summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge tag 'android-8.1.0_r73' into staging/lineage-15.1_merge-android-8.1.0_r73lineage-15.1Kevin F. Haggerty2020-02-032-18/+4
|\ | | | | | | | | | | | | | | | | | | Android 8.1.0 Release 73 (6107733) * tag 'android-8.1.0_r73': Don't leak input events to dumpsys on user builds Resize object capacity when shrinking Parcel Change-Id: I2c7ef27427de1fc92c088df28dd7cc41e39179d0
| * Don't leak input events to dumpsys on user buildsAshwini Oruganti2019-12-161-18/+2
| | | | | | | | | | | | | | | | | | | | | | | | Remove the details of KeyEvent and MotionEvent logs. Bug: 139945049 Test: Tested on a device, the input functions work as expected and input event logs are not leaked to dumpsys on user builds. Change-Id: I98c9c375f18963177bf0c1d8829a217b4ad4acc6 Merged-In: I98c9c375f18963177bf0c1d8829a217b4ad4acc6 (cherry picked from commit c2ddb61f37b2f7a1067534fc3a950c7fe4677818)
| * Resize object capacity when shrinking ParcelMichael Wachenschwanz2019-12-161-0/+2
| | | | | | | | | | | | | | | | Bug: 140419401 Test: atest android.os.cts.ParcelTest Change-Id: I04edee415e1984ba5fb97c5c1b09892a360cf221 (cherry picked from commit c67d9f33b36cbb95b121d058f51d6653f1ec4334) (cherry picked from commit d9d10dbdf2f20af3dd01376d2130c71c052e42f3)
* | Merge tag 'android-8.1.0_r72' into staging/lineage-15.1_merge-android-8.1.0_r72Kevin F. Haggerty2020-01-071-1/+2
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Android 8.1.0 release 72 * tag 'android-8.1.0_r72': Sensor: use FlattenableUtils::align Fix race between SensorManager ctor and callback Free mObjects if no objects left to realloc on resize [RESTRICT AUTOMERGE] libbinder: Status: check dataPosition sets. libbinder: readCString: no ubsan sub-overflow Zero-initialize HIDL structs before passing Sanitize InputMessage before sending libui: add boundary check to GraphicBuffer::unflatten Increment when attempting to read protected Parcel Data Don't pad before calling writeInPlace(). Disallow reading object data from Parcels with non-object reads Add bounds check to sensors direct channel creation surfaceflinger: make vsync injection more robust Change-Id: I615ab9998112f67f22d703baef992507990e319b
| * Sensor: use FlattenableUtils::alignSteven Moreland2019-11-071-1/+2
| | | | | | | | | | | | | | | | | | | | Since it memsets skipped over memory now. Bug: 141890807 Test: boot, check buffer is zero'd here Change-Id: Ieb3cd90215a3ccc1dc43365ecde251a50db08553 (cherry picked from commit d58cf5acb863eddbbeb9982439965e259045940e) (cherry picked from commit dbd0eecfc7570231d5cbb76678b0358c43ee6d3c)
| * Fix race between SensorManager ctor and callbackBrian Duddie2019-07-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | Avoids potential invalid memory access if system server crashes during initialization. Bug: 132927376 Test: confirm sensors initialize Change-Id: If7421c452b5893ab2567323d265503a1ce304482 Merged-In: If7421c452b5893ab2567323d265503a1ce304482 (cherry picked from commit 231a12189b2b820843ebf5d002876a23e0890c09)
| * Free mObjects if no objects left to realloc on resizeMichael Wachenschwanz2019-07-111-4/+10
| | | | | | | | | | | | | | | | | | | | Bug: 134168436 Bug: 133785589 Bug: 34175893 Test: atest CtsOsTestCases:ParcelTest#testObjectDoubleFree Change-Id: I82e7e8c7b4206fb45b832a71d174df45edb62710 Merged-In: I82e7e8c7b4206fb45b832a71d174df45edb62710 (cherry picked from commit edd3e3d8f441131b02e5a78d18babf9d16ef9e6e)
| * [RESTRICT AUTOMERGE] libbinder: Status: check dataPosition sets.Steven Moreland2019-06-101-2/+22
| | | | | | | | | | | | | | Bug: 132650049 Test: fuzzer Change-Id: Id230eae4316a444bc82b416b2049d5a5f589f89a (cherry picked from commit 00d4358fcd2875b1e26ac50d620f2dec439ef3ee)
| * libbinder: readCString: no ubsan sub-overflowSteven Moreland2019-06-101-2/+2
| | | | | | | | | | | | | | | | Bug: 131859347 Test: fuzzer Change-Id: I95a0f59684a172925f1eab97ff21e5d14bc79cc8 Merged-In: I95a0f59684a172925f1eab97ff21e5d14bc79cc8 (cherry picked from commit d0d4b584fc294d2c124385644099852918416344)
| * Zero-initialize HIDL structs before passingPawin Vongmasa2019-05-101-2/+2
| | | | | | | | | | | | | | | | | | | | | | Test: cts-tradefed run cts-dev --module CtsMediaTestCases --compatibility:module-arg CtsMediaTestCases:include-annotation:android.platform.test.annotations.RequiresDevice (only existing failures/flakes) Bug: 131267328 Bug: 131356202 Change-Id: I91e6e0c692d470f4d3a713068545cedf5ae925a7 Merged-In: I91e6e0c692d470f4d3a713068545cedf5ae925a7 (cherry picked from commit c4a5f5ec811b149428e0835b7aabc6c4c802e720)
| * Sanitize InputMessage before sendingSiarhei Vishniakou2019-01-143-2/+120
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The struct InputMessage has many fields, and is force-aligned to 8-byte boundaries. There are also some padding fields that carry no information. This struct is typically allocated in the stack and populated with various values before being sent across as a stream of bytes through the socket. Therefore, the "unused" data portions of the struct could contain portions of the stack, since there aren't ever writes to those memory locations. To avoid this information leak, forcefully sanitize the struct. Create a new struct that is explicitly set to zero. Next, only fill the meaningful fields manually. Bug: 115739809 Test: cts-tradefed run cts -m CtsSecurityBulletinHostTestCases -t android.security.cts.Poc18_12; adb shell monkey 100000 Change-Id: I7e44dacf1e8fa3156c8e4d2f7784ef0c53dab507 Merged-In: I7e44dacf1e8fa3156c8e4d2f7784ef0c53dab507 (cherry picked from commit e730f5aaa1c726ee9998a080e2d7f6284f4afec8)
| * libui: add boundary check to GraphicBuffer::unflattenChia-I Wu2018-10-161-0/+4
| | | | | | | | | | | | | | | | | | | | Commit cb496acbe593326e8d5d563847067d02b2df40ec removed the boundary check by accident. Bug: 114223584 Test: manual Change-Id: I057bc02d5807e438530d1a5327c2e02b9d154151 (cherry picked from commit bf8d7210c4bbbdc875e9695a301cdf9c3b544279)
| * Increment when attempting to read protected Parcel DataMichael Wachenschwanz2018-05-151-3/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure to increment the parcel data position even when trying to improperly read from protected data Bug: 29833520 Test (M): cts-tradefed run cts -c android.os.cts.ParcelTest -m testBinderDataProtection Test (M): cts-tradefed run cts -c android.os.cts.ParcelTest -m testBinderDataProtectionIncrements Test: cts-tradefed run cts -m CtsOsTestCases -t android.os.cts.ParcelTest#testBinderDataProtection Test: cts-tradefed run cts -m CtsOsTestCases -t android.os.cts.ParcelTest#testBinderDataProtectionIncrements Change-Id: Ie4aae6277fc5f5c924f603d9828c3a608998b986 Merged-In: Ie4aae6277fc5f5c924f603d9828c3a608998b986 (cherry picked from commit 6a825e8ad1a3928dd872bb7c3fbcd94784d77267)
| * Don't pad before calling writeInPlace().Martijn Coenen2018-05-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | writeInplace() itself already pads securely, by masking off the padded bytes. If the padding is done before calling writeInplace(), no mask is applied, and heap data can leak. Bug: 77237570 Test: builds Change-Id: Ide27a0002d4ed4196530430760245b971f6a3f44 Merged-In: Ide27a0002d4ed4196530430760245b971f6a3f44 (cherry picked from commit f8542381b72a7bb2452a5278a00ca8c34edbf8a0) (cherry picked from commit 732132b765cd7b667f16cf32f0fe4c852d7d44dd)
| * Disallow reading object data from Parcels with non-object readsMichael Wachenschwanz2018-05-152-0/+75
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The check added to each non-object reads adds an overhead. If the objects (binders and file descriptors) were written to the Parcel in sequential order then check adds a small O(1) overhead to each read, plus an O(N) overhead to the first read (to verify the N objects were added in order). If the objects were written out of order (as in by jumping around the Parcel with setDataPosition and writing Binder, DON'T DO THIS!!) (writing non objects out of order is fine), the first read is forced to sort the objects in the internal bookkeeping. Based on the assumption non sequential writes are infrequent and overall Parcels are probably mostly sorted, insertion sort was used. Worst case sorts will add an O(N^2) overhead to the first non object read from the Parcel. Test: run cts -m CtsOsTestCases -t android.os.cts.ParcelTest Bug: 29833520 Change-Id: I82de8eb5f5eb56f869542d5358e96884c24301b2 (cherry picked from commit c517681c66a1a387be657e0cf06da8d19659dd14)
| * Add bounds check to sensors direct channel creationBrian Duddie2018-03-151-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | Avoids attempting to read a 0-size array during input validation. Adds SafetyNet logging when this is triggered. Also, change the cast for the ashmem size check from int to int64_t to avoid potential conversion to negative number on 32-bit systems. Bug: 70986337 Test: run POC, confirm via logs that function bails early Change-Id: I674285738983f18de3466f9e818d83dabe269b7d (cherry picked from commit 0eb4624b33aeb375ae431a6b1e2b787c959968fe)
| * surfaceflinger: make vsync injection more robustChia-I Wu2017-11-283-7/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are more issues than I expected :) - no lock to synchronize enable/disable and injection - Every time injection is diabled and enabled, a new EventThread is created - mCallback might be nullptr - ENABLE_VSYNC_INJECTIONS/INJECT_VSYNC should require special permission - MessageQueue::setEventThread must be called from the main thread - MessageQueue::setEventThread does not handle EventThread switch well Bug: 65483324 Test: manual Merged-In: I7d7b98d1f57afc64af0f2065a9bc7c8ad004ca9f Change-Id: I7d7b98d1f57afc64af0f2065a9bc7c8ad004ca9f (cherry picked from commit 6200eacdc927776483d775562db11cce284cc7e0)
* | Add dalvik-heap device-configs for 4/6GB devicesLokesh Gidra2019-12-233-2/+52
| | | | | | | | | | | | | | | | | | We are currently using 2GB phone dalvik-heap configs for 4 and 6GB phones. Bug: 145823510 Test: mpts/greenday tests Change-Id: Ia2b826c95643f935878335c2434deadf7f8401c4
* | Fix race between SensorManager ctor and callbackBrian Duddie2019-09-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | Avoids potential invalid memory access if system server crashes during initialization. Bug: 132927376 Test: confirm sensors initialize Change-Id: If7421c452b5893ab2567323d265503a1ce304482 Merged-In: If7421c452b5893ab2567323d265503a1ce304482 (cherry picked from commit 231a12189b2b820843ebf5d002876a23e0890c09)
* | Free mObjects if no objects left to realloc on resizeMichael Wachenschwanz2019-09-051-4/+10
| | | | | | | | | | | | | | | | | | | | Bug: 134168436 Bug: 133785589 Bug: 34175893 Test: atest CtsOsTestCases:ParcelTest#testObjectDoubleFree Change-Id: I82e7e8c7b4206fb45b832a71d174df45edb62710 Merged-In: I82e7e8c7b4206fb45b832a71d174df45edb62710 (cherry picked from commit edd3e3d8f441131b02e5a78d18babf9d16ef9e6e)
* | libbinder: Status: check dataPosition sets.Steven Moreland2019-08-061-2/+22
| | | | | | | | | | | | | | Bug: 132650049 Test: fuzzer Change-Id: Id230eae4316a444bc82b416b2049d5a5f589f89a (cherry picked from commit 00d4358fcd2875b1e26ac50d620f2dec439ef3ee)
* | libbinder: readCString: no ubsan sub-overflowSteven Moreland2019-08-061-2/+2
| | | | | | | | | | | | | | | | Bug: 131859347 Test: fuzzer Change-Id: I95a0f59684a172925f1eab97ff21e5d14bc79cc8 Merged-In: I95a0f59684a172925f1eab97ff21e5d14bc79cc8 (cherry picked from commit d0d4b584fc294d2c124385644099852918416344)
* | Zero-initialize HIDL structs before passingPawin Vongmasa2019-07-021-2/+2
| | | | | | | | | | | | | | | | | | | | Test: cts-tradefed run cts-dev --module CtsMediaTestCases --compatibility:module-arg CtsMediaTestCases:include-annotation:android.platform.test.annotations.RequiresDevice (only existing failures/flakes) Bug: 131267328 Bug: 131356202 Change-Id: I91e6e0c692d470f4d3a713068545cedf5ae925a7 Merged-In: I91e6e0c692d470f4d3a713068545cedf5ae925a7 (cherry picked from commit c4a5f5ec811b149428e0835b7aabc6c4c802e720)
* | Sanitize InputMessage before sendingSiarhei Vishniakou2019-03-043-2/+120
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The struct InputMessage has many fields, and is force-aligned to 8-byte boundaries. There are also some padding fields that carry no information. This struct is typically allocated in the stack and populated with various values before being sent across as a stream of bytes through the socket. Therefore, the "unused" data portions of the struct could contain portions of the stack, since there aren't ever writes to those memory locations. To avoid this information leak, forcefully sanitize the struct. Create a new struct that is explicitly set to zero. Next, only fill the meaningful fields manually. Bug: 115739809 Test: cts-tradefed run cts -m CtsSecurityBulletinHostTestCases -t android.security.cts.Poc18_12; adb shell monkey 100000 Change-Id: I7e44dacf1e8fa3156c8e4d2f7784ef0c53dab507 Merged-In: I7e44dacf1e8fa3156c8e4d2f7784ef0c53dab507 (cherry picked from commit e730f5aaa1c726ee9998a080e2d7f6284f4afec8)
* | Merge tag 'android-8.1.0_r52' into staging/lineage-15.1_merge-android-8.1.0_r52Kevin F. Haggerty2018-12-031-0/+4
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Android 8.1.0 release 52 * tag 'android-8.1.0_r52': libui: add boundary check to GraphicBuffer::unflatten Don't pad before calling writeInPlace(). Increment when attempting to read protected Parcel Data Disallow reading object data from Parcels with non-object reads Change-Id: I59cee11ce14f823170fbb5e29877b9472231a981
| * \ Merge cherrypicks of [5313339, 5313437, 5313318, 5313340, 5313282, 5313283, ↵android-build-team Robot2018-10-191-0/+4
| |\ \ | | | | | | | | | | | | | | | | | | | | 5313438, 5313284, 5313341, 5313379, 5313380, 5313319, 5313320, 5313321, 5313285, 5313286, 5313287, 5313497, 5313439] into oc-m7-release Change-Id: I6fb2bf1fb11d79b60303b6c9525543c041e3a8d0
| | * | libui: add boundary check to GraphicBuffer::unflattenChia-I Wu2018-10-191-0/+4
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit cb496acbe593326e8d5d563847067d02b2df40ec removed the boundary check by accident. Bug: 114223584 Test: manual Change-Id: I057bc02d5807e438530d1a5327c2e02b9d154151 (cherry picked from commit bf8d7210c4bbbdc875e9695a301cdf9c3b544279)
| * | Merge cherrypicks of [4741663, 4741664, 4741665, 4741666, 4743080, 4743081, ↵android-build-team Robot2018-08-102-1/+90
| |\ \ | | | | | | | | | | | | | | | | | | | | 4743082, 4743083, 4741262, 4741263, 4741264, 4741265, 4741266, 4741667, 4743084, 4741242, 4741243, 4741741, 4741742, 4741743, 4741744, 4741822, 4743085, 4741668, 4741338, 4743055, 4743056, 4743070, 4743073, 4743075, 4743076, 4743078, 4743079, 4743161, 4743162, 4743164, 4743165, 4743167, 4743168, 4743169, 4743170, 4741681, 4741682, 4741683, 4741684, 4741685, 4741686, 4741687, 4741688, 4741689, 4741690, 4741691, 4741692, 4741693, 4741694, 4741695, 4741696, 4741697, 4741698, 4741699, 4743240, 4743241, 4743242, 4743243, 4741745, 4741823, 4741824, 4741825, 4741267, 4741268, 4743244, 4743280, 4743281, 4743224, 4743203, 4743204, 4743205, 4741746, 4741747, 4743245, 4741826, 4741827, 4741828, 4741829, 4741748, 4741749, 4741750, 4743233, 4743282, 4741244, 4741245, 4741246, 4741247, 4743206, 4743207, 4743208, 4743209, 4743210, 4743211, 4743212, 4743213, 4743214, 4743215, 4743216, 4743217, 4743218, 4743219, 4743360, 4743361, 4743362, 4743363, 4743364, 4743365, 4743366, 4743367, 4743368, 4743369, 4743370, 4743371, 4743372, 4743373, 4743374, 4743375, 4743376, 4743377, 4743283, 4743284, 4741830, 4742501, 4743246, 4743086, 4743087, 4743378, 4743379, 4741751] into sparse-4749909-L04200000199131547 Change-Id: Iead43bb0deac18379a0a05dff4cadc3a86e59d1b
| | * | Don't pad before calling writeInPlace().Martijn Coenen2018-08-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | writeInplace() itself already pads securely, by masking off the padded bytes. If the padding is done before calling writeInplace(), no mask is applied, and heap data can leak. Bug: 77237570 Test: builds Change-Id: Ide27a0002d4ed4196530430760245b971f6a3f44 Merged-In: Ide27a0002d4ed4196530430760245b971f6a3f44 (cherry picked from commit f8542381b72a7bb2452a5278a00ca8c34edbf8a0) (cherry picked from commit 732132b765cd7b667f16cf32f0fe4c852d7d44dd) Change-Id: I59a088c75353786ca105a3735886af372592c759
| | * | Increment when attempting to read protected Parcel DataMichael Wachenschwanz2018-08-101-3/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure to increment the parcel data position even when trying to improperly read from protected data Bug: 29833520 Test (M): cts-tradefed run cts -c android.os.cts.ParcelTest -m testBinderDataProtection Test (M): cts-tradefed run cts -c android.os.cts.ParcelTest -m testBinderDataProtectionIncrements Test: cts-tradefed run cts -m CtsOsTestCases -t android.os.cts.ParcelTest#testBinderDataProtection Test: cts-tradefed run cts -m CtsOsTestCases -t android.os.cts.ParcelTest#testBinderDataProtectionIncrements Change-Id: Ie4aae6277fc5f5c924f603d9828c3a608998b986 Merged-In: Ie4aae6277fc5f5c924f603d9828c3a608998b986 (cherry picked from commit 6a825e8ad1a3928dd872bb7c3fbcd94784d77267)
| | * | Disallow reading object data from Parcels with non-object readsMichael Wachenschwanz2018-08-102-0/+75
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The check added to each non-object reads adds an overhead. If the objects (binders and file descriptors) were written to the Parcel in sequential order then check adds a small O(1) overhead to each read, plus an O(N) overhead to the first read (to verify the N objects were added in order). If the objects were written out of order (as in by jumping around the Parcel with setDataPosition and writing Binder, DON'T DO THIS!!) (writing non objects out of order is fine), the first read is forced to sort the objects in the internal bookkeeping. Based on the assumption non sequential writes are infrequent and overall Parcels are probably mostly sorted, insertion sort was used. Worst case sorts will add an O(N^2) overhead to the first non object read from the Parcel. Test: run cts -m CtsOsTestCases -t android.os.cts.ParcelTest Bug: 29833520 Change-Id: I82de8eb5f5eb56f869542d5358e96884c24301b2 (cherry picked from commit c517681c66a1a387be657e0cf06da8d19659dd14)
* | | thermalservice: run as user+group system, not rootTodd Poynor2018-10-261-0/+2
| | | | | | | | | | | | | | | | | | Bug: 66954030 Test: manual on taimen with artificially low thermal thresholds Change-Id: I2a9275806b4cb710d115ba4cc4e4f161eefd1839
* | | Merge tag 'android-8.1.0_r43' into staging/lineage-15.1_merge-android-8.1.0_r43Kevin F. Haggerty2018-08-080-0/+0
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Android 8.1.0 release 43 * tag 'android-8.1.0_r43': Don't pad before calling writeInPlace(). Increment when attempting to read protected Parcel Data Disallow reading object data from Parcels with non-object reads Add bounds check to sensors direct channel creation Change-Id: Ia60c5bc87bd7b38778d1ac12914b289c3adfad34
| * \ \ Merge cherrypicks of [4586293, 4586294, 4586295, 4584365, 4584366, 4584367, ↵android-build-team Robot2018-07-202-1/+90
| |\ \ \ | | |/ / | |/| | | | | | | | | | | | | | 4584368, 4584369, 4584370, 4587544, 4584705, 4586296, 4587545, 4587546, 4586297, 4586298, 4586299, 4586300, 4584371, 4586301, 4584706, 4586302, 4586303, 4587584, 4587585, 4587586, 4587587, 4587588, 4587589, 4587590, 4587591, 4587644, 4587645, 4587646, 4587647, 4587648, 4587649, 4587650, 4587651, 4587652, 4587653, 4587654, 4587655, 4587656, 4587657, 4587658, 4587659, 4587660, 4587661, 4587662, 4584536, 4587547, 4587548, 4587549, 4584707, 4584708, 4587550, 4587551, 4587593, 4586516, 4584372, 4584373, 4584374, 4587595, 4584375, 4584376, 4587552, 4587596, 4587597, 4587598, 4587599, 4584414, 4584415, 4584416, 4584417, 4584418, 4584419, 4584420, 4584421, 4584422, 4584423, 4587804, 4587805, 4587806, 4587807, 4587808, 4587809, 4587810, 4587811, 4587812, 4587813, 4587814, 4587815, 4587816, 4587817, 4587818, 4587884, 4587885, 4587600, 4587601, 4587819, 4584709] into sparse-4749909-L91900000192339903 Change-Id: I3a42d470f5586c016c07e0a8af44e8afc5ebedb0
| | * | Don't pad before calling writeInPlace().Martijn Coenen2018-07-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | writeInplace() itself already pads securely, by masking off the padded bytes. If the padding is done before calling writeInplace(), no mask is applied, and heap data can leak. Bug: 77237570 Test: builds Change-Id: Ide27a0002d4ed4196530430760245b971f6a3f44 Merged-In: Ide27a0002d4ed4196530430760245b971f6a3f44 (cherry picked from commit f8542381b72a7bb2452a5278a00ca8c34edbf8a0) (cherry picked from commit 732132b765cd7b667f16cf32f0fe4c852d7d44dd) Change-Id: Id4d309eadcb877ba393caa5410fde2ffc476f5df
| | * | Increment when attempting to read protected Parcel DataMichael Wachenschwanz2018-07-201-3/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make sure to increment the parcel data position even when trying to improperly read from protected data Bug: 29833520 Test (M): cts-tradefed run cts -c android.os.cts.ParcelTest -m testBinderDataProtection Test (M): cts-tradefed run cts -c android.os.cts.ParcelTest -m testBinderDataProtectionIncrements Test: cts-tradefed run cts -m CtsOsTestCases -t android.os.cts.ParcelTest#testBinderDataProtection Test: cts-tradefed run cts -m CtsOsTestCases -t android.os.cts.ParcelTest#testBinderDataProtectionIncrements Change-Id: Ie4aae6277fc5f5c924f603d9828c3a608998b986 Merged-In: Ie4aae6277fc5f5c924f603d9828c3a608998b986 (cherry picked from commit 6a825e8ad1a3928dd872bb7c3fbcd94784d77267)
| | * | Disallow reading object data from Parcels with non-object readsMichael Wachenschwanz2018-07-202-0/+75
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The check added to each non-object reads adds an overhead. If the objects (binders and file descriptors) were written to the Parcel in sequential order then check adds a small O(1) overhead to each read, plus an O(N) overhead to the first read (to verify the N objects were added in order). If the objects were written out of order (as in by jumping around the Parcel with setDataPosition and writing Binder, DON'T DO THIS!!) (writing non objects out of order is fine), the first read is forced to sort the objects in the internal bookkeeping. Based on the assumption non sequential writes are infrequent and overall Parcels are probably mostly sorted, insertion sort was used. Worst case sorts will add an O(N^2) overhead to the first non object read from the Parcel. Test: run cts -m CtsOsTestCases -t android.os.cts.ParcelTest Bug: 29833520 Change-Id: I82de8eb5f5eb56f869542d5358e96884c24301b2 (cherry picked from commit c517681c66a1a387be657e0cf06da8d19659dd14)
| * | Merge cherrypicks of [3898937, 3898958, 3899077, 3897885, 3898496, 3898245, ↵android-build-team Robot2018-04-131-1/+7
| |\ \ | | | | | | | | | | | | | | | | | | | | 3898959, 3898960, 3897790, 3898312, 3898313, 3898314, 3899155, 3899156, 3899157, 3898289, 3898290, 3899061, 3898291, 3898292, 3896951, 3899158, 3898961, 3898938, 3898246] into sparse-4657601-L30800000163316240 Change-Id: Ic0d6e84bbc01ff709ad9fc8eb646e4c53453ebe2
| | * | Add bounds check to sensors direct channel creationBrian Duddie2018-04-131-1/+7
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Avoids attempting to read a 0-size array during input validation. Adds SafetyNet logging when this is triggered. Also, change the cast for the ashmem size check from int to int64_t to avoid potential conversion to negative number on 32-bit systems. Bug: 70986337 Test: run POC, confirm via logs that function bails early Change-Id: I674285738983f18de3466f9e818d83dabe269b7d (cherry picked from commit 0eb4624b33aeb375ae431a6b1e2b787c959968fe)
* | | SF: Backport "Fix landscape LCM issue" for legacy hwcIris Chang2018-08-071-2/+8
| | | | | | | | | | | | | | | Change-Id: Ib3a2c88e68db96c80db636addbf038ec9f6b7c35 Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
* | | SF: Backport "Need GSI to support landscape LCM" for legacy hwcIris Chang2018-08-071-0/+60
| | | | | | | | | | | | | | | Change-Id: If75420059c6d4f10cce0d180d67e67d23910af44 Signed-off-by: Vladimir Oltean <olteanv@gmail.com>
* | | DO NOT MERGE: Fix landscape LCM issueIris Chang2018-08-071-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When device uses landscape LCM, the nature of the screen shows that the device is a portrait device. In this case, we find GPU filter function is opened by mistake when capturing screen and CTS case fails because image pixel value is changed. The solution is to correct the GPU filter by hworientation. Bug: 69691076 Test: 1. Capture screen 2. android.uirendering.cts.testclasses.SurfaceViewTests#testMovingWhiteSurfaceView Change-Id: I67b75fc8fab188d24f1d5febff20d9bd10c15204
* | | DO NOT MERGE: Need GSI to support landscape LCMIris Chang2018-08-073-2/+78
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When device uses landscape LCM, the nature of the screen shows that the device is a portrait device. After we flash with GSI, there is vendor solution for landscape LCM used at portrait device. As the result, the screen displays landscape layout and orientation while device is at portrait orientation. In addition, the sensor coordinate system mismatches with android coordinate system. We suggest Google can add config to handle the case "portrait device uses landscape LCM or landscape device uses portrait LCM". Bug: 69691076 Test: We verified following test cases for this patch. 1. Make sure homescreen is normal 2. Rotate device and make sure screen is normal 3. Grab screen shot and check if screen shot is normal 4. Connect to Wi-Fi display and make sure WFD screen is normal Change-Id: I6675e2a39b03c99ae9fab145fde3cd4eda639564 (cherry picked from 8686db3b5f5b6107a65abba2ab1e1bc4b7e1fe8d)
* | | Revert "SF: Squashed hwrotation support"Vladimir Oltean2018-08-075-51/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | * This reverts commit a9fa1c9c19d6ac00aa0073ef23b7a1d95f8e0a90. Our current implementation is being replaced in the next patch by the upstream one, which is currently on the oreo-mr1-dev AOSP branch and will be included in a future release tag. Change-Id: Icb9eb3e733f6a40acf6233adb11216914f5a3db5
* | | Revert "SF: Fix hwrotation screenshots at surfaceflinger layer"Vladimir Oltean2018-08-073-70/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * This reverts commit 8c36832b66e9ae793cf79820d83628d136bfd117, because "fixing" screenshots in DisplayDevice.cpp actually works by rotating the DisplaySurface in the opposite direction by the same ro.sf.hwrotation angle. This introduces 2 regressions: - ro.sf.hwrotation now needs to be set to 270 whereas the same hardware needed 90 prior to this patch. - Activity preview thumbnails (in the recents menu) are no longer displayed correctly. The activities which were started in portrait mode now have 90-degree-rotated thumbnails, and the activities which were started in landscape mode now have vertically-stretched-to-half thumbnails. Change-Id: I779e3979df8cdcc3dd9775221d337c02f918bc00
* | | sensorservice: customize sensor fusion mag filter via propKhalid Zubair2018-07-142-4/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When large magnetic fields values get filtered out by the Sensor Fusion algorithm the fused sensors (rotation vector, gravity, linear acceleration etc) do not produce any output. As a result the CTS tests fail if the compass is uncalibrated on some devices. This change allows the magnetic field filter to be tweaked on a per-device basis to allow the fused sensors to operate even when the compass in uncalibrated. Change-Id: I608b307e8b7712e806315a6181c19130ec17c847
* | | native: drop hwui properties on O-MR1Abhay Ruparel2018-07-093-90/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | * In Android 8.1 and later, only the ro.zygote.disable_gl_preload property still applies. All other properties have been removed. Reference: https://source.android.com/devices/graphics/renderer Change-Id: Id791029a85bd2ae3ed1c8f38257ea123ac25e61c Signed-off-by: Abhay Ruparel <abhayruparel2000@gmail.com>
* | | Merge tag 'android-8.1.0_r36' into HEADLuca Stefani2018-07-072-1/+90
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Android 8.1.0 Release 36 (OPM2.171026.006.H1) * tag 'android-8.1.0_r36': Don't pad before calling writeInPlace(). Increment when attempting to read protected Parcel Data Disallow reading object data from Parcels with non-object reads Fix resampling for multiple pointers Add bounds check to sensors direct channel creation Change-Id: I2abbe999c42a29c1a312fc8b81adee74593ccee8
| * \ \ Merge cherrypicks of [4314166, 4314167, 4314168, 4314169, 4314462, 4314463, ↵android-build-team Robot2018-06-112-1/+90
| |\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | 4314464, 4314465, 4314466, 4314643, 4314644, 4314185, 4314467, 4314468, 4315341, 4315342, 4315343, 4315344, 4315345, 4314469, 4314283, 4314186, 4314187, 4314188, 4314189, 4314190, 4314191, 4314192, 4315082, 4315083, 4315084, 4315085, 4315086, 4315087, 4315088, 4315089, 4315090, 4315091, 4315092, 4314170, 4314284, 4314285, 4314286, 4314287, 4314171, 4314172, 4315346, 4314288, 4315381, 4315401, 4315402, 4314289, 4314290, 4314291, 4314292, 4314293, 4314294, 4314295, 4314296, 4314297, 4314298, 4314299, 4314300, 4315421, 4315422, 4314034, 4314229, 4315347, 4315423, 4315424, 4315314, 4315348, 4315349, 4314470, 4315425, 4315426, 4315427, 4315428, 4315429] into sparse-4732990-L02900000181396755 Change-Id: I873d5471d689a25b5171fed6cedcd86fe676600a
| | * | | Don't pad before calling writeInPlace().Martijn Coenen2018-06-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | writeInplace() itself already pads securely, by masking off the padded bytes. If the padding is done before calling writeInplace(), no mask is applied, and heap data can leak. Bug: 77237570 Test: builds Change-Id: Ide27a0002d4ed4196530430760245b971f6a3f44 Merged-In: Ide27a0002d4ed4196530430760245b971f6a3f44 (cherry picked from commit f8542381b72a7bb2452a5278a00ca8c34edbf8a0) (cherry picked from commit 732132b765cd7b667f16cf32f0fe4c852d7d44dd) Change-Id: I4cf6539e3f39f2e2fa1f30e01bddeb7d3ac8992b
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-18 10:18:01 +0000