Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0ada33a3 authored by Android Build Coastguard Worker's avatar Android Build Coastguard Worker
Browse files

Merge cherrypicks of ['googleplex-android-review.googlesource.com/23905843',... 

Merge cherrypicks of ['googleplex-android-review.googlesource.com/23905843', 'googleplex-android-review.googlesource.com/23918399', 'googleplex-android-review.googlesource.com/24420396', 'googleplex-android-review.googlesource.com/20065164', 'googleplex-android-review.googlesource.com/24575248', 'googleplex-android-review.googlesource.com/24046929', 'googleplex-android-review.googlesource.com/24342147', 'googleplex-android-review.googlesource.com/23623415', 'googleplex-android-review.googlesource.com/24605806', 'googleplex-android-review.googlesource.com/24182288', 'googleplex-android-review.googlesource.com/24757286', 'googleplex-android-review.googlesource.com/24058898', 'googleplex-android-review.googlesource.com/24805388', 'googleplex-android-review.googlesource.com/22465294', 'googleplex-android-review.googlesource.com/24559329'] into security-aosp-sc-v2-release.

Change-Id: I2db16dcaf923d7db3f5db3fe8d6423ac866d000c
parents edaabde8 443e1728

cmds/incidentd/src/IncidentService.cpp

+12 −8
Original line number Diff line number Diff line
@@ -500,9 +500,13 @@ status_t IncidentService::onTransact(uint32_t code, const Parcel& data, Parcel* 


    switch (code) {

        case SHELL_COMMAND_TRANSACTION: {

            int in = data.readFileDescriptor();

            int out = data.readFileDescriptor();

            int err = data.readFileDescriptor();

            unique_fd in, out, err;

            if (status_t status = data.readUniqueFileDescriptor(&in); status != OK) return status;



            if (status_t status = data.readUniqueFileDescriptor(&out); status != OK) return status;



            if (status_t status = data.readUniqueFileDescriptor(&err); status != OK) return status;



            int argc = data.readInt32();

            Vector<String8> args;

            for (int i = 0; i < argc && data.dataAvail() > 0; i++) {
@@ -512,15 +516,15 @@ status_t IncidentService::onTransact(uint32_t code, const Parcel& data, Parcel* 
            sp<IResultReceiver> resultReceiver =

                    IResultReceiver::asInterface(data.readStrongBinder());



            FILE* fin = fdopen(in, "r");

            FILE* fout = fdopen(out, "w");

            FILE* ferr = fdopen(err, "w");

            FILE* fin = fdopen(in.release(), "r");

            FILE* fout = fdopen(out.release(), "w");

            FILE* ferr = fdopen(err.release(), "w");



            if (fin == NULL || fout == NULL || ferr == NULL) {

                resultReceiver->send(NO_MEMORY);

            } else {

                err = command(fin, fout, ferr, args);

                resultReceiver->send(err);

                status_t result = command(fin, fout, ferr, args);

                resultReceiver->send(result);

            }



            if (fin != NULL) {

core/java/android/app/IActivityTaskManager.aidl

+1 −0
Original line number Diff line number Diff line
@@ -245,6 +245,7 @@ interface IActivityTaskManager { 
     *              {@link android.view.WindowManagerPolicyConstants#KEYGUARD_GOING_AWAY_FLAG_TO_SHADE}

     *              etc.

     */

     @JavaPassthrough(annotation="@android.annotation.RequiresPermission(android.Manifest.permission.CONTROL_KEYGUARD)")

    void keyguardGoingAway(int flags);



    void suppressResizeConfigChanges(boolean suppress);

core/java/android/app/IUriGrantsManager.aidl

+3 −0
Original line number Diff line number Diff line
@@ -39,4 +39,7 @@ interface IUriGrantsManager { 
    void clearGrantedUriPermissions(in String packageName, int userId);

    ParceledListSlice getUriPermissions(in String packageName, boolean incoming,

            boolean persistedOnly);



    int checkGrantUriPermission_ignoreNonSystem(

            int sourceUid, String targetPkg, in Uri uri, int modeFlags, int userId);

}

core/java/android/app/Notification.java

+24 −10
Original line number Diff line number Diff line
@@ -2092,6 +2092,10 @@ public class Notification implements Parcelable 
            }

        }



        private void visitUris(@NonNull Consumer<Uri> visitor) {

            visitIconUri(visitor, getIcon());

        }



        @Override

        public Action clone() {

            return new Action(
@@ -2777,7 +2781,7 @@ public class Notification implements Parcelable 


        if (actions != null) {

            for (Action action : actions) {

                visitIconUri(visitor, action.getIcon());

                action.visitUris(visitor);

            }

        }
@@ -2807,11 +2811,6 @@ public class Notification implements Parcelable 
                }

            }



            final Person person = extras.getParcelable(EXTRA_MESSAGING_PERSON);

            if (person != null) {

                visitor.accept(person.getIconUri());

            }



            final RemoteInputHistoryItem[] history = getParcelableArrayFromBundle(extras,

                Notification.EXTRA_REMOTE_INPUT_HISTORY_ITEMS, RemoteInputHistoryItem.class);

            if (history != null) {
@@ -2822,9 +2821,14 @@ public class Notification implements Parcelable 
                    }

                }

            }



            // Extras for MessagingStyle. We visit them even if not isStyle(MessagingStyle), since

            // Notification Listeners might use directly (without the isStyle check).

            final Person person = extras.getParcelable(EXTRA_MESSAGING_PERSON);

            if (person != null) {

                visitor.accept(person.getIconUri());

            }



        if (isStyle(MessagingStyle.class) && extras != null) {

            final Parcelable[] messages = extras.getParcelableArray(EXTRA_MESSAGES);

            if (!ArrayUtils.isEmpty(messages)) {

                for (MessagingStyle.Message message : MessagingStyle.Message
@@ -2852,9 +2856,8 @@ public class Notification implements Parcelable 
            }



            visitIconUri(visitor, extras.getParcelable(EXTRA_CONVERSATION_ICON));

        }



        if (isStyle(CallStyle.class) & extras != null) {

            // Extras for CallStyle (same reason for visiting without checking isStyle).

            Person callPerson = extras.getParcelable(EXTRA_CALL_PERSON);

            if (callPerson != null) {

                visitor.accept(callPerson.getIconUri());
@@ -2865,6 +2868,11 @@ public class Notification implements Parcelable 
        if (mBubbleMetadata != null) {

            visitIconUri(visitor, mBubbleMetadata.getIcon());

        }



        if (extras != null && extras.containsKey(WearableExtender.EXTRA_WEARABLE_EXTENSIONS)) {

            WearableExtender extender = new WearableExtender(this);

            extender.visitUris(visitor);

        }

    }



    /**
@@ -11419,6 +11427,12 @@ public class Notification implements Parcelable 
                mFlags &= ~mask;

            }

        }



        private void visitUris(@NonNull Consumer<Uri> visitor) {

            for (Action action : mActions) {

                action.visitUris(visitor);

            }

        }

    }



    /**

core/java/android/os/PersistableBundle.java

+34 −8
Original line number Diff line number Diff line
@@ -21,6 +21,7 @@ import static java.nio.charset.StandardCharsets.UTF_8; 
import android.annotation.NonNull;

import android.annotation.Nullable;

import android.util.ArrayMap;

import android.util.Slog;

import android.util.TypedXmlPullParser;

import android.util.TypedXmlSerializer;

import android.util.Xml;
@@ -46,6 +47,8 @@ import java.util.ArrayList; 
 */

public final class PersistableBundle extends BaseBundle implements Cloneable, Parcelable,

        XmlUtils.WriteMapCallback {

    private static final String TAG = "PersistableBundle";



    private static final String TAG_PERSISTABLEMAP = "pbundle_as_map";



    /** An unmodifiable {@code PersistableBundle} that is always {@link #isEmpty() empty}. */
@@ -110,7 +113,11 @@ public final class PersistableBundle extends BaseBundle implements Cloneable, Pa 
     * @hide

     */

    public PersistableBundle(Bundle b) {

        this(b.getMap());

        this(b, true);

    }



    private PersistableBundle(Bundle b, boolean throwException) {

        this(b.getMap(), throwException);

    }



    /**
@@ -119,7 +126,7 @@ public final class PersistableBundle extends BaseBundle implements Cloneable, Pa 
     * @param map a Map containing only those items that can be persisted.

     * @throws IllegalArgumentException if any element of #map cannot be persisted.

     */

    private PersistableBundle(ArrayMap<String, Object> map) {

    private PersistableBundle(ArrayMap<String, Object> map, boolean throwException) {

        super();

        mFlags = FLAG_DEFUSABLE;
@@ -128,16 +135,23 @@ public final class PersistableBundle extends BaseBundle implements Cloneable, Pa 


        // Now verify each item throwing an exception if there is a violation.

        final int N = mMap.size();

        for (int i=0; i<N; i++) {

        for (int i = N - 1; i >= 0; --i) {

            Object value = mMap.valueAt(i);

            if (value instanceof ArrayMap) {

                // Fix up any Maps by replacing them with PersistableBundles.

                mMap.setValueAt(i, new PersistableBundle((ArrayMap<String, Object>) value));

                mMap.setValueAt(i,

                        new PersistableBundle((ArrayMap<String, Object>) value, throwException));

            } else if (value instanceof Bundle) {

                mMap.setValueAt(i, new PersistableBundle(((Bundle) value)));

                mMap.setValueAt(i, new PersistableBundle((Bundle) value, throwException));

            } else if (!isValidType(value)) {

                throw new IllegalArgumentException("Bad value in PersistableBundle key="

                        + mMap.keyAt(i) + " value=" + value);

                final String errorMsg = "Bad value in PersistableBundle key="

                        + mMap.keyAt(i) + " value=" + value;

                if (throwException) {

                    throw new IllegalArgumentException(errorMsg);

                } else {

                    Slog.wtfStack(TAG, errorMsg);

                    mMap.removeAt(i);

                }

            }

        }

    }
@@ -257,6 +271,15 @@ public final class PersistableBundle extends BaseBundle implements Cloneable, Pa 
    /** @hide */

    public void saveToXml(TypedXmlSerializer out) throws IOException, XmlPullParserException {

        unparcel();

        // Explicitly drop invalid types an attacker may have added before persisting.

        for (int i = mMap.size() - 1; i >= 0; --i) {

            final Object value = mMap.valueAt(i);

            if (!isValidType(value)) {

                Slog.e(TAG, "Dropping bad data before persisting: "

                        + mMap.keyAt(i) + "=" + value);

                mMap.removeAt(i);

            }

        }

        XmlUtils.writeMapXml(mMap, out, this);

    }
@@ -311,9 +334,12 @@ public final class PersistableBundle extends BaseBundle implements Cloneable, Pa 
        while (((event = in.next()) != XmlPullParser.END_DOCUMENT) &&

                (event != XmlPullParser.END_TAG || in.getDepth() < outerDepth)) {

            if (event == XmlPullParser.START_TAG) {

                // Don't throw an exception when restoring from XML since an attacker could try to

                // input invalid data in the persisted file.

                return new PersistableBundle((ArrayMap<String, Object>)

                        XmlUtils.readThisArrayMapXml(in, startTag, tagName,

                        new MyReadMapCallback()));

                        new MyReadMapCallback()),

                        /* throwException */ false);

            }

        }

        return EMPTY;