged-In: I48f4d7cb20c4bfe747dd323ae3744d323ad097c9
(cherry picked from commit d8157bc094569bee74976df2585d632f1793e226)
|
|
the system server.
In pre-P versions of Android, it was allowed to screenshot secure layers if the
buffer queue producer which was the target of the screenshot was owned by
the system (in this case SurfaceFlinger). This really was a synonym for:
The screen rotation animation was allowed to capture secure layers, but the other
code paths weren't. In O we mistakenly changed this check to always allow the system server
to capture secure layers via the captureScreen path (the captureLayers path used for
TaskSnapshots was unaffected). This can result in data leakage in cases where the
system server takes screenshots on behalf of other parts of the system (e.g. for
the assistant). To mitigate this we provide an explicit switch for the system server
to specify whether it wishes to capture Secure layers. While this is dangerous, I think
it is less dangerous than the previous implicit switch of capturing secure layers based on which
type of BufferQueue was passed in. The flag defaults to not capturing secure layers
and we set it to true in the one place we need it (for the screen rotation animation).
Non privileged clients can still not capture secure layers at all directly.
Test: TransactionTest.cpp#SetFlagsSecureEUidSystem
Bug: 120610669
Change-Id: I9d32c5ac2b005059be9f464859a415167d9ddbd4
(cherry picked from commit dc49e0088a05108a0616704ca5565136f89c0a1f)
|
|
7496343, 7495658, 7494789, 7494790, 7494791, 7496344, 7496345, 7496346, 7496347, 7496574, 7496348, 7496575, 7496576, 7496260, 7496349, 7496350, 7496440, 7496577, 7496578, 7496261, 7495625, 7496442, 7496351] into pi-qpr3-release
Change-Id: I8c6f30f0dcb038921a5d9903b99077117d55bb27
|
|
For purposes of the screen rotation animation the system server is allowed
to capture secure (not protected) layers and trusted not to persist screenshots
which may contain secure layers. However when displaying the screen rotation animation,
the layer the screenshot is placed on will itself not be secure, so if we record
the animation the recording will contain persisted versions of the secure content. Make sure
we use the new API from SurfaceFlinger to set FLAG_SECURE if our screenshot contains secure
content.
Bug: 69703445
Test: Transaction_test#SetFlagsSecureEUidSystem
Change-Id: I0dd36462867da52e6b1451f65f56c2c5d37538f3
(cherry picked from commit bab740f10e0812ba47d19931fdfe2fa7e02bbd0c)
|
|
Since this blob is passed between processes.
We could potentially only memset portions of the blob as it is
written to. However, the JHwBlob API itself doesn't have to have
writes in order (even though known usages of it do write in order).
Because of this, keeping track of which bytes to pad would be too
expensive.
Bug: 131356202
Test: boot, hidl_test_java
Change-Id: I48f4d7cb20c4bfe747dd323ae3744d323ad097c9
Merged-In: I48f4d7cb20c4bfe747dd323ae3744d323ad097c9
(cherry picked from commit d8157bc094569bee74976df2585d632f1793e226)
|
|
the system server.
In pre-P versions of Android, it was allowed to screenshot secure layers if the
buffer queue producer which was the target of the screenshot was owned by
the system (in this case SurfaceFlinger). This really was a synonym for:
The screen rotation animation was allowed to capture secure layers, but the other
code paths weren't. In O we mistakenly changed this check to always allow the system server
to capture secure layers via the captureScreen path (the captureLayers path used for
TaskSnapshots was unaffected). This can result in data leakage in cases where the
system server takes screenshots on behalf of other parts of the system (e.g. for
the assistant). To mitigate this we provide an explicit switch for the system server
to specify whether it wishes to capture Secure layers. While this is dangerous, I think
it is less dangerous than the previous implicit switch of capturing secure layers based on which
type of BufferQueue was passed in. The flag defaults to not capturing secure layers
and we set it to true in the one place we need it (for the screen rotation animation).
Non privileged clients can still not capture secure layers at all directly.
Test: TransactionTest.cpp#SetFlagsSecureEUidSystem
Bug: 120610669
Change-Id: I9d32c5ac2b005059be9f464859a415167d9ddbd4
(cherry picked from commit dc49e0088a05108a0616704ca5565136f89c0a1f)
|
|
pi-platform-release
Change-Id: I944e7d1ac9deebd68b7a3d2f3b8200df78a23099
|
|
7316390, 7316458, 7316459, 7316460, 7316561, 7316562, 7316563, 7316564, 7316565, 7316566, 7316567, 7316391, 7315814, 7316548] into pi-qpr3-b-release
Change-Id: I786622c504e147b993c2bfbd8929b75013929ec7
|
|
This reverts commit 820b2504f36d65ef3cd2e34ec72ee53c90fa89d9.
Reason for revert: <INSERT REASONING HERE>
Change-Id: Ic6804433644eda4af9d82d1a356e0d3a7a72b552
(cherry picked from commit 075c346e8ff4713e2af0da662a14935485d96398)
|
|
This reverts commit 567f2357f9fda4eb40594f52342b85540b817287.
Reason for revert: <INSERT REASONING HERE>
Change-Id: I0bc0183de916f29f79d0cee053043cf6c323f167
(cherry picked from commit bae09a535892453bf72741b0cd60e6502814f469)
|
|
pi-qpr3-b-release
Change-Id: I20332f4ca5fbd845ed81e317a69bd202b8f3fa5f
|
|
7077580, 7077581, 7077582, 7074025, 7077706, 7077707, 7077708, 7077388, 7077583, 7077584, 7077585, 7077726, 7077727, 7077331, 7077332, 7077459, 7077709, 7077710, 7077711, 7077712, 7077460, 7077461, 7077333, 7077334, 7077696] into pi-qpr3-release
Change-Id: I7388064ae931f71c9df3bf2f5300417a85270cfb
|
|
Test: atest
Fixes: 128599467
Change-Id: I13a0ca7590f8c4b44379730e0ee2088aba400c2a
Merged-In: I13a0ca7590f8c4b44379730e0ee2088aba400c2a
(cherry picked from commit 657d164136199126ae241848887de0230699cea0)
(cherry picked from commit 63846a7093ca7c6d89b73fc77bdff267b3ecb4ef)
|
|
Fixes: 128599668
Test: build, set up separate challenge
Change-Id: I2fef9ab13614627c0f1bcca04759d0974fc6181a
(cherry picked from commit 1b6301cf2430f192c9842a05fc22984d782bade9)
|
|
Added a check for the MANAGE_USERS permission to
PackageManagerService#isPackageDeviceAdminOnAnyUser.
To test that the method is still usable:
1) Enable virtual storage via: adb shell sm set-virtual-disk true
2) Follow instructions by clicking on notification to set up virtual storage
3) Go to Settings -> Apps & notifications -> See all X apps
4) Click on any non-system app (example Instagram)
5) Tap Storage and you should see a "Change" button (if not, choose another app)
6) Tap Change and you should see Internal and Virtual storage options listed
7) The above step confirms the method is still usable by Settings
Bug: 128599183
Test: SafetyNet logging (steps listed above)
Change-Id: I989f1daf52a71f6c778ebd81baa6f1bf83e9a718
Merged-In: I36521fa43daab399e08869647326a7ac32d1e512
(cherry picked from commit 18e7dedf6c35f07daf8b7239d501737745ac7f43)
|
|
* Add BluetoothClassicPairingEvent to log pairing and encryption
related statistics
Bug: 124301137
Test: test drive with statsd
Change-Id: Idca6f6d340e03af91c5a6fb4102666d44167635b
(cherry picked from commit 6110c95184c6ca0265ebc39235ca81da21c0483d)
|
|
7069859, 7070136, 7070137, 7070138, 7071045, 7071046, 7071047, 7071048, 7070081, 7070863, 7070082, 7069862, 7069863, 7069864, 7071085, 7070118] into pi-qpr3-b-release
Change-Id: I9f4eebfba44bd4a3b93f2637d99c4e2d33b04b90
|
|
Test: atest
Fixes: 128599467
Change-Id: I13a0ca7590f8c4b44379730e0ee2088aba400c2a
Merged-In: I13a0ca7590f8c4b44379730e0ee2088aba400c2a
(cherry picked from commit 657d164136199126ae241848887de0230699cea0)
(cherry picked from commit 63846a7093ca7c6d89b73fc77bdff267b3ecb4ef)
|
|
Fixes: 128599668
Test: build, set up separate challenge
Change-Id: I2fef9ab13614627c0f1bcca04759d0974fc6181a
(cherry picked from commit 1b6301cf2430f192c9842a05fc22984d782bade9)
|
|
Added a check for the MANAGE_USERS permission to
PackageManagerService#isPackageDeviceAdminOnAnyUser.
To test that the method is still usable:
1) Enable virtual storage via: adb shell sm set-virtual-disk true
2) Follow instructions by clicking on notification to set up virtual storage
3) Go to Settings -> Apps & notifications -> See all X apps
4) Click on any non-system app (example Instagram)
5) Tap Storage and you should see a "Change" button (if not, choose another app)
6) Tap Change and you should see Internal and Virtual storage options listed
7) The above step confirms the method is still usable by Settings
Bug: 128599183
Test: SafetyNet logging (steps listed above)
Change-Id: I989f1daf52a71f6c778ebd81baa6f1bf83e9a718
Merged-In: I36521fa43daab399e08869647326a7ac32d1e512
(cherry picked from commit 18e7dedf6c35f07daf8b7239d501737745ac7f43)
|
|
pi-qpr3-b-release
Change-Id: I8ab3d1449f11ed04ef255de538121558acf1f59f
|
|
7068987, 7068800, 7068004] into pi-qpr3-b-release
Change-Id: Ibfe2c06a97eeb27d621ee889573bb0966b5c5578
|
|
Test: atest
Fixes: 128599467
Change-Id: I13a0ca7590f8c4b44379730e0ee2088aba400c2a
Merged-In: I13a0ca7590f8c4b44379730e0ee2088aba400c2a
(cherry picked from commit 657d164136199126ae241848887de0230699cea0)
(cherry picked from commit 63846a7093ca7c6d89b73fc77bdff267b3ecb4ef)
|
|
Fixes: 128599668
Test: build, set up separate challenge
Change-Id: I2fef9ab13614627c0f1bcca04759d0974fc6181a
(cherry picked from commit 1b6301cf2430f192c9842a05fc22984d782bade9)
|
|
Added a check for the MANAGE_USERS permission to
PackageManagerService#isPackageDeviceAdminOnAnyUser.
To test that the method is still usable:
1) Enable virtual storage via: adb shell sm set-virtual-disk true
2) Follow instructions by clicking on notification to set up virtual storage
3) Go to Settings -> Apps & notifications -> See all X apps
4) Click on any non-system app (example Instagram)
5) Tap Storage and you should see a "Change" button (if not, choose another app)
6) Tap Change and you should see Internal and Virtual storage options listed
7) The above step confirms the method is still usable by Settings
Bug: 128599183
Test: SafetyNet logging (steps listed above)
Change-Id: I989f1daf52a71f6c778ebd81baa6f1bf83e9a718
Merged-In: I36521fa43daab399e08869647326a7ac32d1e512
(cherry picked from commit 18e7dedf6c35f07daf8b7239d501737745ac7f43)
|
|
"am-09249f80-e618-46fc-ac06-c7fdc73c36ae" into oc-dev am: 07a485743a am: 30826bd658
am: d89cac1562 -s ours
am skip reason: change_id I8ee3f876fcaffa63636645f0f59709cd147254ef with SHA1 5ab98de315 is in history
Change-Id: I734fd8e0dc271ed7942a8c9d17e5ce19a9cb544d
|
|
areNotificationsEnabledForPackage" into oc-dev am: 2256fd4e11 am: 51fee974a9
am: 19ad060bf0
Change-Id: I0ed6effdd52e511fab32a668b8232fc0095e3295
|
|
oc-dev am: 652a666500 am: 5d35ad7446
am: 03cddd8562
Change-Id: Ifa1fe4acb2249480c1b9067e1e53a3f020008859
|
|
system callers am: 9061fcc46b am: 39f5432697 am: 9c0bc5405e am: 55209aca88 am: d5ce9a41b6 am: 20007cb46f am: 3ae9c5c63b -s ours
am: 8a317effc2 -s ours
am skip reason: change_id I2fef9ab13614627c0f1bcca04759d0974fc6181a with SHA1 1b6301cf24 is in history
Change-Id: I50b6c521adf14bad8d30232e9936b16859b4dc03
|
|
oc-dev am: 07a485743a
am: 30826bd658
Change-Id: I117d15dc0168ebd0f09835957e4b1757a1ae5a7c
|
|
areNotificationsEnabledForPackage" into oc-dev am: 2256fd4e11
am: 51fee974a9
Change-Id: I5c0f89e5614901b57880fff5b59a2f6766893903
|
|
oc-dev am: 652a666500
am: 5d35ad7446
Change-Id: I0e8dff954426479e5a58f0a8f0dad10a294f7b25
|
|
am: 07a485743a
Change-Id: I0ba4a71037e5bac19a540320665446b55b7aafb6
|
