From e183ab7e5a865ff1051505085b617f4f3ad4c049 Mon Sep 17 00:00:00 2001 From: Julia Reynolds Date: Thu, 28 May 2020 10:45:19 -0400 Subject: Make intents immutable Test: make Fixes: 154719656 Change-Id: I212ca5f1a48174ed85311b551259da314718f082 (cherry picked from commit 36b3352784ae90326a2b308542b1d2cfe18661a0) (cherry picked from commit 2a92eea73034820a20ba07cc267a326ace859d6d) --- .../systemui/statusbar/notification/InstantAppNotifier.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/notification/InstantAppNotifier.java b/packages/SystemUI/src/com/android/systemui/statusbar/notification/InstantAppNotifier.java index c67512c11922..3886f6264b16 100644 --- a/packages/SystemUI/src/com/android/systemui/statusbar/notification/InstantAppNotifier.java +++ b/packages/SystemUI/src/com/android/systemui/statusbar/notification/InstantAppNotifier.java @@ -269,7 +269,7 @@ public class InstantAppNotifier extends SystemUI 0, new Intent(Settings.ACTION_APPLICATION_DETAILS_SETTINGS) .setData(Uri.fromParts("package", pkg, null)), - 0, + PendingIntent.FLAG_IMMUTABLE, null, user); Notification.Action action = @@ -303,7 +303,7 @@ public class InstantAppNotifier extends SystemUI mContext, 0 /* requestCode */, browserIntent, - 0 /* flags */, + PendingIntent.FLAG_IMMUTABLE /* flags */, null, user); ComponentName aiaComponent = null; @@ -325,8 +325,8 @@ public class InstantAppNotifier extends SystemUI .putExtra(Intent.EXTRA_LONG_VERSION_CODE, appInfo.longVersionCode) .putExtra(Intent.EXTRA_INSTANT_APP_FAILURE, pendingIntent); - PendingIntent webPendingIntent = - PendingIntent.getActivityAsUser(mContext, 0, goToWebIntent, 0, null, user); + PendingIntent webPendingIntent = PendingIntent.getActivityAsUser(mContext, 0, + goToWebIntent, PendingIntent.FLAG_IMMUTABLE, null, user); Notification.Action webAction = new Notification.Action.Builder( null, mContext.getString(R.string.go_to_web), webPendingIntent) -- cgit v1.2.3 From c4d6e387984e09e86a58e6485555a2d651f0481f Mon Sep 17 00:00:00 2001 From: Jeff DeCew Date: Wed, 6 May 2020 16:16:42 -0400 Subject: Make implicit intent immutable. (cherry picked from commit e42611f83cc72d22ed99fe3a8b79386d76ae5fa6) Test: make Fix: 154627439 Change-Id: Ifee830595bb145aede4dad1d9e42a20e54b6be66 Merged-In: Ifee830595bb145aede4dad1d9e42a20e54b6be66 (cherry picked from commit 7aae8cce330cb9b8ebca7b68da3abcd8e2d5a272) --- .../com/android/systemui/statusbar/notification/InstantAppNotifier.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/SystemUI/src/com/android/systemui/statusbar/notification/InstantAppNotifier.java b/packages/SystemUI/src/com/android/systemui/statusbar/notification/InstantAppNotifier.java index 3886f6264b16..ffe51ca44c4f 100644 --- a/packages/SystemUI/src/com/android/systemui/statusbar/notification/InstantAppNotifier.java +++ b/packages/SystemUI/src/com/android/systemui/statusbar/notification/InstantAppNotifier.java @@ -282,7 +282,7 @@ public class InstantAppNotifier extends SystemUI mContext, 0, new Intent(Intent.ACTION_VIEW).setData(Uri.parse(helpUrl)), - 0, + PendingIntent.FLAG_IMMUTABLE, null, user) : null; -- cgit v1.2.3 From d1126e7160b87313de91be5dbf7d0d9b08900f70 Mon Sep 17 00:00:00 2001 From: Martijn Coenen Date: Fri, 29 May 2020 14:49:25 +0200 Subject: Use killProcessGroup when killing app zygote. To make sure we kill all untracked children, too. Bug: 156741968 Bug: 157598956 Test: manual inspection, PoC no longer works. Change-Id: I5d8efeb05ddec08a7fc7c00eabca6590c4cfdd8c (cherry picked from commit 0a91f61ac8387c02528e0f6f0948296ba9d5ca77) --- core/java/android/os/AppZygote.java | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/core/java/android/os/AppZygote.java b/core/java/android/os/AppZygote.java index 6daa5b4dc6d8..66f50e4b2610 100644 --- a/core/java/android/os/AppZygote.java +++ b/core/java/android/os/AppZygote.java @@ -90,10 +90,9 @@ public class AppZygote { @GuardedBy("mLock") private void stopZygoteLocked() { if (mZygote != null) { - // Close the connection and kill the zygote process. This will not cause - // child processes to be killed by itself. mZygote.close(); - Process.killProcess(mZygote.getPid()); + // use killProcessGroup() here, so we kill all untracked children as well. + Process.killProcessGroup(mZygoteUid, mZygote.getPid()); mZygote = null; } } -- cgit v1.2.3 From b26c7160cd1dfba9224ba12dc075ac3c658b18c3 Mon Sep 17 00:00:00 2001 From: Martijn Coenen Date: Tue, 2 Jun 2020 09:45:52 +0200 Subject: Drop supplementary groups for child zygotes. Child zygotes like Webview zygote and App zygote are created with an empty supplementary group list; this was intended to drop all groups, but instead we don't call setgroups() at all, which means that these child zygotes are run with the same groups as the parent zygotes. Currently those groups are AID_READPROC and AID_RESERVED_DISK, and the child zygotes should need neither: AID_READPROC is only used for wrapping with the wrap.com.packagename sysprop, which doesn't really make sense for child zygotes. AID_RESERVED_DISK shouldn't be needed because child zygotes and their children are not critical, and therefore shouldn't be able to use reserved disk space. Remove the groups by explicitly call setgroups(0, NULL); for child zygotes. Bug: 156741968 Test: observe /proc/zygote_pid/status, notice groups are empty Test: atest CtsExternalServiceTestCases Change-Id: I4ee43a8bb9d86ff6f620437fb290481365a9e988 (cherry picked from commit 5a45262741f6410a61bec59a41b4229e349a00b7) --- core/jni/com_android_internal_os_Zygote.cpp | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp index 82c27f02ba87..d03ef8a55719 100644 --- a/core/jni/com_android_internal_os_Zygote.cpp +++ b/core/jni/com_android_internal_os_Zygote.cpp @@ -429,8 +429,16 @@ static void UnsetChldSignalHandler() { // Calls POSIX setgroups() using the int[] object as an argument. // A nullptr argument is tolerated. -static void SetGids(JNIEnv* env, jintArray managed_gids, fail_fn_t fail_fn) { +static void SetGids(JNIEnv* env, jintArray managed_gids, jboolean is_child_zygote, + fail_fn_t fail_fn) { if (managed_gids == nullptr) { + if (is_child_zygote) { + // For child zygotes like webview and app zygote, we want to clear out + // any supplemental groups the parent zygote had. + if (setgroups(0, NULL) == -1) { + fail_fn(CREATE_ERROR("Failed to remove supplementary groups for child zygote")); + } + } return; } @@ -1015,7 +1023,7 @@ static void SpecializeCommon(JNIEnv* env, uid_t uid, gid_t gid, jintArray gids, } } - SetGids(env, gids, fail_fn); + SetGids(env, gids, is_child_zygote, fail_fn); SetRLimits(env, rlimits, fail_fn); if (use_native_bridge) { -- cgit v1.2.3 From 46014f917553a25b7af44a8603d21619f4cdde26 Mon Sep 17 00:00:00 2001 From: Linus Tufvesson Date: Thu, 30 Apr 2020 16:54:12 +0000 Subject: RESTRICT AUTOMERGE This change is the union of I2aaab1903dee54190338f7b6e49888aa51437108 and I58834636e092f992e403342e36b475dc60e8f20a Original CL descriptions: *** I2aaab1903dee54190338f7b6e49888aa51437108 Block TYPE_PRESENTATION windows on default display ... and any other display that isn't considered a public presentation display, as per Display.isPublicPresentation() *** I58834636e092f992e403342e36b475dc60e8f20a Use TYPE_PRIVATE_PRESENTATION for private presentations Detect if the Presenation is targeting a private virtual display, and if they are use the windowType TYPE_PRIVATE_PRESENTATION. *** Bug: 141745510 Test: atest CtsWindowManagerDeviceTestCases:android.server.wm.PresentationTest CtsDisplayTestCases:android.display.cts.VirtualDisplayTest Change-Id: I9f1c4b140ab4bc6183151aafc5501e8648fbc3fa (cherry picked from commit d0746b46a5d8049a7105a16eb25c44810376527e) --- core/java/android/app/Presentation.java | 23 ++++++++++++++-------- .../android/server/wm/WindowManagerService.java | 8 ++++++++ 2 files changed, 23 insertions(+), 8 deletions(-) diff --git a/core/java/android/app/Presentation.java b/core/java/android/app/Presentation.java index cb72d4d5dc2c..36c42e179a57 100644 --- a/core/java/android/app/Presentation.java +++ b/core/java/android/app/Presentation.java @@ -19,6 +19,7 @@ package android.app; import static android.content.Context.DISPLAY_SERVICE; import static android.content.Context.WINDOW_SERVICE; import static android.view.WindowManager.LayoutParams.TYPE_PRESENTATION; +import static android.view.WindowManager.LayoutParams.TYPE_PRIVATE_PRESENTATION; import android.annotation.UnsupportedAppUsage; import android.content.Context; @@ -26,18 +27,18 @@ import android.content.res.Resources; import android.hardware.display.DisplayManager; import android.hardware.display.DisplayManager.DisplayListener; import android.os.Binder; +import android.os.Handler; import android.os.IBinder; +import android.os.Message; +import android.util.DisplayMetrics; +import android.util.Log; +import android.util.TypedValue; import android.view.ContextThemeWrapper; import android.view.Display; import android.view.Gravity; import android.view.Window; import android.view.WindowManager; import android.view.WindowManagerImpl; -import android.os.Handler; -import android.os.Message; -import android.util.DisplayMetrics; -import android.util.Log; -import android.util.TypedValue; /** * Base class for presentations. @@ -116,7 +117,9 @@ import android.util.TypedValue; * The display manager keeps track of all displays in the system. However, not all * displays are appropriate for showing presentations. For example, if an activity * attempted to show a presentation on the main display it might obscure its own content - * (it's like opening a dialog on top of your activity). + * (it's like opening a dialog on top of your activity). Creating a presentation on the main + * display will result in {@link android.view.WindowManager.InvalidDisplayException} being thrown + * when invoking {@link #show()}. *

* Here's how to identify suitable displays for showing presentations using * {@link DisplayManager#getDisplays(String)} and the @@ -189,12 +192,16 @@ public class Presentation extends Dialog { mDisplay = display; mDisplayManager = (DisplayManager)getContext().getSystemService(DISPLAY_SERVICE); + final int windowType = + (display.getFlags() & Display.FLAG_PRIVATE) != 0 ? TYPE_PRIVATE_PRESENTATION + : TYPE_PRESENTATION; + final Window w = getWindow(); final WindowManager.LayoutParams attr = w.getAttributes(); attr.token = mToken; w.setAttributes(attr); w.setGravity(Gravity.FILL); - w.setType(TYPE_PRESENTATION); + w.setType(windowType); setCanceledOnTouchOutside(false); } @@ -243,7 +250,7 @@ public class Presentation extends Dialog { /** * Inherited from {@link Dialog#show}. Will throw * {@link android.view.WindowManager.InvalidDisplayException} if the specified secondary - * {@link Display} can't be found. + * {@link Display} can't be found or if it does not have {@link Display#FLAG_PRESENTATION} set. */ @Override public void show() { diff --git a/services/core/java/com/android/server/wm/WindowManagerService.java b/services/core/java/com/android/server/wm/WindowManagerService.java index 529936a6c899..a9f157d985a6 100644 --- a/services/core/java/com/android/server/wm/WindowManagerService.java +++ b/services/core/java/com/android/server/wm/WindowManagerService.java @@ -61,6 +61,7 @@ import static android.view.WindowManager.LayoutParams.TYPE_DREAM; import static android.view.WindowManager.LayoutParams.TYPE_INPUT_METHOD; import static android.view.WindowManager.LayoutParams.TYPE_INPUT_METHOD_DIALOG; import static android.view.WindowManager.LayoutParams.TYPE_NAVIGATION_BAR; +import static android.view.WindowManager.LayoutParams.TYPE_PRESENTATION; import static android.view.WindowManager.LayoutParams.TYPE_PRIVATE_PRESENTATION; import static android.view.WindowManager.LayoutParams.TYPE_QS_DIALOG; import static android.view.WindowManager.LayoutParams.TYPE_STATUS_BAR; @@ -1297,6 +1298,13 @@ public class WindowManagerService extends IWindowManager.Stub return WindowManagerGlobal.ADD_PERMISSION_DENIED; } + if (type == TYPE_PRESENTATION && !displayContent.getDisplay().isPublicPresentation()) { + Slog.w(TAG_WM, + "Attempted to add presentation window to a non-suitable display. " + + "Aborting."); + return WindowManagerGlobal.ADD_INVALID_DISPLAY; + } + AppWindowToken atoken = null; final boolean hasParent = parentWindow != null; // Use existing parent window token for child windows since they go in the same token -- cgit v1.2.3 From 556de438237965857fde874d22aff0c4232d4d99 Mon Sep 17 00:00:00 2001 From: Diksha Gohlyan Date: Thu, 7 May 2020 00:46:46 +0000 Subject: Add back enforceReadPermission for getmetadata Test: manually tested Bug: 151095863 Change-Id: I29ef120c10c488550b85269e598aeb6ff9505038 Merged-In: I4f04f08f76d039196c2c67bac80d4a46ebec87f2 (cherry picked from commit 71ec29b05022b06ffd4596dc8b339d2067cf58c0) --- core/java/android/provider/DocumentsProvider.java | 1 + 1 file changed, 1 insertion(+) diff --git a/core/java/android/provider/DocumentsProvider.java b/core/java/android/provider/DocumentsProvider.java index 2143a0deb723..643df6970560 100644 --- a/core/java/android/provider/DocumentsProvider.java +++ b/core/java/android/provider/DocumentsProvider.java @@ -1260,6 +1260,7 @@ public abstract class DocumentsProvider extends ContentProvider { out.putParcelable(DocumentsContract.EXTRA_RESULT, path); } else if (METHOD_GET_DOCUMENT_METADATA.equals(method)) { + enforceReadPermissionInner(documentUri, getCallingPackage(), null); return getDocumentMetadata(documentId); } else { throw new UnsupportedOperationException("Method not supported " + method); -- cgit v1.2.3 From 4d467f1c7d7d355d0ac71a12ec8c2df07f756046 Mon Sep 17 00:00:00 2001 From: Ahan Wu Date: Wed, 13 May 2020 22:43:56 +0800 Subject: DO NOT MERGE Prevent ImageWallpaper from crashing due to wide gamut ImageWallpaper may fail at either uploading texture or computing the histogram of the bitmap, we catch the unexpected exceptions to avoid crashing the whole process. In addition, we also take wide gamut into account while computing the histogram. Bug: 156087409 Test: Set 1.jpg of #34 in the bug as wallpaper. Test: The symptom should not happen. Change-Id: I931912ece0f7cdfcb388efc8e61799f0087c5199 (cherry picked from commit 34c8ecdf280d6209aa8163c1bc8f41a449302e39) --- .../systemui/glwallpaper/ImageGLWallpaper.java | 26 +++++++++++++--------- .../systemui/glwallpaper/ImageProcessHelper.java | 11 +++++++-- 2 files changed, 24 insertions(+), 13 deletions(-) diff --git a/packages/SystemUI/src/com/android/systemui/glwallpaper/ImageGLWallpaper.java b/packages/SystemUI/src/com/android/systemui/glwallpaper/ImageGLWallpaper.java index 626d0cfed997..c1de21bed05e 100644 --- a/packages/SystemUI/src/com/android/systemui/glwallpaper/ImageGLWallpaper.java +++ b/packages/SystemUI/src/com/android/systemui/glwallpaper/ImageGLWallpaper.java @@ -167,7 +167,7 @@ class ImageGLWallpaper { private void setupTexture(Bitmap bitmap) { final int[] tids = new int[1]; - if (bitmap == null) { + if (bitmap == null || bitmap.isRecycled()) { Log.w(TAG, "setupTexture: invalid bitmap"); return; } @@ -179,16 +179,20 @@ class ImageGLWallpaper { return; } - // Bind a named texture to a target. - glBindTexture(GL_TEXTURE_2D, tids[0]); - // Load the bitmap data and copy it over into the texture object that is currently bound. - GLUtils.texImage2D(GL_TEXTURE_2D, 0, bitmap, 0); - // Use bilinear texture filtering when minification. - glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_MIN_FILTER, GL_LINEAR); - // Use bilinear texture filtering when magnification. - glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_MAG_FILTER, GL_LINEAR); - - mTextureId = tids[0]; + try { + // Bind a named texture to a target. + glBindTexture(GL_TEXTURE_2D, tids[0]); + // Load the bitmap data and copy it over into the texture object + // that is currently bound. + GLUtils.texImage2D(GL_TEXTURE_2D, 0, bitmap, 0); + // Use bilinear texture filtering when minification. + glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_MIN_FILTER, GL_LINEAR); + // Use bilinear texture filtering when magnification. + glTexParameteri(GL_TEXTURE_2D, GL_TEXTURE_MAG_FILTER, GL_LINEAR); + mTextureId = tids[0]; + } catch (IllegalArgumentException e) { + Log.w(TAG, "Failed uploading texture: " + e.getLocalizedMessage()); + } } void useTexture() { diff --git a/packages/SystemUI/src/com/android/systemui/glwallpaper/ImageProcessHelper.java b/packages/SystemUI/src/com/android/systemui/glwallpaper/ImageProcessHelper.java index 24a4b9e3052b..231779df6f52 100644 --- a/packages/SystemUI/src/com/android/systemui/glwallpaper/ImageProcessHelper.java +++ b/packages/SystemUI/src/com/android/systemui/glwallpaper/ImageProcessHelper.java @@ -86,7 +86,13 @@ class ImageProcessHelper { protected Float doInBackground(Bitmap... bitmaps) { Bitmap bitmap = bitmaps[0]; if (bitmap != null) { - return new Threshold().compute(bitmap); + try { + return new Threshold().compute(bitmap); + } catch (RuntimeException e) { + Log.e(TAG, "Failed at computing threshold, color space=" + + bitmap.getColorSpace(), e); + return DEFAULT_THRESHOLD; + } } Log.e(TAG, "ThresholdComputeTask: Can't get bitmap"); return DEFAULT_THRESHOLD; @@ -116,7 +122,8 @@ class ImageProcessHelper { int width = bitmap.getWidth(); int height = bitmap.getHeight(); - Bitmap grayscale = Bitmap.createBitmap(width, height, bitmap.getConfig()); + Bitmap grayscale = Bitmap.createBitmap(width, height, + bitmap.getConfig(), false, bitmap.getColorSpace()); Canvas canvas = new Canvas(grayscale); ColorMatrix cm = new ColorMatrix(LUMINOSITY_MATRIX); Paint paint = new Paint(); -- cgit v1.2.3 From 0a163302b0288cdc4d9ca5e04398386ef8e1ec6b Mon Sep 17 00:00:00 2001 From: Jing Ji Date: Fri, 25 Oct 2019 12:03:30 -0700 Subject: More fixes towards the race conditions in AMS Bug: 142986887 Bug: 140108616 Test: Manual Change-Id: I6e0bdc8c02bab54f6278096b3a3acadd97c064c6 Merged-In: I6e0bdc8c02bab54f6278096b3a3acadd97c064c6 (cherry picked from commit b2e84f0406139156442984943d8de7dd37d51368) (cherry picked from commit b581128020acb378d0a941f022151d7e2883e19c) --- services/core/java/com/android/server/am/AppErrors.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/services/core/java/com/android/server/am/AppErrors.java b/services/core/java/com/android/server/am/AppErrors.java index bbd2d34e92a6..055ee1e2a0c0 100644 --- a/services/core/java/com/android/server/am/AppErrors.java +++ b/services/core/java/com/android/server/am/AppErrors.java @@ -383,7 +383,11 @@ class AppErrors { // and then the delayed summary kill will be a no-op. final ProcessRecord p = proc; mService.mHandler.postDelayed( - () -> killAppImmediateLocked(p, "forced", "killed for invalid state"), + () -> { + synchronized (mService) { + killAppImmediateLocked(p, "forced", "killed for invalid state"); + } + }, 5000L); } } -- cgit v1.2.3