Age | Commit message (Collapse) | Author |
|
Because of lack of mutex lock when get mSidebandStream, if one thread
getSidebandStream, another thread setSidebandStream frequently, an UAF
will be triggered.
Bug: 32660278
Test: Marlin device with poc
Change-Id: Idbcf0976ce2db682d0f13455105c45a5c7481a45
(cherry picked from commit 2d8a2432e04234d9edbb3b099f9bbbaa36ad4843)
|
|
Passing a size to std::vector that is too big causes it to silently
under-allocate when exceptions are disabled, leaving us open to an OOB
write. We check the bounds and the resulting size now to verify
allocation succeeds.
Test: Verified reproducer attached to bug no longer crashes Camera
service.
Bug: 31677614
Change-Id: I064b1442838032d93658f8bf63b7aa6d021c99b7
(cherry picked from commit 65a8f07e57a492289798ca709a311650b5bd5af1)
|
|
To speed up boot times, we recently relaxed SELinux restorecon logic
to only consider relabeling app storage when the top level SELinux
label changed.
However, if an app manually deletes either their cache or code_cache
directories, installd will helpfully recreate those directories at
the next boot, but they'll be stuck with incorrect SELinux labels
which an app can't fix. (Our historically aggressive restorecons had
relabeled them, which is why we didn't observe until now.)
This change checks the labels of the cache/code_cache directories,
and runs a restorecon if needed, fixing the issue above.
Test: delete cache and verify recreated with correct label
Bug: 32504081
Change-Id: I0114ae4129223e5909b1075d56a9b1145ebc5ef4
(cherry picked from commit 397ec266753a675e6891c479971e6506491b1b44)
|
|
|
|
|
|
This reverts commit 1d3df546d5ee4dcc9e7cae6f8b8b790f741539af.
Original patch may have caused a stability issue caught in monkey testing.
Bug: 32312240
Change-Id: Ie8d291679590e624b8b90c4786b1c25c76cb2c9f
(cherry picked from commit 598f6d5429b290f33107ef678328914b99c8312e)
|
|
|
|
This reverts commit 1d3df546d5ee4dcc9e7cae6f8b8b790f741539af.
Original patch may have caused a stability issue caught in monkey testing.
Bug: 32312240
Change-Id: Ie8d291679590e624b8b90c4786b1c25c76cb2c9f
|
|
report time."" into nyc-mr1-dev
|
|
This reverts commit f87959e00732d7d737527f1248a71adea99ae29d.
BUG: 32402587
Fixes: 32365477
Change-Id: Ic4daec37efbaef1906450bf6609d5588d5c9a835
|
|
Bug: 31959453
Change-Id: I6fef6781e14f3c1239197798b79cc9239d34d53d
|
|
|
|
BUG: 32219165
Fixes: 32335112
Change-Id: I2bc630f9c840ccd3a2e0474ed16a766e8a405ad8
|
|
|
|
Move layer removal to the main thread, while the display is on.
Bug: 30281222
Change-Id: Id9f956c1e626819734868340e7fa12abf257b702
|
|
|
|
sysfs should be ready on ealier stage than boot
Bug: 32025203
Test: take systrace
Change-Id: Id73b6959f3075dc793d93551963193a211060da8
|
|
|
|
BUG: 31828706
BUG: 30832947
Change-Id: I0a4b1fcce91caa96ccbc4e890d9968e3033487de
(cherry picked from commit f87959e00732d7d737527f1248a71adea99ae29d)
|
|
|
|
|
|
Bug: 31522731
Change-Id: I84d82e55aba5b58dfdbcac9e208c36767fbedfd1
(cherry picked from commit d6e9946cdd57a92c9bc86ba97a4ca42078153008)
|
|
Bug: 31522731
Change-Id: I84d82e55aba5b58dfdbcac9e208c36767fbedfd1
|
|
Bug: 30869013
Change-Id: I1f0e5d820f0153484c38ecb0f9c764fca02d786c
|
|
|
|
Bug: 23113288
Change-Id: I6304425f968fcb22c75c3f6e64bf7992e34e0889
|
|
|
|
|
|
PackageManager has been pretty aggressive about asking installd to
restorecon over app data when it thinks something might have
changed. However, in the vast majority of cases these are no-op
requests, and we waste a bunch of time recursively walking all
private data, easily costing 60+ seconds on dogfooder devices.
This change updates the initial "create_app_data" command to kick off
a recursive restorecon if it detects that the top-level SELinux label
on the app private data directory changes. The "create_app_data"
command is designed to ensure that an app's storage is ready, so
PackageManager always calls it at least once per boot before apps
can run. (This change means that PackageManager no longer needs to
make separate "restorecon_app_data" calls.)
Test: booted, verified that a label change triggered restorecon
Bug: 30768146
Change-Id: I0c8d4018cf8ff888d0ae07a82adc3d61a6002aad
|
|
|
|
Even though SolidColor layers map cleanly to HWC_BACKGROUND composition
in HWC1, SurfaceFlinger never used HWC_BACKGROUND, so we can't trust
that HWC1 devices implemented it correctly. To preserve backwards
compatibility, this changes the behavior to fall back to client
composition to minimize incompatibilities with existing devices.
Bug: 30479781
Change-Id: I638339062e03f2c057b3e1624e7157587ddee7ec
|
|
Add a new method forceScopedDisconnect to Surface. This will
be used by the framework to force disconnection at times where
the underlying GraphicBufferProducer may be about to be reused.
This is scoped by PID to avoid conflicting with remote producers.
Bug: 30236166
Change-Id: I857216483c0b550f240b3baea41977cbc58a67ed
|
|
|
|
|
|
|
|
The NPOT version already has 3 as the threshold and at least one
platform seems to have diff of 3 in one of the internal pixels for POW2
variant.
Bug: 21306103
Bug: 30920650
Change-Id: I7882a6ff43ffc862d95fea32c8ee8e7f19fb759d
Cherry-pick from master (e3747fd25918c943caef4d9c7158a668c786c55d)
|
|
|
|
Add a command to delete odex files.
Bug: 31347757
Change-Id: I29bca8751bcee8d6981c682fbbc816c73b78ac68
|
|
am: 8211047138 -s ours
am: 7b265d8ab5 -s ours
Change-Id: I555ef520067d4300450ef3b0e91f127d06e55b66
|
|
am: 8211047138 -s ours
Change-Id: If827f77c9c8cb36ad3a8f2eaeb6157bc59258a7a
|
|
|
|
|
|
|
|
Usually this happens when the app was recompiled with interpret-only.
In this case, move_ab_path will fail for the app image. If this
occurs, delete the existing app image to not have a stale one wasting
storage space.
Test: Make fake AB ota, delete the a/b generated app image, take the
OTA, ensure there is no stale app image after reboot. Also tested
that other apps with valid app images still had an image.
Bug: 31323617
Change-Id: I699b5eb3dc8f82759c284a1d299865b2c3a890d0
|
|
This method releases all free buffers owned by the buffer queue,
in order to save memory (at the cost of potential future
reallocation of buffers).
Bug: 28695173
Change-Id: I458d10373e639e3144faf673af2ba01aca36e65a
|
|
Updates the default DispSync offsets to 1ms/1ms to avoid SurfaceFlinger
racing against hardware vsync on untuned video-mode panels, which can
result in a significant number of dropped frames. Also moves and
updates the documentation of the offsets, which used to live in
build/target/board/generic/BoardConfig.mk.
Bug: 30801895
Change-Id: I4cb09d840e2f16fb3d05df4d7abf58d9ba36f83b
|
|
nyc-mr1-dev
|
|
|
|
|
|
BUG: 31281543
Change-Id: Idc5759eec12f2704c9b9cc48db181f2e669ccc32
|