| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Change-Id: I8caa11a6d64ce6f01f323f02ee49e69e773b9122
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Email App: Malicious app is able to compose message with hidden
attachments and bypass attachments path checks attaching private files
from /data/data/com.android.email/*
+ Ported the following CLs. Code is different from gmail. Made the changes
to work with Email.
++ https://critique.corp.google.com/#review/136780360
+++ Differentiating our Compose intents from other app's intent.
Added ComposeActivityEmailExternal method and it always returns true.
Treat body and quoted text as plaintext if intent is external.
Bug: 32068883
Bug: 32502421
Bug: 32589229
Test: manual - Ran the following tests on Pixel phone. Tested the Email UI.
$ adb install -r out/target/product/marlin/system/app/Email/Email.apk
$ adb install -r app-debug.apk
Success
$ adb shell am start -n com.test.poc.poc32589229/.MainActivity -a android.intent.action.MAIN
Starting: Intent { act=android.intent.action.MAIN cmp=com.test.poc.poc32589229/.MainActivity }
Duplicated the steps in https://b.corp.google.com/issues/32589229#comment5
and didn't get the attachments after the fix (was getting attachments before the fix).
$ adb install -r out/target/product/marlin/testcases/EmailTests/EmailTests.apk
Performing Streamed Install
Success
$ adb shell am instrument -w com.android.email.tests
The number of failures are same as before (with or without this change).
Tests run: 158, Failures: 5
Change-Id: I4eda17af7f60e1c92f49ffa6025b328f6481ec76
(cherry picked from commit c87d04b8c190f52c4f7e8a22dfaa2b5e065415fe)
|
|
|
|
| |
Change-Id: Ic1f5d250404ce8bfc77419b7d8a38ede7a0189de
|
|
|
|
|
|
|
|
|
|
|
| |
This is to backport a security fix reported in b/71814449 and
b/72569023. Fix is using the same approach as b/27308057, which is to
prevent Compose from accepting URIs with our own email attachment
provider.
Bug: b/71814449
Change-Id: Ib9df21648d00d2ef2da9fac05cc39fee253de8e2
(cherry picked from commit 7227751994624bdb2ba958714cc861b8bab41634)
|
|
|
|
| |
Change-Id: Id5c529f379cb32cd27dbfad2550f6e6c09c3356a
|
|
|
|
| |
Change-Id: I998b35b0c1efacfa786524ea41c495db2228c54d
|
|
|
|
| |
Change-Id: Ie05fc45c01b4484cea9aab80c2d9c0a60552204e
|
|
|
|
| |
Change-Id: Iced85a67cb7b08a437b0081421ce25aed22f56bd
|
|
|
|
| |
Change-Id: I1c38694e799250cdd2192b2baa0f1ea62ff452f2
|
|
|
|
| |
Change-Id: I19d5472708e3ab2cedbc7342584f74acdb5521f7
|
|
|
|
| |
Change-Id: Id5ad5b3b1f24b8589b120c7e603c94b90146b19d
|
|
|
|
| |
Change-Id: Idf6dfcec7e5410bf5cb7852259096430ea24a9f2
|
|
|
|
| |
Change-Id: I9c39ce02cd4d07fc40930b95123f6a2ae9fbcb42
|
|
|
|
|
| |
Change-Id: I0d256dc1dfe9f6fd3739c9481731708c416c1a93
Ticket: -
|
|
|
|
|
| |
Change-Id: I33d3c94a101fa438dbc74713deb5b5733b960f12
Ticket: -
|
|
|
|
|
| |
Change-Id: Iaf9197371acaf4964e3dce1391a65883ad1203a9
Ticket: -
|
|\
| |
| |
| |
| |
| |
| |
| | |
CYNGNOS-3303
Android 6.0.1 release 74
Change-Id: Iad0c64875272dc2ca6f05b668812f8642c395cff
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The security issue occurs because id is allowed to be an arbitrary
path instead of being limited to what it is -- a long. Both id
and account id are now parsed into longs (and if either fails, an
error will be logged and null will be returned).
Tested/verified error is logged using the reported attack.
BUG=30745403
Change-Id: Ia21418545bbaeb96fb5ab6c3f4e71858e57b8684
(cherry picked from commit 9794d7e8216138adf143a3b6faf3d5683316a662)
|
|\ \
| | |
| | |
| | |
| | |
| | |
| | | |
Android 6.0.1 Release 72 (M4B30X)
# gpg: Signature made Tue 04 Oct 2016 09:47:44 AM PDT using DSA key ID 9AB10E78
# gpg: Can't check signature: public key not found
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The security issue occurs because id is allowed to be an arbitrary
path instead of being limited to what it is -- a long. Both id
and account id are now parsed into longs (and if either fails, an
error will be logged and null will be returned).
Tested/verified error is logged using the reported attack.
BUG=30745403
Change-Id: Ia21418545bbaeb96fb5ab6c3f4e71858e57b8684
(cherry picked from commit 9794d7e8216138adf143a3b6faf3d5683316a662)
|
| | |
| | |
| | |
| | |
| | | |
Bug: 29767043
Change-Id: Ib9f16385a5e63557b6f293d148e49c9ad044c9b4
|
| | |
| | |
| | |
| | |
| | | |
Change-Id: I754a9192727663b9fb3bf2703ddb65ed4e2aae23
Ticket: -
|
|\ \ \
| | |/
| |/|
| | |
| | |
| | |
| | | |
Android 6.0.1 release 66
# gpg: Signature made Tue 06 Sep 2016 09:27:04 AM PDT using DSA key ID 9AB10E78
# gpg: Can't check signature: public key not found
|
| |/
| |
| |
| |
| | |
Bug: 29767043
Change-Id: Ib9f16385a5e63557b6f293d148e49c9ad044c9b4
|
| |
| |
| |
| |
| | |
Change-Id: I8a06d0c90beb9f3a10e5ab2d0c6b0439a0af4250
Ticket: -
|
| |
| |
| |
| |
| | |
Change-Id: I73cc3b198e7afefac7ca45b9182c27fbb5c9cf84
Ticket: -
|
| |
| |
| |
| | |
Change-Id: Iaec2fcecbb6c499dc8617717e5ee403acf4e5ec7
|
| |
| |
| |
| | |
Change-Id: Ic4be3ce549087ff3eb1658bad42be2a42f33258b
|
|\|
| |
| |
| |
| |
| |
| | |
Ticket: CYNGNOS-2373
Android 6.0.1 release 43 (MOB30J)
Change-Id: I1241266b370fb1ba0560217684002d01867a0c77
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
EmailProvider.
This is to backport a security fix reported by b/27308057 and b/27335139.
Also, add Analytics for these errors.
Bug: b/27335139
Change-Id: Iaacb34e4983cdf9a85487222ae930cb64d80a193
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
https://android.googlesource.com/platform/packages/apps/Email into cm-13.0"
This reverts commit 97bb12ecc4262875a0fa0b829f23b7d19d63b9ec, reversing
changes made to 457778a056ead5eb59edf0ae9334673e711dd753.
Change-Id: If9444c1b4824e94f2cfe7074e87e98a5d46f0c6b
|
| |
| |
| |
| | |
Change-Id: Ic350055294d1302930880df63edeabb45869613c
|
| |
| |
| |
| | |
Change-Id: I4978f0ed82da34c24d65bf6ade6aa331875983c0
|
| |
| |
| |
| | |
Change-Id: I63554dfc536493d83b6fcf62e7e710e11d1124f0
|
| |
| |
| |
| | |
Change-Id: Icfb9b53a760d25e78f150e7a2f089aeac20a2a76
|
|\ \
| | |
| | |
| | |
| | |
| | | |
https://android.googlesource.com/platform/packages/apps/Email into cm-13.0
Android 6.0.1 release 22
|
| |\ \
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
translations. DO NOT MERGE
* commit 'd82f26fde87e3d8ad5246d536100886fc34f4db3':
Import translations. DO NOT MERGE
|
| | |\|
| | | |
| | | |
| | | |
| | | | |
* commit 'c84ce2000f443ef6c7a6df6ad0b1c76abae7790b':
Import translations. DO NOT MERGE
|
| |\| |
| | | |
| | | |
| | | |
| | | | |
* commit 'e8332fcd7062b531ade6c91d0cb349b11ef28832':
Import translations. DO NOT MERGE
|
| | |\ \
| | | | |
| | | | |
| | | | |
| | | | | |
* commit '653e3ce35aa6167a25482db909452a81dd0fa860':
Import translations. DO NOT MERGE
|
| |\| | |
| | | | |
| | | | |
| | | | |
| | | | | |
* commit 'f3973456f43255ec5f72764734c5181294e958e3':
Email app might use cleartext network traffic.
|
| |\ \ \ \
| | | | | |
| | | | | |
| | | | | |
| | | | | | |
* commit 'a66673b72bca06a87cdc314aef34ea4ee0c381be':
Import translations. DO NOT MERGE
|
| |\ \ \ \ \
| | | | | | |
| | | | | | |
| | | | | | |
| | | | | | | |
* commit '083af06aba7d1d5d3a581f1b404d2df5978e07d3':
Use $(SUPPORT_LIBRARY_ROOT) to reference support library resource dir.
|
| |\ \ \ \ \ \
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
* commit 'a077ee42ad6a656a064695390e6070cef51ca7f5':
Import translations. DO NOT MERGE
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Change-Id: I8f12eab6eb3d524a8967ad1bb0a4d048bd100bc8
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Change-Id: I97bc9a320aeabe172a9dd4abf443956063d27774
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Change-Id: I85798f7a96bb1195447796417a1f4cf8929532fe
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Change-Id: I67516c359ef0b485050c64e37d3523898187fd7c
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Instead of coalescing for 15 seconds after the first change
notification, coalesce until change notifications have been idle for at
least 2 seconds. This avoids long update delays, which is especially
jarring when using notifications on a wearable and the initial
notification didn't yet include the message body.
Also skip coalescence entirely for deletions; update immediately in that
case.
Change-Id: I67bed9a1af7b023020b0fd5429495eb45000e858
|
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | | |
Change-Id: I5c5ad8e76025c92c2b11dd1948e32eaa5efe8fd5
Signed-off-by: Jorge Ruesga <jorge@ruesga.com>
(cherry picked from commit b9984debe6b72f06cbf9bf72baa54b80f017eb38)
|