Age | Commit message (Collapse) | Author |
|
sc-qpr3-release
Change-Id: Id79b5ebbd47a3bca193982f22c919d6073dcb19e
|
|
Transaction#sanitize" into sc-dev am: 04caf0c75b am: c226dcf6a2 -s ours
am skip reason: subject contains skip directive
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16811474
Change-Id: I4f83fc95854f9792212f575f20cea7319ba431b3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
am: 1ff38ab351 am: 5882fa4ab0 -s ours
am skip reason: subject contains skip directive
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16811474
Change-Id: Ib3b7345b0bdcdcc8cf9b4098826a6b1c3e0e569f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
am: 04caf0c75b
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16811474
Change-Id: I4583fd4a36654995c78a503436da43fa75d6205f
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16811474
Change-Id: I2e02546aa4339b6145fa3ead4eb204252c4cf939
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
Transaction#sanitize" into sc-qpr1-dev am: 7c8d637adf -s ours
am skip reason: subject contains skip directive
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16811471
Change-Id: I86b5c5f457929b8782da5e37af018a128b4e11ce
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
am: 842a412840 -s ours
am skip reason: subject contains skip directive
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16811471
Change-Id: I047f02dcc35301e6fc5abf0888310223b19e3014
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
|
|
|
|
|
|
|
|
Various elements of the Transaction interface require
a permission in order to apply. In particular the setTrustedOverlay
and setInputWindowInfo fields. These permission checks are
implemented by checking the PID and the UID of the process which
sent the transaction. Unfortunately widespread use of transaction
merging makes this inadequate. At the moment
IWindowSession#finishDrawing seems to be the only boundary on which
transactions move from client to system processes, and so we expose
a sanitize method and use it from there to resolve the situation
in an easily backportable way.
Moving forward it likely make sense to move security sensitive
interfaces off of Transaction. Most of the things behind permissions
currently are not truly security sensitive, more of just a request
not to use them.
It was also considered to sanitize transactions at all process
boundaries through writeToParcel, however this could be disruptive
as previously permissioned processes (WM and SysUI) could freely
exchange transactions. As the change needs to be backportable the
lowest risk option was chosen.
Bug: 213644870
Test: Existing tests pass
Change-Id: I424f45bc30ea8e56e4c4493203ee0749eabf239c
(cherry picked from commit de6d7b467e572d384f2bc1bc788259340ebe2f93)
|
|
Various elements of the Transaction interface require
a permission in order to apply. In particular the setTrustedOverlay
and setInputWindowInfo fields. These permission checks are
implemented by checking the PID and the UID of the process which
sent the transaction. Unfortunately widespread use of transaction
merging makes this inadequate. At the moment
IWindowSession#finishDrawing seems to be the only boundary on which
transactions move from client to system processes, and so we expose
a sanitize method and use it from there to resolve the situation
in an easily backportable way.
Moving forward it likely make sense to move security sensitive
interfaces off of Transaction. Most of the things behind permissions
currently are not truly security sensitive, more of just a request
not to use them.
It was also considered to sanitize transactions at all process
boundaries through writeToParcel, however this could be disruptive
as previously permissioned processes (WM and SysUI) could freely
exchange transactions. As the change needs to be backportable the
lowest risk option was chosen.
Bug: 213644870
Test: Existing tests pass
Change-Id: I424f45bc30ea8e56e4c4493203ee0749eabf239c
(cherry picked from commit de6d7b467e572d384f2bc1bc788259340ebe2f93)
|
|
Various elements of the Transaction interface require
a permission in order to apply. In particular the setTrustedOverlay
and setInputWindowInfo fields. These permission checks are
implemented by checking the PID and the UID of the process which
sent the transaction. Unfortunately widespread use of transaction
merging makes this inadequate. At the moment
IWindowSession#finishDrawing seems to be the only boundary on which
transactions move from client to system processes, and so we expose
a sanitize method and use it from there to resolve the situation
in an easily backportable way.
Moving forward it likely make sense to move security sensitive
interfaces off of Transaction. Most of the things behind permissions
currently are not truly security sensitive, more of just a request
not to use them.
It was also considered to sanitize transactions at all process
boundaries through writeToParcel, however this could be disruptive
as previously permissioned processes (WM and SysUI) could freely
exchange transactions. As the change needs to be backportable the
lowest risk option was chosen.
Bug: 213644870
Test: Existing tests pass
Change-Id: I424f45bc30ea8e56e4c4493203ee0749eabf239c
(cherry picked from commit de6d7b467e572d384f2bc1bc788259340ebe2f93)
|
|
sc-qpr3-release
Change-Id: Ia99367d8e76f1ec7fb832dcd4fcdc09d360d95b8
|
|
Bug: 220733817
Fixes: 220733817
Test: presubmit
Change-Id: I98972b661fc36906d7d86b366c3f9537dcd17b12
|
|
sc-qpr3-release
Change-Id: I1bcf683394666238c81f9af25ec6a28e439029ce
|
|
Picked from aosp/1959201
Fix:220828052
Test: atest dumpstate_smoke_test:dumpstate_smoke_test.ZippedBugreportGenerationTest
Change-Id: Ic309423babba4e2d03ab7d95b9188faea79b3a41
Merged-In: I37e7707df3237f39d099484a26f195a85f16767a
|
|
sc-qpr3-release
Change-Id: I815ff2b5cd13cee0250eab8d135f322f7518be3f
|
|
cbe9c105fc am: 4648ad64f2 -s ours am: f2a0e26203 -s ours am: 36cf85e10a -s ours
am skip reason: Merged-In Ibce11ee7df5b5c8c226ebfab29574a99cd656f6d with SHA-1 9b0d13dc44 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16508594
Change-Id: Ie8c1ee80cfd1f7a657601aa76076eb356bbd3dd7
|
|
0f13fe552d am: f86cec5a48 -s ours am: d25e22dbce -s ours am: a22dfdd3c6 -s ours
am skip reason: Merged-In I71d7cf5064c8ce4626cff09b92e15ca38b39cbbe with SHA-1 212dcf44f6 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16508593
Change-Id: I3d43691a6b89d037499e9a647fd2132eaee2d9b5
|
|
sc-qpr3-release
Change-Id: Ib0b0f14676cf4f56cd93c7f7bfc45f7d2400e67e
|
|
cbe9c105fc am: 4648ad64f2 -s ours am: f2a0e26203 -s ours
am skip reason: Merged-In Ibce11ee7df5b5c8c226ebfab29574a99cd656f6d with SHA-1 9b0d13dc44 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16508594
Change-Id: Ie3e876d04fac6a851158472befd0a18f95309dee
|
|
0f13fe552d am: f86cec5a48 -s ours am: d25e22dbce -s ours
am skip reason: Merged-In I71d7cf5064c8ce4626cff09b92e15ca38b39cbbe with SHA-1 212dcf44f6 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16508593
Change-Id: Ifb3ba14f67a39494d5beb3929d515645908b31e7
|
|
cbe9c105fc am: 4648ad64f2 -s ours
am skip reason: Merged-In Ibce11ee7df5b5c8c226ebfab29574a99cd656f6d with SHA-1 9b0d13dc44 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16508594
Change-Id: Ic7146d0268a50f93c3822a874215643fa02e8b88
|
|
0f13fe552d am: f86cec5a48 -s ours
am skip reason: Merged-In I71d7cf5064c8ce4626cff09b92e15ca38b39cbbe with SHA-1 212dcf44f6 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16508593
Change-Id: Id263840eac339bb7decfd556092cc8a0efb7eae4
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16508594
Change-Id: I165587ce81cbc15030bca8c385f1e63c80ef27a3
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16508593
Change-Id: I3c51969c29fa3b501964651183930e7c7774b071
|
|
am: 0c3407429e -s ours am: dc0120ff41 -s ours am: 27cc85f3f3 -s ours
am skip reason: Merged-In I443741d5ab51a45d37fb865f11c433c436d96c1e with SHA-1 77daf700ce is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16508592
Change-Id: Id695dbdde15afc6d821a79c0be1fb61f9a499566
|
|
am: 0c3407429e -s ours am: dc0120ff41 -s ours
am skip reason: Merged-In I443741d5ab51a45d37fb865f11c433c436d96c1e with SHA-1 77daf700ce is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16508592
Change-Id: I2233c9af21ab8389ac0f1fc90eb4406430bb8be7
|
|
am: 0c3407429e -s ours
am skip reason: Merged-In I443741d5ab51a45d37fb865f11c433c436d96c1e with SHA-1 77daf700ce is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16508592
Change-Id: I8a6b181d61577dde0d97b8340a44ade1a3ebc3f9
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16508592
Change-Id: Id57e0ba202d2003bceae29214d7c8fcd943756e0
|
|
ALL: If this mode is set on a layer, set the DROP_INPUT
feature flag on the layer and its children if it has a valid input
channel. This will ensure these layers will not be able to receive any
input.
Note: this backport does not include the OBSCURED option since its
not needed for the security fix.
Test: atest libgui_test InputDispatcherDropInputFeatureTest
Bug: 197296414
Merged-In: Ibce11ee7df5b5c8c226ebfab29574a99cd656f6d
Change-Id: Ibce11ee7df5b5c8c226ebfab29574a99cd656f6d
|
|
If a window has the feature DROP_INPUT set, then all touch and
key events directed to the window will be dropped. For touch events,
the events will not go to the window behind it.
The flags are used to enable features that allow for a less trusted
interaction model between apps. See the bug for more details.
Test: atest libgui_test InputDispatcherDropInputFeatureTest
Bug: 197296414
Merged-In: I71d7cf5064c8ce4626cff09b92e15ca38b39cbbe
Change-Id: I71d7cf5064c8ce4626cff09b92e15ca38b39cbbe
|
|
Introduces an API to drop input events on this SurfaceControl. This
policy will be inherited by its children. The caller must hold the
ACCESS_SURFACE_FLINGER permission.
Options include:
ALL: SurfaceControl and its children will not receive any
input regardless of whether it has a valid input channel.
These policies are used to enable features that allow for a less trusted
interaction model between apps. See the bug for more details.
Note: this backport does not include the OBSCURED option since its
not needed for the security fix.
Test: atest libgui_test InputDispatcherDropInputFeatureTest
Bug: 197296414
Merged-In: I443741d5ab51a45d37fb865f11c433c436d96c1e
Change-Id: I443741d5ab51a45d37fb865f11c433c436d96c1e
|
|
|
|
sc-qpr3-release
Change-Id: I011955dcd03129f8d2553e3af1a851911b925d9d
|
|
Only dump frozen processes.
Bug: 193808643
Bug: 208829401
Bug: 213190070
Test: adb bugreport
Change-Id: I9dbfce9fe76e80d9c6a842a4ebcfbedf09fbdc42
Merged-In: I9dbfce9fe76e80d9c6a842a4ebcfbedf09fbdc42
|
|
into sc-dev am: 4c3009bfb6 am: 18a6f9eece -s ours
am skip reason: Merged-In Ibce11ee7df5b5c8c226ebfab29574a99cd656f6d with SHA-1 fb06059fa6 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16740116
Change-Id: I928b9b707cc9c72876ad4510ec215a922b034c29
|
|
212dcf44f6 am: 7fc62b023f -s ours
am skip reason: Merged-In I71d7cf5064c8ce4626cff09b92e15ca38b39cbbe with SHA-1 41f77b8f06 is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16740115
Change-Id: I4902b5ac97ea12711fee3e710b2096c5c12b436c
|
|
am: d5a65ea539 -s ours
am skip reason: Merged-In I443741d5ab51a45d37fb865f11c433c436d96c1e with SHA-1 50c735592e is already in history
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16740114
Change-Id: Iad6e22cb397d62a0576ce026e5c1c1bfcc194f51
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16740116
Change-Id: I31cf2e0e7397902c0d38eab7536bb71d5676c2be
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16740115
Change-Id: I09b68edc0216094d00661d2b7c3124a7e9548830
|
|
Original change: https://googleplex-android-review.googlesource.com/c/platform/frameworks/native/+/16740114
Change-Id: I7ab2f02c81569e5ae72fff8a2e1f3ea8fccd8a2e
|
|
* changes:
SurfaceFlinger: Implement drop input modes
InputFlinger: Add DROP_INPUT feature flags
SurfaceControl: Add setDropInputMode api
|
|
ALL: If this mode is set on a layer, set the DROP_INPUT
feature flag on the layer and its children if it has a valid input
channel. This will ensure these layers will not be able to receive any
input.
Note: this backport does not include the OBSCURED option since its
not needed for the security fix.
Test: atest libgui_test InputDispatcherDropInputFeatureTest
Bug: 197296414
Merged-In: Ibce11ee7df5b5c8c226ebfab29574a99cd656f6d
Change-Id: Ibce11ee7df5b5c8c226ebfab29574a99cd656f6d
|
|
If a window has the feature DROP_INPUT set, then all touch and
key events directed to the window will be dropped. For touch events,
the events will not go to the window behind it.
The flags are used to enable features that allow for a less trusted
interaction model between apps. See the bug for more details.
Test: atest libgui_test InputDispatcherDropInputFeatureTest
Bug: 197296414
Merged-In: I71d7cf5064c8ce4626cff09b92e15ca38b39cbbe
Change-Id: I71d7cf5064c8ce4626cff09b92e15ca38b39cbbe
|
|
Introduces an API to drop input events on this SurfaceControl. This
policy will be inherited by its children. The caller must hold the
ACCESS_SURFACE_FLINGER permission.
Options include:
ALL: SurfaceControl and its children will not receive any
input regardless of whether it has a valid input channel.
These policies are used to enable features that allow for a less trusted
interaction model between apps. See the bug for more details.
Note: this backport does not include the OBSCURED option since its
not needed for the security fix.
Test: atest libgui_test InputDispatcherDropInputFeatureTest
Bug: 197296414
Merged-In: I443741d5ab51a45d37fb865f11c433c436d96c1e
Change-Id: I443741d5ab51a45d37fb865f11c433c436d96c1e
|
|
sc-qpr3-release
Change-Id: I10e00d8995ebe6cc2ea3561a50bb7657790eb264
|
|
Give a higher score to frame rates which exact matches by lowering
the scores for other refresh rates, to favor exact (or multiple)
matches when there are multiple refresh rate with a close value.
Bug: b/190578904
Test: SF unit tests
Change-Id: Ia14551e000ee1651a04ab580c4df2afcb2f8edeb
Merged-In: Ia14551e000ee1651a04ab580c4df2afcb2f8edeb
|
|
To avoid cases where devices with very close refresh rates
(such as 53Hz and 55Hz) gives the same score for these,
assign a small (0.99) factor to frame rate that are
not exact match of a multiple of the refresh rate
Test: atest FrameRateCtsActivity
Test: atest RefreshRateConfigsTest
Bug: 190578904
Change-Id: Idd32600ccacc0cad8f44c9d9373e50a333663717
Merged-In: Idd32600ccacc0cad8f44c9d9373e50a333663717
|